identities table, order must be maintained.
type: string
enum:
- FusionAuth
- Generic
- LDAP
Consent:
description: Models a consent.
type: object
properties:
data:
type: object
additionalProperties:
type: object
consentEmailTemplateId:
type: string
format: uuid
countryMinimumAgeForSelfConsent:
"$ref": "#/components/schemas/LocalizedIntegers"
defaultMinimumAgeForSelfConsent:
type: integer
emailPlus:
"$ref": "#/components/schemas/EmailPlus"
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
multipleValuesAllowed:
type: boolean
name:
type: string
values:
type: array
items:
type: string
ConsentRequest:
description: API request for User consent types.
type: object
properties:
consent:
"$ref": "#/components/schemas/Consent"
ConsentResponse:
description: API response for consent.
type: object
properties:
consent:
"$ref": "#/components/schemas/Consent"
consents:
type: array
items:
"$ref": "#/components/schemas/Consent"
ConsentSearchCriteria:
description: Search criteria for Consents
type: object
properties:
name:
type: string
numberOfResults:
type: integer
orderBy:
type: string
startRow:
type: integer
ConsentSearchRequest:
description: Search request for Consents
type: object
properties:
search:
"$ref": "#/components/schemas/ConsentSearchCriteria"
ConsentSearchResponse:
description: Consent search response
type: object
properties:
consents:
type: array
items:
"$ref": "#/components/schemas/Consent"
total:
type: integer
format: int64
ConsentStatus:
description: Models a consent.
type: string
enum:
- Active
- Revoked
ContentStatus:
description: Status for content like usernames, profile attributes, etc.
type: string
enum:
- ACTIVE
- PENDING
- REJECTED
CoseAlgorithmIdentifier:
description: A number identifying a cryptographic algorithm. Values should be
registered with the IANA
COSE Algorithms registry
type: string
enum:
- ES256
- ES384
- ES512
- RS256
- RS384
- RS512
- PS256
- PS384
- PS512
CoseEllipticCurve:
description: COSE Elliptic Curve identifier to determine which elliptic curve
to use with a given key
type: string
enum:
- Reserved
- P256
- P384
- P521
- X25519
- X448
- Ed25519
- Ed448
- Secp256k1
CoseKeyType:
description: COSE key type
type: string
enum:
- Reserved
- OKP
- EC2
- RSA
- Symmetric
Count:
description: ''
type: object
properties:
count:
type: integer
interval:
type: integer
CredentialPropertiesOutput:
description: Contains the output for the {@code credProps} extension
type: object
properties:
rk:
type: boolean
DailyActiveUserReportResponse:
description: Response for the daily active user report.
type: object
properties:
dailyActiveUsers:
type: array
items:
"$ref": "#/components/schemas/Count"
total:
type: integer
format: int64
DeleteConfiguration:
type: object
properties:
numberOfDaysToRetain:
type: integer
enabled:
type: boolean
DeviceApprovalResponse:
description: ''
type: object
properties:
deviceGrantStatus:
type: string
deviceInfo:
"$ref": "#/components/schemas/DeviceInfo"
identityProviderLink:
"$ref": "#/components/schemas/IdentityProviderLink"
tenantId:
type: string
format: uuid
userId:
type: string
format: uuid
DeviceInfo:
description: ''
type: object
properties:
description:
type: string
lastAccessedAddress:
type: string
lastAccessedInstant:
"$ref": "#/components/schemas/ZonedDateTime"
name:
type: string
type:
type: string
DeviceResponse:
description: ''
type: object
properties:
device_code:
type: string
expires_in:
type: integer
interval:
type: integer
user_code:
type: string
verification_uri:
type: string
format: URI
verification_uri_complete:
type: string
format: URI
DeviceType:
type: string
enum:
- BROWSER
- DESKTOP
- LAPTOP
- MOBILE
- OTHER
- SERVER
- TABLET
- TV
- UNKNOWN
DeviceUserCodeResponse:
description: ''
type: object
properties:
client_id:
type: string
deviceInfo:
"$ref": "#/components/schemas/DeviceInfo"
expires_in:
type: integer
pendingIdPLink:
"$ref": "#/components/schemas/PendingIdPLink"
scope:
type: string
tenantId:
type: string
format: uuid
user_code:
type: string
DisplayableRawLogin:
description: A displayable raw login that includes application name and user
loginId.
type: object
properties:
applicationName:
type: string
location:
"$ref": "#/components/schemas/Location"
loginId:
type: string
applicationId:
type: string
format: uuid
instant:
"$ref": "#/components/schemas/ZonedDateTime"
ipAddress:
type: string
userId:
type: string
format: uuid
DomainBasedIdentityProvider:
description: Interface for all identity providers that can be domain based.
type: object
properties: {}
Email:
description: This class is an abstraction of a simple email message.
type: object
properties:
attachments:
type: array
items:
"$ref": "#/components/schemas/Attachment"
bcc:
type: array
items:
"$ref": "#/components/schemas/EmailAddress"
cc:
type: array
items:
"$ref": "#/components/schemas/EmailAddress"
from:
"$ref": "#/components/schemas/EmailAddress"
html:
type: string
replyTo:
"$ref": "#/components/schemas/EmailAddress"
subject:
type: string
text:
type: string
to:
type: array
items:
"$ref": "#/components/schemas/EmailAddress"
EmailAddress:
description: An email address.
type: object
properties:
address:
type: string
display:
type: string
EmailConfiguration:
description: ''
type: object
properties:
additionalHeaders:
type: array
items:
"$ref": "#/components/schemas/EmailHeader"
debug:
type: boolean
defaultFromEmail:
type: string
defaultFromName:
type: string
emailUpdateEmailTemplateId:
type: string
format: uuid
emailVerifiedEmailTemplateId:
type: string
format: uuid
forgotPasswordEmailTemplateId:
type: string
format: uuid
host:
type: string
implicitEmailVerificationAllowed:
type: boolean
loginIdInUseOnCreateEmailTemplateId:
type: string
format: uuid
loginIdInUseOnUpdateEmailTemplateId:
type: string
format: uuid
loginNewDeviceEmailTemplateId:
type: string
format: uuid
loginSuspiciousEmailTemplateId:
type: string
format: uuid
password:
type: string
passwordResetSuccessEmailTemplateId:
type: string
format: uuid
passwordUpdateEmailTemplateId:
type: string
format: uuid
passwordlessEmailTemplateId:
type: string
format: uuid
port:
type: integer
properties:
type: string
security:
"$ref": "#/components/schemas/EmailSecurityType"
setPasswordEmailTemplateId:
type: string
format: uuid
twoFactorMethodAddEmailTemplateId:
type: string
format: uuid
twoFactorMethodRemoveEmailTemplateId:
type: string
format: uuid
unverified:
"$ref": "#/components/schemas/EmailUnverifiedOptions"
username:
type: string
verificationEmailTemplateId:
type: string
format: uuid
verificationStrategy:
"$ref": "#/components/schemas/VerificationStrategy"
verifyEmail:
type: boolean
verifyEmailWhenChanged:
type: boolean
EmailHeader:
description: ''
type: object
properties:
name:
type: string
value:
type: string
EmailPlus:
type: object
properties:
emailTemplateId:
type: string
format: uuid
maximumTimeToSendEmailInHours:
type: integer
minimumTimeToSendEmailInHours:
type: integer
enabled:
type: boolean
EmailSecurityType:
type: string
enum:
- NONE
- SSL
- TLS
EmailTemplate:
description: Stores an email template used to send emails to users.
type: object
properties:
defaultFromName:
type: string
defaultHtmlTemplate:
type: string
defaultSubject:
type: string
defaultTextTemplate:
type: string
fromEmail:
type: string
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
localizedFromNames:
"$ref": "#/components/schemas/LocalizedStrings"
localizedHtmlTemplates:
"$ref": "#/components/schemas/LocalizedStrings"
localizedSubjects:
"$ref": "#/components/schemas/LocalizedStrings"
localizedTextTemplates:
"$ref": "#/components/schemas/LocalizedStrings"
name:
type: string
EmailTemplateErrors:
type: object
properties:
parseErrors:
type: object
additionalProperties:
type: string
renderErrors:
type: object
additionalProperties:
type: string
EmailTemplateRequest:
description: Email template request.
type: object
properties:
emailTemplate:
"$ref": "#/components/schemas/EmailTemplate"
EmailTemplateResponse:
description: Email template response.
type: object
properties:
emailTemplate:
"$ref": "#/components/schemas/EmailTemplate"
emailTemplates:
type: array
items:
"$ref": "#/components/schemas/EmailTemplate"
EmailTemplateSearchCriteria:
description: Search criteria for Email templates
type: object
properties:
name:
type: string
numberOfResults:
type: integer
orderBy:
type: string
startRow:
type: integer
EmailTemplateSearchRequest:
description: Search request for email templates
type: object
properties:
search:
"$ref": "#/components/schemas/EmailTemplateSearchCriteria"
EmailTemplateSearchResponse:
description: Email template search response
type: object
properties:
emailTemplates:
type: array
items:
"$ref": "#/components/schemas/EmailTemplate"
total:
type: integer
format: int64
EmailUnverifiedOptions:
description: ''
type: object
properties:
allowEmailChangeWhenGated:
type: boolean
behavior:
"$ref": "#/components/schemas/UnverifiedBehavior"
Enableable:
description: Something that can be enabled and thus also disabled.
type: object
properties:
enabled:
type: boolean
Entity:
description: Models an entity that a user can be granted permissions to. Or
an entity that can be granted permissions to another entity.
type: object
properties:
data:
type: object
additionalProperties:
type: object
clientId:
type: string
clientSecret:
type: string
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
name:
type: string
parentId:
type: string
format: uuid
tenantId:
type: string
format: uuid
type:
"$ref": "#/components/schemas/EntityType"
EntityGrant:
description: A grant for an entity to a user or another entity.
type: object
properties:
data:
type: object
additionalProperties:
type: object
entity:
"$ref": "#/components/schemas/Entity"
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
permissions:
type: array
uniqueItems: true
items: {}
recipientEntityId:
type: string
format: uuid
userId:
type: string
format: uuid
EntityGrantRequest:
description: Entity grant API request object.
type: object
properties:
grant:
"$ref": "#/components/schemas/EntityGrant"
EntityGrantResponse:
description: Entity grant API response object.
type: object
properties:
grants:
type: array
items:
"$ref": "#/components/schemas/EntityGrant"
grant:
"$ref": "#/components/schemas/EntityGrant"
EntityGrantSearchCriteria:
description: Search criteria for entity grants.
type: object
properties:
entityId:
type: string
format: uuid
name:
type: string
userId:
type: string
format: uuid
numberOfResults:
type: integer
orderBy:
type: string
startRow:
type: integer
EntityGrantSearchRequest:
description: Search request for entity grants.
type: object
properties:
search:
"$ref": "#/components/schemas/EntityGrantSearchCriteria"
EntityGrantSearchResponse:
description: Search request for entity grants.
type: object
properties:
grants:
type: array
items:
"$ref": "#/components/schemas/EntityGrant"
total:
type: integer
format: int64
EntityJWTConfiguration:
description: JWT Configuration for entities.
type: object
properties:
accessTokenKeyId:
type: string
format: uuid
timeToLiveInSeconds:
type: integer
enabled:
type: boolean
EntityRequest:
description: Entity API request object.
type: object
properties:
entity:
"$ref": "#/components/schemas/Entity"
EntityResponse:
description: Entity API response object.
type: object
properties:
entity:
"$ref": "#/components/schemas/Entity"
EntitySearchCriteria:
description: This class is the entity query. It provides a build pattern as
well as public fields for use on forms and in actions.
type: object
properties:
accurateTotal:
type: boolean
ids:
type: array
items:
type: string
format: uuid
nextResults:
type: string
query:
type: string
queryString:
type: string
sortFields:
type: array
items:
"$ref": "#/components/schemas/SortField"
EntitySearchRequest:
description: Search request for entities
type: object
properties:
search:
"$ref": "#/components/schemas/EntitySearchCriteria"
EntitySearchResponse:
description: Search request for entities
type: object
properties:
entities:
type: array
items:
"$ref": "#/components/schemas/Entity"
nextResults:
type: string
total:
type: integer
format: int64
EntityType:
description: Models an entity type that has a specific set of permissions. These
are global objects and can be used across tenants.
type: object
properties:
data:
type: object
additionalProperties:
type: object
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
jwtConfiguration:
"$ref": "#/components/schemas/EntityJWTConfiguration"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
name:
type: string
permissions:
type: array
items:
"$ref": "#/components/schemas/EntityTypePermission"
EntityTypePermission:
description: Models a specific entity type permission. This permission can be
granted to users or other entities.
type: object
properties:
data:
type: object
additionalProperties:
type: object
description:
type: string
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
isDefault:
type: boolean
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
name:
type: string
EntityTypeRequest:
description: Entity Type API request object.
type: object
properties:
entityType:
"$ref": "#/components/schemas/EntityType"
permission:
"$ref": "#/components/schemas/EntityTypePermission"
EntityTypeResponse:
description: Entity Type API response object.
type: object
properties:
entityType:
"$ref": "#/components/schemas/EntityType"
entityTypes:
type: array
items:
"$ref": "#/components/schemas/EntityType"
permission:
"$ref": "#/components/schemas/EntityTypePermission"
EntityTypeSearchCriteria:
description: Search criteria for entity types.
type: object
properties:
name:
type: string
numberOfResults:
type: integer
orderBy:
type: string
startRow:
type: integer
EntityTypeSearchRequest:
description: Search request for entity types.
type: object
properties:
search:
"$ref": "#/components/schemas/EntityTypeSearchCriteria"
EntityTypeSearchResponse:
description: Search response for entity types.
type: object
properties:
entityTypes:
type: array
items:
"$ref": "#/components/schemas/EntityType"
total:
type: integer
format: int64
EpicGamesApplicationConfiguration:
description: ''
type: object
properties:
buttonText:
type: string
client_id:
type: string
client_secret:
type: string
scope:
type: string
data:
type: object
additionalProperties:
type: object
createRegistration:
type: boolean
EpicGamesIdentityProvider:
description: Epic gaming login provider.
type: object
properties:
buttonText:
type: string
client_id:
type: string
client_secret:
type: string
scope:
type: string
data:
type: object
additionalProperties:
type: object
applicationConfiguration:
type: object
additionalProperties:
"$ref": "#/components/schemas/EpicGamesApplicationConfiguration"
debug:
type: boolean
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lambdaConfiguration:
"$ref": "#/components/schemas/ProviderLambdaConfiguration"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
linkingStrategy:
"$ref": "#/components/schemas/IdentityProviderLinkingStrategy"
name:
type: string
tenantConfiguration:
type: object
additionalProperties:
"$ref": "#/components/schemas/IdentityProviderTenantConfiguration"
type:
"$ref": "#/components/schemas/IdentityProviderType"
Error:
description: Defines an error.
type: object
properties:
code:
type: string
data:
type: object
additionalProperties:
type: object
message:
type: string
Errors:
description: Standard error domain object that can also be used as the response
from an API call.
type: object
properties:
fieldErrors:
type: array
items:
"$ref": "#/components/schemas/Error"
generalErrors:
type: array
items:
"$ref": "#/components/schemas/Error"
EventConfiguration:
description: ''
type: object
properties:
events:
type: object
additionalProperties:
"$ref": "#/components/schemas/EventConfigurationData"
EventConfigurationData:
type: object
properties:
transactionType:
"$ref": "#/components/schemas/TransactionType"
enabled:
type: boolean
EventInfo:
description: Information about a user event (login, register, etc) that helps
identify the source of the event (location, device type, OS, etc).
type: object
properties:
data:
type: object
additionalProperties:
type: object
deviceDescription:
type: string
deviceName:
type: string
deviceType:
type: string
ipAddress:
type: string
location:
"$ref": "#/components/schemas/Location"
os:
type: string
userAgent:
type: string
EventLog:
description: Event log used internally by FusionAuth to help developers debug
hooks, Webhooks, email templates, etc.
type: object
properties:
id:
type: integer
format: int64
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
message:
type: string
type:
"$ref": "#/components/schemas/EventLogType"
EventLogConfiguration:
type: object
properties:
numberToRetain:
type: integer
EventLogCreateEvent:
description: An Event "event" to indicate an event log was created.
type: object
properties:
eventLog:
"$ref": "#/components/schemas/EventLog"
createInstant:
"$ref": "#/components/schemas/ZonedDateTime"
id:
type: string
format: uuid
info:
"$ref": "#/components/schemas/EventInfo"
tenantId:
type: string
format: uuid
type:
"$ref": "#/components/schemas/EventType"
EventLogResponse:
description: Event log response.
type: object
properties:
eventLog:
"$ref": "#/components/schemas/EventLog"
EventLogSearchCriteria:
description: Search criteria for the event log.
type: object
properties:
end:
"$ref": "#/components/schemas/ZonedDateTime"
message:
type: string
start:
"$ref": "#/components/schemas/ZonedDateTime"
type:
"$ref": "#/components/schemas/EventLogType"
numberOfResults:
type: integer
orderBy:
type: string
startRow:
type: integer
EventLogSearchRequest:
description: ''
type: object
properties:
search:
"$ref": "#/components/schemas/EventLogSearchCriteria"
EventLogSearchResponse:
description: Event log response.
type: object
properties:
eventLogs:
type: array
items:
"$ref": "#/components/schemas/EventLog"
total:
type: integer
format: int64
EventLogType:
description: Event Log Type
type: string
enum:
- Information
- Debug
- Error
EventRequest:
description: Container for the event information. This is the JSON that is sent
from FusionAuth to webhooks.
type: object
properties:
event:
"$ref": "#/components/schemas/BaseEvent"
EventType:
description: Models the event types that FusionAuth produces.
type: string
enum:
- JWTPublicKeyUpdate
- JWTRefreshTokenRevoke
- JWTRefresh
- AuditLogCreate
- EventLogCreate
- KickstartSuccess
- GroupCreate
- GroupCreateComplete
- GroupDelete
- GroupDeleteComplete
- GroupMemberAdd
- GroupMemberAddComplete
- GroupMemberRemove
- GroupMemberRemoveComplete
- GroupMemberUpdate
- GroupMemberUpdateComplete
- GroupUpdate
- GroupUpdateComplete
- UserAction
- UserBulkCreate
- UserCreate
- UserCreateComplete
- UserDeactivate
- UserDelete
- UserDeleteComplete
- UserEmailUpdate
- UserEmailVerified
- UserIdentityProviderLink
- UserIdentityProviderUnlink
- UserLoginIdDuplicateOnCreate
- UserLoginIdDuplicateOnUpdate
- UserLoginFailed
- UserLoginNewDevice
- UserLoginSuccess
- UserLoginSuspicious
- UserPasswordBreach
- UserPasswordResetSend
- UserPasswordResetStart
- UserPasswordResetSuccess
- UserPasswordUpdate
- UserReactivate
- UserRegistrationCreate
- UserRegistrationCreateComplete
- UserRegistrationDelete
- UserRegistrationDeleteComplete
- UserRegistrationUpdate
- UserRegistrationUpdateComplete
- UserRegistrationVerified
- UserTwoFactorMethodAdd
- UserTwoFactorMethodRemove
- UserUpdate
- UserUpdateComplete
- Test
ExpandableRequest:
description: An expandable API request.
type: object
properties:
expand:
type: array
items:
type: string
ExpandableResponse:
description: An expandable API response.
type: object
properties:
expandable:
type: array
items:
type: string
ExpiryUnit:
description: ''
type: string
enum:
- MINUTES
- HOURS
- DAYS
- WEEKS
- MONTHS
- YEARS
ExternalIdentifierConfiguration:
description: ''
type: object
properties:
authorizationGrantIdTimeToLiveInSeconds:
type: integer
changePasswordIdGenerator:
"$ref": "#/components/schemas/SecureGeneratorConfiguration"
changePasswordIdTimeToLiveInSeconds:
type: integer
deviceCodeTimeToLiveInSeconds:
type: integer
deviceUserCodeIdGenerator:
"$ref": "#/components/schemas/SecureGeneratorConfiguration"
emailVerificationIdGenerator:
"$ref": "#/components/schemas/SecureGeneratorConfiguration"
emailVerificationIdTimeToLiveInSeconds:
type: integer
emailVerificationOneTimeCodeGenerator:
"$ref": "#/components/schemas/SecureGeneratorConfiguration"
externalAuthenticationIdTimeToLiveInSeconds:
type: integer
loginIntentTimeToLiveInSeconds:
type: integer
oneTimePasswordTimeToLiveInSeconds:
type: integer
passwordlessLoginGenerator:
"$ref": "#/components/schemas/SecureGeneratorConfiguration"
passwordlessLoginTimeToLiveInSeconds:
type: integer
pendingAccountLinkTimeToLiveInSeconds:
type: integer
registrationVerificationIdGenerator:
"$ref": "#/components/schemas/SecureGeneratorConfiguration"
registrationVerificationIdTimeToLiveInSeconds:
type: integer
registrationVerificationOneTimeCodeGenerator:
"$ref": "#/components/schemas/SecureGeneratorConfiguration"
rememberOAuthScopeConsentChoiceTimeToLiveInSeconds:
type: integer
samlv2AuthNRequestIdTimeToLiveInSeconds:
type: integer
setupPasswordIdGenerator:
"$ref": "#/components/schemas/SecureGeneratorConfiguration"
setupPasswordIdTimeToLiveInSeconds:
type: integer
trustTokenTimeToLiveInSeconds:
type: integer
twoFactorIdTimeToLiveInSeconds:
type: integer
twoFactorOneTimeCodeIdGenerator:
"$ref": "#/components/schemas/SecureGeneratorConfiguration"
twoFactorOneTimeCodeIdTimeToLiveInSeconds:
type: integer
twoFactorTrustIdTimeToLiveInSeconds:
type: integer
webAuthnAuthenticationChallengeTimeToLiveInSeconds:
type: integer
webAuthnRegistrationChallengeTimeToLiveInSeconds:
type: integer
ExternalJWTApplicationConfiguration:
description: ''
type: object
properties:
data:
type: object
additionalProperties:
type: object
createRegistration:
type: boolean
ExternalJWTIdentityProvider:
description: External JWT-only identity provider.
type: object
properties:
claimMap:
type: object
additionalProperties:
type: string
domains:
type: array
uniqueItems: true
items: {}
defaultKeyId:
type: string
format: uuid
headerKeyParameter:
type: string
oauth2:
"$ref": "#/components/schemas/IdentityProviderOauth2Configuration"
uniqueIdentityClaim:
type: string
data:
type: object
additionalProperties:
type: object
applicationConfiguration:
type: object
additionalProperties:
"$ref": "#/components/schemas/ExternalJWTApplicationConfiguration"
debug:
type: boolean
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lambdaConfiguration:
"$ref": "#/components/schemas/ProviderLambdaConfiguration"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
linkingStrategy:
"$ref": "#/components/schemas/IdentityProviderLinkingStrategy"
name:
type: string
tenantConfiguration:
type: object
additionalProperties:
"$ref": "#/components/schemas/IdentityProviderTenantConfiguration"
type:
"$ref": "#/components/schemas/IdentityProviderType"
FacebookApplicationConfiguration:
description: ''
type: object
properties:
appId:
type: string
buttonText:
type: string
client_secret:
type: string
fields:
type: string
loginMethod:
"$ref": "#/components/schemas/IdentityProviderLoginMethod"
permissions:
type: string
data:
type: object
additionalProperties:
type: object
createRegistration:
type: boolean
FacebookIdentityProvider:
description: Facebook social login provider.
type: object
properties:
appId:
type: string
buttonText:
type: string
client_secret:
type: string
fields:
type: string
loginMethod:
"$ref": "#/components/schemas/IdentityProviderLoginMethod"
permissions:
type: string
data:
type: object
additionalProperties:
type: object
applicationConfiguration:
type: object
additionalProperties:
"$ref": "#/components/schemas/FacebookApplicationConfiguration"
debug:
type: boolean
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lambdaConfiguration:
"$ref": "#/components/schemas/ProviderLambdaConfiguration"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
linkingStrategy:
"$ref": "#/components/schemas/IdentityProviderLinkingStrategy"
name:
type: string
tenantConfiguration:
type: object
additionalProperties:
"$ref": "#/components/schemas/IdentityProviderTenantConfiguration"
type:
"$ref": "#/components/schemas/IdentityProviderType"
FailedAuthenticationActionCancelPolicy:
description: A policy to configure if and when the user-action is canceled prior
to the expiration of the action.
type: object
properties:
onPasswordReset:
type: boolean
FailedAuthenticationConfiguration:
description: Configuration for the behavior of failed login attempts. This helps
us protect against brute force password attacks.
type: object
properties:
actionCancelPolicy:
"$ref": "#/components/schemas/FailedAuthenticationActionCancelPolicy"
actionDuration:
type: integer
format: int64
actionDurationUnit:
"$ref": "#/components/schemas/ExpiryUnit"
emailUser:
type: boolean
resetCountInSeconds:
type: integer
tooManyAttempts:
type: integer
userActionId:
type: string
format: uuid
Family:
description: Models a family grouping of users.
type: object
properties:
members:
type: array
items:
"$ref": "#/components/schemas/FamilyMember"
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
FamilyConfiguration:
description: ''
type: object
properties:
allowChildRegistrations:
type: boolean
confirmChildEmailTemplateId:
type: string
format: uuid
deleteOrphanedAccounts:
type: boolean
deleteOrphanedAccountsDays:
type: integer
familyRequestEmailTemplateId:
type: string
format: uuid
maximumChildAge:
type: integer
minimumOwnerAge:
type: integer
parentEmailRequired:
type: boolean
parentRegistrationEmailTemplateId:
type: string
format: uuid
enabled:
type: boolean
FamilyEmailRequest:
description: API request for sending out family requests to parent's.
type: object
properties:
parentEmail:
type: string
FamilyMember:
description: Models a single family member.
type: object
properties:
data:
type: object
additionalProperties:
type: object
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
owner:
type: boolean
role:
"$ref": "#/components/schemas/FamilyRole"
userId:
type: string
format: uuid
FamilyRequest:
description: API request for managing families and members.
type: object
properties:
familyMember:
"$ref": "#/components/schemas/FamilyMember"
FamilyResponse:
description: API response for managing families and members.
type: object
properties:
families:
type: array
items:
"$ref": "#/components/schemas/Family"
family:
"$ref": "#/components/schemas/Family"
FamilyRole:
type: string
enum:
- Child
- Teen
- Adult
ForgotPasswordRequest:
description: Forgot password request object.
type: object
properties:
applicationId:
type: string
format: uuid
changePasswordId:
type: string
loginId:
type: string
sendForgotPasswordEmail:
type: boolean
state:
type: object
additionalProperties:
type: object
email:
type: string
username:
type: string
eventInfo:
"$ref": "#/components/schemas/EventInfo"
ForgotPasswordResponse:
description: Forgot password response object.
type: object
properties:
changePasswordId:
type: string
Form:
description: ''
type: object
properties:
data:
type: object
additionalProperties:
type: object
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
name:
type: string
steps:
type: array
items:
"$ref": "#/components/schemas/FormStep"
type:
"$ref": "#/components/schemas/FormType"
FormControl:
description: ''
type: string
enum:
- checkbox
- number
- password
- radio
- select
- textarea
- text
FormDataType:
description: ''
type: string
enum:
- bool
- consent
- date
- email
- number
- string
FormField:
description: ''
type: object
properties:
confirm:
type: boolean
consentId:
type: string
format: uuid
control:
"$ref": "#/components/schemas/FormControl"
data:
type: object
additionalProperties:
type: object
description:
type: string
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
key:
type: string
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
name:
type: string
options:
type: array
items:
type: string
required:
type: boolean
type:
"$ref": "#/components/schemas/FormDataType"
validator:
"$ref": "#/components/schemas/FormFieldValidator"
FormFieldAdminPolicy:
description: ''
type: string
enum:
- Edit
- View
FormFieldRequest:
description: The FormField API request object.
type: object
properties:
field:
"$ref": "#/components/schemas/FormField"
fields:
type: array
items:
"$ref": "#/components/schemas/FormField"
FormFieldResponse:
description: Form field response.
type: object
properties:
field:
"$ref": "#/components/schemas/FormField"
fields:
type: array
items:
"$ref": "#/components/schemas/FormField"
FormFieldValidator:
description: ''
type: object
properties:
expression:
type: string
enabled:
type: boolean
FormRequest:
description: Form response.
type: object
properties:
form:
"$ref": "#/components/schemas/Form"
FormResponse:
description: Form response.
type: object
properties:
form:
"$ref": "#/components/schemas/Form"
forms:
type: array
items:
"$ref": "#/components/schemas/Form"
FormStep:
description: ''
type: object
properties:
fields:
type: array
items:
type: string
format: uuid
FormType:
description: ''
type: string
enum:
- registration
- adminRegistration
- adminUser
- selfServiceUser
FusionAuthConnectorConfiguration:
description: Models the FusionAuth connector.
type: object
properties:
data:
type: object
additionalProperties:
type: object
debug:
type: boolean
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
name:
type: string
type:
"$ref": "#/components/schemas/ConnectorType"
GenericConnectorConfiguration:
description: Models a generic connector.
type: object
properties:
authenticationURL:
type: string
format: URI
connectTimeout:
type: integer
headers:
"$ref": "#/components/schemas/HTTPHeaders"
httpAuthenticationPassword:
type: string
httpAuthenticationUsername:
type: string
readTimeout:
type: integer
sslCertificateKeyId:
type: string
format: uuid
data:
type: object
additionalProperties:
type: object
debug:
type: boolean
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
name:
type: string
type:
"$ref": "#/components/schemas/ConnectorType"
GenericMessengerConfiguration:
description: ''
type: object
properties:
connectTimeout:
type: integer
headers:
"$ref": "#/components/schemas/HTTPHeaders"
httpAuthenticationPassword:
type: string
httpAuthenticationUsername:
type: string
readTimeout:
type: integer
sslCertificate:
type: string
url:
type: string
format: URI
data:
type: object
additionalProperties:
type: object
debug:
type: boolean
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
name:
type: string
transport:
type: string
type:
"$ref": "#/components/schemas/MessengerType"
GoogleApplicationConfiguration:
description: ''
type: object
properties:
buttonText:
type: string
client_id:
type: string
client_secret:
type: string
loginMethod:
"$ref": "#/components/schemas/IdentityProviderLoginMethod"
properties:
"$ref": "#/components/schemas/GoogleIdentityProviderProperties"
scope:
type: string
data:
type: object
additionalProperties:
type: object
createRegistration:
type: boolean
GoogleIdentityProvider:
description: Google social login provider.
type: object
properties:
buttonText:
type: string
client_id:
type: string
client_secret:
type: string
loginMethod:
"$ref": "#/components/schemas/IdentityProviderLoginMethod"
properties:
"$ref": "#/components/schemas/GoogleIdentityProviderProperties"
scope:
type: string
data:
type: object
additionalProperties:
type: object
applicationConfiguration:
type: object
additionalProperties:
"$ref": "#/components/schemas/GoogleApplicationConfiguration"
debug:
type: boolean
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lambdaConfiguration:
"$ref": "#/components/schemas/ProviderLambdaConfiguration"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
linkingStrategy:
"$ref": "#/components/schemas/IdentityProviderLinkingStrategy"
name:
type: string
tenantConfiguration:
type: object
additionalProperties:
"$ref": "#/components/schemas/IdentityProviderTenantConfiguration"
type:
"$ref": "#/components/schemas/IdentityProviderType"
GoogleIdentityProviderProperties:
description: Google social login provider parameters.
type: object
properties:
api:
type: string
button:
type: string
GrantType:
description: Authorization Grant types as defined by the The
OAuth 2.0 Authorization Framework - RFC 6749. Specific names as
defined by OAuth 2.0
Dynamic Client Registration Protocol - RFC 7591 Section 4.1
type: string
enum:
- authorization_code
- implicit
- password
- client_credentials
- refresh_token
- unknown
- device_code
Group:
description: ''
type: object
properties:
data:
type: object
additionalProperties:
type: object
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
name:
type: string
roles:
type: array
items:
"$ref": "#/components/schemas/ApplicationRole"
tenantId:
type: string
format: uuid
GroupCreateCompleteEvent:
description: Models the Group Created Event.
type: object
properties:
group:
"$ref": "#/components/schemas/Group"
GroupCreateEvent:
description: Models the Group Create Event.
type: object
properties:
group:
"$ref": "#/components/schemas/Group"
GroupDeleteCompleteEvent:
description: Models the Group Create Complete Event.
type: object
properties:
group:
"$ref": "#/components/schemas/Group"
GroupDeleteEvent:
description: Models the Group Delete Event.
type: object
properties:
group:
"$ref": "#/components/schemas/Group"
GroupMember:
description: A User's membership into a Group
type: object
properties:
data:
type: object
additionalProperties:
type: object
groupId:
type: string
format: uuid
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
user:
"$ref": "#/components/schemas/User"
userId:
type: string
format: uuid
GroupMemberAddCompleteEvent:
description: Models the Group Member Add Complete Event.
type: object
properties:
members:
type: array
items:
"$ref": "#/components/schemas/GroupMember"
group:
"$ref": "#/components/schemas/Group"
GroupMemberAddEvent:
description: Models the Group Member Add Event.
type: object
properties:
members:
type: array
items:
"$ref": "#/components/schemas/GroupMember"
group:
"$ref": "#/components/schemas/Group"
GroupMemberRemoveCompleteEvent:
description: Models the Group Member Remove Complete Event.
type: object
properties:
members:
type: array
items:
"$ref": "#/components/schemas/GroupMember"
group:
"$ref": "#/components/schemas/Group"
GroupMemberRemoveEvent:
description: Models the Group Member Remove Event.
type: object
properties:
members:
type: array
items:
"$ref": "#/components/schemas/GroupMember"
group:
"$ref": "#/components/schemas/Group"
GroupMemberSearchCriteria:
description: Search criteria for Group Members
type: object
properties:
groupId:
type: string
format: uuid
tenantId:
type: string
format: uuid
userId:
type: string
format: uuid
numberOfResults:
type: integer
orderBy:
type: string
startRow:
type: integer
GroupMemberSearchRequest:
description: Search request for Group Members.
type: object
properties:
search:
"$ref": "#/components/schemas/GroupMemberSearchCriteria"
GroupMemberSearchResponse:
description: Search response for Group Members
type: object
properties:
members:
type: array
items:
"$ref": "#/components/schemas/GroupMember"
total:
type: integer
format: int64
GroupMemberUpdateCompleteEvent:
description: Models the Group Member Update Complete Event.
type: object
properties:
members:
type: array
items:
"$ref": "#/components/schemas/GroupMember"
group:
"$ref": "#/components/schemas/Group"
GroupMemberUpdateEvent:
description: Models the Group Member Update Event.
type: object
properties:
members:
type: array
items:
"$ref": "#/components/schemas/GroupMember"
group:
"$ref": "#/components/schemas/Group"
GroupRequest:
description: Group API request object.
type: object
properties:
group:
"$ref": "#/components/schemas/Group"
roleIds:
type: array
items:
type: string
format: uuid
GroupResponse:
description: Group API response object.
type: object
properties:
group:
"$ref": "#/components/schemas/Group"
groups:
type: array
items:
"$ref": "#/components/schemas/Group"
GroupSearchCriteria:
description: Search criteria for Groups
type: object
properties:
name:
type: string
tenantId:
type: string
format: uuid
numberOfResults:
type: integer
orderBy:
type: string
startRow:
type: integer
GroupSearchRequest:
description: Search request for Groups.
type: object
properties:
search:
"$ref": "#/components/schemas/GroupSearchCriteria"
GroupSearchResponse:
description: Search response for Groups
type: object
properties:
groups:
type: array
items:
"$ref": "#/components/schemas/Group"
total:
type: integer
format: int64
GroupUpdateCompleteEvent:
description: Models the Group Update Complete Event.
type: object
properties:
original:
"$ref": "#/components/schemas/Group"
group:
"$ref": "#/components/schemas/Group"
GroupUpdateEvent:
description: Models the Group Update Event.
type: object
properties:
original:
"$ref": "#/components/schemas/Group"
group:
"$ref": "#/components/schemas/Group"
HTTPHeaders:
description: Type for webhook headers.
type: object
properties: {}
HTTPMethod:
description: ''
type: string
enum:
- GET
- POST
- PUT
- DELETE
- HEAD
- OPTIONS
- PATCH
HYPRApplicationConfiguration:
description: ''
type: object
properties:
relyingPartyApplicationId:
type: string
relyingPartyURL:
type: string
format: URI
data:
type: object
additionalProperties:
type: object
createRegistration:
type: boolean
HYPRIdentityProvider:
description: ''
type: object
properties:
relyingPartyApplicationId:
type: string
relyingPartyURL:
type: string
format: URI
data:
type: object
additionalProperties:
type: object
applicationConfiguration:
type: object
additionalProperties:
"$ref": "#/components/schemas/HYPRApplicationConfiguration"
debug:
type: boolean
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lambdaConfiguration:
"$ref": "#/components/schemas/ProviderLambdaConfiguration"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
linkingStrategy:
"$ref": "#/components/schemas/IdentityProviderLinkingStrategy"
name:
type: string
tenantConfiguration:
type: object
additionalProperties:
"$ref": "#/components/schemas/IdentityProviderTenantConfiguration"
type:
"$ref": "#/components/schemas/IdentityProviderType"
HistoryItem:
type: object
properties:
actionerUserId:
type: string
format: uuid
comment:
type: string
createInstant:
"$ref": "#/components/schemas/ZonedDateTime"
expiry:
"$ref": "#/components/schemas/ZonedDateTime"
IPAccessControlEntry:
description: ''
type: object
properties:
action:
"$ref": "#/components/schemas/IPAccessControlEntryAction"
endIPAddress:
type: string
startIPAddress:
type: string
IPAccessControlEntryAction:
description: ''
type: string
enum:
- Allow
- Block
IPAccessControlList:
description: ''
type: object
properties:
data:
type: object
additionalProperties:
type: object
entries:
type: array
items:
"$ref": "#/components/schemas/IPAccessControlEntry"
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
name:
type: string
IPAccessControlListRequest:
description: ''
type: object
properties:
ipAccessControlList:
"$ref": "#/components/schemas/IPAccessControlList"
IPAccessControlListResponse:
description: ''
type: object
properties:
ipAccessControlList:
"$ref": "#/components/schemas/IPAccessControlList"
ipAccessControlLists:
type: array
items:
"$ref": "#/components/schemas/IPAccessControlList"
IPAccessControlListSearchCriteria:
description: ''
type: object
properties:
name:
type: string
numberOfResults:
type: integer
orderBy:
type: string
startRow:
type: integer
IPAccessControlListSearchRequest:
description: Search request for IP ACLs .
type: object
properties:
search:
"$ref": "#/components/schemas/IPAccessControlListSearchCriteria"
IPAccessControlListSearchResponse:
description: ''
type: object
properties:
ipAccessControlLists:
type: array
items:
"$ref": "#/components/schemas/IPAccessControlList"
total:
type: integer
format: int64
IdentityProviderDetails:
type: object
properties:
applicationIds:
type: array
items:
type: string
format: uuid
id:
type: string
format: uuid
idpEndpoint:
type: string
format: URI
name:
type: string
oauth2:
"$ref": "#/components/schemas/IdentityProviderOauth2Configuration"
type:
"$ref": "#/components/schemas/IdentityProviderType"
IdentityProviderField:
oneOf:
- "$ref": "#/components/schemas/FacebookIdentityProvider"
- "$ref": "#/components/schemas/TwitterIdentityProvider"
- "$ref": "#/components/schemas/ExternalJWTIdentityProvider"
- "$ref": "#/components/schemas/AppleIdentityProvider"
- "$ref": "#/components/schemas/SteamIdentityProvider"
- "$ref": "#/components/schemas/LinkedInIdentityProvider"
- "$ref": "#/components/schemas/SAMLv2IdentityProvider"
- "$ref": "#/components/schemas/SonyPSNIdentityProvider"
- "$ref": "#/components/schemas/SAMLv2IdPInitiatedIdentityProvider"
- "$ref": "#/components/schemas/OpenIdConnectIdentityProvider"
- "$ref": "#/components/schemas/XboxIdentityProvider"
- "$ref": "#/components/schemas/GoogleIdentityProvider"
- "$ref": "#/components/schemas/HYPRIdentityProvider"
- "$ref": "#/components/schemas/NintendoIdentityProvider"
- "$ref": "#/components/schemas/TwitchIdentityProvider"
- "$ref": "#/components/schemas/EpicGamesIdentityProvider"
discriminator:
propertyName: type
mapping:
Facebook: "#/components/schemas/FacebookIdentityProvider"
Twitter: "#/components/schemas/TwitterIdentityProvider"
ExternalJWT: "#/components/schemas/ExternalJWTIdentityProvider"
Apple: "#/components/schemas/AppleIdentityProvider"
Steam: "#/components/schemas/SteamIdentityProvider"
LinkedIn: "#/components/schemas/LinkedInIdentityProvider"
SAMLv2: "#/components/schemas/SAMLv2IdentityProvider"
SonyPSN: "#/components/schemas/SonyPSNIdentityProvider"
SAMLv2IdPInitiated: "#/components/schemas/SAMLv2IdPInitiatedIdentityProvider"
OpenIdConnect: "#/components/schemas/OpenIdConnectIdentityProvider"
Xbox: "#/components/schemas/XboxIdentityProvider"
Google: "#/components/schemas/GoogleIdentityProvider"
HYPR: "#/components/schemas/HYPRIdentityProvider"
Nintendo: "#/components/schemas/NintendoIdentityProvider"
Twitch: "#/components/schemas/TwitchIdentityProvider"
EpicGames: "#/components/schemas/EpicGamesIdentityProvider"
IdentityProviderLimitUserLinkingPolicy:
description: ''
type: object
properties:
maximumLinks:
type: integer
enabled:
type: boolean
IdentityProviderLink:
description: ''
type: object
properties:
data:
type: object
additionalProperties:
type: object
displayName:
type: string
identityProviderId:
type: string
format: uuid
identityProviderName:
type: string
identityProviderType:
"$ref": "#/components/schemas/IdentityProviderType"
identityProviderUserId:
type: string
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lastLoginInstant:
"$ref": "#/components/schemas/ZonedDateTime"
tenantId:
type: string
format: uuid
token:
type: string
userId:
type: string
format: uuid
IdentityProviderLinkRequest:
description: ''
type: object
properties:
identityProviderLink:
"$ref": "#/components/schemas/IdentityProviderLink"
pendingIdPLinkId:
type: string
eventInfo:
"$ref": "#/components/schemas/EventInfo"
IdentityProviderLinkResponse:
description: ''
type: object
properties:
identityProviderLink:
"$ref": "#/components/schemas/IdentityProviderLink"
identityProviderLinks:
type: array
items:
"$ref": "#/components/schemas/IdentityProviderLink"
IdentityProviderLinkingStrategy:
description: The IdP behavior when no user link has been made yet.
type: string
enum:
- CreatePendingLink
- Disabled
- LinkAnonymously
- LinkByEmail
- LinkByEmailForExistingUser
- LinkByUsername
- LinkByUsernameForExistingUser
- Unsupported
IdentityProviderLoginMethod:
description: ''
type: string
enum:
- UsePopup
- UseRedirect
- UseVendorJavaScript
IdentityProviderLoginRequest:
description: Login API request object used for login to third-party systems
(i.e. Login with Facebook).
type: object
properties:
data:
type: object
additionalProperties:
type: string
identityProviderId:
type: string
format: uuid
noLink:
type: boolean
encodedJWT:
type: string
applicationId:
type: string
format: uuid
ipAddress:
type: string
metaData:
"$ref": "#/components/schemas/MetaData"
newDevice:
type: boolean
noJWT:
type: boolean
IdentityProviderOauth2Configuration:
description: ''
type: object
properties:
authorization_endpoint:
type: string
format: URI
clientAuthenticationMethod:
"$ref": "#/components/schemas/ClientAuthenticationMethod"
client_id:
type: string
client_secret:
type: string
emailClaim:
type: string
emailVerifiedClaim:
type: string
issuer:
type: string
format: URI
scope:
type: string
token_endpoint:
type: string
format: URI
uniqueIdClaim:
type: string
userinfo_endpoint:
type: string
format: URI
usernameClaim:
type: string
IdentityProviderPendingLinkResponse:
description: ''
type: object
properties:
identityProviderTenantConfiguration:
"$ref": "#/components/schemas/IdentityProviderTenantConfiguration"
linkCount:
type: integer
pendingIdPLink:
"$ref": "#/components/schemas/PendingIdPLink"
IdentityProviderRequest:
description: ''
type: object
properties:
identityProvider:
"$ref": "#/components/schemas/IdentityProviderField"
IdentityProviderResponse:
description: ''
type: object
properties:
identityProvider:
"$ref": "#/components/schemas/IdentityProviderField"
identityProviders:
type: array
items:
"$ref": "#/components/schemas/IdentityProviderField"
IdentityProviderSearchCriteria:
description: Search criteria for Identity Providers.
type: object
properties:
applicationId:
type: string
format: uuid
name:
type: string
type:
"$ref": "#/components/schemas/IdentityProviderType"
numberOfResults:
type: integer
orderBy:
type: string
startRow:
type: integer
IdentityProviderSearchRequest:
description: Search request for Identity Providers
type: object
properties:
search:
"$ref": "#/components/schemas/IdentityProviderSearchCriteria"
IdentityProviderSearchResponse:
description: Identity Provider response.
type: object
properties:
identityProviders:
type: array
items:
"$ref": "#/components/schemas/IdentityProviderField"
total:
type: integer
format: int64
IdentityProviderStartLoginRequest:
description: ''
type: object
properties:
data:
type: object
additionalProperties:
type: string
identityProviderId:
type: string
format: uuid
loginId:
type: string
state:
type: object
additionalProperties:
type: object
applicationId:
type: string
format: uuid
ipAddress:
type: string
metaData:
"$ref": "#/components/schemas/MetaData"
newDevice:
type: boolean
noJWT:
type: boolean
IdentityProviderStartLoginResponse:
description: ''
type: object
properties:
code:
type: string
IdentityProviderTenantConfiguration:
description: ''
type: object
properties:
data:
type: object
additionalProperties:
type: object
limitUserLinkCount:
"$ref": "#/components/schemas/IdentityProviderLimitUserLinkingPolicy"
IdentityProviderType:
description: ''
type: string
enum:
- Apple
- EpicGames
- ExternalJWT
- Facebook
- Google
- HYPR
- LinkedIn
- Nintendo
- OpenIDConnect
- SAMLv2
- SAMLv2IdPInitiated
- SonyPSN
- Steam
- Twitch
- Twitter
- Xbox
ImportRequest:
description: Import request.
type: object
properties:
encryptionScheme:
type: string
factor:
type: integer
users:
type: array
items:
"$ref": "#/components/schemas/User"
validateDbConstraints:
type: boolean
eventInfo:
"$ref": "#/components/schemas/EventInfo"
InstanceEvent:
description: A marker interface indicating this event is not scoped to a tenant
and will be sent to all webhooks.
type: object
properties: {}
IntegrationRequest:
description: The Integration Request
type: object
properties:
integrations:
"$ref": "#/components/schemas/Integrations"
IntegrationResponse:
description: The Integration Response
type: object
properties:
integrations:
"$ref": "#/components/schemas/Integrations"
Integrations:
description: Available Integrations
type: object
properties:
cleanspeak:
"$ref": "#/components/schemas/CleanSpeakConfiguration"
kafka:
"$ref": "#/components/schemas/KafkaConfiguration"
IntrospectResponse:
description: ''
type: object
properties: {}
IssueResponse:
description: ''
type: object
properties:
refreshToken:
type: string
token:
type: string
JSONWebKey:
description: A JSON Web Key as defined by RFC
7517 JSON Web Key (JWK) Section 4 and RFC
7518 JSON Web Algorithms (JWA).
type: object
properties:
alg:
"$ref": "#/components/schemas/Algorithm"
crv:
type: string
d:
type: string
dp:
type: string
dq:
type: string
e:
type: string
kid:
type: string
kty:
"$ref": "#/components/schemas/KeyType"
"n":
type: string
other:
type: object
additionalProperties:
type: object
p:
type: string
q:
type: string
qi:
type: string
use:
type: string
x:
type: string
x5c:
type: array
items:
type: string
x5t:
type: string
x5t#S256:
type: string
"y":
type: string
JSONWebKeyInfoProvider:
description: Interface for any object that can provide JSON Web key Information.
type: object
properties: {}
JWKSResponse:
description: ''
type: object
properties:
keys:
type: array
items:
"$ref": "#/components/schemas/JSONWebKey"
JWT:
description: 'JSON Web Token (JWT) as defined by RFC 7519. From RFC
7519 Section 1. Introduction: The suggested pronunciation of JWT is the
same as the English word "jot". The JWT is not Thread-Safe and should
not be re-used.'
type: object
properties:
aud:
type: object
exp:
"$ref": "#/components/schemas/ZonedDateTime"
iat:
"$ref": "#/components/schemas/ZonedDateTime"
iss:
type: string
nbf:
"$ref": "#/components/schemas/ZonedDateTime"
otherClaims:
type: object
additionalProperties:
type: object
sub:
type: string
jti:
type: string
JWTConfiguration:
description: JWT Configuration. A JWT Configuration for an Application may not
be active if it is using the global configuration, the configuration may
be enabled = false.
type: object
properties:
accessTokenKeyId:
type: string
format: uuid
idTokenKeyId:
type: string
format: uuid
refreshTokenExpirationPolicy:
"$ref": "#/components/schemas/RefreshTokenExpirationPolicy"
refreshTokenOneTimeUseConfiguration:
"$ref": "#/components/schemas/RefreshTokenOneTimeUseConfiguration"
refreshTokenRevocationPolicy:
"$ref": "#/components/schemas/RefreshTokenRevocationPolicy"
refreshTokenSlidingWindowConfiguration:
"$ref": "#/components/schemas/RefreshTokenSlidingWindowConfiguration"
refreshTokenTimeToLiveInMinutes:
type: integer
refreshTokenUsagePolicy:
"$ref": "#/components/schemas/RefreshTokenUsagePolicy"
timeToLiveInSeconds:
type: integer
enabled:
type: boolean
JWTPublicKeyUpdateEvent:
description: Models the JWT public key Refresh Token Revoke Event. This event
might be for a single token, a user or an entire application.
type: object
properties:
applicationIds:
type: array
uniqueItems: true
items: {}
createInstant:
"$ref": "#/components/schemas/ZonedDateTime"
id:
type: string
format: uuid
info:
"$ref": "#/components/schemas/EventInfo"
tenantId:
type: string
format: uuid
type:
"$ref": "#/components/schemas/EventType"
JWTRefreshEvent:
description: Models the JWT Refresh Event. This event will be fired when a JWT
is "refreshed" (generated) using a Refresh Token.
type: object
properties:
applicationId:
type: string
format: uuid
original:
type: string
refreshToken:
type: string
token:
type: string
userId:
type: string
format: uuid
createInstant:
"$ref": "#/components/schemas/ZonedDateTime"
id:
type: string
format: uuid
info:
"$ref": "#/components/schemas/EventInfo"
tenantId:
type: string
format: uuid
type:
"$ref": "#/components/schemas/EventType"
JWTRefreshResponse:
description: API response for refreshing a JWT with a Refresh Token. Using
a different response object from RefreshTokenResponse because the retrieve
response will return an object for refreshToken, and this is a string.
type: object
properties:
refreshToken:
type: string
refreshTokenId:
type: string
format: uuid
token:
type: string
JWTRefreshTokenRevokeEvent:
description: Models the Refresh Token Revoke Event. This event might be for
a single token, a user or an entire application.
type: object
properties:
applicationId:
type: string
format: uuid
applicationTimeToLiveInSeconds:
type: object
additionalProperties:
type: integer
refreshToken:
"$ref": "#/components/schemas/RefreshToken"
user:
"$ref": "#/components/schemas/User"
userId:
type: string
format: uuid
createInstant:
"$ref": "#/components/schemas/ZonedDateTime"
id:
type: string
format: uuid
info:
"$ref": "#/components/schemas/EventInfo"
tenantId:
type: string
format: uuid
type:
"$ref": "#/components/schemas/EventType"
JWTVendRequest:
description: ''
type: object
properties:
claims:
type: object
additionalProperties:
type: object
keyId:
type: string
format: uuid
timeToLiveInSeconds:
type: integer
JWTVendResponse:
description: ''
type: object
properties:
token:
type: string
KafkaConfiguration:
description: ''
type: object
properties:
defaultTopic:
type: string
producer:
type: object
additionalProperties:
type: string
enabled:
type: boolean
KafkaMessengerConfiguration:
description: ''
type: object
properties:
defaultTopic:
type: string
producer:
type: object
additionalProperties:
type: string
data:
type: object
additionalProperties:
type: object
debug:
type: boolean
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
name:
type: string
transport:
type: string
type:
"$ref": "#/components/schemas/MessengerType"
Key:
description: Domain for a public key, key pair or an HMAC secret. This is used
by KeyMaster to manage keys for JWTs, SAML, etc.
type: object
properties:
algorithm:
"$ref": "#/components/schemas/KeyAlgorithm"
certificate:
type: string
certificateInformation:
"$ref": "#/components/schemas/CertificateInformation"
expirationInstant:
"$ref": "#/components/schemas/ZonedDateTime"
hasPrivateKey:
type: boolean
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
issuer:
type: string
kid:
type: string
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
length:
type: integer
name:
type: string
privateKey:
type: string
publicKey:
type: string
secret:
type: string
type:
"$ref": "#/components/schemas/KeyType"
KeyAlgorithm:
type: string
enum:
- ES256
- ES384
- ES512
- HS256
- HS384
- HS512
- RS256
- RS384
- RS512
KeyRequest:
description: Key API request object.
type: object
properties:
key:
"$ref": "#/components/schemas/Key"
KeyResponse:
description: Key API response object.
type: object
properties:
key:
"$ref": "#/components/schemas/Key"
keys:
type: array
items:
"$ref": "#/components/schemas/Key"
KeySearchCriteria:
description: Search criteria for Keys
type: object
properties:
algorithm:
"$ref": "#/components/schemas/KeyAlgorithm"
name:
type: string
type:
"$ref": "#/components/schemas/KeyType"
numberOfResults:
type: integer
orderBy:
type: string
startRow:
type: integer
KeySearchRequest:
description: Search request for Keys
type: object
properties:
search:
"$ref": "#/components/schemas/KeySearchCriteria"
KeySearchResponse:
description: Key search response
type: object
properties:
keys:
type: array
items:
"$ref": "#/components/schemas/Key"
total:
type: integer
format: int64
KeyType:
type: string
enum:
- EC
- RSA
- HMAC
KeyUse:
description: The use type of a key.
type: string
enum:
- SignOnly
- SignAndVerify
- VerifyOnly
KickstartSuccessEvent:
description: Event to indicate kickstart has been successfully completed.
type: object
properties:
instanceId:
type: string
format: uuid
createInstant:
"$ref": "#/components/schemas/ZonedDateTime"
id:
type: string
format: uuid
info:
"$ref": "#/components/schemas/EventInfo"
tenantId:
type: string
format: uuid
type:
"$ref": "#/components/schemas/EventType"
LDAPConnectorConfiguration:
description: Models an LDAP connector.
type: object
properties:
authenticationURL:
type: string
format: URI
baseStructure:
type: string
connectTimeout:
type: integer
identifyingAttribute:
type: string
lambdaConfiguration:
"$ref": "#/components/schemas/ConnectorLambdaConfiguration"
loginIdAttribute:
type: string
readTimeout:
type: integer
requestedAttributes:
type: array
items:
type: string
securityMethod:
"$ref": "#/components/schemas/LDAPSecurityMethod"
systemAccountDN:
type: string
systemAccountPassword:
type: string
data:
type: object
additionalProperties:
type: object
debug:
type: boolean
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
name:
type: string
type:
"$ref": "#/components/schemas/ConnectorType"
LDAPSecurityMethod:
type: string
enum:
- None
- LDAPS
- StartTLS
Lambda:
description: A JavaScript lambda function that is executed during certain events
inside FusionAuth.
type: object
properties:
body:
type: string
debug:
type: boolean
engineType:
"$ref": "#/components/schemas/LambdaEngineType"
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
name:
type: string
type:
"$ref": "#/components/schemas/LambdaType"
LambdaConfiguration:
type: object
properties:
accessTokenPopulateId:
type: string
format: uuid
idTokenPopulateId:
type: string
format: uuid
samlv2PopulateId:
type: string
format: uuid
selfServiceRegistrationValidationId:
type: string
format: uuid
userinfoPopulateId:
type: string
format: uuid
LambdaEngineType:
description: ''
type: string
enum:
- GraalJS
- Nashorn
LambdaRequest:
description: Lambda API request object.
type: object
properties:
lambda:
"$ref": "#/components/schemas/Lambda"
LambdaResponse:
description: Lambda API response object.
type: object
properties:
lambda:
"$ref": "#/components/schemas/Lambda"
lambdas:
type: array
items:
"$ref": "#/components/schemas/Lambda"
LambdaSearchCriteria:
description: Search criteria for Lambdas
type: object
properties:
body:
type: string
name:
type: string
type:
"$ref": "#/components/schemas/LambdaType"
numberOfResults:
type: integer
orderBy:
type: string
startRow:
type: integer
LambdaSearchRequest:
description: Search request for Lambdas
type: object
properties:
search:
"$ref": "#/components/schemas/LambdaSearchCriteria"
LambdaSearchResponse:
description: Lambda search response
type: object
properties:
lambdas:
type: array
items:
"$ref": "#/components/schemas/Lambda"
total:
type: integer
format: int64
LambdaType:
description: The types of lambdas that indicate how they are invoked by FusionAuth.
type: string
enum:
- JWTPopulate
- OpenIDReconcile
- SAMLv2Reconcile
- SAMLv2Populate
- AppleReconcile
- ExternalJWTReconcile
- FacebookReconcile
- GoogleReconcile
- HYPRReconcile
- TwitterReconcile
- LDAPConnectorReconcile
- LinkedInReconcile
- EpicGamesReconcile
- NintendoReconcile
- SonyPSNReconcile
- SteamReconcile
- TwitchReconcile
- XboxReconcile
- ClientCredentialsJWTPopulate
- SCIMServerGroupRequestConverter
- SCIMServerGroupResponseConverter
- SCIMServerUserRequestConverter
- SCIMServerUserResponseConverter
- SelfServiceRegistrationValidation
- UserInfoPopulate
- LoginValidation
LinkedInApplicationConfiguration:
description: ''
type: object
properties:
buttonText:
type: string
client_id:
type: string
client_secret:
type: string
scope:
type: string
data:
type: object
additionalProperties:
type: object
createRegistration:
type: boolean
LinkedInIdentityProvider:
description: ''
type: object
properties:
buttonText:
type: string
client_id:
type: string
client_secret:
type: string
scope:
type: string
data:
type: object
additionalProperties:
type: object
applicationConfiguration:
type: object
additionalProperties:
"$ref": "#/components/schemas/LinkedInApplicationConfiguration"
debug:
type: boolean
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lambdaConfiguration:
"$ref": "#/components/schemas/ProviderLambdaConfiguration"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
linkingStrategy:
"$ref": "#/components/schemas/IdentityProviderLinkingStrategy"
name:
type: string
tenantConfiguration:
type: object
additionalProperties:
"$ref": "#/components/schemas/IdentityProviderTenantConfiguration"
type:
"$ref": "#/components/schemas/IdentityProviderType"
LocalDate:
description: A date without a time-zone in the ISO-8601 calendar system, such
as 2007-12-03.
example: '2007-12-03'
pattern: "^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]$"
type: string
Locale:
description: A Locale object represents a specific geographical, political,
or cultural region.
example: en_US
type: string
LocalizedIntegers:
description: Models a set of localized Integers that can be stored as JSON.
type: object
properties: {}
LocalizedStrings:
description: Models a set of localized Strings that can be stored as JSON.
type: object
properties: {}
Location:
description: Location information. Useful for IP addresses and other displayable
data objects.
type: object
properties:
city:
type: string
country:
type: string
latitude:
type: number
format: double
longitude:
type: number
format: double
region:
type: string
zipcode:
type: string
displayString:
type: string
LogHistory:
description: A historical state of a user log event. Since events can be modified,
this stores the historical state.
type: object
properties:
historyItems:
type: array
items:
"$ref": "#/components/schemas/HistoryItem"
LoginConfiguration:
type: object
properties:
allowTokenRefresh:
type: boolean
generateRefreshTokens:
type: boolean
requireAuthentication:
type: boolean
LoginHintConfiguration:
description: ''
type: object
properties:
parameterName:
type: string
enabled:
type: boolean
LoginIdType:
type: string
enum:
- email
- username
LoginPingRequest:
description: Login Ping API request object.
type: object
properties:
userId:
type: string
format: uuid
applicationId:
type: string
format: uuid
ipAddress:
type: string
metaData:
"$ref": "#/components/schemas/MetaData"
newDevice:
type: boolean
noJWT:
type: boolean
LoginPreventedResponse:
description: The summary of the action that is preventing login to be returned
on the login response.
type: object
properties:
actionId:
type: string
format: uuid
actionerUserId:
type: string
format: uuid
expiry:
"$ref": "#/components/schemas/ZonedDateTime"
localizedName:
type: string
localizedOption:
type: string
localizedReason:
type: string
name:
type: string
option:
type: string
reason:
type: string
reasonCode:
type: string
LoginRecordConfiguration:
type: object
properties:
delete:
"$ref": "#/components/schemas/DeleteConfiguration"
LoginRecordExportRequest:
description: ''
type: object
properties:
criteria:
"$ref": "#/components/schemas/LoginRecordSearchCriteria"
dateTimeSecondsFormat:
type: string
zoneId:
"$ref": "#/components/schemas/ZoneId"
LoginRecordSearchCriteria:
description: ''
type: object
properties:
applicationId:
type: string
format: uuid
end:
"$ref": "#/components/schemas/ZonedDateTime"
start:
"$ref": "#/components/schemas/ZonedDateTime"
userId:
type: string
format: uuid
numberOfResults:
type: integer
orderBy:
type: string
startRow:
type: integer
LoginRecordSearchRequest:
description: ''
type: object
properties:
retrieveTotal:
type: boolean
search:
"$ref": "#/components/schemas/LoginRecordSearchCriteria"
LoginRecordSearchResponse:
description: A raw login record response
type: object
properties:
logins:
type: array
items:
"$ref": "#/components/schemas/DisplayableRawLogin"
total:
type: integer
format: int64
LoginReportResponse:
description: Response for the login report.
type: object
properties:
hourlyCounts:
type: array
items:
"$ref": "#/components/schemas/Count"
total:
type: integer
format: int64
LoginRequest:
description: Login API request object.
type: object
properties:
loginId:
type: string
oneTimePassword:
type: string
password:
type: string
twoFactorTrustId:
type: string
applicationId:
type: string
format: uuid
ipAddress:
type: string
metaData:
"$ref": "#/components/schemas/MetaData"
newDevice:
type: boolean
noJWT:
type: boolean
LoginResponse:
description: ''
type: object
properties:
actions:
type: array
items:
"$ref": "#/components/schemas/LoginPreventedResponse"
changePasswordId:
type: string
changePasswordReason:
"$ref": "#/components/schemas/ChangePasswordReason"
configurableMethods:
type: array
items:
type: string
emailVerificationId:
type: string
methods:
type: array
items:
"$ref": "#/components/schemas/TwoFactorMethod"
pendingIdPLinkId:
type: string
refreshToken:
type: string
refreshTokenId:
type: string
format: uuid
registrationVerificationId:
type: string
state:
type: object
additionalProperties:
type: object
threatsDetected:
type: array
uniqueItems: true
items: {}
token:
type: string
tokenExpirationInstant:
"$ref": "#/components/schemas/ZonedDateTime"
trustToken:
type: string
twoFactorId:
type: string
twoFactorTrustId:
type: string
user:
"$ref": "#/components/schemas/User"
LogoutBehavior:
description: ''
type: string
enum:
- RedirectOnly
- AllApplications
LogoutRequest:
description: Request for the Logout API that can be used as an alternative to
URL parameters.
type: object
properties:
global:
type: boolean
refreshToken:
type: string
eventInfo:
"$ref": "#/components/schemas/EventInfo"
LookupResponse:
description: ''
type: object
properties:
identityProvider:
"$ref": "#/components/schemas/IdentityProviderDetails"
ManagedFields:
description: 'This class contains the managed fields that are also put into
the database during FusionAuth setup.
Internal Note: These fields are
also declared in SQL in order to bootstrap the system. These need to stay
in sync. Any changes to these fields needs to also be reflected in mysql.sql
and postgresql.sql'
type: object
properties: {}
MaximumPasswordAge:
description: ''
type: object
properties:
days:
type: integer
enabled:
type: boolean
MemberDeleteRequest:
description: Group Member Delete Request
type: object
properties:
memberIds:
type: array
items:
type: string
format: uuid
members:
type: array
items:
type: string
format: uuid
MemberRequest:
description: Group Member Request
type: object
properties:
members:
type: array
items:
"$ref": "#/components/schemas/GroupMember"
MemberResponse:
description: Group Member Response
type: object
properties:
members:
type: array
items:
"$ref": "#/components/schemas/GroupMember"
Message:
description: ''
type: object
properties: {}
MessageTemplate:
description: Stores an message template used to distribute messages;
type: object
properties:
data:
type: object
additionalProperties:
type: object
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
name:
type: string
type:
"$ref": "#/components/schemas/MessageType"
MessageTemplateRequest:
description: A Message Template Request to the API
type: object
properties:
messageTemplate:
"$ref": "#/components/schemas/MessageTemplate"
MessageTemplateResponse:
description: ''
type: object
properties:
messageTemplate:
"$ref": "#/components/schemas/MessageTemplate"
messageTemplates:
type: array
items:
"$ref": "#/components/schemas/MessageTemplate"
MessageType:
description: ''
type: string
enum:
- SMS
MessengerRequest:
description: ''
type: object
properties:
messenger:
"$ref": "#/components/schemas/BaseMessengerConfiguration"
MessengerResponse:
description: ''
type: object
properties:
messenger:
"$ref": "#/components/schemas/BaseMessengerConfiguration"
messengers:
type: array
items:
"$ref": "#/components/schemas/BaseMessengerConfiguration"
MessengerTransport:
description: ''
type: object
properties: {}
MessengerType:
description: ''
type: string
enum:
- Generic
- Kafka
- Twilio
MetaData:
type: object
properties:
data:
type: object
additionalProperties:
type: object
device:
"$ref": "#/components/schemas/DeviceInfo"
scopes:
type: array
uniqueItems: true
items: {}
MinimumPasswordAge:
description: ''
type: object
properties:
seconds:
type: integer
enabled:
type: boolean
MonthlyActiveUserReportResponse:
description: Response for the daily active user report.
type: object
properties:
monthlyActiveUsers:
type: array
items:
"$ref": "#/components/schemas/Count"
total:
type: integer
format: int64
MultiFactorAuthenticatorMethod:
type: object
properties:
algorithm:
"$ref": "#/components/schemas/TOTPAlgorithm"
codeLength:
type: integer
timeStep:
type: integer
enabled:
type: boolean
MultiFactorEmailMethod:
type: object
properties:
templateId:
type: string
format: uuid
enabled:
type: boolean
MultiFactorEmailTemplate:
type: object
properties:
templateId:
type: string
format: uuid
MultiFactorLoginPolicy:
description: ''
type: string
enum:
- Disabled
- Enabled
- Required
MultiFactorSMSMethod:
type: object
properties:
messengerId:
type: string
format: uuid
templateId:
type: string
format: uuid
enabled:
type: boolean
MultiFactorSMSTemplate:
type: object
properties:
templateId:
type: string
format: uuid
NintendoApplicationConfiguration:
description: ''
type: object
properties:
buttonText:
type: string
client_id:
type: string
client_secret:
type: string
emailClaim:
type: string
scope:
type: string
uniqueIdClaim:
type: string
usernameClaim:
type: string
data:
type: object
additionalProperties:
type: object
createRegistration:
type: boolean
NintendoIdentityProvider:
description: Nintendo gaming login provider.
type: object
properties:
buttonText:
type: string
client_id:
type: string
client_secret:
type: string
emailClaim:
type: string
scope:
type: string
uniqueIdClaim:
type: string
usernameClaim:
type: string
data:
type: object
additionalProperties:
type: object
applicationConfiguration:
type: object
additionalProperties:
"$ref": "#/components/schemas/NintendoApplicationConfiguration"
debug:
type: boolean
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lambdaConfiguration:
"$ref": "#/components/schemas/ProviderLambdaConfiguration"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
linkingStrategy:
"$ref": "#/components/schemas/IdentityProviderLinkingStrategy"
name:
type: string
tenantConfiguration:
type: object
additionalProperties:
"$ref": "#/components/schemas/IdentityProviderTenantConfiguration"
type:
"$ref": "#/components/schemas/IdentityProviderType"
NonTransactionalEvent:
description: A marker interface indicating this event cannot be made transactional.
type: object
properties: {}
OAuth2Configuration:
description: ''
type: object
properties:
authorizedOriginURLs:
type: array
items:
type: string
format: URI
authorizedRedirectURLs:
type: array
items:
type: string
format: URI
authorizedURLValidationPolicy:
"$ref": "#/components/schemas/Oauth2AuthorizedURLValidationPolicy"
clientAuthenticationPolicy:
"$ref": "#/components/schemas/ClientAuthenticationPolicy"
clientId:
type: string
clientSecret:
type: string
consentMode:
"$ref": "#/components/schemas/OAuthScopeConsentMode"
debug:
type: boolean
deviceVerificationURL:
type: string
format: URI
enabledGrants:
type: array
uniqueItems: true
items: {}
generateRefreshTokens:
type: boolean
logoutBehavior:
"$ref": "#/components/schemas/LogoutBehavior"
logoutURL:
type: string
format: URI
proofKeyForCodeExchangePolicy:
"$ref": "#/components/schemas/ProofKeyForCodeExchangePolicy"
providedScopePolicy:
"$ref": "#/components/schemas/ProvidedScopePolicy"
relationship:
"$ref": "#/components/schemas/OAuthApplicationRelationship"
requireClientAuthentication:
type: boolean
requireRegistration:
type: boolean
scopeHandlingPolicy:
"$ref": "#/components/schemas/OAuthScopeHandlingPolicy"
unknownScopePolicy:
"$ref": "#/components/schemas/UnknownScopePolicy"
OAuthApplicationRelationship:
description: The application's relationship to the authorization server. First-party
applications will be granted implicit permission for requested scopes. Third-party
applications will use the {@link OAuthScopeConsentMode} policy.
type: string
enum:
- FirstParty
- ThirdParty
OAuthConfigurationResponse:
description: ''
type: object
properties:
httpSessionMaxInactiveInterval:
type: integer
logoutURL:
type: string
format: URI
oauthConfiguration:
"$ref": "#/components/schemas/OAuth2Configuration"
OAuthError:
description: ''
type: object
properties:
change_password_id:
type: string
error_description:
type: string
error:
"$ref": "#/components/schemas/OAuthErrorType"
error_uri:
type: string
two_factor_methods:
type: array
items:
"$ref": "#/components/schemas/TwoFactorMethod"
error_reason:
"$ref": "#/components/schemas/OAuthErrorReason"
two_factor_id:
type: string
OAuthErrorReason:
type: string
enum:
- auth_code_not_found
- access_token_malformed
- access_token_expired
- access_token_unavailable_for_processing
- access_token_failed_processing
- access_token_invalid
- access_token_required
- refresh_token_not_found
- refresh_token_type_not_supported
- invalid_client_id
- invalid_user_credentials
- invalid_grant_type
- invalid_origin
- invalid_origin_opaque
- invalid_pkce_code_verifier
- invalid_pkce_code_challenge
- invalid_pkce_code_challenge_method
- invalid_redirect_uri
- invalid_response_mode
- invalid_response_type
- invalid_id_token_hint
- invalid_post_logout_redirect_uri
- invalid_device_code
- invalid_user_code
- invalid_additional_client_id
- invalid_target_entity_scope
- invalid_entity_permission_scope
- invalid_user_id
- grant_type_disabled
- missing_client_id
- missing_client_secret
- missing_code
- missing_code_challenge
- missing_code_verifier
- missing_device_code
- missing_grant_type
- missing_redirect_uri
- missing_refresh_token
- missing_response_type
- missing_token
- missing_user_code
- missing_user_id
- missing_verification_uri
- login_prevented
- not_licensed
- user_code_expired
- user_expired
- user_locked
- user_not_found
- client_authentication_missing
- invalid_client_authentication_scheme
- invalid_client_authentication
- client_id_mismatch
- change_password_administrative
- change_password_breached
- change_password_expired
- change_password_validation
- unknown
- missing_required_scope
- unknown_scope
- consent_canceled
OAuthErrorType:
type: string
enum:
- invalid_request
- invalid_client
- invalid_grant
- invalid_token
- unauthorized_client
- invalid_scope
- server_error
- unsupported_grant_type
- unsupported_response_type
- access_denied
- change_password_required
- not_licensed
- two_factor_required
- authorization_pending
- expired_token
- unsupported_token_type
OAuthResponse:
description: ''
type: object
properties: {}
OAuthScopeConsentMode:
description: Controls the policy for requesting user permission to grant access
to requested scopes during an OAuth workflow for a third-party application.
type: string
enum:
- AlwaysPrompt
- RememberDecision
- NeverPrompt
OAuthScopeHandlingPolicy:
description: Controls the policy for whether OAuth workflows will more strictly
adhere to the OAuth and OIDC specification or run in backwards compatibility
mode.
type: string
enum:
- Compatibility
- Strict
Oauth2AuthorizedURLValidationPolicy:
description: ''
type: string
enum:
- AllowWildcards
- ExactMatch
ObjectIdentifiable:
description: A marker interface indicating this event is an event that can supply
a linked object Id.
type: object
properties: {}
ObjectState:
description: ''
type: string
enum:
- Active
- Inactive
- PendingDelete
OpenIdConfiguration:
description: OpenID Connect Configuration as described by the OpenID Provider
Metadata.
type: object
properties:
authorization_endpoint:
type: string
backchannel_logout_supported:
type: boolean
claims_supported:
type: array
items:
type: string
device_authorization_endpoint:
type: string
end_session_endpoint:
type: string
frontchannel_logout_supported:
type: boolean
grant_types_supported:
type: array
items:
type: string
id_token_signing_alg_values_supported:
type: array
items:
type: string
issuer:
type: string
jwks_uri:
type: string
response_modes_supported:
type: array
items:
type: string
response_types_supported:
type: array
items:
type: string
scopes_supported:
type: array
items:
type: string
subject_types_supported:
type: array
items:
type: string
token_endpoint:
type: string
token_endpoint_auth_methods_supported:
type: array
items:
type: string
userinfo_endpoint:
type: string
userinfo_signing_alg_values_supported:
type: array
items:
type: string
OpenIdConnectApplicationConfiguration:
description: ''
type: object
properties:
buttonImageURL:
type: string
format: URI
buttonText:
type: string
oauth2:
"$ref": "#/components/schemas/IdentityProviderOauth2Configuration"
data:
type: object
additionalProperties:
type: object
createRegistration:
type: boolean
OpenIdConnectIdentityProvider:
description: ''
type: object
properties:
domains:
type: array
uniqueItems: true
items: {}
buttonImageURL:
type: string
format: URI
buttonText:
type: string
oauth2:
"$ref": "#/components/schemas/IdentityProviderOauth2Configuration"
postRequest:
type: boolean
data:
type: object
additionalProperties:
type: object
applicationConfiguration:
type: object
additionalProperties:
"$ref": "#/components/schemas/OpenIdConnectApplicationConfiguration"
debug:
type: boolean
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lambdaConfiguration:
"$ref": "#/components/schemas/ProviderLambdaConfiguration"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
linkingStrategy:
"$ref": "#/components/schemas/IdentityProviderLinkingStrategy"
name:
type: string
tenantConfiguration:
type: object
additionalProperties:
"$ref": "#/components/schemas/IdentityProviderTenantConfiguration"
type:
"$ref": "#/components/schemas/IdentityProviderType"
PasswordBreachDetection:
description: ''
type: object
properties:
matchMode:
"$ref": "#/components/schemas/BreachMatchMode"
notifyUserEmailTemplateId:
type: string
format: uuid
onLogin:
"$ref": "#/components/schemas/BreachAction"
enabled:
type: boolean
PasswordEncryptionConfiguration:
description: Password Encryption Scheme Configuration
type: object
properties:
encryptionScheme:
type: string
encryptionSchemeFactor:
type: integer
modifyEncryptionSchemeOnLogin:
type: boolean
PasswordValidationRules:
description: ''
type: object
properties:
breachDetection:
"$ref": "#/components/schemas/PasswordBreachDetection"
maxLength:
type: integer
minLength:
type: integer
rememberPreviousPasswords:
"$ref": "#/components/schemas/RememberPreviousPasswords"
requireMixedCase:
type: boolean
requireNonAlpha:
type: boolean
requireNumber:
type: boolean
validateOnLogin:
type: boolean
PasswordValidationRulesResponse:
description: ''
type: object
properties:
passwordValidationRules:
"$ref": "#/components/schemas/PasswordValidationRules"
PasswordlessConfiguration:
type: object
properties:
enabled:
type: boolean
PasswordlessIdentityProvider:
description: Interface for all identity providers that are passwordless and
do not accept a password.
type: object
properties: {}
PasswordlessLoginRequest:
description: ''
type: object
properties:
code:
type: string
twoFactorTrustId:
type: string
applicationId:
type: string
format: uuid
ipAddress:
type: string
metaData:
"$ref": "#/components/schemas/MetaData"
newDevice:
type: boolean
noJWT:
type: boolean
PasswordlessSendRequest:
description: ''
type: object
properties:
applicationId:
type: string
format: uuid
code:
type: string
loginId:
type: string
state:
type: object
additionalProperties:
type: object
PasswordlessStartRequest:
description: ''
type: object
properties:
applicationId:
type: string
format: uuid
loginId:
type: string
state:
type: object
additionalProperties:
type: object
PasswordlessStartResponse:
description: ''
type: object
properties:
code:
type: string
PendingIdPLink:
description: ''
type: object
properties:
displayName:
type: string
email:
type: string
identityProviderId:
type: string
format: uuid
identityProviderLinks:
type: array
items:
"$ref": "#/components/schemas/IdentityProviderLink"
identityProviderName:
type: string
identityProviderTenantConfiguration:
"$ref": "#/components/schemas/IdentityProviderTenantConfiguration"
identityProviderType:
"$ref": "#/components/schemas/IdentityProviderType"
identityProviderUserId:
type: string
user:
"$ref": "#/components/schemas/User"
username:
type: string
PendingResponse:
description: ''
type: object
properties:
users:
type: array
items:
"$ref": "#/components/schemas/User"
PreviewMessageTemplateRequest:
description: ''
type: object
properties:
locale:
"$ref": "#/components/schemas/Locale"
messageTemplate:
"$ref": "#/components/schemas/MessageTemplate"
PreviewMessageTemplateResponse:
description: ''
type: object
properties:
errors:
"$ref": "#/components/schemas/Errors"
message:
"$ref": "#/components/schemas/SMSMessage"
PreviewRequest:
description: ''
type: object
properties:
emailTemplate:
"$ref": "#/components/schemas/EmailTemplate"
locale:
"$ref": "#/components/schemas/Locale"
PreviewResponse:
description: ''
type: object
properties:
email:
"$ref": "#/components/schemas/Email"
errors:
"$ref": "#/components/schemas/Errors"
ProofKeyForCodeExchangePolicy:
description: ''
type: string
enum:
- Required
- NotRequired
- NotRequiredWhenUsingClientAuthentication
ProvidedScopePolicy:
description: The handling policy for scopes provided by FusionAuth
type: object
properties:
address:
"$ref": "#/components/schemas/Requirable"
email:
"$ref": "#/components/schemas/Requirable"
phone:
"$ref": "#/components/schemas/Requirable"
profile:
"$ref": "#/components/schemas/Requirable"
ProviderLambdaConfiguration:
type: object
properties:
reconcileId:
type: string
format: uuid
PublicKeyCredentialCreationOptions:
description: Allows the Relying Party to specify desired attributes of a new
credential.
type: object
properties:
attestation:
"$ref": "#/components/schemas/AttestationConveyancePreference"
authenticatorSelection:
"$ref": "#/components/schemas/AuthenticatorSelectionCriteria"
challenge:
type: string
excludeCredentials:
type: array
items:
"$ref": "#/components/schemas/PublicKeyCredentialDescriptor"
extensions:
"$ref": "#/components/schemas/WebAuthnRegistrationExtensionOptions"
pubKeyCredParams:
type: array
items:
"$ref": "#/components/schemas/PublicKeyCredentialParameters"
rp:
"$ref": "#/components/schemas/PublicKeyCredentialRelyingPartyEntity"
timeout:
type: integer
format: int64
user:
"$ref": "#/components/schemas/PublicKeyCredentialUserEntity"
PublicKeyCredentialDescriptor:
description: Contains attributes for the Relying Party to refer to an existing
public key credential as an input parameter.
type: object
properties:
id:
type: string
transports:
type: array
items:
type: string
type:
"$ref": "#/components/schemas/PublicKeyCredentialType"
PublicKeyCredentialEntity:
description: Describes a user account or WebAuthn Relying Party associated with
a public key credential
type: object
properties:
name:
type: string
PublicKeyCredentialParameters:
description: Supply information on credential type and algorithm to the authenticator.
type: object
properties:
alg:
"$ref": "#/components/schemas/CoseAlgorithmIdentifier"
type:
"$ref": "#/components/schemas/PublicKeyCredentialType"
PublicKeyCredentialRelyingPartyEntity:
description: Supply additional information about the Relying Party when creating
a new credential
type: object
properties:
id:
type: string
name:
type: string
PublicKeyCredentialRequestOptions:
description: Provides the authenticator with the data it needs to generate
an assertion.
type: object
properties:
allowCredentials:
type: array
items:
"$ref": "#/components/schemas/PublicKeyCredentialDescriptor"
challenge:
type: string
rpId:
type: string
timeout:
type: integer
format: int64
userVerification:
"$ref": "#/components/schemas/UserVerificationRequirement"
PublicKeyCredentialType:
description: Defines valid credential types. This is an extension point in the
WebAuthn spec. The only defined value at this time is "public-key"
type: string
enum:
- publicKey
PublicKeyCredentialUserEntity:
description: Supply additional information about the user account when creating
a new credential
type: object
properties:
displayName:
type: string
id:
type: string
name:
type: string
PublicKeyResponse:
description: JWT Public Key Response Object
type: object
properties:
publicKey:
type: string
publicKeys:
type: object
additionalProperties:
type: string
RateLimitedRequestConfiguration:
description: ''
type: object
properties:
limit:
type: integer
timePeriodInSeconds:
type: integer
enabled:
type: boolean
RateLimitedRequestType:
description: ''
type: string
enum:
- FailedLogin
- ForgotPassword
- SendEmailVerification
- SendPasswordless
- SendRegistrationVerification
- SendTwoFactor
RawLogin:
description: Raw login information for each time a user logs into an application.
type: object
properties:
applicationId:
type: string
format: uuid
instant:
"$ref": "#/components/schemas/ZonedDateTime"
ipAddress:
type: string
userId:
type: string
format: uuid
ReactorFeatureStatus:
description: ''
type: string
enum:
- ACTIVE
- DISCONNECTED
- PENDING
- DISABLED
- UNKNOWN
ReactorMetrics:
description: ''
type: object
properties:
breachedPasswordMetrics:
type: object
additionalProperties:
"$ref": "#/components/schemas/BreachedPasswordTenantMetric"
ReactorMetricsResponse:
description: ''
type: object
properties:
metrics:
"$ref": "#/components/schemas/ReactorMetrics"
ReactorRequest:
description: Request for managing FusionAuth Reactor and licenses.
type: object
properties:
license:
type: string
licenseId:
type: string
ReactorResponse:
description: ''
type: object
properties:
status:
"$ref": "#/components/schemas/ReactorStatus"
ReactorStatus:
description: ''
type: object
properties:
advancedIdentityProviders:
"$ref": "#/components/schemas/ReactorFeatureStatus"
advancedLambdas:
"$ref": "#/components/schemas/ReactorFeatureStatus"
advancedMultiFactorAuthentication:
"$ref": "#/components/schemas/ReactorFeatureStatus"
advancedOAuthScopes:
"$ref": "#/components/schemas/ReactorFeatureStatus"
advancedOAuthScopesCustomScopes:
"$ref": "#/components/schemas/ReactorFeatureStatus"
advancedOAuthScopesThirdPartyApplications:
"$ref": "#/components/schemas/ReactorFeatureStatus"
advancedRegistration:
"$ref": "#/components/schemas/ReactorFeatureStatus"
applicationMultiFactorAuthentication:
"$ref": "#/components/schemas/ReactorFeatureStatus"
applicationThemes:
"$ref": "#/components/schemas/ReactorFeatureStatus"
breachedPasswordDetection:
"$ref": "#/components/schemas/ReactorFeatureStatus"
connectors:
"$ref": "#/components/schemas/ReactorFeatureStatus"
entityManagement:
"$ref": "#/components/schemas/ReactorFeatureStatus"
expiration:
"$ref": "#/components/schemas/LocalDate"
licenseAttributes:
type: object
additionalProperties:
type: string
licensed:
type: boolean
scimServer:
"$ref": "#/components/schemas/ReactorFeatureStatus"
threatDetection:
"$ref": "#/components/schemas/ReactorFeatureStatus"
webAuthn:
"$ref": "#/components/schemas/ReactorFeatureStatus"
webAuthnPlatformAuthenticators:
"$ref": "#/components/schemas/ReactorFeatureStatus"
webAuthnRoamingAuthenticators:
"$ref": "#/components/schemas/ReactorFeatureStatus"
RecentLoginResponse:
description: Response for the user login report.
type: object
properties:
logins:
type: array
items:
"$ref": "#/components/schemas/DisplayableRawLogin"
RefreshRequest:
description: ''
type: object
properties:
refreshToken:
type: string
token:
type: string
eventInfo:
"$ref": "#/components/schemas/EventInfo"
RefreshResponse:
description: ''
type: object
properties: {}
RefreshToken:
description: Models a JWT Refresh Token.
type: object
properties:
applicationId:
type: string
format: uuid
data:
type: object
additionalProperties:
type: object
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
metaData:
"$ref": "#/components/schemas/MetaData"
startInstant:
"$ref": "#/components/schemas/ZonedDateTime"
tenantId:
type: string
format: uuid
token:
type: string
userId:
type: string
format: uuid
RefreshTokenExpirationPolicy:
description: ''
type: string
enum:
- Fixed
- SlidingWindow
- SlidingWindowWithMaximumLifetime
RefreshTokenImportRequest:
description: Refresh Token Import request.
type: object
properties:
refreshTokens:
type: array
items:
"$ref": "#/components/schemas/RefreshToken"
validateDbConstraints:
type: boolean
RefreshTokenOneTimeUseConfiguration:
description: Refresh token one-time use configuration. This configuration is
utilized when the usage policy is configured for one-time use.
type: object
properties:
gracePeriodInSeconds:
type: integer
RefreshTokenResponse:
description: API response for retrieving Refresh Tokens
type: object
properties:
refreshToken:
"$ref": "#/components/schemas/RefreshToken"
refreshTokens:
type: array
items:
"$ref": "#/components/schemas/RefreshToken"
RefreshTokenRevocationPolicy:
description: ''
type: object
properties:
onLoginPrevented:
type: boolean
onMultiFactorEnable:
type: boolean
onOneTimeTokenReuse:
type: boolean
onPasswordChanged:
type: boolean
RefreshTokenRevokeRequest:
description: Request for the Refresh Token API to revoke a refresh token rather
than using the URL parameters.
type: object
properties:
applicationId:
type: string
format: uuid
token:
type: string
userId:
type: string
format: uuid
eventInfo:
"$ref": "#/components/schemas/EventInfo"
RefreshTokenSlidingWindowConfiguration:
description: ''
type: object
properties:
maximumTimeToLiveInMinutes:
type: integer
RefreshTokenUsagePolicy:
description: ''
type: string
enum:
- Reusable
- OneTimeUse
RegistrationConfiguration:
type: object
properties:
birthDate:
"$ref": "#/components/schemas/Requirable"
confirmPassword:
type: boolean
firstName:
"$ref": "#/components/schemas/Requirable"
formId:
type: string
format: uuid
fullName:
"$ref": "#/components/schemas/Requirable"
lastName:
"$ref": "#/components/schemas/Requirable"
loginIdType:
"$ref": "#/components/schemas/LoginIdType"
middleName:
"$ref": "#/components/schemas/Requirable"
mobilePhone:
"$ref": "#/components/schemas/Requirable"
preferredLanguages:
"$ref": "#/components/schemas/Requirable"
type:
"$ref": "#/components/schemas/RegistrationType"
enabled:
type: boolean
RegistrationDeleteRequest:
description: Registration delete API request object.
type: object
properties:
eventInfo:
"$ref": "#/components/schemas/EventInfo"
RegistrationReportResponse:
description: Response for the registration report.
type: object
properties:
hourlyCounts:
type: array
items:
"$ref": "#/components/schemas/Count"
total:
type: integer
format: int64
RegistrationRequest:
description: Registration API request object.
type: object
properties:
disableDomainBlock:
type: boolean
generateAuthenticationToken:
type: boolean
registration:
"$ref": "#/components/schemas/UserRegistration"
sendSetPasswordEmail:
type: boolean
skipRegistrationVerification:
type: boolean
skipVerification:
type: boolean
user:
"$ref": "#/components/schemas/User"
eventInfo:
"$ref": "#/components/schemas/EventInfo"
RegistrationResponse:
description: Registration API request object.
type: object
properties:
refreshToken:
type: string
refreshTokenId:
type: string
format: uuid
registration:
"$ref": "#/components/schemas/UserRegistration"
registrationVerificationId:
type: string
registrationVerificationOneTimeCode:
type: string
token:
type: string
tokenExpirationInstant:
"$ref": "#/components/schemas/ZonedDateTime"
user:
"$ref": "#/components/schemas/User"
RegistrationType:
type: string
enum:
- basic
- advanced
RegistrationUnverifiedOptions:
description: ''
type: object
properties:
behavior:
"$ref": "#/components/schemas/UnverifiedBehavior"
ReindexRequest:
description: Reindex API request
type: object
properties:
index:
type: string
ReloadRequest:
description: ''
type: object
properties:
names:
type: array
items:
type: string
RememberPreviousPasswords:
description: ''
type: object
properties:
count:
type: integer
enabled:
type: boolean
Requirable:
description: Something that can be required and thus also optional. This currently
extends Enableable because anything that is requiredoptional is almost always
enableable as well.
type: object
properties:
required:
type: boolean
enabled:
type: boolean
RequiresCORSConfiguration:
description: Interface describing the need for CORS configuration.
type: object
properties: {}
ResidentKeyRequirement:
description: Describes the Relying Party's requirements for client-side discoverable
credentials (formerly known as "resident keys")
type: string
enum:
- discouraged
- preferred
- required
SAMLLogoutBehavior:
type: string
enum:
- AllParticipants
- OnlyOriginator
SAMLv2ApplicationConfiguration:
description: ''
type: object
properties:
buttonImageURL:
type: string
format: URI
buttonText:
type: string
data:
type: object
additionalProperties:
type: object
createRegistration:
type: boolean
SAMLv2AssertionConfiguration:
description: ''
type: object
properties:
destination:
"$ref": "#/components/schemas/SAMLv2DestinationAssertionConfiguration"
SAMLv2AssertionDecryptionConfiguration:
description: Configuration for encrypted assertions when acting as SAML Service
Provider
type: object
properties:
keyTransportDecryptionKeyId:
type: string
format: uuid
enabled:
type: boolean
SAMLv2AssertionEncryptionConfiguration:
type: object
properties:
digestAlgorithm:
type: string
encryptionAlgorithm:
type: string
keyLocation:
type: string
keyTransportAlgorithm:
type: string
keyTransportEncryptionKeyId:
type: string
format: uuid
maskGenerationFunction:
type: string
enabled:
type: boolean
SAMLv2Configuration:
type: object
properties:
assertionEncryptionConfiguration:
"$ref": "#/components/schemas/SAMLv2AssertionEncryptionConfiguration"
audience:
type: string
authorizedRedirectURLs:
type: array
items:
type: string
format: URI
debug:
type: boolean
defaultVerificationKeyId:
type: string
format: uuid
initiatedLogin:
"$ref": "#/components/schemas/SAMLv2IdPInitiatedLoginConfiguration"
issuer:
type: string
keyId:
type: string
format: uuid
loginHintConfiguration:
"$ref": "#/components/schemas/LoginHintConfiguration"
logout:
"$ref": "#/components/schemas/SAMLv2Logout"
logoutURL:
type: string
format: URI
requireSignedRequests:
type: boolean
xmlSignatureC14nMethod:
"$ref": "#/components/schemas/CanonicalizationMethod"
xmlSignatureLocation:
"$ref": "#/components/schemas/XMLSignatureLocation"
callbackURL:
type: string
format: URI
enabled:
type: boolean
SAMLv2DestinationAssertionConfiguration:
description: ''
type: object
properties:
alternates:
type: array
items:
type: string
policy:
"$ref": "#/components/schemas/SAMLv2DestinationAssertionPolicy"
SAMLv2DestinationAssertionPolicy:
description: ''
type: string
enum:
- Enabled
- Disabled
- AllowAlternates
SAMLv2IdPInitiatedApplicationConfiguration:
description: ''
type: object
properties:
data:
type: object
additionalProperties:
type: object
createRegistration:
type: boolean
SAMLv2IdPInitiatedIdentityProvider:
description: SAML v2 IdP Initiated identity provider configuration.
type: object
properties:
issuer:
type: string
assertionDecryptionConfiguration:
"$ref": "#/components/schemas/SAMLv2AssertionDecryptionConfiguration"
emailClaim:
type: string
keyId:
type: string
format: uuid
uniqueIdClaim:
type: string
useNameIdForEmail:
type: boolean
usernameClaim:
type: string
SAMLv2IdPInitiatedLoginConfiguration:
description: IdP Initiated login configuration
type: object
properties:
nameIdFormat:
type: string
enabled:
type: boolean
SAMLv2IdentityProvider:
description: SAML v2 identity provider configuration.
type: object
properties:
domains:
type: array
uniqueItems: true
items: {}
assertionConfiguration:
"$ref": "#/components/schemas/SAMLv2AssertionConfiguration"
buttonImageURL:
type: string
format: URI
buttonText:
type: string
idpEndpoint:
type: string
format: URI
idpInitiatedConfiguration:
"$ref": "#/components/schemas/SAMLv2IdpInitiatedConfiguration"
issuer:
type: string
loginHintConfiguration:
"$ref": "#/components/schemas/LoginHintConfiguration"
nameIdFormat:
type: string
postRequest:
type: boolean
requestSigningKeyId:
type: string
format: uuid
signRequest:
type: boolean
xmlSignatureC14nMethod:
"$ref": "#/components/schemas/CanonicalizationMethod"
assertionDecryptionConfiguration:
"$ref": "#/components/schemas/SAMLv2AssertionDecryptionConfiguration"
emailClaim:
type: string
keyId:
type: string
format: uuid
uniqueIdClaim:
type: string
useNameIdForEmail:
type: boolean
usernameClaim:
type: string
SAMLv2IdpInitiatedConfiguration:
description: Config for regular SAML IDP configurations that support IdP initiated
requests
type: object
properties:
issuer:
type: string
enabled:
type: boolean
SAMLv2Logout:
type: object
properties:
behavior:
"$ref": "#/components/schemas/SAMLLogoutBehavior"
defaultVerificationKeyId:
type: string
format: uuid
keyId:
type: string
format: uuid
requireSignedRequests:
type: boolean
singleLogout:
"$ref": "#/components/schemas/SAMLv2SingleLogout"
xmlSignatureC14nMethod:
"$ref": "#/components/schemas/CanonicalizationMethod"
SAMLv2SingleLogout:
type: object
properties:
keyId:
type: string
format: uuid
url:
type: string
format: URI
xmlSignatureC14nMethod:
"$ref": "#/components/schemas/CanonicalizationMethod"
enabled:
type: boolean
SMSMessage:
description: ''
type: object
properties:
phoneNumber:
type: string
textMessage:
type: string
SMSMessageTemplate:
description: ''
type: object
properties:
defaultTemplate:
type: string
localizedTemplates:
"$ref": "#/components/schemas/LocalizedStrings"
SearchRequest:
description: Search API request.
type: object
properties:
search:
"$ref": "#/components/schemas/UserSearchCriteria"
expand:
type: array
items:
type: string
SearchResponse:
description: Search API response.
type: object
properties:
total:
type: integer
format: int64
nextResults:
type: string
users:
type: array
items:
"$ref": "#/components/schemas/User"
expandable:
type: array
items:
type: string
SearchResults:
description: Search results.
type: object
properties:
nextResults:
type: string
results:
type: array
items:
type: object
total:
type: integer
format: int64
totalEqualToActual:
type: boolean
SecretResponse:
description: ''
type: object
properties:
secret:
type: string
secretBase32Encoded:
type: string
SecureGeneratorConfiguration:
description: ''
type: object
properties:
length:
type: integer
type:
"$ref": "#/components/schemas/SecureGeneratorType"
SecureGeneratorType:
description: ''
type: string
enum:
- randomDigits
- randomBytes
- randomAlpha
- randomAlphaNumeric
SecureIdentity:
description: ''
type: object
properties:
breachedPasswordLastCheckedInstant:
"$ref": "#/components/schemas/ZonedDateTime"
breachedPasswordStatus:
"$ref": "#/components/schemas/BreachedPasswordStatus"
connectorId:
type: string
format: uuid
encryptionScheme:
type: string
factor:
type: integer
id:
type: string
format: uuid
lastLoginInstant:
"$ref": "#/components/schemas/ZonedDateTime"
password:
type: string
passwordChangeReason:
"$ref": "#/components/schemas/ChangePasswordReason"
passwordChangeRequired:
type: boolean
passwordLastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
salt:
type: string
uniqueUsername:
type: string
username:
type: string
usernameStatus:
"$ref": "#/components/schemas/ContentStatus"
verified:
type: boolean
verifiedInstant:
"$ref": "#/components/schemas/ZonedDateTime"
SelfServiceFormConfiguration:
description: ''
type: object
properties:
requireCurrentPasswordOnPasswordChange:
type: boolean
SendRequest:
description: ''
type: object
properties:
applicationId:
type: string
format: uuid
bccAddresses:
type: array
items:
type: string
ccAddresses:
type: array
items:
type: string
preferredLanguages:
type: array
items:
"$ref": "#/components/schemas/Locale"
requestData:
type: object
additionalProperties:
type: object
toAddresses:
type: array
items:
"$ref": "#/components/schemas/EmailAddress"
userIds:
type: array
items:
type: string
format: uuid
SendResponse:
description: ''
type: object
properties:
anonymousResults:
type: object
additionalProperties:
"$ref": "#/components/schemas/EmailTemplateErrors"
results:
type: object
additionalProperties:
"$ref": "#/components/schemas/EmailTemplateErrors"
SimpleThemeVariables:
description: Theme object for values used in the css variables for simple themes.
type: object
properties:
alertBackgroundColor:
type: string
alertFontColor:
type: string
backgroundImageURL:
type: string
format: URI
backgroundSize:
type: string
borderRadius:
type: string
deleteButtonColor:
type: string
deleteButtonFocusColor:
type: string
deleteButtonTextColor:
type: string
deleteButtonTextFocusColor:
type: string
errorFontColor:
type: string
errorIconColor:
type: string
fontColor:
type: string
fontFamily:
type: string
footerDisplay:
type: boolean
iconBackgroundColor:
type: string
iconColor:
type: string
infoIconColor:
type: string
inputBackgroundColor:
type: string
inputIconColor:
type: string
inputTextColor:
type: string
linkTextColor:
type: string
linkTextFocusColor:
type: string
logoImageSize:
type: string
logoImageURL:
type: string
format: URI
monoFontColor:
type: string
monoFontFamily:
type: string
pageBackgroundColor:
type: string
panelBackgroundColor:
type: string
primaryButtonColor:
type: string
primaryButtonFocusColor:
type: string
primaryButtonTextColor:
type: string
primaryButtonTextFocusColor:
type: string
SonyPSNApplicationConfiguration:
description: ''
type: object
properties:
buttonText:
type: string
client_id:
type: string
client_secret:
type: string
scope:
type: string
data:
type: object
additionalProperties:
type: object
createRegistration:
type: boolean
SonyPSNIdentityProvider:
description: SonyPSN gaming login provider.
type: object
properties:
buttonText:
type: string
client_id:
type: string
client_secret:
type: string
scope:
type: string
data:
type: object
additionalProperties:
type: object
applicationConfiguration:
type: object
additionalProperties:
"$ref": "#/components/schemas/SonyPSNApplicationConfiguration"
debug:
type: boolean
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lambdaConfiguration:
"$ref": "#/components/schemas/ProviderLambdaConfiguration"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
linkingStrategy:
"$ref": "#/components/schemas/IdentityProviderLinkingStrategy"
name:
type: string
tenantConfiguration:
type: object
additionalProperties:
"$ref": "#/components/schemas/IdentityProviderTenantConfiguration"
type:
"$ref": "#/components/schemas/IdentityProviderType"
Sort:
description: ''
type: string
enum:
- asc
- desc
SortField:
description: ''
type: object
properties:
missing:
type: string
name:
type: string
order:
"$ref": "#/components/schemas/Sort"
StatusResponse:
description: The public Status API response
type: object
properties: {}
SteamAPIMode:
description: Steam API modes.
type: string
enum:
- Public
- Partner
SteamApplicationConfiguration:
description: ''
type: object
properties:
apiMode:
"$ref": "#/components/schemas/SteamAPIMode"
buttonText:
type: string
client_id:
type: string
scope:
type: string
webAPIKey:
type: string
data:
type: object
additionalProperties:
type: object
createRegistration:
type: boolean
SteamIdentityProvider:
description: Steam gaming login provider.
type: object
properties:
apiMode:
"$ref": "#/components/schemas/SteamAPIMode"
buttonText:
type: string
client_id:
type: string
scope:
type: string
webAPIKey:
type: string
data:
type: object
additionalProperties:
type: object
applicationConfiguration:
type: object
additionalProperties:
"$ref": "#/components/schemas/SteamApplicationConfiguration"
debug:
type: boolean
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lambdaConfiguration:
"$ref": "#/components/schemas/ProviderLambdaConfiguration"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
linkingStrategy:
"$ref": "#/components/schemas/IdentityProviderLinkingStrategy"
name:
type: string
tenantConfiguration:
type: object
additionalProperties:
"$ref": "#/components/schemas/IdentityProviderTenantConfiguration"
type:
"$ref": "#/components/schemas/IdentityProviderType"
SupportsPostBindings:
description: Helper interface that indicates an identity provider can be federated
to using the HTTP POST method.
type: object
properties: {}
SystemConfiguration:
description: ''
type: object
properties:
auditLogConfiguration:
"$ref": "#/components/schemas/AuditLogConfiguration"
corsConfiguration:
"$ref": "#/components/schemas/CORSConfiguration"
data:
type: object
additionalProperties:
type: object
eventLogConfiguration:
"$ref": "#/components/schemas/EventLogConfiguration"
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
loginRecordConfiguration:
"$ref": "#/components/schemas/LoginRecordConfiguration"
reportTimezone:
"$ref": "#/components/schemas/ZoneId"
trustedProxyConfiguration:
"$ref": "#/components/schemas/SystemTrustedProxyConfiguration"
uiConfiguration:
"$ref": "#/components/schemas/UIConfiguration"
usageDataConfiguration:
"$ref": "#/components/schemas/UsageDataConfiguration"
webhookEventLogConfiguration:
"$ref": "#/components/schemas/WebhookEventLogConfiguration"
SystemConfigurationRequest:
description: Request for the system configuration API.
type: object
properties:
systemConfiguration:
"$ref": "#/components/schemas/SystemConfiguration"
SystemConfigurationResponse:
description: Response for the system configuration API.
type: object
properties:
systemConfiguration:
"$ref": "#/components/schemas/SystemConfiguration"
SystemLogsExportRequest:
description: ''
type: object
properties:
includeArchived:
type: boolean
lastNBytes:
type: integer
dateTimeSecondsFormat:
type: string
zoneId:
"$ref": "#/components/schemas/ZoneId"
SystemTrustedProxyConfiguration:
description: ''
type: object
properties:
trustPolicy:
"$ref": "#/components/schemas/SystemTrustedProxyConfigurationPolicy"
trusted:
type: array
items:
type: string
SystemTrustedProxyConfigurationPolicy:
description: ''
type: string
enum:
- All
- OnlyConfigured
TOTPAlgorithm:
type: string
enum:
- HmacSHA1
- HmacSHA256
- HmacSHA512
Templates:
type: object
properties:
accountEdit:
type: string
accountIndex:
type: string
accountTwoFactorDisable:
type: string
accountTwoFactorEnable:
type: string
accountTwoFactorIndex:
type: string
accountWebAuthnAdd:
type: string
accountWebAuthnDelete:
type: string
accountWebAuthnIndex:
type: string
confirmationRequired:
type: string
emailComplete:
type: string
emailSent:
type: string
emailVerificationRequired:
type: string
emailVerify:
type: string
helpers:
type: string
index:
type: string
oauth2Authorize:
type: string
oauth2AuthorizedNotRegistered:
type: string
oauth2ChildRegistrationNotAllowed:
type: string
oauth2ChildRegistrationNotAllowedComplete:
type: string
oauth2CompleteRegistration:
type: string
oauth2Consent:
type: string
oauth2Device:
type: string
oauth2DeviceComplete:
type: string
oauth2Error:
type: string
oauth2Logout:
type: string
oauth2Passwordless:
type: string
oauth2Register:
type: string
oauth2StartIdPLink:
type: string
oauth2TwoFactor:
type: string
oauth2TwoFactorEnable:
type: string
oauth2TwoFactorEnableComplete:
type: string
oauth2TwoFactorMethods:
type: string
oauth2Wait:
type: string
oauth2WebAuthn:
type: string
oauth2WebAuthnReauth:
type: string
oauth2WebAuthnReauthEnable:
type: string
passwordChange:
type: string
passwordComplete:
type: string
passwordForgot:
type: string
passwordSent:
type: string
registrationComplete:
type: string
registrationSent:
type: string
registrationVerificationRequired:
type: string
registrationVerify:
type: string
samlv2Logout:
type: string
unauthorized:
type: string
emailSend:
type: string
registrationSend:
type: string
Tenant:
description: ''
type: object
properties:
data:
type: object
additionalProperties:
type: object
accessControlConfiguration:
"$ref": "#/components/schemas/TenantAccessControlConfiguration"
captchaConfiguration:
"$ref": "#/components/schemas/TenantCaptchaConfiguration"
configured:
type: boolean
connectorPolicies:
type: array
items:
"$ref": "#/components/schemas/ConnectorPolicy"
emailConfiguration:
"$ref": "#/components/schemas/EmailConfiguration"
eventConfiguration:
"$ref": "#/components/schemas/EventConfiguration"
externalIdentifierConfiguration:
"$ref": "#/components/schemas/ExternalIdentifierConfiguration"
failedAuthenticationConfiguration:
"$ref": "#/components/schemas/FailedAuthenticationConfiguration"
familyConfiguration:
"$ref": "#/components/schemas/FamilyConfiguration"
formConfiguration:
"$ref": "#/components/schemas/TenantFormConfiguration"
httpSessionMaxInactiveInterval:
type: integer
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
issuer:
type: string
jwtConfiguration:
"$ref": "#/components/schemas/JWTConfiguration"
lambdaConfiguration:
"$ref": "#/components/schemas/TenantLambdaConfiguration"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
loginConfiguration:
"$ref": "#/components/schemas/TenantLoginConfiguration"
logoutURL:
type: string
format: URI
maximumPasswordAge:
"$ref": "#/components/schemas/MaximumPasswordAge"
minimumPasswordAge:
"$ref": "#/components/schemas/MinimumPasswordAge"
multiFactorConfiguration:
"$ref": "#/components/schemas/TenantMultiFactorConfiguration"
name:
type: string
oauthConfiguration:
"$ref": "#/components/schemas/TenantOAuth2Configuration"
passwordEncryptionConfiguration:
"$ref": "#/components/schemas/PasswordEncryptionConfiguration"
passwordValidationRules:
"$ref": "#/components/schemas/PasswordValidationRules"
rateLimitConfiguration:
"$ref": "#/components/schemas/TenantRateLimitConfiguration"
registrationConfiguration:
"$ref": "#/components/schemas/TenantRegistrationConfiguration"
scimServerConfiguration:
"$ref": "#/components/schemas/TenantSCIMServerConfiguration"
ssoConfiguration:
"$ref": "#/components/schemas/TenantSSOConfiguration"
state:
"$ref": "#/components/schemas/ObjectState"
themeId:
type: string
format: uuid
userDeletePolicy:
"$ref": "#/components/schemas/TenantUserDeletePolicy"
usernameConfiguration:
"$ref": "#/components/schemas/TenantUsernameConfiguration"
webAuthnConfiguration:
"$ref": "#/components/schemas/TenantWebAuthnConfiguration"
TenantAccessControlConfiguration:
description: ''
type: object
properties:
uiIPAccessControlListId:
type: string
format: uuid
TenantCaptchaConfiguration:
description: ''
type: object
properties:
captchaMethod:
"$ref": "#/components/schemas/CaptchaMethod"
secretKey:
type: string
siteKey:
type: string
threshold:
type: number
format: double
enabled:
type: boolean
TenantDeleteRequest:
description: Request for the Tenant API to delete a tenant rather than using
the URL parameters.
type: object
properties:
async:
type: boolean
eventInfo:
"$ref": "#/components/schemas/EventInfo"
TenantFormConfiguration:
description: ''
type: object
properties:
adminUserFormId:
type: string
format: uuid
TenantLambdaConfiguration:
description: ''
type: object
properties:
loginValidationId:
type: string
format: uuid
scimEnterpriseUserRequestConverterId:
type: string
format: uuid
scimEnterpriseUserResponseConverterId:
type: string
format: uuid
scimGroupRequestConverterId:
type: string
format: uuid
scimGroupResponseConverterId:
type: string
format: uuid
scimUserRequestConverterId:
type: string
format: uuid
scimUserResponseConverterId:
type: string
format: uuid
TenantLoginConfiguration:
description: ''
type: object
properties:
requireAuthentication:
type: boolean
TenantMultiFactorConfiguration:
description: ''
type: object
properties:
authenticator:
"$ref": "#/components/schemas/MultiFactorAuthenticatorMethod"
email:
"$ref": "#/components/schemas/MultiFactorEmailMethod"
loginPolicy:
"$ref": "#/components/schemas/MultiFactorLoginPolicy"
sms:
"$ref": "#/components/schemas/MultiFactorSMSMethod"
TenantOAuth2Configuration:
type: object
properties:
clientCredentialsAccessTokenPopulateLambdaId:
type: string
format: uuid
TenantRateLimitConfiguration:
description: ''
type: object
properties:
failedLogin:
"$ref": "#/components/schemas/RateLimitedRequestConfiguration"
forgotPassword:
"$ref": "#/components/schemas/RateLimitedRequestConfiguration"
sendEmailVerification:
"$ref": "#/components/schemas/RateLimitedRequestConfiguration"
sendPasswordless:
"$ref": "#/components/schemas/RateLimitedRequestConfiguration"
sendRegistrationVerification:
"$ref": "#/components/schemas/RateLimitedRequestConfiguration"
sendTwoFactor:
"$ref": "#/components/schemas/RateLimitedRequestConfiguration"
TenantRegistrationConfiguration:
description: ''
type: object
properties:
blockedDomains:
type: array
uniqueItems: true
items: {}
TenantRequest:
description: ''
type: object
properties:
sourceTenantId:
type: string
format: uuid
tenant:
"$ref": "#/components/schemas/Tenant"
webhookIds:
type: array
items:
type: string
format: uuid
eventInfo:
"$ref": "#/components/schemas/EventInfo"
TenantResponse:
description: ''
type: object
properties:
tenant:
"$ref": "#/components/schemas/Tenant"
tenants:
type: array
items:
"$ref": "#/components/schemas/Tenant"
TenantSCIMServerConfiguration:
description: ''
type: object
properties:
clientEntityTypeId:
type: string
format: uuid
schemas:
type: object
additionalProperties:
type: object
serverEntityTypeId:
type: string
format: uuid
enabled:
type: boolean
TenantSSOConfiguration:
description: ''
type: object
properties:
deviceTrustTimeToLiveInSeconds:
type: integer
TenantSearchCriteria:
description: Search criteria for Tenants
type: object
properties:
name:
type: string
numberOfResults:
type: integer
orderBy:
type: string
startRow:
type: integer
TenantSearchRequest:
description: Search request for Tenants
type: object
properties:
search:
"$ref": "#/components/schemas/TenantSearchCriteria"
TenantSearchResponse:
description: Tenant search response
type: object
properties:
tenants:
type: array
items:
"$ref": "#/components/schemas/Tenant"
total:
type: integer
format: int64
TenantUnverifiedConfiguration:
description: ''
type: object
properties:
email:
"$ref": "#/components/schemas/UnverifiedBehavior"
whenGated:
"$ref": "#/components/schemas/RegistrationUnverifiedOptions"
TenantUserDeletePolicy:
description: A Tenant-level policy for deleting Users.
type: object
properties:
unverified:
"$ref": "#/components/schemas/TimeBasedDeletePolicy"
TenantUsernameConfiguration:
description: ''
type: object
properties:
unique:
"$ref": "#/components/schemas/UniqueUsernameConfiguration"
TenantWebAuthnConfiguration:
description: Tenant-level configuration for WebAuthn
type: object
properties:
bootstrapWorkflow:
"$ref": "#/components/schemas/TenantWebAuthnWorkflowConfiguration"
debug:
type: boolean
reauthenticationWorkflow:
"$ref": "#/components/schemas/TenantWebAuthnWorkflowConfiguration"
relyingPartyId:
type: string
relyingPartyName:
type: string
enabled:
type: boolean
TenantWebAuthnWorkflowConfiguration:
description: ''
type: object
properties:
authenticatorAttachmentPreference:
"$ref": "#/components/schemas/AuthenticatorAttachmentPreference"
userVerificationRequirement:
"$ref": "#/components/schemas/UserVerificationRequirement"
enabled:
type: boolean
Tenantable:
description: ''
type: object
properties: {}
TestEvent:
description: ''
type: object
properties:
message:
type: string
createInstant:
"$ref": "#/components/schemas/ZonedDateTime"
id:
type: string
format: uuid
info:
"$ref": "#/components/schemas/EventInfo"
tenantId:
type: string
format: uuid
type:
"$ref": "#/components/schemas/EventType"
Theme:
description: ''
type: object
properties:
data:
type: object
additionalProperties:
type: object
defaultMessages:
type: string
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
localizedMessages:
"$ref": "#/components/schemas/LocalizedStrings"
name:
type: string
stylesheet:
type: string
templates:
"$ref": "#/components/schemas/Templates"
type:
"$ref": "#/components/schemas/ThemeType"
variables:
"$ref": "#/components/schemas/SimpleThemeVariables"
ThemeRequest:
description: Theme API request object.
type: object
properties:
sourceThemeId:
type: string
format: uuid
theme:
"$ref": "#/components/schemas/Theme"
ThemeResponse:
description: Theme API response object.
type: object
properties:
theme:
"$ref": "#/components/schemas/Theme"
themes:
type: array
items:
"$ref": "#/components/schemas/Theme"
ThemeSearchCriteria:
description: Search criteria for themes
type: object
properties:
name:
type: string
type:
"$ref": "#/components/schemas/ThemeType"
numberOfResults:
type: integer
orderBy:
type: string
startRow:
type: integer
ThemeSearchRequest:
description: Search request for Themes.
type: object
properties:
search:
"$ref": "#/components/schemas/ThemeSearchCriteria"
ThemeSearchResponse:
description: Search response for Themes
type: object
properties:
themes:
type: array
items:
"$ref": "#/components/schemas/Theme"
total:
type: integer
format: int64
ThemeType:
type: string
enum:
- advanced
- simple
TimeBasedDeletePolicy:
description: A policy for deleting Users based upon some external criteria.
type: object
properties:
enabledInstant:
"$ref": "#/components/schemas/ZonedDateTime"
numberOfDaysToRetain:
type: integer
enabled:
type: boolean
TokenType:
description: - Bearer Token type as defined by RFC
6750.
-
- MAC Token type as referenced by RFC
6749 and Draft
RFC on OAuth 2.0 Message Authentication Code (MAC) Tokens
-
type: string
enum:
- Bearer
- MAC
Totals:
type: object
properties:
logins:
type: integer
format: int64
registrations:
type: integer
format: int64
totalRegistrations:
type: integer
format: int64
TotalsReportResponse:
description: The response from the total report. This report stores the total
numbers for each application.
type: object
properties:
applicationTotals:
type: object
additionalProperties:
"$ref": "#/components/schemas/Totals"
globalRegistrations:
type: integer
format: int64
totalGlobalRegistrations:
type: integer
format: int64
TransactionType:
description: The transaction types for Webhooks and other event systems within
FusionAuth.
type: string
enum:
- None
- Any
- SimpleMajority
- SuperMajority
- AbsoluteMajority
TwilioMessengerConfiguration:
description: ''
type: object
properties:
accountSID:
type: string
authToken:
type: string
fromPhoneNumber:
type: string
messagingServiceSid:
type: string
url:
type: string
format: URI
data:
type: object
additionalProperties:
type: object
debug:
type: boolean
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
name:
type: string
transport:
type: string
type:
"$ref": "#/components/schemas/MessengerType"
TwitchApplicationConfiguration:
description: ''
type: object
properties:
buttonText:
type: string
client_id:
type: string
client_secret:
type: string
scope:
type: string
data:
type: object
additionalProperties:
type: object
createRegistration:
type: boolean
TwitchIdentityProvider:
description: Twitch gaming login provider.
type: object
properties:
buttonText:
type: string
client_id:
type: string
client_secret:
type: string
scope:
type: string
data:
type: object
additionalProperties:
type: object
applicationConfiguration:
type: object
additionalProperties:
"$ref": "#/components/schemas/TwitchApplicationConfiguration"
debug:
type: boolean
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lambdaConfiguration:
"$ref": "#/components/schemas/ProviderLambdaConfiguration"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
linkingStrategy:
"$ref": "#/components/schemas/IdentityProviderLinkingStrategy"
name:
type: string
tenantConfiguration:
type: object
additionalProperties:
"$ref": "#/components/schemas/IdentityProviderTenantConfiguration"
type:
"$ref": "#/components/schemas/IdentityProviderType"
TwitterApplicationConfiguration:
description: ''
type: object
properties:
buttonText:
type: string
consumerKey:
type: string
consumerSecret:
type: string
data:
type: object
additionalProperties:
type: object
createRegistration:
type: boolean
TwitterIdentityProvider:
description: Twitter social login provider.
type: object
properties:
buttonText:
type: string
consumerKey:
type: string
consumerSecret:
type: string
data:
type: object
additionalProperties:
type: object
applicationConfiguration:
type: object
additionalProperties:
"$ref": "#/components/schemas/TwitterApplicationConfiguration"
debug:
type: boolean
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lambdaConfiguration:
"$ref": "#/components/schemas/ProviderLambdaConfiguration"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
linkingStrategy:
"$ref": "#/components/schemas/IdentityProviderLinkingStrategy"
name:
type: string
tenantConfiguration:
type: object
additionalProperties:
"$ref": "#/components/schemas/IdentityProviderTenantConfiguration"
type:
"$ref": "#/components/schemas/IdentityProviderType"
TwoFactorDisableRequest:
description: ''
type: object
properties:
applicationId:
type: string
format: uuid
code:
type: string
methodId:
type: string
eventInfo:
"$ref": "#/components/schemas/EventInfo"
TwoFactorEnableDisableSendRequest:
description: ''
type: object
properties:
email:
type: string
method:
type: string
methodId:
type: string
mobilePhone:
type: string
TwoFactorLoginRequest:
description: ''
type: object
properties:
code:
type: string
trustComputer:
type: boolean
twoFactorId:
type: string
userId:
type: string
format: uuid
applicationId:
type: string
format: uuid
ipAddress:
type: string
metaData:
"$ref": "#/components/schemas/MetaData"
newDevice:
type: boolean
noJWT:
type: boolean
TwoFactorMethod:
description: ''
type: object
properties:
authenticator:
"$ref": "#/components/schemas/AuthenticatorConfiguration"
email:
type: string
id:
type: string
lastUsed:
type: boolean
method:
type: string
mobilePhone:
type: string
secret:
type: string
TwoFactorRecoveryCodeResponse:
description: ''
type: object
properties:
recoveryCodes:
type: array
items:
type: string
TwoFactorRequest:
description: ''
type: object
properties:
applicationId:
type: string
format: uuid
authenticatorId:
type: string
code:
type: string
email:
type: string
method:
type: string
mobilePhone:
type: string
secret:
type: string
secretBase32Encoded:
type: string
twoFactorId:
type: string
eventInfo:
"$ref": "#/components/schemas/EventInfo"
TwoFactorResponse:
description: ''
type: object
properties:
code:
type: string
recoveryCodes:
type: array
items:
type: string
TwoFactorSendRequest:
description: ''
type: object
properties:
applicationId:
type: string
format: uuid
email:
type: string
method:
type: string
methodId:
type: string
mobilePhone:
type: string
userId:
type: string
format: uuid
TwoFactorStartRequest:
description: ''
type: object
properties:
applicationId:
type: string
format: uuid
code:
type: string
loginId:
type: string
state:
type: object
additionalProperties:
type: object
trustChallenge:
type: string
userId:
type: string
format: uuid
TwoFactorStartResponse:
description: ''
type: object
properties:
code:
type: string
methods:
type: array
items:
"$ref": "#/components/schemas/TwoFactorMethod"
twoFactorId:
type: string
TwoFactorStatusResponse:
description: ''
type: object
properties:
trusts:
type: array
items:
"$ref": "#/components/schemas/TwoFactorTrust"
twoFactorTrustId:
type: string
TwoFactorTrust:
type: object
properties:
applicationId:
type: string
format: uuid
expiration:
"$ref": "#/components/schemas/ZonedDateTime"
startInstant:
"$ref": "#/components/schemas/ZonedDateTime"
UIConfiguration:
type: object
properties:
headerColor:
type: string
logoURL:
type: string
menuFontColor:
type: string
UniqueUsernameConfiguration:
type: object
properties:
numberOfDigits:
type: integer
separator:
type: string
strategy:
"$ref": "#/components/schemas/UniqueUsernameStrategy"
enabled:
type: boolean
UniqueUsernameStrategy:
type: string
enum:
- Always
- OnCollision
UnknownScopePolicy:
description: Policy for handling unknown OAuth scopes in the request
type: string
enum:
- Allow
- Remove
- Reject
UnverifiedBehavior:
description: ''
type: string
enum:
- Allow
- Gated
UsageDataConfiguration:
description: Config for Usage Data Stats
type: object
properties:
numberOfDaysToRetain:
type: integer
enabled:
type: boolean
User:
description: The global view of a User. This object contains all global information
about the user including birthdate, registration information preferred languages,
global attributes, etc.
type: object
properties:
preferredLanguages:
type: array
items:
"$ref": "#/components/schemas/Locale"
active:
type: boolean
birthDate:
"$ref": "#/components/schemas/LocalDate"
cleanSpeakId:
type: string
format: uuid
data:
type: object
additionalProperties:
type: object
email:
type: string
expiry:
"$ref": "#/components/schemas/ZonedDateTime"
firstName:
type: string
fullName:
type: string
imageUrl:
type: string
format: URI
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lastName:
type: string
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
middleName:
type: string
mobilePhone:
type: string
parentEmail:
type: string
tenantId:
type: string
format: uuid
timezone:
"$ref": "#/components/schemas/ZoneId"
twoFactor:
"$ref": "#/components/schemas/UserTwoFactorConfiguration"
memberships:
type: array
items:
"$ref": "#/components/schemas/GroupMember"
registrations:
type: array
items:
"$ref": "#/components/schemas/UserRegistration"
breachedPasswordLastCheckedInstant:
"$ref": "#/components/schemas/ZonedDateTime"
breachedPasswordStatus:
"$ref": "#/components/schemas/BreachedPasswordStatus"
connectorId:
type: string
format: uuid
encryptionScheme:
type: string
factor:
type: integer
id:
type: string
format: uuid
lastLoginInstant:
"$ref": "#/components/schemas/ZonedDateTime"
password:
type: string
passwordChangeReason:
"$ref": "#/components/schemas/ChangePasswordReason"
passwordChangeRequired:
type: boolean
passwordLastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
salt:
type: string
uniqueUsername:
type: string
username:
type: string
usernameStatus:
"$ref": "#/components/schemas/ContentStatus"
verified:
type: boolean
verifiedInstant:
"$ref": "#/components/schemas/ZonedDateTime"
UserAction:
description: An action that can be executed on a user (discipline or reward
potentially).
type: object
properties:
active:
type: boolean
cancelEmailTemplateId:
type: string
format: uuid
endEmailTemplateId:
type: string
format: uuid
id:
type: string
format: uuid
includeEmailInEventJSON:
type: boolean
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
localizedNames:
"$ref": "#/components/schemas/LocalizedStrings"
modifyEmailTemplateId:
type: string
format: uuid
name:
type: string
options:
type: array
items:
"$ref": "#/components/schemas/UserActionOption"
preventLogin:
type: boolean
sendEndEvent:
type: boolean
startEmailTemplateId:
type: string
format: uuid
temporal:
type: boolean
transactionType:
"$ref": "#/components/schemas/TransactionType"
userEmailingEnabled:
type: boolean
userNotificationsEnabled:
type: boolean
UserActionEvent:
description: Models the user action Event.
type: object
properties:
applicationIds:
type: array
items:
type: string
format: uuid
action:
type: string
actionId:
type: string
format: uuid
actioneeUserId:
type: string
format: uuid
actionerUserId:
type: string
format: uuid
comment:
type: string
email:
"$ref": "#/components/schemas/Email"
emailedUser:
type: boolean
expiry:
"$ref": "#/components/schemas/ZonedDateTime"
localizedAction:
type: string
localizedDuration:
type: string
localizedOption:
type: string
localizedReason:
type: string
notifyUser:
type: boolean
option:
type: string
phase:
"$ref": "#/components/schemas/UserActionPhase"
reason:
type: string
reasonCode:
type: string
createInstant:
"$ref": "#/components/schemas/ZonedDateTime"
id:
type: string
format: uuid
info:
"$ref": "#/components/schemas/EventInfo"
tenantId:
type: string
format: uuid
type:
"$ref": "#/components/schemas/EventType"
UserActionLog:
description: A log for an action that was taken on a User.
type: object
properties:
actioneeUserId:
type: string
format: uuid
actionerUserId:
type: string
format: uuid
applicationIds:
type: array
items:
type: string
format: uuid
comment:
type: string
emailUserOnEnd:
type: boolean
endEventSent:
type: boolean
expiry:
"$ref": "#/components/schemas/ZonedDateTime"
history:
"$ref": "#/components/schemas/LogHistory"
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
localizedName:
type: string
localizedOption:
type: string
localizedReason:
type: string
name:
type: string
notifyUserOnEnd:
type: boolean
option:
type: string
reason:
type: string
reasonCode:
type: string
userActionId:
type: string
format: uuid
UserActionOption:
description: Models content user action options.
type: object
properties:
localizedNames:
"$ref": "#/components/schemas/LocalizedStrings"
name:
type: string
UserActionPhase:
description: The phases of a time-based user action.
type: string
enum:
- start
- modify
- cancel
- end
UserActionReason:
description: Models action reasons.
type: object
properties:
code:
type: string
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
localizedTexts:
"$ref": "#/components/schemas/LocalizedStrings"
text:
type: string
UserActionReasonRequest:
description: User Action Reason API request object.
type: object
properties:
userActionReason:
"$ref": "#/components/schemas/UserActionReason"
UserActionReasonResponse:
description: User Action Reason API response object.
type: object
properties:
userActionReason:
"$ref": "#/components/schemas/UserActionReason"
userActionReasons:
type: array
items:
"$ref": "#/components/schemas/UserActionReason"
UserActionRequest:
description: User Action API request object.
type: object
properties:
userAction:
"$ref": "#/components/schemas/UserAction"
UserActionResponse:
description: User Action API response object.
type: object
properties:
userAction:
"$ref": "#/components/schemas/UserAction"
userActions:
type: array
items:
"$ref": "#/components/schemas/UserAction"
UserBulkCreateEvent:
description: Models the User Bulk Create Event.
type: object
properties:
users:
type: array
items:
"$ref": "#/components/schemas/User"
createInstant:
"$ref": "#/components/schemas/ZonedDateTime"
id:
type: string
format: uuid
info:
"$ref": "#/components/schemas/EventInfo"
tenantId:
type: string
format: uuid
type:
"$ref": "#/components/schemas/EventType"
UserComment:
description: A log for an event that happened to a User.
type: object
properties:
comment:
type: string
commenterId:
type: string
format: uuid
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
userId:
type: string
format: uuid
UserCommentRequest:
description: ''
type: object
properties:
userComment:
"$ref": "#/components/schemas/UserComment"
UserCommentResponse:
description: User Comment Response
type: object
properties:
userComment:
"$ref": "#/components/schemas/UserComment"
userComments:
type: array
items:
"$ref": "#/components/schemas/UserComment"
UserCommentSearchCriteria:
description: Search criteria for user comments.
type: object
properties:
comment:
type: string
commenterId:
type: string
format: uuid
tenantId:
type: string
format: uuid
userId:
type: string
format: uuid
numberOfResults:
type: integer
orderBy:
type: string
startRow:
type: integer
UserCommentSearchRequest:
description: Search request for user comments
type: object
properties:
search:
"$ref": "#/components/schemas/UserCommentSearchCriteria"
UserCommentSearchResponse:
description: User comment search response
type: object
properties:
total:
type: integer
format: int64
userComments:
type: array
items:
"$ref": "#/components/schemas/UserComment"
UserConsent:
description: Models a User consent.
type: object
properties:
data:
type: object
additionalProperties:
type: object
consent:
"$ref": "#/components/schemas/Consent"
consentId:
type: string
format: uuid
giverUserId:
type: string
format: uuid
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
status:
"$ref": "#/components/schemas/ConsentStatus"
userId:
type: string
format: uuid
values:
type: array
items:
type: string
UserConsentRequest:
description: API response for User consent.
type: object
properties:
userConsent:
"$ref": "#/components/schemas/UserConsent"
UserConsentResponse:
description: API response for User consent.
type: object
properties:
userConsent:
"$ref": "#/components/schemas/UserConsent"
userConsents:
type: array
items:
"$ref": "#/components/schemas/UserConsent"
UserCreateCompleteEvent:
description: Models the User Created Event. This is different than the
user.create event in that it will be sent after the user has been created.
This event cannot be made transactional.
type: object
properties:
user:
"$ref": "#/components/schemas/User"
UserCreateEvent:
description: Models the User Create Event.
type: object
properties:
user:
"$ref": "#/components/schemas/User"
UserDeactivateEvent:
description: Models the User Deactivate Event.
type: object
properties:
user:
"$ref": "#/components/schemas/User"
UserDeleteCompleteEvent:
description: Models the User Event (and can be converted to JSON) that is used
for all user modifications (create, update, delete).
This is different
than user.delete because it is sent after the tx is committed, this cannot
be transactional.
type: object
properties:
user:
"$ref": "#/components/schemas/User"
UserDeleteEvent:
description: Models the User Event (and can be converted to JSON) that is used
for all user modifications (create, update, delete).
type: object
properties:
user:
"$ref": "#/components/schemas/User"
UserDeleteRequest:
description: User API delete request object.
type: object
properties:
dryRun:
type: boolean
hardDelete:
type: boolean
limit:
type: integer
query:
type: string
queryString:
type: string
userIds:
type: array
items:
type: string
format: uuid
eventInfo:
"$ref": "#/components/schemas/EventInfo"
UserDeleteResponse:
description: User API bulk response object.
type: object
properties:
dryRun:
type: boolean
hardDelete:
type: boolean
total:
type: integer
userIds:
type: array
items:
type: string
format: uuid
UserDeleteSingleRequest:
description: User API delete request object for a single user.
type: object
properties:
hardDelete:
type: boolean
eventInfo:
"$ref": "#/components/schemas/EventInfo"
UserEmailUpdateEvent:
description: Models an event where a user's email is updated outside of a forgot change
password workflow.
type: object
properties:
previousEmail:
type: string
user:
"$ref": "#/components/schemas/User"
UserEmailVerifiedEvent:
description: Models the User Email Verify Event.
type: object
properties:
user:
"$ref": "#/components/schemas/User"
UserIdentityProviderLinkEvent:
description: Models the User Identity Provider Link Event.
type: object
properties:
identityProviderLink:
"$ref": "#/components/schemas/IdentityProviderLink"
user:
"$ref": "#/components/schemas/User"
UserIdentityProviderUnlinkEvent:
description: Models the User Identity Provider Unlink Event.
type: object
properties:
identityProviderLink:
"$ref": "#/components/schemas/IdentityProviderLink"
user:
"$ref": "#/components/schemas/User"
UserLoginFailedEvent:
description: Models the User Login Failed Event.
type: object
properties:
applicationId:
type: string
format: uuid
authenticationType:
type: string
ipAddress:
type: string
reason:
"$ref": "#/components/schemas/UserLoginFailedReason"
user:
"$ref": "#/components/schemas/User"
UserLoginFailedReason:
description: The reason for the login failure.
type: object
properties:
code:
type: string
lambdaId:
type: string
format: uuid
lambdaResult:
"$ref": "#/components/schemas/Errors"
UserLoginFailedReasonCode:
description: User login failed reason codes.
type: object
properties: {}
UserLoginIdDuplicateOnCreateEvent:
description: Models an event where a user is being created with an "in-use"
login Id (email or username).
type: object
properties:
duplicateEmail:
type: string
duplicateUsername:
type: string
existing:
"$ref": "#/components/schemas/User"
user:
"$ref": "#/components/schemas/User"
UserLoginIdDuplicateOnUpdateEvent:
description: Models an event where a user is being updated and tries to use
an "in-use" login Id (email or username).
type: object
properties:
duplicateEmail:
type: string
duplicateUsername:
type: string
existing:
"$ref": "#/components/schemas/User"
UserLoginNewDeviceEvent:
description: Models the User Login event for a new device (un-recognized)
type: object
properties:
applicationId:
type: string
format: uuid
authenticationType:
type: string
connectorId:
type: string
format: uuid
identityProviderId:
type: string
format: uuid
identityProviderName:
type: string
ipAddress:
type: string
UserLoginSuccessEvent:
description: Models the User Login Success Event.
type: object
properties:
applicationId:
type: string
format: uuid
authenticationType:
type: string
connectorId:
type: string
format: uuid
identityProviderId:
type: string
format: uuid
identityProviderName:
type: string
ipAddress:
type: string
user:
"$ref": "#/components/schemas/User"
UserLoginSuspiciousEvent:
description: Models the User Login event that is suspicious.
type: object
properties:
threatsDetected:
type: array
uniqueItems: true
items: {}
applicationId:
type: string
format: uuid
authenticationType:
type: string
connectorId:
type: string
format: uuid
identityProviderId:
type: string
format: uuid
identityProviderName:
type: string
ipAddress:
type: string
UserPasswordBreachEvent:
description: Models the User Password Breach Event.
type: object
properties:
user:
"$ref": "#/components/schemas/User"
UserPasswordResetSendEvent:
description: Models the User Password Reset Send Event.
type: object
properties:
user:
"$ref": "#/components/schemas/User"
UserPasswordResetStartEvent:
description: Models the User Password Reset Start Event.
type: object
properties:
user:
"$ref": "#/components/schemas/User"
UserPasswordResetSuccessEvent:
description: Models the User Password Reset Success Event.
type: object
properties:
user:
"$ref": "#/components/schemas/User"
UserPasswordUpdateEvent:
description: Models the User Password Update Event.
type: object
properties:
user:
"$ref": "#/components/schemas/User"
UserReactivateEvent:
description: Models the User Reactivate Event.
type: object
properties:
user:
"$ref": "#/components/schemas/User"
UserRegistration:
description: User registration information for a single application.
type: object
properties:
data:
type: object
additionalProperties:
type: object
preferredLanguages:
type: array
items:
"$ref": "#/components/schemas/Locale"
tokens:
type: object
additionalProperties:
type: string
applicationId:
type: string
format: uuid
authenticationToken:
type: string
cleanSpeakId:
type: string
format: uuid
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lastLoginInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
roles:
type: array
uniqueItems: true
items: {}
timezone:
"$ref": "#/components/schemas/ZoneId"
username:
type: string
usernameStatus:
"$ref": "#/components/schemas/ContentStatus"
verified:
type: boolean
verifiedInstant:
"$ref": "#/components/schemas/ZonedDateTime"
UserRegistrationCreateCompleteEvent:
description: Models the User Created Registration Event.
This is different
than the user.registration.create event in that it will be sent after the
user has been created. This event cannot be made transactional.
type: object
properties:
applicationId:
type: string
format: uuid
registration:
"$ref": "#/components/schemas/UserRegistration"
user:
"$ref": "#/components/schemas/User"
UserRegistrationCreateEvent:
description: Models the User Create Registration Event.
type: object
properties:
applicationId:
type: string
format: uuid
registration:
"$ref": "#/components/schemas/UserRegistration"
user:
"$ref": "#/components/schemas/User"
UserRegistrationDeleteCompleteEvent:
description: Models the User Deleted Registration Event.
This is different
than user.registration.delete in that it is sent after the TX has been committed.
This event cannot be transactional.
type: object
properties:
applicationId:
type: string
format: uuid
registration:
"$ref": "#/components/schemas/UserRegistration"
user:
"$ref": "#/components/schemas/User"
UserRegistrationDeleteEvent:
description: Models the User Delete Registration Event.
type: object
properties:
applicationId:
type: string
format: uuid
registration:
"$ref": "#/components/schemas/UserRegistration"
user:
"$ref": "#/components/schemas/User"
UserRegistrationUpdateCompleteEvent:
description: Models the User Update Registration Event.
This is different
than user.registration.update in that it is sent after this event completes,
this cannot be transactional.
type: object
properties:
applicationId:
type: string
format: uuid
original:
"$ref": "#/components/schemas/UserRegistration"
registration:
"$ref": "#/components/schemas/UserRegistration"
user:
"$ref": "#/components/schemas/User"
UserRegistrationUpdateEvent:
description: Models the User Update Registration Event.
type: object
properties:
applicationId:
type: string
format: uuid
original:
"$ref": "#/components/schemas/UserRegistration"
registration:
"$ref": "#/components/schemas/UserRegistration"
user:
"$ref": "#/components/schemas/User"
UserRegistrationVerifiedEvent:
description: Models the User Registration Verified Event.
type: object
properties:
applicationId:
type: string
format: uuid
registration:
"$ref": "#/components/schemas/UserRegistration"
user:
"$ref": "#/components/schemas/User"
UserRequest:
description: User API request object.
type: object
properties:
applicationId:
type: string
format: uuid
currentPassword:
type: string
disableDomainBlock:
type: boolean
sendSetPasswordEmail:
type: boolean
skipVerification:
type: boolean
user:
"$ref": "#/components/schemas/User"
eventInfo:
"$ref": "#/components/schemas/EventInfo"
UserResponse:
description: User API response object.
type: object
properties:
emailVerificationId:
type: string
emailVerificationOneTimeCode:
type: string
registrationVerificationIds:
type: object
additionalProperties:
type: string
registrationVerificationOneTimeCodes:
type: object
additionalProperties:
type: string
token:
type: string
tokenExpirationInstant:
"$ref": "#/components/schemas/ZonedDateTime"
user:
"$ref": "#/components/schemas/User"
UserSearchCriteria:
description: This class is the user query. It provides a build pattern as well
as public fields for use on forms and in actions.
type: object
properties:
accurateTotal:
type: boolean
ids:
type: array
items:
type: string
format: uuid
nextResults:
type: string
query:
type: string
queryString:
type: string
sortFields:
type: array
items:
"$ref": "#/components/schemas/SortField"
UserState:
description: ''
type: string
enum:
- Authenticated
- AuthenticatedNotRegistered
- AuthenticatedNotVerified
- AuthenticatedRegistrationNotVerified
UserTwoFactorConfiguration:
description: ''
type: object
properties:
methods:
type: array
items:
"$ref": "#/components/schemas/TwoFactorMethod"
recoveryCodes:
type: array
items:
type: string
UserTwoFactorMethodAddEvent:
description: Model a user event when a two-factor method has been removed.
type: object
properties:
method:
"$ref": "#/components/schemas/TwoFactorMethod"
user:
"$ref": "#/components/schemas/User"
UserTwoFactorMethodRemoveEvent:
description: Model a user event when a two-factor method has been added.
type: object
properties:
method:
"$ref": "#/components/schemas/TwoFactorMethod"
user:
"$ref": "#/components/schemas/User"
UserUpdateCompleteEvent:
description: Models the User Update Event once it is completed. This cannot
be transactional.
type: object
properties:
original:
"$ref": "#/components/schemas/User"
user:
"$ref": "#/components/schemas/User"
UserUpdateEvent:
description: Models the User Update Event.
type: object
properties:
original:
"$ref": "#/components/schemas/User"
user:
"$ref": "#/components/schemas/User"
UserVerificationRequirement:
description: Used to express whether the Relying Party requires user
verification for the current operation.
type: string
enum:
- required
- preferred
- discouraged
UserinfoResponse:
description: ''
type: object
properties: {}
UsernameModeration:
type: object
properties:
applicationId:
type: string
format: uuid
enabled:
type: boolean
ValidateResponse:
description: ''
type: object
properties:
jwt:
"$ref": "#/components/schemas/JWT"
VerificationStrategy:
description: ''
type: string
enum:
- ClickableLink
- FormField
VerifyEmailRequest:
description: ''
type: object
properties:
oneTimeCode:
type: string
userId:
type: string
format: uuid
verificationId:
type: string
eventInfo:
"$ref": "#/components/schemas/EventInfo"
VerifyEmailResponse:
description: ''
type: object
properties:
oneTimeCode:
type: string
verificationId:
type: string
VerifyRegistrationRequest:
description: ''
type: object
properties:
oneTimeCode:
type: string
verificationId:
type: string
eventInfo:
"$ref": "#/components/schemas/EventInfo"
VerifyRegistrationResponse:
description: ''
type: object
properties:
oneTimeCode:
type: string
verificationId:
type: string
VersionResponse:
description: ''
type: object
properties:
version:
type: string
WebAuthnAssertResponse:
description: API response for completing WebAuthn assertion
type: object
properties:
credential:
"$ref": "#/components/schemas/WebAuthnCredential"
WebAuthnAuthenticatorAuthenticationResponse:
description: The authenticator's response for the authentication ceremony
in its encoded format
type: object
properties:
authenticatorData:
type: string
clientDataJSON:
type: string
signature:
type: string
userHandle:
type: string
WebAuthnAuthenticatorRegistrationResponse:
description: The authenticator's response for the registration ceremony
in its encoded format
type: object
properties:
attestationObject:
type: string
clientDataJSON:
type: string
WebAuthnCredential:
description: A User's WebAuthnCredential. Contains all data required to complete
WebAuthn authentication ceremonies.
type: object
properties:
algorithm:
"$ref": "#/components/schemas/CoseAlgorithmIdentifier"
attestationType:
"$ref": "#/components/schemas/AttestationType"
authenticatorSupportsUserVerification:
type: boolean
credentialId:
type: string
data:
type: object
additionalProperties:
type: object
discoverable:
type: boolean
displayName:
type: string
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lastUseInstant:
"$ref": "#/components/schemas/ZonedDateTime"
name:
type: string
publicKey:
type: string
relyingPartyId:
type: string
signCount:
type: integer
tenantId:
type: string
format: uuid
transports:
type: array
items:
type: string
userAgent:
type: string
userId:
type: string
format: uuid
WebAuthnCredentialImportRequest:
description: API request to import an existing WebAuthn credential(s)
type: object
properties:
credentials:
type: array
items:
"$ref": "#/components/schemas/WebAuthnCredential"
validateDbConstraints:
type: boolean
WebAuthnCredentialResponse:
description: WebAuthn Credential API response
type: object
properties:
credential:
"$ref": "#/components/schemas/WebAuthnCredential"
credentials:
type: array
items:
"$ref": "#/components/schemas/WebAuthnCredential"
WebAuthnExtensionsClientOutputs:
description: Contains extension output for requested extensions during a WebAuthn
ceremony
type: object
properties:
credProps:
"$ref": "#/components/schemas/CredentialPropertiesOutput"
WebAuthnLoginRequest:
description: Request to complete the WebAuthn registration ceremony
type: object
properties:
credential:
"$ref": "#/components/schemas/WebAuthnPublicKeyAuthenticationRequest"
origin:
type: string
rpId:
type: string
twoFactorTrustId:
type: string
applicationId:
type: string
format: uuid
ipAddress:
type: string
metaData:
"$ref": "#/components/schemas/MetaData"
newDevice:
type: boolean
noJWT:
type: boolean
WebAuthnPublicKeyAuthenticationRequest:
description: Request to authenticate with WebAuthn
type: object
properties:
clientExtensionResults:
"$ref": "#/components/schemas/WebAuthnExtensionsClientOutputs"
id:
type: string
rpId:
type: string
response:
"$ref": "#/components/schemas/WebAuthnAuthenticatorAuthenticationResponse"
type:
type: string
WebAuthnPublicKeyRegistrationRequest:
description: Request to register a new public key with WebAuthn
type: object
properties:
clientExtensionResults:
"$ref": "#/components/schemas/WebAuthnExtensionsClientOutputs"
id:
type: string
rpId:
type: string
response:
"$ref": "#/components/schemas/WebAuthnAuthenticatorRegistrationResponse"
transports:
type: array
items:
type: string
type:
type: string
WebAuthnRegisterCompleteRequest:
description: Request to complete the WebAuthn registration ceremony for a new
credential,.
type: object
properties:
credential:
"$ref": "#/components/schemas/WebAuthnPublicKeyRegistrationRequest"
origin:
type: string
rpId:
type: string
userId:
type: string
format: uuid
WebAuthnRegisterCompleteResponse:
description: API response for completing WebAuthn credential registration or
assertion
type: object
properties:
credential:
"$ref": "#/components/schemas/WebAuthnCredential"
WebAuthnRegisterStartRequest:
description: API request to start a WebAuthn registration ceremony
type: object
properties:
displayName:
type: string
name:
type: string
userAgent:
type: string
userId:
type: string
format: uuid
workflow:
"$ref": "#/components/schemas/WebAuthnWorkflow"
WebAuthnRegisterStartResponse:
description: API response for starting a WebAuthn registration ceremony
type: object
properties:
options:
"$ref": "#/components/schemas/PublicKeyCredentialCreationOptions"
WebAuthnRegistrationExtensionOptions:
description: Options to request extensions during credential registration
type: object
properties:
credProps:
type: boolean
WebAuthnStartRequest:
description: API request to start a WebAuthn authentication ceremony
type: object
properties:
applicationId:
type: string
format: uuid
credentialId:
type: string
format: uuid
loginId:
type: string
state:
type: object
additionalProperties:
type: object
userId:
type: string
format: uuid
workflow:
"$ref": "#/components/schemas/WebAuthnWorkflow"
WebAuthnStartResponse:
description: API response for starting a WebAuthn authentication ceremony
type: object
properties:
options:
"$ref": "#/components/schemas/PublicKeyCredentialRequestOptions"
WebAuthnWorkflow:
description: Identifies the WebAuthn workflow. This will affect the parameters
used for credential creation and request based on the Tenant configuration.
type: string
enum:
- bootstrap
- general
- reauthentication
Webhook:
description: A server where events are sent. This includes user action events
and any other events sent by FusionAuth.
type: object
properties:
connectTimeout:
type: integer
data:
type: object
additionalProperties:
type: object
description:
type: string
eventsEnabled:
type: object
additionalProperties:
type: boolean
global:
type: boolean
headers:
"$ref": "#/components/schemas/HTTPHeaders"
httpAuthenticationPassword:
type: string
httpAuthenticationUsername:
type: string
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
readTimeout:
type: integer
signatureConfiguration:
"$ref": "#/components/schemas/WebhookSignatureConfiguration"
sslCertificate:
type: string
sslCertificateKeyId:
type: string
format: uuid
tenantIds:
type: array
items:
type: string
format: uuid
url:
type: string
format: URI
WebhookAttemptLog:
description: A webhook call attempt log.
type: object
properties:
data:
type: object
additionalProperties:
type: object
endInstant:
"$ref": "#/components/schemas/ZonedDateTime"
id:
type: string
format: uuid
startInstant:
"$ref": "#/components/schemas/ZonedDateTime"
webhookCallResponse:
"$ref": "#/components/schemas/WebhookCallResponse"
webhookEventLogId:
type: string
format: uuid
webhookId:
type: string
format: uuid
attemptResult:
"$ref": "#/components/schemas/WebhookAttemptResult"
WebhookAttemptLogResponse:
description: Webhook attempt log response.
type: object
properties:
webhookAttemptLog:
"$ref": "#/components/schemas/WebhookAttemptLog"
WebhookAttemptResult:
description: The possible states of an individual webhook attempt to a single
endpoint.
type: string
enum:
- Success
- Failure
- Unknown
WebhookCallResponse:
description: A webhook call response.
type: object
properties:
exception:
type: string
statusCode:
type: integer
url:
type: string
format: URI
WebhookEventLog:
type: object
properties:
attempts:
type: array
items:
"$ref": "#/components/schemas/WebhookAttemptLog"
data:
type: object
additionalProperties:
type: object
event:
"$ref": "#/components/schemas/EventRequest"
eventResult:
"$ref": "#/components/schemas/WebhookEventResult"
eventType:
"$ref": "#/components/schemas/EventType"
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lastAttemptInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
linkedObjectId:
type: string
format: uuid
sequence:
type: integer
format: int64
failedAttempts:
type: integer
successfulAttempts:
type: integer
WebhookEventLogConfiguration:
description: The system configuration for Webhook Event Log data.
type: object
properties:
delete:
"$ref": "#/components/schemas/DeleteConfiguration"
WebhookEventLogResponse:
description: Webhook event log response.
type: object
properties:
webhookEventLog:
"$ref": "#/components/schemas/WebhookEventLog"
WebhookEventLogSearchCriteria:
description: Search criteria for the webhook event log.
type: object
properties:
end:
"$ref": "#/components/schemas/ZonedDateTime"
event:
type: string
eventResult:
"$ref": "#/components/schemas/WebhookEventResult"
eventType:
"$ref": "#/components/schemas/EventType"
start:
"$ref": "#/components/schemas/ZonedDateTime"
numberOfResults:
type: integer
orderBy:
type: string
startRow:
type: integer
WebhookEventLogSearchRequest:
description: Webhook event log search request.
type: object
properties:
search:
"$ref": "#/components/schemas/WebhookEventLogSearchCriteria"
WebhookEventLogSearchResponse:
description: Webhook event log search response.
type: object
properties:
total:
type: integer
format: int64
webhookEventLogs:
type: array
items:
"$ref": "#/components/schemas/WebhookEventLog"
WebhookEventResult:
description: The possible result states of a webhook event. This tracks the
success of the overall webhook transaction according to the {@link TransactionType} and
configured webhooks.
type: string
enum:
- Failed
- Running
- Succeeded
WebhookRequest:
description: Webhook API request object.
type: object
properties:
webhook:
"$ref": "#/components/schemas/Webhook"
WebhookResponse:
description: Webhook API response object.
type: object
properties:
webhook:
"$ref": "#/components/schemas/Webhook"
webhooks:
type: array
items:
"$ref": "#/components/schemas/Webhook"
WebhookSearchCriteria:
description: Search criteria for webhooks.
type: object
properties:
description:
type: string
tenantId:
type: string
format: uuid
url:
type: string
numberOfResults:
type: integer
orderBy:
type: string
startRow:
type: integer
WebhookSearchRequest:
description: Search request for webhooks
type: object
properties:
search:
"$ref": "#/components/schemas/WebhookSearchCriteria"
WebhookSearchResponse:
description: Webhook search response
type: object
properties:
total:
type: integer
format: int64
webhooks:
type: array
items:
"$ref": "#/components/schemas/Webhook"
WebhookSignatureConfiguration:
description: Configuration for signing webhooks.
type: object
properties:
signingKeyId:
type: string
format: uuid
enabled:
type: boolean
XMLSignatureLocation:
type: string
enum:
- Assertion
- Response
XboxApplicationConfiguration:
description: ''
type: object
properties:
buttonText:
type: string
client_id:
type: string
client_secret:
type: string
scope:
type: string
data:
type: object
additionalProperties:
type: object
createRegistration:
type: boolean
XboxIdentityProvider:
description: Xbox gaming login provider.
type: object
properties:
buttonText:
type: string
client_id:
type: string
client_secret:
type: string
scope:
type: string
data:
type: object
additionalProperties:
type: object
applicationConfiguration:
type: object
additionalProperties:
"$ref": "#/components/schemas/XboxApplicationConfiguration"
debug:
type: boolean
id:
type: string
format: uuid
insertInstant:
"$ref": "#/components/schemas/ZonedDateTime"
lambdaConfiguration:
"$ref": "#/components/schemas/ProviderLambdaConfiguration"
lastUpdateInstant:
"$ref": "#/components/schemas/ZonedDateTime"
linkingStrategy:
"$ref": "#/components/schemas/IdentityProviderLinkingStrategy"
name:
type: string
tenantConfiguration:
type: object
additionalProperties:
"$ref": "#/components/schemas/IdentityProviderTenantConfiguration"
type:
"$ref": "#/components/schemas/IdentityProviderType"
ZoneId:
description: Timezone Identifier
example: America/Denver
pattern: "^w+/w+$"
type: string
ZonedDateTime:
description: 'The number of milliseconds since the unix epoch: January 1, 1970
00:00:00 UTC. This value is always in UTC.'
example: '1659380719000'
type: integer
format: int64
securitySchemes:
ApiKeyAuth:
type: apiKey
name: Authorization
in: header
BearerAuth:
type: http
scheme: bearer
bearerFormat: JWT
paths:
"/api/key/{keyId}":
put:
description: Updates the key with the given Id.
operationId: updateKeyWithId
parameters:
- name: keyId
in: path
schema:
type: string
required: true
description: The Id of the key to update.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/KeyRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/KeyResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
get:
description: Retrieves the key for the given Id.
operationId: retrieveKeyWithId
parameters:
- name: keyId
in: path
schema:
type: string
required: true
description: The Id of the key.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/KeyResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
delete:
description: Deletes the key for the given Id.
operationId: deleteKeyWithId
parameters:
- name: keyId
in: path
schema:
type: string
required: true
description: The Id of the key to delete.
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/oauth2/token":
post:
description: Exchange a Refresh Token for an Access Token. If you will be using
the Refresh Token Grant, you will make a request to the Token endpoint to
exchange the user’s refresh token for an access token. OR Exchange User Credentials
for a Token. If you will be using the Resource Owner Password Credential Grant,
you will make a request to the Token endpoint to exchange the user’s email
and password for an access token. OR Exchanges an OAuth authorization code
and code_verifier for an access token. Makes a request to the Token endpoint
to exchange the authorization code returned from the Authorize endpoint and
a code_verifier for an access token. OR Exchanges an OAuth authorization code
for an access token. Makes a request to the Token endpoint to exchange the
authorization code returned from the Authorize endpoint for an access token.
OR Make a Client Credentials grant request to obtain an access token.
operationId: createToken
parameters: []
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/AccessToken"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/OAuthError"
"/api/user/{userId}":
get:
description: Retrieves the user for the given Id.
operationId: retrieveUserWithId
parameters:
- name: userId
in: path
schema:
type: string
required: true
description: The Id of the user.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/UserResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
put:
description: Updates the user with the given Id. OR Reactivates the user with
the given Id.
operationId: updateUserWithId
parameters:
- name: userId
in: path
schema:
type: string
required: true
description: The Id of the user to update.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
- name: reactivate
in: query
schema:
type: string
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/UserRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/UserResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
delete:
description: Deactivates the user with the given Id. OR Deletes the user for
the given Id. This permanently deletes all information, metrics, reports and
data associated with the user. OR Deletes the user based on the given request
(sent to the API as JSON). This permanently deletes all information, metrics,
reports and data associated with the user.
operationId: deleteUserWithId
parameters:
- name: userId
in: path
schema:
type: string
required: true
description: The Id of the user to deactivate.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
- name: hardDelete
in: query
schema:
type: string
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/UserDeleteSingleRequest"
patch:
description: Updates, via PATCH, the user with the given Id.
operationId: patchUserWithId
parameters:
- name: userId
in: path
schema:
type: string
required: true
description: The Id of the user to update.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/UserRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/UserResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
post:
description: Creates a user. You can optionally specify an Id for the user,
if not provided one will be generated.
operationId: createUserWithId
parameters:
- name: userId
in: path
schema:
type: string
required: true
description: The Id for the user. If not provided a secure random UUID will
be generated.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/UserRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/UserResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/key/import/{keyId}":
post:
description: Import an existing RSA or EC key pair or an HMAC secret.
operationId: importKeyWithId
parameters:
- name: keyId
in: path
schema:
type: string
required: true
description: The Id for the key. If not provided a secure random UUID will
be generated.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/KeyRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/KeyResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/key/import":
post:
description: Import an existing RSA or EC key pair or an HMAC secret.
operationId: importKey
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/KeyRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/KeyResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/user/registration/{userId}":
put:
description: Updates the registration for the user with the given Id and the
application defined in the request.
operationId: updateRegistrationWithId
parameters:
- name: userId
in: path
schema:
type: string
required: true
description: The Id of the user whose registration is going to be updated.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/RegistrationRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/RegistrationResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
post:
description: Registers a user for an application. If you provide the User and
the UserRegistration object on this request, it will create the user as well
as register them for the application. This is called a Full Registration.
However, if you only provide the UserRegistration object, then the user must
already exist and they will be registered for the application. The user Id
can also be provided and it will either be used to look up an existing user
or it will be used for the newly created User.
operationId: registerWithId
parameters:
- name: userId
in: path
schema:
type: string
required: true
description: The Id of the user being registered for the application and optionally
created.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/RegistrationRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/RegistrationResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
patch:
description: Updates, via PATCH, the registration for the user with the given
Id and the application defined in the request.
operationId: patchRegistrationWithId
parameters:
- name: userId
in: path
schema:
type: string
required: true
description: The Id of the user whose registration is going to be updated.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/RegistrationRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/RegistrationResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/user/verify-email":
post:
description: Administratively verify a user's email address. Use this method
to bypass email verification for the user. The request body will contain
the userId to be verified. An API key is required when sending the userId
in the request body. OR Confirms a user's email address. The request body
will contain the verificationId. You may also be required to send a one-time
use code based upon your configuration. When the tenant is configured to
gate a user until their email address is verified, this procedures requires
two values instead of one. The verificationId is a high entropy value and
the one-time use code is a low entropy value that is easily entered in a user
interactive form. The two values together are able to confirm a user's email
address and mark the user's email address as verified.
operationId: createUserVerifyEmail
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/VerifyEmailRequest"
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
put:
description: Generate a new Email Verification Id to be used with the Verify
Email API. This API will not attempt to send an email to the User. This API
may be used to collect the verificationId for use with a third party system.
OR Re-sends the verification email to the user. If the Application has configured
a specific email template this will be used instead of the tenant configuration.
OR Re-sends the verification email to the user.
operationId: updateUserVerifyEmail
parameters:
- name: email
in: query
schema:
type: string
description: The email address of the user that needs a new verification email.
- name: sendVerifyEmail
in: query
schema:
type: string
- name: applicationId
in: query
schema:
type: string
description: The unique Application Id to used to resolve an application specific
email template.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/VerifyEmailResponse"
default:
description: Error
"/api/group/{groupId}":
get:
description: Retrieves the group for the given Id.
operationId: retrieveGroupWithId
parameters:
- name: groupId
in: path
schema:
type: string
required: true
description: The Id of the group.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/GroupResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
patch:
description: Updates, via PATCH, the group with the given Id.
operationId: patchGroupWithId
parameters:
- name: groupId
in: path
schema:
type: string
required: true
description: The Id of the group to update.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/GroupRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/GroupResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
delete:
description: Deletes the group for the given Id.
operationId: deleteGroupWithId
parameters:
- name: groupId
in: path
schema:
type: string
required: true
description: The Id of the group to delete.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
put:
description: Updates the group with the given Id.
operationId: updateGroupWithId
parameters:
- name: groupId
in: path
schema:
type: string
required: true
description: The Id of the group to update.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/GroupRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/GroupResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
post:
description: Creates a group. You can optionally specify an Id for the group,
if not provided one will be generated.
operationId: createGroupWithId
parameters:
- name: groupId
in: path
schema:
type: string
required: true
description: The Id for the group. If not provided a secure random UUID will
be generated.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/GroupRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/GroupResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/email/template/{emailTemplateId}":
put:
description: Updates the email template with the given Id.
operationId: updateEmailTemplateWithId
parameters:
- name: emailTemplateId
in: path
schema:
type: string
required: true
description: The Id of the email template to update.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/EmailTemplateRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/EmailTemplateResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
delete:
description: Deletes the email template for the given Id.
operationId: deleteEmailTemplateWithId
parameters:
- name: emailTemplateId
in: path
schema:
type: string
required: true
description: The Id of the email template to delete.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
get:
description: Retrieves the email template for the given Id. If you don't specify
the id, this will return all the email templates.
operationId: retrieveEmailTemplateWithId
parameters:
- name: emailTemplateId
in: path
schema:
type: string
required: true
description: The Id of the email template.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/EmailTemplateResponse"
default:
description: Error
post:
description: Creates an email template. You can optionally specify an Id for
the template, if not provided one will be generated.
operationId: createEmailTemplateWithId
parameters:
- name: emailTemplateId
in: path
schema:
type: string
required: true
description: The Id for the template. If not provided a secure random UUID
will be generated.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/EmailTemplateRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/EmailTemplateResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
patch:
description: Updates, via PATCH, the email template with the given Id.
operationId: patchEmailTemplateWithId
parameters:
- name: emailTemplateId
in: path
schema:
type: string
required: true
description: The Id of the email template to update.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/EmailTemplateRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/EmailTemplateResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/lambda/{lambdaId}":
get:
description: Retrieves the lambda for the given Id.
operationId: retrieveLambdaWithId
parameters:
- name: lambdaId
in: path
schema:
type: string
required: true
description: The Id of the lambda.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/LambdaResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
patch:
description: Updates, via PATCH, the lambda with the given Id.
operationId: patchLambdaWithId
parameters:
- name: lambdaId
in: path
schema:
type: string
required: true
description: The Id of the lambda to update.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/LambdaRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/LambdaResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
delete:
description: Deletes the lambda for the given Id.
operationId: deleteLambdaWithId
parameters:
- name: lambdaId
in: path
schema:
type: string
required: true
description: The Id of the lambda to delete.
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
post:
description: Creates a Lambda. You can optionally specify an Id for the lambda,
if not provided one will be generated.
operationId: createLambdaWithId
parameters:
- name: lambdaId
in: path
schema:
type: string
required: true
description: The Id for the lambda. If not provided a secure random UUID will
be generated.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/LambdaRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/LambdaResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
put:
description: Updates the lambda with the given Id.
operationId: updateLambdaWithId
parameters:
- name: lambdaId
in: path
schema:
type: string
required: true
description: The Id of the lambda to update.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/LambdaRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/LambdaResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/tenant/{tenantId}":
put:
description: Updates the tenant with the given Id.
operationId: updateTenantWithId
parameters:
- name: tenantId
in: path
schema:
type: string
required: true
description: The Id of the tenant to update.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/TenantRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/TenantResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
post:
description: Creates a tenant. You can optionally specify an Id for the tenant,
if not provided one will be generated.
operationId: createTenantWithId
parameters:
- name: tenantId
in: path
schema:
type: string
required: true
description: The Id for the tenant. If not provided a secure random UUID will
be generated.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/TenantRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/TenantResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
delete:
description: Deletes the tenant for the given Id asynchronously. This method
is helpful if you do not want to wait for the delete operation to complete.
OR Deletes the tenant based on the given request (sent to the API as JSON).
This permanently deletes all information, metrics, reports and data associated
with the tenant and everything under the tenant (applications, users, etc).
OR Deletes the tenant based on the given Id on the URL. This permanently deletes
all information, metrics, reports and data associated with the tenant and
everything under the tenant (applications, users, etc).
operationId: deleteTenantWithId
parameters:
- name: async
in: query
schema:
type: string
- name: tenantId
in: path
schema:
type: string
required: true
description: The Id of the tenant to delete.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/TenantDeleteRequest"
patch:
description: Updates, via PATCH, the tenant with the given Id.
operationId: patchTenantWithId
parameters:
- name: tenantId
in: path
schema:
type: string
required: true
description: The Id of the tenant to update.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/TenantRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/TenantResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
get:
description: Retrieves the tenant for the given Id.
operationId: retrieveTenantWithId
parameters:
- name: tenantId
in: path
schema:
type: string
required: true
description: The Id of the tenant.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/TenantResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/group/search":
post:
description: Searches groups with the specified criteria and pagination.
operationId: searchGroupsWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/GroupSearchRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/GroupSearchResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/tenant/password-validation-rules/{tenantId}":
get:
description: Retrieves the password validation rules for a specific tenant. This
API does not require an API key.
operationId: retrievePasswordValidationRulesWithTenantIdWithId
parameters:
- name: tenantId
in: path
schema:
type: string
required: true
description: The Id of the tenant.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/PasswordValidationRulesResponse"
default:
description: Error
"/api/login/{userId}/{applicationId}":
put:
description: Sends a ping to FusionAuth indicating that the user was automatically
logged into an application. When using FusionAuth's SSO or your own, you should
call this if the user is already logged in centrally, but accesses an application
where they no longer have a session. This helps correctly track login counts,
times and helps with reporting.
operationId: loginPingWithId
parameters:
- name: callerIPAddress
in: query
schema:
type: string
description: The IP address of the end-user that is logging in. If a null
value is provided the IP address will be that of the client or last proxy
that sent the request.
- name: userId
in: path
schema:
type: string
required: true
description: The Id of the user that was logged in.
- name: applicationId
in: path
schema:
type: string
required: true
description: The Id of the application that they logged into.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/LoginResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/group/member/search":
post:
description: Searches group members with the specified criteria and pagination.
operationId: searchGroupMembersWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/GroupMemberSearchRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/GroupMemberSearchResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/user/bulk":
delete:
description: Deactivates the users with the given ids. OR Deletes the users
with the given ids, or users matching the provided JSON query or queryString.
The order of preference is ids, query and then queryString, it is recommended
to only provide one of the three for the request. This method can be used
to deactivate or permanently delete (hard-delete) users based upon the hardDelete
boolean in the request body. Using the dryRun parameter you may also request
the result of the action without actually deleting or deactivating any users.
operationId: deleteUserBulk
parameters:
- name: userIds
in: query
schema:
type: string
description: The ids of the users to deactivate.
- name: dryRun
in: query
schema:
type: string
- name: hardDelete
in: query
schema:
type: string
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/UserDeleteResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/UserDeleteRequest"
"/api/user-action/{userActionId}":
patch:
description: Updates, via PATCH, the user action with the given Id.
operationId: patchUserActionWithId
parameters:
- name: userActionId
in: path
schema:
type: string
required: true
description: The Id of the user action to update.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/UserActionRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/UserActionResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
delete:
description: Deactivates the user action with the given Id. OR Deletes the user
action for the given Id. This permanently deletes the user action and also
any history and logs of the action being applied to any users.
operationId: deleteUserActionWithId
parameters:
- name: userActionId
in: path
schema:
type: string
required: true
description: The Id of the user action to deactivate.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
- name: hardDelete
in: query
schema:
type: string
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
put:
description: Reactivates the user action with the given Id. OR Updates the user
action with the given Id.
operationId: updateUserActionWithId
parameters:
- name: reactivate
in: query
schema:
type: string
- name: userActionId
in: path
schema:
type: string
required: true
description: The Id of the user action to reactivate.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/UserActionResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/UserActionRequest"
get:
description: Retrieves the user action for the given Id. If you pass in null
for the id, this will return all the user actions.
operationId: retrieveUserActionWithId
parameters:
- name: userActionId
in: path
schema:
type: string
required: true
description: The Id of the user action.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/UserActionResponse"
default:
description: Error
post:
description: Creates a user action. This action cannot be taken on a user until
this call successfully returns. Anytime after that the user action can be
applied to any user.
operationId: createUserActionWithId
parameters:
- name: userActionId
in: path
schema:
type: string
required: true
description: The Id for the user action. If not provided a secure random UUID
will be generated.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/UserActionRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/UserActionResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/system/webhook-event-log/search":
post:
description: Searches the webhook event logs with the specified criteria and
pagination.
operationId: searchWebhookEventLogsWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/WebhookEventLogSearchRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/WebhookEventLogSearchResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/user/two-factor/{userId}":
delete:
description: Disable two-factor authentication for a user using a JSON body
rather than URL parameters. OR Disable two-factor authentication for a user.
operationId: deleteUserTwoFactorWithId
parameters:
- name: userId
in: path
schema:
type: string
required: true
description: The Id of the User for which you're disabling two-factor authentication.
- name: methodId
in: query
schema:
type: string
description: The two-factor method identifier you wish to disable
- name: code
in: query
schema:
type: string
description: The two-factor code used verify the the caller knows the two-factor
secret.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/TwoFactorDisableRequest"
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
post:
description: Enable two-factor authentication for a user.
operationId: enableTwoFactorWithId
parameters:
- name: userId
in: path
schema:
type: string
required: true
description: The Id of the user to enable two-factor authentication.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/TwoFactorRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/TwoFactorResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/logout":
post:
description: The Logout API is intended to be used to remove the refresh token
and access token cookies if they exist on the client and revoke the refresh
token stored. This API does nothing if the request does not contain an access
token or refresh token cookies. OR The Logout API is intended to be used to
remove the refresh token and access token cookies if they exist on the client
and revoke the refresh token stored. This API takes the refresh token in the
JSON body.
operationId: createLogout
parameters:
- name: global
in: query
schema:
type: string
description: When this value is set to true all the refresh tokens issued
to the owner of the provided token will be revoked.
- name: refreshToken
in: query
schema:
type: string
description: The refresh_token as a request parameter instead of coming in
via a cookie. If provided this takes precedence over the cookie.
responses:
'200':
description: Success
default:
description: Error
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/LogoutRequest"
"/api/form/field/{fieldId}":
delete:
description: Deletes the form field for the given Id.
operationId: deleteFormFieldWithId
parameters:
- name: fieldId
in: path
schema:
type: string
required: true
description: The Id of the form field to delete.
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
get:
description: Retrieves the form field with the given Id.
operationId: retrieveFormFieldWithId
parameters:
- name: fieldId
in: path
schema:
type: string
required: true
description: The Id of the form field.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/FormFieldResponse"
default:
description: Error
post:
description: Creates a form field. You can optionally specify an Id for the
form, if not provided one will be generated.
operationId: createFormFieldWithId
parameters:
- name: fieldId
in: path
schema:
type: string
required: true
description: The Id for the form field. If not provided a secure random UUID
will be generated.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/FormFieldRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/FormFieldResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
put:
description: Updates the form field with the given Id.
operationId: updateFormFieldWithId
parameters:
- name: fieldId
in: path
schema:
type: string
required: true
description: The Id of the form field to update.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/FormFieldRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/FormFieldResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/entity/type/{entityTypeId}":
delete:
description: Deletes the Entity Type for the given Id.
operationId: deleteEntityTypeWithId
parameters:
- name: entityTypeId
in: path
schema:
type: string
required: true
description: The Id of the Entity Type to delete.
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
patch:
description: Updates, via PATCH, the Entity Type with the given Id.
operationId: patchEntityTypeWithId
parameters:
- name: entityTypeId
in: path
schema:
type: string
required: true
description: The Id of the Entity Type to update.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/EntityTypeRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/EntityTypeResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
put:
description: Updates the Entity Type with the given Id.
operationId: updateEntityTypeWithId
parameters:
- name: entityTypeId
in: path
schema:
type: string
required: true
description: The Id of the Entity Type to update.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/EntityTypeRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/EntityTypeResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
get:
description: Retrieves the Entity Type for the given Id.
operationId: retrieveEntityTypeWithId
parameters:
- name: entityTypeId
in: path
schema:
type: string
required: true
description: The Id of the Entity Type.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/EntityTypeResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
post:
description: Creates a Entity Type. You can optionally specify an Id for the
Entity Type, if not provided one will be generated.
operationId: createEntityTypeWithId
parameters:
- name: entityTypeId
in: path
schema:
type: string
required: true
description: The Id for the Entity Type. If not provided a secure random UUID
will be generated.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/EntityTypeRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/EntityTypeResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/passwordless/login":
post:
description: Complete a login request using a passwordless code
operationId: passwordlessLoginWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/PasswordlessLoginRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/LoginResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/user-action-reason/{userActionReasonId}":
patch:
description: Updates, via PATCH, the user action reason with the given Id.
operationId: patchUserActionReasonWithId
parameters:
- name: userActionReasonId
in: path
schema:
type: string
required: true
description: The Id of the user action reason to update.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/UserActionReasonRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/UserActionReasonResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
put:
description: Updates the user action reason with the given Id.
operationId: updateUserActionReasonWithId
parameters:
- name: userActionReasonId
in: path
schema:
type: string
required: true
description: The Id of the user action reason to update.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/UserActionReasonRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/UserActionReasonResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
post:
description: Creates a user reason. This user action reason cannot be used when
actioning a user until this call completes successfully. Anytime after that
the user action reason can be used.
operationId: createUserActionReasonWithId
parameters:
- name: userActionReasonId
in: path
schema:
type: string
required: true
description: The Id for the user action reason. If not provided a secure random
UUID will be generated.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/UserActionReasonRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/UserActionReasonResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
get:
description: Retrieves the user action reason for the given Id. If you pass
in null for the id, this will return all the user action reasons.
operationId: retrieveUserActionReasonWithId
parameters:
- name: userActionReasonId
in: path
schema:
type: string
required: true
description: The Id of the user action reason.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/UserActionReasonResponse"
default:
description: Error
delete:
description: Deletes the user action reason for the given Id.
operationId: deleteUserActionReasonWithId
parameters:
- name: userActionReasonId
in: path
schema:
type: string
required: true
description: The Id of the user action reason to delete.
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/entity/{entityId}":
put:
description: Updates the Entity with the given Id.
operationId: updateEntityWithId
parameters:
- name: entityId
in: path
schema:
type: string
required: true
description: The Id of the Entity to update.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/EntityRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/EntityResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
post:
description: Creates an Entity. You can optionally specify an Id for the Entity.
If not provided one will be generated.
operationId: createEntityWithId
parameters:
- name: entityId
in: path
schema:
type: string
required: true
description: The Id for the Entity. If not provided a secure random UUID will
be generated.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/EntityRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/EntityResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
delete:
description: Deletes the Entity for the given Id.
operationId: deleteEntityWithId
parameters:
- name: entityId
in: path
schema:
type: string
required: true
description: The Id of the Entity to delete.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
get:
description: Retrieves the Entity for the given Id.
operationId: retrieveEntityWithId
parameters:
- name: entityId
in: path
schema:
type: string
required: true
description: The Id of the Entity.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/EntityResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/api-key/{keyId}":
post:
description: Creates an API key. You can optionally specify a unique Id for
the key, if not provided one will be generated. an API key can only be created
with equal or lesser authority. An API key cannot create another API key unless
it is granted to that API key. If an API key is locked to a tenant, it can
only create API Keys for that same tenant. OR Updates an authentication API
key by given id
operationId: createApiKeyWithId
parameters:
- name: keyId
in: path
schema:
type: string
required: true
description: The unique Id of the API key. If not provided a secure random
Id will be generated.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/APIKeyRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/APIKeyResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
delete:
description: Deletes the API key for the given Id.
operationId: deleteAPIKeyWithId
parameters:
- name: keyId
in: path
schema:
type: string
required: true
description: The Id of the authentication API key to delete.
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
get:
description: Retrieves an authentication API key for the given id
operationId: retrieveAPIKeyWithId
parameters:
- name: keyId
in: path
schema:
type: string
required: true
description: The Id of the API key to retrieve.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/APIKeyResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/theme/{themeId}":
post:
description: Creates a Theme. You can optionally specify an Id for the theme,
if not provided one will be generated.
operationId: createThemeWithId
parameters:
- name: themeId
in: path
schema:
type: string
required: true
description: The Id for the theme. If not provided a secure random UUID will
be generated.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/ThemeRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ThemeResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
put:
description: Updates the theme with the given Id.
operationId: updateThemeWithId
parameters:
- name: themeId
in: path
schema:
type: string
required: true
description: The Id of the theme to update.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/ThemeRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ThemeResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
patch:
description: Updates, via PATCH, the theme with the given Id.
operationId: patchThemeWithId
parameters:
- name: themeId
in: path
schema:
type: string
required: true
description: The Id of the theme to update.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/ThemeRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ThemeResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
get:
description: Retrieves the theme for the given Id.
operationId: retrieveThemeWithId
parameters:
- name: themeId
in: path
schema:
type: string
required: true
description: The Id of the theme.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ThemeResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
delete:
description: Deletes the theme for the given Id.
operationId: deleteThemeWithId
parameters:
- name: themeId
in: path
schema:
type: string
required: true
description: The Id of the theme to delete.
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/theme":
post:
description: Creates a Theme. You can optionally specify an Id for the theme,
if not provided one will be generated.
operationId: createTheme
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/ThemeRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ThemeResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/jwt/refresh":
delete:
description: 'Revokes refresh tokens using the information in the JSON body.
The handling for this method is the same as the revokeRefreshToken method
and is based on the information you provide in the RefreshDeleteRequest object.
See that method for additional information. OR Revoke all refresh tokens that
belong to an application by applicationId. OR Revoke all refresh tokens that
belong to a user by user Id. OR Revokes a single refresh token by using the
actual refresh token value. This refresh token value is sensitive, so be
careful with this API request. OR Revoke all refresh tokens that belong to
a user by user Id for a specific application by applicationId. OR Revokes
refresh tokens. Usage examples: - Delete a single refresh token, pass in
only the token. revokeRefreshToken(token) - Delete all refresh tokens
for a user, pass in only the userId. revokeRefreshToken(null, userId) -
Delete all refresh tokens for a user for a specific application, pass in both
the userId and the applicationId. revokeRefreshToken(null, userId, applicationId) -
Delete all refresh tokens for an application revokeRefreshToken(null,
null, applicationId) Note: null
may be handled differently depending
upon the programming language. See also: (method names may vary by language...
but you''ll figure it out) - revokeRefreshTokenById - revokeRefreshTokenByToken -
revokeRefreshTokensByUserId - revokeRefreshTokensByApplicationId - revokeRefreshTokensByUserIdForApplication'
operationId: deleteJwtRefresh
parameters:
- name: applicationId
in: query
schema:
type: string
description: The unique Id of the application that you want to delete all
refresh tokens for.
- name: userId
in: query
schema:
type: string
description: The unique Id of the user that you want to delete all refresh
tokens for.
- name: token
in: query
schema:
type: string
description: The refresh token to delete.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/RefreshTokenRevokeRequest"
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
post:
description: Exchange a refresh token for a new JWT.
operationId: exchangeRefreshTokenForJWTWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/RefreshRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/JWTRefreshResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
get:
description: Retrieves the refresh tokens that belong to the user with the given
Id.
operationId: retrieveRefreshTokensWithId
parameters:
- name: userId
in: query
schema:
type: string
description: The Id of the user.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/RefreshTokenResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/application/{applicationId}/scope/{scopeId}":
get:
description: Retrieves a custom OAuth scope.
operationId: retrieveOAuthScopeWithId
parameters:
- name: applicationId
in: path
schema:
type: string
required: true
description: The Id of the application that the OAuth scope belongs to.
- name: scopeId
in: path
schema:
type: string
required: true
description: The Id of the OAuth scope to retrieve.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ApplicationOAuthScopeResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
delete:
description: Hard deletes a custom OAuth scope. OAuth workflows that are still
requesting the deleted OAuth scope may fail depending on the application's
unknown scope policy.
operationId: deleteOAuthScopeWithId
parameters:
- name: applicationId
in: path
schema:
type: string
required: true
description: The Id of the application that the OAuth scope belongs to.
- name: scopeId
in: path
schema:
type: string
required: true
description: The Id of the OAuth scope to delete.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
patch:
description: Updates, via PATCH, the custom OAuth scope with the given Id for
the application.
operationId: patchOAuthScopeWithId
parameters:
- name: applicationId
in: path
schema:
type: string
required: true
description: The Id of the application that the OAuth scope belongs to.
- name: scopeId
in: path
schema:
type: string
required: true
description: The Id of the OAuth scope to update.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/ApplicationOAuthScopeRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ApplicationOAuthScopeResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
put:
description: Updates the OAuth scope with the given Id for the application.
operationId: updateOAuthScopeWithId
parameters:
- name: applicationId
in: path
schema:
type: string
required: true
description: The Id of the application that the OAuth scope belongs to.
- name: scopeId
in: path
schema:
type: string
required: true
description: The Id of the OAuth scope to update.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/ApplicationOAuthScopeRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ApplicationOAuthScopeResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
post:
description: Creates a new custom OAuth scope for an application. You must specify
the Id of the application you are creating the scope for. You can optionally
specify an Id for the OAuth scope on the URL, if not provided one will be
generated.
operationId: createOAuthScopeWithId
parameters:
- name: applicationId
in: path
schema:
type: string
required: true
description: The Id of the application to create the OAuth scope on.
- name: scopeId
in: path
schema:
type: string
required: true
description: The Id of the OAuth scope. If not provided a secure random UUID
will be generated.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/ApplicationOAuthScopeRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ApplicationOAuthScopeResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/tenant/search":
post:
description: Searches tenants with the specified criteria and pagination.
operationId: searchTenantsWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/TenantSearchRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/TenantSearchResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/report/registration":
get:
description: Retrieves the registration report between the two instants. If
you specify an application id, it will only return the registration counts
for that application.
operationId: retrieveRegistrationReportWithId
parameters:
- name: applicationId
in: query
schema:
type: string
description: The application id.
- name: start
in: query
schema:
type: string
description: The start instant as UTC milliseconds since Epoch.
- name: end
in: query
schema:
type: string
description: The end instant as UTC milliseconds since Epoch.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/RegistrationReportResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/email/template/search":
post:
description: Searches email templates with the specified criteria and pagination.
operationId: searchEmailTemplatesWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/EmailTemplateSearchRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/EmailTemplateSearchResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/jwt/refresh/{tokenId}":
delete:
description: Revokes a single refresh token by the unique Id. The unique Id
is not sensitive as it cannot be used to obtain another JWT.
operationId: revokeRefreshTokenByIdWithId
parameters:
- name: tokenId
in: path
schema:
type: string
required: true
description: The unique Id of the token to delete.
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
get:
description: Retrieves a single refresh token by unique Id. This is not the
same thing as the string value of the refresh token. If you have that, you
already have what you need.
operationId: retrieveRefreshTokenByIdWithId
parameters:
- name: tokenId
in: path
schema:
type: string
required: true
description: The Id of the token.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/RefreshTokenResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/consent/search":
post:
description: Searches consents with the specified criteria and pagination.
operationId: searchConsentsWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/ConsentSearchRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ConsentSearchResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/entity":
post:
description: Creates an Entity. You can optionally specify an Id for the Entity.
If not provided one will be generated.
operationId: createEntity
parameters:
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/EntityRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/EntityResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/two-factor/start":
post:
description: Start a Two-Factor login request by generating a two-factor identifier.
This code can then be sent to the Two Factor Send API (/api/two-factor/send)in
order to send a one-time use code to a user. You can also use one-time use
code returned to send the code out-of-band. The Two-Factor login is completed
by making a request to the Two-Factor Login API (/api/two-factor/login).
with the two-factor identifier and the one-time use code. This API is intended
to allow you to begin a Two-Factor login outside a normal login that originated
from the Login API (/api/login).
operationId: startTwoFactorLoginWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/TwoFactorStartRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/TwoFactorStartResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/webauthn/register/complete":
post:
description: Complete a WebAuthn registration ceremony by validating the client
request and saving the new credential
operationId: completeWebAuthnRegistrationWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/WebAuthnRegisterCompleteRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/WebAuthnRegisterCompleteResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/application/{applicationId}/role/{roleId}":
patch:
description: Updates, via PATCH, the application role with the given Id for
the application.
operationId: patchApplicationRoleWithId
parameters:
- name: applicationId
in: path
schema:
type: string
required: true
description: The Id of the application that the role belongs to.
- name: roleId
in: path
schema:
type: string
required: true
description: The Id of the role to update.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/ApplicationRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ApplicationResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
put:
description: Updates the application role with the given Id for the application.
operationId: updateApplicationRoleWithId
parameters:
- name: applicationId
in: path
schema:
type: string
required: true
description: The Id of the application that the role belongs to.
- name: roleId
in: path
schema:
type: string
required: true
description: The Id of the role to update.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/ApplicationRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ApplicationResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
delete:
description: Hard deletes an application role. This is a dangerous operation
and should not be used in most circumstances. This permanently removes the
given role from all users that had it.
operationId: deleteApplicationRoleWithId
parameters:
- name: applicationId
in: path
schema:
type: string
required: true
description: The Id of the application that the role belongs to.
- name: roleId
in: path
schema:
type: string
required: true
description: The Id of the role to delete.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
post:
description: Creates a new role for an application. You must specify the Id
of the application you are creating the role for. You can optionally specify
an Id for the role inside the ApplicationRole object itself, if not provided
one will be generated.
operationId: createApplicationRoleWithId
parameters:
- name: applicationId
in: path
schema:
type: string
required: true
description: The Id of the application to create the role on.
- name: roleId
in: path
schema:
type: string
required: true
description: The Id of the role. If not provided a secure random UUID will
be generated.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/ApplicationRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ApplicationResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/user":
get:
description: Retrieves the user for the given Id. This method does not use an
API key, instead it uses a JSON Web Token (JWT) for authentication. OR Retrieves
the user by a change password Id. The intended use of this API is to retrieve
a user after the forgot password workflow has been initiated and you may not
know the user's email or username. OR Retrieves the user by a verificationId.
The intended use of this API is to retrieve a user after the forgot password
workflow has been initiated and you may not know the user's email or username.
OR Retrieves the user for the given username. OR Retrieves the user for the
given email. OR Retrieves the user for the loginId. The loginId can be either
the username or the email.
operationId: retrieveUser
security:
- BearerAuth: []
parameters:
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
- name: changePasswordId
in: query
schema:
type: string
description: The unique change password Id that was sent via email or returned
by the Forgot Password API.
- name: verificationId
in: query
schema:
type: string
description: The unique verification Id that has been set on the user object.
- name: username
in: query
schema:
type: string
description: The username of the user.
- name: email
in: query
schema:
type: string
description: The email of the user.
- name: loginId
in: query
schema:
type: string
description: The email or username of the user.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/UserResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
post:
description: Creates a user. You can optionally specify an Id for the user,
if not provided one will be generated.
operationId: createUser
parameters:
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/UserRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/UserResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/webhook/{webhookId}":
get:
description: Retrieves the webhook for the given Id. If you pass in null for
the id, this will return all the webhooks.
operationId: retrieveWebhookWithId
parameters:
- name: webhookId
in: path
schema:
type: string
required: true
description: The Id of the webhook.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/WebhookResponse"
default:
description: Error
put:
description: Updates the webhook with the given Id.
operationId: updateWebhookWithId
parameters:
- name: webhookId
in: path
schema:
type: string
required: true
description: The Id of the webhook to update.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/WebhookRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/WebhookResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
delete:
description: Deletes the webhook for the given Id.
operationId: deleteWebhookWithId
parameters:
- name: webhookId
in: path
schema:
type: string
required: true
description: The Id of the webhook to delete.
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
post:
description: Creates a webhook. You can optionally specify an Id for the webhook,
if not provided one will be generated.
operationId: createWebhookWithId
parameters:
- name: webhookId
in: path
schema:
type: string
required: true
description: The Id for the webhook. If not provided a secure random UUID
will be generated.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/WebhookRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/WebhookResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/webhook":
get:
description: Retrieves the webhook for the given Id. If you pass in null for
the id, this will return all the webhooks.
operationId: retrieveWebhook
parameters: []
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/WebhookResponse"
default:
description: Error
post:
description: Creates a webhook. You can optionally specify an Id for the webhook,
if not provided one will be generated.
operationId: createWebhook
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/WebhookRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/WebhookResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/user/action":
get:
description: Retrieves all the actions for the user with the given Id. This
will return all time based actions that are active, and inactive as well as
non-time based actions. OR Retrieves all the actions for the user with the
given Id that are currently inactive. An inactive action means one that is
time based and has been canceled or has expired, or is not time based. OR
Retrieves all the actions for the user with the given Id that are currently
active. An active action means one that is time based and has not been canceled,
and has not ended. OR Retrieves all the actions for the user with the given
Id that are currently preventing the User from logging in.
operationId: retrieveUserActioning
parameters:
- name: userId
in: query
schema:
type: string
description: The Id of the user to fetch the actions for.
- name: active
in: query
schema:
type: string
- name: preventingLogin
in: query
schema:
type: string
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ActionResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
post:
description: Takes an action on a user. The user being actioned is called the
"actionee" and the user taking the action is called the "actioner". Both user
ids are required in the request object.
operationId: actionUserWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/ActionRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ActionResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/user/search":
get:
description: Retrieves the users for the given ids. If any Id is invalid, it
is ignored.
operationId: searchUsersByIdsWithId
parameters:
- name: ids
in: query
schema:
type: string
description: The user ids to search for.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/SearchResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
post:
description: Retrieves the users for the given search criteria and pagination.
operationId: searchUsersByQueryWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/SearchRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/SearchResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/user/action/{actionId}":
put:
description: Modifies a temporal user action by changing the expiration of the
action and optionally adding a comment to the action.
operationId: modifyActionWithId
parameters:
- name: actionId
in: path
schema:
type: string
required: true
description: The Id of the action to modify. This is technically the user
action log id.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/ActionRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ActionResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
delete:
description: Cancels the user action.
operationId: cancelActionWithId
parameters:
- name: actionId
in: path
schema:
type: string
required: true
description: The action Id of the action to cancel.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/ActionRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ActionResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
get:
description: Retrieves a single action log (the log of a user action that was
taken on a user previously) for the given Id.
operationId: retrieveActionWithId
parameters:
- name: actionId
in: path
schema:
type: string
required: true
description: The Id of the action to retrieve.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ActionResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/jwt/issue":
get:
description: Issue a new access token (JWT) for the requested Application after
ensuring the provided JWT is valid. A valid access token is properly signed
and not expired. This API may be used in an SSO configuration to issue
new tokens for another application after the user has obtained a valid token
from authentication.
operationId: issueJWTWithId
security:
- BearerAuth: []
parameters:
- name: applicationId
in: query
schema:
type: string
description: The Application Id for which you are requesting a new access
token be issued.
- name: refreshToken
in: query
schema:
type: string
description: An existing refresh token used to request a refresh token in
addition to a JWT in the response.
The target application represented
by the applicationId request parameter must have refresh tokens enabled
in order to receive a refresh token in the response.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/IssueResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/lambda/search":
post:
description: Searches lambdas with the specified criteria and pagination.
operationId: searchLambdasWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/LambdaSearchRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/LambdaSearchResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/webauthn/{id}":
get:
description: Retrieves the WebAuthn credential for the given Id.
operationId: retrieveWebAuthnCredentialWithId
parameters:
- name: id
in: path
schema:
type: string
required: true
description: The Id of the WebAuthn credential.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/WebAuthnCredentialResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
delete:
description: Deletes the WebAuthn credential for the given Id.
operationId: deleteWebAuthnCredentialWithId
parameters:
- name: id
in: path
schema:
type: string
required: true
description: The Id of the WebAuthn credential to delete.
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/oauth2/introspect":
post:
description: Inspect an access token issued as the result of the Client Credentials
Grant. OR Inspect an access token issued as the result of the User based grant
such as the Authorization Code Grant, Implicit Grant, the User Credentials
Grant or the Refresh Grant.
operationId: createIntrospect
parameters: []
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/IntrospectResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/OAuthError"
"/api/tenant":
post:
description: Creates a tenant. You can optionally specify an Id for the tenant,
if not provided one will be generated.
operationId: createTenant
parameters:
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/TenantRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/TenantResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/user/family/request":
post:
description: Sends out an email to a parent that they need to register and create
a family or need to log in and add a child to their existing family.
operationId: sendFamilyRequestEmailWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/FamilyEmailRequest"
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/system/login-record/search":
post:
description: Searches the login records with the specified criteria and pagination.
operationId: searchLoginRecordsWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/LoginRecordSearchRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/LoginRecordSearchResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/webauthn/start":
post:
description: Start a WebAuthn authentication ceremony by generating a new challenge
for the user
operationId: startWebAuthnLoginWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/WebAuthnStartRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/WebAuthnStartResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/user/consent/{userConsentId}":
delete:
description: Revokes a single User consent by Id.
operationId: revokeUserConsentWithId
parameters:
- name: userConsentId
in: path
schema:
type: string
required: true
description: The User Consent Id
responses:
'200':
description: Success
default:
description: Error
post:
description: Creates a single User consent.
operationId: createUserConsentWithId
parameters:
- name: userConsentId
in: path
schema:
type: string
required: true
description: The Id for the User consent. If not provided a secure random
UUID will be generated.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/UserConsentRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/UserConsentResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
put:
description: Updates a single User consent by Id.
operationId: updateUserConsentWithId
parameters:
- name: userConsentId
in: path
schema:
type: string
required: true
description: The User Consent Id
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/UserConsentRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/UserConsentResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
get:
description: Retrieve a single User consent by Id.
operationId: retrieveUserConsentWithId
parameters:
- name: userConsentId
in: path
schema:
type: string
required: true
description: The User consent Id
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/UserConsentResponse"
default:
description: Error
patch:
description: Updates, via PATCH, a single User consent by Id.
operationId: patchUserConsentWithId
parameters:
- name: userConsentId
in: path
schema:
type: string
required: true
description: The User Consent Id
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/UserConsentRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/UserConsentResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/system/event-log/{eventLogId}":
get:
description: Retrieves a single event log for the given Id.
operationId: retrieveEventLogWithId
parameters:
- name: eventLogId
in: path
schema:
type: string
required: true
description: The Id of the event log to retrieve.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/EventLogResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/webauthn/register/start":
post:
description: Start a WebAuthn registration ceremony by generating a new challenge
for the user
operationId: startWebAuthnRegistrationWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/WebAuthnRegisterStartRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/WebAuthnRegisterStartResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/user/change-password":
post:
description: 'Changes a user''s password using their identity (loginId and password).
Using a loginId instead of the changePasswordId bypasses the email verification
and allows a password to be changed directly without first calling the #forgotPassword
method.'
operationId: changePasswordByIdentityWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/ChangePasswordRequest"
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
get:
description: Check to see if the user must obtain a Trust Token Id in order
to complete a change password request. When a user has enabled Two-Factor
authentication, before you are allowed to use the Change Password API to change
your password, you must obtain a Trust Token by completing a Two-Factor Step-Up
authentication. An HTTP status code of 400 with a general error code of [TrustTokenRequired]
indicates that a Trust Token is required to make a POST request to this API.
OR Check to see if the user must obtain a Trust Request Id in order to complete
a change password request. When a user has enabled Two-Factor authentication,
before you are allowed to use the Change Password API to change your password,
you must obtain a Trust Request Id by completing a Two-Factor Step-Up authentication. An
HTTP status code of 400 with a general error code of [TrustTokenRequired]
indicates that a Trust Token is required to make a POST request to this API.
operationId: retrieveUserChangePassword
security:
- BearerAuth: []
parameters:
- name: loginId
in: query
schema:
type: string
description: The loginId of the User that you intend to change the password
for.
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/ip-acl/{accessControlListId}":
put:
description: Updates the IP Access Control List with the given Id.
operationId: updateIPAccessControlListWithId
parameters:
- name: accessControlListId
in: path
schema:
type: string
required: true
description: The Id of the IP Access Control List to update.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/IPAccessControlListRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/IPAccessControlListResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
post:
description: Creates an IP Access Control List. You can optionally specify an
Id on this create request, if one is not provided one will be generated.
operationId: createIPAccessControlListWithId
parameters:
- name: accessControlListId
in: path
schema:
type: string
required: true
description: The Id for the IP Access Control List. If not provided a secure
random UUID will be generated.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/IPAccessControlListRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/IPAccessControlListResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/user/consent":
post:
description: Creates a single User consent.
operationId: createUserConsent
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/UserConsentRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/UserConsentResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
get:
description: Retrieves all the consents for a User.
operationId: retrieveUserConsentsWithId
parameters:
- name: userId
in: query
schema:
type: string
description: The User's Id
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/UserConsentResponse"
default:
description: Error
"/api/entity/search":
get:
description: Retrieves the entities for the given ids. If any Id is invalid,
it is ignored.
operationId: searchEntitiesByIdsWithId
parameters:
- name: ids
in: query
schema:
type: string
description: The entity ids to search for.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/EntitySearchResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
post:
description: Searches entities with the specified criteria and pagination.
operationId: searchEntitiesWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/EntitySearchRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/EntitySearchResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/application/{applicationId}/oauth-configuration":
get:
description: Retrieves the Oauth2 configuration for the application for the
given Application Id.
operationId: retrieveOauthConfigurationWithId
parameters:
- name: applicationId
in: path
schema:
type: string
required: true
description: The Id of the Application to retrieve OAuth configuration.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/OAuthConfigurationResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/connector/{connectorId}":
put:
description: Updates the connector with the given Id.
operationId: updateConnectorWithId
parameters:
- name: connectorId
in: path
schema:
type: string
required: true
description: The Id of the connector to update.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/ConnectorRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ConnectorResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
patch:
description: Updates, via PATCH, the connector with the given Id.
operationId: patchConnectorWithId
parameters:
- name: connectorId
in: path
schema:
type: string
required: true
description: The Id of the connector to update.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/ConnectorRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ConnectorResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
post:
description: Creates a connector. You can optionally specify an Id for the
connector, if not provided one will be generated.
operationId: createConnectorWithId
parameters:
- name: connectorId
in: path
schema:
type: string
required: true
description: The Id for the connector. If not provided a secure random UUID
will be generated.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/ConnectorRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ConnectorResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
delete:
description: Deletes the connector for the given Id.
operationId: deleteConnectorWithId
parameters:
- name: connectorId
in: path
schema:
type: string
required: true
description: The Id of the connector to delete.
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
get:
description: Retrieves the connector with the given Id.
operationId: retrieveConnectorWithId
parameters:
- name: connectorId
in: path
schema:
type: string
required: true
description: The Id of the connector.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ConnectorResponse"
default:
description: Error
"/api/passwordless/send":
post:
description: Send a passwordless authentication code in an email to complete
login.
operationId: sendPasswordlessCodeWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/PasswordlessSendRequest"
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/identity-provider/{identityProviderId}":
patch:
description: Updates, via PATCH, the identity provider with the given Id.
operationId: patchIdentityProviderWithId
parameters:
- name: identityProviderId
in: path
schema:
type: string
required: true
description: The Id of the identity provider to update.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/IdentityProviderRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/IdentityProviderResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
get:
description: Retrieves the identity provider for the given Id or all the identity
providers if the Id is null.
operationId: retrieveIdentityProviderWithId
parameters:
- name: identityProviderId
in: path
schema:
type: string
required: true
description: The identity provider Id.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/IdentityProviderResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
delete:
description: Deletes the identity provider for the given Id.
operationId: deleteIdentityProviderWithId
parameters:
- name: identityProviderId
in: path
schema:
type: string
required: true
description: The Id of the identity provider to delete.
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
put:
description: Updates the identity provider with the given Id.
operationId: updateIdentityProviderWithId
parameters:
- name: identityProviderId
in: path
schema:
type: string
required: true
description: The Id of the identity provider to update.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/IdentityProviderRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/IdentityProviderResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
post:
description: Creates an identity provider. You can optionally specify an Id
for the identity provider, if not provided one will be generated.
operationId: createIdentityProviderWithId
parameters:
- name: identityProviderId
in: path
schema:
type: string
required: true
description: The Id of the identity provider. If not provided a secure random
UUID will be generated.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/IdentityProviderRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/IdentityProviderResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/identity-provider/start":
post:
description: Begins a login request for a 3rd party login that requires user
interaction such as HYPR.
operationId: startIdentityProviderLoginWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/IdentityProviderStartLoginRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/IdentityProviderStartLoginResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/group/member":
delete:
description: Removes users as members of a group.
operationId: deleteGroupMembersWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/MemberDeleteRequest"
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
post:
description: Creates a member in a group.
operationId: createGroupMembersWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/MemberRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/MemberResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
put:
description: Creates a member in a group.
operationId: updateGroupMembersWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/MemberRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/MemberResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/user/two-factor/recovery-code/{userId}":
get:
description: Retrieve two-factor recovery codes for a user.
operationId: retrieveTwoFactorRecoveryCodesWithId
parameters:
- name: userId
in: path
schema:
type: string
required: true
description: The Id of the user to retrieve Two Factor recovery codes.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/TwoFactorRecoveryCodeResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
post:
description: Generate two-factor recovery codes for a user. Generating two-factor
recovery codes will invalidate any existing recovery codes.
operationId: generateTwoFactorRecoveryCodesWithId
parameters:
- name: userId
in: path
schema:
type: string
required: true
description: The Id of the user to generate new Two Factor recovery codes.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/TwoFactorRecoveryCodeResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/user-action":
get:
description: Retrieves all the user actions that are currently inactive. OR
Retrieves the user action for the given Id. If you pass in null for the id,
this will return all the user actions.
operationId: retrieveUserAction
parameters:
- name: inactive
in: query
schema:
type: string
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/UserActionResponse"
default:
description: Error
post:
description: Creates a user action. This action cannot be taken on a user until
this call successfully returns. Anytime after that the user action can be
applied to any user.
operationId: createUserAction
parameters:
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/UserActionRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/UserActionResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/messenger/{messengerId}":
put:
description: Updates the messenger with the given Id.
operationId: updateMessengerWithId
parameters:
- name: messengerId
in: path
schema:
type: string
required: true
description: The Id of the messenger to update.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/MessengerRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/MessengerResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
patch:
description: Updates, via PATCH, the messenger with the given Id.
operationId: patchMessengerWithId
parameters:
- name: messengerId
in: path
schema:
type: string
required: true
description: The Id of the messenger to update.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/MessengerRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/MessengerResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
post:
description: Creates a messenger. You can optionally specify an Id for the
messenger, if not provided one will be generated.
operationId: createMessengerWithId
parameters:
- name: messengerId
in: path
schema:
type: string
required: true
description: The Id for the messenger. If not provided a secure random UUID
will be generated.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/MessengerRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/MessengerResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
get:
description: Retrieves the messenger with the given Id.
operationId: retrieveMessengerWithId
parameters:
- name: messengerId
in: path
schema:
type: string
required: true
description: The Id of the messenger.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/MessengerResponse"
default:
description: Error
delete:
description: Deletes the messenger for the given Id.
operationId: deleteMessengerWithId
parameters:
- name: messengerId
in: path
schema:
type: string
required: true
description: The Id of the messenger to delete.
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/ip-acl":
post:
description: Creates an IP Access Control List. You can optionally specify an
Id on this create request, if one is not provided one will be generated.
operationId: createIPAccessControlList
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/IPAccessControlListRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/IPAccessControlListResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/api-key/{apiKeyId}":
put:
description: Updates an API key by given id
operationId: updateAPIKeyWithId
parameters:
- name: apiKeyId
in: path
schema:
type: string
required: true
description: The Id of the API key to update.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/APIKeyRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/APIKeyResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/consent/{consentId}":
patch:
description: Updates, via PATCH, the consent with the given Id.
operationId: patchConsentWithId
parameters:
- name: consentId
in: path
schema:
type: string
required: true
description: The Id of the consent to update.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/ConsentRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ConsentResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
get:
description: Retrieves the Consent for the given Id.
operationId: retrieveConsentWithId
parameters:
- name: consentId
in: path
schema:
type: string
required: true
description: The Id of the consent.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ConsentResponse"
default:
description: Error
put:
description: Updates the consent with the given Id.
operationId: updateConsentWithId
parameters:
- name: consentId
in: path
schema:
type: string
required: true
description: The Id of the consent to update.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/ConsentRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ConsentResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
delete:
description: Deletes the consent for the given Id.
operationId: deleteConsentWithId
parameters:
- name: consentId
in: path
schema:
type: string
required: true
description: The Id of the consent to delete.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
post:
description: Creates a user consent type. You can optionally specify an Id for
the consent type, if not provided one will be generated.
operationId: createConsentWithId
parameters:
- name: consentId
in: path
schema:
type: string
required: true
description: The Id for the consent. If not provided a secure random UUID
will be generated.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/ConsentRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ConsentResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/report/login":
get:
description: Retrieves the login report between the two instants for a particular
user by login Id. If you specify an application id, it will only return the
login counts for that application. OR Retrieves the login report between the
two instants for a particular user by Id. If you specify an application id,
it will only return the login counts for that application. OR Retrieves the
login report between the two instants. If you specify an application id, it
will only return the login counts for that application.
operationId: retrieveReportLogin
parameters:
- name: applicationId
in: query
schema:
type: string
description: The application id.
- name: loginId
in: query
schema:
type: string
description: The userId id.
- name: start
in: query
schema:
type: string
description: The start instant as UTC milliseconds since Epoch.
- name: end
in: query
schema:
type: string
description: The end instant as UTC milliseconds since Epoch.
- name: userId
in: query
schema:
type: string
description: The userId id.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/LoginReportResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/entity/type/{entityTypeId}/permission/{permissionId}":
post:
description: Creates a new permission for an entity type. You must specify the
Id of the entity type you are creating the permission for. You can optionally
specify an Id for the permission inside the EntityTypePermission object itself,
if not provided one will be generated.
operationId: createEntityTypePermissionWithId
parameters:
- name: entityTypeId
in: path
schema:
type: string
required: true
description: The Id of the entity type to create the permission on.
- name: permissionId
in: path
schema:
type: string
required: true
description: The Id of the permission. If not provided a secure random UUID
will be generated.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/EntityTypeRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/EntityTypeResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
delete:
description: Hard deletes a permission. This is a dangerous operation and should
not be used in most circumstances. This permanently removes the given permission
from all grants that had it.
operationId: deleteEntityTypePermissionWithId
parameters:
- name: entityTypeId
in: path
schema:
type: string
required: true
description: The Id of the entityType the the permission belongs to.
- name: permissionId
in: path
schema:
type: string
required: true
description: The Id of the permission to delete.
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
put:
description: Updates the permission with the given Id for the entity type.
operationId: updateEntityTypePermissionWithId
parameters:
- name: entityTypeId
in: path
schema:
type: string
required: true
description: The Id of the entityType that the permission belongs to.
- name: permissionId
in: path
schema:
type: string
required: true
description: The Id of the permission to update.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/EntityTypeRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/EntityTypeResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/entity/type/{entityTypeId}/permission":
post:
description: Creates a new permission for an entity type. You must specify the
Id of the entity type you are creating the permission for. You can optionally
specify an Id for the permission inside the EntityTypePermission object itself,
if not provided one will be generated.
operationId: createEntityTypePermission
parameters:
- name: entityTypeId
in: path
schema:
type: string
required: true
description: The Id of the entity type to create the permission on.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/EntityTypeRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/EntityTypeResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/ip-acl/{ipAccessControlListId}":
get:
description: Retrieves the IP Access Control List with the given Id.
operationId: retrieveIPAccessControlListWithId
parameters:
- name: ipAccessControlListId
in: path
schema:
type: string
required: true
description: The Id of the IP Access Control List.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/IPAccessControlListResponse"
default:
description: Error
delete:
description: Deletes the IP Access Control List for the given Id.
operationId: deleteIPAccessControlListWithId
parameters:
- name: ipAccessControlListId
in: path
schema:
type: string
required: true
description: The Id of the IP Access Control List to delete.
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/identity-provider/link":
post:
description: Link an external user from a 3rd party identity provider to a FusionAuth
user.
operationId: createUserLinkWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/IdentityProviderLinkRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/IdentityProviderLinkResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
get:
description: Retrieve all Identity Provider users (links) for the user. Specify
the optional identityProviderId to retrieve links for a particular IdP. OR
Retrieve a single Identity Provider user (link).
operationId: retrieveIdentityProviderLink
parameters:
- name: identityProviderId
in: query
schema:
type: string
description: The unique Id of the identity provider. Specify this value to
reduce the links returned to those for a particular IdP.
- name: userId
in: query
schema:
type: string
description: The unique Id of the user.
- name: identityProviderUserId
in: query
schema:
type: string
description: The unique Id of the user in the 3rd party identity provider.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/IdentityProviderLinkResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
delete:
description: Remove an existing link that has been made from a 3rd party identity
provider to a FusionAuth user.
operationId: deleteUserLinkWithId
parameters:
- name: identityProviderId
in: query
schema:
type: string
description: The unique Id of the identity provider.
- name: identityProviderUserId
in: query
schema:
type: string
description: The unique Id of the user in the 3rd party identity provider
to unlink.
- name: userId
in: query
schema:
type: string
description: The unique Id of the FusionAuth user to unlink.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/IdentityProviderLinkResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/user/family/{familyId}":
get:
description: Retrieves all the members of a family by the unique Family Id.
operationId: retrieveFamilyMembersByFamilyIdWithId
parameters:
- name: familyId
in: path
schema:
type: string
required: true
description: The unique Id of the Family.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/FamilyResponse"
default:
description: Error
put:
description: Adds a user to an existing family. The family Id must be specified.
operationId: addUserToFamilyWithId
parameters:
- name: familyId
in: path
schema:
type: string
required: true
description: The Id of the family.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/FamilyRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/FamilyResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
post:
description: Creates a family with the user Id in the request as the owner and
sole member of the family. You can optionally specify an Id for the family,
if not provided one will be generated.
operationId: createFamilyWithId
parameters:
- name: familyId
in: path
schema:
type: string
required: true
description: The Id for the family. If not provided a secure random UUID will
be generated.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/FamilyRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/FamilyResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/email/template":
get:
description: Retrieves the email template for the given Id. If you don't specify
the id, this will return all the email templates.
operationId: retrieveEmailTemplate
parameters:
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/EmailTemplateResponse"
default:
description: Error
post:
description: Creates an email template. You can optionally specify an Id for
the template, if not provided one will be generated.
operationId: createEmailTemplate
parameters:
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/EmailTemplateRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/EmailTemplateResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/oauth2/device/user-code":
get:
description: Retrieve a user_code that is part of an in-progress Device Authorization
Grant. This API is useful if you want to build your own login workflow to
complete a device grant. This request will require an API key. OR Retrieve
a user_code that is part of an in-progress Device Authorization Grant. This
API is useful if you want to build your own login workflow to complete a device
grant.
operationId: retrieveDeviceUserCode
parameters: []
responses:
'200':
description: Success
default:
description: Error
"/api/entity/grant/search":
post:
description: Searches Entity Grants with the specified criteria and pagination.
operationId: searchEntityGrantsWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/EntityGrantSearchRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/EntityGrantSearchResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/integration":
patch:
description: Updates, via PATCH, the available integrations.
operationId: patchIntegrationsWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/IntegrationRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/IntegrationResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
put:
description: Updates the available integrations.
operationId: updateIntegrationsWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/IntegrationRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/IntegrationResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/jwt/reconcile":
post:
description: Reconcile a User to FusionAuth using JWT issued from another Identity
Provider.
operationId: reconcileJWTWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/IdentityProviderLoginRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/LoginResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/oauth2/device/approve":
post:
description: Approve a device grant.
operationId: approveDeviceWithId
parameters: []
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/DeviceApprovalResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/application/search":
post:
description: Searches applications with the specified criteria and pagination.
operationId: searchApplicationsWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/ApplicationSearchRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ApplicationSearchResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/application/{applicationId}":
patch:
description: Updates, via PATCH, the application with the given Id.
operationId: patchApplicationWithId
parameters:
- name: applicationId
in: path
schema:
type: string
required: true
description: The Id of the application to update.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/ApplicationRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ApplicationResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
delete:
description: Hard deletes an application. This is a dangerous operation and
should not be used in most circumstances. This will delete the application,
any registrations for that application, metrics and reports for the application,
all the roles for the application, and any other data associated with the
application. This operation could take a very long time, depending on the
amount of data in your database. OR Deactivates the application with the given
Id.
operationId: deleteApplicationWithId
parameters:
- name: hardDelete
in: query
schema:
type: string
- name: applicationId
in: path
schema:
type: string
required: true
description: The Id of the application to delete.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
put:
description: Reactivates the application with the given Id. OR Updates the application
with the given Id.
operationId: updateApplicationWithId
parameters:
- name: reactivate
in: query
schema:
type: string
- name: applicationId
in: path
schema:
type: string
required: true
description: The Id of the application to reactivate.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ApplicationResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/ApplicationRequest"
get:
description: Retrieves the application for the given Id or all the applications
if the Id is null.
operationId: retrieveApplicationWithId
parameters:
- name: applicationId
in: path
schema:
type: string
required: true
description: The application id.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ApplicationResponse"
default:
description: Error
post:
description: Creates an application. You can optionally specify an Id for the
application, if not provided one will be generated.
operationId: createApplicationWithId
parameters:
- name: applicationId
in: path
schema:
type: string
required: true
description: The Id to use for the application. If not provided a secure random
UUID will be generated.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/ApplicationRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ApplicationResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/theme/search":
post:
description: Searches themes with the specified criteria and pagination.
operationId: searchThemesWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/ThemeSearchRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ThemeSearchResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/user/verify-registration":
put:
description: Generate a new Application Registration Verification Id to be used
with the Verify Registration API. This API will not attempt to send an email
to the User. This API may be used to collect the verificationId for use with
a third party system. OR Re-sends the application registration verification
email to the user.
operationId: updateUserVerifyRegistration
parameters:
- name: email
in: query
schema:
type: string
description: The email address of the user that needs a new verification email.
- name: sendVerifyPasswordEmail
in: query
schema:
type: string
- name: applicationId
in: query
schema:
type: string
description: The Id of the application to be verified.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/VerifyRegistrationResponse"
default:
description: Error
post:
description: Confirms a user's registration. The request body will contain
the verificationId. You may also be required to send a one-time use code based
upon your configuration. When the application is configured to gate a user
until their registration is verified, this procedures requires two values
instead of one. The verificationId is a high entropy value and the one-time
use code is a low entropy value that is easily entered in a user interactive
form. The two values together are able to confirm a user's registration and
mark the user's registration as verified.
operationId: verifyUserRegistrationWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/VerifyRegistrationRequest"
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/jwt/public-key":
get:
description: Retrieves the Public Key configured for verifying JSON Web Tokens
(JWT) by the key Id (kid). OR Retrieves the Public Key configured for verifying
the JSON Web Tokens (JWT) issued by the Login API by the Application Id.
operationId: retrieveJwtPublicKey
parameters:
- name: keyId
in: query
schema:
type: string
description: The Id of the public key (kid).
- name: applicationId
in: query
schema:
type: string
description: The Id of the Application for which this key is used.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/PublicKeyResponse"
default:
description: Error
"/api/message/template/{messageTemplateId}":
get:
description: Retrieves the message template for the given Id. If you don't specify
the id, this will return all the message templates.
operationId: retrieveMessageTemplateWithId
parameters:
- name: messageTemplateId
in: path
schema:
type: string
required: true
description: The Id of the message template.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/MessageTemplateResponse"
default:
description: Error
patch:
description: Updates, via PATCH, the message template with the given Id.
operationId: patchMessageTemplateWithId
parameters:
- name: messageTemplateId
in: path
schema:
type: string
required: true
description: The Id of the message template to update.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/MessageTemplateRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/MessageTemplateResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
put:
description: Updates the message template with the given Id.
operationId: updateMessageTemplateWithId
parameters:
- name: messageTemplateId
in: path
schema:
type: string
required: true
description: The Id of the message template to update.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/MessageTemplateRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/MessageTemplateResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
post:
description: Creates an message template. You can optionally specify an Id for
the template, if not provided one will be generated.
operationId: createMessageTemplateWithId
parameters:
- name: messageTemplateId
in: path
schema:
type: string
required: true
description: The Id for the template. If not provided a secure random UUID
will be generated.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/MessageTemplateRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/MessageTemplateResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
delete:
description: Deletes the message template for the given Id.
operationId: deleteMessageTemplateWithId
parameters:
- name: messageTemplateId
in: path
schema:
type: string
required: true
description: The Id of the message template to delete.
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/message/template":
get:
description: Retrieves the message template for the given Id. If you don't specify
the id, this will return all the message templates.
operationId: retrieveMessageTemplate
parameters: []
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/MessageTemplateResponse"
default:
description: Error
post:
description: Creates an message template. You can optionally specify an Id for
the template, if not provided one will be generated.
operationId: createMessageTemplate
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/MessageTemplateRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/MessageTemplateResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/form/field":
post:
description: Creates a form field. You can optionally specify an Id for the
form, if not provided one will be generated.
operationId: createFormField
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/FormFieldRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/FormFieldResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/application/{applicationId}/role":
post:
description: Creates a new role for an application. You must specify the Id
of the application you are creating the role for. You can optionally specify
an Id for the role inside the ApplicationRole object itself, if not provided
one will be generated.
operationId: createApplicationRole
parameters:
- name: applicationId
in: path
schema:
type: string
required: true
description: The Id of the application to create the role on.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/ApplicationRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ApplicationResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/user/recent-login":
get:
description: Retrieves the last number of login records. OR Retrieves the last
number of login records for a user.
operationId: retrieveUserRecentLogin
parameters:
- name: offset
in: query
schema:
type: string
description: The initial record. e.g. 0 is the last login, 100 will be the
100th most recent login.
- name: limit
in: query
schema:
type: string
description: "(Optional, defaults to 10) The number of records to retrieve."
- name: userId
in: query
schema:
type: string
description: The Id of the user.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/RecentLoginResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/api-key":
post:
description: Creates an API key. You can optionally specify a unique Id for
the key, if not provided one will be generated. an API key can only be created
with equal or lesser authority. An API key cannot create another API key unless
it is granted to that API key. If an API key is locked to a tenant, it can
only create API Keys for that same tenant.
operationId: createAPIKey
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/APIKeyRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/APIKeyResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/webauthn/import":
post:
description: Import a WebAuthn credential
operationId: importWebAuthnCredentialWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/WebAuthnCredentialImportRequest"
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/user/change-password/{changePasswordId}":
post:
description: Changes a user's password using the change password Id. This usually
occurs after an email has been sent to the user and they clicked on a link
to reset their password. As of version 1.32.2, prefer sending the changePasswordId
in the request body. To do this, omit the first parameter, and set the value
in the request body.
operationId: changePasswordWithId
parameters:
- name: changePasswordId
in: path
schema:
type: string
required: true
description: The change password Id used to find the user. This value is generated
by FusionAuth once the change password workflow has been initiated.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/ChangePasswordRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ChangePasswordResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
get:
description: Check to see if the user must obtain a Trust Token Id in order
to complete a change password request. When a user has enabled Two-Factor
authentication, before you are allowed to use the Change Password API to change
your password, you must obtain a Trust Token by completing a Two-Factor Step-Up
authentication. An HTTP status code of 400 with a general error code of [TrustTokenRequired]
indicates that a Trust Token is required to make a POST request to this API.
operationId: checkChangePasswordUsingIdWithId
parameters:
- name: changePasswordId
in: path
schema:
type: string
required: true
description: The change password Id used to find the user. This value is generated
by FusionAuth once the change password workflow has been initiated.
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/system/audit-log/{auditLogId}":
get:
description: Retrieves a single audit log for the given Id.
operationId: retrieveAuditLogWithId
parameters:
- name: auditLogId
in: path
schema:
type: string
required: true
description: The Id of the audit log to retrieve.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/AuditLogResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/form/{formId}":
get:
description: Retrieves the form with the given Id.
operationId: retrieveFormWithId
parameters:
- name: formId
in: path
schema:
type: string
required: true
description: The Id of the form.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/FormResponse"
default:
description: Error
put:
description: Updates the form with the given Id.
operationId: updateFormWithId
parameters:
- name: formId
in: path
schema:
type: string
required: true
description: The Id of the form to update.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/FormRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/FormResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
delete:
description: Deletes the form for the given Id.
operationId: deleteFormWithId
parameters:
- name: formId
in: path
schema:
type: string
required: true
description: The Id of the form to delete.
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
post:
description: Creates a form. You can optionally specify an Id for the form,
if not provided one will be generated.
operationId: createFormWithId
parameters:
- name: formId
in: path
schema:
type: string
required: true
description: The Id for the form. If not provided a secure random UUID will
be generated.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/FormRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/FormResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/two-factor/send/{twoFactorId}":
post:
description: Send a Two Factor authentication code to allow the completion of
Two Factor authentication.
operationId: sendTwoFactorCodeForLoginUsingMethodWithId
parameters:
- name: twoFactorId
in: path
schema:
type: string
required: true
description: The Id returned by the Login API necessary to complete Two Factor
authentication.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/TwoFactorSendRequest"
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/two-factor/secret":
get:
description: Generate a Two Factor secret that can be used to enable Two Factor
authentication for a User. The response will contain both the secret and a
Base32 encoded form of the secret which can be shown to a User when using
a 2 Step Authentication application such as Google Authenticator.
operationId: generateTwoFactorSecretUsingJWTWithId
security:
- BearerAuth: []
parameters: []
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/SecretResponse"
default:
description: Error
"/api/key/search":
post:
description: Searches keys with the specified criteria and pagination.
operationId: searchKeysWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/KeySearchRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/KeySearchResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/identity-provider/login":
post:
description: Handles login via third-parties including Social login, external
OAuth and OpenID Connect, and other login systems.
operationId: identityProviderLoginWithId
parameters:
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/IdentityProviderLoginRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/LoginResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/webauthn/login":
post:
description: Complete a WebAuthn authentication ceremony by validating the signature
against the previously generated challenge and then login the user in
operationId: completeWebAuthnLoginWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/WebAuthnLoginRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/LoginResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/user/family":
post:
description: Creates a family with the user Id in the request as the owner and
sole member of the family. You can optionally specify an Id for the family,
if not provided one will be generated.
operationId: createFamily
parameters:
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/FamilyRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/FamilyResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
get:
description: Retrieves all the families that a user belongs to.
operationId: retrieveFamiliesWithId
parameters:
- name: userId
in: query
schema:
type: string
description: The User's id
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/FamilyResponse"
default:
description: Error
"/api/user/registration/{userId}/{applicationId}":
delete:
description: Deletes the user registration for the given user and application
along with the given JSON body that contains the event information. OR Deletes
the user registration for the given user and application.
operationId: deleteUserRegistrationWithId
parameters:
- name: userId
in: path
schema:
type: string
required: true
description: The Id of the user whose registration is being deleted.
- name: applicationId
in: path
schema:
type: string
required: true
description: The Id of the application to remove the registration for.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/RegistrationDeleteRequest"
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
get:
description: Retrieves the user registration for the user with the given Id
and the given application id.
operationId: retrieveRegistrationWithId
parameters:
- name: userId
in: path
schema:
type: string
required: true
description: The Id of the user.
- name: applicationId
in: path
schema:
type: string
required: true
description: The Id of the application.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/RegistrationResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/user/comment/{userId}":
get:
description: Retrieves all the comments for the user with the given Id.
operationId: retrieveUserCommentsWithId
parameters:
- name: userId
in: path
schema:
type: string
required: true
description: The Id of the user.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/UserCommentResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/report/daily-active-user":
get:
description: Retrieves the daily active user report between the two instants.
If you specify an application id, it will only return the daily active counts
for that application.
operationId: retrieveDailyActiveReportWithId
parameters:
- name: applicationId
in: query
schema:
type: string
description: The application id.
- name: start
in: query
schema:
type: string
description: The start instant as UTC milliseconds since Epoch.
- name: end
in: query
schema:
type: string
description: The end instant as UTC milliseconds since Epoch.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/DailyActiveUserReportResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/login":
post:
description: Authenticates a user to FusionAuth. This API optionally requires
an API key. See Application.loginConfiguration.requireAuthentication
.
operationId: loginWithId
parameters:
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/LoginRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/LoginResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
put:
description: Sends a ping to FusionAuth indicating that the user was automatically
logged into an application. When using FusionAuth's SSO or your own, you should
call this if the user is already logged in centrally, but accesses an application
where they no longer have a session. This helps correctly track login counts,
times and helps with reporting.
operationId: loginPingWithRequestWithId
parameters:
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/LoginPingRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/LoginResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/system/audit-log/search":
post:
description: Searches the audit logs with the specified criteria and pagination.
operationId: searchAuditLogsWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/AuditLogSearchRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/AuditLogSearchResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/user/comment/search":
post:
description: Searches user comments with the specified criteria and pagination.
operationId: searchUserCommentsWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/UserCommentSearchRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/UserCommentSearchResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/user-action-reason":
post:
description: Creates a user reason. This user action reason cannot be used when
actioning a user until this call completes successfully. Anytime after that
the user action reason can be used.
operationId: createUserActionReason
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/UserActionReasonRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/UserActionReasonResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
get:
description: Retrieves the user action reason for the given Id. If you pass
in null for the id, this will return all the user action reasons.
operationId: retrieveUserActionReason
parameters: []
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/UserActionReasonResponse"
default:
description: Error
"/api/system/audit-log":
post:
description: Creates an audit log with the message and user name (usually an
email). Audit logs should be written anytime you make changes to the FusionAuth
database. When using the FusionAuth App web interface, any changes are automatically
written to the audit log. However, if you are accessing the API, you must
write the audit logs yourself.
operationId: createAuditLogWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/AuditLogRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/AuditLogResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/user/registration":
post:
description: Registers a user for an application. If you provide the User and
the UserRegistration object on this request, it will create the user as well
as register them for the application. This is called a Full Registration.
However, if you only provide the UserRegistration object, then the user must
already exist and they will be registered for the application. The user Id
can also be provided and it will either be used to look up an existing user
or it will be used for the newly created User.
operationId: register
parameters:
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/RegistrationRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/RegistrationResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/system-configuration":
patch:
description: Updates, via PATCH, the system configuration.
operationId: patchSystemConfigurationWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/SystemConfigurationRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/SystemConfigurationResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
put:
description: Updates the system configuration.
operationId: updateSystemConfigurationWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/SystemConfigurationRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/SystemConfigurationResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/reactor":
post:
description: Activates the FusionAuth Reactor using a license Id and optionally
a license text (for air-gapped deployments)
operationId: activateReactorWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/ReactorRequest"
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/connector":
post:
description: Creates a connector. You can optionally specify an Id for the
connector, if not provided one will be generated.
operationId: createConnector
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/ConnectorRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ConnectorResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/lambda":
get:
description: Retrieves all the lambdas for the provided type.
operationId: retrieveLambdasByTypeWithId
parameters:
- name: type
in: query
schema:
type: string
description: The type of the lambda to return.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/LambdaResponse"
default:
description: Error
post:
description: Creates a Lambda. You can optionally specify an Id for the lambda,
if not provided one will be generated.
operationId: createLambda
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/LambdaRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/LambdaResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/passwordless/start":
post:
description: Start a passwordless login request by generating a passwordless
code. This code can be sent to the User using the Send Passwordless Code API
or using a mechanism outside of FusionAuth. The passwordless login is completed
by using the Passwordless Login API with this code.
operationId: startPasswordlessLoginWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/PasswordlessStartRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/PasswordlessStartResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/two-factor/send":
post:
description: Send a Two Factor authentication code to assist in setting up Two
Factor authentication or disabling.
operationId: sendTwoFactorCodeForEnableDisableWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/TwoFactorSendRequest"
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/ip-acl/search":
post:
description: Searches the IP Access Control Lists with the specified criteria
and pagination.
operationId: searchIPAccessControlListsWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/IPAccessControlListSearchRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/IPAccessControlListSearchResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/messenger":
post:
description: Creates a messenger. You can optionally specify an Id for the
messenger, if not provided one will be generated.
operationId: createMessenger
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/MessengerRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/MessengerResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/user/import":
post:
description: Bulk imports users. This request performs minimal validation and
runs batch inserts of users with the expectation that each user does not yet
exist and each registration corresponds to an existing FusionAuth Application.
This is done to increases the insert performance. Therefore, if you encounter
an error due to a database key violation, the response will likely offer a
generic explanation. If you encounter an error, you may optionally enable
additional validation to receive a JSON response body with specific validation
errors. This will slow the request down but will allow you to identify the
cause of the failure. See the validateDbConstraints request parameter.
operationId: importUsersWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/ImportRequest"
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/entity/type/search":
post:
description: Searches the entity types with the specified criteria and pagination.
operationId: searchEntityTypesWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/EntityTypeSearchRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/EntityTypeSearchResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/email/send/{emailTemplateId}":
post:
description: Send an email using an email template id. You can optionally provide
requestData
to access key value pairs in the email template.
operationId: sendEmailWithId
parameters:
- name: emailTemplateId
in: path
schema:
type: string
required: true
description: The Id for the template.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/SendRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/SendResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/key/generate/{keyId}":
post:
description: Generate a new RSA or EC key pair or an HMAC secret.
operationId: generateKeyWithId
parameters:
- name: keyId
in: path
schema:
type: string
required: true
description: The Id for the key. If not provided a secure random UUID will
be generated.
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/KeyRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/KeyResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/key/generate":
post:
description: Generate a new RSA or EC key pair or an HMAC secret.
operationId: generateKey
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/KeyRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/KeyResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/report/monthly-active-user":
get:
description: Retrieves the monthly active user report between the two instants.
If you specify an application id, it will only return the monthly active counts
for that application.
operationId: retrieveMonthlyActiveReportWithId
parameters:
- name: applicationId
in: query
schema:
type: string
description: The application id.
- name: start
in: query
schema:
type: string
description: The start instant as UTC milliseconds since Epoch.
- name: end
in: query
schema:
type: string
description: The end instant as UTC milliseconds since Epoch.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/MonthlyActiveUserReportResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/entity/{entityId}/grant":
delete:
description: Deletes an Entity Grant for the given User or Entity.
operationId: deleteEntityGrantWithId
parameters:
- name: recipientEntityId
in: query
schema:
type: string
description: The Id of the Entity that the Entity Grant is for.
- name: userId
in: query
schema:
type: string
description: The Id of the User that the Entity Grant is for.
- name: entityId
in: path
schema:
type: string
required: true
description: The Id of the Entity that the Entity Grant is being deleted for.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
post:
description: Creates or updates an Entity Grant. This is when a User/Entity
is granted permissions to an Entity.
operationId: upsertEntityGrantWithId
parameters:
- name: entityId
in: path
schema:
type: string
required: true
description: The Id of the Entity that the User/Entity is being granted access
to.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/EntityGrantRequest"
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
get:
description: Retrieves an Entity Grant for the given Entity and User/Entity.
operationId: retrieveEntityGrantWithId
parameters:
- name: recipientEntityId
in: query
schema:
type: string
description: The Id of the Entity that the Entity Grant is for.
- name: userId
in: query
schema:
type: string
description: The Id of the User that the Entity Grant is for.
- name: entityId
in: path
schema:
type: string
required: true
description: The Id of the Entity.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/EntityGrantResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/application/{applicationId}/scope":
post:
description: Creates a new custom OAuth scope for an application. You must specify
the Id of the application you are creating the scope for. You can optionally
specify an Id for the OAuth scope on the URL, if not provided one will be
generated.
operationId: createOAuthScope
parameters:
- name: applicationId
in: path
schema:
type: string
required: true
description: The Id of the application to create the OAuth scope on.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/ApplicationOAuthScopeRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ApplicationOAuthScopeResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/application":
get:
description: Retrieves all the applications that are currently inactive. OR
Retrieves the application for the given Id or all the applications if the
Id is null.
operationId: retrieveApplication
parameters:
- name: inactive
in: query
schema:
type: string
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ApplicationResponse"
default:
description: Error
post:
description: Creates an application. You can optionally specify an Id for the
application, if not provided one will be generated.
operationId: createApplication
parameters:
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/ApplicationRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ApplicationResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/identity-provider":
post:
description: Creates an identity provider. You can optionally specify an Id
for the identity provider, if not provided one will be generated.
operationId: createIdentityProvider
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/IdentityProviderRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/IdentityProviderResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
get:
description: Retrieves one or more identity provider for the given type. For
types such as Google, Facebook, Twitter and LinkedIn, only a single identity
provider can exist. For types such as OpenID Connect and SAMLv2 more than
one identity provider can be configured so this request may return multiple
identity providers.
operationId: retrieveIdentityProviderByTypeWithId
parameters:
- name: type
in: query
schema:
type: string
description: The type of the identity provider.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/IdentityProviderResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/two-factor/status/{twoFactorTrustId}":
get:
description: Retrieve a user's two-factor status. This can be used to see if
a user will need to complete a two-factor challenge to complete a login, and
optionally identify the state of the two-factor trust across various applications.
operationId: retrieveTwoFactorStatusWithId
parameters:
- name: userId
in: query
schema:
type: string
description: The user Id to retrieve the Two-Factor status.
- name: applicationId
in: query
schema:
type: string
description: The optional applicationId to verify.
- name: twoFactorTrustId
in: path
schema:
type: string
required: true
description: The optional two-factor trust Id to verify.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/TwoFactorStatusResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/user/comment":
post:
description: Adds a comment to the user's account.
operationId: commentOnUserWithId
parameters:
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/UserCommentRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/UserCommentResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/webhook/search":
post:
description: Searches webhooks with the specified criteria and pagination.
operationId: searchWebhooksWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/WebhookSearchRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/WebhookSearchResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/webauthn/assert":
post:
description: Complete a WebAuthn authentication ceremony by validating the signature
against the previously generated challenge without logging the user in
operationId: completeWebAuthnAssertionWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/WebAuthnLoginRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/WebAuthnAssertResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/identity-provider/lookup":
get:
description: Retrieves the identity provider for the given domain. A 200 response
code indicates the domain is managed by a registered identity provider. A
404 indicates the domain is not managed.
operationId: lookupIdentityProviderWithId
parameters:
- name: domain
in: query
schema:
type: string
description: The domain or email address to lookup.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/LookupResponse"
default:
description: Error
"/api/user/family/pending":
get:
description: Retrieves all the children for the given parent email address.
operationId: retrievePendingChildrenWithId
parameters:
- name: parentEmail
in: query
schema:
type: string
description: The email of the parent.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/PendingResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/email/template/preview":
post:
description: Creates a preview of the email template provided in the request.
This allows you to preview an email template that hasn't been saved to the
database yet. The entire email template does not need to be provided on the
request. This will create the preview based on whatever is given.
operationId: retrieveEmailTemplatePreviewWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/PreviewRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/PreviewResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/webauthn":
get:
description: Retrieves all WebAuthn credentials for the given user.
operationId: retrieveWebAuthnCredentialsForUserWithId
parameters:
- name: userId
in: query
schema:
type: string
description: The user's ID.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/WebAuthnCredentialResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/message/template/preview":
post:
description: Creates a preview of the message template provided in the request,
normalized to a given locale.
operationId: retrieveMessageTemplatePreviewWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/PreviewMessageTemplateRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/PreviewMessageTemplateResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/jwt/validate":
get:
description: Validates the provided JWT (encoded JWT string) to ensure the token
is valid. A valid access token is properly signed and not expired. This
API may be used to verify the JWT as well as decode the encoded JWT into human
readable identity claims.
operationId: validateJWTWithId
security:
- BearerAuth: []
parameters: []
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ValidateResponse"
default:
description: Error
"/api/two-factor/login":
post:
description: Complete login using a 2FA challenge
operationId: twoFactorLoginWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/TwoFactorLoginRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/LoginResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/user/forgot-password":
post:
description: Begins the forgot password sequence, which kicks off an email to
the user so that they can reset their password.
operationId: forgotPasswordWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/ForgotPasswordRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ForgotPasswordResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/form":
post:
description: Creates a form. You can optionally specify an Id for the form,
if not provided one will be generated.
operationId: createForm
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/FormRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/FormResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/oauth2/userinfo":
get:
description: Call the UserInfo endpoint to retrieve User Claims from the access
token issued by FusionAuth.
operationId: retrieveUserInfoFromAccessTokenWithId
security:
- BearerAuth: []
parameters: []
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/UserinfoResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/OAuthError"
"/api/system/event-log/search":
post:
description: Searches the event logs with the specified criteria and pagination.
operationId: searchEventLogsWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/EventLogSearchRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/EventLogSearchResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/user/refresh-token/import":
post:
description: Bulk imports refresh tokens. This request performs minimal validation
and runs batch inserts of refresh tokens with the expectation that each token
represents a user that already exists and is registered for the corresponding
FusionAuth Application. This is done to increases the insert performance. Therefore,
if you encounter an error due to a database key violation, the response will
likely offer a generic explanation. If you encounter an error, you may optionally
enable additional validation to receive a JSON response body with specific
validation errors. This will slow the request down but will allow you to identify
the cause of the failure. See the validateDbConstraints request parameter.
operationId: importRefreshTokensWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/RefreshTokenImportRequest"
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/system/webhook-attempt-log/{webhookAttemptLogId}":
get:
description: Retrieves a single webhook attempt log for the given Id.
operationId: retrieveWebhookAttemptLogWithId
parameters:
- name: webhookAttemptLogId
in: path
schema:
type: string
required: true
description: The Id of the webhook attempt log to retrieve.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/WebhookAttemptLogResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/system/reindex":
post:
description: Requests Elasticsearch to delete and rebuild the index for FusionAuth
users or entities. Be very careful when running this request as it will increase
the CPU and I/O load on your database until the operation completes. Generally
speaking you do not ever need to run this operation unless instructed by
FusionAuth support, or if you are migrating a database another system and
you are not brining along the Elasticsearch index. You have been warned.
operationId: reindexWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/ReindexRequest"
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/jwt/vend":
post:
description: It's a JWT vending machine! Issue a new access token (JWT) with
the provided claims in the request. This JWT is not scoped to a tenant or
user, it is a free form token that will contain what claims you provide.
The iat, exp and jti claims will be added by FusionAuth, all other claims
must be provided by the caller. If a TTL is not provided in the request,
the TTL will be retrieved from the default Tenant or the Tenant specified
on the request either by way of the X-FusionAuth-TenantId request header,
or a tenant scoped API key.
operationId: vendJWTWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/JWTVendRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/JWTVendResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/consent":
post:
description: Creates a user consent type. You can optionally specify an Id for
the consent type, if not provided one will be generated.
operationId: createConsent
parameters:
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/ConsentRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ConsentResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/identity-provider/search":
post:
description: Searches identity providers with the specified criteria and pagination.
operationId: searchIdentityProvidersWithId
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/IdentityProviderSearchRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/IdentityProviderSearchResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/system/webhook-event-log/{webhookEventLogId}":
get:
description: Retrieves a single webhook event log for the given Id.
operationId: retrieveWebhookEventLogWithId
parameters:
- name: webhookEventLogId
in: path
schema:
type: string
required: true
description: The Id of the webhook event log to retrieve.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/WebhookEventLogResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/entity/type":
post:
description: Creates a Entity Type. You can optionally specify an Id for the
Entity Type, if not provided one will be generated.
operationId: createEntityType
parameters: []
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/EntityTypeRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/EntityTypeResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/group":
post:
description: Creates a group. You can optionally specify an Id for the group,
if not provided one will be generated.
operationId: createGroup
parameters:
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/GroupRequest"
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/GroupResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/identity-provider/link/pending/{pendingLinkId}":
get:
description: Retrieve a pending identity provider link. This is useful to validate
a pending link and retrieve meta-data about the identity provider link.
operationId: retrievePendingLinkWithId
parameters:
- name: userId
in: query
schema:
type: string
description: The optional userId. When provided additional meta-data will
be provided to identify how many links if any the user already has.
- name: pendingLinkId
in: path
schema:
type: string
required: true
description: The pending link Id.
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/IdentityProviderPendingLinkResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/oauth2/device/validate":
get:
description: Validates the end-user provided user_code from the user-interaction
of the Device Authorization Grant. If you build your own activation form you
should validate the user provided code prior to beginning the Authorization
grant.
operationId: validateDeviceWithId
parameters:
- name: user_code
in: query
schema:
type: string
description: The end-user verification code.
- name: client_id
in: query
schema:
type: string
description: The client id.
responses:
'200':
description: Success
default:
description: Error
"/api/user/family/{familyId}/{userId}":
delete:
description: Removes a user from the family with the given id.
operationId: removeUserFromFamilyWithId
parameters:
- name: familyId
in: path
schema:
type: string
required: true
description: The Id of the family to remove the user from.
- name: userId
in: path
schema:
type: string
required: true
description: The Id of the user to remove from the family.
- in: header
name: X-FusionAuth-TenantId
description: The unique Id of the tenant used to scope this API request. Only
required when there is more than one tenant and the API key is not tenant-scoped.
required: false
schema:
type: string
format: UUID
responses:
'200':
description: Success
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/system/version":
get:
description: Retrieves the FusionAuth version string.
operationId: retrieveVersionWithId
parameters: []
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/VersionResponse"
default:
description: Error
content:
application/json:
schema:
"$ref": "#/components/schemas/Errors"
"/api/key":
get:
description: Retrieves all the keys.
operationId: retrieveKeysWithId
parameters: []
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/KeyResponse"
default:
description: Error
"/api/status":
get:
description: Retrieves the FusionAuth system status. This request is anonymous
and does not require an API key. When an API key is not provided the response
will contain a single value in the JSON response indicating the current health
check. OR Retrieves the FusionAuth system status using an API key. Using an
API key will cause the response to include the product version, health checks
and various runtime metrics.
operationId: retrieveStatus
parameters: []
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/StatusResponse"
default:
description: Error
"/api/report/totals":
get:
description: Retrieves the totals report. This contains all the total counts
for each application and the global registration count.
operationId: retrieveTotalReportWithId
parameters: []
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/TotalsReportResponse"
default:
description: Error
"/.well-known/openid-configuration":
get:
description: Returns the well known OpenID Configuration JSON document
operationId: retrieveOpenIdConfigurationWithId
parameters: []
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/OpenIdConfiguration"
default:
description: Error
"/.well-known/jwks.json":
get:
description: Returns public keys used by FusionAuth to cryptographically verify
JWTs using the JSON Web Key format.
operationId: retrieveJsonWebKeySetWithId
parameters: []
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/JWKSResponse"
default:
description: Error
"/api/health":
get:
description: Retrieves the FusionAuth system health. This API will return 200
if the system is healthy, and 500 if the system is un-healthy.
operationId: retrieveSystemHealthWithId
parameters: []
responses:
'200':
description: Success
default:
description: Error
"/api/tenant/password-validation-rules":
get:
description: Retrieves the password validation rules for a specific tenant.
This method requires a tenantId to be provided through the use of a Tenant
scoped API key or an HTTP header X-FusionAuth-TenantId to specify the Tenant
Id. This API does not require an API key.
operationId: retrievePasswordValidationRulesWithId
parameters: []
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/PasswordValidationRulesResponse"
default:
description: Error
"/api/reactor/metrics":
get:
description: Retrieves the FusionAuth Reactor metrics.
operationId: retrieveReactorMetricsWithId
parameters: []
responses:
'200':
description: Success
content:
application/json:
schema:
"$ref": "#/components/schemas/ReactorMetricsResponse"
default:
description: Error