openapi: 3.1.0 info: title: Auth0 Management API description: Auth0 Management API v2. termsOfService: https://auth0.com/web-terms/ contact: name: Auth0 Support url: https://support.auth0.com version: '2.0' servers: - url: https://{tenantDomain}/api/v2 variables: tenantDomain: default: '{TENANT}.auth0.com' description: Auth0 Tenant Domain security: - bearerAuth: [] externalDocs: description: Auth0 Management API Documentation url: https://auth0.com/docs/api/management/v2/ paths: /actions/actions: get: summary: Get Actions description: 'Retrieve all actions. ' tags: - actions parameters: - name: triggerId in: query description: An actions extensibility point. schema: $ref: '#/components/schemas/ActionTriggerTypeEnum' - name: actionName in: query description: The name of the action to retrieve. schema: type: string - name: deployed in: query description: Optional filter to only retrieve actions that are deployed. schema: type: boolean - name: page in: query description: Use this field to request a specific page of the list results. schema: type: integer - name: per_page in: query description: The maximum number of results to be returned by the server in single response. 20 by default schema: type: integer - name: installed in: query description: Optional. When true, return only installed actions. When false, return only custom actions. Returns all actions by default. schema: type: boolean responses: '200': description: The actions were retrieved. content: application/json: schema: $ref: '#/components/schemas/ListActionsPaginatedResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope, expected: read:actions.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_actions x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListActionsRequestParameters x-operation-group: actions security: - bearerAuth: [] - oAuth2ClientCredentials: - read:actions post: summary: Create an Action description: 'Create an action. Once an action is created, it must be deployed, and then bound to a trigger before it will be executed as part of a flow. ' tags: - actions requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateActionRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateActionRequestContent' responses: '201': description: Action successfully created. content: application/json: schema: $ref: '#/components/schemas/CreateActionResponseContent' '400': description: Invalid Request Body. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope, expected: create:actions.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_action x-release-lifecycle: GA x-operation-name: create x-operation-group: actions security: - bearerAuth: [] - oAuth2ClientCredentials: - create:actions /actions/actions/{actionId}/versions: get: summary: Get an Action's Versions description: 'Retrieve all of an action''s versions. An action version is created whenever an action is deployed. An action version is immutable, once created. ' tags: - actions parameters: - name: actionId in: path description: The ID of the action. required: true schema: type: string - name: page in: query description: Use this field to request a specific page of the list results. schema: type: integer - name: per_page in: query description: This field specify the maximum number of results to be returned by the server. 20 by default schema: type: integer responses: '200': description: The action versions were retrieved. content: application/json: schema: $ref: '#/components/schemas/ListActionVersionsPaginatedResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope, expected: read:actions.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_action_versions x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListActionVersionsRequestParameters x-operation-group: - actions - versions security: - bearerAuth: [] - oAuth2ClientCredentials: - read:actions /actions/actions/{actionId}/versions/{id}: get: summary: Get a Specific Version of an Action description: 'Retrieve a specific version of an action. An action version is created whenever an action is deployed. An action version is immutable, once created. ' tags: - actions parameters: - name: actionId in: path description: The ID of the action. required: true schema: type: string - name: id in: path description: The ID of the action version. required: true schema: type: string responses: '200': description: The action version was retrieved. content: application/json: schema: $ref: '#/components/schemas/GetActionVersionResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope, expected: read:actions.' '404': description: The action version does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_action_version x-release-lifecycle: GA x-operation-name: get x-operation-group: - actions - versions security: - bearerAuth: [] - oAuth2ClientCredentials: - read:actions /actions/actions/{actionId}/versions/{id}/deploy: post: summary: Roll Back to a Previous Action Version description: 'Performs the equivalent of a roll-back of an action to an earlier, specified version. Creates a new, deployed action version that is identical to the specified version. If this action is currently bound to a trigger, the system will begin executing the newly-created version immediately. ' tags: - actions parameters: - name: id in: path description: The ID of an action version. required: true schema: type: string - name: actionId in: path description: The ID of an action. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/DeployActionVersionRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/DeployActionVersionRequestContent' responses: '202': description: Request to create action version was accepted. content: application/json: schema: $ref: '#/components/schemas/DeployActionVersionResponseContent' '400': description: Invalid Request Body. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope, expected: create:actions.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_deploy_draft_version x-release-lifecycle: GA x-operation-name: deploy x-operation-group: - actions - versions security: - bearerAuth: [] - oAuth2ClientCredentials: - create:actions /actions/actions/{id}: get: summary: Get an Action description: 'Retrieve an action by its ID. ' tags: - actions parameters: - name: id in: path description: The ID of the action to retrieve. required: true schema: type: string responses: '200': description: The action was retrieved. content: application/json: schema: $ref: '#/components/schemas/GetActionResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope, expected: read:actions.' '404': description: The action does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_action x-release-lifecycle: GA x-operation-name: get x-operation-group: actions security: - bearerAuth: [] - oAuth2ClientCredentials: - read:actions delete: summary: Delete an Action description: 'Deletes an action and all of its associated versions. An action must be unbound from all triggers before it can be deleted. ' tags: - actions parameters: - name: id in: path description: The ID of the action to delete. required: true schema: type: string - name: force in: query description: Force action deletion detaching bindings schema: type: boolean responses: '204': description: Action successfully deleted. '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope, expected: delete:actions.' '404': description: The action version does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_action x-release-lifecycle: GA x-operation-name: delete x-operation-request-parameters-name: DeleteActionRequestParameters x-operation-group: actions security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:actions patch: summary: Update an Action description: 'Update an existing action. If this action is currently bound to a trigger, updating it will not affect any user flows until the action is deployed. ' tags: - actions parameters: - name: id in: path description: The id of the action to update. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateActionRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateActionRequestContent' responses: '200': description: Action successfully updated. content: application/json: schema: $ref: '#/components/schemas/UpdateActionResponseContent' '400': description: Invalid Request Body. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope, expected: update:actions.' '404': description: Action not found and cannot be updated. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_action x-release-lifecycle: GA x-operation-name: update x-operation-group: actions security: - bearerAuth: [] - oAuth2ClientCredentials: - update:actions /actions/actions/{id}/deploy: post: summary: Deploy an Action description: 'Deploy an action. Deploying an action will create a new immutable version of the action. If the action is currently bound to a trigger, then the system will begin executing the newly deployed version of the action immediately. Otherwise, the action will only be executed as a part of a flow once it is bound to that flow. ' tags: - actions parameters: - name: id in: path description: The ID of an action. required: true schema: type: string responses: '202': description: Request to create action version was accepted. content: application/json: schema: $ref: '#/components/schemas/DeployActionResponseContent' '400': description: Invalid Request Body. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope, expected: create:actions.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_deploy_action x-release-lifecycle: GA x-operation-name: deploy x-operation-group: actions security: - bearerAuth: [] - oAuth2ClientCredentials: - create:actions /actions/actions/{id}/test: post: summary: Test an Action description: 'Test an action. After updating an action, it can be tested prior to being deployed to ensure it behaves as expected. ' tags: - actions parameters: - name: id in: path description: The id of the action to test. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/TestActionRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/TestActionRequestContent' responses: '200': description: Test action version successfully created. content: application/json: schema: $ref: '#/components/schemas/TestActionResponseContent' '400': description: Invalid Request Body. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope, expected: create:actions.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_test_action x-release-lifecycle: GA x-operation-name: test x-operation-group: actions security: - bearerAuth: [] - oAuth2ClientCredentials: - create:actions /actions/executions/{id}: get: summary: Get an Execution description: 'Retrieve information about a specific execution of a trigger. Relevant execution IDs will be included in tenant logs generated as part of that authentication flow. Executions will only be stored for 10 days after their creation. ' tags: - actions parameters: - name: id in: path description: The ID of the execution to retrieve. required: true schema: type: string responses: '200': description: The execution was retrieved. content: application/json: schema: $ref: '#/components/schemas/GetActionExecutionResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope, expected: read:actions.' '404': description: The execution does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_execution x-release-lifecycle: GA x-operation-name: get x-operation-group: - actions - executions security: - bearerAuth: [] - oAuth2ClientCredentials: - read:actions /actions/modules: get: summary: List Actions Modules description: Retrieve a paginated list of all Actions Modules with optional filtering and totals. tags: - actions parameters: - name: page in: query description: Page index of the results to return. First page is 0. schema: type: integer - name: per_page in: query description: Number of results per page. Paging is disabled if parameter not sent. schema: type: integer responses: '200': description: The action modules were retrieved. content: application/json: schema: $ref: '#/components/schemas/GetActionModulesResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope, expected: read:actions.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_action_modules x-release-lifecycle: EA x-operation-name: list x-operation-request-parameters-name: GetActionModulesRequestParameters x-operation-group: - actions - modules security: - bearerAuth: [] - oAuth2ClientCredentials: - read:actions post: summary: Create a New Actions Module description: Create a new Actions Module for reusable code across actions. tags: - actions requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateActionModuleRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateActionModuleRequestContent' responses: '201': description: The action module was created. content: application/json: schema: $ref: '#/components/schemas/CreateActionModuleResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope, expected: create:actions.' '409': description: An action module with the same name already exists. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_action_module x-release-lifecycle: EA x-operation-name: create x-operation-group: - actions - modules security: - bearerAuth: [] - oAuth2ClientCredentials: - create:actions /actions/modules/{id}: get: summary: Get a Specific Actions Module by ID description: Retrieve details of a specific Actions Module by its unique identifier. tags: - actions parameters: - name: id in: path description: The ID of the action module to retrieve. required: true schema: type: string responses: '200': description: The action module was retrieved. content: application/json: schema: $ref: '#/components/schemas/GetActionModuleResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope, expected: read:actions.' '404': description: The action module does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_action_module x-release-lifecycle: EA x-operation-name: get x-operation-group: - actions - modules security: - bearerAuth: [] - oAuth2ClientCredentials: - read:actions delete: summary: Delete a Specific Actions Module by ID description: Permanently delete an Actions Module. This will fail if the module is still in use by any actions. tags: - actions parameters: - name: id in: path description: The ID of the Actions Module to delete. required: true schema: type: string responses: '204': description: The Actions Module was deleted. '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope, expected: delete:actions.' '404': description: The Actions Module does not exist. '412': description: The Actions Module cannot be deleted because it is in use by one or more actions. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_action_module x-release-lifecycle: EA x-operation-name: delete x-operation-group: - actions - modules security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:actions patch: summary: Update a Specific Actions Module description: Update properties of an existing Actions Module, such as code, dependencies, or secrets. tags: - actions parameters: - name: id in: path description: The ID of the action module to update. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateActionModuleRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateActionModuleRequestContent' responses: '200': description: The action module was updated. content: application/json: schema: $ref: '#/components/schemas/UpdateActionModuleResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope, expected: update:actions.' '404': description: The action module does not exist. '409': description: An action module with the same name already exists. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_action_module x-release-lifecycle: EA x-operation-name: update x-operation-group: - actions - modules security: - bearerAuth: [] - oAuth2ClientCredentials: - update:actions /actions/modules/{id}/actions: get: summary: List All Actions Using an Actions Module description: Lists all actions that are using a specific Actions Module, showing which deployed action versions reference this Actions Module. tags: - actions parameters: - name: id in: path description: The unique ID of the module. required: true schema: type: string - name: page in: query description: Page index of the results to return. First page is 0. schema: type: integer - name: per_page in: query description: Number of results per page. schema: type: integer responses: '200': description: The actions were retrieved. content: application/json: schema: $ref: '#/components/schemas/GetActionModuleActionsResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope, expected: read:actions.' '404': description: No module exists with the specified ID. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_action_module_actions x-release-lifecycle: EA x-operation-name: listActions x-operation-request-parameters-name: GetActionModuleActionsRequestParameters x-operation-group: - actions - modules security: - bearerAuth: [] - oAuth2ClientCredentials: - read:actions /actions/modules/{id}/rollback: post: summary: Rollback an Actions Module to a Previous Version description: Rolls back an Actions Module's draft to a previously created version. This action copies the code, dependencies, and secrets from the specified version into the current draft. tags: - actions parameters: - name: id in: path description: The unique ID of the module to roll back. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/RollbackActionModuleRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/RollbackActionModuleRequestContent' responses: '200': description: The rollback was successful. content: application/json: schema: $ref: '#/components/schemas/RollbackActionModuleResponseContent' '400': description: Invalid request URI or body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope, expected: update:actions.' '404': description: The module or version does not exist. '409': description: The specified version is already the current draft version. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_action_module_rollback x-release-lifecycle: EA x-operation-name: rollback x-operation-request-parameters-name: RollbackActionModuleRequestParameters x-operation-group: - actions - modules security: - bearerAuth: [] - oAuth2ClientCredentials: - update:actions /actions/modules/{id}/versions: get: summary: List All Versions of an Actions Module description: List all published versions of a specific Actions Module. tags: - actions parameters: - name: id in: path description: The unique ID of the module. required: true schema: type: string - name: page in: query description: Use this field to request a specific page of the list results. schema: type: integer - name: per_page in: query description: The maximum number of results to be returned by the server in a single response. 20 by default. schema: type: integer responses: '200': description: The module versions were retrieved. content: application/json: schema: $ref: '#/components/schemas/GetActionModuleVersionsResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope, expected: read:actions.' '404': description: No module exists with the specified ID. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_action_module_versions x-release-lifecycle: EA x-operation-name: list x-operation-request-parameters-name: GetActionModuleVersionsRequestParameters x-operation-group: - actions - modules - versions security: - bearerAuth: [] - oAuth2ClientCredentials: - read:actions post: summary: Create a New Version of an Actions Module description: Creates a new immutable version of an Actions Module from the current draft version. This publishes the draft as a new version that can be referenced by actions, while maintaining the existing draft for continued development. tags: - actions parameters: - name: id in: path description: The ID of the action module to create a version for. required: true schema: type: string responses: '200': description: The action module version was created. content: application/json: schema: $ref: '#/components/schemas/CreateActionModuleVersionResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope, expected: update:actions.' '404': description: The action module does not exist. '409': description: No draft version is available to publish. '412': description: Maximum number of module versions reached. Consolidate versions used in actions before creating new ones. operationId: post_action_module_version x-release-lifecycle: EA x-operation-name: create x-operation-group: - actions - modules - versions security: - bearerAuth: [] - oAuth2ClientCredentials: - update:actions /actions/modules/{id}/versions/{versionId}: get: summary: Get a Specific Version of an Actions Module description: Retrieve the details of a specific, immutable version of an Actions Module. tags: - actions parameters: - name: id in: path description: The unique ID of the module. required: true schema: type: string - name: versionId in: path description: The unique ID of the module version to retrieve. required: true schema: type: string responses: '200': description: The module version was retrieved. content: application/json: schema: $ref: '#/components/schemas/GetActionModuleVersionResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope, expected: read:actions.' '404': description: The module or version does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_action_module_version x-release-lifecycle: EA x-operation-name: get x-operation-group: - actions - modules - versions security: - bearerAuth: [] - oAuth2ClientCredentials: - read:actions /actions/triggers: get: summary: Get Triggers description: 'Retrieve the set of triggers currently available within actions. A trigger is an extensibility point to which actions can be bound. ' tags: - actions responses: '200': description: The triggers were retrieved. content: application/json: schema: $ref: '#/components/schemas/ListActionTriggersResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope, expected: read:actions.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_triggers x-release-lifecycle: GA x-operation-name: list x-operation-group: - actions - triggers security: - bearerAuth: [] - oAuth2ClientCredentials: - read:actions /actions/triggers/{triggerId}/bindings: get: summary: Get Trigger Bindings description: 'Retrieve the actions that are bound to a trigger. Once an action is created and deployed, it must be attached (i.e. bound) to a trigger so that it will be executed as part of a flow. The list of actions returned reflects the order in which they will be executed during the appropriate flow. ' tags: - actions parameters: - name: triggerId in: path description: An actions extensibility point. required: true schema: $ref: '#/components/schemas/ActionTriggerTypeEnum' - name: page in: query description: Use this field to request a specific page of the list results. schema: type: integer - name: per_page in: query description: The maximum number of results to be returned in a single request. 20 by default schema: type: integer responses: '200': description: The bindings were retrieved. content: application/json: schema: $ref: '#/components/schemas/ListActionBindingsPaginatedResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope, expected: read:actions.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_bindings x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListActionTriggerBindingsRequestParameters x-operation-group: - actions - triggers - bindings security: - bearerAuth: [] - oAuth2ClientCredentials: - read:actions patch: summary: Update Trigger Bindings description: Update the actions that are bound (i.e. attached) to a trigger. Once an action is created and deployed, it must be attached (i.e. bound) to a trigger so that it will be executed as part of a flow. The order in which the actions are provided will determine the order in which they are executed. tags: - actions parameters: - name: triggerId in: path description: An actions extensibility point. required: true schema: $ref: '#/components/schemas/ActionTriggerTypeEnum' requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateActionBindingsRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateActionBindingsRequestContent' responses: '200': description: The bindings were updated. content: application/json: schema: $ref: '#/components/schemas/UpdateActionBindingsResponseContent' '400': description: Invalid Request Body. x-description-1: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope, expected: update:actions.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_bindings x-release-lifecycle: GA x-operation-name: updateMany x-operation-group: - actions - triggers - bindings security: - bearerAuth: [] - oAuth2ClientCredentials: - update:actions /anomaly/blocks/ips/{id}: get: summary: Check If an IP Address Is Blocked description: Check if the given IP address is blocked via the Suspicious IP Throttling due to multiple suspicious attempts. tags: - anomaly parameters: - name: id in: path description: IP address to check. required: true schema: $ref: '#/components/schemas/AnomalyIPFormat' responses: '200': description: IP address specified is currently blocked. '400': description: Connection does not exist. x-description-1: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: get:anomaly_block.' '404': description: IP address specified is not currently blocked. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_ips_by_id x-release-lifecycle: GA x-operation-name: checkIp x-operation-group: - anomaly - blocks security: - bearerAuth: [] - oAuth2ClientCredentials: - read:anomaly_blocks delete: summary: Remove the Blocked IP Address description: Remove a block imposed by Suspicious IP Throttling for the given IP address. tags: - anomaly parameters: - name: id in: path description: IP address to unblock. required: true schema: $ref: '#/components/schemas/AnomalyIPFormat' responses: '204': description: IP address specified successfully unblocked. '400': description: Connection does not exist. x-description-1: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: delete:anomaly_block.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_ips_by_id x-release-lifecycle: GA x-operation-name: unblockIp x-operation-group: - anomaly - blocks security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:anomaly_blocks /attack-protection/bot-detection: get: summary: Get Bot Detection Settings description: Get the Bot Detection configuration of your tenant. tags: - attack-protection responses: '200': description: Bot detection configuration retrieved successfully. content: application/json: schema: $ref: '#/components/schemas/GetBotDetectionSettingsResponseContent' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: Please upgrade your subscription to use bot detection x-description-1: 'Insufficient scope; expected any of: read:attack_protection.' '404': description: Bot detection configuration not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_bot-detection x-release-lifecycle: GA x-operation-name: get x-operation-group: - attackProtection - botDetection security: - bearerAuth: [] - oAuth2ClientCredentials: - read:attack_protection patch: summary: Update Bot Detection Settings description: Update the Bot Detection configuration of your tenant. tags: - attack-protection requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateBotDetectionSettingsRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateBotDetectionSettingsRequestContent' responses: '200': description: Bot detection configuration successfully updated. content: application/json: schema: $ref: '#/components/schemas/UpdateBotDetectionSettingsResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: Please upgrade your subscription to use bot detection x-description-1: 'Insufficient scope; expected any of: update:attack_protection.' '404': description: Bot detection configuration not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_bot-detection x-release-lifecycle: GA x-operation-name: update x-operation-group: - attackProtection - botDetection security: - bearerAuth: [] - oAuth2ClientCredentials: - update:attack_protection /attack-protection/breached-password-detection: get: summary: Get Breached Password Detection Settings description: Retrieve details of the Breached Password Detection configuration of your tenant. tags: - attack-protection responses: '200': description: Breached password detection settings successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetBreachedPasswordDetectionSettingsResponseContent' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:attack_protection.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_breached-password-detection x-release-lifecycle: GA x-operation-name: get x-operation-group: - attackProtection - breachedPasswordDetection security: - bearerAuth: [] - oAuth2ClientCredentials: - read:attack_protection patch: summary: Update Breached Password Detection Settings description: Update details of the Breached Password Detection configuration of your tenant. tags: - attack-protection requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateBreachedPasswordDetectionSettingsRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateBreachedPasswordDetectionSettingsRequestContent' responses: '200': description: Breached password detection settings successfully updated. content: application/json: schema: $ref: '#/components/schemas/UpdateBreachedPasswordDetectionSettingsResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: update:attack_protection.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_breached-password-detection x-release-lifecycle: GA x-operation-name: update x-operation-group: - attackProtection - breachedPasswordDetection security: - bearerAuth: [] - oAuth2ClientCredentials: - update:attack_protection /attack-protection/brute-force-protection: get: summary: Get Brute-force Settings description: Retrieve details of the Brute-force Protection configuration of your tenant. tags: - attack-protection responses: '200': description: Brute force configuration successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetBruteForceSettingsResponseContent' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:attack_protection.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_brute-force-protection x-release-lifecycle: GA x-operation-name: get x-operation-group: - attackProtection - bruteForceProtection security: - bearerAuth: [] - oAuth2ClientCredentials: - read:attack_protection patch: summary: Update Brute-force Settings description: Update the Brute-force Protection configuration of your tenant. tags: - attack-protection requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateBruteForceSettingsRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateBruteForceSettingsRequestContent' responses: '200': description: Brute force configuration successfully updated. content: application/json: schema: $ref: '#/components/schemas/UpdateBruteForceSettingsResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: update:attack_protection.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_brute-force-protection x-release-lifecycle: GA x-operation-name: update x-operation-group: - attackProtection - bruteForceProtection security: - bearerAuth: [] - oAuth2ClientCredentials: - update:attack_protection /attack-protection/captcha: get: summary: Get the CAPTCHA Configuration for a Tenant description: Get the CAPTCHA configuration for your client. tags: - attack-protection responses: '200': description: Captcha configuration successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetAttackProtectionCaptchaResponseContent' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: Please upgrade your subscription to use bot detection x-description-1: 'Insufficient scope; expected any of: read:attack_protection.' '404': description: Captcha configuration not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_captcha x-release-lifecycle: GA x-operation-name: get x-operation-group: - attackProtection - captcha security: - bearerAuth: [] - oAuth2ClientCredentials: - read:attack_protection patch: summary: Partial Update for CAPTCHA Configuration description: Update existing CAPTCHA configuration for your client. tags: - attack-protection requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateAttackProtectionCaptchaRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateAttackProtectionCaptchaRequestContent' responses: '200': description: Captcha configuration successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/UpdateAttackProtectionCaptchaResponseContent' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: Please upgrade your subscription to use bot detection x-description-1: 'Insufficient scope; expected any of: update:attack_protection.' '404': description: Captcha configuration not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_captcha x-release-lifecycle: GA x-operation-name: update x-operation-group: - attackProtection - captcha security: - bearerAuth: [] - oAuth2ClientCredentials: - update:attack_protection /attack-protection/suspicious-ip-throttling: get: summary: Get Suspicious IP Throttling Settings description: Retrieve details of the Suspicious IP Throttling configuration of your tenant. tags: - attack-protection responses: '200': description: Suspicious IP throttling configuration successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetSuspiciousIPThrottlingSettingsResponseContent' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:attack_protection.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_suspicious-ip-throttling x-release-lifecycle: GA x-operation-name: get x-operation-group: - attackProtection - suspiciousIpThrottling security: - bearerAuth: [] - oAuth2ClientCredentials: - read:attack_protection patch: summary: Update Suspicious IP Throttling Settings description: Update the details of the Suspicious IP Throttling configuration of your tenant. tags: - attack-protection requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateSuspiciousIPThrottlingSettingsRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateSuspiciousIPThrottlingSettingsRequestContent' responses: '200': description: Suspicious IP throttling configuration successfully updated. content: application/json: schema: $ref: '#/components/schemas/UpdateSuspiciousIPThrottlingSettingsResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: update:attack_protection.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_suspicious-ip-throttling x-release-lifecycle: GA x-operation-name: update x-operation-group: - attackProtection - suspiciousIpThrottling security: - bearerAuth: [] - oAuth2ClientCredentials: - update:attack_protection /branding: get: summary: Get Branding Settings description: Retrieve branding settings. tags: - branding responses: '200': description: Branding settings successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetBrandingResponseContent' '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: The specified client cannot perform the requested operation. x-description-1: 'Insufficient scope; expected any of: read:branding.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_branding x-release-lifecycle: GA x-operation-name: get x-operation-group: branding security: - bearerAuth: [] - oAuth2ClientCredentials: - read:branding patch: summary: Update Branding Settings description: Update branding settings. tags: - branding requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateBrandingRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateBrandingRequestContent' responses: '200': description: Branding settings successfully updated. content: application/json: schema: $ref: '#/components/schemas/UpdateBrandingResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: update:branding.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_branding x-release-lifecycle: GA x-operation-name: update x-operation-group: branding security: - bearerAuth: [] - oAuth2ClientCredentials: - update:branding /branding/phone/providers: get: summary: Get a List of Phone Providers description: 'Retrieve a list of phone providers details set for a Tenant. A list of fields to include or exclude may also be specified. ' tags: - branding parameters: - name: disabled in: query description: Whether the provider is enabled (false) or disabled (true). schema: type: boolean responses: '200': description: Phone providers have been successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListBrandingPhoneProvidersResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:phone_provider.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_branding_phone_providers x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListBrandingPhoneProvidersRequestParameters x-operation-group: - branding - phone - providers security: - bearerAuth: [] - oAuth2ClientCredentials: - read:phone_providers post: summary: Configure the Phone Provider description: 'Create a phone provider. The credentials object requires different properties depending on the phone provider (which is specified using the name property). ' tags: - branding requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateBrandingPhoneProviderRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateBrandingPhoneProviderRequestContent' responses: '201': description: Phone notification provider successfully created. content: application/json: schema: $ref: '#/components/schemas/CreateBrandingPhoneProviderResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: create:phone_provider.' '409': description: Custom phone provider conflict. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: create_phone_provider x-release-lifecycle: GA x-operation-name: create x-operation-group: - branding - phone - providers security: - bearerAuth: [] - oAuth2ClientCredentials: - create:phone_providers /branding/phone/providers/{id}: get: summary: Get a Phone Provider description: 'Retrieve phone provider details. A list of fields to include or exclude may also be specified. ' tags: - branding parameters: - name: id in: path required: true schema: type: string minLength: 1 maxLength: 255 responses: '200': description: Phone provider successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetBrandingPhoneProviderResponseContent' '400': description: Invalid id for provider. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:phone_provider.' '404': description: Phone provider has not been configured. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_phone_provider x-release-lifecycle: GA x-operation-name: get x-operation-group: - branding - phone - providers security: - bearerAuth: [] - oAuth2ClientCredentials: - read:phone_providers delete: summary: Deletes a Phone Provider description: 'Delete the configured phone provider. ' tags: - branding parameters: - name: id in: path required: true schema: type: string minLength: 1 maxLength: 255 responses: '204': description: Phone provider successfully deleted. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: delete:phone_provider.' '404': description: Phone provider has not been configured. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_phone_provider x-release-lifecycle: GA x-operation-name: delete x-operation-group: - branding - phone - providers security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:phone_providers patch: summary: Update the Phone Provider description: 'Update a phone provider. The credentials object requires different properties depending on the phone provider (which is specified using the name property). ' tags: - branding parameters: - name: id in: path required: true schema: type: string minLength: 1 maxLength: 255 requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateBrandingPhoneProviderRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateBrandingPhoneProviderRequestContent' responses: '200': description: Phone provider successfully updated. content: application/json: schema: $ref: '#/components/schemas/UpdateBrandingPhoneProviderResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: update:phone_provider.' '404': description: Phone provider has not been configured. '409': description: Custom phone provider conflict. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: update_phone_provider x-release-lifecycle: GA x-operation-name: update x-operation-group: - branding - phone - providers security: - bearerAuth: [] - oAuth2ClientCredentials: - update:phone_providers /branding/phone/providers/{id}/try: post: summary: Send a Test Phone Notification for the Configured Provider tags: - branding parameters: - name: id in: path required: true schema: type: string minLength: 1 maxLength: 255 requestBody: content: application/json: schema: $ref: '#/components/schemas/CreatePhoneProviderSendTestRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreatePhoneProviderSendTestRequestContent' responses: '202': description: Phone notification sent. content: application/json: schema: $ref: '#/components/schemas/CreatePhoneProviderSendTestResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope, expected: create:phone_provider.' '404': description: Phone provider has not been configured. '409': description: Custom phone provider conflict. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: try_phone_provider x-release-lifecycle: GA x-operation-name: test x-operation-group: - branding - phone - providers security: - bearerAuth: [] - oAuth2ClientCredentials: - create:phone_providers /branding/phone/templates: get: summary: Get a List of Phone Notification Templates tags: - branding parameters: - name: disabled in: query description: Whether the template is enabled (false) or disabled (true). schema: type: boolean responses: '200': description: The phone notification templates were retrieved. content: application/json: schema: $ref: '#/components/schemas/ListPhoneTemplatesResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation '403': description: 'Insufficient scope, expected any of: read:phone_templates' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_phone_templates x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListPhoneTemplatesRequestParameters x-operation-group: - branding - phone - templates security: - bearerAuth: [] - oAuth2ClientCredentials: - read:phone_templates post: summary: Create a Phone Notification Template tags: - branding requestBody: content: application/json: schema: $ref: '#/components/schemas/CreatePhoneTemplateRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreatePhoneTemplateRequestContent' responses: '201': description: The phone notification template was created. content: application/json: schema: $ref: '#/components/schemas/CreatePhoneTemplateResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation '403': description: 'Insufficient scope, expected any of: create:phone_templates' '409': description: Phone template already configured for tenant '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: create_phone_template x-release-lifecycle: GA x-operation-name: create x-operation-group: - branding - phone - templates security: - bearerAuth: [] - oAuth2ClientCredentials: - create:phone_templates /branding/phone/templates/{id}: get: summary: Get a Phone Notification Template tags: - branding parameters: - name: id in: path required: true schema: type: string minLength: 1 maxLength: 255 responses: '200': description: The phone notification template were retrieved. content: application/json: schema: $ref: '#/components/schemas/GetPhoneTemplateResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation '403': description: 'Insufficient scope, expected any of: read:phone_templates' '404': description: Phone template does not exist '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_phone_template x-release-lifecycle: GA x-operation-name: get x-operation-group: - branding - phone - templates security: - bearerAuth: [] - oAuth2ClientCredentials: - read:phone_templates delete: summary: Delete a Phone Notification Template tags: - branding parameters: - name: id in: path required: true schema: type: string minLength: 1 maxLength: 255 responses: '204': description: The phone notification template was deleted. '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation '403': description: 'Insufficient scope, expected any of: delete:phone_templates' '404': description: Phone template does not exist '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_phone_template x-release-lifecycle: GA x-operation-name: delete x-operation-group: - branding - phone - templates security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:phone_templates patch: summary: Update a Phone Notification Template tags: - branding parameters: - name: id in: path required: true schema: type: string minLength: 1 maxLength: 255 requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdatePhoneTemplateRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdatePhoneTemplateRequestContent' responses: '200': description: The phone notification template was updated. content: application/json: schema: $ref: '#/components/schemas/UpdatePhoneTemplateResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation '403': description: 'Insufficient scope, expected any of: update:phone_templates' '404': description: Phone template does not exist '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: update_phone_template x-release-lifecycle: GA x-operation-name: update x-operation-group: - branding - phone - templates security: - bearerAuth: [] - oAuth2ClientCredentials: - update:phone_templates /branding/phone/templates/{id}/reset: patch: summary: Resets a Phone Notification Template Values tags: - branding parameters: - name: id in: path required: true schema: type: string minLength: 1 maxLength: 255 requestBody: content: application/json: schema: $ref: '#/components/schemas/ResetPhoneTemplateRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/ResetPhoneTemplateRequestContent' responses: '200': description: The phone notification template was reset. content: application/json: schema: $ref: '#/components/schemas/ResetPhoneTemplateResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation '403': description: 'Insufficient scope, expected any of: create:phone_templates' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: reset_phone_template x-release-lifecycle: GA x-operation-name: reset x-operation-group: - branding - phone - templates security: - bearerAuth: [] - oAuth2ClientCredentials: - update:phone_templates /branding/phone/templates/{id}/try: post: summary: Send a Test Phone Notification for the Configured Template tags: - branding parameters: - name: id in: path required: true schema: type: string minLength: 1 maxLength: 255 requestBody: content: application/json: schema: $ref: '#/components/schemas/CreatePhoneTemplateTestNotificationRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreatePhoneTemplateTestNotificationRequestContent' responses: '202': description: The phone testing notification for the template was sent content: application/json: schema: $ref: '#/components/schemas/CreatePhoneTemplateTestNotificationResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation '403': description: 'Insufficient scope, expected any of: create:phone_templates' '404': description: Phone template does not exist '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: try_phone_template x-release-lifecycle: GA x-operation-name: test x-operation-group: - branding - phone - templates security: - bearerAuth: [] - oAuth2ClientCredentials: - create:phone_templates /branding/templates/universal-login: get: summary: Get Template for New Universal Login Experience tags: - branding responses: '200': description: Template successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetUniversalLoginTemplateResponseContent' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '402': description: A paid subscription is required for this feature. '403': description: 'Insufficient scope; expected: read:branding' '404': description: Template does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_universal-login x-release-lifecycle: GA x-operation-name: getUniversalLogin x-operation-group: - branding - templates security: - bearerAuth: [] - oAuth2ClientCredentials: - read:branding delete: summary: Delete Template for New Universal Login Experience tags: - branding responses: '204': description: Template successfully deleted. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '402': description: A paid subscription is required for this feature. '403': description: 'Insufficient scope; expected: delete:branding.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_universal-login x-release-lifecycle: GA x-operation-name: deleteUniversalLogin x-operation-group: - branding - templates security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:branding put: summary: Set Template for New Universal Login Experience description: "Update the Universal Login branding template.\n\n

When content-type header is set to application/json:

\n
\n\
        {\n  \"template\": \"<!DOCTYPE html>{% assign resolved_dir = dir | default: \"auto\" %}<html lang=\"{{locale}}\" dir=\"{{resolved_dir}}\"><head>{%-\
        \ auth0:head -%}</head><body class=\"_widget-auto-layout\">{%- auth0:widget -%}</body></html>\"\n}\n
\n\n

\n When content-type\ \ header is set to text/html:\n

\n
\n<!DOCTYPE html>\n{% assign resolved_dir = dir | default: \"auto\" %}\n<html lang=\"{{locale}}\"\
        \ dir=\"{{resolved_dir}}\">\n  <head>\n    {%- auth0:head -%}\n  </head>\n  <body class=\"_widget-auto-layout\">\n    {%- auth0:widget\
        \ -%}\n  </body>\n</html>\n
\n" tags: - branding requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateUniversalLoginTemplateRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateUniversalLoginTemplateRequestContent' responses: '201': description: Template successfully created. '204': description: Template successfully updated. '400': description: 'Payload content length greater than maximum allowed: 102400.' x-description-1: Payload content missing required Liquid tags (auth0:head and auth0:widget). x-description-2: 'Liquid template syntax error: .' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '402': description: A paid subscription is required for this feature. '403': description: 'Insufficient scope; expected: update:branding.' '409': description: Template update conflict. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: put_universal-login x-release-lifecycle: GA x-operation-name: updateUniversalLogin x-operation-group: - branding - templates security: - bearerAuth: [] - oAuth2ClientCredentials: - update:branding /branding/themes: post: summary: Create Branding Theme description: Create branding theme. tags: - branding requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateBrandingThemeRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateBrandingThemeRequestContent' responses: '200': description: Branding settings successfully updated. content: application/json: schema: $ref: '#/components/schemas/CreateBrandingThemeResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: update:branding.' '409': description: 'There was an error updating branding settings: The theme already exists' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_branding_theme x-release-lifecycle: GA x-operation-name: create x-operation-group: - branding - themes security: - bearerAuth: [] - oAuth2ClientCredentials: - update:branding /branding/themes/default: get: summary: Get Default Branding Theme description: Retrieve default branding theme. tags: - branding responses: '200': description: Branding theme successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetBrandingDefaultThemeResponseContent' '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: The specified client cannot perform the requested operation. x-description-1: 'Insufficient scope; expected any of: read:branding.' '404': description: 'There was an error retrieving branding settings: invalid theme ID' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_default_branding_theme x-release-lifecycle: GA x-operation-name: getDefault x-operation-group: - branding - themes security: - bearerAuth: [] - oAuth2ClientCredentials: - read:branding /branding/themes/{themeId}: get: summary: Get Branding Theme description: Retrieve branding theme. tags: - branding parameters: - name: themeId in: path description: The ID of the theme required: true schema: type: string responses: '200': description: Branding theme successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetBrandingThemeResponseContent' '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: The specified client cannot perform the requested operation. x-description-1: 'Insufficient scope; expected any of: read:branding.' '404': description: 'There was an error retrieving branding settings: invalid theme ID' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_branding_theme x-release-lifecycle: GA x-operation-name: get x-operation-group: - branding - themes security: - bearerAuth: [] - oAuth2ClientCredentials: - read:branding delete: summary: Delete Branding Theme description: Delete branding theme. tags: - branding parameters: - name: themeId in: path description: The ID of the theme required: true schema: type: string responses: '204': description: Branding theme successfully deleted. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: The specified client cannot perform the requested operation. x-description-1: 'Insufficient scope; expected any of: delete:branding.' '404': description: 'There was an error deleting branding settings: invalid theme ID' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_branding_theme x-release-lifecycle: GA x-operation-name: delete x-operation-group: - branding - themes security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:branding patch: summary: Update Branding Theme description: Update branding theme. tags: - branding parameters: - name: themeId in: path description: The ID of the theme required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateBrandingThemeRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateBrandingThemeRequestContent' responses: '200': description: Branding settings successfully updated. content: application/json: schema: $ref: '#/components/schemas/UpdateBrandingThemeResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: update:branding.' '404': description: 'There was an error updating branding settings: invalid theme ID' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_branding_theme x-release-lifecycle: GA x-operation-name: update x-operation-group: - branding - themes security: - bearerAuth: [] - oAuth2ClientCredentials: - update:branding /client-grants: get: summary: Get Client Grants description: 'Retrieve a list of client grants, including the scopes associated with the application/API pair. ' tags: - client-grants parameters: - name: per_page in: query description: Number of results per page. schema: type: integer minimum: 1 maximum: 100 - name: page in: query description: Page index of the results to return. First page is 0. schema: type: integer minimum: 0 - name: include_totals in: query description: Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). schema: type: boolean - name: from in: query description: Optional Id from which to start selection. schema: type: string - name: take in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 - name: audience in: query description: Optional filter on audience. schema: type: string - name: client_id in: query description: Optional filter on client_id. schema: type: string - name: allow_any_organization in: query description: Optional filter on allow_any_organization. schema: $ref: '#/components/schemas/ClientGrantAllowAnyOrganizationEnum' - name: subject_type in: query description: The type of application access the client grant allows. schema: $ref: '#/components/schemas/ClientGrantSubjectTypeEnum' - name: default_for in: query description: Applies this client grant as the default for all clients in the specified group. The only accepted value is `third_party_clients`, which applies the grant to all third-party clients. Per-client grants for the same audience take precedence. Mutually exclusive with `client_id`. schema: $ref: '#/components/schemas/ClientGrantDefaultForEnum' x-release-lifecycle: GA x-release-lifecycle: GA responses: '200': description: Client grants successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListClientGrantResponseContent' '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:client_grants.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_client-grants x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListClientGrantsRequestParameters x-operation-group: clientGrants security: - bearerAuth: [] - oAuth2ClientCredentials: - read:client_grants post: summary: Create Client Grant description: Create a client grant for a machine-to-machine login flow. To learn more, read Client Credential Flow. tags: - client-grants requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateClientGrantRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateClientGrantRequestContent' responses: '201': description: Client grant successfully created. content: application/json: schema: $ref: '#/components/schemas/CreateClientGrantResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. x-description-1: Client grants for this API cannot be created for third-party clients. The message will vary depending on the API and client type. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: create:client_grants.' '404': description: Resource server not found x-description-1: Client not found '409': description: A resource server with the same identifier already exists. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_client-grants x-release-lifecycle: GA x-operation-name: create x-operation-group: clientGrants security: - bearerAuth: [] - oAuth2ClientCredentials: - create:client_grants /client-grants/{id}: get: summary: Get Client Grant description: 'Retrieve a single client grant, including the scopes associated with the application/API pair. ' tags: - client-grants parameters: - name: id in: path description: The ID of the client grant to retrieve. required: true schema: type: string responses: '200': description: Client grant successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetClientGrantResponseContent' '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:client_grants.' '404': description: The grant does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_client-grant x-release-lifecycle: GA x-operation-name: get x-operation-request-parameters-name: GetClientGrantRequestParameters x-operation-group: clientGrants security: - bearerAuth: [] - oAuth2ClientCredentials: - read:client_grants delete: summary: Delete Client Grant description: 'Delete the Client Credential Flow from your machine-to-machine application. ' tags: - client-grants parameters: - name: id in: path description: ID of the client grant to delete. required: true schema: type: string responses: '204': description: Client grant successfully deleted. '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: delete:client_grants.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_client-grants_by_id x-release-lifecycle: GA x-operation-name: delete x-operation-group: clientGrants security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:client_grants patch: summary: Update Client Grant description: Update a client grant. tags: - client-grants parameters: - name: id in: path description: ID of the client grant to update. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateClientGrantRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateClientGrantRequestContent' responses: '200': description: Client grant successfully updated. content: application/json: schema: $ref: '#/components/schemas/UpdateClientGrantResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: update:client_grants.' '404': description: The client grant does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_client-grants_by_id x-release-lifecycle: GA x-operation-name: update x-operation-group: clientGrants security: - bearerAuth: [] - oAuth2ClientCredentials: - update:client_grants /client-grants/{id}/organizations: get: summary: Get the Organizations Associated to a Client Grant tags: - client-grants parameters: - name: id in: path description: ID of the client grant required: true schema: type: string - name: page in: query description: Page index of the results to return. First page is 0. schema: type: integer minimum: 0 - name: per_page in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 - name: include_totals in: query description: Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). schema: type: boolean - name: from in: query description: Optional Id from which to start selection. schema: type: string - name: take in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 responses: '200': description: Organizations successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListClientGrantOrganizationsResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. x-description-1: Invalid query string paging options. The message will vary depending on the cause '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:organization_client_grants.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_client-grant-organizations x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListClientGrantOrganizationsRequestParameters x-operation-group: - clientGrants - organizations security: - bearerAuth: [] - oAuth2ClientCredentials: - read:organization_client_grants /clients: get: summary: Get Clients description: "Retrieve clients (applications and SSO integrations) matching provided filters. A list of fields to include or exclude may also be specified.\n\ For more information, read Applications in Auth0 and Single Sign-On.\n\n\n" tags: - clients parameters: - name: fields in: query description: Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields. schema: type: string pattern: ^((name)|(description)|(callbacks)|(oidc_backchannel_logout)|(oidc_logout)|(session_transfer)|(allowed_origins)|(web_origins)|(client_id)|(tenant)|(global)|(config_route)|(callback_url_template)|(jwt_configuration)|(jwt_configuration\.lifetime_in_seconds)|(jwt_configuration\.secret_encoded)|(jwt_configuration\.scopes)|(jwt_configuration\.alg)|(api_type)|(logo_uri)|(allowed_clients)|(owners)|(custom_login_page)|(custom_login_page_on)|(sso)|(addons)|(form_template)|(custom_login_page_preview)|(encryption_key)|(encryption_key\.pub)|(encryption_key\.cert)|(client_secret)|(signing_keys)|(mobile)|(mobile\.android)|(mobile\.ios)|(token_endpoint_auth_method)|(allowed_logout_urls)|(app_type)|(is_first_party)|(oidc_conformant)|(client_metadata)|(is_token_endpoint_ip_header_trusted)|(initiate_login_uri)|(grant_types)|(refresh_token)|(refresh_token\.rotation_type)|(refresh_token\.expiration_type)|(refresh_token\.leeway)|(refresh_token\.policies)|(refresh_token\.token_lifetime)|(default_organization)|(organization_usage)|(organization_require_behavior)|(organization_discovery_methods)|(client_authentication_methods)|(client_authentication_methods\.private_key_jwt)|(require_pushed_authorization_requests)|(require_proof_of_possession)|(id_token)|(signed_request_object)|(signed_request_object\.required)|(signed_request_object\.credentials)|(compliance_level)|(skip_non_verifiable_callback_uri_confirmation_prompt)|(token_exchange)|(token_exchange\.allow_any_profile_of_type)|(token_quota)|(identity_assertion_authorization_grant)|(third_party_security_mode)|(subject_type_authorization)|(resource_server_identifier)|(express_configuration)|(my_organization_configuration)|(async_approval_notification_channels)|(token_vault_privileged_access)|(token_vault_privileged_access\.credentials)|(registration_type)|(external_metadata_type)|(external_metadata_created_by)|(external_client_id)|(redirection_policy))(,((name)|(description)|(callbacks)|(oidc_backchannel_logout)|(oidc_logout)|(session_transfer)|(allowed_origins)|(web_origins)|(client_id)|(tenant)|(global)|(config_route)|(callback_url_template)|(jwt_configuration)|(jwt_configuration\.lifetime_in_seconds)|(jwt_configuration\.secret_encoded)|(jwt_configuration\.scopes)|(jwt_configuration\.alg)|(api_type)|(logo_uri)|(allowed_clients)|(owners)|(custom_login_page)|(custom_login_page_on)|(sso)|(addons)|(form_template)|(custom_login_page_preview)|(encryption_key)|(encryption_key\.pub)|(encryption_key\.cert)|(client_secret)|(signing_keys)|(mobile)|(mobile\.android)|(mobile\.ios)|(token_endpoint_auth_method)|(allowed_logout_urls)|(app_type)|(is_first_party)|(oidc_conformant)|(client_metadata)|(is_token_endpoint_ip_header_trusted)|(initiate_login_uri)|(grant_types)|(refresh_token)|(refresh_token\.rotation_type)|(refresh_token\.expiration_type)|(refresh_token\.leeway)|(refresh_token\.policies)|(refresh_token\.token_lifetime)|(default_organization)|(organization_usage)|(organization_require_behavior)|(organization_discovery_methods)|(client_authentication_methods)|(client_authentication_methods\.private_key_jwt)|(require_pushed_authorization_requests)|(require_proof_of_possession)|(id_token)|(signed_request_object)|(signed_request_object\.required)|(signed_request_object\.credentials)|(compliance_level)|(skip_non_verifiable_callback_uri_confirmation_prompt)|(token_exchange)|(token_exchange\.allow_any_profile_of_type)|(token_quota)|(identity_assertion_authorization_grant)|(third_party_security_mode)|(subject_type_authorization)|(resource_server_identifier)|(express_configuration)|(my_organization_configuration)|(async_approval_notification_channels)|(token_vault_privileged_access)|(token_vault_privileged_access\.credentials)|(registration_type)|(external_metadata_type)|(external_metadata_created_by)|(external_client_id)|(redirection_policy)))*$ - name: include_fields in: query description: Whether specified fields are to be included (true) or excluded (false). schema: type: boolean - name: page in: query description: Page index of the results to return. First page is 0. schema: type: integer minimum: 0 - name: per_page in: query description: Number of results per page. Default value is 50, maximum value is 100 schema: type: integer minimum: 0 maximum: 100 - name: include_totals in: query description: Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). schema: type: boolean - name: from in: query description: Optional Id from which to start selection. schema: type: string - name: take in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 - name: is_global in: query description: Optional filter on the global client parameter. schema: type: boolean - name: is_first_party in: query description: Optional filter on whether or not a client is a first-party client. schema: type: boolean - name: app_type in: query description: Optional filter by a comma-separated list of application types. schema: type: string pattern: ^((native)|(spa)|(regular_web)|(non_interactive)|(resource_server)|(express_configuration)|(rms)|(box)|(cloudbees)|(concur)|(dropbox)|(mscrm)|(echosign)|(egnyte)|(newrelic)|(office365)|(salesforce)|(sentry)|(sharepoint)|(slack)|(springcm)|(zendesk)|(zoom)|(sso_integration)|(oag))(,((native)|(spa)|(regular_web)|(non_interactive)|(resource_server)|(express_configuration)|(rms)|(box)|(cloudbees)|(concur)|(dropbox)|(mscrm)|(echosign)|(egnyte)|(newrelic)|(office365)|(salesforce)|(sentry)|(sharepoint)|(slack)|(springcm)|(zendesk)|(zoom)|(sso_integration)|(oag)))*$ - name: external_client_id in: query description: Optional filter by the Client ID Metadata Document URI for CIMD-registered clients. schema: type: string minLength: 1 maxLength: 120 - name: q in: query description: 'Advanced Query in Lucene syntax.
Permitted Queries:
Additional Restrictions:
Note: Recent updates may not be immediately reflected in query results' schema: type: string responses: '200': description: Clients successfully retrieved. content: application/json: schema: oneOf: - type: array items: $ref: '#/components/schemas/Client' - $ref: '#/components/schemas/ListClientsOffsetPaginatedResponseContent' - $ref: '#/components/schemas/ListClientsPaginatedResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:clients, read:client_keys, read:client_summary' x-description-1: Some fields cannot be read with the permissions granted by the bearer token scopes. The message will vary depending on the fields and the scopes. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_clients x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListClientsRequestParameters x-operation-group: clients security: - bearerAuth: [] - oAuth2ClientCredentials: - read:clients - read:client_keys - read:client_credentials - read:client_summary post: summary: Create a Client description: "Create a new client (application or SSO integration). For more information, read Create Applications\n\">API Endpoints for Single Sign-On.\ \ \n\nNotes: \n- We recommend leaving the `client_secret` parameter unspecified to allow the generation of a safe secret.\n- The client_authentication_methods\ \ and token_endpoint_auth_method properties are mutually exclusive. Use \nclient_authentication_methods to configure the client\ \ with Private Key JWT authentication method. Otherwise, use token_endpoint_auth_method\nto configure the client with client secret (basic or\ \ post) or with no authentication method (none).\n- When using client_authentication_methods to configure the client with Private Key JWT authentication\ \ method, specify fully defined credentials. \nThese credentials will be automatically enabled for Private Key JWT authentication on the client. \n- To configure\ \ client_authentication_methods, the create:client_credentials scope is required.\n- To configure client_authentication_methods,\ \ the property jwt_configuration.alg must be set to RS256.\n\n
SSO Integrations created via this endpoint will\ \ accept login requests and share user profile information.
\n" tags: - clients requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateClientRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateClientRequestContent' responses: '201': description: Client successfully created. content: application/json: schema: $ref: '#/components/schemas/CreateClientResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: create:clients.' x-description-1: The account is not allowed to perform this operation. x-description-2: You reached the limit of entities of this type for this tenant. x-description-3: Organizations are only available to first party clients on user-based flows. Properties organization_usage and organization_require_behavior must be unset for third party clients. '409': description: Another client exists with the same alias. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_clients x-release-lifecycle: GA x-operation-name: create x-operation-group: clients security: - bearerAuth: [] - oAuth2ClientCredentials: - create:clients /clients/cimd/preview: post: summary: Preview and Validate Client ID Metadata Document description: "\n Fetches and validates a Client ID Metadata Document without creating a client.\n Returns the raw metadata and how it would be mapped\ \ to Auth0 client fields.\n This endpoint is useful for testing metadata URIs before creating CIMD clients.\n " tags: - clients requestBody: content: application/json: schema: $ref: '#/components/schemas/PreviewCimdMetadataRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/PreviewCimdMetadataRequestContent' responses: '200': description: Metadata successfully fetched and validated, or retrieval error returned with errors array. content: application/json: schema: $ref: '#/components/schemas/PreviewCimdMetadataResponseContent' '400': description: Invalid external_client_id. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: create:clients, update:clients.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. '500': description: An internal server error occurred. operationId: post_clients_cimd_preview x-release-lifecycle: GA x-operation-name: previewCimdMetadata x-operation-group: clients security: - bearerAuth: [] - oAuth2ClientCredentials: - read:clients /clients/cimd/register: post: summary: Register or Update a CIMD Client Via Metadata URI description: "\n Idempotent registration for Client ID Metadata Document (CIMD) clients.\n Uses external_client_id as the unique identifier for upsert\ \ operations.\n **Create:** Returns 201 when a new client is created (requires \\" tags: - clients requestBody: content: application/json: schema: $ref: '#/components/schemas/RegisterCimdClientRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/RegisterCimdClientRequestContent' responses: '200': description: CIMD client successfully updated (idempotent). content: application/json: schema: $ref: '#/components/schemas/RegisterCimdClientResponseContent' '201': description: CIMD client successfully created. content: application/json: schema: $ref: '#/components/schemas/RegisterCimdClientResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. x-description-1: The Client Metadata document at [URL] cannot be applied. x-description-2: The Client Metadata at [URL] could not be retrieved. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: create:clients, update:clients.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. '500': description: An internal server error occurred. operationId: post_clients_cimd_register x-release-lifecycle: GA x-operation-name: registerCimdClient x-operation-group: clients security: - bearerAuth: [] - oAuth2ClientCredentials: - create:clients - update:clients /clients/{client_id}/credentials: get: summary: Get Client Credentials description: 'Get the details of a client credential. Important: To enable credentials to be used for a client authentication method, set the client_authentication_methods property on the client. To enable credentials to be used for JWT-Secured Authorization requests set the signed_request_object property on the client. ' tags: - clients parameters: - name: client_id in: path description: ID of the client. required: true schema: type: string responses: '200': description: Credentials successfully retrieved. content: application/json: schema: type: array items: $ref: '#/components/schemas/ClientCredential' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:client_credentials.' '404': description: Client not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_credentials x-release-lifecycle: GA x-operation-name: list x-operation-group: - clients - credentials security: - bearerAuth: [] - oAuth2ClientCredentials: - read:client_credentials post: summary: Create a Client Credential description: "Create a client credential associated to your application. Credentials can be used to configure Private Key JWT and mTLS authentication methods,\ \ as well as for JWT-secured Authorization requests.\n\n
Public Key
Public Key credentials can be used to set up Private Key JWT client authentication\ \ and JWT-secured Authorization requests.\n\nSample: 
{\n  \"credential_type\": \"public_key\",\n  \"name\": \"string\",\n  \"pem\": \"string\"\
        ,\n  \"alg\": \"RS256\",\n  \"parse_expiry_from_cert\": false,\n  \"expires_at\": \"2022-12-31T23:59:59Z\"\n}
\n
Certificate (CA-signed & self-signed)
Certificate\ \ credentials can be used to set up mTLS client authentication. CA-signed certificates can be configured either with a signed certificate or with just the\ \ certificate Subject DN.\n\nCA-signed Certificate Sample (pem): 
{\n  \"credential_type\": \"x509_cert\",\n  \"name\": \"string\",\n  \"pem\":\
        \ \"string\"\n}
CA-signed Certificate Sample (subject_dn): 
{\n  \"credential_type\": \"cert_subject_dn\",\n  \"name\": \"string\",\n\
        \  \"subject_dn\": \"string\"\n}
Self-signed Certificate Sample: 
{\n  \"credential_type\": \"cert_subject_dn\",\n  \"name\": \"string\"\
        ,\n  \"pem\": \"string\"\n}
\n\nThe credential will be created but not yet enabled for use until you set the corresponding properties in the client:\n\ \n" tags: - clients parameters: - name: client_id in: path description: ID of the client. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/PostClientCredentialRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/PostClientCredentialRequestContent' responses: '201': description: Credential successfully created. content: application/json: schema: $ref: '#/components/schemas/PostClientCredentialResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: create:client_credentials.' '404': description: Client not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_credentials x-release-lifecycle: GA x-operation-name: create x-operation-group: - clients - credentials security: - bearerAuth: [] - oAuth2ClientCredentials: - create:client_credentials /clients/{client_id}/credentials/{credential_id}: get: summary: Get Client Credential Details description: 'Get the details of a client credential. Important: To enable credentials to be used for a client authentication method, set the client_authentication_methods property on the client. To enable credentials to be used for JWT-Secured Authorization requests set the signed_request_object property on the client. ' tags: - clients parameters: - name: client_id in: path description: ID of the client. required: true schema: type: string - name: credential_id in: path description: ID of the credential. required: true schema: type: string responses: '200': description: Credential successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetClientCredentialResponseContent' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:client_credentials.' '404': description: Client not found. x-description-1: Credential does not exist '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_credentials_by_credential_id x-release-lifecycle: GA x-operation-name: get x-operation-group: - clients - credentials security: - bearerAuth: [] - oAuth2ClientCredentials: - read:client_credentials delete: summary: Delete a Client Credential description: Delete a client credential you previously created. May be enabled or disabled. For more information, read Client Credential Flow. tags: - clients parameters: - name: client_id in: path description: ID of the client. required: true schema: type: string - name: credential_id in: path description: ID of the credential to delete. required: true schema: type: string responses: '204': description: Credential successfully deleted. '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: delete:client_credentials.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_credentials_by_credential_id x-release-lifecycle: GA x-operation-name: delete x-operation-group: - clients - credentials security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:client_credentials patch: summary: Update a Client Credential description: Change a client credential you previously created. May be enabled or disabled. For more information, read Client Credential Flow. tags: - clients parameters: - name: client_id in: path description: ID of the client. required: true schema: type: string - name: credential_id in: path description: ID of the credential. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchClientCredentialRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/PatchClientCredentialRequestContent' responses: '201': description: Credential successfully updated. content: application/json: schema: $ref: '#/components/schemas/PatchClientCredentialResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: update:client_credentials.' '404': description: Client not found. x-description-1: Credential does not exist '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_credentials_by_credential_id x-release-lifecycle: GA x-operation-name: update x-operation-group: - clients - credentials security: - bearerAuth: [] - oAuth2ClientCredentials: - update:client_credentials /clients/{id}: get: summary: Get Client by ID description: "Retrieve client details by ID. Clients are SSO connections or Applications linked with your Auth0 tenant. A list of fields to include or exclude\ \ may also be specified. \nFor more information, read Applications in Auth0 and Single Sign-On.\n\n" tags: - clients parameters: - name: id in: path description: ID of the client to retrieve. required: true schema: type: string - name: fields in: query description: Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields. schema: type: string pattern: ^((name)|(description)|(callbacks)|(oidc_backchannel_logout)|(oidc_logout)|(session_transfer)|(allowed_origins)|(web_origins)|(client_id)|(tenant)|(global)|(config_route)|(callback_url_template)|(jwt_configuration)|(jwt_configuration\.lifetime_in_seconds)|(jwt_configuration\.secret_encoded)|(jwt_configuration\.scopes)|(jwt_configuration\.alg)|(api_type)|(logo_uri)|(allowed_clients)|(owners)|(custom_login_page)|(custom_login_page_on)|(sso)|(addons)|(form_template)|(custom_login_page_preview)|(encryption_key)|(encryption_key\.pub)|(encryption_key\.cert)|(client_secret)|(signing_keys)|(mobile)|(mobile\.android)|(mobile\.ios)|(token_endpoint_auth_method)|(allowed_logout_urls)|(app_type)|(is_first_party)|(oidc_conformant)|(client_metadata)|(is_token_endpoint_ip_header_trusted)|(initiate_login_uri)|(grant_types)|(refresh_token)|(refresh_token\.rotation_type)|(refresh_token\.expiration_type)|(refresh_token\.leeway)|(refresh_token\.policies)|(refresh_token\.token_lifetime)|(default_organization)|(organization_usage)|(organization_require_behavior)|(organization_discovery_methods)|(client_authentication_methods)|(client_authentication_methods\.private_key_jwt)|(require_pushed_authorization_requests)|(require_proof_of_possession)|(id_token)|(signed_request_object)|(signed_request_object\.required)|(signed_request_object\.credentials)|(compliance_level)|(skip_non_verifiable_callback_uri_confirmation_prompt)|(token_exchange)|(token_exchange\.allow_any_profile_of_type)|(token_quota)|(identity_assertion_authorization_grant)|(third_party_security_mode)|(subject_type_authorization)|(resource_server_identifier)|(express_configuration)|(my_organization_configuration)|(async_approval_notification_channels)|(token_vault_privileged_access)|(token_vault_privileged_access\.credentials)|(registration_type)|(external_metadata_type)|(external_metadata_created_by)|(external_client_id)|(redirection_policy))(,((name)|(description)|(callbacks)|(oidc_backchannel_logout)|(oidc_logout)|(session_transfer)|(allowed_origins)|(web_origins)|(client_id)|(tenant)|(global)|(config_route)|(callback_url_template)|(jwt_configuration)|(jwt_configuration\.lifetime_in_seconds)|(jwt_configuration\.secret_encoded)|(jwt_configuration\.scopes)|(jwt_configuration\.alg)|(api_type)|(logo_uri)|(allowed_clients)|(owners)|(custom_login_page)|(custom_login_page_on)|(sso)|(addons)|(form_template)|(custom_login_page_preview)|(encryption_key)|(encryption_key\.pub)|(encryption_key\.cert)|(client_secret)|(signing_keys)|(mobile)|(mobile\.android)|(mobile\.ios)|(token_endpoint_auth_method)|(allowed_logout_urls)|(app_type)|(is_first_party)|(oidc_conformant)|(client_metadata)|(is_token_endpoint_ip_header_trusted)|(initiate_login_uri)|(grant_types)|(refresh_token)|(refresh_token\.rotation_type)|(refresh_token\.expiration_type)|(refresh_token\.leeway)|(refresh_token\.policies)|(refresh_token\.token_lifetime)|(default_organization)|(organization_usage)|(organization_require_behavior)|(organization_discovery_methods)|(client_authentication_methods)|(client_authentication_methods\.private_key_jwt)|(require_pushed_authorization_requests)|(require_proof_of_possession)|(id_token)|(signed_request_object)|(signed_request_object\.required)|(signed_request_object\.credentials)|(compliance_level)|(skip_non_verifiable_callback_uri_confirmation_prompt)|(token_exchange)|(token_exchange\.allow_any_profile_of_type)|(token_quota)|(identity_assertion_authorization_grant)|(third_party_security_mode)|(subject_type_authorization)|(resource_server_identifier)|(express_configuration)|(my_organization_configuration)|(async_approval_notification_channels)|(token_vault_privileged_access)|(token_vault_privileged_access\.credentials)|(registration_type)|(external_metadata_type)|(external_metadata_created_by)|(external_client_id)|(redirection_policy)))*$ - name: include_fields in: query description: Whether specified fields are to be included (true) or excluded (false). schema: type: boolean responses: '200': description: Client successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetClientResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:clients, read:client_keys, read:client_credentials, read:client_summary.' x-description-1: Some fields cannot be read with the permissions granted by the bearer token scopes. The message will vary depending on the fields and the scopes. '404': description: Client not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_clients_by_id x-release-lifecycle: GA x-operation-name: get x-operation-request-parameters-name: GetClientRequestParameters x-operation-group: clients security: - bearerAuth: [] - oAuth2ClientCredentials: - read:clients - read:client_keys - read:client_credentials - read:client_summary delete: summary: Delete a Client description: Delete a client and related configuration (rules, connections, etc). tags: - clients parameters: - name: id in: path description: ID of the client to delete. required: true schema: type: string responses: '204': description: Client successfully deleted. '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Global client cannot be deleted. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: delete:clients.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_clients_by_id x-release-lifecycle: GA x-operation-name: delete x-operation-group: clients security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:clients patch: summary: Update a Client description: 'Updates a client''s settings. For more information, read Applications in Auth0 and Single Sign-On. Notes: - The `client_secret` and `signing_key` attributes can only be updated with the `update:client_keys` scope. - The client_authentication_methods and token_endpoint_auth_method properties are mutually exclusive. Use client_authentication_methods to configure the client with Private Key JWT authentication method. Otherwise, use token_endpoint_auth_method to configure the client with client secret (basic or post) or with no authentication method (none). - When using client_authentication_methods to configure the client with Private Key JWT authentication method, only specify the credential IDs that were generated when creating the credentials on the client. - To configure client_authentication_methods, the update:client_credentials scope is required. - To configure client_authentication_methods, the property jwt_configuration.alg must be set to RS256. - To change a client''s is_first_party property to false, the organization_usage and organization_require_behavior properties must be unset. ' tags: - clients parameters: - name: id in: path description: ID of the client to update. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateClientRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateClientRequestContent' responses: '200': description: Client successfully updated. content: application/json: schema: $ref: '#/components/schemas/UpdateClientResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: update:clients, update:client_keys.' x-description-1: Some fields cannot be updated with the permissions granted by the bearer token scopes. The message will vary depending on the fields and the scopes. x-description-2: The account is not allowed to perform this operation. x-description-3: Organizations are only available to first party clients on user-based flows. Properties organization_usage and organization_require_behavior must be unset for third party clients. '404': description: Client not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_clients_by_id x-release-lifecycle: GA x-operation-name: update x-operation-group: clients security: - bearerAuth: [] - oAuth2ClientCredentials: - update:clients - update:client_keys - update:client_credentials - update:client_token_vault_privileged_access /clients/{id}/connections: get: summary: Get Enabled Connections for a Client description: "Retrieve all connections that are enabled for the specified Application,\ \ using checkpoint pagination. A list of fields to include or exclude for each connection may also be specified.\n\n" tags: - clients parameters: - name: id in: path description: ID of the client for which to retrieve enabled connections. required: true schema: type: string - name: strategy in: query description: Provide strategies to only retrieve connections with such strategies style: form explode: true schema: type: array items: $ref: '#/components/schemas/ConnectionStrategyEnum' - name: from in: query description: Optional Id from which to start selection. schema: type: string maxLength: 1000 - name: take in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 - name: fields in: query description: A comma separated list of fields to include or exclude (depending on include_fields) from the result, empty to retrieve all fields schema: type: string maxLength: 1000 pattern: ^((name)|(display_name)|(strategy)|(options)|(id)|(provisioning_ticket_url)|(metadata)|(show_as_button)|(clients)|(authentication)|(connected_accounts)|(cross_app_access_requesting_app)|(cross_app_access_resource_app))(,((name)|(display_name)|(strategy)|(options)|(id)|(provisioning_ticket_url)|(metadata)|(show_as_button)|(clients)|(authentication)|(connected_accounts)|(cross_app_access_requesting_app)|(cross_app_access_resource_app)))*$ - name: include_fields in: query description: true if the fields specified are to be included in the result, false otherwise (defaults to true) schema: type: boolean responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/ListClientConnectionsResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected: read:connections and any of: read:clients or read:client_summary.' '404': description: Client does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_client_connections x-release-lifecycle: GA x-operation-name: get x-operation-group: - clients - connections security: - bearerAuth: [] - oAuth2ClientCredentials: - read:connections - read:clients - read:client_summary /clients/{id}/rotate-secret: post: summary: Rotate a Client Secret description: 'Rotate a client secret. This endpoint cannot be used with clients configured with Private Key JWT authentication method (client_authentication_methods configured with private_key_jwt). The generated secret is NOT base64 encoded. For more information, read Rotate Client Secrets.' tags: - clients parameters: - name: id in: path description: ID of the client that will rotate secrets. required: true schema: type: string responses: '200': description: Secret successfully rotated. content: application/json: schema: $ref: '#/components/schemas/RotateClientSecretResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: update:client_keys.' x-description-1: Some fields cannot be updated with the permissions granted by the bearer token scopes. The message will vary depending on the fields and the scopes. '404': description: Client not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_rotate-secret x-release-lifecycle: GA x-operation-name: rotateSecret x-operation-group: clients security: - bearerAuth: [] - oAuth2ClientCredentials: - update:client_keys /connection-profiles: get: summary: Get Connection Profiles description: 'Retrieve a list of Connection Profiles. This endpoint supports Checkpoint pagination. ' tags: - connection-profiles parameters: - name: from in: query description: Optional Id from which to start selection. schema: type: string - name: take in: query description: Number of results per page. Defaults to 5. schema: type: integer minimum: 1 maximum: 10 responses: '200': description: Connection Profiles successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListConnectionProfilesPaginatedResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. x-description-1: Invalid query string paging options. The message will vary depending on the cause '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:connection_profiles.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_connection-profiles x-operation-name: list x-operation-request-parameters-name: ListConnectionProfileRequestParameters x-operation-group: connectionProfiles security: - bearerAuth: [] - oAuth2ClientCredentials: - read:connection_profiles post: summary: Create a Connection Profile description: 'Create a Connection Profile. ' tags: - connection-profiles requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateConnectionProfileRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateConnectionProfileRequestContent' responses: '201': description: Connection profile successfully created. content: application/json: schema: $ref: '#/components/schemas/CreateConnectionProfileResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: create:connection_profiles.' '409': description: Connection profile conflict. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_connection-profiles x-operation-name: create x-operation-group: connectionProfiles security: - bearerAuth: [] - oAuth2ClientCredentials: - create:connection_profiles /connection-profiles/templates: get: summary: Get Connection Profile Templates description: 'Retrieve a list of Connection Profile Templates. ' tags: - connection-profiles responses: '200': description: Connection Profile Templates successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListConnectionProfileTemplateResponseContent' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:connection_profiles.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_connection_profile_templates x-operation-name: listTemplates x-operation-group: connectionProfiles security: - bearerAuth: [] - oAuth2ClientCredentials: - read:connection_profiles /connection-profiles/templates/{id}: get: summary: Get Connection Profile Template description: 'Retrieve a Connection Profile Template. ' tags: - connection-profiles parameters: - name: id in: path description: ID of the connection-profile-template to retrieve. required: true schema: type: string responses: '200': description: Connection Profile Template successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetConnectionProfileTemplateResponseContent' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:connection_profiles.' '404': description: Connection profile template not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_connection_profile_template x-operation-name: getTemplate x-operation-group: connectionProfiles security: - bearerAuth: [] - oAuth2ClientCredentials: - read:connection_profiles /connection-profiles/{id}: get: summary: Get Connection Profile description: 'Retrieve details about a single Connection Profile specified by ID. ' tags: - connection-profiles parameters: - name: id in: path description: ID of the connection-profile to retrieve. required: true schema: type: string responses: '200': description: Record for existing connection profile. content: application/json: schema: $ref: '#/components/schemas/GetConnectionProfileResponseContent' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:connection-profiles.' '404': description: Connection profile not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_connection-profiles_by_id x-operation-name: get x-operation-group: connectionProfiles security: - bearerAuth: [] - oAuth2ClientCredentials: - read:connection_profiles delete: summary: Delete Connection Profile description: 'Delete a single Connection Profile specified by ID. ' tags: - connection-profiles parameters: - name: id in: path description: ID of the connection-profile to delete. required: true schema: type: string responses: '204': description: Connection profile successfully deleted. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: delete:connection-profiles.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_connection-profiles_by_id x-operation-name: delete x-operation-group: connectionProfiles security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:connection_profiles patch: summary: Modify a Connection Profile description: 'Update the details of a specific Connection Profile. ' tags: - connection-profiles parameters: - name: id in: path description: ID of the connection profile to update. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateConnectionProfileRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateConnectionProfileRequestContent' responses: '200': description: Connection profile successfully updated. content: application/json: schema: $ref: '#/components/schemas/UpdateConnectionProfileResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: update:connection_profiles.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_connection-profiles_by_id x-operation-name: update x-operation-group: connectionProfiles security: - bearerAuth: [] - oAuth2ClientCredentials: - update:connection_profiles /connections: get: summary: Get All Connections description: "Retrieves detailed list of all connections that match the specified strategy.\ \ If no strategy is provided, all connections within your tenant are retrieved. This action can accept a list of fields to include or exclude from the resulting\ \ list of connections. \n\nThis endpoint supports two types of pagination:\n\n\nCheckpoint\ \ pagination must be used if you need to retrieve more than 1000 connections.\n\n

Checkpoint Pagination

\n\nTo search by checkpoint, use the following\ \ parameters:\n\n\nNote: The first time you call this endpoint using checkpoint pagination, omit the from\ \ parameter. If there are more results, a next value is included in the response. You can use this for subsequent API calls. When next\ \ is no longer included in the response, no pages are remaining.\n" tags: - connections parameters: - name: per_page in: query description: The amount of entries per page. Defaults to 100 if not provided schema: type: integer minimum: 1 maximum: 100 - name: page in: query description: The page number. Zero based schema: type: integer minimum: 0 - name: include_totals in: query description: true if a query summary must be included in the result, false otherwise. Not returned when using checkpoint pagination. Default false. schema: type: boolean - name: from in: query description: Optional Id from which to start selection. schema: type: string - name: take in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 - name: strategy in: query description: Provide strategies to only retrieve connections with such strategies style: form explode: true schema: type: array items: $ref: '#/components/schemas/ConnectionStrategyEnum' - name: name in: query description: Provide the name of the connection to retrieve schema: type: string - name: fields in: query description: A comma separated list of fields to include or exclude (depending on include_fields) from the result, empty to retrieve all fields schema: type: string pattern: ^((name)|(display_name)|(strategy)|(options)|(id)|(provisioning_ticket_url)|(metadata)|(show_as_button)|(clients)|(authentication)|(connected_accounts)|(cross_app_access_requesting_app)|(cross_app_access_resource_app)|(enabled_clients))(,((name)|(display_name)|(strategy)|(options)|(id)|(provisioning_ticket_url)|(metadata)|(show_as_button)|(clients)|(authentication)|(connected_accounts)|(cross_app_access_requesting_app)|(cross_app_access_resource_app)|(enabled_clients)))*$ - name: include_fields in: query description: true if the fields specified are to be included in the result, false otherwise (defaults to true) schema: type: boolean responses: '200': description: The connections were retrieved. content: application/json: schema: $ref: '#/components/schemas/ListConnectionsResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation '403': description: 'Insufficient scope, expected any of: read:connections' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_connections x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListConnectionsQueryParameters x-operation-group: connections security: - bearerAuth: [] - oAuth2ClientCredentials: - read:connections post: summary: Create a Connection description: 'Creates a new connection according to the JSON object received in body. Note: If a connection with the same name was recently deleted and had a large number of associated users, the deletion may still be processing. Creating a new connection with that name before the deletion completes may fail or produce unexpected results. ' tags: - connections requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateConnectionRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateConnectionRequestContent' responses: '201': description: The connection was created. content: application/json: schema: $ref: '#/components/schemas/CreateConnectionResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. x-description-1: Your account is not allowed to set options.set_user_root_attributes x-description-2: options.set_user_root_attributes can be set only for enterprise connections, social connections or custom database connections (using external users store) x-description-3: No phone provider configured for the tenant x-description-4: Passwordless connection cannot be made as delivery method (sms/text) is not supported by the configured Tenant phone provider x-description-5: custom_password_hash option cannot be set because the universal password hash feature is not enabled for this tenant x-description-6: The custom_password_hash option is only available for database connections x-description-7: The action_id field value cannot be empty, null or undefined x-description-8: The provided custom password hash action id does not exist x-description-9: The provided action does not support the password hash migration trigger x-description-10: The provided action must be deployed to be used for password hash migration '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation '403': description: 'Insufficient scope, expected any of: create:connections' x-description-1: You reached the limit of entities of this type for this tenant. x-description-2: You can only create 1 non-Okta enterprise connection(s) for this tenant. '409': description: A connection with the same name already exists x-description-1: A connection with the same name is being deleted, try again later x-description-2: There is already another connection with some realms from "realms" parameter x-description-3: There is already a domain connection enabled for strategy '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_connections x-release-lifecycle: GA x-operation-name: create x-operation-group: connections security: - bearerAuth: [] - oAuth2ClientCredentials: - create:connections /connections-directory-provisionings: get: summary: Get a List of Directory Provisioning Configurations description: 'Retrieve a list of directory provisioning configurations of a tenant. ' tags: - connections-directory-provisionings parameters: - name: from in: query description: Optional Id from which to start selection. schema: type: string - name: take in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 responses: '200': description: The tenant's directory provisioning configuration. See Response Schemas for schema. content: application/json: schema: $ref: '#/components/schemas/ListDirectoryProvisioningsResponseContent' '400': description: Invalid pagination cursor x-description-1: Invalid request query string. The message will vary depending on the cause. x-description-2: Invalid query string paging options. The message will vary depending on the cause '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: The inbound directory provisioning feature is not enabled for this tenant x-description-1: 'Insufficient scope; expected any of: read:directory_provisionings.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_connections-directory-provisionings x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListDirectoryProvisioningsRequestParameters x-operation-group: - connections - directoryProvisioning security: - bearerAuth: [] - oAuth2ClientCredentials: - read:directory_provisionings /connections-scim-configurations: get: summary: Get a List of SCIM Configurations description: 'Retrieve a list of SCIM configurations of a tenant. ' tags: - connections-scim-configurations parameters: - name: from in: query description: Optional Id from which to start selection. schema: type: string - name: take in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 responses: '200': description: The tenant's SCIM configurations. See Response Schema for schema. content: application/json: schema: $ref: '#/components/schemas/ListSCIMConfigurationsResponseContent' '400': description: Invalid pagination cursor. x-description-1: Invalid request query string. The message will vary depending on the cause. x-description-2: Invalid query string paging options. The message will vary depending on the cause '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:scim_config.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_connections-scim-configurations x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListSCIMConfigurationsRequestParameters x-operation-group: - connections - scimConfiguration security: - bearerAuth: [] - oAuth2ClientCredentials: - read:scim_config /connections/{id}: get: summary: Get a Connection description: Retrieve details for a specified connection along with options that can be used for identity provider configuration. tags: - connections parameters: - name: id in: path description: The id of the connection to retrieve required: true schema: type: string - name: fields in: query description: A comma separated list of fields to include or exclude (depending on include_fields) from the result, empty to retrieve all fields schema: type: string pattern: ^((name)|(display_name)|(strategy)|(options)|(id)|(provisioning_ticket_url)|(metadata)|(show_as_button)|(clients)|(authentication)|(connected_accounts)|(cross_app_access_requesting_app)|(cross_app_access_resource_app)|(enabled_clients))(,((name)|(display_name)|(strategy)|(options)|(id)|(provisioning_ticket_url)|(metadata)|(show_as_button)|(clients)|(authentication)|(connected_accounts)|(cross_app_access_requesting_app)|(cross_app_access_resource_app)|(enabled_clients)))*$ - name: include_fields in: query description: true if the fields specified are to be included in the result, false otherwise (defaults to true) schema: type: boolean responses: '200': description: The connection was retrieved. content: application/json: schema: $ref: '#/components/schemas/GetConnectionResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation '403': description: 'Insufficient scope, expected any of: read:connections' '404': description: The connection does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_connections_by_id x-release-lifecycle: GA x-operation-name: get x-operation-request-parameters-name: GetConnectionRequestParameters x-operation-group: connections security: - bearerAuth: [] - oAuth2ClientCredentials: - read:connections delete: summary: Delete a Connection description: 'Removes a specific connection from your tenant. This action cannot be undone. Once removed, users can no longer use this connection to authenticate. Note: If your connection has a large amount of users associated with it, please be aware that this operation can be long running after the response is returned and may impact concurrent create connection requests, if they use an identical connection name. ' tags: - connections parameters: - name: id in: path description: The id of the connection to delete required: true schema: type: string responses: '202': description: The connection is being deleted. '204': description: The connection no longer exists. '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation '403': description: 'Insufficient scope, expected any of: delete:connections' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_connections_by_id x-release-lifecycle: GA x-operation-name: delete x-operation-group: connections security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:connections patch: summary: Update a Connection description: 'Update details for a specific connection, including option properties for identity provider configuration. Note: If you use the options parameter, the entire options object is overriden. To avoid partial data or other issues, ensure all parameters are present when using this option.' tags: - connections parameters: - name: id in: path description: The id of the connection to update required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateConnectionRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateConnectionRequestContent' responses: '200': description: The connection was updated. content: application/json: schema: $ref: '#/components/schemas/UpdateConnectionResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request body. The message will vary depending on the cause. x-description-2: This database contains users. You cannot change "options.enabledDatabaseCustomization" setting. x-description-3: Your account is not allowed to set options.set_user_root_attributes x-description-4: The Azure AD common endpoint cannot be enabled for this connection when SCIM is enabled. x-description-5: The Google Workspace Users API (options.api_enable_users) cannot be disabled for this connection when inbound directory provisioning is enabled. x-description-6: The Groups extended attribute (options.ext_groups) cannot be disabled for this connection when inbound directory provisioning for groups is enabled. x-description-7: options.set_user_root_attributes can be set only for enterprise connections, social connections or custom database connections (using external users store) x-description-8: custom_password_hash option cannot be set because the universal password hash feature is not enabled for this tenant x-description-9: The custom_password_hash option is only available for database connections x-description-10: The action_id field value cannot be empty, null or undefined x-description-11: The provided custom password hash action id does not exist x-description-12: The provided action does not support the password hash migration trigger x-description-13: The provided action must be deployed to be used for password hash migration '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation '403': description: 'Insufficient scope, expected any of: update:connections' '404': description: The connection does not exist '409': description: The name/client_id tuple has already been used for another connection '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_connections_by_id x-release-lifecycle: GA x-operation-name: update x-operation-group: connections security: - bearerAuth: [] - oAuth2ClientCredentials: - update:connections /connections/{id}/clients: get: summary: Get Enabled Clients for a Connection description: 'Retrieve all clients that have the specified connection enabled. Note: The first time you call this endpoint, omit the from parameter. If there are more results, a next value is included in the response. You can use this for subsequent API calls. When next is no longer included in the response, no further results are remaining. ' tags: - connections parameters: - name: id in: path description: The id of the connection for which enabled clients are to be retrieved required: true schema: type: string - name: take in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 1000 - name: from in: query description: Optional Id from which to start selection. schema: type: string maxLength: 1000 responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/GetConnectionEnabledClientsResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation '403': description: 'Insufficient scope, expected any of: read:connections' '404': description: The connection does not exist '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_connection_clients x-release-lifecycle: GA x-operation-name: get x-operation-request-parameters-name: GetConnectionEnabledClientsRequestParameters x-operation-group: - connections - clients security: - bearerAuth: [] - oAuth2ClientCredentials: - read:connections patch: summary: Update Enabled Clients for a Connection tags: - connections parameters: - name: id in: path description: The id of the connection to modify required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateEnabledClientConnectionsRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateEnabledClientConnectionsRequestContent' responses: '204': description: Success '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request body. The message will vary depending on the cause. x-description-2: Tenant Phone Provider not set. Connection can not be enable on a client. x-description-3: Passwordless cannot be enabled for a client, as delivery method (sms/text) is not supported by the configured Tenant phone provider '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation '403': description: 'Insufficient scope, expected any of: update:connections' '404': description: The connection does not exist x-description-1: The client does not exist '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_clients x-release-lifecycle: GA x-operation-name: update x-operation-group: - connections - clients security: - bearerAuth: [] - oAuth2ClientCredentials: - update:connections /connections/{id}/directory-provisioning: get: summary: Get a Directory Provisioning Configuration description: Retrieve the directory provisioning configuration of a connection. tags: - connections parameters: - name: id in: path description: The id of the connection to retrieve its directory provisioning configuration required: true schema: type: string responses: '200': description: The connection's directory provisioning configuration. See Response Schemas for schema. content: application/json: schema: $ref: '#/components/schemas/GetDirectoryProvisioningResponseContent' '400': description: Path validation error x-description-1: The connection strategy does not support inbound directory provisioning '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: The inbound directory provisioning feature is not enabled for this tenant x-description-1: 'Insufficient scope; expected any of: read:directory_provisionings.' '404': description: The connection does not exist x-description-1: Directory provisioning configuration not found '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_directory-provisioning x-release-lifecycle: GA x-operation-name: get x-operation-group: - connections - directoryProvisioning security: - bearerAuth: [] - oAuth2ClientCredentials: - read:directory_provisionings delete: summary: Delete a Directory Provisioning Configuration description: Delete the directory provisioning configuration of a connection. tags: - connections parameters: - name: id in: path description: The id of the connection to delete its directory provisioning configuration required: true schema: type: string responses: '204': description: The connection's directory provisioning configuration has been deleted. '400': description: Path validation error '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: The inbound directory provisioning feature is not enabled for this tenant x-description-1: 'Insufficient scope; expected any of: delete:directory_provisionings.' '404': description: The connection does not exist '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_directory-provisioning x-release-lifecycle: GA x-operation-name: delete x-operation-group: - connections - directoryProvisioning security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:directory_provisionings patch: summary: Patch a Directory Provisioning Configuration description: 'Update the directory provisioning configuration of a connection. ' tags: - connections parameters: - name: id in: path description: The id of the connection to create its directory provisioning configuration required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateDirectoryProvisioningRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateDirectoryProvisioningRequestContent' responses: '200': description: The connection's directory provisioning configuration was updated. See Response Schemas for schema. content: application/json: schema: $ref: '#/components/schemas/UpdateDirectoryProvisioningResponseContent' '400': description: Path validation error x-description-1: Payload validation error x-description-2: Invalid mapping provided x-description-3: The connection strategy does not support inbound directory provisioning x-description-4: The connection cannot be synchronized because setup is incomplete. Please complete the Google Workspace connection administrator setup and try again. x-description-5: The Groups extended attribute is not enabled on the connection. Select the Groups extended attribute option and go through the setup again. x-description-6: The Google Workspace Groups API is not enabled on the connection. Select the Enable Groups API option and go through the setup again. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: The inbound directory provisioning feature is not enabled for this tenant x-description-1: Group synchronization is not enabled for this tenant x-description-2: 'Insufficient scope; expected any of: update:directory_provisionings.' '404': description: The connection does not exist x-description-1: Directory provisioning configuration not found '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_directory-provisioning x-release-lifecycle: GA x-operation-name: update x-operation-group: - connections - directoryProvisioning security: - bearerAuth: [] - oAuth2ClientCredentials: - update:directory_provisionings post: summary: Create a Directory Provisioning Configuration description: 'Create a directory provisioning configuration for a connection. ' tags: - connections parameters: - name: id in: path description: The id of the connection to create its directory provisioning configuration required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateDirectoryProvisioningRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateDirectoryProvisioningRequestContent' responses: '201': description: The connection's directory provisioning configuration was created. See Response Schemas for schema. content: application/json: schema: $ref: '#/components/schemas/CreateDirectoryProvisioningResponseContent' '400': description: Path validation error x-description-1: Payload validation error x-description-2: Invalid mapping provided x-description-3: The connection strategy does not support inbound directory provisioning x-description-4: The Google Workspace Users API is not enabled on the connection. Select the Enable Users API option and go through the setup again. x-description-5: The connection cannot be synchronized because setup is incomplete. Please complete the Google Workspace connection administrator setup and try again. x-description-6: The Groups extended attribute is not enabled on the connection. Select the Groups extended attribute option and go through the setup again. x-description-7: The Google Workspace Groups API is not enabled on the connection. Select the Enable Groups API option and go through the setup again. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: The inbound directory provisioning feature is not enabled for this tenant x-description-1: Group synchronization is not enabled for this tenant x-description-2: 'Insufficient scope; expected any of: create:directory_provisionings.' '404': description: The connection does not exist '409': description: Directory provisioning is already enabled on the specified connection '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_directory-provisioning x-release-lifecycle: GA x-operation-name: create x-operation-group: - connections - directoryProvisioning security: - bearerAuth: [] - oAuth2ClientCredentials: - create:directory_provisionings /connections/{id}/directory-provisioning/default-mapping: get: summary: Get a Connection's Default Directory Provisioning Attribute Mapping description: 'Retrieve the directory provisioning default attribute mapping of a connection. ' tags: - connections parameters: - name: id in: path description: The id of the connection to retrieve its directory provisioning configuration required: true schema: type: string responses: '200': description: The connection's directory provisioning default mapping. See Response Schemas for schema. content: application/json: schema: $ref: '#/components/schemas/GetDirectoryProvisioningDefaultMappingResponseContent' '400': description: Path validation error x-description-1: The connection strategy does not support inbound directory provisioning '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: The inbound directory provisioning feature is not enabled for this tenant x-description-1: 'Insufficient scope; expected any of: read:directory_provisionings.' '404': description: The connection does not exist x-description-1: Directory provisioning configuration not found '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_directory_provisioning_default_mapping x-release-lifecycle: GA x-operation-name: getDefaultMapping x-operation-group: - connections - directoryProvisioning security: - bearerAuth: [] - oAuth2ClientCredentials: - read:directory_provisionings /connections/{id}/directory-provisioning/synchronizations: post: summary: Request an On-demand Synchronization of the Directory description: 'Request an on-demand synchronization of the directory. ' tags: - connections parameters: - name: id in: path description: The id of the connection to trigger synchronization for required: true schema: type: string responses: '201': description: The directory synchronization was triggered. See Response Schemas for schema. content: application/json: schema: $ref: '#/components/schemas/CreateDirectorySynchronizationResponseContent' '400': description: Path validation error x-description-1: Connection has been synchronized in the last 30 minutes. Please wait before synchronizing it again. x-description-2: The connection cannot be synchronized because setup is incomplete. Please complete the Google Workspace connection administrator setup and try again. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: create:directory_provisionings.' '404': description: The connection does not exist x-description-1: Directory provisioning configuration not found '409': description: A synchronization has already been requested or is in progress for the connection '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_synchronizations x-release-lifecycle: GA x-operation-name: create x-operation-group: - connections - directoryProvisioning - synchronizations security: - bearerAuth: [] - oAuth2ClientCredentials: - create:directory_provisionings /connections/{id}/directory-provisioning/synchronized-groups: get: summary: Get Synchronized Groups for a Directory Provisioning Configuration description: 'Retrieve the configured synchronized groups for a connection directory provisioning configuration. ' tags: - connections parameters: - name: id in: path description: The id of the connection to list synchronized groups for. required: true schema: type: string - name: from in: query description: Optional Id from which to start selection. schema: type: string - name: take in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 responses: '200': description: The connection's synchronized groups. See Response Schemas for schema. content: application/json: schema: $ref: '#/components/schemas/ListSynchronizedGroupsResponseContent' '400': description: Path validation error x-description-1: The Google Workspace Groups API is not enabled on the connection. Select the Enable Groups API option and go through the setup again. x-description-2: The connection cannot be synchronized because setup is incomplete. Please complete the Google Workspace connection administrator setup and try again. x-description-3: The pagination token has expired. x-description-4: Invalid request query string. The message will vary depending on the cause. x-description-5: Invalid query string paging options. The message will vary depending on the cause '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: Synchronized groups selection is not enabled for this tenant x-description-1: Group synchronization is not enabled for this tenant x-description-2: The inbound directory provisioning feature is not enabled for this tenant x-description-3: 'Insufficient scope; expected any of: read:directory_provisionings.' '404': description: The connection does not exist x-description-1: Connection directory provisioning configuration not found '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_synchronized-groups x-release-lifecycle: EA x-operation-name: listSynchronizedGroups x-operation-request-parameters-name: ListSynchronizedGroupsRequestParameters x-operation-group: - connections - directoryProvisioning security: - bearerAuth: [] - oAuth2ClientCredentials: - read:directory_provisionings put: summary: Create or Replace Synchronized Group Selections for a Directory Provisioning Configuration description: 'Create or replace the selected groups for a connection directory provisioning configuration. ' tags: - connections parameters: - name: id in: path description: The id of the connection to create or replace synchronized groups for required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/ReplaceSynchronizedGroupsRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/ReplaceSynchronizedGroupsRequestContent' responses: '204': description: No Content '400': description: Path validation error x-description-1: Payload validation error x-description-2: The Google Workspace Groups API is not enabled on the connection. Select the Enable Groups API option and go through the setup again. x-description-3: The connection cannot be synchronized because setup is incomplete. Please complete the Google Workspace connection administrator setup and try again. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: Synchronized groups selection is not enabled for this tenant x-description-1: Group synchronization is not enabled for this tenant x-description-2: The inbound directory provisioning feature is not enabled for this tenant x-description-3: 'Insufficient scope; expected any of: update:directory_provisionings.' '404': description: The connection does not exist x-description-1: Connection directory provisioning configuration not found '409': description: Conflict '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: put_synchronized-groups x-release-lifecycle: EA x-operation-name: set x-operation-group: - connections - directoryProvisioning security: - bearerAuth: [] - oAuth2ClientCredentials: - update:directory_provisionings /connections/{id}/keys: get: summary: Get Connection Keys description: 'Gets the connection keys for the Okta or OIDC connection strategy. ' tags: - connections parameters: - name: id in: path description: ID of the connection required: true schema: type: string responses: '200': description: Connection keys successfully retrieved. content: application/json: schema: type: array items: $ref: '#/components/schemas/ConnectionKey' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: keys are not available for this connection '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:connections_keys.' '404': description: Connection not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_keys x-release-lifecycle: GA x-operation-name: get x-operation-group: - connections - keys security: - bearerAuth: [] - oAuth2ClientCredentials: - read:connections_keys post: summary: Create Connection Keys description: 'Provision initial connection keys for Okta or OIDC connection strategies. This endpoint allows you to create keys before configuring the connection to use Private Key JWT authentication, enabling zero-downtime transitions. ' tags: - connections parameters: - name: id in: path description: ID of the connection required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/PostConnectionKeysRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/PostConnectionKeysRequestContent' responses: '201': description: Connection keys successfully created. content: application/json: schema: $ref: '#/components/schemas/PostConnectionsKeysResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: create:connections_keys.' '404': description: Connection not found. '409': description: Keys have already been created for this connection. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_keys x-release-lifecycle: GA x-operation-name: create x-operation-group: - connections - keys security: - bearerAuth: [] - oAuth2ClientCredentials: - create:connections_keys /connections/{id}/keys/rotate: post: summary: Rotate Connection Keys description: 'Rotates the connection keys for the Okta or OIDC connection strategies. ' tags: - connections parameters: - name: id in: path description: ID of the connection required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/RotateConnectionKeysRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/RotateConnectionKeysRequestContent' responses: '201': description: Connection keys successfully rotated. content: application/json: schema: $ref: '#/components/schemas/RotateConnectionsKeysResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Key rotation is not supported on this connection x-description-2: Connection is not configured to use JWT Client Authentication '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected all of: create:connections_keys, update:connections_keys.' '404': description: Connection not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_rotate x-release-lifecycle: GA x-operation-name: rotate x-operation-group: - connections - keys security: - bearerAuth: [] - oAuth2ClientCredentials: - create:connections_keys - update:connections_keys /connections/{id}/scim-configuration: get: summary: Get a Connection's SCIM Configuration description: 'Retrieves a scim configuration by its connectionId. ' tags: - connections parameters: - name: id in: path description: The id of the connection to retrieve its SCIM configuration required: true schema: type: string responses: '200': description: The connection's SCIM configuration was retrieved. See Response Schemas for schema. content: application/json: schema: $ref: '#/components/schemas/GetScimConfigurationResponseContent' '400': description: Path validation error '404': description: The connection does not exist x-description-1: Not Found operationId: get_scim-configuration x-release-lifecycle: GA x-operation-name: get x-operation-group: - connections - scimConfiguration security: - bearerAuth: [] - oAuth2ClientCredentials: - read:scim_config delete: summary: Delete a Connection's SCIM Configuration description: 'Deletes a scim configuration by its connectionId. ' tags: - connections parameters: - name: id in: path description: The id of the connection to delete its SCIM configuration required: true schema: type: string responses: '204': description: The connection's SCIM configuration has been deleted. '400': description: Path validation error '404': description: The connection does not exist operationId: delete_scim-configuration x-release-lifecycle: GA x-operation-name: delete x-operation-group: - connections - scimConfiguration security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:scim_config patch: summary: Patch a Connection's SCIM Configuration description: 'Update a scim configuration by its connectionId. ' tags: - connections parameters: - name: id in: path description: The id of the connection to update its SCIM configuration required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateScimConfigurationRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateScimConfigurationRequestContent' responses: '200': description: The connection's SCIM configuration was updated. See Response Schemas for schema. content: application/json: schema: $ref: '#/components/schemas/UpdateScimConfigurationResponseContent' '400': description: Invalid mapping provided x-description-1: Invalid payload x-description-2: Path validation error '404': description: The connection does not exist operationId: patch_scim-configuration x-release-lifecycle: GA x-operation-name: update x-operation-group: - connections - scimConfiguration security: - bearerAuth: [] - oAuth2ClientCredentials: - update:scim_config post: summary: Create a SCIM Configuration description: 'Create a scim configuration for a connection. ' tags: - connections parameters: - name: id in: path description: The id of the connection to create its SCIM configuration required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateScimConfigurationRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateScimConfigurationRequestContent' responses: '201': description: The connection's SCIM configuration was created. See Response Schemas for schema. content: application/json: schema: $ref: '#/components/schemas/CreateScimConfigurationResponseContent' '400': description: Path validation error x-description-1: SCIM configuration alreay exists for connection x-description-2: Invalid mapping provided x-description-3: Invalid payload x-description-4: SCIM cannot be enabled for this connection when the Azure AD common endpoint is used. '404': description: The connection does not exist operationId: post_scim-configuration x-release-lifecycle: GA x-operation-name: create x-operation-group: - connections - scimConfiguration security: - bearerAuth: [] - oAuth2ClientCredentials: - create:scim_config /connections/{id}/scim-configuration/default-mapping: get: summary: Get a Connection's Default SCIM Mapping description: 'Retrieves a scim configuration''s default mapping by its connectionId. ' tags: - connections parameters: - name: id in: path description: The id of the connection to retrieve its default SCIM mapping required: true schema: type: string responses: '200': description: The connection's default SCIM mapping was retrieved. See Response Schemas for schema. content: application/json: schema: $ref: '#/components/schemas/GetScimConfigurationDefaultMappingResponseContent' '400': description: Path validation error '404': description: Not Found x-description-1: The connection does not exist operationId: get_default-mapping x-release-lifecycle: GA x-operation-name: getDefaultMapping x-operation-group: - connections - scimConfiguration security: - bearerAuth: [] - oAuth2ClientCredentials: - read:scim_config /connections/{id}/scim-configuration/tokens: get: summary: Get a Connection's SCIM Tokens description: 'Retrieves all scim tokens by its connection id. ' tags: - connections parameters: - name: id in: path description: The id of the connection to retrieve its SCIM configuration required: true schema: type: string responses: '200': description: The connection's SCIM tokens were retrieved. See Response Schemas for schema. content: application/json: schema: $ref: '#/components/schemas/GetScimTokensResponseContent' '400': description: Path validation error '404': description: The connection does not exist operationId: get_scim_tokens x-release-lifecycle: GA x-operation-name: get x-operation-group: - connections - scimConfiguration - tokens security: - bearerAuth: [] - oAuth2ClientCredentials: - read:scim_token post: summary: Create a SCIM Token description: 'Create a scim token for a scim client. ' tags: - connections parameters: - name: id in: path description: The id of the connection to create its SCIM token required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateScimTokenRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateScimTokenRequestContent' responses: '201': description: The connection's SCIM token was created. See Response Schemas for schema. content: application/json: schema: $ref: '#/components/schemas/CreateScimTokenResponseContent' '400': description: Path validation error '404': description: The connection does not exist '409': description: Maximum of 2 tokens already issued for this connection operationId: post_scim_token x-release-lifecycle: GA x-operation-name: create x-operation-group: - connections - scimConfiguration - tokens security: - bearerAuth: [] - oAuth2ClientCredentials: - create:scim_token /connections/{id}/scim-configuration/tokens/{tokenId}: delete: summary: Delete a Connection's SCIM Token description: 'Deletes a scim token by its connection id and tokenId. ' tags: - connections parameters: - name: id in: path description: The connection id that owns the SCIM token to delete required: true schema: type: string - name: tokenId in: path description: The id of the scim token to delete required: true schema: type: string responses: '204': description: The SCIM token has been deleted. '400': description: Path validation error '404': description: The connection does not exist operationId: delete_tokens_by_tokenId x-release-lifecycle: GA x-operation-name: delete x-operation-group: - connections - scimConfiguration - tokens security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:scim_token /connections/{id}/status: get: summary: Check Connection Status description: Retrieves the status of an ad/ldap connection referenced by its ID. 200 OK http status code response is returned when the connection is online, otherwise a 404 status code is returned along with an error message tags: - connections parameters: - name: id in: path description: ID of the connection to check required: true schema: type: string responses: '200': description: Connection status successfully retrieved. '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:connections.' '404': description: Connection not found. x-description-1: not connected to any node '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_status x-release-lifecycle: GA x-operation-name: checkStatus x-operation-group: connections security: - bearerAuth: [] - oAuth2ClientCredentials: - read:connections /connections/{id}/users: delete: summary: Delete a Connection User description: 'Deletes a specified connection user by its email (you cannot delete all users from specific connection). Currently, only Database Connections are supported. ' tags: - connections parameters: - name: id in: path description: The id of the connection (currently only database connections are supported) required: true schema: type: string - name: email in: query description: The email of the user to delete required: true schema: type: string responses: '204': description: The user no longer exists. '400': description: The connection does not exist x-description-1: Connection must be a database connection x-description-2: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation '403': description: 'Insufficient scope, expected any of: delete:users' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_users_by_email x-release-lifecycle: GA x-operation-name: deleteByEmail x-operation-request-parameters-name: DeleteConnectionUsersByEmailQueryParameters x-operation-group: - connections - users security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:users /custom-domains: get: summary: Get Custom Domains Configurations description: Retrieve details on custom domains. tags: - custom-domains parameters: - name: take in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 - name: from in: query description: Optional Id from which to start selection. schema: type: string maxLength: 1000 - name: q in: query description: Query in Lucene query string syntax. schema: type: string maxLength: 1000 - name: fields in: query description: Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields. schema: type: string maxLength: 100 - name: include_fields in: query description: Whether specified fields are to be included (true) or excluded (false). schema: type: boolean - name: sort in: query description: Field to sort by. Only domain:1 (ascending order by domain) is supported at this time. schema: type: string maxLength: 15 pattern: ^domain:1$ responses: '200': description: Custom domains successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListCustomDomainsResponseContent' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:custom_domains.' x-description-1: Some fields cannot be read with the permissions granted by the bearer token scopes. The message will vary depending on the fields and the scopes. x-description-2: The account is not allowed to perform this operation. x-description-3: There must be a verified credit card on file to perform this operation '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_custom-domains x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListCustomDomainsRequestParameters x-operation-group: customDomains security: - bearerAuth: [] - oAuth2ClientCredentials: - read:custom_domains post: summary: Configure a New Custom Domain description: 'Create a new custom domain. Note: The custom domain will need to be verified before it will accept requests. Optional attributes that can be updated: - custom_client_ip_header - tls_policy TLS Policies: - recommended - for modern usage this includes TLS 1.2 only ' tags: - custom-domains requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateCustomDomainRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateCustomDomainRequestContent' responses: '201': description: Custom domain successfully created (verification is pending). content: application/json: schema: $ref: '#/components/schemas/CreateCustomDomainResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. x-description-1: The 'tls_policy' cannot be set on self_managed domains x-description-2: The 'custom_client_ip_header' cannot be set on auth0_managed domains x-description-3: The 'relying_party_identifier' must be equal to or a registrable domain suffix of the domain. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: create:custom_domains.' x-description-1: The account is not allowed to perform this operation. x-description-2: There must be a verified credit card on file to perform this operation '409': description: Custom domain already exists. x-description-1: You reached the maximum number of custom domains for your account. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_custom-domains x-release-lifecycle: GA x-operation-name: create x-operation-group: customDomains security: - bearerAuth: [] - oAuth2ClientCredentials: - create:custom_domains /custom-domains/default: get: summary: Get the Default Domain description: 'Retrieve the tenant''s default domain. ' tags: - custom-domains responses: '200': description: Default domain successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetDefaultDomainResponseContent' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:custom_domains.' x-description-1: The account is not allowed to perform this operation. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_default x-release-lifecycle: GA x-operation-name: getDefault x-operation-group: customDomains security: - bearerAuth: [] - oAuth2ClientCredentials: - read:custom_domains patch: summary: Update the Default Custom Domain for the Tenant description: 'Set the default custom domain for the tenant. ' tags: - custom-domains requestBody: content: application/json: schema: $ref: '#/components/schemas/SetDefaultCustomDomainRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/SetDefaultCustomDomainRequestContent' responses: '200': description: Default custom domain set successfully. content: application/json: schema: $ref: '#/components/schemas/UpdateDefaultDomainResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '403': description: Insufficient scope; expected update:custom_domains. x-description-1: The account is not allowed to perform this operation. operationId: patch_default x-release-lifecycle: GA x-operation-name: setDefault x-operation-group: customDomains security: - bearerAuth: [] - oAuth2ClientCredentials: - update:custom_domains /custom-domains/{id}: get: summary: Get Custom Domain Configuration description: Retrieve a custom domain configuration and status. tags: - custom-domains parameters: - name: id in: path description: ID of the custom domain to retrieve. required: true schema: type: string responses: '200': description: Custom domain successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetCustomDomainResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:custom_domains.' x-description-1: Some fields cannot be read with the permissions granted by the bearer token scopes. The message will vary depending on the fields and the scopes. x-description-2: The account is not allowed to perform this operation. x-description-3: There must be a verified credit card on file to perform this operation '404': description: Custom domain not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_custom-domains_by_id x-release-lifecycle: GA x-operation-name: get x-operation-group: customDomains security: - bearerAuth: [] - oAuth2ClientCredentials: - read:custom_domains delete: summary: Delete Custom Domain Configuration description: Delete a custom domain and stop serving requests for it. tags: - custom-domains parameters: - name: id in: path description: ID of the custom domain to delete. required: true schema: type: string responses: '204': description: Custom domain successfully deleted. '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: delete:custom_domains.' x-description-1: The account is not allowed to perform this operation. x-description-2: There must be a verified credit card on file to perform this operation. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_custom-domains_by_id x-release-lifecycle: GA x-operation-name: delete x-operation-group: customDomains security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:custom_domains patch: summary: Update Custom Domain Configuration description: 'Update a custom domain. These are the attributes that can be updated: - custom_client_ip_header - tls_policy
Updating CUSTOM_CLIENT_IP_HEADER for a custom domain
To update the custom_client_ip_header for a domain, the body to send should be: 
{ "custom_client_ip_header": "cf-connecting-ip" }
Updating TLS_POLICY for a custom domain
To update the tls_policy for a domain, the body to send should be: 
{ "tls_policy": "recommended" }
TLS Policies: - recommended - for modern usage this includes TLS 1.2 only Some considerations: - The TLS ciphers and protocols available in each TLS policy follow industry recommendations, and may be updated occasionally. - The compatible TLS policy is no longer supported. ' tags: - custom-domains parameters: - name: id in: path description: The id of the custom domain to update required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateCustomDomainRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateCustomDomainRequestContent' responses: '200': description: Custom domain updated. content: application/json: schema: $ref: '#/components/schemas/UpdateCustomDomainResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. x-description-1: The 'tls_policy' cannot be set on self_managed domains x-description-2: The 'custom_client_ip_header' cannot be set on auth0_managed domains x-description-3: The 'relying_party_identifier' must be equal to or a registrable domain suffix of the domain. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected: update:custom_domains.' x-description-1: Your account is not allowed to perform this operation. x-description-2: There must be a verified credit card on file to perform this operation '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_custom-domains_by_id x-release-lifecycle: GA x-operation-name: update x-operation-group: customDomains security: - bearerAuth: [] - oAuth2ClientCredentials: - update:custom_domains /custom-domains/{id}/test: post: summary: Test a Custom Domain description: Run the test process on a custom domain. tags: - custom-domains parameters: - name: id in: path description: ID of the custom domain to test. required: true schema: type: string responses: '200': description: Custom domain test successfully completed. content: application/json: schema: $ref: '#/components/schemas/TestCustomDomainResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:custom_domains.' x-description-1: The account is not allowed to perform this operation. x-description-2: There must be a verified credit card on file to perform this operation '404': description: Custom domain not found. '409': description: The custom domain is not ready. operationId: post_test_domain x-release-lifecycle: GA x-operation-name: test x-operation-group: customDomains security: - bearerAuth: [] - oAuth2ClientCredentials: - read:custom_domains /custom-domains/{id}/verify: post: summary: Verify a Custom Domain description: 'Run the verification process on a custom domain. Note: Check the status field to see its verification status. Once verification is complete, it may take up to 10 minutes before the custom domain can start accepting requests. For self_managed_certs, when the custom domain is verified for the first time, the response will also include the cname_api_key which you will need to configure your proxy. This key must be kept secret, and is used to validate the proxy requests. Learn more about verifying custom domains that use Auth0 Managed certificates. Learn more about verifying custom domains that use Self Managed certificates. ' tags: - custom-domains parameters: - name: id in: path description: ID of the custom domain to verify. required: true schema: type: string responses: '200': description: Custom domain successfully verified. content: application/json: schema: $ref: '#/components/schemas/VerifyCustomDomainResponseContent' x-description-1: Custom domain failed verification. '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Custom domain already verified. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: create:custom_domains.' x-description-1: The account is not allowed to perform this operation. x-description-2: There must be a verified credit card on file to perform this operation '404': description: Custom domain not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_verify x-release-lifecycle: GA x-operation-name: verify x-operation-group: customDomains security: - bearerAuth: [] - oAuth2ClientCredentials: - create:custom_domains /device-credentials: get: summary: Retrieve Device Credentials description: 'Retrieve device credential information (public_key, refresh_token, or rotating_refresh_token) associated with a specific user. ' tags: - device-credentials parameters: - name: page in: query description: Page index of the results to return. First page is 0. schema: type: integer minimum: 0 - name: per_page in: query description: Number of results per page. There is a maximum of 1000 results allowed from this endpoint. schema: type: integer minimum: 1 maximum: 100 - name: include_totals in: query description: Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). schema: type: boolean - name: fields in: query description: Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields. schema: type: string pattern: ^((device_name)|(id)|(device_id)|(type)|(user_id)|(client_id))(,((device_name)|(id)|(device_id)|(type)|(user_id)|(client_id)))*$ - name: include_fields in: query description: Whether specified fields are to be included (true) or excluded (false). schema: type: boolean - name: user_id in: query description: user_id of the devices to retrieve. schema: type: string - name: client_id in: query description: client_id of the devices to retrieve. schema: type: string - name: type in: query description: Type of credentials to retrieve. Must be `public_key`, `refresh_token` or `rotating_refresh_token`. The property will default to `refresh_token` when paging is requested schema: $ref: '#/components/schemas/DeviceCredentialTypeEnum' responses: '200': description: Device credentials successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListDeviceCredentialsResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. x-description-3: Username is malformed, try with '{connection}\{email_or_username}' x-description-4: Bad username or password. '403': description: User to be acted on does not match subject in bearer token. x-description-1: 'Insufficient scope, expected any of: read:device_credentials' x-description-2: Cannot retrieve device credentials for that user. x-description-3: Cannot retrieve device credentials for that client. x-description-4: Must provide client_id parameter. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_device-credentials x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListDeviceCredentialsRequestParameters x-operation-group: deviceCredentials security: - bearerAuth: [] - oAuth2ClientCredentials: - read:device_credentials post: summary: Create a Device Public Key Credential description: 'Create a device credential public key to manage refresh token rotation for a given user_id. Device Credentials APIs are designed for ad-hoc administrative use only and paging is by default enabled for GET requests. When refresh token rotation is enabled, the endpoint becomes consistent. For more information, read Signing Keys. ' tags: - device-credentials requestBody: content: application/json: schema: $ref: '#/components/schemas/CreatePublicKeyDeviceCredentialRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreatePublicKeyDeviceCredentialRequestContent' responses: '201': description: Device credentials successfully created. content: application/json: schema: $ref: '#/components/schemas/CreatePublicKeyDeviceCredentialResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Username is malformed, try with "{connection}\{email_or_username}". x-description-3: Bad username or password. '403': description: Cannot create device credentials for that user. x-description-1: Cannot create device credentials for that client. x-description-2: 'Insufficient scope; expected any of: create:current_user_device_credentials.' '409': description: A public key already exists for the device. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_device-credentials x-release-lifecycle: GA x-operation-name: createPublicKey x-operation-group: deviceCredentials security: - bearerAuth: [] - oAuth2ClientCredentials: - create:current_user_device_credentials /device-credentials/{id}: delete: summary: Delete a Device Credential description: Permanently delete a device credential (such as a refresh token or public key) with the given ID. tags: - device-credentials parameters: - name: id in: path description: ID of the credential to delete. required: true schema: type: string pattern: ^dcr_[A-Za-z0-9]{16}$ responses: '204': description: Device credentials successfully deleted. '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. x-description-3: Username is malformed, try with "{connection}\{email_or_username}". x-description-4: Bad username or password. '403': description: 'Insufficient scope; expected any of: delete:device_credentials, update:current_user, delete:current_user_device_credentials.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_device-credentials_by_id x-release-lifecycle: GA x-operation-name: delete x-operation-group: deviceCredentials security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:device_credentials - delete:current_user_device_credentials /email-templates: post: summary: Create an Email Template description: Create an email template. tags: - email-templates requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateEmailTemplateRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateEmailTemplateRequestContent' responses: '200': description: Template successfully created. content: application/json: schema: $ref: '#/components/schemas/CreateEmailTemplateResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected: create:email_templates.' '409': description: Template (templateName) already exists. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_email-templates x-release-lifecycle: GA x-operation-name: create x-operation-group: emailTemplates security: - bearerAuth: [] - oAuth2ClientCredentials: - create:email_templates /email-templates/{templateName}: get: summary: Get an Email Template description: Retrieve an email template by pre-defined name. These names are `verify_email`, `verify_email_by_code`, `reset_email`, `reset_email_by_code`, `welcome_email`, `blocked_account`, `stolen_credentials`, `enrollment_email`, `mfa_oob_code`, `user_invitation`, and `async_approval`. The names `change_password`, and `password_reset` are also supported for legacy scenarios. tags: - email-templates parameters: - name: templateName in: path description: Template name. Can be `verify_email`, `verify_email_by_code`, `reset_email`, `reset_email_by_code`, `welcome_email`, `blocked_account`, `stolen_credentials`, `enrollment_email`, `mfa_oob_code`, `user_invitation`, `async_approval`, `change_password` (legacy), or `password_reset` (legacy). required: true schema: $ref: '#/components/schemas/EmailTemplateNameEnum' responses: '200': description: Template successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetEmailTemplateResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected: read:email_templates.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_email-templates_by_templateName x-release-lifecycle: GA x-operation-name: get x-operation-group: emailTemplates security: - bearerAuth: [] - oAuth2ClientCredentials: - read:email_templates patch: summary: Patch an Email Template description: Modify an email template. tags: - email-templates parameters: - name: templateName in: path description: Template name. Can be `verify_email`, `verify_email_by_code`, `reset_email`, `reset_email_by_code`, `welcome_email`, `blocked_account`, `stolen_credentials`, `enrollment_email`, `mfa_oob_code`, `user_invitation`, `async_approval`, `change_password` (legacy), or `password_reset` (legacy). required: true schema: $ref: '#/components/schemas/EmailTemplateNameEnum' requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateEmailTemplateRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateEmailTemplateRequestContent' responses: '200': description: Template successfully updated. content: application/json: schema: $ref: '#/components/schemas/UpdateEmailTemplateResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected: update:email_templates.' '404': description: Template not found and cannot be updated. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_email-templates_by_templateName x-release-lifecycle: GA x-operation-name: update x-operation-group: emailTemplates security: - bearerAuth: [] - oAuth2ClientCredentials: - update:email_templates put: summary: Update an Email Template description: Update an email template. tags: - email-templates parameters: - name: templateName in: path description: Template name. Can be `verify_email`, `verify_email_by_code`, `reset_email`, `reset_email_by_code`, `welcome_email`, `blocked_account`, `stolen_credentials`, `enrollment_email`, `mfa_oob_code`, `user_invitation`, `async_approval`, `change_password` (legacy), or `password_reset` (legacy). required: true schema: $ref: '#/components/schemas/EmailTemplateNameEnum' requestBody: content: application/json: schema: $ref: '#/components/schemas/SetEmailTemplateRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/SetEmailTemplateRequestContent' responses: '200': description: Template successfully updated. content: application/json: schema: $ref: '#/components/schemas/SetEmailTemplateResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected: update:email_templates.' '404': description: Template not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: put_email-templates_by_templateName x-release-lifecycle: GA x-operation-name: set x-operation-group: emailTemplates security: - bearerAuth: [] - oAuth2ClientCredentials: - update:email_templates /emails/provider: get: summary: Get Email Provider description: 'Retrieve details of the email provider configuration in your tenant. A list of fields to include or exclude may also be specified. ' tags: - emails parameters: - name: fields in: query description: Comma-separated list of fields to include or exclude (dependent upon include_fields) from the result. Leave empty to retrieve `name` and `enabled`. Additional fields available include `credentials`, `default_from_address`, and `settings`. schema: type: string pattern: ^((name)|(enabled)|(credentials)|(settings)|(default_from_address))(,((name)|(enabled)|(credentials)|(settings)|(default_from_address)))*$ - name: include_fields in: query description: Whether specified fields are to be included (true) or excluded (false). schema: type: boolean responses: '200': description: Email provider successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetEmailProviderResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:email_provider.' '404': description: Email provider has not been configured. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_provider x-release-lifecycle: GA x-operation-name: get x-operation-request-parameters-name: GetEmailProviderRequestParameters x-operation-group: - emails - provider security: - bearerAuth: [] - oAuth2ClientCredentials: - read:email_provider delete: summary: Delete Email Provider description: 'Delete the email provider. ' tags: - emails responses: '204': description: The email provider has been deleted. '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation '403': description: 'Insufficient scope, expected any of: delete:email_provider' '404': description: Email provider does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_provider x-release-lifecycle: GA x-operation-name: delete x-operation-group: - emails - provider security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:email_provider patch: summary: Update Email Provider description: "Update an email provider. The credentials object\nrequires different properties\ \ depending on the email provider (which is specified using the name property):\n\nDepending on the type of provider it is possible to specify settings object with different\ \ configuration\noptions, which will be used when sending an email:\n\n" tags: - emails requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateEmailProviderRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateEmailProviderRequestContent' responses: '200': description: Email provider successfully updated. content: application/json: schema: $ref: '#/components/schemas/UpdateEmailProviderResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: update:email_provider.' '404': description: Email provider has not been configured. '409': description: No deployed action was found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_provider x-release-lifecycle: GA x-operation-name: update x-operation-group: - emails - provider security: - bearerAuth: [] - oAuth2ClientCredentials: - update:email_provider post: summary: Configure Email Provider description: "Create an email provider. The credentials object\nrequires different properties\ \ depending on the email provider (which is specified using the name property):\n\nDepending on the type of provider it is possible to specify settings object with different\ \ configuration\noptions, which will be used when sending an email:\n\n" tags: - emails requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateEmailProviderRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateEmailProviderRequestContent' responses: '201': description: Email provider successfully created. content: application/json: schema: $ref: '#/components/schemas/CreateEmailProviderResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: create:email_provider.' '409': description: Email provider is already configured. x-description-1: No deployed action was found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_provider x-release-lifecycle: GA x-operation-name: create x-operation-group: - emails - provider security: - bearerAuth: [] - oAuth2ClientCredentials: - create:email_provider /event-streams: get: summary: Get Event Streams tags: - event-streams parameters: - name: from in: query description: Optional Id from which to start selection. schema: type: string - name: take in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 responses: '200': description: Event streams successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListEventStreamsResponseContent' '400': description: Invalid query string paging options. The message will vary depending on the cause '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:event_streams.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_event-streams x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListEventStreamsRequestParameters x-operation-group: eventStreams security: - bearerAuth: [] - oAuth2ClientCredentials: - read:event_streams post: summary: Create an Event Stream tags: - event-streams requestBody: content: application/json: schema: oneOf: - $ref: '#/components/schemas/CreateEventStreamWebHookRequestContent' - $ref: '#/components/schemas/CreateEventStreamEventBridgeRequestContent' - $ref: '#/components/schemas/CreateEventStreamActionRequestContent' application/x-www-form-urlencoded: schema: oneOf: - $ref: '#/components/schemas/CreateEventStreamWebHookRequestContent' - $ref: '#/components/schemas/CreateEventStreamEventBridgeRequestContent' - $ref: '#/components/schemas/CreateEventStreamActionRequestContent' responses: '201': description: Event Stream stream created successfully. content: application/json: schema: $ref: '#/components/schemas/CreateEventStreamResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: create:event_streams.' '409': description: You have reached the maximum number of event streams for your account OR Event stream name already in use. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_event-streams x-release-lifecycle: GA x-operation-name: create x-operation-group: eventStreams security: - bearerAuth: [] - oAuth2ClientCredentials: - create:event_streams /event-streams/{id}: get: summary: Get an Event Stream by ID tags: - event-streams parameters: - name: id in: path description: Unique identifier for the event stream. required: true schema: type: string minLength: 26 maxLength: 26 responses: '200': description: Event stream successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetEventStreamResponseContent' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:event_streams.' '404': description: The event stream does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_event-streams_by_id x-release-lifecycle: GA x-operation-name: get x-operation-group: eventStreams security: - bearerAuth: [] - oAuth2ClientCredentials: - read:event_streams delete: summary: Delete an Event Stream tags: - event-streams parameters: - name: id in: path description: Unique identifier for the event stream. required: true schema: type: string minLength: 26 maxLength: 26 responses: '204': description: The event stream was deleted. '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: delete:event_streams.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_event-streams_by_id x-release-lifecycle: GA x-operation-name: delete x-operation-group: eventStreams security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:event_streams patch: summary: Update an Event Stream tags: - event-streams parameters: - name: id in: path description: Unique identifier for the event stream. required: true schema: type: string minLength: 26 maxLength: 26 requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateEventStreamRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateEventStreamRequestContent' responses: '200': description: Event stream successfully updated. content: application/json: schema: $ref: '#/components/schemas/UpdateEventStreamResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: update:event_streams.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_event-streams_by_id x-release-lifecycle: GA x-operation-name: update x-operation-group: eventStreams security: - bearerAuth: [] - oAuth2ClientCredentials: - update:event_streams /event-streams/{id}/deliveries: get: summary: Get This Event Stream's Delivery History tags: - event-streams parameters: - name: id in: path description: Unique identifier for the event stream. required: true schema: type: string minLength: 26 maxLength: 26 - name: statuses in: query description: Comma-separated list of statuses by which to filter schema: type: string - name: event_types in: query description: Comma-separated list of event types by which to filter schema: type: string - name: date_from in: query description: An RFC-3339 date-time for redelivery start, inclusive. Does not allow sub-second precision. schema: type: string maxLength: 20 - name: date_to in: query description: An RFC-3339 date-time for redelivery end, exclusive. Does not allow sub-second precision. schema: type: string maxLength: 20 - name: from in: query description: Optional Id from which to start selection. schema: type: string - name: take in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 responses: '200': description: Event stream deliveries successfully retrieved. content: application/json: schema: type: array items: $ref: '#/components/schemas/EventStreamDelivery' '400': description: Invalid query string paging options. The message will vary depending on the cause '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:event_streams, read:event_deliveries.' '404': description: The event stream does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_event_deliveries x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListEventStreamDeliveriesRequestParameters x-operation-group: - eventStreams - deliveries security: - bearerAuth: [] - oAuth2ClientCredentials: - read:event_streams - read:event_deliveries /event-streams/{id}/deliveries/{event_id}: get: summary: Get a Specific Event's Delivery History tags: - event-streams parameters: - name: id in: path description: Unique identifier for the event stream. required: true schema: type: string minLength: 26 maxLength: 26 - name: event_id in: path description: Unique identifier for the event required: true schema: type: string minLength: 26 maxLength: 26 responses: '200': description: Delivery history for event successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetEventStreamDeliveryHistoryResponseContent' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:event_deliveries.' '404': description: The event stream does not exist. x-description-1: The event does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_deliveries_by_event_id x-release-lifecycle: GA x-operation-name: getHistory x-operation-group: - eventStreams - deliveries security: - bearerAuth: [] - oAuth2ClientCredentials: - read:event_deliveries /event-streams/{id}/redeliver: post: summary: Redeliver Failed Events tags: - event-streams parameters: - name: id in: path description: Unique identifier for the event stream. required: true schema: type: string minLength: 26 maxLength: 26 requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateEventStreamRedeliveryRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateEventStreamRedeliveryRequestContent' responses: '202': description: Redelivery request accepted. content: application/json: schema: $ref: '#/components/schemas/CreateEventStreamRedeliveryResponseContent' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: update:event_deliveries.' '404': description: The event stream does not exist. '409': description: One or more events is not in a state that allows redelivery. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_redeliver x-release-lifecycle: GA x-operation-name: create x-operation-group: - eventStreams - redeliveries security: - bearerAuth: [] - oAuth2ClientCredentials: - update:event_deliveries /event-streams/{id}/redeliver/{event_id}: post: summary: Redeliver a Single Failed Event by ID tags: - event-streams parameters: - name: id in: path description: Unique identifier for the event stream. required: true schema: type: string minLength: 26 maxLength: 26 - name: event_id in: path description: Unique identifier for the event required: true schema: type: string minLength: 26 maxLength: 26 responses: '202': description: Redelivery request accepted. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: update:event_deliveries.' '404': description: The event stream does not exist. x-description-1: The event does not exist. '409': description: The event is not in a state that allows redelivery. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_redeliver_by_event_id x-release-lifecycle: GA x-operation-name: createById x-operation-group: - eventStreams - redeliveries security: - bearerAuth: [] - oAuth2ClientCredentials: - update:event_deliveries /event-streams/{id}/test: post: summary: Send a Test Event to an Event Stream tags: - event-streams parameters: - name: id in: path description: Unique identifier for the event stream. required: true schema: type: string minLength: 26 maxLength: 26 requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateEventStreamTestEventRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateEventStreamTestEventRequestContent' responses: '202': description: Test event successfully submitted. content: application/json: schema: $ref: '#/components/schemas/CreateEventStreamTestEventResponseContent' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: update:event_streams.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_test_event x-release-lifecycle: GA x-operation-name: test x-operation-group: eventStreams security: - bearerAuth: [] - oAuth2ClientCredentials: - update:event_streams /events: get: summary: Subscribe to Events Via Server-Sent Events (SSE) description: Subscribe to events via Server-Sent Events (SSE) tags: - events parameters: - name: from in: query description: Opaque token representing position in the stream. If not provided, stream will start from the latest events. schema: type: string maxLength: 1024 - name: from_timestamp in: query description: RFC-3339 timestamp indicating where to start streaming events from. This should only be used on the initial query when a cursor may not be available. Subsequent requests should use the cursor (from) as it will be more accurate. schema: type: string maxLength: 20 - name: event_type in: query description: Event type(s) to listen for. Specify multiple times for multiple types (e.g., ?event_type=user.created&event_type=user.updated). If not provided, all event types will be streamed. style: form explode: true schema: $ref: '#/components/schemas/EventStreamSubscribeEventsEventTypeParam' responses: '200': description: Event stream successfully established. content: text/event-stream: schema: $ref: '#/components/schemas/EventStreamSubscribeEventsResponseContent' '400': description: Invalid cursor format. x-description-1: Unsupported event type. x-description-2: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: Maximum concurrent event stream connections reached. Please close existing connections. x-description-1: 'Insufficient scope; expected any of: read:events.' '404': description: Not found '410': description: Cursor points to data no longer available in the stream. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: subscribe_events x-release-lifecycle: GA x-operation-name: subscribe x-operation-request-parameters-name: SubscribeEventsRequestParameters x-operation-group: events security: - bearerAuth: [] - oAuth2ClientCredentials: - read:events /flows: get: summary: Get Flows tags: - flows parameters: - name: page in: query description: Page index of the results to return. First page is 0. schema: type: integer minimum: 0 maximum: 1000 - name: per_page in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 - name: include_totals in: query description: Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). schema: type: boolean - name: hydrate in: query description: hydration param style: form explode: true schema: type: array items: $ref: '#/components/schemas/ListFlowsRequestParametersHydrateEnum' - name: synchronous in: query description: flag to filter by sync/async flows schema: type: boolean responses: '200': description: Flows successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListFlowsResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. x-description-1: Invalid query string paging options. The message will vary depending on the cause '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:flows.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_flows x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListFlowsRequestParameters x-operation-group: flows security: - bearerAuth: [] - oAuth2ClientCredentials: - read:flows post: summary: Create a Flow tags: - flows requestBody: x-release-lifecycle: GA content: application/json: schema: $ref: '#/components/schemas/CreateFlowRequestContent' x-release-lifecycle: GA application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateFlowRequestContent' x-release-lifecycle: GA responses: '201': description: Flow successfully created. content: application/json: schema: $ref: '#/components/schemas/CreateFlowResponseContent' x-release-lifecycle: GA x-release-lifecycle: GA '400': description: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: create:flows.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_flows x-release-lifecycle: GA x-operation-name: create x-operation-group: flows security: - bearerAuth: [] - oAuth2ClientCredentials: - create:flows /flows/vault/connections: get: summary: Get Flows Vault Connection List tags: - flows parameters: - name: page in: query description: Page index of the results to return. First page is 0. schema: type: integer minimum: 0 maximum: 1000 - name: per_page in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 - name: include_totals in: query description: Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). schema: type: boolean responses: '200': description: Vault connections successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListFlowsVaultConnectionsResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. x-description-1: Invalid query string paging options. The message will vary depending on the cause '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:flows_vault_connections.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_flows_vault_connections x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListFlowsVaultConnectionsRequestParameters x-operation-group: - flows - vault - connections security: - bearerAuth: [] - oAuth2ClientCredentials: - read:flows_vault_connections post: summary: Create a Flows Vault Connection tags: - flows requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateFlowsVaultConnectionRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateFlowsVaultConnectionRequestContent' responses: '201': description: Connection successfully created. content: application/json: schema: $ref: '#/components/schemas/CreateFlowsVaultConnectionResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: create:flows_vault_connections.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_flows_vault_connections x-release-lifecycle: GA x-operation-name: create x-operation-group: - flows - vault - connections security: - bearerAuth: [] - oAuth2ClientCredentials: - create:flows_vault_connections /flows/vault/connections/{id}: get: summary: Get a Flows Vault Connection tags: - flows parameters: - name: id in: path description: Flows Vault connection ID required: true schema: type: string maxLength: 30 responses: '200': description: Flow vault connection successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetFlowsVaultConnectionResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:flows_vault_connections.' '404': description: The Flow vault connection does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_flows_vault_connections_by_id x-release-lifecycle: GA x-operation-name: get x-operation-request-parameters-name: GetFlowsVaultConnectionRequestParameters x-operation-group: - flows - vault - connections security: - bearerAuth: [] - oAuth2ClientCredentials: - read:flows_vault_connections delete: summary: Delete a Flows Vault Connection tags: - flows parameters: - name: id in: path description: Vault connection id required: true schema: type: string maxLength: 30 responses: '204': description: Connection successfully deleted. '400': description: Invalid request body. The message will vary depending on the cause. x-description-1: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: delete:flows_vault_connections.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_flows_vault_connections_by_id x-release-lifecycle: GA x-operation-name: delete x-operation-group: - flows - vault - connections security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:flows_vault_connections patch: summary: Update a Flows Vault Connection tags: - flows parameters: - name: id in: path description: Flows Vault connection ID required: true schema: type: string maxLength: 30 requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateFlowsVaultConnectionRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateFlowsVaultConnectionRequestContent' responses: '200': description: Flow vault connection successfully updated. content: application/json: schema: $ref: '#/components/schemas/UpdateFlowsVaultConnectionResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: update:flows_vault_connections.' '404': description: The Flow vault connection does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_flows_vault_connections_by_id x-release-lifecycle: GA x-operation-name: update x-operation-group: - flows - vault - connections security: - bearerAuth: [] - oAuth2ClientCredentials: - update:flows_vault_connections /flows/{flow_id}/executions: get: summary: Get Flow Executions tags: - flows parameters: - name: flow_id in: path description: Flow id required: true schema: type: string maxLength: 30 - name: page in: query description: Page index of the results to return. First page is 0. schema: type: integer minimum: 0 - name: per_page in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 - name: include_totals in: query description: Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). schema: type: boolean - name: from in: query description: Optional Id from which to start selection. schema: type: string - name: take in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 responses: '200': description: Flow executions successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetFlowsExecutionsResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. x-description-1: Invalid query string paging options. The message will vary depending on the cause '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:flows_executions.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_flows_executions x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListFlowExecutionsRequestParameters x-operation-group: - flows - executions security: - bearerAuth: [] - oAuth2ClientCredentials: - read:flows_executions /flows/{flow_id}/executions/{execution_id}: get: summary: Get a Flow Execution tags: - flows parameters: - name: flow_id in: path description: Flow id required: true schema: type: string maxLength: 30 - name: execution_id in: path description: Flow execution id required: true schema: type: string maxLength: 30 - name: hydrate in: query description: Hydration param style: form explode: true schema: type: array items: $ref: '#/components/schemas/GetFlowExecutionRequestParametersHydrateEnum' responses: '200': description: Flow execution successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetFlowExecutionResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:flows_executions.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_flows_executions_by_execution_id x-release-lifecycle: GA x-operation-name: get x-operation-request-parameters-name: GetFlowExecutionRequestParameters x-operation-group: - flows - executions security: - bearerAuth: [] - oAuth2ClientCredentials: - read:flows_executions delete: summary: Delete a Flow Execution tags: - flows parameters: - name: flow_id in: path description: Flows id required: true schema: type: string maxLength: 30 - name: execution_id in: path description: Flow execution identifier required: true schema: type: string maxLength: 30 responses: '204': description: Flow execution successfully deleted. '400': description: Invalid request body. The message will vary depending on the cause. x-description-1: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: delete:flows_executions.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_flows_executions_by_execution_id x-release-lifecycle: GA x-operation-name: delete x-operation-group: - flows - executions security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:flows_executions /flows/{id}: get: summary: Get a Flow tags: - flows parameters: - name: id in: path description: Flow identifier required: true schema: type: string maxLength: 30 - name: hydrate in: query description: hydration param style: form explode: true schema: type: array items: $ref: '#/components/schemas/GetFlowRequestParametersHydrateEnum' responses: '200': description: Flow successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetFlowResponseContent' x-release-lifecycle: GA x-release-lifecycle: GA '400': description: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:flows.' '404': description: The flow does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_flows_by_id x-release-lifecycle: GA x-operation-name: get x-operation-request-parameters-name: GetFlowRequestParameters x-operation-group: flows security: - bearerAuth: [] - oAuth2ClientCredentials: - read:flows delete: summary: Delete a Flow tags: - flows parameters: - name: id in: path description: Flow id required: true schema: type: string maxLength: 30 responses: '204': description: Flow successfully deleted. '400': description: Invalid request body. The message will vary depending on the cause. x-description-1: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: delete:flows.' '404': description: The flow does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_flows_by_id x-release-lifecycle: GA x-operation-name: delete x-operation-group: flows security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:flows patch: summary: Update a Flow tags: - flows parameters: - name: id in: path description: Flow identifier required: true schema: type: string maxLength: 30 requestBody: x-release-lifecycle: GA content: application/json: schema: $ref: '#/components/schemas/UpdateFlowRequestContent' x-release-lifecycle: GA application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateFlowRequestContent' x-release-lifecycle: GA responses: '200': description: Flow successfully updated. content: application/json: schema: $ref: '#/components/schemas/UpdateFlowResponseContent' x-release-lifecycle: GA x-release-lifecycle: GA '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: update:flows.' '404': description: The flow does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_flows_by_id x-release-lifecycle: GA x-operation-name: update x-operation-group: flows security: - bearerAuth: [] - oAuth2ClientCredentials: - update:flows /forms: get: summary: Get Forms tags: - forms parameters: - name: page in: query description: Page index of the results to return. First page is 0. schema: type: integer minimum: 0 maximum: 1000 - name: per_page in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 - name: include_totals in: query description: Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). schema: type: boolean - name: hydrate in: query description: Query parameter to hydrate the response with additional data style: form explode: true schema: type: array items: $ref: '#/components/schemas/FormsRequestParametersHydrateEnum' responses: '200': description: Forms successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListFormsResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. x-description-1: Invalid query string paging options. The message will vary depending on the cause '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:forms.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_forms x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListFormsRequestParameters x-operation-group: forms security: - bearerAuth: [] - oAuth2ClientCredentials: - read:forms post: summary: Create a Form tags: - forms requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateFormRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateFormRequestContent' responses: '201': description: Form successfully created. content: application/json: schema: $ref: '#/components/schemas/CreateFormResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: create:forms.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: create_form x-release-lifecycle: GA x-operation-name: create x-operation-group: forms security: - bearerAuth: [] - oAuth2ClientCredentials: - create:forms /forms/{id}: get: summary: Get a Form tags: - forms parameters: - name: id in: path description: The ID of the form to retrieve. required: true schema: type: string maxLength: 30 - name: hydrate in: query description: Query parameter to hydrate the response with additional data style: form explode: true schema: type: array items: $ref: '#/components/schemas/FormsRequestParametersHydrateEnum' responses: '200': description: Form successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetFormResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:forms.' '404': description: The form does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_form x-release-lifecycle: GA x-operation-name: get x-operation-request-parameters-name: GetFormRequestParameters x-operation-group: forms security: - bearerAuth: [] - oAuth2ClientCredentials: - read:forms delete: summary: Delete a Form tags: - forms parameters: - name: id in: path description: The ID of the form to delete. required: true schema: type: string maxLength: 30 responses: '204': description: Form successfully deleted. '400': description: Invalid request body. The message will vary depending on the cause. x-description-1: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: delete:forms.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_form x-release-lifecycle: GA x-operation-name: delete x-operation-group: forms security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:forms patch: summary: Update a Form tags: - forms parameters: - name: id in: path description: The ID of the form to update. required: true schema: type: string maxLength: 30 requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateFormRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateFormRequestContent' responses: '200': description: Form successfully updated. content: application/json: schema: $ref: '#/components/schemas/UpdateFormResponseContent' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: update:forms.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_form x-release-lifecycle: GA x-operation-name: update x-operation-group: forms security: - bearerAuth: [] - oAuth2ClientCredentials: - update:forms /grants: get: summary: Get Grants description: 'Retrieve the grants associated with your account. ' tags: - grants parameters: - name: per_page in: query description: Number of results per page. schema: type: integer minimum: 1 maximum: 100 - name: page in: query description: Page index of the results to return. First page is 0. schema: type: integer minimum: 0 - name: include_totals in: query description: Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). schema: type: boolean - name: user_id in: query description: user_id of the grants to retrieve. schema: type: string - name: client_id in: query description: client_id of the grants to retrieve. schema: type: string - name: audience in: query description: audience of the grants to retrieve. schema: type: string responses: '200': description: Grants successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListUserGrantsResponseContent' '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:grants.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_grants x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListUserGrantsRequestParameters x-operation-group: userGrants security: - bearerAuth: [] - oAuth2ClientCredentials: - read:grants delete: summary: Delete a Grant by User_id description: 'Delete a grant associated with your account. ' tags: - grants parameters: - name: user_id in: query description: user_id of the grant to delete. required: true schema: type: string responses: '204': description: User grant successfully deleted. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: delete:grants.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_grants_by_user_id x-release-lifecycle: GA x-operation-name: deleteByUserId x-operation-request-parameters-name: DeleteUserGrantByUserIdRequestParameters x-operation-group: userGrants security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:grants /grants/{id}: delete: summary: Delete a Grant by Id description: 'Delete a grant associated with your account. ' tags: - grants parameters: - name: id in: path description: ID of the grant to delete. required: true schema: type: string responses: '204': description: User grant successfully deleted. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: delete:grants.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_grants_by_id x-release-lifecycle: GA x-operation-name: delete x-operation-group: userGrants security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:grants /groups: get: summary: Get All Groups description: 'List all groups in your tenant. ' tags: - groups parameters: - name: connection_id in: query description: Filter groups by connection ID. schema: type: string - name: name in: query description: Filter groups by name. schema: type: string minLength: 1 maxLength: 128 pattern: ^[\x20-\x7E]+$ - name: external_id in: query description: Filter groups by external ID. schema: type: string maxLength: 256 - name: search in: query description: Search for groups by name or external ID. schema: type: string minLength: 1 maxLength: 256 - name: fields in: query description: A comma separated list of fields to include or exclude (depending on include_fields) from the result, empty to retrieve all fields schema: type: string maxLength: 256 pattern: ^((id)|(name)|(external_id)|(organization_id)|(connection_id)|(tenant_name)|(description)|(created_at)|(updated_at))(,((id)|(name)|(external_id)|(organization_id)|(connection_id)|(tenant_name)|(description)|(created_at)|(updated_at)))*$ - name: include_fields in: query description: Whether specified fields are to be included (true) or excluded (false). schema: type: boolean - name: page in: query description: Page index of the results to return. First page is 0. schema: type: integer minimum: 0 - name: per_page in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 - name: include_totals in: query description: Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). schema: type: boolean - name: from in: query description: Optional Id from which to start selection. schema: type: string - name: take in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 responses: '200': description: Groups successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListGroupsResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. x-description-1: Invalid query string paging options. The message will vary depending on the cause '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:groups.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_groups x-release-lifecycle: EA x-operation-name: list x-operation-request-parameters-name: ListGroupsRequestParameters x-operation-group: groups security: - bearerAuth: [] - oAuth2ClientCredentials: - read:groups /groups/{id}: get: summary: Get a Group description: 'Retrieve a group by its ID. ' tags: - groups parameters: - name: id in: path description: Unique identifier for the group (service-generated). required: true schema: type: string minLength: 18 maxLength: 26 pattern: ^grp_[1-9a-km-zA-HJ-NP-Z]{14,22}$ responses: '200': description: Group successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetGroupResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:groups.' '404': description: The group does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_group x-release-lifecycle: EA x-operation-name: get x-operation-request-parameters-name: getGroupRequestParameters x-operation-group: groups security: - bearerAuth: [] - oAuth2ClientCredentials: - read:groups delete: summary: Delete a Group description: 'Delete a group by its ID. ' tags: - groups parameters: - name: id in: path description: Unique identifier for the group (service-generated). required: true schema: type: string minLength: 18 maxLength: 26 pattern: ^grp_[1-9a-km-zA-HJ-NP-Z]{14,22}$ responses: '204': description: Group successfully deleted. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: delete:groups.' '404': description: The group does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_group x-release-lifecycle: EA x-operation-name: delete x-operation-request-parameters-name: deleteGroupRequestParameters x-operation-group: groups security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:groups /groups/{id}/members: get: summary: Get Group Members description: 'List all users that are a member of this group. ' tags: - groups parameters: - name: id in: path description: Unique identifier for the group (service-generated). required: true schema: type: string minLength: 18 maxLength: 26 pattern: ^grp_[1-9a-km-zA-HJ-NP-Z]{14,22}$ - name: fields in: query description: A comma separated list of fields to include or exclude (depending on include_fields) from the result, empty to retrieve all fields schema: type: string maxLength: 256 pattern: ^((id)|(member_type)|(type)|(connection_id)|(created_at))(,((id)|(member_type)|(type)|(connection_id)|(created_at)))*$ - name: include_fields in: query description: Whether specified fields are to be included (true) or excluded (false). schema: type: boolean - name: from in: query description: Optional Id from which to start selection. schema: type: string - name: take in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 responses: '200': description: Group members successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetGroupMembersResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:group_members.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_group_members x-release-lifecycle: EA x-operation-name: get x-operation-request-parameters-name: GetGroupMembersRequestParameters x-operation-group: - groups - members security: - bearerAuth: [] - oAuth2ClientCredentials: - read:group_members /guardian/enrollments/ticket: post: summary: Create a Multi-factor Authentication Enrollment Ticket description: "Create a multi-factor authentication\ \ (MFA) enrollment ticket, and optionally send an email with the created ticket, to a given user.\nCreate a multi-factor authentication (MFA) enrollment ticket, and optionally send an email with the created ticket to a given user. Enrollment tickets can specify\ \ which factor users must enroll with or allow existing MFA users to enroll in additional factors.
\n\nNote: Users cannot enroll in Email as a factor\ \ through custom enrollment tickets. \n" tags: - guardian requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateGuardianEnrollmentTicketRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateGuardianEnrollmentTicketRequestContent' responses: '200': description: Enrollment ticket successfully created. content: application/json: schema: $ref: '#/components/schemas/CreateGuardianEnrollmentTicketResponseContent' '400': description: Invalid input based on schemas. '401': description: Token has expired or signature is invalid. '403': description: Insufficient scope. '404': description: User not found. operationId: post_ticket x-release-lifecycle: GA x-operation-name: createTicket x-operation-group: - guardian - enrollments security: - bearerAuth: [] - oAuth2ClientCredentials: - create:guardian_enrollment_tickets /guardian/enrollments/{id}: get: summary: Get a Multi-factor Authentication Enrollment description: Retrieve details, such as status and type, for a specific multi-factor authentication enrollment registered to a user account. tags: - guardian parameters: - name: id in: path description: ID of the enrollment to be retrieve. required: true schema: type: string pattern: ^((totp|sms|voice|push|email|recovery-code|webauthn-roaming|webauthn-platform)\|)?dev_[A-Za-z0-9-_]+$ responses: '200': description: Enrollment successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetGuardianEnrollmentResponseContent' '400': description: Invalid input based on schemas. '401': description: Token has expired or signature is invalid. '403': description: Insufficient scope. operationId: get_enrollments_by_id x-release-lifecycle: GA x-operation-name: get x-operation-group: - guardian - enrollments security: - bearerAuth: [] - oAuth2ClientCredentials: - read:guardian_enrollments delete: summary: Delete a Multi-factor Authentication Enrollment description: Remove a specific multi-factor authentication (MFA) enrollment from a user's account. This allows the user to re-enroll with MFA. For more information, review Reset User Multi-Factor Authentication and Recovery Codes. tags: - guardian parameters: - name: id in: path description: ID of the enrollment to be deleted. required: true schema: type: string pattern: ^((totp|sms|voice|push|email|recovery-code|webauthn-roaming|webauthn-platform)\|)?dev_[A-Za-z0-9-_]+$ responses: '204': description: Enrollment successfully deleted. '400': description: Invalid input based on schemas. '401': description: Token has expired or signature is invalid. '403': description: Insufficient scope (expected delete:enrollment). operationId: delete_enrollments_by_id x-release-lifecycle: GA x-operation-name: delete x-operation-group: - guardian - enrollments security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:guardian_enrollments /guardian/factors: get: summary: Get Factors and Multi-factor Authentication Details description: Retrieve details of all multi-factor authentication factors associated with your tenant. tags: - guardian responses: '200': description: Factors successfully retrieved. content: application/json: schema: type: array items: $ref: '#/components/schemas/GuardianFactor' '400': description: Invalid input based on schemas. '401': description: Token has expired or signature is invalid. '403': description: Insufficient scope. operationId: get_factors x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListFactorsRequestParameters x-operation-group: - guardian - factors security: - bearerAuth: [] - oAuth2ClientCredentials: - read:guardian_factors /guardian/factors/duo/settings: get: summary: Get DUO Configuration description: Retrieves the DUO account and factor configuration. tags: - guardian responses: '200': description: DUO settings successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetGuardianFactorDuoSettingsResponseContent' '400': description: Invalid input based on schemas. '401': description: Token has expired or signature is invalid. '403': description: Insufficient scope. operationId: get_factor_duo_settings x-release-lifecycle: GA x-operation-name: get x-operation-group: - guardian - factors - duo - settings security: - bearerAuth: [] - oAuth2ClientCredentials: - read:guardian_factors patch: summary: Update the DUO Configuration tags: - guardian requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateGuardianFactorDuoSettingsRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateGuardianFactorDuoSettingsRequestContent' responses: '200': description: DUO settings successfully updated. content: application/json: schema: $ref: '#/components/schemas/UpdateGuardianFactorDuoSettingsResponseContent' '400': description: Invalid input based on schemas. '401': description: Token has expired or signature is invalid. '403': description: Insufficient scope. operationId: patch_factor_duo_settings x-release-lifecycle: GA x-operation-name: update x-operation-group: - guardian - factors - duo - settings security: - bearerAuth: [] - oAuth2ClientCredentials: - update:guardian_factors put: summary: Set the DUO Configuration description: Set the DUO account configuration and other properties specific to this factor. tags: - guardian requestBody: content: application/json: schema: $ref: '#/components/schemas/SetGuardianFactorDuoSettingsRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/SetGuardianFactorDuoSettingsRequestContent' responses: '200': description: DUO settings successfully updated. content: application/json: schema: $ref: '#/components/schemas/SetGuardianFactorDuoSettingsResponseContent' '400': description: Invalid input based on schemas. '401': description: Token has expired or signature is invalid. '403': description: Insufficient scope. operationId: put_factor_duo_settings x-release-lifecycle: GA x-operation-name: set x-operation-group: - guardian - factors - duo - settings security: - bearerAuth: [] - oAuth2ClientCredentials: - update:guardian_factors /guardian/factors/phone/message-types: get: summary: Get Enabled Phone Factors description: Retrieve list of phone-type MFA factors (i.e., sms and voice) that are enabled for your tenant. tags: - guardian responses: '200': description: Returns the enabled phone factors content: application/json: schema: $ref: '#/components/schemas/GetGuardianFactorPhoneMessageTypesResponseContent' '400': description: Invalid input based on schemas '401': description: Token has expired or signature is invalid '403': description: Insufficient scope operationId: get_message-types x-release-lifecycle: GA x-operation-name: getMessageTypes x-operation-group: - guardian - factors - phone security: - bearerAuth: [] - oAuth2ClientCredentials: - read:guardian_factors put: summary: Update the Enabled Phone Factors description: Replace the list of phone-type MFA factors (i.e., sms and voice) that are enabled for your tenant. tags: - guardian requestBody: content: application/json: schema: $ref: '#/components/schemas/SetGuardianFactorPhoneMessageTypesRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/SetGuardianFactorPhoneMessageTypesRequestContent' responses: '200': description: Returns selected SMS provider configuration content: application/json: schema: $ref: '#/components/schemas/SetGuardianFactorPhoneMessageTypesResponseContent' '400': description: Invalid input based on schemas '401': description: Token has expired or signature is invalid '403': description: Insufficient scope '404': description: The phone factor does not exist. operationId: put_message-types x-release-lifecycle: GA x-operation-name: setMessageTypes x-operation-group: - guardian - factors - phone security: - bearerAuth: [] - oAuth2ClientCredentials: - update:guardian_factors /guardian/factors/phone/providers/twilio: get: summary: Get Twilio Configuration description: 'Retrieve configuration details for a Twilio phone provider that has been set up in your tenant. To learn more, review Configure SMS and Voice Notifications for MFA. ' tags: - guardian responses: '200': description: Twilio Phone configuration successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetGuardianFactorsProviderPhoneTwilioResponseContent' '400': description: Invalid input based on schemas. '401': description: Token has expired or signature is invalid. '403': description: Insufficient scope. operationId: get_phone_twilio_factor_provider x-release-lifecycle: GA x-operation-name: getTwilioProvider x-operation-group: - guardian - factors - phone security: - bearerAuth: [] - oAuth2ClientCredentials: - read:guardian_factors put: summary: Update Twilio Configuration description: 'Update the configuration of a Twilio phone provider that has been set up in your tenant. To learn more, review Configure SMS and Voice Notifications for MFA. ' tags: - guardian requestBody: content: application/json: schema: $ref: '#/components/schemas/SetGuardianFactorsProviderPhoneTwilioRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/SetGuardianFactorsProviderPhoneTwilioRequestContent' responses: '200': description: Twilio Phone configuration successfully updated. content: application/json: schema: $ref: '#/components/schemas/SetGuardianFactorsProviderPhoneTwilioResponseContent' '400': description: Invalid input based on schemas. '401': description: Token has expired or signature is invalid. '403': description: Insufficient scope. operationId: put_twilio x-release-lifecycle: GA x-operation-name: setTwilioProvider x-operation-group: - guardian - factors - phone security: - bearerAuth: [] - oAuth2ClientCredentials: - update:guardian_factors /guardian/factors/phone/selected-provider: get: summary: Get Phone Provider Configuration description: Retrieve details of the multi-factor authentication phone provider configured for your tenant. tags: - guardian responses: '200': description: Returns selected Phone provider configuration content: application/json: schema: $ref: '#/components/schemas/GetGuardianFactorsProviderPhoneResponseContent' '400': description: Invalid input based on schemas '401': description: Token has expired or signature is invalid '403': description: Insufficient scope operationId: get_guardian_phone_providers x-release-lifecycle: GA x-operation-name: getSelectedProvider x-operation-group: - guardian - factors - phone security: - bearerAuth: [] - oAuth2ClientCredentials: - read:guardian_factors put: summary: Update Phone Provider Configuration tags: - guardian requestBody: content: application/json: schema: $ref: '#/components/schemas/SetGuardianFactorsProviderPhoneRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/SetGuardianFactorsProviderPhoneRequestContent' responses: '200': description: Returns selected Phone provider configuration content: application/json: schema: $ref: '#/components/schemas/SetGuardianFactorsProviderPhoneResponseContent' '400': description: Invalid input based on schemas '401': description: Token has expired or signature is invalid '403': description: Insufficient scope operationId: put_phone_providers x-release-lifecycle: GA x-operation-name: setProvider x-operation-group: - guardian - factors - phone security: - bearerAuth: [] - oAuth2ClientCredentials: - update:guardian_factors /guardian/factors/phone/templates: get: summary: Get Enrollment and Verification Phone Templates description: Retrieve details of the multi-factor authentication enrollment and verification templates for phone-type factors available in your tenant. tags: - guardian responses: '200': description: Phone enrollment and verification templates successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetGuardianFactorPhoneTemplatesResponseContent' '400': description: Invalid input based on schemas. '401': description: Token has expired or signature is invalid. '403': description: Insufficient scope. operationId: get_factor_phone_templates x-release-lifecycle: GA x-operation-name: getTemplates x-operation-group: - guardian - factors - phone security: - bearerAuth: [] - oAuth2ClientCredentials: - read:guardian_factors put: summary: Update Enrollment and Verification Phone Templates description: Customize the messages sent to complete phone enrollment and verification (subscription required). tags: - guardian requestBody: content: application/json: schema: $ref: '#/components/schemas/SetGuardianFactorPhoneTemplatesRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/SetGuardianFactorPhoneTemplatesRequestContent' responses: '200': description: Phone enrollment and verification templates successfully updated. content: application/json: schema: $ref: '#/components/schemas/SetGuardianFactorPhoneTemplatesResponseContent' '400': description: Invalid input based on schemas. x-description-1: 'Invalid template: .' '401': description: Token has expired or signature is invalid. '403': description: Insufficient scope. operationId: put_factor_phone_templates x-release-lifecycle: GA x-operation-name: setTemplates x-operation-group: - guardian - factors - phone security: - bearerAuth: [] - oAuth2ClientCredentials: - update:guardian_factors /guardian/factors/push-notification/providers/apns: get: summary: Get APNS Push Notification Configuration description: Retrieve configuration details for the multi-factor authentication APNS provider associated with your tenant. tags: - guardian responses: '200': description: APNS configuration successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetGuardianFactorsProviderApnsResponseContent' '400': description: Invalid input based on schemas. '401': description: Token has expired or signature is invalid. '403': description: Insufficient scope. operationId: get_apns x-release-lifecycle: GA x-operation-name: getApnsProvider x-operation-group: - guardian - factors - pushNotification security: - bearerAuth: [] - oAuth2ClientCredentials: - read:guardian_factors patch: summary: Update APNs Provider Configuration description: Modify configuration details of the multi-factor authentication APNS provider associated with your tenant. tags: - guardian requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateGuardianFactorsProviderPushNotificationApnsRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateGuardianFactorsProviderPushNotificationApnsRequestContent' responses: '200': description: APNS configuration successfully updated. content: application/json: schema: $ref: '#/components/schemas/UpdateGuardianFactorsProviderPushNotificationApnsResponseContent' '400': description: Invalid input based on schemas. x-description-1: 'The PKCS #12 file is invalid. Please ensure the client certificate is not expired, the environment matches, and the key and certificate are not encrypted with a deprecated algorithm.' '401': description: Token has expired or signature is invalid. '403': description: Insufficient scope. operationId: patch_apns x-release-lifecycle: GA x-operation-name: updateApnsProvider x-operation-group: - guardian - factors - pushNotification security: - bearerAuth: [] - oAuth2ClientCredentials: - update:guardian_factors put: summary: Update APNS Configuration description: Overwrite all configuration details of the multi-factor authentication APNS provider associated with your tenant. tags: - guardian requestBody: content: application/json: schema: $ref: '#/components/schemas/SetGuardianFactorsProviderPushNotificationApnsRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/SetGuardianFactorsProviderPushNotificationApnsRequestContent' responses: '200': description: APNS configuration successfully updated. content: application/json: schema: $ref: '#/components/schemas/SetGuardianFactorsProviderPushNotificationApnsResponseContent' '400': description: Invalid input based on schemas. x-description-1: 'The PKCS #12 file is invalid. Please ensure the client certificate is not expired, the environment matches, and the key and certificate are not encrypted with a deprecated algorithm.' '401': description: Token has expired or signature is invalid. '403': description: Insufficient scope. operationId: put_apns x-release-lifecycle: GA x-operation-name: setApnsProvider x-operation-group: - guardian - factors - pushNotification security: - bearerAuth: [] - oAuth2ClientCredentials: - update:guardian_factors /guardian/factors/push-notification/providers/fcm: patch: summary: Updates FCM Configuration description: Modify configuration details of the multi-factor authentication FCM provider associated with your tenant. tags: - guardian requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateGuardianFactorsProviderPushNotificationFcmRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateGuardianFactorsProviderPushNotificationFcmRequestContent' responses: '200': description: FCM configuration updated content: application/json: schema: $ref: '#/components/schemas/UpdateGuardianFactorsProviderPushNotificationFcmResponseContent' '400': description: Invalid input based on schemas '401': description: Token has expired or signature is invalid '403': description: Insufficient scope operationId: patch_fcm x-release-lifecycle: GA x-operation-name: updateFcmProvider x-operation-group: - guardian - factors - pushNotification security: - bearerAuth: [] - oAuth2ClientCredentials: - update:guardian_factors put: summary: Overwrite FCM Configuration description: Overwrite all configuration details of the multi-factor authentication FCM provider associated with your tenant. tags: - guardian requestBody: content: application/json: schema: $ref: '#/components/schemas/SetGuardianFactorsProviderPushNotificationFcmRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/SetGuardianFactorsProviderPushNotificationFcmRequestContent' responses: '200': description: FCM configuration updated content: application/json: schema: $ref: '#/components/schemas/SetGuardianFactorsProviderPushNotificationFcmResponseContent' '400': description: Invalid input based on schemas '401': description: Token has expired or signature is invalid '403': description: Insufficient scope operationId: put_fcm x-release-lifecycle: GA x-operation-name: setFcmProvider x-operation-group: - guardian - factors - pushNotification security: - bearerAuth: [] - oAuth2ClientCredentials: - update:guardian_factors /guardian/factors/push-notification/providers/fcmv1: patch: summary: Updates FCMV1 Configuration description: Modify configuration details of the multi-factor authentication FCMV1 provider associated with your tenant. tags: - guardian requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateGuardianFactorsProviderPushNotificationFcmv1RequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateGuardianFactorsProviderPushNotificationFcmv1RequestContent' responses: '200': description: FCMV1 configuration updated content: application/json: schema: $ref: '#/components/schemas/UpdateGuardianFactorsProviderPushNotificationFcmv1ResponseContent' '400': description: Invalid input based on schemas x-description-1: Invalid server credentials '401': description: Token has expired or signature is invalid '403': description: Insufficient scope operationId: patch_fcmv1 x-release-lifecycle: GA x-operation-name: updateFcmv1Provider x-operation-group: - guardian - factors - pushNotification security: - bearerAuth: [] - oAuth2ClientCredentials: - update:guardian_factors put: summary: Overwrite FCMV1 Configuration description: Overwrite all configuration details of the multi-factor authentication FCMV1 provider associated with your tenant. tags: - guardian requestBody: content: application/json: schema: $ref: '#/components/schemas/SetGuardianFactorsProviderPushNotificationFcmv1RequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/SetGuardianFactorsProviderPushNotificationFcmv1RequestContent' responses: '200': description: FCMV1 configuration updated content: application/json: schema: $ref: '#/components/schemas/SetGuardianFactorsProviderPushNotificationFcmv1ResponseContent' '400': description: Invalid input based on schemas x-description-1: Invalid server credentials '401': description: Token has expired or signature is invalid '403': description: Insufficient scope operationId: put_fcmv1 x-release-lifecycle: GA x-operation-name: setFcmv1Provider x-operation-group: - guardian - factors - pushNotification security: - bearerAuth: [] - oAuth2ClientCredentials: - update:guardian_factors /guardian/factors/push-notification/providers/sns: get: summary: Get AWS SNS Configuration description: 'Retrieve configuration details for an AWS SNS push notification provider that has been enabled for MFA. To learn more, review Configure Push Notifications for MFA. ' tags: - guardian responses: '200': description: AWS SNS configuration successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetGuardianFactorsProviderSnsResponseContent' '400': description: Invalid input based on schemas. '401': description: Token has expired or signature is invalid. '403': description: Insufficient scope. operationId: get_sns x-release-lifecycle: GA x-operation-name: getSnsProvider x-operation-group: - guardian - factors - pushNotification security: - bearerAuth: [] - oAuth2ClientCredentials: - read:guardian_factors patch: summary: Update AWS SNS Configuration description: Configure the AWS SNS push notification provider configuration (subscription required). tags: - guardian requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateGuardianFactorsProviderPushNotificationSnsRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateGuardianFactorsProviderPushNotificationSnsRequestContent' responses: '200': description: AWS SNS configuration successfully updated. content: application/json: schema: $ref: '#/components/schemas/UpdateGuardianFactorsProviderPushNotificationSnsResponseContent' '400': description: Invalid input based on schemas. '401': description: Token has expired or signature is invalid. '403': description: Insufficient scope. operationId: patch_sns x-release-lifecycle: GA x-operation-name: updateSnsProvider x-operation-group: - guardian - factors - pushNotification security: - bearerAuth: [] - oAuth2ClientCredentials: - update:guardian_factors put: summary: Configure AWS SNS Configuration description: Configure the AWS SNS push notification provider configuration (subscription required). tags: - guardian requestBody: content: application/json: schema: $ref: '#/components/schemas/SetGuardianFactorsProviderPushNotificationSnsRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/SetGuardianFactorsProviderPushNotificationSnsRequestContent' responses: '200': description: AWS SNS configuration successfully updated. content: application/json: schema: $ref: '#/components/schemas/SetGuardianFactorsProviderPushNotificationSnsResponseContent' '400': description: Invalid input based on schemas. '401': description: Token has expired or signature is invalid. '403': description: Insufficient scope. operationId: put_sns x-release-lifecycle: GA x-operation-name: setSnsProvider x-operation-group: - guardian - factors - pushNotification security: - bearerAuth: [] - oAuth2ClientCredentials: - update:guardian_factors /guardian/factors/push-notification/selected-provider: get: summary: Get Push Notification Provider description: 'Modify the push notification provider configured for your tenant. For more information, review Configure Push Notifications for MFA. ' tags: - guardian responses: '200': description: Returns selected push notification provider content: application/json: schema: $ref: '#/components/schemas/GetGuardianFactorsProviderPushNotificationResponseContent' '400': description: Invalid input based on schemas '401': description: Token has expired or signature is invalid '403': description: Insufficient scope operationId: get_pn_providers x-release-lifecycle: GA x-operation-name: getSelectedProvider x-operation-group: - guardian - factors - pushNotification security: - bearerAuth: [] - oAuth2ClientCredentials: - read:guardian_factors put: summary: Update Push Notification Configuration description: 'Modify the push notification provider configured for your tenant. For more information, review Configure Push Notifications for MFA. ' tags: - guardian requestBody: content: application/json: schema: $ref: '#/components/schemas/SetGuardianFactorsProviderPushNotificationRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/SetGuardianFactorsProviderPushNotificationRequestContent' responses: '200': description: Returns selected push notification provider configuration content: application/json: schema: $ref: '#/components/schemas/SetGuardianFactorsProviderPushNotificationResponseContent' '400': description: Invalid input based on schemas '401': description: Token has expired or signature is invalid '403': description: Insufficient scope operationId: put_pn_providers x-release-lifecycle: GA x-operation-name: setProvider x-operation-group: - guardian - factors - pushNotification security: - bearerAuth: [] - oAuth2ClientCredentials: - update:guardian_factors /guardian/factors/sms/providers/twilio: get: summary: Get Twilio SMS Configuration description: "Retrieve the Twilio SMS provider configuration (subscription\ \ required).\n\n A new endpoint is available to retrieve the Twilio configuration related to phone factors (phone\ \ Twilio configuration). It has the same payload as this one. Please use it instead." tags: - guardian responses: '200': description: Twilio SMS configuration successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetGuardianFactorsProviderSmsTwilioResponseContent' '400': description: Invalid input based on schemas. '401': description: Token has expired or signature is invalid. '403': description: Insufficient scope. operationId: get_sms_twilio_factor_provider x-release-lifecycle: GA x-operation-name: getTwilioProvider x-operation-group: - guardian - factors - sms security: - bearerAuth: [] - oAuth2ClientCredentials: - read:guardian_factors put: summary: Update Twilio SMS Configuration description: "This endpoint has been deprecated. To complete this action, use the Update\ \ Twilio phone configuration endpoint.\n\n Previous functionality: Update the Twilio SMS provider configuration." tags: - guardian requestBody: content: application/json: schema: $ref: '#/components/schemas/SetGuardianFactorsProviderSmsTwilioRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/SetGuardianFactorsProviderSmsTwilioRequestContent' responses: '200': description: Twilio SMS configuration successfully updated. content: application/json: schema: $ref: '#/components/schemas/SetGuardianFactorsProviderSmsTwilioResponseContent' '400': description: Invalid input based on schemas. '401': description: Token has expired or signature is invalid. '403': description: Insufficient scope. operationId: put_sms_twilio_factor_provider x-release-lifecycle: GA x-operation-name: setTwilioProvider x-operation-group: - guardian - factors - sms security: - bearerAuth: [] - oAuth2ClientCredentials: - update:guardian_factors /guardian/factors/sms/selected-provider: get: summary: Get SMS Configuration description: "This endpoint has been deprecated. To complete this action, use the Retrieve phone configuration endpoint instead.\n\n Previous functionality: Retrieve details for the multi-factor authentication SMS provider\ \ configured for your tenant." tags: - guardian responses: '200': description: Returns selected SMS provider configuration content: application/json: schema: $ref: '#/components/schemas/GetGuardianFactorsProviderSmsResponseContent' '400': description: Invalid input based on schemas '401': description: Token has expired or signature is invalid '403': description: Insufficient scope operationId: get_sms_providers x-release-lifecycle: GA x-operation-name: getSelectedProvider x-operation-group: - guardian - factors - sms security: - bearerAuth: [] - oAuth2ClientCredentials: - read:guardian_factors put: summary: Update SMS Configuration description: "This endpoint has been deprecated. To complete this action, use the Update phone configuration endpoint instead.\n\n Previous functionality: Update the multi-factor authentication SMS provider configuration\ \ in your tenant." tags: - guardian requestBody: content: application/json: schema: $ref: '#/components/schemas/SetGuardianFactorsProviderSmsRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/SetGuardianFactorsProviderSmsRequestContent' responses: '200': description: Returns selected SMS provider configuration content: application/json: schema: $ref: '#/components/schemas/SetGuardianFactorsProviderSmsResponseContent' '400': description: Invalid input based on schemas '401': description: Token has expired or signature is invalid '403': description: Insufficient scope operationId: put_sms_providers x-release-lifecycle: GA x-operation-name: setProvider x-operation-group: - guardian - factors - sms security: - bearerAuth: [] - oAuth2ClientCredentials: - update:guardian_factors /guardian/factors/sms/templates: get: summary: Get SMS Enrollment and Verification Templates description: "This endpoint has been deprecated. To complete this action, use the Retrieve enrollment and verification phone templates endpoint instead.\n\n Previous function: Retrieve details of SMS enrollment and verification\ \ templates configured for your tenant." tags: - guardian responses: '200': description: SMS enrollment and verification templates successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetGuardianFactorSmsTemplatesResponseContent' '204': description: No content. content: application/json: schema: $ref: '#/components/schemas/GetGuardianFactorSmsTemplatesResponseContent' '400': description: Invalid input based on schemas. '401': description: Token has expired or signature is invalid. '403': description: Insufficient scope. operationId: get_factor_sms_templates x-release-lifecycle: GA x-operation-name: getTemplates x-operation-group: - guardian - factors - sms security: - bearerAuth: [] - oAuth2ClientCredentials: - read:guardian_factors put: summary: Update SMS Enrollment and Verification Templates description: "This endpoint has been deprecated. To complete this action, use the Update enrollment and verification phone templates endpoint instead.\n\n Previous functionality: Customize the messages sent to complete SMS\ \ enrollment and verification." tags: - guardian requestBody: content: application/json: schema: $ref: '#/components/schemas/SetGuardianFactorSmsTemplatesRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/SetGuardianFactorSmsTemplatesRequestContent' responses: '200': description: SMS enrollment and verification templates successfully updated. content: application/json: schema: $ref: '#/components/schemas/SetGuardianFactorSmsTemplatesResponseContent' '400': description: Invalid input based on schemas. x-description-1: 'Invalid template: .' '401': description: Token has expired or signature is invalid. '403': description: Insufficient scope. operationId: put_factor_sms_templates x-release-lifecycle: GA x-operation-name: setTemplates x-operation-group: - guardian - factors - sms security: - bearerAuth: [] - oAuth2ClientCredentials: - update:guardian_factors /guardian/factors/{name}: put: summary: Update Multi-factor Authentication Type description: Update the status (i.e., enabled or disabled) of a specific multi-factor authentication factor. tags: - guardian parameters: - name: name in: path description: Factor name. Can be `sms`, `push-notification`, `email`, `duo` `otp` `webauthn-roaming`, `webauthn-platform`, or `recovery-code`. required: true schema: $ref: '#/components/schemas/GuardianFactorNameEnum' requestBody: content: application/json: schema: $ref: '#/components/schemas/SetGuardianFactorRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/SetGuardianFactorRequestContent' responses: '200': description: Factor updated successfully. content: application/json: schema: $ref: '#/components/schemas/SetGuardianFactorResponseContent' '400': description: Invalid input based on schemas. '401': description: Token has expired or signature is invalid. '403': description: Insufficient scope. operationId: put_factors_by_name x-release-lifecycle: GA x-operation-name: set x-operation-group: - guardian - factors security: - bearerAuth: [] - oAuth2ClientCredentials: - update:guardian_factors /guardian/policies: get: summary: Get Multi-factor Authentication Policies description: 'Retrieve the multi-factor authentication (MFA) policies configured for your tenant. The following policies are supported:
  • all-applications policy prompts with MFA for all logins.
  • confidence-score policy prompts with MFA only for low confidence logins.
Note: The confidence-score policy is part of the Adaptive MFA feature. Adaptive MFA requires an add-on for the Enterprise plan; review Auth0 Pricing for more details. ' tags: - guardian responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/ListGuardianPoliciesResponseContent' '400': description: Invalid input based on schemas '401': description: Token has expired or signature is invalid '403': description: Insufficient scope operationId: get_policies x-release-lifecycle: GA x-operation-name: list x-operation-group: - guardian - policies security: - bearerAuth: [] - oAuth2ClientCredentials: - read:mfa_policies put: summary: Update Multi-factor Authentication Policies description: 'Set multi-factor authentication (MFA) policies for your tenant. The following policies are supported:
  • all-applications policy prompts with MFA for all logins.
  • confidence-score policy prompts with MFA only for low confidence logins.
Note: The confidence-score policy is part of the Adaptive MFA feature. Adaptive MFA requires an add-on for the Enterprise plan; review Auth0 Pricing for more details. ' tags: - guardian requestBody: content: application/json: schema: $ref: '#/components/schemas/SetGuardianPoliciesRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/SetGuardianPoliciesRequestContent' responses: '200': description: Policies updated content: application/json: schema: $ref: '#/components/schemas/SetGuardianPoliciesResponseContent' '400': description: Invalid input based on schemas '401': description: Token has expired or signature is invalid '403': description: Insufficient scope operationId: put_policies x-release-lifecycle: GA x-operation-name: set x-operation-group: - guardian - policies security: - bearerAuth: [] - oAuth2ClientCredentials: - update:mfa_policies /hooks: get: summary: Get Hooks description: 'Retrieve all hooks. Accepts a list of fields to include or exclude in the result. ' tags: - hooks parameters: - name: page in: query description: Page index of the results to return. First page is 0. schema: type: integer minimum: 0 - name: per_page in: query description: Number of results per page. schema: type: integer minimum: 0 maximum: 100 - name: include_totals in: query description: Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). schema: type: boolean - name: enabled in: query description: Optional filter on whether a hook is enabled (true) or disabled (false). schema: type: boolean - name: fields in: query description: Comma-separated list of fields to include in the result. Leave empty to retrieve all fields. schema: type: string pattern: ^((id)|(name)|(script)|(dependencies)|(enabled)|(triggerId))(,((id)|(name)|(script)|(dependencies)|(enabled)|(triggerId)))*$ - name: triggerId in: query description: Retrieves hooks that match the trigger schema: $ref: '#/components/schemas/HookTriggerIdEnum' responses: '200': description: Hooks successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListHooksResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:hooks.' '404': description: Hook not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_hooks x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListHooksRequestParameters x-operation-group: hooks security: - bearerAuth: [] - oAuth2ClientCredentials: - read:hooks post: summary: Create a Hook description: 'Create a new hook. ' tags: - hooks requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateHookRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateHookRequestContent' responses: '201': description: Hook successfully created. content: application/json: schema: $ref: '#/components/schemas/CreateHookResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: create:hooks.' x-description-1: This endpoint is disabled for your tenant. '409': description: Hook with the same name already exists. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_hooks x-release-lifecycle: GA x-operation-name: create x-operation-group: hooks security: - bearerAuth: [] - oAuth2ClientCredentials: - create:hooks /hooks/{id}: get: summary: Get a Hook description: 'Retrieve a hook by its ID. Accepts a list of fields to include in the result. ' tags: - hooks parameters: - name: id in: path description: ID of the hook to retrieve. required: true schema: type: string pattern: ^[A-Za-z0-9-]*$ - name: fields in: query description: Comma-separated list of fields to include in the result. Leave empty to retrieve all fields. schema: type: string pattern: ^((id)|(name)|(script)|(dependencies)|(enabled)|(triggerId))(,((id)|(name)|(script)|(dependencies)|(enabled)|(triggerId)))*$ responses: '200': description: Hook successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetHookResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:hooks.' '404': description: Hook not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_hooks_by_id x-release-lifecycle: GA x-operation-name: get x-operation-request-parameters-name: GetHookRequestParameters x-operation-group: hooks security: - bearerAuth: [] - oAuth2ClientCredentials: - read:hooks delete: summary: Delete a Hook description: 'Delete a hook. ' tags: - hooks parameters: - name: id in: path description: ID of the hook to delete. required: true schema: type: string pattern: ^[A-Za-z0-9-]*$ responses: '204': description: Hook successfully deleted. '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: delete:hooks.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_hooks_by_id x-release-lifecycle: GA x-operation-name: delete x-operation-group: hooks security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:hooks patch: summary: Update a Hook description: 'Update an existing hook. ' tags: - hooks parameters: - name: id in: path description: ID of the hook to update. required: true schema: type: string pattern: ^[A-Za-z0-9-]*$ requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateHookRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateHookRequestContent' responses: '201': description: Hook successfully created. content: application/json: schema: $ref: '#/components/schemas/UpdateHookResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: create:hooks.' x-description-1: This endpoint is disabled for your tenant. '404': description: The hook does not exist '409': description: A hook with the same name already exists. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_hooks_by_id x-release-lifecycle: GA x-operation-name: update x-operation-group: hooks security: - bearerAuth: [] - oAuth2ClientCredentials: - update:hooks /hooks/{id}/secrets: get: summary: Get Hook Secrets description: "Retrieve a hook's secrets by the ID of the hook. \n" tags: - hooks parameters: - name: id in: path description: ID of the hook to retrieve secrets from. required: true schema: type: string pattern: ^[A-Za-z0-9-]*$ responses: '200': description: Hook secrets successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetHookSecretResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:hooks.' '404': description: Hook not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_secrets x-release-lifecycle: GA x-operation-name: get x-operation-group: - hooks - secrets security: - bearerAuth: [] - oAuth2ClientCredentials: - read:hooks delete: summary: Delete Hook Secrets description: 'Delete one or more existing secrets for a given hook. Accepts an array of secret names to delete. ' tags: - hooks parameters: - name: id in: path description: ID of the hook whose secrets to delete. required: true schema: type: string pattern: ^[A-Za-z0-9-]*$ requestBody: content: application/json: schema: $ref: '#/components/schemas/DeleteHookSecretRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/DeleteHookSecretRequestContent' responses: '204': description: Hook secrets successfully deleted. '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: delete:hooks.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_secrets x-release-lifecycle: GA x-operation-name: delete x-operation-group: - hooks - secrets security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:hooks patch: summary: Update Hook Secrets description: "Update one or more existing secrets for an existing hook. Accepts an object of key-value pairs, where the key is the name of the existing secret.\ \ \n" tags: - hooks parameters: - name: id in: path description: ID of the hook whose secrets to update. required: true schema: type: string pattern: ^[A-Za-z0-9-]*$ requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateHookSecretRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateHookSecretRequestContent' responses: '201': description: Hook secrets successfully updated. '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: create:hooks.' x-description-1: This endpoint is disabled for your tenant. '404': description: Hook or secret not found. '409': description: Secret with the same name already exists. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_secrets x-release-lifecycle: GA x-operation-name: update x-operation-group: - hooks - secrets security: - bearerAuth: [] - oAuth2ClientCredentials: - update:hooks post: summary: Add Hook Secrets description: "Add one or more secrets to an existing hook. Accepts an object of key-value pairs, where the key is the name of the secret. A hook can have a\ \ maximum of 20 secrets. \n" tags: - hooks parameters: - name: id in: path description: The id of the hook to retrieve required: true schema: type: string pattern: ^[A-Za-z0-9-]*$ requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateHookSecretRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateHookSecretRequestContent' responses: '201': description: Hook secrets successfully added. '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: create:hooks.' x-description-1: This endpoint is disabled for your tenant. '409': description: Secret with the same name already exists. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_secrets x-release-lifecycle: GA x-operation-name: create x-operation-group: - hooks - secrets security: - bearerAuth: [] - oAuth2ClientCredentials: - update:hooks /jobs/users-exports: post: summary: Create Export Users Job description: Export all users to a file via a long-running job. tags: - jobs requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateExportUsersRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateExportUsersRequestContent' responses: '200': description: Job created successfully. content: application/json: schema: $ref: '#/components/schemas/CreateExportUsersResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. x-description-1: The connection does not exist. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:users.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_users-exports x-release-lifecycle: GA x-operation-name: create x-operation-group: - jobs - usersExports security: - bearerAuth: [] - oAuth2ClientCredentials: - read:users /jobs/users-imports: post: summary: Create Import Users Job description: Import users from a formatted file into a connection via a long-running job. When importing users, with or without upsert, the `email_verified` is set to `false` when the email address is added or updated. Users must verify their email address. To avoid this behavior, set `email_verified` to `true` in the imported data. tags: - jobs requestBody: content: multipart/form-data: schema: $ref: '#/components/schemas/CreateImportUsersRequestContent' responses: '202': description: Job successfully created. content: application/json: schema: $ref: '#/components/schemas/CreateImportUsersResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. x-description-1: Must provide 'users' file as multipart part. x-description-2: 'Payload validation error: ''Invalid multipart payload format''.' x-description-3: Users file must not be empty. x-description-4: Must provide 'connection_id' as multipart part. x-description-5: Connection must be a database connection. x-description-6: Connection must be enabled. x-description-7: 'Payload validation error: ''String does not match pattern ^con_[A-Za-z0-9]{16}$'' on property connection_id.' x-description-8: The connection does not exist. x-description-9: Custom Database Connections without import mode are not allowed. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: create:users.' '413': description: 'Payload content length greater than maximum allowed: 512000.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. '500': description: Internal error. operationId: post_users-imports x-release-lifecycle: GA x-operation-name: create x-operation-group: - jobs - usersImports security: - bearerAuth: [] - oAuth2ClientCredentials: - create:users /jobs/verification-email: post: summary: Send an Email Address Verification Email description: 'Send an email to the specified user that asks them to click a link to verify their email address. Note: You must have the `Status` toggle enabled for the verification email template for the email to be sent.' tags: - jobs requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateVerificationEmailRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateVerificationEmailRequestContent' responses: '201': description: Job successfully created. content: application/json: schema: $ref: '#/components/schemas/CreateVerificationEmailResponseContent' '400': description: Invalid request parameters. The message will vary depending on the cause. x-description-1: Connection must be a database connection. x-description-2: User does not have an email address. x-description-3: connection does not exist. x-description-4: Connection must be enabled. x-description-5: Identity connection does not exist. x-description-6: The user exists, but does not contain the given identity. x-description-7: The organization does not exist '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: update:users.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_verification-email x-release-lifecycle: GA x-operation-name: create x-operation-group: - jobs - verificationEmail security: - bearerAuth: [] - oAuth2ClientCredentials: - update:users /jobs/{id}: get: summary: Get a Job description: Retrieves a job. Useful to check its status. tags: - jobs parameters: - name: id in: path description: ID of the job. required: true schema: type: string pattern: ^job_[A-Za-z0-9]{16}$ responses: '200': description: Job retrieved successfully. content: application/json: schema: $ref: '#/components/schemas/GetJobResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: create:users.' '404': description: Job not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_jobs_by_id x-release-lifecycle: GA x-operation-name: get x-operation-group: jobs security: - bearerAuth: [] - oAuth2ClientCredentials: - create:users - read:users /jobs/{id}/errors: get: summary: Get Job Error Details description: Retrieve error details of a failed job. tags: - jobs parameters: - name: id in: path description: ID of the job. required: true schema: type: string pattern: ^job_[A-Za-z0-9]{16}$ responses: '200': description: Job successfully retrieved. content: application/json: schema: oneOf: - type: array items: $ref: '#/components/schemas/GetJobErrorResponseContent' - $ref: '#/components/schemas/GetJobGenericErrorResponseContent' '204': description: The job was retrieved, but no errors were found. content: application/json: schema: oneOf: - type: array items: $ref: '#/components/schemas/GetJobErrorResponseContent' - $ref: '#/components/schemas/GetJobGenericErrorResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation '403': description: 'Insufficient scope, expected any of: create:users' '404': description: The job does not exist '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_errors x-release-lifecycle: GA x-operation-name: get x-operation-group: - jobs - errors security: - bearerAuth: [] - oAuth2ClientCredentials: - create:users - read:users /keys/custom-signing: get: summary: Get Custom Signing Keys description: Get entire jwks representation of custom signing keys. tags: - keys responses: '200': description: Custom signing keys were successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetCustomSigningKeysResponseContent' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:custom_signing_keys.' '404': description: No custom signing keys found for this tenant. Upload custom signing keys first. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_custom_signing_keys x-release-lifecycle: GA x-operation-name: get x-operation-group: - keys - customSigning security: - bearerAuth: [] - oAuth2ClientCredentials: - read:custom_signing_keys delete: summary: Delete Custom Signing Keys description: Delete entire jwks representation of custom signing keys. tags: - keys responses: '204': description: Custom signing keys were successfully deleted. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: delete:custom_signing_keys.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_custom_signing_keys x-release-lifecycle: GA x-operation-name: delete x-operation-group: - keys - customSigning security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:custom_signing_keys put: summary: Create or Replace Custom Signing Keys description: Create or replace entire jwks representation of custom signing keys. tags: - keys requestBody: content: application/json: schema: $ref: '#/components/schemas/SetCustomSigningKeysRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/SetCustomSigningKeysRequestContent' responses: '200': description: Custom signing keys were successfully created or replaced. content: application/json: schema: $ref: '#/components/schemas/SetCustomSigningKeysResponseContent' '400': description: Payload validation error. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope, expected all of: create:custom_signing_keys,update:custom_signing_keys.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: put_custom_signing_keys x-release-lifecycle: GA x-operation-name: set x-operation-group: - keys - customSigning security: - bearerAuth: [] - oAuth2ClientCredentials: - create:custom_signing_keys - update:custom_signing_keys /keys/encryption: get: summary: Get All Encryption Keys description: Retrieve details of all the encryption keys associated with your tenant. tags: - keys parameters: - name: page in: query description: Page index of the results to return. First page is 0. schema: type: integer minimum: 0 - name: per_page in: query description: Number of results per page. Default value is 50, maximum value is 100. schema: type: integer minimum: 1 maximum: 100 - name: include_totals in: query description: Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). schema: type: boolean responses: '200': description: The keys were successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListEncryptionKeysResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:encryption_keys.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_encryption_keys x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListEncryptionKeysRequestParameters x-operation-group: - keys - encryption security: - bearerAuth: [] - oAuth2ClientCredentials: - read:encryption_keys post: summary: Create the New Encryption Key description: Create the new, pre-activated encryption key, without the key material. tags: - keys requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateEncryptionKeyRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateEncryptionKeyRequestContent' responses: '201': description: The key was successfully created. content: application/json: schema: $ref: '#/components/schemas/CreateEncryptionKeyResponseContent' '400': description: Request body is invalid. Unsupported key "type" provided. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: create:encryption_keys.' '409': description: Encryption key has already been created. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_encryption x-release-lifecycle: GA x-operation-name: create x-operation-group: - keys - encryption security: - bearerAuth: [] - oAuth2ClientCredentials: - create:encryption_keys /keys/encryption/rekey: post: summary: Rekey the Key Hierarchy description: Perform rekeying operation on the key hierarchy. tags: - keys responses: '204': description: The key hierarchy was successfully rekeyed. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected all of: create:encryption_keys update:encryption_keys.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_encryption_rekey x-release-lifecycle: GA x-operation-name: rekey x-operation-group: - keys - encryption security: - bearerAuth: [] - oAuth2ClientCredentials: - create:encryption_keys - update:encryption_keys /keys/encryption/{kid}: get: summary: Get the Encryption Key by Its Key Id description: Retrieve details of the encryption key with the given ID. tags: - keys parameters: - name: kid in: path description: Encryption key ID required: true schema: type: string responses: '200': description: The key was successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetEncryptionKeyResponseContent' '400': description: Invalid UUID format in uri. x-description-1: Invalid key id or unsupported key type. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:encryption_keys.' '404': description: The key does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_encryption_key x-release-lifecycle: GA x-operation-name: get x-operation-group: - keys - encryption security: - bearerAuth: [] - oAuth2ClientCredentials: - read:encryption_keys delete: summary: Delete the Encryption Key by Its Key Id description: Delete the custom provided encryption key with the given ID and move back to using native encryption key. tags: - keys parameters: - name: kid in: path description: Encryption key ID required: true schema: type: string responses: '204': description: The key was successfully deleted. '400': description: Invalid UUID format in uri. x-description-1: Invalid key id or unsupported key type. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: delete:encryption_keys.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_encryption_key x-release-lifecycle: GA x-operation-name: delete x-operation-group: - keys - encryption security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:encryption_keys post: summary: Import the Encryption Key description: Import wrapped key material and activate encryption key. tags: - keys parameters: - name: kid in: path description: Encryption key ID required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/ImportEncryptionKeyRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/ImportEncryptionKeyRequestContent' responses: '201': description: The key was successfully imported. content: application/json: schema: $ref: '#/components/schemas/ImportEncryptionKeyResponseContent' '400': description: The key ID was not found. x-description-1: Invalid UUID format in uri. x-description-2: Invalid input. Wrapped key material is invalid or unsupported key type. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: update:encryption_keys.' '409': description: Failed precondition. Key import not in progress or unable to find the wrapping key. Make sure you have followed all the steps to import a key. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_encryption_key x-release-lifecycle: GA x-operation-name: import x-operation-group: - keys - encryption security: - bearerAuth: [] - oAuth2ClientCredentials: - update:encryption_keys /keys/encryption/{kid}/wrapping-key: post: summary: Create the Public Wrapping Key description: Create the public wrapping key to wrap your own encryption key material. tags: - keys parameters: - name: kid in: path description: Encryption key ID required: true schema: type: string responses: '201': description: The public wrapping key was successfully created. content: application/json: schema: $ref: '#/components/schemas/CreateEncryptionKeyPublicWrappingResponseContent' '400': description: Invalid UUID format in uri. x-description-1: Invalid key id or unsupported key type. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: create:encryption_keys.' '409': description: Failed precondition. Create new encryption key without the key material first. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_encryption_wrapping_key x-release-lifecycle: GA x-operation-name: createPublicWrappingKey x-operation-group: - keys - encryption security: - bearerAuth: [] - oAuth2ClientCredentials: - create:encryption_keys /keys/signing: get: summary: Get All Application Signing Keys description: Retrieve details of all the application signing keys associated with your tenant. tags: - keys responses: '200': description: The signing keys were retrieved. content: application/json: schema: type: array items: $ref: '#/components/schemas/SigningKeys' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation '403': description: 'Insufficient scope, expected any of: read:signing_keys' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_signing_keys x-release-lifecycle: GA x-operation-name: list x-operation-group: - keys - signing security: - bearerAuth: [] - oAuth2ClientCredentials: - read:signing_keys /keys/signing/rotate: post: summary: Rotate the Application Signing Key description: Rotate the application signing key of your tenant. tags: - keys responses: '201': description: Signing key rotated successfully. content: application/json: schema: $ref: '#/components/schemas/RotateSigningKeysResponseContent' '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: Insufficient scope; expected create:signing_keys and update:signing_keys. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_signing_keys x-release-lifecycle: GA x-operation-name: rotate x-operation-group: - keys - signing security: - bearerAuth: [] - oAuth2ClientCredentials: - create:signing_keys - update:signing_keys /keys/signing/{kid}: get: summary: Get an Application Signing Key by Its Key Id description: Retrieve details of the application signing key with the given ID. tags: - keys parameters: - name: kid in: path description: Key id of the key to retrieve required: true schema: type: string responses: '200': description: The signing keys were retrieved. content: application/json: schema: $ref: '#/components/schemas/GetSigningKeysResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation '403': description: 'Insufficient scope, expected any of: read:signing_keys' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_signing_key x-release-lifecycle: GA x-operation-name: get x-operation-group: - keys - signing security: - bearerAuth: [] - oAuth2ClientCredentials: - read:signing_keys /keys/signing/{kid}/revoke: put: summary: Revoke an Application Signing Key by Its Key Id description: Revoke the application signing key with the given ID. tags: - keys parameters: - name: kid in: path description: Key id of the key to revoke required: true schema: type: string responses: '200': description: Signing key revoked successfully. content: application/json: schema: $ref: '#/components/schemas/RevokedSigningKeysResponseContent' '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: update:signing_keys.' '404': description: Signing key not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: put_signing_keys x-release-lifecycle: GA x-operation-name: revoke x-operation-group: - keys - signing security: - bearerAuth: [] - oAuth2ClientCredentials: - update:signing_keys /log-streams: get: summary: Get Log Streams description: "Retrieve details on [log streams](https://auth0.com/docs/logs/streams).\n\n**Sample Response**\n\n```json\n[{\n \"id\": \"string\",\n \"name\"\ : \"string\",\n \"type\": \"eventbridge\",\n \"status\": \"active|paused|suspended\",\n \"sink\": {\n \"awsAccountId\": \"string\",\n \"awsRegion\"\ : \"string\",\n \"awsPartnerEventSource\": \"string\"\n }\n}, {\n \"id\": \"string\",\n \"name\": \"string\",\n \"type\": \"http\",\n \"status\":\ \ \"active|paused|suspended\",\n \"sink\": {\n \"httpContentFormat\": \"JSONLINES|JSONARRAY\",\n \"httpContentType\": \"string\",\n \"httpEndpoint\"\ : \"string\",\n \"httpAuthorization\": \"string\"\n }\n},\n{\n \"id\": \"string\",\n \"name\": \"string\",\n \"type\": \"eventgrid\",\n \"status\"\ : \"active|paused|suspended\",\n \"sink\": {\n \"azureSubscriptionId\": \"string\",\n \"azureResourceGroup\": \"string\",\n \"azureRegion\": \"\ string\",\n \"azurePartnerTopic\": \"string\"\n }\n},\n{\n \"id\": \"string\",\n \"name\": \"string\",\n \"type\": \"splunk\",\n \"status\": \"active|paused|suspended\"\ ,\n \"sink\": {\n \"splunkDomain\": \"string\",\n \"splunkToken\": \"string\",\n \"splunkPort\": \"string\",\n \"splunkSecure\": \"boolean\"\n\ \ }\n},\n{\n \"id\": \"string\",\n \"name\": \"string\",\n \"type\": \"sumo\",\n \"status\": \"active|paused|suspended\",\n \"sink\": {\n \"sumoSourceAddress\"\ : \"string\"\n }\n},\n{\n \"id\": \"string\",\n \"name\": \"string\",\n \"type\": \"datadog\",\n \"status\": \"active|paused|suspended\",\n \"sink\"\ : {\n \"datadogRegion\": \"string\",\n \"datadogApiKey\": \"string\"\n }\n}]\n```\n" tags: - log-streams responses: '200': description: Returning log streams content: application/json: schema: type: array items: $ref: '#/components/schemas/LogStreamResponseSchema' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:log_streams.' x-description-1: The account is not allowed to perform this operation. '404': description: The log stream does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_log-streams x-release-lifecycle: GA x-operation-name: list x-operation-group: logStreams security: - bearerAuth: [] - oAuth2ClientCredentials: - read:log_streams post: summary: Create a Log Stream description: "Create a log stream.\n\n**Log Stream Types**\n\nThe `type` of log stream being created determines the properties required in the `sink` payload.\n\ \n**HTTP Stream**\n\nFor an `http` Stream, the `sink` properties are listed in the payload below.\n\n**Request:**\n```json\n{\n \"name\": \"string\",\n \ \ \"type\": \"http\",\n \"sink\": {\n \"httpEndpoint\": \"string\",\n \"httpContentType\": \"string\",\n \"httpContentFormat\": \"JSONLINES|JSONARRAY\"\ ,\n \"httpAuthorization\": \"string\"\n }\n}\n```\n\n**Response:**\n```json\n{\n \"id\": \"string\",\n \"name\": \"string\",\n \"type\": \"http\",\n\ \ \"status\": \"active\",\n \"sink\": {\n \"httpEndpoint\": \"string\",\n \"httpContentType\": \"string\",\n \"httpContentFormat\": \"JSONLINES|JSONARRAY\"\ ,\n \"httpAuthorization\": \"string\"\n }\n}\n```\n\n**Amazon EventBridge Stream**\n\nFor an `eventbridge` Stream, the `sink` properties are listed in\ \ the payload below.\n\n**Request:**\n```json\n{\n \"name\": \"string\",\n \"type\": \"eventbridge\",\n \"sink\": {\n \"awsRegion\": \"string\",\n \ \ \"awsAccountId\": \"string\"\n }\n}\n```\n\nThe response will include an additional field `awsPartnerEventSource` in the `sink`:\n\n**Response:**\n```json\n\ {\n \"id\": \"string\",\n \"name\": \"string\",\n \"type\": \"eventbridge\",\n \"status\": \"active\",\n \"sink\": {\n \"awsAccountId\": \"string\"\ ,\n \"awsRegion\": \"string\",\n \"awsPartnerEventSource\": \"string\"\n }\n}\n```\n\n**Azure Event Grid Stream**\n\nFor an `Azure Event Grid` Stream,\ \ the `sink` properties are listed in the payload below.\n\n**Request:**\n```json\n{\n \"name\": \"string\",\n \"type\": \"eventgrid\",\n \"sink\": {\n\ \ \"azureSubscriptionId\": \"string\",\n \"azureResourceGroup\": \"string\",\n \"azureRegion\": \"string\"\n }\n}\n```\n\n**Response:**\n```json\n\ {\n \"id\": \"string\",\n \"name\": \"string\",\n \"type\": \"http\",\n \"status\": \"active\",\n \"sink\": {\n \"azureSubscriptionId\": \"string\"\ ,\n \"azureResourceGroup\": \"string\",\n \"azureRegion\": \"string\",\n \"azurePartnerTopic\": \"string\"\n }\n}\n```\n\n**Datadog Stream**\n\n\ For a `Datadog` Stream, the `sink` properties are listed in the payload below.\n\n**Request:**\n```json\n{\n \"name\": \"string\",\n \"type\": \"datadog\"\ ,\n \"sink\": {\n \"datadogRegion\": \"string\",\n \"datadogApiKey\": \"string\"\n }\n}\n```\n\n**Response:**\n```json\n{\n \"id\": \"string\",\n\ \ \"name\": \"string\",\n \"type\": \"datadog\",\n \"status\": \"active\",\n \"sink\": {\n \"datadogRegion\": \"string\",\n \"datadogApiKey\": \"\ string\"\n }\n}\n```\n\n**Splunk Stream**\n\nFor a `Splunk` Stream, the `sink` properties are listed in the payload below.\n\n**Request:**\n```json\n{\n\ \ \"name\": \"string\",\n \"type\": \"splunk\",\n \"sink\": {\n \"splunkDomain\": \"string\",\n \"splunkToken\": \"string\",\n \"splunkPort\"\ : \"string\",\n \"splunkSecure\": \"boolean\"\n }\n}\n```\n\n**Response:**\n```json\n{\n \"id\": \"string\",\n \"name\": \"string\",\n \"type\": \"\ splunk\",\n \"status\": \"active\",\n \"sink\": {\n \"splunkDomain\": \"string\",\n \"splunkToken\": \"string\",\n \"splunkPort\": \"string\",\n\ \ \"splunkSecure\": \"boolean\"\n }\n}\n```\n\n**Sumo Logic Stream**\n\nFor a `Sumo Logic` Stream, the `sink` properties are listed in the payload below.\n\ \n**Request:**\n```json\n{\n \"name\": \"string\",\n \"type\": \"sumo\",\n \"sink\": {\n \"sumoSourceAddress\": \"string\"\n }\n}\n```\n\n**Response:**\n\ ```json\n{\n \"id\": \"string\",\n \"name\": \"string\",\n \"type\": \"sumo\",\n \"status\": \"active\",\n \"sink\": {\n \"sumoSourceAddress\": \"\ string\"\n }\n}\n```\n" tags: - log-streams requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateLogStreamRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateLogStreamRequestContent' responses: '200': description: Log stream created content: application/json: schema: $ref: '#/components/schemas/CreateLogStreamResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: create:log_streams.' x-description-1: The account is not allowed to perform this operation. '409': description: You have reached the maximum number of log streams for your account. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_log-streams x-release-lifecycle: GA x-operation-name: create x-operation-group: logStreams security: - bearerAuth: [] - oAuth2ClientCredentials: - create:log_streams /log-streams/{id}: get: summary: Get Log Stream by ID description: "Retrieve a log stream configuration and status.\n\n**Sample responses**\n\n**Amazon EventBridge Log Stream**\n\n```json\n{\n \"id\": \"string\"\ ,\n \"name\": \"string\",\n \"type\": \"eventbridge\",\n \"status\": \"active|paused|suspended\",\n \"sink\": {\n \"awsAccountId\": \"string\",\n \ \ \"awsRegion\": \"string\",\n \"awsPartnerEventSource\": \"string\"\n }\n}\n```\n\n**HTTP Log Stream**\n\n```json\n{\n \"id\": \"string\",\n \"name\"\ : \"string\",\n \"type\": \"http\",\n \"status\": \"active|paused|suspended\",\n \"sink\": {\n \"httpContentFormat\": \"JSONLINES|JSONARRAY\",\n \ \ \"httpContentType\": \"string\",\n \"httpEndpoint\": \"string\",\n \"httpAuthorization\": \"string\"\n }\n}\n```\n\n**Datadog Log Stream**\n\n```json\n\ {\n \"id\": \"string\",\n \"name\": \"string\",\n \"type\": \"datadog\",\n \"status\": \"active|paused|suspended\",\n \"sink\": {\n \"datadogRegion\"\ : \"string\",\n \"datadogApiKey\": \"string\"\n }\n}\n```\n\n**Mixpanel**\n\n**Request:**\n\n```json\n{\n \"name\": \"string\",\n \"type\": \"mixpanel\"\ ,\n \"sink\": {\n \"mixpanelRegion\": \"string\",\n \"mixpanelProjectId\": \"string\",\n \"mixpanelServiceAccountUsername\": \"string\",\n \"\ mixpanelServiceAccountPassword\": \"string\"\n }\n}\n```\n\n**Response:**\n\n```json\n{\n \"id\": \"string\",\n \"name\": \"string\",\n \"type\": \"mixpanel\"\ ,\n \"status\": \"active\",\n \"sink\": {\n \"mixpanelRegion\": \"string\",\n \"mixpanelProjectId\": \"string\",\n \"mixpanelServiceAccountUsername\"\ : \"string\",\n \"mixpanelServiceAccountPassword\": \"string\"\n }\n}\n```\n\n**Segment**\n\n**Request:**\n\n```json\n{\n \"name\": \"string\",\n \"\ type\": \"segment\",\n \"sink\": {\n \"segmentWriteKey\": \"string\"\n }\n}\n```\n\n**Response:**\n\n```json\n{\n \"id\": \"string\",\n \"name\": \"\ string\",\n \"type\": \"segment\",\n \"status\": \"active\",\n \"sink\": {\n \"segmentWriteKey\": \"string\"\n }\n}\n```\n\n**Splunk Log Stream**\n\ \n```json\n{\n \"id\": \"string\",\n \"name\": \"string\",\n \"type\": \"splunk\",\n \"status\": \"active|paused|suspended\",\n \"sink\": {\n \"splunkDomain\"\ : \"string\",\n \"splunkToken\": \"string\",\n \"splunkPort\": \"string\",\n \"splunkSecure\": \"boolean\"\n }\n}\n```\n\n**Sumo Logic Log Stream**\n\ \n```json\n{\n \"id\": \"string\",\n \"name\": \"string\",\n \"type\": \"sumo\",\n \"status\": \"active|paused|suspended\",\n \"sink\": {\n \"sumoSourceAddress\"\ : \"string\"\n }\n}\n```\n\n**Status**\n\nThe `status` of a log stream maybe any of the following:\n\n1. `active` - Stream is currently enabled.\n2. `paused`\ \ - Stream is currently user disabled and will not attempt log delivery.\n3. `suspended` - Stream is currently disabled because of errors and will not attempt\ \ log delivery.\n" tags: - log-streams parameters: - name: id in: path description: The id of the log stream to get required: true schema: type: string responses: '200': description: Returning log stream. content: application/json: schema: $ref: '#/components/schemas/GetLogStreamResponseContent' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:log_streams.' x-description-1: The account is not allowed to perform this operation. '404': description: The log stream does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_log-streams_by_id x-release-lifecycle: GA x-operation-name: get x-operation-group: logStreams security: - bearerAuth: [] - oAuth2ClientCredentials: - read:log_streams delete: summary: Delete Log Stream description: 'Delete a log stream. ' tags: - log-streams parameters: - name: id in: path description: The id of the log stream to delete required: true schema: type: string responses: '204': description: The log stream was deleted. '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope, expected: delete:log_streams.' '404': description: The log stream does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_log-streams_by_id x-release-lifecycle: GA x-operation-name: delete x-operation-group: logStreams security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:log_streams patch: summary: Update a Log Stream description: "Update a log stream.\n\n**Examples of how to use the PATCH endpoint.**\n\nThe following fields may be updated in a PATCH operation:\n\n- name\n\ - status\n- sink\n\nNote: For log streams of type `eventbridge` and `eventgrid`, updating the `sink` is not permitted.\n\n**Update the status of a log stream**\n\ \n```json\n{\n \"status\": \"active|paused\"\n}\n```\n\n**Update the name of a log stream**\n\n```json\n{\n \"name\": \"string\"\n}\n```\n\n**Update the\ \ sink properties of a stream of type `http`**\n\n```json\n{\n \"sink\": {\n \"httpEndpoint\": \"string\",\n \"httpContentType\": \"string\",\n \ \ \"httpContentFormat\": \"JSONARRAY|JSONLINES\",\n \"httpAuthorization\": \"string\"\n }\n}\n```\n\n**Update the sink properties of a stream of type\ \ `datadog`**\n\n```json\n{\n \"sink\": {\n \"datadogRegion\": \"string\",\n \"datadogApiKey\": \"string\"\n }\n}\n```\n\n**Update the sink properties\ \ of a stream of type `splunk`**\n\n```json\n{\n \"sink\": {\n \"splunkDomain\": \"string\",\n \"splunkToken\": \"string\",\n \"splunkPort\": \"\ string\",\n \"splunkSecure\": \"boolean\"\n }\n}\n```\n\n**Update the sink properties of a stream of type `sumo`**\n\n```json\n{\n \"sink\": {\n \"\ sumoSourceAddress\": \"string\"\n }\n}\n```\n" tags: - log-streams parameters: - name: id in: path description: The id of the log stream to get required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateLogStreamRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateLogStreamRequestContent' responses: '200': description: Log stream updated content: application/json: schema: $ref: '#/components/schemas/UpdateLogStreamResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: update:log_streams.' x-description-1: The account is not allowed to perform this operation. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_log-streams_by_id x-release-lifecycle: GA x-operation-name: update x-operation-group: logStreams security: - bearerAuth: [] - oAuth2ClientCredentials: - update:log_streams /logs: get: summary: Search Log Events description: "Retrieve log entries that match the specified search criteria (or all log entries if no criteria specified).\n\nSet custom search criteria using\ \ the q parameter, or search from a specific log ID (\"search from checkpoint\").\n\nFor more information on all possible event types,\ \ their respective acronyms, and descriptions, see Log Event Type Codes.\n\n
To set custom\ \ search criteria, use the following parameters:
\n\n
    \n
  • q: Search Criteria using Query String Syntax
    • \n
  • page: Page index of the results to return. First page is 0.
    • \n
  • per_page: Number of results\ \ per page.
    • \n
  • sort: Field to use for sorting appended with `:1` for ascending and `:-1` for descending. e.g. `date:-1`
    • \n
  • fields:\ \ Comma-separated list of fields to include or exclude (depending on include_fields) from the result, empty to retrieve all fields.
    • \n
  • include_fields:\ \ Whether specified fields are to be included (true) or excluded (false).
    • \n
  • include_totals: Return results inside an object that contains\ \ the total result count (true) or as a direct array of results (false, default). Deprecated: this field is deprecated and should be removed from use.\ \ See Search Engine V3 Breaking\ \ Changes
    • \n
\n\nFor more information on the list of fields that can be used in fields and sort, see Searchable Fields.\n\nAuth0 limits the number of logs you\ \ can return by search criteria to 100 logs per request. Furthermore, you may paginate only through 1,000 search results. If you exceed this threshold, please\ \ redefine your search or use the get logs by checkpoint\ \ method.\n\n
To search from a checkpoint log ID, use the following parameters:
\n
    \n
  • from: Log Event ID from which to start retrieving\ \ logs. You can limit the number of logs returned using the take parameter. If you use from at the same time as q,\ \ from takes precedence and q is ignored.
    • \n
  • take: Number of entries to retrieve when using the from\ \ parameter.
    • \n
\n\nImportant: When fetching logs from a checkpoint log ID, any parameter other than from and take\ \ will be ignored, and date ordering is not guaranteed.\n" tags: - logs parameters: - name: page in: query description: Page index of the results to return. First page is 0. schema: type: integer minimum: 0 - name: per_page in: query description: ' Number of results per page. Paging is disabled if parameter not sent. Default: 50. Max value: 100' schema: type: integer minimum: 0 maximum: 100 - name: sort in: query description: Field to use for sorting appended with :1 for ascending and :-1 for descending. e.g. date:-1 schema: type: string pattern: ^((date)|(connection)|(client_id)|(client_name)|(ip)|(user_id)|(user_name)|(description)|(user_agent)|(type)|(details)|(strategy)|(strategy_type))\:(1|-1)$ - name: fields in: query description: Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields. schema: type: string pattern: ^((date)|(connection)|(client_id)|(client_name)|(ip)|(user_id)|(user_name)|(description)|(user_agent)|(type)|(details)|(strategy)|(strategy_type))(,((date)|(connection)|(client_id)|(client_name)|(ip)|(user_id)|(user_name)|(description)|(user_agent)|(type)|(details)|(strategy)|(strategy_type)))*$ - name: include_fields in: query description: Whether specified fields are to be included (true) or excluded (false) schema: type: boolean - name: include_totals in: query description: Return results as an array when false (default). Return results inside an object that also contains a total result count when true. schema: type: boolean - name: from in: query description: Log Event Id from which to start selection from. schema: type: string - name: take in: query description: Number of entries to retrieve when using the from parameter. Default 50, max 100 schema: type: integer - name: search in: query description: 'Retrieves logs that match the specified search criteria. This parameter can be combined with all the others in the /api/logs endpoint but is specified separately for clarity. If no fields are provided a case insensitive ''starts with'' search is performed on all of the following fields: client_name, connection, user_name. Otherwise, you can specify multiple fields and specify the search using the %field%:%search%, for example: application:node user:"John@contoso.com". Values specified without quotes are matched using a case insensitive ''starts with'' search. If quotes are used a case insensitve exact search is used. If multiple fields are used, the AND operator is used to join the clauses.' schema: type: string responses: '200': description: Logs successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListLogResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:logs, read:logs_users.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_logs x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListLogsRequestParameters x-operation-group: logs security: - bearerAuth: [] - oAuth2ClientCredentials: - read:logs - read:logs_users /logs/{id}: get: summary: Get a Log Event by Id description: Retrieve an individual log event. tags: - logs parameters: - name: id in: path description: log_id of the log to retrieve. required: true schema: type: string responses: '200': description: Log successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetLogResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:logs, read:logs_users.' '404': description: Log not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_logs_by_id x-release-lifecycle: GA x-operation-name: get x-operation-group: logs security: - bearerAuth: [] - oAuth2ClientCredentials: - read:logs - read:logs_users /network-acls: get: summary: Get All Access Control List Entries for a Tenant description: Get all access control list entries for your client. tags: - network-acls parameters: - name: page in: query description: Use this field to request a specific page of the list results. schema: type: integer minimum: 0 - name: per_page in: query description: The amount of results per page. schema: type: integer minimum: 0 maximum: 100 - name: include_totals in: query description: Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). schema: type: boolean responses: '200': description: Network access control list successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListNetworkAclsResponseContent' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:network_acls.' '404': description: Network access control list not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_network-acls x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListNetworkAclsRequestParameters x-operation-group: networkAcls security: - bearerAuth: [] - oAuth2ClientCredentials: - read:network_acls post: summary: Create Access Control List description: Create a new access control list for your client. tags: - network-acls requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateNetworkAclRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateNetworkAclRequestContent' responses: '201': description: Network ACL successfully created. '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: Entitlement is not enabled for this tenant. Please upgrade your subscription to enable Tenant ACL Management. x-description-1: Tenant ACL Management is not enabled for this tenant. x-description-0: 'Insufficient scope; expected any of: create:network_acls.' '409': description: A Network ACL with this priority number has already been created. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. '500': description: There was an error retrieving Networks ACLs subscription settings. operationId: post_network-acls x-release-lifecycle: GA x-operation-name: create x-operation-group: networkAcls security: - bearerAuth: [] - oAuth2ClientCredentials: - create:network_acls /network-acls/{id}: get: summary: Get a Specific Access Control List Entry for a Tenant description: Get a specific access control list entry for your client. tags: - network-acls parameters: - name: id in: path description: The id of the access control list to retrieve. required: true schema: type: string maxLength: 36 responses: '200': description: Network access control list successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetNetworkAclsResponseContent' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:network_acls.' '404': description: Network access control list not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_network-acls_by_id x-release-lifecycle: GA x-operation-name: get x-operation-group: networkAcls security: - bearerAuth: [] - oAuth2ClientCredentials: - read:network_acls delete: summary: Delete Access Control List description: Delete existing access control list for your client. tags: - network-acls parameters: - name: id in: path description: The id of the ACL to delete required: true schema: type: string maxLength: 36 responses: '204': description: Network ACL successfully deleted '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: Tenant ACL Management is not enabled for this tenant. x-description-1: 'Insufficient scope; expected any of: delete:network_acls.' '404': description: This ACL does not exist '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_network-acls_by_id x-release-lifecycle: GA x-operation-name: delete x-operation-group: networkAcls security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:network_acls patch: summary: Partial Update for an Access Control List description: Update existing access control list for your client. tags: - network-acls parameters: - name: id in: path description: The id of the ACL to update. required: true schema: type: string maxLength: 36 requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateNetworkAclRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateNetworkAclRequestContent' responses: '200': description: Network ACL properties successfully updated content: application/json: schema: $ref: '#/components/schemas/UpdateNetworkAclResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: update:network_acls.' '404': description: Network ACL not found and cannot be updated '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_network-acls_by_id x-release-lifecycle: GA x-operation-name: update x-operation-group: networkAcls security: - bearerAuth: [] - oAuth2ClientCredentials: - update:network_acls put: summary: Update Access Control List description: Update existing access control list for your client. tags: - network-acls parameters: - name: id in: path description: The id of the ACL to update. required: true schema: type: string maxLength: 36 requestBody: content: application/json: schema: $ref: '#/components/schemas/SetNetworkAclRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/SetNetworkAclRequestContent' responses: '200': description: Network ACL properties successfully updated content: application/json: schema: $ref: '#/components/schemas/SetNetworkAclsResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: update:network_acls.' '404': description: Network ACL not found and cannot be updated '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: put_network-acls_by_id x-release-lifecycle: GA x-operation-name: set x-operation-group: networkAcls security: - bearerAuth: [] - oAuth2ClientCredentials: - update:network_acls /organizations: get: summary: Get Organizations description: 'Retrieve detailed list of all Organizations available in your tenant. For more information, see Auth0 Organizations. This endpoint supports two types of pagination:
  • Offset pagination
  • Checkpoint pagination
Checkpoint pagination must be used if you need to retrieve more than 1000 organizations.

Checkpoint Pagination

To search by checkpoint, use the following parameters:
  • from: Optional id from which to start selection.
  • take: The total number of entries to retrieve when using the from parameter. Defaults to 50.
Note: The first time you call this endpoint using checkpoint pagination, omit the from parameter. If there are more results, a next value is included in the response. You can use this for subsequent API calls. When next is no longer included in the response, no pages are remaining. ' tags: - organizations parameters: - name: page in: query description: Page index of the results to return. First page is 0. schema: type: integer minimum: 0 maximum: 1000 - name: per_page in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 - name: include_totals in: query description: Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). schema: type: boolean - name: from in: query description: Optional Id from which to start selection. schema: type: string - name: take in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 - name: sort in: query description: 'Field to sort by. Use field:order where order is 1 for ascending and -1 for descending. e.g. created_at:1. We currently support sorting by the following fields: name, display_name and created_at.' schema: type: string maxLength: 15 pattern: ^((display_name)|(created_at)|(name))\:(1|-1)$ responses: '200': description: Organizations successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListOrganizationsResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. x-description-1: Invalid query string paging options. The message will vary depending on the cause '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:organizations.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_organizations x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListOrganizationsRequestParameters x-operation-group: organizations security: - bearerAuth: [] - oAuth2ClientCredentials: - read:organizations - read:organizations_summary post: summary: Create an Organization description: 'Create a new Organization within your tenant. To learn more about Organization settings, behavior, and configuration options, review Create Your First Organization. ' tags: - organizations requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateOrganizationRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateOrganizationRequestContent' responses: '201': description: Organization successfully created. content: application/json: schema: $ref: '#/components/schemas/CreateOrganizationResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: create:organizations.' '409': description: An organization with this name already exists. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_organizations x-release-lifecycle: GA x-operation-name: create x-operation-group: organizations security: - bearerAuth: [] - oAuth2ClientCredentials: - create:organizations - create:organization_connections /organizations/name/{name}: get: summary: Get Organization by Name description: 'Retrieve details about a single Organization specified by name. ' tags: - organizations parameters: - name: name in: path description: name of the organization to retrieve. required: true schema: type: string minLength: 1 maxLength: 50 responses: '200': description: Organization successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetOrganizationByNameResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:organizations.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_name_by_name x-release-lifecycle: GA x-operation-name: getByName x-operation-group: organizations security: - bearerAuth: [] - oAuth2ClientCredentials: - read:organizations /organizations/{id}: get: summary: Get Organization description: "Retrieve details about a single Organization specified by ID. \n" tags: - organizations parameters: - name: id in: path description: ID of the organization to retrieve. required: true schema: type: string responses: '200': description: Organization successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetOrganizationResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:organizations.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_organizations_by_id x-release-lifecycle: GA x-operation-name: get x-operation-group: organizations security: - bearerAuth: [] - oAuth2ClientCredentials: - read:organizations - read:organizations_summary delete: summary: Delete Organization description: "Remove an Organization from your tenant. This action cannot be undone. \n\nNote: Members are automatically disassociated from an Organization\ \ when it is deleted. However, this action does not delete these users from your tenant.\n" tags: - organizations parameters: - name: id in: path description: Organization identifier. required: true schema: type: string maxLength: 50 responses: '204': description: The organization was deleted. '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: delete:organizations.' '404': description: The organization does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_organizations_by_id x-release-lifecycle: GA x-operation-name: delete x-operation-group: organizations security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:organizations patch: summary: Modify an Organization description: 'Update the details of a specific Organization, such as name and display name, branding options, and metadata. ' tags: - organizations parameters: - name: id in: path description: ID of the organization to update. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateOrganizationRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateOrganizationRequestContent' responses: '200': description: Organization successfully updated. content: application/json: schema: $ref: '#/components/schemas/UpdateOrganizationResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: update:organizations.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_organizations_by_id x-release-lifecycle: GA x-operation-name: update x-operation-group: organizations security: - bearerAuth: [] - oAuth2ClientCredentials: - update:organizations /organizations/{id}/client-grants: get: summary: Get Client Grants Associated to an Organization tags: - organizations parameters: - name: id in: path description: Organization identifier. required: true schema: type: string maxLength: 50 - name: audience in: query description: Optional filter on audience of the client grant. schema: type: string maxLength: 600 - name: client_id in: query description: Optional filter on client_id of the client grant. schema: type: string - name: grant_ids in: query description: Optional filter on the ID of the client grant. Must be URL encoded and may be specified multiple times (max 10).
e.g. ../client-grants?grant_ids=id1&grant_ids=id2 style: form explode: true schema: type: array items: type: string format: client-grant-id - name: page in: query description: Page index of the results to return. First page is 0. schema: type: integer minimum: 0 - name: per_page in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 - name: include_totals in: query description: Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). schema: type: boolean responses: '200': description: Client grants successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListOrganizationClientGrantsResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. x-description-1: Invalid query string paging options. The message will vary depending on the cause '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:organization_client_grants.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_organization-client-grants x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListOrganizationClientGrantsRequestParameters x-operation-group: - organizations - clientGrants security: - bearerAuth: [] - oAuth2ClientCredentials: - read:organization_client_grants post: summary: Associate a Client Grant with an Organization tags: - organizations parameters: - name: id in: path description: Organization identifier. required: true schema: type: string maxLength: 50 requestBody: content: application/json: schema: $ref: '#/components/schemas/AssociateOrganizationClientGrantRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/AssociateOrganizationClientGrantRequestContent' responses: '201': description: Client Grant successfully associated with Organization. content: application/json: schema: $ref: '#/components/schemas/AssociateOrganizationClientGrantResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: create:organization_client_grants.' '404': description: The grant does not exist. x-description-1: No organization found by that id '409': description: The client grant has already been added to this organization. x-description-1: Quota exceeded; cannot add more than 100 client grants to a single organization '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: create_organization-client-grants x-release-lifecycle: GA x-operation-name: create x-operation-group: - organizations - clientGrants security: - bearerAuth: [] - oAuth2ClientCredentials: - create:organization_client_grants /organizations/{id}/client-grants/{grant_id}: delete: summary: Remove a Client Grant from an Organization tags: - organizations parameters: - name: id in: path description: Organization identifier. required: true schema: type: string maxLength: 50 - name: grant_id in: path description: The Client Grant ID to remove from the organization required: true schema: type: string responses: '204': description: The Client Grant was removed from the Organization. '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: delete:organization_client_grants.' '404': description: No organization found by that id. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_client-grants_by_grant_id x-release-lifecycle: GA x-operation-name: delete x-operation-group: - organizations - clientGrants security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:organization_client_grants /organizations/{id}/connections: get: summary: Get Connections Associated with an Organization tags: - organizations parameters: - name: id in: path description: Organization identifier. required: true schema: type: string maxLength: 50 - name: page in: query description: Page index of the results to return. First page is 0. schema: type: integer minimum: 0 - name: per_page in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 - name: include_totals in: query description: Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). schema: type: boolean - name: is_enabled in: query description: Filter connections by enabled status. schema: type: boolean responses: '200': description: Connections successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListOrganizationAllConnectionsResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:organization_connections.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_organization_connections x-release-lifecycle: EA x-operation-name: list x-operation-request-parameters-name: ListOrganizationAllConnectionsRequestParameters x-operation-group: - organizations - connections security: - bearerAuth: [] - oAuth2ClientCredentials: - read:organization_connections post: summary: Adds a Connection to an Organization tags: - organizations parameters: - name: id in: path description: Organization identifier. required: true schema: type: string maxLength: 50 requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateOrganizationAllConnectionRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateOrganizationAllConnectionRequestContent' responses: '201': description: Connection successfully created. content: application/json: schema: $ref: '#/components/schemas/CreateOrganizationAllConnectionResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: create:organization_connections.' '409': description: The organization connection already exists. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_organization_connection x-release-lifecycle: EA x-operation-name: create x-operation-request-parameters-name: CreateOrganizationAllConnectionRequestParameters x-operation-group: - organizations - connections security: - bearerAuth: [] - oAuth2ClientCredentials: - create:organization_connections /organizations/{id}/connections/{connection_id}: get: summary: Get a Specific Connection Associated with an Organization tags: - organizations parameters: - name: id in: path description: Organization identifier. required: true schema: type: string maxLength: 50 - name: connection_id in: path description: Connection identifier. required: true schema: type: string minLength: 1 maxLength: 50 responses: '200': description: Connection successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetOrganizationAllConnectionResponseContent' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:organization_connections.' '404': description: The organization does not exists. x-description-1: The organization connection does not exists. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_organization_connection x-release-lifecycle: EA x-operation-name: get x-operation-request-parameters-name: GetOrganizationAllConnectionRequestParameters x-operation-group: - organizations - connections security: - bearerAuth: [] - oAuth2ClientCredentials: - read:organization_connections delete: summary: Delete a Connection from an Organization tags: - organizations parameters: - name: id in: path description: Organization identifier. required: true schema: type: string maxLength: 50 - name: connection_id in: path description: Connection identifier. required: true schema: type: string minLength: 1 maxLength: 50 responses: '204': description: Connection successfully deleted. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: delete:organization_connections.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_organization_connection x-release-lifecycle: EA x-operation-name: delete x-operation-request-parameters-name: DeleteOrganizationAllConnectionRequestParameters x-operation-group: - organizations - connections security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:organization_connections patch: summary: Update a Connection for an Organization tags: - organizations parameters: - name: id in: path description: Organization identifier. required: true schema: type: string maxLength: 50 - name: connection_id in: path description: Connection identifier. required: true schema: type: string minLength: 1 maxLength: 50 requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateOrganizationAllConnectionRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateOrganizationAllConnectionRequestContent' responses: '200': description: Connection successfully updated. content: application/json: schema: $ref: '#/components/schemas/UpdateOrganizationAllConnectionResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: update:organization_connections.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_organization_connection x-release-lifecycle: EA x-operation-name: update x-operation-request-parameters-name: UpdateOrganizationConnectionRequestParameters x-operation-group: - organizations - connections security: - bearerAuth: [] - oAuth2ClientCredentials: - update:organization_connections /organizations/{id}/discovery-domains: get: summary: Retrieve All Organization Discovery Domains description: 'Retrieve list of all organization discovery domains associated with the specified organization. This endpoint is subject to eventual consistency; newly created, updated, or deleted discovery domains may not immediately appear in the response. ' tags: - organizations parameters: - name: id in: path description: ID of the organization. required: true schema: type: string - name: from in: query description: Optional Id from which to start selection. schema: type: string - name: take in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 responses: '200': description: Organization discovery domains retrieved successfully. content: application/json: schema: $ref: '#/components/schemas/ListOrganizationDiscoveryDomainsResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. x-description-1: Invalid query string paging options. The message will vary depending on the cause '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:organization_discovery_domains.' '404': description: Organization not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_discovery-domains x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListOrganizationDiscoveryDomainsRequestParameters x-operation-group: - organizations - discoveryDomains security: - bearerAuth: [] - oAuth2ClientCredentials: - read:organization_discovery_domains post: summary: Create an Organization Discovery Domain description: Create a new discovery domain for an organization. tags: - organizations parameters: - name: id in: path description: ID of the organization. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateOrganizationDiscoveryDomainRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateOrganizationDiscoveryDomainRequestContent' responses: '201': description: Organization discovery domain successfully created. content: application/json: schema: $ref: '#/components/schemas/CreateOrganizationDiscoveryDomainResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. x-description-1: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: create:organization_discovery_domains.' '404': description: Organization not found. '409': description: An organization discovery domain with this domain is already registered to this organization. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_discovery-domains x-release-lifecycle: GA x-operation-name: create x-operation-group: - organizations - discoveryDomains security: - bearerAuth: [] - oAuth2ClientCredentials: - create:organization_discovery_domains /organizations/{id}/discovery-domains/name/{discovery_domain}: get: summary: Retrieve an Organization Discovery Domain by Domain Name description: 'Retrieve details about a single organization discovery domain specified by domain name. This endpoint is subject to eventual consistency; newly created, updated, or deleted discovery domains may not immediately appear in the response. ' tags: - organizations parameters: - name: id in: path description: ID of the organization. required: true schema: type: string - name: discovery_domain in: path description: Domain name of the discovery domain. required: true schema: type: string minLength: 3 maxLength: 255 pattern: ^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9-]*[A-Za-z0-9])$ responses: '200': description: Organization discovery domain successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetOrganizationDiscoveryDomainByNameResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:organization_discovery_domains.' '404': description: Organization not found. x-description-1: Organization discovery domain not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_name_by_discovery_domain x-release-lifecycle: GA x-operation-name: getByName x-operation-group: - organizations - discoveryDomains security: - bearerAuth: [] - oAuth2ClientCredentials: - read:organization_discovery_domains /organizations/{id}/discovery-domains/{discovery_domain_id}: get: summary: Retrieve an Organization Discovery Domain by ID description: 'Retrieve details about a single organization discovery domain specified by ID. This endpoint is subject to eventual consistency; newly created, updated, or deleted discovery domains may not immediately appear in the response. ' tags: - organizations parameters: - name: id in: path description: ID of the organization. required: true schema: type: string - name: discovery_domain_id in: path description: ID of the discovery domain. required: true schema: type: string responses: '200': description: Organization discovery domain successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetOrganizationDiscoveryDomainResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:organization_discovery_domains.' '404': description: Organization not found. x-description-1: Organization discovery domain not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_discovery-domains_by_discovery_domain_id x-release-lifecycle: GA x-operation-name: get x-operation-group: - organizations - discoveryDomains security: - bearerAuth: [] - oAuth2ClientCredentials: - read:organization_discovery_domains delete: summary: Delete an Organization Discovery Domain description: 'Remove a discovery domain from an organization. This action cannot be undone. ' tags: - organizations parameters: - name: id in: path description: ID of the organization. required: true schema: type: string - name: discovery_domain_id in: path description: ID of the discovery domain. required: true schema: type: string responses: '204': description: Organization discovery domain successfully deleted. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: delete:organization_discovery_domains.' '404': description: Organization not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_discovery-domains_by_discovery_domain_id x-release-lifecycle: GA x-operation-name: delete x-operation-group: - organizations - discoveryDomains security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:organization_discovery_domains patch: summary: Update an Organization Discovery Domain description: 'Update the verification status and/or use_for_organization_discovery for an organization discovery domain. The status field must be either pending or verified. The use_for_organization_discovery field can be true or false (default: true). ' tags: - organizations parameters: - name: id in: path description: ID of the organization. required: true schema: type: string - name: discovery_domain_id in: path description: ID of the discovery domain to update. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateOrganizationDiscoveryDomainRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateOrganizationDiscoveryDomainRequestContent' responses: '200': description: Organization discovery domain successfully updated. content: application/json: schema: $ref: '#/components/schemas/UpdateOrganizationDiscoveryDomainResponseContent' '400': description: Invalid Request Body. '404': description: Organization not found. x-description-1: Organization discovery domain not found. operationId: patch_discovery-domains_by_discovery_domain_id x-release-lifecycle: GA x-operation-name: update x-operation-group: - organizations - discoveryDomains security: - bearerAuth: [] - oAuth2ClientCredentials: - update:organization_discovery_domains /organizations/{id}/enabled_connections: get: summary: Get Connections Enabled for an Organization description: 'Retrieve details about a specific connection currently enabled for an Organization. Information returned includes details such as connection ID, name, strategy, and whether the connection automatically grants membership upon login. ' tags: - organizations parameters: - name: id in: path description: Organization identifier. required: true schema: type: string maxLength: 50 - name: page in: query description: Page index of the results to return. First page is 0. schema: type: integer minimum: 0 - name: per_page in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 - name: include_totals in: query description: Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). schema: type: boolean responses: '200': description: Connections successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListOrganizationConnectionsResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:organization_connections.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_enabled_connections x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListOrganizationConnectionsRequestParameters x-operation-group: - organizations - enabledConnections security: - bearerAuth: [] - oAuth2ClientCredentials: - read:organization_connections post: summary: Add Connections to an Organization description: 'Enable a specific connection for a given Organization. To enable a connection, it must already exist within your tenant; connections cannot be created through this action. Connections represent the relationship between Auth0 and a source of users. Available types of connections include database, enterprise, and social. ' tags: - organizations parameters: - name: id in: path description: Organization identifier. required: true schema: type: string maxLength: 50 requestBody: content: application/json: schema: $ref: '#/components/schemas/AddOrganizationConnectionRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/AddOrganizationConnectionRequestContent' responses: '201': description: Organization connection successfully added. content: application/json: schema: $ref: '#/components/schemas/AddOrganizationConnectionResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: create:organization_connections.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_enabled_connections x-release-lifecycle: GA x-operation-name: add x-operation-group: - organizations - enabledConnections security: - bearerAuth: [] - oAuth2ClientCredentials: - create:organization_connections /organizations/{id}/enabled_connections/{connectionId}: get: summary: Get an Enabled Connection for an Organization description: 'Retrieve details about a specific connection currently enabled for an Organization. Information returned includes details such as connection ID, name, strategy, and whether the connection automatically grants membership upon login. ' tags: - organizations parameters: - name: id in: path description: Organization identifier. required: true schema: type: string maxLength: 50 - name: connectionId in: path description: Connection identifier. required: true schema: type: string minLength: 1 maxLength: 50 responses: '200': description: Connection successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetOrganizationConnectionResponseContent' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:organization_connections.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_enabled_connections_by_connectionId x-release-lifecycle: GA x-operation-name: get x-operation-group: - organizations - enabledConnections security: - bearerAuth: [] - oAuth2ClientCredentials: - read:organization_connections delete: summary: Delete Connections from an Organization description: "Disable a specific connection for an Organization. Once disabled, Organization members can no longer use that connection to authenticate. \n\n\ Note: This action does not remove the connection from your tenant.\n" tags: - organizations parameters: - name: id in: path description: Organization identifier. required: true schema: type: string maxLength: 50 - name: connectionId in: path description: Connection identifier. required: true schema: type: string minLength: 1 maxLength: 50 responses: '204': description: Connection successfully removed from organization. '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: delete:organization_connections.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_enabled_connections_by_connectionId x-release-lifecycle: GA x-operation-name: delete x-operation-group: - organizations - enabledConnections security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:organization_connections patch: summary: Update the Connection of an Organization description: 'Modify the details of a specific connection currently enabled for an Organization. ' tags: - organizations parameters: - name: id in: path description: Organization identifier. required: true schema: type: string maxLength: 50 - name: connectionId in: path description: Connection identifier. required: true schema: type: string minLength: 1 maxLength: 50 requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateOrganizationConnectionRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateOrganizationConnectionRequestContent' responses: '200': description: Organization connection successfully updated. content: application/json: schema: $ref: '#/components/schemas/UpdateOrganizationConnectionResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: update:organization_connections.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_enabled_connections_by_connectionId x-release-lifecycle: GA x-operation-name: update x-operation-group: - organizations - enabledConnections security: - bearerAuth: [] - oAuth2ClientCredentials: - update:organization_connections /organizations/{id}/invitations: get: summary: Get Invitations to an Organization description: "Retrieve a detailed list of invitations sent to users for a specific Organization. The list includes details such as inviter and invitee information,\ \ invitation URLs, and dates of creation and expiration. To learn more about Organization invitations, review Invite Organization Members. \n" tags: - organizations parameters: - name: id in: path description: Organization identifier. required: true schema: type: string maxLength: 50 - name: page in: query description: Page index of the results to return. First page is 0. schema: type: integer minimum: 0 - name: per_page in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 - name: include_totals in: query description: When true, return results inside an object that also contains the start and limit. When false (default), a direct array of results is returned. We do not yet support returning the total invitations count. schema: type: boolean - name: fields in: query description: Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields. schema: type: string pattern: ^((app_metadata)|(user_metadata)|(client_id)|(connection_id)|(created_at)|(expires_at)|(id)|(invitation_url)|(invitee)|(inviter)|(organization_id)|(roles))(,((app_metadata)|(user_metadata)|(client_id)|(connection_id)|(created_at)|(expires_at)|(id)|(invitation_url)|(invitee)|(inviter)|(organization_id)|(roles)))*$ - name: include_fields in: query description: Whether specified fields are to be included (true) or excluded (false). Defaults to true. schema: type: boolean - name: sort in: query description: Field to sort by. Use field:order where order is 1 for ascending and -1 for descending Defaults to created_at:-1. schema: type: string pattern: ^((created_at))\:(1|-1)$ responses: '200': description: Invitations successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListOrganizationInvitationsResponseContent' '400': description: Requesting page exceeds the allowed maximum of 1000 records x-description-0: Invalid request query string. The message will vary depending on the cause. '401': description: Client is not global. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Invalid token. '403': description: 'Insufficient scope; expected any of: read:organization_invitations.' '404': description: No organization found by that id. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_invitations x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListOrganizationInvitationsRequestParameters x-operation-group: - organizations - invitations security: - bearerAuth: [] - oAuth2ClientCredentials: - read:organization_invitations post: summary: Create Invitations to an Organization description: "Create a user invitation for a specific Organization. Upon creation, the listed user receives an email inviting them to join the Organization.\ \ To learn more about Organization invitations, review Invite Organization Members. \n" tags: - organizations parameters: - name: id in: path description: Organization identifier. required: true schema: type: string maxLength: 50 requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateOrganizationInvitationRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateOrganizationInvitationRequestContent' responses: '200': description: Invitation successfully created. content: application/json: schema: $ref: '#/components/schemas/CreateOrganizationInvitationResponseContent' '400': description: A default login route is required to generate the invitation url. For more information, see https://auth0.com/docs/universal-login/configure-default-login-routes x-description-1: 'One or more of the specified roles do not exist: rol_0000000000000001, rol_0000000000000002' x-description-2: Passwordless connections are not supported. x-description-3: The specified client_id does not allow organizations. x-description-4: The specified client_id does not exist. x-description-5: The specified connection (con_0000000000000001) is not enabled for the organization x-description-6: The specified connection does not exist. x-description-0: Invalid request body. The message will vary depending on the cause. '401': description: Client is not global. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Invalid token. '403': description: 'Insufficient scope; expected any of: create:organization_invitations.' '404': description: No organization found by that id. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_invitations x-release-lifecycle: GA x-operation-name: create x-operation-group: - organizations - invitations security: - bearerAuth: [] - oAuth2ClientCredentials: - create:organization_invitations /organizations/{id}/invitations/{invitation_id}: get: summary: Get a Specific Invitation to an Organization tags: - organizations parameters: - name: id in: path description: Organization identifier. required: true schema: type: string maxLength: 50 - name: invitation_id in: path description: The id of the user invitation. required: true schema: type: string - name: fields in: query description: Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields. schema: type: string pattern: ^((app_metadata)|(user_metadata)|(client_id)|(connection_id)|(created_at)|(expires_at)|(id)|(invitation_url)|(invitee)|(inviter)|(organization_id)|(roles))(,((app_metadata)|(user_metadata)|(client_id)|(connection_id)|(created_at)|(expires_at)|(id)|(invitation_url)|(invitee)|(inviter)|(organization_id)|(roles)))*$ - name: include_fields in: query description: Whether specified fields are to be included (true) or excluded (false). Defaults to true. schema: type: boolean responses: '200': description: Invitation successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetOrganizationInvitationResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. '401': description: Client is not global. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Invalid token. '403': description: 'Insufficient scope; expected any of: read:organization_invitations.' '404': description: No organization found by that id. x-description-1: The invitation does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_invitations_by_invitation_id x-release-lifecycle: GA x-operation-name: get x-operation-request-parameters-name: GetOrganizationInvitationRequestParameters x-operation-group: - organizations - invitations security: - bearerAuth: [] - oAuth2ClientCredentials: - read:organization_invitations delete: summary: Delete an Invitation to an Organization tags: - organizations parameters: - name: id in: path description: Organization identifier. required: true schema: type: string maxLength: 50 - name: invitation_id in: path description: The id of the user invitation. required: true schema: type: string responses: '204': description: Invitation successfully deleted. '401': description: Client is not global. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Invalid token. '403': description: 'Insufficient scope; expected any of: delete:organization_invitations.' '404': description: No organization found by that id. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_invitations_by_invitation_id x-release-lifecycle: GA x-operation-name: delete x-operation-group: - organizations - invitations security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:organization_invitations /organizations/{id}/members: get: summary: Get Members Who Belong to an Organization description: "List organization members.\nThis endpoint is subject to eventual consistency. New users may not be immediately included in the response and deleted\ \ users may not be immediately removed from it.\n\n
    \n
  • \n Use the fields parameter to optionally define the specific member details\ \ retrieved. If fields is left blank, all fields (except roles) are returned.\n
    • \n
  • \n Member roles are not sent by default. Use\ \ fields=roles to retrieve the roles assigned to each listed member. To use this parameter, you must include the read:organization_member_roles\ \ scope in the token.\n
    • \n
\n\nThis endpoint supports two types of pagination:\n\n- Offset pagination\n- Checkpoint pagination\n\nCheckpoint pagination\ \ must be used if you need to retrieve more than 1000 organization members.\n\n

Checkpoint Pagination

\n\nTo search by checkpoint, use the following\ \ parameters: - from: Optional id from which to start selection. - take: The total amount of entries to retrieve when using the from parameter. Defaults to\ \ 50. Note: The first time you call this endpoint using Checkpoint Pagination, you should omit the from parameter. If there are more results,\ \ a next value will be included in the response. You can use this for subsequent API calls. When next is no longer included in the\ \ response, this indicates there are no more pages remaining.\n" tags: - organizations parameters: - name: id in: path description: Organization identifier. required: true schema: type: string maxLength: 50 - name: page in: query description: Page index of the results to return. First page is 0. schema: type: integer minimum: 0 maximum: 1000 - name: per_page in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 - name: include_totals in: query description: Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). schema: type: boolean - name: from in: query description: Optional Id from which to start selection. schema: type: string - name: take in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 - name: fields in: query description: Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields. schema: type: string pattern: ^((user_id)|(email)|(picture)|(name)|(roles))(,((user_id)|(email)|(picture)|(name)|(roles)))*$ - name: include_fields in: query description: Whether specified fields are to be included (true) or excluded (false). schema: type: boolean responses: '200': description: Members successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListOrganizationMembersResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. x-description-1: Invalid query string paging options. The message will vary depending on the cause '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:organization_members, read:organization_member_roles.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_organization_members x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListOrganizationMembersRequestParameters x-operation-group: - organizations - members security: - bearerAuth: [] - oAuth2ClientCredentials: - read:organization_members delete: summary: Delete Members from an Organization tags: - organizations parameters: - name: id in: path description: Organization identifier. required: true schema: type: string maxLength: 50 requestBody: content: application/json: schema: $ref: '#/components/schemas/DeleteOrganizationMembersRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/DeleteOrganizationMembersRequestContent' responses: '204': description: Users successfully removed from organization. '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: delete:organization_members.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_members x-release-lifecycle: GA x-operation-name: delete x-operation-group: - organizations - members security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:organization_members post: summary: Add Members to an Organization description: 'Set one or more existing users as members of a specific Organization. To add a user to an Organization through this action, the user must already exist in your tenant. If a user does not yet exist, you can invite them to create an account, manually create them through the Auth0 Dashboard, or use the Management API. ' tags: - organizations parameters: - name: id in: path description: Organization identifier. required: true schema: type: string maxLength: 50 requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateOrganizationMemberRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateOrganizationMemberRequestContent' responses: '204': description: Members successfully added to organization. '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: create:organization_members.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_members x-release-lifecycle: GA x-operation-name: create x-operation-group: - organizations - members security: - bearerAuth: [] - oAuth2ClientCredentials: - create:organization_members /organizations/{id}/members/{user_id}/roles: get: summary: Get User Roles Assigned to an Organization Member description: "Retrieve detailed list of roles assigned to a given user within the context of a specific Organization. \n\nUsers can be members of multiple Organizations\ \ with unique roles assigned for each membership. This action only returns the roles associated with the specified Organization; any roles assigned to the\ \ user within other Organizations are not included.\n" tags: - organizations parameters: - name: id in: path description: Organization identifier. required: true schema: type: string maxLength: 50 - name: user_id in: path description: ID of the user to associate roles with. required: true schema: type: string - name: page in: query description: Page index of the results to return. First page is 0. schema: type: integer minimum: 0 maximum: 1000 - name: per_page in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 - name: include_totals in: query description: Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). schema: type: boolean responses: '200': description: Roles successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListOrganizationMemberRolesResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. x-description-1: Invalid query string paging options. The message will vary depending on the cause '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:organization_member_roles.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_organization_member_roles x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListOrganizationMemberRolesRequestParameters x-operation-group: - organizations - members - roles security: - bearerAuth: [] - oAuth2ClientCredentials: - read:organization_member_roles delete: summary: Delete User Roles from an Organization Member description: 'Remove one or more Organization-specific roles from a given user. Users can be members of multiple Organizations with unique roles assigned for each membership. This action removes roles from a user in relation to the specified Organization. Roles assigned to the user within a different Organization cannot be managed in the same call. ' tags: - organizations parameters: - name: id in: path description: Organization identifier. required: true schema: type: string maxLength: 50 - name: user_id in: path description: User ID of the organization member to remove roles from. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/DeleteOrganizationMemberRolesRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/DeleteOrganizationMemberRolesRequestContent' responses: '204': description: Roles successfully removed from organization member. '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: delete:organization_member_roles.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_organization_member_roles x-release-lifecycle: GA x-operation-name: delete x-operation-group: - organizations - members - roles security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:organization_member_roles post: summary: Assign User Roles to an Organization Member description: 'Assign one or more roles to a user to determine their access for a specific Organization. Users can be members of multiple Organizations with unique roles assigned for each membership. This action assigns roles to a user only for the specified Organization. Roles cannot be assigned to a user across multiple Organizations in the same call. ' tags: - organizations parameters: - name: id in: path description: Organization identifier. required: true schema: type: string maxLength: 50 - name: user_id in: path description: ID of the user to associate roles with. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/AssignOrganizationMemberRolesRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/AssignOrganizationMemberRolesRequestContent' responses: '204': description: Roles successfully associated with user. '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: create:organization_member_roles.' '409': description: No more roles can be assigned to this organization member. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_organization_member_roles x-release-lifecycle: GA x-operation-name: assign x-operation-group: - organizations - members - roles security: - bearerAuth: [] - oAuth2ClientCredentials: - create:organization_member_roles /prompts: get: summary: Get Prompt Settings description: Retrieve details of the Universal Login configuration of your tenant. This includes the Identifier First Authentication and WebAuthn with Device Biometrics for MFA features. tags: - prompts responses: '200': description: Prompt settings successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetSettingsResponseContent' '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: The specified client cannot perform the requested operation. x-description-1: 'Insufficient scope; expected any of: read:prompts.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_prompts x-release-lifecycle: GA x-operation-name: getSettings x-operation-group: prompts security: - bearerAuth: [] - oAuth2ClientCredentials: - read:prompts patch: summary: Update Prompt Settings description: Update the Universal Login configuration of your tenant. This includes the Identifier First Authentication and WebAuthn with Device Biometrics for MFA features. tags: - prompts requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateSettingsRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateSettingsRequestContent' responses: '200': description: Prompts settings successfully updated. content: application/json: schema: $ref: '#/components/schemas/UpdateSettingsResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: update:prompts.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_prompts x-release-lifecycle: GA x-operation-name: updateSettings x-operation-group: prompts security: - bearerAuth: [] - oAuth2ClientCredentials: - update:prompts /prompts/rendering: get: summary: Get Render Setting Configurations for All Screens description: Get render setting configurations for all screens. tags: - prompts parameters: - name: fields in: query description: Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields. schema: type: string pattern: ^((rendering_mode)|(prompt)|(screen)|(context_configuration)|(default_head_tags_disabled)|(head_tags))(,((rendering_mode)|(prompt)|(screen)|(context_configuration)|(default_head_tags_disabled)|(head_tags)))*$ - name: include_fields in: query description: 'Whether specified fields are to be included (default: true) or excluded (false).' schema: type: boolean - name: page in: query description: Page index of the results to return. First page is 0. schema: type: integer minimum: 0 - name: per_page in: query description: Number of results per page. Maximum value is 100, default value is 50. schema: type: integer minimum: 1 maximum: 100 - name: include_totals in: query description: Return results inside an object that contains the total configuration count (true) or as a direct array of results (false, default). schema: type: boolean - name: prompt in: query description: Name of the prompt to filter by schema: type: string pattern: ^((login)|(login-id)|(login-password)|(login-passwordless)|(login-email-verification)|(signup)|(signup-id)|(signup-password)|(phone-identifier-enrollment)|(phone-identifier-challenge)|(email-identifier-challenge)|(reset-password)|(custom-form)|(consent)|(customized-consent)|(logout)|(mfa-push)|(mfa-otp)|(mfa-voice)|(mfa-phone)|(mfa-webauthn)|(mfa-sms)|(mfa-email)|(mfa-recovery-code)|(mfa)|(status)|(device-flow)|(email-verification)|(email-otp-challenge)|(organizations)|(invitation)|(common)|(passkeys)|(captcha)|(brute-force-protection)|(async-approval-flow))(,((login)|(login-id)|(login-password)|(login-passwordless)|(login-email-verification)|(signup)|(signup-id)|(signup-password)|(phone-identifier-enrollment)|(phone-identifier-challenge)|(email-identifier-challenge)|(reset-password)|(custom-form)|(consent)|(customized-consent)|(logout)|(mfa-push)|(mfa-otp)|(mfa-voice)|(mfa-phone)|(mfa-webauthn)|(mfa-sms)|(mfa-email)|(mfa-recovery-code)|(mfa)|(status)|(device-flow)|(email-verification)|(email-otp-challenge)|(organizations)|(invitation)|(common)|(passkeys)|(captcha)|(brute-force-protection)|(async-approval-flow)))*$ - name: screen in: query description: Name of the screen to filter by schema: type: string pattern: ^((login)|(login-id)|(login-password)|(login-passwordless-email-code)|(login-passwordless-email-link)|(login-passwordless-sms-otp)|(login-email-verification)|(signup)|(signup-id)|(signup-password)|(phone-identifier-enrollment)|(phone-identifier-challenge)|(email-identifier-challenge)|(reset-password-request)|(reset-password-email)|(reset-password)|(reset-password-success)|(reset-password-error)|(reset-password-mfa-email-challenge)|(reset-password-mfa-otp-challenge)|(reset-password-mfa-phone-challenge)|(reset-password-mfa-push-challenge-push)|(reset-password-mfa-recovery-code-challenge)|(reset-password-mfa-sms-challenge)|(reset-password-mfa-voice-challenge)|(reset-password-mfa-webauthn-platform-challenge)|(reset-password-mfa-webauthn-roaming-challenge)|(custom-form)|(consent)|(customized-consent)|(logout)|(logout-complete)|(logout-aborted)|(mfa-push-welcome)|(mfa-push-enrollment-qr)|(mfa-push-enrollment-code)|(mfa-push-success)|(mfa-push-challenge-push)|(mfa-push-list)|(mfa-otp-enrollment-qr)|(mfa-otp-enrollment-code)|(mfa-otp-challenge)|(mfa-voice-enrollment)|(mfa-voice-challenge)|(mfa-phone-challenge)|(mfa-phone-enrollment)|(mfa-webauthn-platform-enrollment)|(mfa-webauthn-roaming-enrollment)|(mfa-webauthn-platform-challenge)|(mfa-webauthn-roaming-challenge)|(mfa-webauthn-change-key-nickname)|(mfa-webauthn-enrollment-success)|(mfa-webauthn-error)|(mfa-webauthn-not-available-error)|(mfa-country-codes)|(mfa-sms-enrollment)|(mfa-sms-challenge)|(mfa-sms-list)|(mfa-email-challenge)|(mfa-email-list)|(mfa-recovery-code-enrollment)|(mfa-recovery-code-challenge-new-code)|(mfa-recovery-code-challenge)|(mfa-detect-browser-capabilities)|(mfa-enroll-result)|(mfa-login-options)|(mfa-begin-enroll-options)|(status)|(device-code-activation)|(device-code-activation-allowed)|(device-code-activation-denied)|(device-code-confirmation)|(email-verification-result)|(email-otp-challenge)|(organization-selection)|(organization-picker)|(pre-login-organization-picker)|(accept-invitation)|(redeem-ticket)|(passkey-enrollment)|(passkey-enrollment-local)|(interstitial-captcha)|(brute-force-protection-unblock)|(brute-force-protection-unblock-success)|(brute-force-protection-unblock-failure)|(async-approval-error)|(async-approval-accepted)|(async-approval-denied)|(async-approval-wrong-user))(,((login)|(login-id)|(login-password)|(login-passwordless-email-code)|(login-passwordless-email-link)|(login-passwordless-sms-otp)|(login-email-verification)|(signup)|(signup-id)|(signup-password)|(phone-identifier-enrollment)|(phone-identifier-challenge)|(email-identifier-challenge)|(reset-password-request)|(reset-password-email)|(reset-password)|(reset-password-success)|(reset-password-error)|(reset-password-mfa-email-challenge)|(reset-password-mfa-otp-challenge)|(reset-password-mfa-phone-challenge)|(reset-password-mfa-push-challenge-push)|(reset-password-mfa-recovery-code-challenge)|(reset-password-mfa-sms-challenge)|(reset-password-mfa-voice-challenge)|(reset-password-mfa-webauthn-platform-challenge)|(reset-password-mfa-webauthn-roaming-challenge)|(custom-form)|(consent)|(customized-consent)|(logout)|(logout-complete)|(logout-aborted)|(mfa-push-welcome)|(mfa-push-enrollment-qr)|(mfa-push-enrollment-code)|(mfa-push-success)|(mfa-push-challenge-push)|(mfa-push-list)|(mfa-otp-enrollment-qr)|(mfa-otp-enrollment-code)|(mfa-otp-challenge)|(mfa-voice-enrollment)|(mfa-voice-challenge)|(mfa-phone-challenge)|(mfa-phone-enrollment)|(mfa-webauthn-platform-enrollment)|(mfa-webauthn-roaming-enrollment)|(mfa-webauthn-platform-challenge)|(mfa-webauthn-roaming-challenge)|(mfa-webauthn-change-key-nickname)|(mfa-webauthn-enrollment-success)|(mfa-webauthn-error)|(mfa-webauthn-not-available-error)|(mfa-country-codes)|(mfa-sms-enrollment)|(mfa-sms-challenge)|(mfa-sms-list)|(mfa-email-challenge)|(mfa-email-list)|(mfa-recovery-code-enrollment)|(mfa-recovery-code-challenge-new-code)|(mfa-recovery-code-challenge)|(mfa-detect-browser-capabilities)|(mfa-enroll-result)|(mfa-login-options)|(mfa-begin-enroll-options)|(status)|(device-code-activation)|(device-code-activation-allowed)|(device-code-activation-denied)|(device-code-confirmation)|(email-verification-result)|(email-otp-challenge)|(organization-selection)|(organization-picker)|(pre-login-organization-picker)|(accept-invitation)|(redeem-ticket)|(passkey-enrollment)|(passkey-enrollment-local)|(interstitial-captcha)|(brute-force-protection-unblock)|(brute-force-protection-unblock-success)|(brute-force-protection-unblock-failure)|(async-approval-error)|(async-approval-accepted)|(async-approval-denied)|(async-approval-wrong-user)))*$ - name: rendering_mode in: query description: Rendering mode to filter by schema: $ref: '#/components/schemas/AculRenderingModeEnum' responses: '200': description: ACUL settings successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListAculsResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '402': description: A paid subscription is required to use Advanced Customizations. '403': description: 'Insufficient scope; expected any of: read:prompts.' x-description-1: This tenant does not have Advanced Customizations enabled. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_all_rendering x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListAculsRequestParameters x-operation-group: - prompts - rendering security: - bearerAuth: [] - oAuth2ClientCredentials: - read:prompts patch: summary: Update Render Settings for Multiple Screens description: 'Learn more about configuring render settings for advanced customization. ' tags: - prompts requestBody: content: application/json: schema: $ref: '#/components/schemas/BulkUpdateAculRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/BulkUpdateAculRequestContent' responses: '200': description: ACUL settings successfully updated. content: application/json: schema: $ref: '#/components/schemas/BulkUpdateAculResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. x-description-1: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '402': description: A paid subscription is required to use Advanced Customizations. '403': description: 'Insufficient scope; expected any of: update:prompts.' x-description-1: This tenant does not have Advanced Customizations enabled. x-description-2: This screen is not available in Advanced Customizations '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_bulk_rendering x-release-lifecycle: GA x-operation-name: bulkUpdate x-operation-group: - prompts - rendering security: - bearerAuth: [] - oAuth2ClientCredentials: - update:prompts /prompts/{prompt}/custom-text/{language}: get: summary: Get Custom Text for a Prompt description: Retrieve custom text for a specific prompt and language. tags: - prompts parameters: - name: prompt in: path description: Name of the prompt. required: true schema: $ref: '#/components/schemas/PromptGroupNameEnum' - name: language in: path description: Language to update. required: true schema: $ref: '#/components/schemas/PromptLanguageEnum' responses: '200': description: Prompt dictionaries successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetCustomTextsByLanguageResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:prompts.' '404': description: The prompt does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_custom-text_by_language x-release-lifecycle: GA x-operation-name: get x-operation-group: - prompts - customText security: - bearerAuth: [] - oAuth2ClientCredentials: - read:prompts put: summary: Set Custom Text for a Specific Prompt description: Set custom text for a specific prompt. Existing texts will be overwritten. tags: - prompts parameters: - name: prompt in: path description: Name of the prompt. required: true schema: $ref: '#/components/schemas/PromptGroupNameEnum' - name: language in: path description: Language to update. required: true schema: $ref: '#/components/schemas/PromptLanguageEnum' requestBody: content: application/json: schema: $ref: '#/components/schemas/SetsCustomTextsByLanguageRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/SetsCustomTextsByLanguageRequestContent' responses: '200': description: Prompt dictionaries successfully updated. '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: update:prompts.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: put_custom-text_by_language x-release-lifecycle: GA x-operation-name: set x-operation-group: - prompts - customText security: - bearerAuth: [] - oAuth2ClientCredentials: - update:prompts /prompts/{prompt}/partials: get: summary: Get Partials for a Prompt description: Get template partials for a prompt tags: - prompts parameters: - name: prompt in: path description: Name of the prompt. required: true schema: $ref: '#/components/schemas/PartialGroupsEnum' responses: '200': description: Prompt partials successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetPartialsResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:prompts.' x-description-1: Permission Denied. This feature is not available on this plan. '404': description: The prompt does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_partials x-release-lifecycle: GA x-operation-name: get x-operation-group: - prompts - partials security: - bearerAuth: [] - oAuth2ClientCredentials: - read:prompts put: summary: Set Partials for a Prompt description: Set template partials for a prompt tags: - prompts parameters: - name: prompt in: path description: Name of the prompt. required: true schema: $ref: '#/components/schemas/PartialGroupsEnum' requestBody: content: application/json: schema: $ref: '#/components/schemas/SetPartialsRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/SetPartialsRequestContent' responses: '200': description: Template partials successfully updated. '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: update:prompts.' x-description-1: Permission Denied. This feature is not available on this plan. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: put_partials x-release-lifecycle: GA x-operation-name: set x-operation-group: - prompts - partials security: - bearerAuth: [] - oAuth2ClientCredentials: - update:prompts /prompts/{prompt}/screen/{screen}/rendering: get: summary: Get Render Settings for a Screen description: Get render settings for a screen. tags: - prompts parameters: - name: prompt in: path description: Name of the prompt required: true schema: $ref: '#/components/schemas/PromptGroupNameEnum' - name: screen in: path description: Name of the screen required: true schema: $ref: '#/components/schemas/ScreenGroupNameEnum' responses: '200': description: ACUL settings successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetAculResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '402': description: A paid subscription is required to use Advanced Customizations. '403': description: 'Insufficient scope; expected any of: read:prompts.' x-description-1: This tenant does not have Advanced Customizations enabled. x-description-2: This screen is not available in Advanced Customizations '404': description: The prompt does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_rendering x-release-lifecycle: GA x-operation-name: get x-operation-group: - prompts - rendering security: - bearerAuth: [] - oAuth2ClientCredentials: - read:prompts patch: summary: Update Render Settings for a Screen description: 'Learn more about configuring render settings for advanced customization. ' tags: - prompts parameters: - name: prompt in: path description: Name of the prompt required: true schema: $ref: '#/components/schemas/PromptGroupNameEnum' - name: screen in: path description: Name of the screen required: true schema: $ref: '#/components/schemas/ScreenGroupNameEnum' requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateAculRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateAculRequestContent' responses: '200': description: ACUL settings successfully updated. content: application/json: schema: $ref: '#/components/schemas/UpdateAculResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. x-description-1: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '402': description: A paid subscription is required to use Advanced Customizations. '403': description: 'Insufficient scope; expected any of: update:prompts.' x-description-1: This tenant does not have Advanced Customizations enabled. x-description-2: This screen is not available in Advanced Customizations '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_rendering x-release-lifecycle: GA x-operation-name: update x-operation-group: - prompts - rendering security: - bearerAuth: [] - oAuth2ClientCredentials: - update:prompts /refresh-tokens: get: summary: Get Refresh Tokens description: Retrieve a paginated list of refresh tokens for a specific user, with optional filtering by client ID. Results are sorted by credential_id ascending. tags: - refresh-tokens parameters: - name: user_id in: query description: ID of the user whose refresh tokens to retrieve. Required. required: true schema: type: string - name: client_id in: query description: Filter results by client ID. Only valid when user_id is provided. schema: type: string - name: from in: query description: An opaque cursor from which to start the selection (exclusive). Expires after 24 hours. Obtained from the next property of a previous response. schema: type: string - name: take in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 - name: fields in: query description: Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields. schema: type: string - name: include_fields in: query description: Whether specified fields are to be included (true) or excluded (false). schema: type: boolean responses: '200': description: The refresh tokens were retrieved. content: application/json: schema: $ref: '#/components/schemas/GetRefreshTokensPaginatedResponseContent' '400': description: Missing required 'user_id' parameter. x-description-1: The checkpoint ID provided in the 'from' parameter has expired or is invalid, please remove the checkpoint ID and try again '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation '403': description: 'Insufficient scope, expected any of: read:refresh_tokens' '404': description: User not found x-description-1: The client does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_refresh_tokens x-release-lifecycle: EA x-operation-name: list x-operation-request-parameters-name: GetRefreshTokensRequestParameters x-operation-group: refreshTokens security: - bearerAuth: [] - oAuth2ClientCredentials: - read:refresh_tokens /refresh-tokens/revoke: post: summary: Revoke Refresh Tokens description: Revoke refresh tokens in bulk by ID list, user, user+client, or client. tags: - refresh-tokens requestBody: content: application/json: schema: $ref: '#/components/schemas/RevokeRefreshTokensRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/RevokeRefreshTokensRequestContent' responses: '202': description: Refresh token revocation request accepted. '400': description: Invalid request body. The message will vary depending on the cause. x-description-1: Invalid combination of parameters. x-description-2: 'API doesn''t support Online Refresh Tokens. To revoke an Online Refresh Token, use the Sessions API: POST /api/v2/sessions/{session_id}/revoke' x-description-3: User not found. x-description-4: Client not found. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected: delete:refresh_tokens' x-description-1: This feature is not enabled for this tenant. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: revoke_refresh_tokens x-release-lifecycle: EA x-operation-name: revoke x-operation-group: refreshTokens security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:refresh_tokens /refresh-tokens/{id}: get: summary: Get a Refresh Token description: Retrieve refresh token information. tags: - refresh-tokens parameters: - name: id in: path description: ID refresh token to retrieve required: true schema: type: string responses: '200': description: The refresh token was retrieved content: application/json: schema: $ref: '#/components/schemas/GetRefreshTokenResponseContent' '400': description: API doesn't support Online Refresh Tokens '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation '403': description: 'Insufficient scope, expected: read:refresh_tokens' '404': description: The refresh token does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_refresh_token x-release-lifecycle: GA x-operation-name: get x-operation-group: refreshTokens security: - bearerAuth: [] - oAuth2ClientCredentials: - read:refresh_tokens delete: summary: Delete a Refresh Token description: Delete a refresh token by its ID. tags: - refresh-tokens parameters: - name: id in: path description: ID of the refresh token to delete. required: true schema: type: string responses: '202': description: Refresh token deletion request accepted. '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: 'API doesn''t support Online Refresh Tokens. To revoke an Online Refresh Token, use the Sessions API: POST /api/v2/sessions/{session_id}/revoke' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected: delete:refresh_tokens' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_refresh_token x-release-lifecycle: GA x-operation-name: delete x-operation-group: refreshTokens security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:refresh_tokens patch: summary: Update a Refresh Token description: Update a refresh token by its ID. tags: - refresh-tokens parameters: - name: id in: path description: ID of the refresh token to update. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateRefreshTokenRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateRefreshTokenRequestContent' responses: '200': description: Refresh token successfully updated. content: application/json: schema: $ref: '#/components/schemas/UpdateRefreshTokenResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected: update:refresh_tokens.' x-description-1: The account is not allowed to perform this operation. x-description-2: Subscription missing entitlement. x-description-3: This feature is not enabled for this tenant. '404': description: The refresh token does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_refresh-tokens_by_id x-release-lifecycle: GA x-operation-name: update x-operation-group: refreshTokens security: - bearerAuth: [] - oAuth2ClientCredentials: - update:refresh_tokens /resource-servers: get: summary: Get Resource Servers description: Retrieve details of all APIs associated with your tenant. tags: - resource-servers parameters: - name: identifiers in: query description: An optional filter on the resource server identifier. Must be URL encoded and may be specified multiple times (max 10).
e.g. ../resource-servers?identifiers=id1&identifiers=id2 style: form explode: true schema: type: array items: type: string minLength: 1 - name: page in: query description: Page index of the results to return. First page is 0. schema: type: integer minimum: 0 - name: per_page in: query description: Number of results per page. schema: type: integer minimum: 1 maximum: 100 - name: include_totals in: query description: Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). schema: type: boolean - name: include_fields in: query description: Whether specified fields are to be included (true) or excluded (false). schema: type: boolean responses: '200': description: Resource servers successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListResourceServerResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope, expected any of: read:resource_servers.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_resource-servers x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListResourceServerRequestParameters x-operation-group: resourceServers security: - bearerAuth: [] - oAuth2ClientCredentials: - read:resource_servers post: summary: Create a Resource Server description: Create a new API associated with your tenant. Note that all new APIs must be registered with Auth0. For more information, read APIs. tags: - resource-servers requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateResourceServerRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateResourceServerRequestContent' responses: '201': description: Resource server successfully created. content: application/json: schema: $ref: '#/components/schemas/CreateResourceServerResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. x-description-1: The selected identifier is reserved. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: create:resource_servers.' x-description-1: You reached the limit of entities of this type for this tenant. '409': description: A resource server with the same identifier already exists. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_resource-servers x-release-lifecycle: GA x-operation-name: create x-operation-group: resourceServers security: - bearerAuth: [] - oAuth2ClientCredentials: - create:resource_servers /resource-servers/{id}: get: summary: Get a Resource Server description: Retrieve API details with the given ID. tags: - resource-servers parameters: - name: id in: path description: ID or audience of the resource server to retrieve. required: true schema: type: string - name: include_fields in: query description: Whether specified fields are to be included (true) or excluded (false). schema: type: boolean responses: '200': description: Resource server successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetResourceServerResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:resource_servers.' x-description-1: Some fields cannot be read with the permissions granted by the bearer token scopes. The message will vary depending on the fields and the scopes. '404': description: Resource server not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_resource-servers_by_id x-release-lifecycle: GA x-operation-name: get x-operation-request-parameters-name: GetResourceServerRequestParameters x-operation-group: resourceServers security: - bearerAuth: [] - oAuth2ClientCredentials: - read:resource_servers delete: summary: Delete a Resource Server description: Delete an existing API by ID. For more information, read API Settings. tags: - resource-servers parameters: - name: id in: path description: ID or the audience of the resource server to delete. required: true schema: type: string responses: '204': description: Resource server successfully deleted. '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: System resource servers cannot be deleted. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: delete:resource_servers.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_resource-servers_by_id x-release-lifecycle: GA x-operation-name: delete x-operation-group: resourceServers security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:resource_servers patch: summary: Update a Resource Server description: Change an existing API setting by resource server ID. For more information, read API Settings. tags: - resource-servers parameters: - name: id in: path description: ID or audience of the resource server to update. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateResourceServerRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateResourceServerRequestContent' responses: '201': description: Resource server successfully updated. content: application/json: schema: $ref: '#/components/schemas/UpdateResourceServerResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. x-description-1: System resource servers cannot be patched. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: update:resource_servers.' '409': description: A resource server with the same identifier already exists. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_resource-servers_by_id x-release-lifecycle: GA x-operation-name: update x-operation-group: resourceServers security: - bearerAuth: [] - oAuth2ClientCredentials: - update:resource_servers /risk-assessments/settings: get: summary: Get Risk Assessment Settings description: Gets the tenant settings for risk assessments tags: - risk-assessments responses: '200': description: Returning risk assessment settings for the tenant content: application/json: schema: $ref: '#/components/schemas/GetRiskAssessmentsSettingsResponseContent' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:attack_protection.' '404': description: The tenant does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_risk_assessments_settings x-release-lifecycle: GA x-operation-name: get x-operation-group: - riskAssessments - settings security: - bearerAuth: [] - oAuth2ClientCredentials: - read:attack_protection patch: summary: Update Risk Assessment Settings description: Updates the tenant settings for risk assessments tags: - risk-assessments requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateRiskAssessmentsSettingsRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateRiskAssessmentsSettingsRequestContent' responses: '200': description: Returning risk assessment settings for the tenant content: application/json: schema: $ref: '#/components/schemas/UpdateRiskAssessmentsSettingsResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: update:attack_protection.' '404': description: The tenant does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_risk_assessments_settings x-release-lifecycle: GA x-operation-name: update x-operation-group: - riskAssessments - settings security: - bearerAuth: [] - oAuth2ClientCredentials: - update:attack_protection /risk-assessments/settings/new-device: get: summary: Get New Device Assessor description: Gets the risk assessment settings for the new device assessor tags: - risk-assessments responses: '200': description: Returning risk assessment settings for new devices content: application/json: schema: $ref: '#/components/schemas/GetRiskAssessmentsSettingsNewDeviceResponseContent' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:attack_protection.' '404': description: The tenant does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_new-device x-release-lifecycle: GA x-operation-name: get x-operation-group: - riskAssessments - settings - newDevice security: - bearerAuth: [] - oAuth2ClientCredentials: - read:attack_protection patch: summary: Update New Device Assessor description: Updates the risk assessment settings for the new device assessor tags: - risk-assessments requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateRiskAssessmentsSettingsNewDeviceRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateRiskAssessmentsSettingsNewDeviceRequestContent' responses: '200': description: Returning risk assessment settings for new devices content: application/json: schema: $ref: '#/components/schemas/UpdateRiskAssessmentsSettingsNewDeviceResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: update:attack_protection.' '404': description: The tenant does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_new-device x-release-lifecycle: GA x-operation-name: update x-operation-group: - riskAssessments - settings - newDevice security: - bearerAuth: [] - oAuth2ClientCredentials: - update:attack_protection /roles: get: summary: Get Roles description: 'Retrieve detailed list of user roles created in your tenant. Note: The returned list does not include standard roles available for tenant members, such as Admin or Support Access. ' tags: - roles parameters: - name: per_page in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 - name: page in: query description: Page index of the results to return. First page is 0. schema: type: integer minimum: 0 - name: include_totals in: query description: Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). schema: type: boolean - name: name_filter in: query description: Optional filter on name (case-insensitive). schema: type: string responses: '200': description: Roles successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListRolesResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected: read:roles.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_roles x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListRolesRequestParameters x-operation-group: roles security: - bearerAuth: [] - oAuth2ClientCredentials: - read:roles post: summary: Create a Role description: 'Create a user role for Role-Based Access Control. Note: New roles are not associated with any permissions by default. To assign existing permissions to your role, review Associate Permissions with a Role. To create new permissions, review Add API Permissions. ' tags: - roles requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateRoleRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateRoleRequestContent' responses: '200': description: Role successfully created. content: application/json: schema: $ref: '#/components/schemas/CreateRoleResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected: create:roles.' '409': description: The role already exists. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_roles x-release-lifecycle: GA x-operation-name: create x-operation-group: roles security: - bearerAuth: [] - oAuth2ClientCredentials: - create:roles /roles/{id}: get: summary: Get a Role description: 'Retrieve details about a specific user role specified by ID. ' tags: - roles parameters: - name: id in: path description: ID of the role to retrieve. required: true schema: type: string responses: '200': description: Role successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetRoleResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected: read:roles.' '404': description: Role not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_roles_by_id x-release-lifecycle: GA x-operation-name: get x-operation-group: roles security: - bearerAuth: [] - oAuth2ClientCredentials: - read:roles delete: summary: Delete a Role description: 'Delete a specific user role from your tenant. Once deleted, it is removed from any user who was previously assigned that role. This action cannot be undone. ' tags: - roles parameters: - name: id in: path description: ID of the role to delete. required: true schema: type: string responses: '200': description: Role successfully deleted. '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected: delete:roles.' '404': description: Role not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_roles_by_id x-release-lifecycle: GA x-operation-name: delete x-operation-group: roles security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:roles patch: summary: Update a Role description: 'Modify the details of a specific user role specified by ID. ' tags: - roles parameters: - name: id in: path description: ID of the role to update. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateRoleRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateRoleRequestContent' responses: '200': description: Role successfully updated. content: application/json: schema: $ref: '#/components/schemas/UpdateRoleResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected: update:roles.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_roles_by_id x-release-lifecycle: GA x-operation-name: update x-operation-group: roles security: - bearerAuth: [] - oAuth2ClientCredentials: - update:roles /roles/{id}/permissions: get: summary: Get Permissions Granted by Role description: 'Retrieve detailed list (name, description, resource server) of permissions granted by a specified user role. ' tags: - roles parameters: - name: id in: path description: ID of the role to list granted permissions. required: true schema: type: string - name: per_page in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 - name: page in: query description: Page index of the results to return. First page is 0. schema: type: integer minimum: 0 - name: include_totals in: query description: Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). schema: type: boolean responses: '200': description: Role permissions successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListRolePermissionsResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected: read:roles.' '404': description: Role not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_role_permission x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListRolePermissionsRequestParameters x-operation-group: - roles - permissions security: - bearerAuth: [] - oAuth2ClientCredentials: - read:roles delete: summary: Remove Permissions from a Role description: 'Remove one or more permissions from a specified user role. ' tags: - roles parameters: - name: id in: path description: ID of the role to remove permissions from. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/DeleteRolePermissionsRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/DeleteRolePermissionsRequestContent' responses: '200': description: Role permissions successfully updated. '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected: update:roles.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_role_permission_assignment x-release-lifecycle: GA x-operation-name: delete x-operation-group: - roles - permissions security: - bearerAuth: [] - oAuth2ClientCredentials: - update:roles post: summary: Associate Permissions with a Role description: 'Add one or more permissions to a specified user role. ' tags: - roles parameters: - name: id in: path description: ID of the role to add permissions to. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/AddRolePermissionsRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/AddRolePermissionsRequestContent' responses: '201': description: Role permissions updated. '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected: update:roles.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_role_permission_assignment x-release-lifecycle: GA x-operation-name: add x-operation-group: - roles - permissions security: - bearerAuth: [] - oAuth2ClientCredentials: - update:roles /roles/{id}/users: get: summary: Get a Role's Users description: 'Retrieve list of users associated with a specific role. For Dashboard instructions, review View Users Assigned to Roles. This endpoint supports two types of pagination:
  • Offset pagination
  • Checkpoint pagination
Checkpoint pagination must be used if you need to retrieve more than 1000 organization members.

Checkpoint Pagination

To search by checkpoint, use the following parameters:
  • from: Optional id from which to start selection.
  • take: The total amount of entries to retrieve when using the from parameter. Defaults to 50.
Note: The first time you call this endpoint using checkpoint pagination, omit the from parameter. If there are more results, a next value is included in the response. You can use this for subsequent API calls. When next is no longer included in the response, no pages are remaining. ' tags: - roles parameters: - name: id in: path description: ID of the role to retrieve a list of users associated with. required: true schema: type: string - name: per_page in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 - name: page in: query description: Page index of the results to return. First page is 0. schema: type: integer minimum: 0 - name: include_totals in: query description: Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). schema: type: boolean - name: from in: query description: Optional Id from which to start selection. schema: type: string - name: take in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 responses: '200': description: Role users successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListRoleUsersResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected all of: read:users, read:roles.' '404': description: Role not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_role_user x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListRoleUsersRequestParameters x-operation-group: - roles - users security: - bearerAuth: [] - oAuth2ClientCredentials: - read:users - read:roles - read:role_members post: summary: Assign Users to a Role description: 'Assign one or more users to an existing user role. To learn more, review Role-Based Access Control. Note: New roles cannot be created through this action. ' tags: - roles parameters: - name: id in: path description: ID of the role to assign users to. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/AssignRoleUsersRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/AssignRoleUsersRequestContent' responses: '200': description: Role users successfully updated. '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected: update:roles.' '404': description: Role not found. x-description-1: One or more of the users do not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_role_users x-release-lifecycle: GA x-operation-name: assign x-operation-group: - roles - users security: - bearerAuth: [] - oAuth2ClientCredentials: - update:roles - create:role_members /rules: get: summary: Get Rules description: 'Retrieve a filtered list of rules. Accepts a list of fields to include or exclude. ' tags: - rules parameters: - name: page in: query description: Page index of the results to return. First page is 0. schema: type: integer minimum: 0 - name: per_page in: query description: Number of results per page. schema: type: integer minimum: 0 maximum: 100 - name: include_totals in: query description: Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). schema: type: boolean - name: enabled in: query description: Optional filter on whether a rule is enabled (true) or disabled (false). schema: type: boolean - name: fields in: query description: Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields. schema: type: string pattern: ^((name)|(enabled)|(script)|(order)|(id)|(stage))(,((name)|(enabled)|(script)|(order)|(id)|(stage)))*$ - name: include_fields in: query description: Whether specified fields are to be included (true) or excluded (false). schema: type: boolean responses: '200': description: Rules successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListRulesResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:rules.' '404': description: Rule not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_rules x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListRulesRequestParameters x-operation-group: rules security: - bearerAuth: [] - oAuth2ClientCredentials: - read:rules post: summary: Create a Rule description: 'Create a new rule. Note: Changing a rule''s stage of execution from the default login_success can change the rule''s function signature to have user omitted. ' tags: - rules requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateRuleRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateRuleRequestContent' responses: '201': description: Rule successfully created. content: application/json: schema: $ref: '#/components/schemas/CreateRuleResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:rules.' x-description-1: You reached the limit of entities of this type for this tenant. '409': description: A rule with the same name already exists. x-description-1: A rule with the same order already exists. x-description-2: A rule with the same execution stage already exists. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_rules x-release-lifecycle: GA x-operation-name: create x-operation-group: rules security: - bearerAuth: [] - oAuth2ClientCredentials: - create:rules /rules-configs: get: summary: Retrieve Config Variable Keys for Rules (get_rules-configs) description: "Retrieve rules config variable keys.\n\n Note: For security, config variable values cannot be retrieved outside rule execution." tags: - rules-configs responses: '200': description: Rules config keys successfully retrieved. content: application/json: schema: type: array items: $ref: '#/components/schemas/RulesConfig' '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:rules_configs.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_rules-configs x-release-lifecycle: GA x-operation-name: list x-operation-group: rulesConfigs security: - bearerAuth: [] - oAuth2ClientCredentials: - read:rules_configs /rules-configs/{key}: delete: summary: Delete Rules Config for a Given Key description: Delete a rules config variable identified by its key. tags: - rules-configs parameters: - name: key in: path description: Key of the rules config variable to delete. required: true schema: type: string minLength: 1 maxLength: 127 pattern: ^[A-Za-z0-9_\-@*+:]*$ responses: '204': description: Rules config variable successfully removed. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: update:rules_configs.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_rules-configs_by_key x-release-lifecycle: GA x-operation-name: delete x-operation-group: rulesConfigs security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:rules_configs put: summary: Set Rules Config for a Given Key description: Sets a rules config variable. tags: - rules-configs parameters: - name: key in: path description: 'Key of the rules config variable to set (max length: 127 characters).' required: true schema: type: string minLength: 1 maxLength: 127 pattern: ^[A-Za-z0-9_\-@*+:]*$ requestBody: content: application/json: schema: $ref: '#/components/schemas/SetRulesConfigRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/SetRulesConfigRequestContent' responses: '200': description: Rules config variable successfully set. content: application/json: schema: $ref: '#/components/schemas/SetRulesConfigResponseContent' '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: update:rules_configs.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: put_rules-configs_by_key x-release-lifecycle: GA x-operation-name: set x-operation-group: rulesConfigs security: - bearerAuth: [] - oAuth2ClientCredentials: - update:rules_configs /rules/{id}: get: summary: Get a Rule description: 'Retrieve rule details. Accepts a list of fields to include or exclude in the result. ' tags: - rules parameters: - name: id in: path description: ID of the rule to retrieve. required: true schema: type: string pattern: ^rul_[A-Za-z0-9]{16}$ - name: fields in: query description: Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields. schema: type: string pattern: ^((name)|(enabled)|(script)|(order)|(id)|(stage))(,((name)|(enabled)|(script)|(order)|(id)|(stage)))*$ - name: include_fields in: query description: Whether specified fields are to be included (true) or excluded (false). schema: type: boolean responses: '200': description: Rule successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetRuleResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:rules.' '404': description: Rule not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_rules_by_id x-release-lifecycle: GA x-operation-name: get x-operation-request-parameters-name: GetRuleRequestParameters x-operation-group: rules security: - bearerAuth: [] - oAuth2ClientCredentials: - read:rules delete: summary: Delete a Rule description: 'Delete a rule. ' tags: - rules parameters: - name: id in: path description: ID of the rule to delete. required: true schema: type: string pattern: ^rul_[A-Za-z0-9]{16}$ responses: '204': description: Rule successfully deleted. '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: delete:rules.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_rules_by_id x-release-lifecycle: GA x-operation-name: delete x-operation-group: rules security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:rules patch: summary: Update a Rule description: 'Update an existing rule. ' tags: - rules parameters: - name: id in: path description: ID of the rule to retrieve. required: true schema: type: string pattern: ^rul_[A-Za-z0-9]{16}$ requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateRuleRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateRuleRequestContent' responses: '200': description: Rule successfully updated. content: application/json: schema: $ref: '#/components/schemas/UpdateRuleResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: update:rules.' '404': description: Rule not found. '409': description: A rule with the same name already exists. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_rules_by_id x-release-lifecycle: GA x-operation-name: update x-operation-group: rules security: - bearerAuth: [] - oAuth2ClientCredentials: - update:rules /self-service-profiles: get: summary: Get Self-service Profiles description: 'Retrieves self-service profiles. ' tags: - self-service-profiles parameters: - name: page in: query description: Page index of the results to return. First page is 0. schema: type: integer minimum: 0 - name: per_page in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 - name: include_totals in: query description: Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). schema: type: boolean responses: '200': description: List of existing profiles. content: application/json: schema: $ref: '#/components/schemas/ListSelfServiceProfilesResponseContent' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope, expected: read:self_service_profiles.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. '500': description: Internal error. operationId: get_self-service-profiles x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListSelfServiceProfilesRequestParameters x-operation-group: selfServiceProfiles security: - bearerAuth: [] - oAuth2ClientCredentials: - read:self_service_profiles post: summary: Create a Self-service Profile description: 'Creates a self-service profile. ' tags: - self-service-profiles requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateSelfServiceProfileRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateSelfServiceProfileRequestContent' responses: '201': description: Self-service profile successfully created. content: application/json: schema: $ref: '#/components/schemas/CreateSelfServiceProfileResponseContent' '400': description: Invalid Request Body. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope, expected: create:self_service_profiles.' '409': description: No more profiles can be created for this tenant. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. '500': description: Internal error. operationId: post_self-service-profiles x-release-lifecycle: GA x-operation-name: create x-operation-group: selfServiceProfiles security: - bearerAuth: [] - oAuth2ClientCredentials: - create:self_service_profiles /self-service-profiles/{id}: get: summary: Get a Self-service Profile by Id description: Retrieves a self-service profile by Id. tags: - self-service-profiles parameters: - name: id in: path description: The id of the self-service profile to retrieve required: true schema: type: string responses: '200': description: Record for existing self-service profile. content: application/json: schema: $ref: '#/components/schemas/GetSelfServiceProfileResponseContent' '400': description: Invalid Request. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope, expected: read:self_service_profiles.' '404': description: Self-service profile not found '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. '500': description: Internal error. operationId: get_self-service-profiles_by_id x-release-lifecycle: GA x-operation-name: get x-operation-group: selfServiceProfiles security: - bearerAuth: [] - oAuth2ClientCredentials: - read:self_service_profiles delete: summary: Delete a Self-service Profile by Id description: Deletes a self-service profile by Id. tags: - self-service-profiles parameters: - name: id in: path description: The id of the self-service profile to delete required: true schema: type: string responses: '204': description: Self-service profile successfully deleted. '400': description: Invalid Request. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope, expected: delete:self_service_profiles.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. '500': description: Internal error. operationId: delete_self-service-profiles_by_id x-release-lifecycle: GA x-operation-name: delete x-operation-group: selfServiceProfiles security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:self_service_profiles patch: summary: Update a Self-service Profile description: Updates a self-service profile. tags: - self-service-profiles parameters: - name: id in: path description: The id of the self-service profile to update required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateSelfServiceProfileRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateSelfServiceProfileRequestContent' responses: '200': description: Self-service profile successfully updated. content: application/json: schema: $ref: '#/components/schemas/UpdateSelfServiceProfileResponseContent' '400': description: Invalid Request. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope, expected: update:self_service_profiles.' '404': description: Self-service profile not found '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. '500': description: Internal error. operationId: patch_self-service-profiles_by_id x-release-lifecycle: GA x-operation-name: update x-operation-group: selfServiceProfiles security: - bearerAuth: [] - oAuth2ClientCredentials: - update:self_service_profiles /self-service-profiles/{id}/custom-text/{language}/{page}: get: summary: Get Custom Text for a Self-service Profile description: 'Retrieves text customizations for a given self-service profile, language and Self-Service Enterprise Configuration flow page. ' tags: - self-service-profiles parameters: - name: id in: path description: The id of the self-service profile. required: true schema: type: string - name: language in: path description: The language of the custom text. required: true schema: $ref: '#/components/schemas/SelfServiceProfileCustomTextLanguageEnum' - name: page in: path description: The page where the custom text is shown. required: true schema: $ref: '#/components/schemas/SelfServiceProfileCustomTextPageEnum' responses: '200': description: Retrieved custom text. content: application/json: schema: $ref: '#/components/schemas/ListSelfServiceProfileCustomTextResponseContent' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:self_service_profile_custom_texts.' '404': description: Self-service profile not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_self_service_profile_custom_text x-release-lifecycle: GA x-operation-name: list x-operation-group: - selfServiceProfiles - customText security: - bearerAuth: [] - oAuth2ClientCredentials: - read:self_service_profile_custom_texts put: summary: Set Custom Text for a Self-service Profile description: 'Updates text customizations for a given self-service profile, language and Self-Service Enterprise Configuration flow page. ' tags: - self-service-profiles parameters: - name: id in: path description: The id of the self-service profile. required: true schema: type: string - name: language in: path description: The language of the custom text. required: true schema: $ref: '#/components/schemas/SelfServiceProfileCustomTextLanguageEnum' - name: page in: path description: The page where the custom text is shown. required: true schema: $ref: '#/components/schemas/SelfServiceProfileCustomTextPageEnum' requestBody: content: application/json: schema: $ref: '#/components/schemas/SetSelfServiceProfileCustomTextRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/SetSelfServiceProfileCustomTextRequestContent' responses: '200': description: Updated custom text. content: application/json: schema: $ref: '#/components/schemas/SetSelfServiceProfileCustomTextResponseContent' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: update:self_service_profile_custom_texts.' '404': description: Self-service profile not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: put_self_service_profile_custom_text x-release-lifecycle: GA x-operation-name: set x-operation-group: - selfServiceProfiles - customText security: - bearerAuth: [] - oAuth2ClientCredentials: - update:self_service_profile_custom_texts /self-service-profiles/{id}/sso-ticket: post: summary: Create an Access Ticket to Initiate the Self-Service Enterprise Configuration Flow description: 'Creates an access ticket to initiate the Self-Service Enterprise Configuration flow using a self-service profile. ' tags: - self-service-profiles parameters: - name: id in: path description: The id of the self-service profile to retrieve required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateSelfServiceProfileSsoTicketRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateSelfServiceProfileSsoTicketRequestContent' responses: '201': description: Self-Service Enterprise Configuration Access Ticket successfully created. content: application/json: schema: $ref: '#/components/schemas/CreateSelfServiceProfileSsoTicketResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: create:sso_access_tickets.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_sso-ticket x-release-lifecycle: GA x-operation-name: create x-operation-group: - selfServiceProfiles - ssoTicket security: - bearerAuth: [] - oAuth2ClientCredentials: - create:sso_access_tickets /self-service-profiles/{profileId}/sso-ticket/{id}/revoke: post: summary: Revoke a Self-Service Enterprise Configuration Access Ticket description: 'Revokes a Self-Service Enterprise Configuration access ticket and invalidates associated sessions. The ticket will no longer be accepted to initiate a Self-Service Enterprise Configuration session. If any users have already started a session through this ticket, their session will be terminated. Clients should expect a `202 Accepted` response upon successful processing, indicating that the request has been acknowledged and that the revocation is underway but may not be fully completed at the time of response. If the specified ticket does not exist, a `202 Accepted` response is also returned, signaling that no further action is required. Clients should treat these `202` responses as an acknowledgment that the request has been accepted and is in progress, even if the ticket was not found. ' tags: - self-service-profiles parameters: - name: profileId in: path description: The id of the self-service profile required: true schema: type: string - name: id in: path description: The id of the ticket to revoke required: true schema: type: string responses: '202': description: Self-Service Enterprise Configuration Access Ticket revocation request accepted. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: delete:sso_access_tickets.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_revoke x-release-lifecycle: GA x-operation-name: revoke x-operation-group: - selfServiceProfiles - ssoTicket security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:sso_access_tickets /sessions/{id}: get: summary: Get Session description: Retrieve session information. tags: - sessions parameters: - name: id in: path description: ID of session to retrieve required: true schema: type: string responses: '200': description: The session was retrieved content: application/json: schema: $ref: '#/components/schemas/GetSessionResponseContent' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation '403': description: 'Insufficient scope, expected any of: read:sessions' '404': description: The session does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_session x-release-lifecycle: GA x-operation-name: get x-operation-group: sessions security: - bearerAuth: [] - oAuth2ClientCredentials: - read:sessions delete: summary: Delete Session description: Delete a session by ID. tags: - sessions parameters: - name: id in: path description: ID of the session to delete. required: true schema: type: string responses: '202': description: Session deletion request accepted. '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected: delete:sessions' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_session x-release-lifecycle: GA x-operation-name: delete x-operation-group: sessions security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:sessions patch: summary: Update Session description: Update session information. tags: - sessions parameters: - name: id in: path description: ID of the session to update. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateSessionRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateSessionRequestContent' responses: '200': description: Session successfully updated. content: application/json: schema: $ref: '#/components/schemas/UpdateSessionResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected: update:sessions.' x-description-1: The account is not allowed to perform this operation. x-description-2: Subscription missing entitlement. x-description-3: This feature is not enabled for this tenant. '404': description: The session does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_sessions_by_id x-release-lifecycle: GA x-operation-name: update x-operation-group: sessions security: - bearerAuth: [] - oAuth2ClientCredentials: - update:sessions /sessions/{id}/revoke: post: summary: Revokes a Session description: Revokes a session by ID and all associated refresh tokens. tags: - sessions parameters: - name: id in: path description: ID of the session to revoke. required: true schema: type: string maxLength: 50 responses: '202': description: Session deletion request accepted. '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected: delete:sessions' '404': description: The session does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: revoke_session x-release-lifecycle: GA x-operation-name: revoke x-operation-group: sessions security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:sessions - delete:refresh_tokens /stats/active-users: get: summary: Get Active Users Count description: Retrieve the number of active users that logged in during the last 30 days. tags: - stats responses: '200': description: Number of active users successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetActiveUsersCountStatsResponseContent' '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:stats.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_active-users x-release-lifecycle: GA x-operation-name: getActiveUsersCount x-operation-group: stats security: - bearerAuth: [] - oAuth2ClientCredentials: - read:stats /stats/daily: get: summary: Get Daily Stats description: Retrieve the number of logins, signups and breached-password detections (subscription required) that occurred each day within a specified date range. tags: - stats parameters: - name: from in: query description: Optional first day of the date range (inclusive) in YYYYMMDD format. schema: type: string pattern: ^2[0-9]{3}((0[1-9])|(1[0-2]))((0[1-9])|([12][0-9])|(3[01]))$ - name: to in: query description: Optional last day of the date range (inclusive) in YYYYMMDD format. schema: type: string pattern: ^2[0-9]{3}((0[1-9])|(1[0-2]))((0[1-9])|([12][0-9])|(3[01]))$ responses: '200': description: Daily stats successfully retrieved. content: application/json: schema: type: array items: $ref: '#/components/schemas/DailyStats' '400': description: Invalid request query. The message will vary depending on the cause. x-description-1: '''from'' date cannot be greater than ''to'' date.' '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:stats.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_daily x-release-lifecycle: GA x-operation-name: getDaily x-operation-request-parameters-name: GetDailyStatsRequestParameters x-operation-group: stats security: - bearerAuth: [] - oAuth2ClientCredentials: - read:stats /supplemental-signals: get: summary: Get the Supplemental Signals Configuration for a Tenant description: Get the supplemental signals configuration for a tenant. tags: - supplemental-signals responses: '200': description: Supplemental Signals configuration successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetSupplementalSignalsResponseContent' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:attack_protection.' '404': description: Supplemental Signals configuration not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_supplemental-signals x-release-lifecycle: EA x-operation-name: get x-operation-group: supplementalSignals security: - bearerAuth: [] - oAuth2ClientCredentials: - read:attack_protection patch: summary: Update the Supplemental Signals Configuration for a Tenant description: Update the supplemental signals configuration for a tenant. tags: - supplemental-signals requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateSupplementalSignalsRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateSupplementalSignalsRequestContent' responses: '200': description: Supplemental Signals configuration successfully updated. content: application/json: schema: $ref: '#/components/schemas/PatchSupplementalSignalsResponseContent' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: update:attack_protection.' '404': description: Supplemental Signals configuration not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_supplemental-signals x-release-lifecycle: EA x-operation-name: patch x-operation-group: supplementalSignals security: - bearerAuth: [] - oAuth2ClientCredentials: - update:attack_protection /tenants/settings: get: summary: Get Tenant Settings description: Retrieve tenant settings. A list of fields to include or exclude may also be specified. tags: - tenants parameters: - name: fields in: query description: Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields. schema: type: string pattern: ^((allowed_logout_urls)|(change_password)|(default_token_quota)|(error_page)|(flags)|(friendly_name)|(picture_url)|(support_email)|(support_url)|(session_lifetime)|(default_audience)|(default_directory)|(device_flow)|(idle_session_lifetime)|(ephemeral_session_lifetime)|(idle_ephemeral_session_lifetime)|(default_redirection_uri)|(universal_login)|(universal_login\.colors)|(universal_login\.passwordless)|(enabled_locales)|(session_cookie)|(sessions)|(oidc_logout)|(allow_organization_name_in_authentication_api)|(mtls)|(customize_mfa_in_postlogin_action)|(skip_non_verifiable_callback_uri_confirmation_prompt)|(resource_parameter_profile)|(enable_ai_guide)|(client_id_metadata_document_supported)|(phone_consolidated_experience))(,((allowed_logout_urls)|(change_password)|(default_token_quota)|(error_page)|(flags)|(friendly_name)|(picture_url)|(support_email)|(support_url)|(session_lifetime)|(default_audience)|(default_directory)|(device_flow)|(idle_session_lifetime)|(ephemeral_session_lifetime)|(idle_ephemeral_session_lifetime)|(default_redirection_uri)|(universal_login)|(universal_login\.colors)|(universal_login\.passwordless)|(enabled_locales)|(session_cookie)|(sessions)|(oidc_logout)|(allow_organization_name_in_authentication_api)|(mtls)|(customize_mfa_in_postlogin_action)|(skip_non_verifiable_callback_uri_confirmation_prompt)|(resource_parameter_profile)|(enable_ai_guide)|(client_id_metadata_document_supported)|(phone_consolidated_experience)))*$ - name: include_fields in: query description: Whether specified fields are to be included (true) or excluded (false). schema: type: boolean responses: '200': description: Tenant settings successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetTenantSettingsResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: The specified client cannot perform the requested operation. x-description-1: 'Insufficient scope; expected any of: read:tenant_settings.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: tenant_settings_route x-release-lifecycle: GA x-operation-name: get x-operation-request-parameters-name: GetTenantSettingsRequestParameters x-operation-group: - tenants - settings security: - bearerAuth: [] - oAuth2ClientCredentials: - read:tenant_settings patch: summary: Update Tenant Settings description: Update settings for a tenant. tags: - tenants requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateTenantSettingsRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateTenantSettingsRequestContent' responses: '200': description: Tenant settings successfully updated. content: application/json: schema: $ref: '#/components/schemas/UpdateTenantSettingsResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: update:tenant_settings.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_settings x-release-lifecycle: GA x-operation-name: update x-operation-group: - tenants - settings security: - bearerAuth: [] - oAuth2ClientCredentials: - update:tenant_settings /tickets/email-verification: post: summary: Create an Email Verification Ticket description: 'Create an email verification ticket for a given user. An email verification ticket is a generated URL that the user can consume to verify their email address. ' tags: - tickets requestBody: content: application/json: schema: $ref: '#/components/schemas/VerifyEmailTicketRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/VerifyEmailTicketRequestContent' responses: '201': description: Ticket successfully created. content: application/json: schema: $ref: '#/components/schemas/VerifyEmailTicketResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. x-description-1: The user does not have an email address. x-description-2: The user's main connection does not support this operation. x-description-3: An error ocurred in Auth0's identity provider. x-description-4: The connection with id {connection_id} does not exist. x-description-5: Identity connection does not exist. x-description-6: The user exists, but does not contain the given identity. x-description-7: The client does not exist x-description-8: The organization does not exist x-description-9: The user with id {user_id} is not a member of organization with id {organization_id}. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: User to be acted on does not match subject in bearer token. x-description-1: 'Insufficient scope; expected any of: create:user_tickets.' '404': description: User not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_email-verification x-release-lifecycle: GA x-operation-name: verifyEmail x-operation-group: tickets security: - bearerAuth: [] - oAuth2ClientCredentials: - create:user_tickets /tickets/password-change: post: summary: Create a Password Change Ticket description: 'Create a password change ticket for a given user. A password change ticket is a generated URL that the user can consume to start a reset password flow. Note: This endpoint does not verify the given user’s identity. If you call this endpoint within your application, you must design your application to verify the user’s identity. ' tags: - tickets requestBody: content: application/json: schema: $ref: '#/components/schemas/ChangePasswordTicketRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/ChangePasswordTicketRequestContent' responses: '201': description: Ticket successfully created. content: application/json: schema: $ref: '#/components/schemas/ChangePasswordTicketResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. x-description-1: The user does not have an email address. x-description-2: The user's main connection does not support this operation. x-description-3: An error ocurred in Auth0's identity provider. x-description-4: The connection with id {connection_id} does not exist. x-description-5: Identity connection does not exist. x-description-6: The user exists, but does not contain the given identity. x-description-7: The client does not exist x-description-8: The organization does not exist x-description-9: The user with id {user_id} is not a member of organization with id {organization_id}. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: User to be acted on does not match subject in bearer token. x-description-1: 'Insufficient scope; expected any of: create:user_tickets.' '404': description: User not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_password-change x-release-lifecycle: GA x-operation-name: changePassword x-operation-group: tickets security: - bearerAuth: [] - oAuth2ClientCredentials: - create:user_tickets /token-exchange-profiles: get: summary: Get Token Exchange Profiles description: 'Retrieve a list of all Token Exchange Profiles available in your tenant. By using this feature, you agree to the applicable Free Trial terms in Okta’s Master Subscription Agreement. It is your responsibility to securely validate the user’s subject_token. See User Guide for more details. This endpoint supports Checkpoint pagination. To search by checkpoint, use the following parameters:
  • from: Optional id from which to start selection.
  • take: The total amount of entries to retrieve when using the from parameter. Defaults to 50.
Note: The first time you call this endpoint using checkpoint pagination, omit the from parameter. If there are more results, a next value is included in the response. You can use this for subsequent API calls. When next is no longer included in the response, no pages are remaining. ' tags: - token-exchange-profiles parameters: - name: from in: query description: Optional Id from which to start selection. schema: type: string - name: take in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 responses: '200': description: Token Exchange Profile successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListTokenExchangeProfileResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:token_exchange_profiles.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_token-exchange-profiles x-release-lifecycle: EA x-operation-name: list x-operation-group: tokenExchangeProfiles security: - bearerAuth: [] - oAuth2ClientCredentials: - read:token_exchange_profiles post: summary: Create a Token Exchange Profile description: 'Create a new Token Exchange Profile within your tenant. By using this feature, you agree to the applicable Free Trial terms in Okta’s Master Subscription Agreement. It is your responsibility to securely validate the user’s subject_token. See User Guide for more details. ' tags: - token-exchange-profiles requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateTokenExchangeProfileRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateTokenExchangeProfileRequestContent' responses: '201': description: Token exchange profile successfully created. content: application/json: schema: $ref: '#/components/schemas/CreateTokenExchangeProfileResponseContent' '400': description: Type field must be custom x-description-1: Action is not deployed x-description-2: 'Action must have supported_triggers: custom-token-exchange' x-description-3: Action not found x-description-0: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: You reached the limit of entities of this type for this tenant. x-description-0: 'Insufficient scope; expected any of: create:token_exchange_profiles.' '409': description: subject_token_type already exists for tenant '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_token-exchange-profiles x-release-lifecycle: EA x-operation-name: create x-operation-group: tokenExchangeProfiles security: - bearerAuth: [] - oAuth2ClientCredentials: - create:token_exchange_profiles /token-exchange-profiles/{id}: get: summary: Get a Token Exchange Profile description: 'Retrieve details about a single Token Exchange Profile specified by ID. By using this feature, you agree to the applicable Free Trial terms in Okta’s Master Subscription Agreement. It is your responsibility to securely validate the user’s subject_token. See User Guide for more details. ' tags: - token-exchange-profiles parameters: - name: id in: path description: ID of the Token Exchange Profile to retrieve. required: true schema: type: string responses: '200': description: Token Exchange Profile successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetTokenExchangeProfileResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:token_exchange_profiles.' '404': description: Token Exchange Profile not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_token-exchange-profiles_by_id x-release-lifecycle: EA x-operation-name: get x-operation-group: tokenExchangeProfiles security: - bearerAuth: [] - oAuth2ClientCredentials: - read:token_exchange_profiles delete: summary: Delete a Token Exchange Profile description: 'Delete a Token Exchange Profile within your tenant. By using this feature, you agree to the applicable Free Trial terms in Okta''s Master Subscription Agreement. It is your responsibility to securely validate the user''s subject_token. See User Guide for more details. ' tags: - token-exchange-profiles parameters: - name: id in: path description: ID of the Token Exchange Profile to delete. required: true schema: type: string responses: '204': description: Token Exchange Profile successfully deleted. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: delete:token_exchange_profiles.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_token-exchange-profiles_by_id x-release-lifecycle: EA x-operation-name: delete x-operation-group: tokenExchangeProfiles security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:token_exchange_profiles patch: summary: Update an Existing Token Exchange Profile description: 'Update a Token Exchange Profile within your tenant. By using this feature, you agree to the applicable Free Trial terms in Okta''s Master Subscription Agreement. It is your responsibility to securely validate the user''s subject_token. See User Guide for more details. ' tags: - token-exchange-profiles parameters: - name: id in: path description: ID of the Token Exchange Profile to update. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateTokenExchangeProfileRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateTokenExchangeProfileRequestContent' responses: '200': description: Token exchange profile successfully updated. '400': description: subject_token_type already exists for tenant x-description-1: Unable to update field. x-description-0: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: update:token_exchange_profiles.' '404': description: Token exchange profile not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_token-exchange-profiles_by_id x-release-lifecycle: EA x-operation-name: update x-operation-group: tokenExchangeProfiles security: - bearerAuth: [] - oAuth2ClientCredentials: - update:token_exchange_profiles /user-attribute-profiles: get: summary: Get User Attribute Profiles description: 'Retrieve a list of User Attribute Profiles. This endpoint supports Checkpoint pagination. ' tags: - user-attribute-profiles parameters: - name: from in: query description: Optional Id from which to start selection. schema: type: string - name: take in: query description: Number of results per page. Defaults to 5. schema: type: integer minimum: 1 responses: '200': description: User Attribute Profiles successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListUserAttributeProfilesPaginatedResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. x-description-1: Invalid query string paging options. The message will vary depending on the cause '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:user_attribute_profiles.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_user-attribute-profiles x-release-lifecycle: EA x-operation-name: list x-operation-request-parameters-name: ListUserAttributeProfileRequestParameters x-operation-group: userAttributeProfiles security: - bearerAuth: [] - oAuth2ClientCredentials: - read:user_attribute_profiles post: summary: Post User Attribute Profile description: Create a User Attribute Profile tags: - user-attribute-profiles requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateUserAttributeProfileRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateUserAttributeProfileRequestContent' responses: '201': description: User attribute successfully created. content: application/json: schema: $ref: '#/components/schemas/CreateUserAttributeProfileResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: create:user_attribute_profiles.' '409': description: User attribute profile conflict. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_user-attribute-profiles x-release-lifecycle: EA x-operation-name: create x-operation-group: userAttributeProfiles security: - bearerAuth: [] - oAuth2ClientCredentials: - create:user_attribute_profiles /user-attribute-profiles/templates: get: summary: Get User Attribute Profile Templates description: 'Retrieve a list of User Attribute Profile Templates. ' tags: - user-attribute-profiles responses: '200': description: User Attribute Profile Templates successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListUserAttributeProfileTemplateResponseContent' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:user_attribute_profiles.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_user_attribute_profile_templates x-release-lifecycle: EA x-operation-name: listTemplates x-operation-group: userAttributeProfiles security: - bearerAuth: [] - oAuth2ClientCredentials: - read:user_attribute_profiles /user-attribute-profiles/templates/{id}: get: summary: Get User Attribute Profile Template description: 'Retrieve a User Attribute Profile Template. ' tags: - user-attribute-profiles parameters: - name: id in: path description: ID of the user-attribute-profile-template to retrieve. required: true schema: type: string responses: '200': description: User Attribute Profile Template successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetUserAttributeProfileTemplateResponseContent' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:user_attribute_profiles.' '404': description: User attribute profile template not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_user_attribute_profile_template x-release-lifecycle: EA x-operation-name: getTemplate x-operation-group: userAttributeProfiles security: - bearerAuth: [] - oAuth2ClientCredentials: - read:user_attribute_profiles /user-attribute-profiles/{id}: get: summary: Get User Attribute Profile description: 'Retrieve details about a single User Attribute Profile specified by ID. ' tags: - user-attribute-profiles parameters: - name: id in: path description: ID of the user-attribute-profile to retrieve. required: true schema: type: string responses: '200': description: Record for existing user attribute profile. content: application/json: schema: $ref: '#/components/schemas/GetUserAttributeProfileResponseContent' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:user-attribute-profiles.' '404': description: User attribute profile not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_user-attribute-profiles_by_id x-release-lifecycle: EA x-operation-name: get x-operation-group: userAttributeProfiles security: - bearerAuth: [] - oAuth2ClientCredentials: - read:user_attribute_profiles delete: summary: Delete User Attribute Profile description: 'Delete a single User Attribute Profile specified by ID. ' tags: - user-attribute-profiles parameters: - name: id in: path description: ID of the user-attribute-profile to delete. required: true schema: type: string responses: '204': description: User attribute profile successfully deleted. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: delete:user-attribute-profiles.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_user-attribute-profiles_by_id x-release-lifecycle: EA x-operation-name: delete x-operation-group: userAttributeProfiles security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:user_attribute_profiles patch: summary: Modify a User Attribute Profile description: 'Update the details of a specific User attribute profile, such as name, user_id and user_attributes. ' tags: - user-attribute-profiles parameters: - name: id in: path description: ID of the user attribute profile to update. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateUserAttributeProfileRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateUserAttributeProfileRequestContent' responses: '200': description: User attribute profile successfully updated. content: application/json: schema: $ref: '#/components/schemas/UpdateUserAttributeProfileResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: update:user_attribute_profiles.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_user-attribute-profiles_by_id x-release-lifecycle: EA x-operation-name: update x-operation-group: userAttributeProfiles security: - bearerAuth: [] - oAuth2ClientCredentials: - update:user_attribute_profiles /user-blocks: get: summary: Get Blocks by Identifier description: Retrieve details of all Brute-force Protection blocks for a user with the given identifier (username, phone number, or email). tags: - user-blocks parameters: - name: identifier in: query description: Should be any of a username, phone number, or email. required: true schema: type: string - name: consider_brute_force_enablement in: query description: "\n If true and Brute Force Protection is enabled and configured to block logins, will return a list of blocked IP addresses.\n \ \ If true and Brute Force Protection is disabled, will return an empty list.\n " schema: type: boolean responses: '200': description: User successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListUserBlocksByIdentifierResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:users.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_user-blocks x-release-lifecycle: GA x-operation-name: listByIdentifier x-operation-request-parameters-name: ListUserBlocksByIdentifierRequestParameters x-operation-group: userBlocks security: - bearerAuth: [] - oAuth2ClientCredentials: - read:users delete: summary: Unblock by Identifier description: 'Remove all Brute-force Protection blocks for the user with the given identifier (username, phone number, or email). Note: This endpoint does not unblock users that were blocked by a tenant administrator. ' tags: - user-blocks parameters: - name: identifier in: query description: Should be any of a username, phone number, or email. required: true schema: type: string responses: '204': description: User successfully unblocked. '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: Some fields cannot be read with the permissions granted by the bearer token scopes. The message will vary depending on the fields and the scopes. x-description-1: 'Insufficient scope; expected any of: update:users.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_user-blocks x-release-lifecycle: GA x-operation-name: deleteByIdentifier x-operation-request-parameters-name: DeleteUserBlocksByIdentifierRequestParameters x-operation-group: userBlocks security: - bearerAuth: [] - oAuth2ClientCredentials: - update:users /user-blocks/{id}: get: summary: Get a User's Blocks description: 'Retrieve details of all Brute-force Protection blocks for the user with the given ID. ' tags: - user-blocks parameters: - name: id in: path description: user_id of the user blocks to retrieve. required: true schema: type: string - name: consider_brute_force_enablement in: query description: "\n If true and Brute Force Protection is enabled and configured to block logins, will return a list of blocked IP addresses.\n \ \ If true and Brute Force Protection is disabled, will return an empty list.\n " schema: type: boolean responses: '200': description: User block successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListUserBlocksResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: User to be acted on does not match subject in bearer token. x-description-1: 'Insufficient scope; expected any of: read:users.' '404': description: User not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_user-blocks_by_id x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListUserBlocksRequestParameters x-operation-group: userBlocks security: - bearerAuth: [] - oAuth2ClientCredentials: - read:users delete: summary: Unblock a User description: 'Remove all Brute-force Protection blocks for the user with the given ID. Note: This endpoint does not unblock users that were blocked by a tenant administrator. ' tags: - user-blocks parameters: - name: id in: path description: The user_id of the user to update. required: true schema: type: string responses: '204': description: User successfully unblocked. '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: User to be acted on does not match subject in bearer token. x-description-1: Some fields cannot be read with the permissions granted by the bearer token scopes. The message will vary depending on the fields and the scopes. x-description-2: 'Insufficient scope; expected any of: update:users.' '404': description: User not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_user-blocks_by_id x-release-lifecycle: GA x-operation-name: delete x-operation-group: userBlocks security: - bearerAuth: [] - oAuth2ClientCredentials: - update:users /users: get: summary: List or Search Users description: "Retrieve details of users. It is possible to:\n\n- Specify a search criteria for users\n- Sort the users to be returned\n- Select the fields to\ \ be returned\n- Specify the number of users to retrieve per page and the page index\n \nThe q query parameter can\ \ be used to get users that match the specified criteria using query string syntax.\n\n\ Learn more about searching for users.\n\nRead about best practices when working with the API endpoints for retrieving users.\n\nAuth0 limits the number of users you can return. If you exceed this threshold,\ \ please redefine your search, use the export job, or the User Import / Export extension.\n" tags: - users parameters: - name: page in: query description: Page index of the results to return. First page is 0. schema: type: integer minimum: 0 - name: per_page in: query description: Number of results per page. schema: type: integer minimum: 0 maximum: 100 - name: include_totals in: query description: Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). schema: type: boolean - name: sort in: query description: Field to sort by. Use field:order where order is 1 for ascending and -1 for descending. e.g. created_at:1 schema: type: string pattern: ^(([a-zA-Z0-9_\\.]+))\:(1|-1)$ - name: connection in: query description: Connection filter. Only applies when using search_engine=v1. To filter by connection with search_engine=v2|v3, use q=identities.connection:"connection_name" schema: type: string - name: fields in: query description: Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields. schema: type: string - name: include_fields in: query description: Whether specified fields are to be included (true) or excluded (false). schema: type: boolean - name: q in: query description: Query in Lucene query string syntax. Some query types cannot be used on metadata fields, for details see Searchable Fields. schema: type: string - name: search_engine in: query description: The version of the search engine schema: $ref: '#/components/schemas/SearchEngineVersionsEnum' - name: primary_order in: query description: If true (default), results are returned in a deterministic order. If false, results may be returned in a non-deterministic order, which can enhance performance for complex queries targeting a small number of users. Set to false only when consistent ordering and pagination is not required. schema: type: boolean responses: '200': description: Users successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListUsersResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. x-description-1: The 'q' parameter is available only if you specify 'search_engine=v2|v3'. x-description-2: You are not allowed to use search_engine=v1. x-description-3: You are not allowed to use search_engine=v2. Use search_engine=v3 instead. x-description-4: You are not allowed to use search_engine=v3. x-description-5: You can only page through the first 1000 records. See https://auth0.com/docs/users/search/v3/view-search-results-by-page#limitation. '401': description: Client is not global. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Invalid token. '403': description: 'Insufficient scope, expected any of: read:users.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. '503': description: The query exceeded the timeout. Please try refining your search criteria. See https://auth0.com/docs/best-practices/search-best-practices. operationId: get_users x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListUsersRequestParameters x-operation-group: users security: - bearerAuth: [] - oAuth2ClientCredentials: - read:users - read:user_idp_tokens post: summary: Create a User description: 'Create a new user for a given database or passwordless connection. Note: connection is required but other parameters such as email and password are dependent upon the type of connection.' tags: - users requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateUserRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateUserRequestContent' responses: '201': description: User successfully created. content: application/json: schema: $ref: '#/components/schemas/CreateUserResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. x-description-1: Connection does not support user creation through the API. It must either be a database or passwordless connection. x-description-2: Cannot set username for connection without requires_username. x-description-3: Connection does not exist. x-description-4: Connection is disabled. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope, expected any of: create:users.' '409': description: User already exists. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_users x-release-lifecycle: GA x-operation-name: create x-operation-group: users security: - bearerAuth: [] - oAuth2ClientCredentials: - create:users /users-by-email: get: summary: Search Users by Email description: "Find users by email. If Auth0 is the identity provider (idP), the email address associated with a user is saved in lower case, regardless of how\ \ you initially provided it. \n\nFor example, if you register a user as JohnSmith@example.com, Auth0 saves the user's email as johnsmith@example.com. \n\n\ Therefore, when using this endpoint, make sure that you are searching for users via email addresses using the correct case.\n" tags: - users-by-email parameters: - name: fields in: query description: Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields. schema: type: string pattern: ^((phone_number)|(email)|(email_verified)|(picture)|(username)|(user_id)|(name)|(nickname)|(created_at)|(identities)|(app_metadata)|(user_metadata)|(last_ip)|(last_login)|(logins_count)|(updated_at)|(blocked)|(family_name)|(given_name))(,((phone_number)|(email)|(email_verified)|(picture)|(username)|(user_id)|(name)|(nickname)|(created_at)|(identities)|(app_metadata)|(user_metadata)|(last_ip)|(last_login)|(logins_count)|(updated_at)|(blocked)|(family_name)|(given_name)))*$ - name: include_fields in: query description: Whether specified fields are to be included (true) or excluded (false). Defaults to true. schema: type: boolean - name: email in: query description: Email address to search for (case-sensitive). required: true schema: type: string responses: '200': description: Users successfully searched. content: application/json: schema: type: array items: $ref: '#/components/schemas/UserResponseSchema' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: User to be acted on does not match subject in bearer token. x-description-1: 'Insufficient scope; expected any of: read:users.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_users-by-email x-release-lifecycle: GA x-operation-name: listUsersByEmail x-operation-request-parameters-name: ListUsersByEmailRequestParameters x-operation-group: users security: - bearerAuth: [] - oAuth2ClientCredentials: - read:users /users/{id}: get: summary: Get a User description: 'Retrieve user details. A list of fields to include or exclude may also be specified. For more information, see Retrieve Users with the Get Users Endpoint. ' tags: - users parameters: - name: id in: path description: ID of the user to retrieve. required: true schema: type: string - name: fields in: query description: Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields. schema: type: string pattern: ^((phone_number)|(email)|(email_verified)|(picture)|(username)|(user_id)|(name)|(nickname)|(created_at)|(identities)|(app_metadata)|(user_metadata)|(last_ip)|(last_login)|(logins_count)|(updated_at)|(blocked)|(family_name)|(given_name))(,((phone_number)|(email)|(email_verified)|(picture)|(username)|(user_id)|(name)|(nickname)|(created_at)|(identities)|(app_metadata)|(user_metadata)|(last_ip)|(last_login)|(logins_count)|(updated_at)|(blocked)|(family_name)|(given_name)))*$ - name: include_fields in: query description: Whether specified fields are to be included (true) or excluded (false). schema: type: boolean responses: '200': description: User successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetUserResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: User to be acted on does not match subject in bearer token. x-description-1: 'Insufficient scope; expected any of: read:users, read:user_idp_tokens, read:current_user.' '404': description: User not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_users_by_id x-release-lifecycle: GA x-operation-name: get x-operation-request-parameters-name: GetUserRequestParameters x-operation-group: users security: - bearerAuth: [] - oAuth2ClientCredentials: - read:users - read:current_user - read:user_idp_tokens delete: summary: Delete a User description: 'Delete a user by user ID. This action cannot be undone. For Auth0 Dashboard instructions, see Delete Users. ' tags: - users parameters: - name: id in: path description: ID of the user to delete. required: true schema: type: string responses: '204': description: User successfully deleted. '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: User to be acted on does not match subject in bearer token. x-description-1: 'Insufficient scope; expected any of: delete:users,delete:current_user.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_users_by_id x-release-lifecycle: GA x-operation-name: delete x-operation-group: users security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:users - delete:current_user patch: summary: Update a User description: "Update a user.\n\nThese are the attributes that can be updated at the root level:\n\n
    \n
  • app_metadata
    • \n
  • blocked
    • \n \ \
  • email
    • \n
  • email_verified
    • \n
  • family_name
    • \n
  • given_name
    • \n
  • name
    • \n
  • nickname
    • \n
  • password
    • \n\ \
  • phone_number
    • \n
  • phone_verified
    • \n
  • picture
    • \n
  • username
    • \n
  • user_metadata
    • \n
  • verify_email
    • \n\
\n\nSome considerations:\n
    \n
  • The properties of the new object will replace the old ones.
    • \n
  • The metadata fields are an exception\ \ to this rule (user_metadata and app_metadata). These properties are merged instead of being replaced but be careful, the merge\ \ only occurs on the first level.
    • \n
  • If you are updating email, email_verified, phone_number, phone_verified,\ \ username or password of a secondary identity, you need to specify the connection property too.
    • \n
  • If you\ \ are updating email or phone_number you can specify, optionally, the client_id property.
    • \n
  • Updating email_verified\ \ is not supported for enterprise and passwordless sms connections.
    • \n
  • Updating the blocked to false does not affect\ \ the user's blocked state from an excessive amount of incorrectly provided credentials. Use the \"Unblock a user\" endpoint from the \"User Blocks\" API\ \ to change the user's state.
    • \n
  • Supported attributes can be unset by supplying null as the value.
    • \n
\n\n
Updating a field\ \ (non-metadata property)
\nTo mark the email address of a user as verified, the body to send should be:\n
{ \"email_verified\": true }
\n\ \n
Updating a user metadata root property
Let's assume that our test user has the following user_metadata:\n
{ \"user_metadata\"\
        \ : { \"profileCode\": 1479 } }
\n\nTo add the field addresses the body to send should be:\n
{ \"user_metadata\" : { \"\
        addresses\": {\"work_address\": \"100 Industrial Way\"} }}
\n\nThe modified object ends up with the following user_metadata property:
{\n\
        \  \"user_metadata\": {\n    \"profileCode\": 1479,\n    \"addresses\": { \"work_address\": \"100 Industrial Way\" }\n  }\n}
\n\n
Updating\ \ an inner user metadata property
If there's existing user metadata to which we want to add \"home_address\": \"742 Evergreen Terrace\"\ \ (using the addresses property) we should send the whole addresses object. Since this is a first-level object, the object will\ \ be merged in, but its own properties will not be. The body to send should be:\n
{\n  \"user_metadata\": {\n    \"addresses\": {\n      \"work_address\"\
        : \"100 Industrial Way\",\n      \"home_address\": \"742 Evergreen Terrace\"\n    }\n  }\n}
\n\nThe modified object ends up with the following\ \ user_metadata property:\n
{\n  \"user_metadata\": {\n    \"profileCode\": 1479,\n    \"addresses\": {\n      \"work_address\": \"\
        100 Industrial Way\",\n      \"home_address\": \"742 Evergreen Terrace\"\n    }\n  }\n}
\n" tags: - users parameters: - name: id in: path description: ID of the user to update. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateUserRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateUserRequestContent' responses: '200': description: User successfully updated. content: application/json: schema: $ref: '#/components/schemas/UpdateUserResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request body. The message will vary depending on the cause. x-description-2: Connection does not exist. x-description-3: Connection is not supported for this operation. x-description-4: Cannot update password and email simultaneously. x-description-5: Cannot update password and email_verified simultaneously. x-description-6: Cannot update username and email simultaneously. x-description-7: Cannot update username and email_verified simultaneously. x-description-8: Cannot update username and password simultaneously. x-description-9: Cannot update email for non-database user. x-description-10: Cannot change email or password for users in a disabled connection. x-description-11: Email verification is not supported for enterprise users. x-description-12: 'Your account is not allowed to update the following user attributes: family_name, given_name, name, nickname, picture.' x-description-13: 'The following user attributes cannot be updated: family_name, given_name, name, nickname, picture. The connection must either be a database connection (using the Auth0 store), a passwordless connection (email or sms) or has disabled ''Sync user profile attributes at each login''.' x-description-14: 'The following user attributes cannot be updated: family_name, given_name, name, nickname, picture. The specified connection belongs to a secondary identity.' x-description-15: 'The following user attributes cannot be removed: family_name, given_name, name, nickname, picture. The connection (non-federated-conn) must either be a custom database connection with import mode disabled, a social or enterprise connection.' x-description-16: 'The following user attributes cannot be removed: foo, bar. The connection (some-connection) should have disabled ''Sync user profile attributes at each login'' (see Configuring Connection Sync with Auth0) or defined these attributes in ''options.non_persistent_attrs'' array (see Add User Attributes to DenyList).' '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: User to be acted on does not match subject in bearer token. x-description-1: Some fields cannot be read with the permissions granted by the bearer token scopes. The message will vary depending on the fields and the scopes. x-description-2: 'Insufficient scope; expected any of: update:users,update:users_app_metadata,update:current_user_metadata.' '404': description: User not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_users_by_id x-release-lifecycle: GA x-operation-name: update x-operation-group: users security: - bearerAuth: [] - oAuth2ClientCredentials: - update:users - update:users_app_metadata - update:current_user_metadata /users/{id}/authentication-methods: get: summary: Get a List of Authentication Methods description: Retrieve detailed list of authentication methods associated with a specified user. tags: - users parameters: - name: id in: path description: The ID of the user in question. required: true schema: type: string - name: page in: query description: Page index of the results to return. First page is 0. Default is 0. schema: type: integer minimum: 0 - name: per_page in: query description: Number of results per page. Default is 50. schema: type: integer minimum: 0 maximum: 100 - name: include_totals in: query description: Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). schema: type: boolean responses: '200': description: The authentication methods for the user were retrieved. content: application/json: schema: $ref: '#/components/schemas/ListUserAuthenticationMethodsResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request query string. The message will vary depending on the cause. x-description-2: The number of user identifiers associated with a user exceeds the maximum allowed. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation '403': description: User to be acted on does not match subject in bearer token. x-description-1: 'Insufficient scope, expected any of: read:authentication_methods' '404': description: The user does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_authentication-methods x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListUserAuthenticationMethodsRequestParameters x-operation-group: - users - authenticationMethods security: - bearerAuth: [] - oAuth2ClientCredentials: - read:authentication_methods delete: summary: Delete All Authentication Methods for the Given User description: 'Remove all authentication methods (i.e., enrolled MFA factors) from the specified user account. This action cannot be undone. ' tags: - users parameters: - name: id in: path description: The ID of the user in question. required: true schema: type: string responses: '204': description: Authentication methods successfully deleted. '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: User to be acted on does not match subject in bearer token. x-description-1: 'Insufficient scope; expected any of: delete:authentication_methods' x-description-2: Operation not permitted when the user has registered at least 1 passkey x-description-3: The number of user identifiers associated with a user exceeds the maximum allowed. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_authentication-methods x-release-lifecycle: GA x-operation-name: deleteAll x-operation-group: - users - authenticationMethods security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:authentication_methods post: summary: Creates an Authentication Method for a Given User description: Create an authentication method. Authentication methods created via this endpoint will be auto confirmed and should already have verification completed. tags: - users parameters: - name: id in: path description: The ID of the user to whom the new authentication method will be assigned. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateUserAuthenticationMethodRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateUserAuthenticationMethodRequestContent' responses: '201': description: Authentication method created. content: application/json: schema: $ref: '#/components/schemas/CreateUserAuthenticationMethodResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation '403': description: You reached the limit of entities of this type for this user. x-description-1: User to be acted on does not match subject in bearer token. x-description-2: 'Insufficient scope, expected: create:authentication_methods' '404': description: The user does not exist. '409': description: Authentication method already exists. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_authentication-methods x-release-lifecycle: GA x-operation-name: create x-operation-group: - users - authenticationMethods security: - bearerAuth: [] - oAuth2ClientCredentials: - create:authentication_methods put: summary: Update All Authentication Methods by Replacing Them with the Given Ones description: "Replace the specified user authentication\ \ methods with supplied values.\n\n Note: Authentication methods supplied through this action do not iterate on existing methods. Instead, any\ \ methods passed will overwrite the user’s existing settings." tags: - users parameters: - name: id in: path description: The ID of the user in question. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/SetUserAuthenticationMethodsRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/SetUserAuthenticationMethodsRequestContent' responses: '200': description: All authentication methods successfully updated. content: application/json: schema: type: array items: $ref: '#/components/schemas/SetUserAuthenticationMethodResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: User to be acted on does not match subject in bearer token. x-description-1: 'Insufficient scope; expected: update:authentication_methods' x-description-2: Operation not permitted when the user has registered at least 1 passkey x-description-3: The number of user identifiers associated with a user exceeds the maximum allowed. '409': description: Authentication method already exists. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: put_authentication-methods x-release-lifecycle: GA x-operation-name: set x-operation-group: - users - authenticationMethods security: - bearerAuth: [] - oAuth2ClientCredentials: - update:authentication_methods /users/{id}/authentication-methods/{authentication_method_id}: get: summary: Get an Authentication Method by ID tags: - users parameters: - name: id in: path description: The ID of the user in question. required: true schema: type: string - name: authentication_method_id in: path description: The ID of the authentication methods in question. required: true schema: type: string responses: '200': description: Authentication method retrieved. content: application/json: schema: $ref: '#/components/schemas/GetUserAuthenticationMethodResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation '403': description: User to be acted on does not match subject in bearer token. x-description-1: 'Insufficient scope, expected: read:authentication_methods.' x-description-2: The number of user identifiers associated with a user exceeds the maximum allowed. '404': description: The user does not exist. x-description-1: The authentication method could not be found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_authentication-methods_by_authentication_method_id x-release-lifecycle: GA x-operation-name: get x-operation-request-parameters-name: GetUserAuthenticationMethodRequestParameters x-operation-group: - users - authenticationMethods security: - bearerAuth: [] - oAuth2ClientCredentials: - read:authentication_methods delete: summary: Delete an Authentication Method by ID description: Remove the authentication method with the given ID from the specified user. For more information, review Manage Authentication Methods with Management API. tags: - users parameters: - name: id in: path description: The ID of the user in question. required: true schema: type: string - name: authentication_method_id in: path description: The ID of the authentication method to delete. required: true schema: type: string responses: '204': description: Authentication method successfully deleted. '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: User to be acted on does not match subject in bearer token. x-description-1: 'Insufficient scope; expected any of: delete:authentication_methods' x-description-2: The number of user identifiers associated with a user exceeds the maximum allowed. '404': description: The user does not exist. x-description-1: The authentication method could not be found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_authentication-methods_by_authentication_method_id x-release-lifecycle: GA x-operation-name: delete x-operation-group: - users - authenticationMethods security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:authentication_methods patch: summary: Update an Authentication Method description: Modify the authentication method with the given ID from the specified user. For more information, review Manage Authentication Methods with Management API. tags: - users parameters: - name: id in: path description: The ID of the user in question. required: true schema: type: string - name: authentication_method_id in: path description: The ID of the authentication method to update. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateUserAuthenticationMethodRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateUserAuthenticationMethodRequestContent' responses: '200': description: Authentication method updated. content: application/json: schema: $ref: '#/components/schemas/UpdateUserAuthenticationMethodResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation '403': description: User to be acted on does not match subject in bearer token. x-description-1: 'Insufficient scope, expected: update:authentication_methods.' '404': description: The user does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_authentication-methods_by_authentication_method_id x-release-lifecycle: GA x-operation-name: update x-operation-group: - users - authenticationMethods security: - bearerAuth: [] - oAuth2ClientCredentials: - update:authentication_methods /users/{id}/authenticators: delete: summary: Delete All Authenticators description: Remove all authenticators registered to a given user ID, such as OTP, email, phone, and push-notification. This action cannot be undone. For more information, review Manage Authentication Methods with Management API. tags: - users parameters: - name: id in: path description: ID of the user to delete. required: true schema: type: string responses: '204': description: All authenticators successfully deleted. '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: User to be acted on does not match subject in bearer token. x-description-1: 'Insufficient scope; expected any of: remove:authenticators' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_authenticators x-release-lifecycle: GA x-operation-name: deleteAll x-operation-group: - users - authenticators security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:guardian_enrollments /users/{id}/connected-accounts: get: summary: Get a User's Connected Accounts description: Retrieve all connected accounts associated with the user. tags: - users parameters: - name: id in: path description: ID of the user to list connected accounts for. required: true schema: type: string - name: from in: query description: Optional Id from which to start selection. schema: type: string - name: take in: query description: Number of results to return. Defaults to 10 with a maximum of 20 schema: type: integer minimum: 1 maximum: 100 responses: '200': description: Connected accounts successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListUserConnectedAccountsResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:users.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_connected-accounts x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: GetUserConnectedAccountsRequestParameters x-operation-group: - users - connectedAccounts security: - bearerAuth: [] - oAuth2ClientCredentials: - read:users /users/{id}/enrollments: get: summary: Get the First Confirmed Multi-factor Authentication (MFA) Enrollment description: Retrieve the first multi-factor authentication enrollment that a specific user has confirmed. tags: - users parameters: - name: id in: path description: ID of the user to list enrollments for. required: true schema: type: string responses: '200': description: Enrollments successfully retrieved. content: application/json: schema: type: array items: $ref: '#/components/schemas/UsersEnrollment' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: User to be acted on does not match subject in bearer token. x-description-1: 'Insufficient scope; expected any of: read:users,read:current_user.' '404': description: User not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_enrollments x-release-lifecycle: GA x-operation-name: get x-operation-request-parameters-name: GetUserEnrollmentsRequestParameters x-operation-group: - users - enrollments security: - bearerAuth: [] - oAuth2ClientCredentials: - read:users - read:current_user /users/{id}/federated-connections-tokensets: get: summary: Get Tokensets for a User description: List active federated connections tokensets for a provided user tags: - users parameters: - name: id in: path description: User identifier required: true schema: type: string maxLength: 300 responses: '200': description: Flows successfully retrieved. content: application/json: schema: type: array items: $ref: '#/components/schemas/FederatedConnectionTokenSet' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:federated_connections_tokens.' '404': description: The user does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_federated-connections-tokensets x-release-lifecycle: GA x-operation-name: list x-operation-group: - users - federatedConnectionsTokensets security: - bearerAuth: [] - oAuth2ClientCredentials: - read:federated_connections_tokens /users/{id}/federated-connections-tokensets/{tokenset_id}: delete: summary: Deletes a Tokenset for Federated Connections by Id. tags: - users parameters: - name: id in: path description: Id of the user that owns the tokenset required: true schema: type: string maxLength: 300 - name: tokenset_id in: path description: The tokenset id required: true schema: type: string maxLength: 36 responses: '204': description: Tokenset successfully deleted. '400': description: Invalid request body. The message will vary depending on the cause. x-description-1: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: delete:federated_connections_tokens.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_federated-connections-tokensets_by_tokenset_id x-release-lifecycle: GA x-operation-name: delete x-operation-group: - users - federatedConnectionsTokensets security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:federated_connections_tokens /users/{id}/groups: get: summary: Get User's Groups description: 'List all groups to which this user belongs. ' tags: - users parameters: - name: id in: path description: ID of the user to list groups for. required: true schema: type: string - name: fields in: query description: A comma separated list of fields to include or exclude (depending on include_fields) from the result, empty to retrieve all fields schema: type: string maxLength: 256 pattern: ^((id)|(name)|(external_id)|(organization_id)|(connection_id)|(tenant_name)|(description)|(created_at)|(updated_at)|(membership_created_at))(,((id)|(name)|(external_id)|(organization_id)|(connection_id)|(tenant_name)|(description)|(created_at)|(updated_at)|(membership_created_at)))*$ - name: include_fields in: query description: Whether specified fields are to be included (true) or excluded (false). schema: type: boolean - name: page in: query description: Page index of the results to return. First page is 0. schema: type: integer minimum: 0 - name: per_page in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 - name: include_totals in: query description: Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). schema: type: boolean - name: from in: query description: Optional Id from which to start selection. schema: type: string - name: take in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 responses: '200': description: Groups successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetUserGroupsResponseContent' '400': description: Invalid request query string. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:groups.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_user_groups x-release-lifecycle: EA x-operation-name: get x-operation-request-parameters-name: GetUserGroupsRequestParameters x-operation-group: - users - groups security: - bearerAuth: [] - oAuth2ClientCredentials: - read:groups /users/{id}/identities: post: summary: Link a User Account description: "Link two user accounts together forming a primary and secondary relationship. On successful linking, the endpoint returns the new array of the\ \ primary account identities.\n\nNote: There are two ways of invoking the endpoint:\n\n
    \n
  • With the authenticated primary account's JWT in the Authorization\ \ header, which has the update:current_user_identities scope:\n 
    \n      POST /api/v2/users/PRIMARY_ACCOUNT_USER_ID/identities\n     \
        \ Authorization: \"Bearer PRIMARY_ACCOUNT_JWT\"\n      {\n        \"link_with\": \"SECONDARY_ACCOUNT_JWT\"\n      }\n
    \n In this case, only the\ \ link_with param is required in the body, which also contains the JWT obtained upon the secondary account's authentication.\n
    • \n
  • With\ \ a token generated by the API V2 containing the update:users scope:\n 
    \n    POST /api/v2/users/PRIMARY_ACCOUNT_USER_ID/identities\n\
        \    Authorization: \"Bearer YOUR_API_V2_TOKEN\"\n    {\n      \"provider\": \"SECONDARY_ACCOUNT_PROVIDER\",\n      \"connection_id\": \"SECONDARY_ACCOUNT_CONNECTION_ID(OPTIONAL)\"\
        ,\n      \"user_id\": \"SECONDARY_ACCOUNT_USER_ID\"\n    }\n
    \n In this case you need to send provider and user_id in\ \ the body. Optionally you can also send the connection_id param which is suitable for identifying a particular database connection for the 'auth0'\ \ provider.\n
    • \n
" tags: - users parameters: - name: id in: path description: ID of the primary user account to link a second user account to. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/LinkUserIdentityRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/LinkUserIdentityRequestContent' responses: '201': description: Identity successfully added. content: application/json: schema: type: array description: An array of objects with information about the user's identities. items: $ref: '#/components/schemas/UserIdentity' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request body. The message will vary depending on the cause. x-description-2: The provider/connection is not configured. x-description-3: Main identity and the new one are the same. x-description-4: Invalid token (link_with). x-description-5: JWT (link_with) contains an invalid aud claim. x-description-6: JWT (link_with) must contains sub claim. x-description-7: JWT (link_with) contains an invalid sub claim. x-description-8: JWT (link_with) must have an alg of RS256. x-description-9: JWT (link_with) must have the same issuer as the calling user. x-description-10: JWT (link_with) must have an aud claim that matches that of the calling token's azp. x-description-11: Linking to an inexistent identity requires a connection. x-description-12: Linking to an inexistent identity is not allowed. x-description-13: Unable to link with the secondary account. x-description-14: Provided secondary account not found. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected: update:users, update:current_user_identities.' x-description-1: User to be acted on does not match subject in bearer token. '409': description: Specified identity already exists. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_identities x-release-lifecycle: GA x-operation-name: link x-operation-group: - users - identities security: - bearerAuth: [] - oAuth2ClientCredentials: - update:users - update:current_user_identities /users/{id}/identities/{provider}/{user_id}: delete: summary: Unlink a User Identity description: "Unlink a specific secondary account from a target user. This action requires the ID of both the target user and the secondary account. \n\nUnlinking\ \ the secondary account removes it from the identities array of the target user and creates a new standalone profile for the secondary account. To learn more,\ \ review Unlink User Accounts.\n" tags: - users parameters: - name: id in: path description: ID of the primary user account. required: true schema: type: string - name: provider in: path description: Identity provider name of the secondary linked account (e.g. `google-oauth2`). required: true schema: $ref: '#/components/schemas/UserIdentityProviderEnum' - name: user_id in: path description: ID of the secondary linked account (e.g. `123456789081523216417` part after the `|` in `google-oauth2|123456789081523216417`). required: true schema: type: string responses: '200': description: User identity successfully unlinked. content: application/json: schema: $ref: '#/components/schemas/DeleteUserIdentityResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Main identity cannot be removed. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected: update:users, update:current_user_identities.' x-description-1: User to be acted on does not match subject in bearer token. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_user_identity_by_user_id x-release-lifecycle: GA x-operation-name: delete x-operation-group: - users - identities security: - bearerAuth: [] - oAuth2ClientCredentials: - update:users - update:current_user_identities /users/{id}/logs: get: summary: Get User's Log Events description: 'Retrieve log events for a specific user. Note: For more information on all possible event types, their respective acronyms and descriptions, see Log Event Type Codes. For more information on the list of fields that can be used in `sort`, see Searchable Fields. Auth0 limits the number of logs you can return by search criteria to 100 logs per request. Furthermore, you may only paginate through up to 1,000 search results. If you exceed this threshold, please redefine your search.' tags: - users parameters: - name: id in: path description: ID of the user of the logs to retrieve required: true schema: type: string - name: page in: query description: Page index of the results to return. First page is 0. schema: type: integer - name: per_page in: query description: Number of results per page. Paging is disabled if parameter not sent. schema: type: integer minimum: 1 maximum: 100 - name: sort in: query description: Field to sort by. Use `fieldname:1` for ascending order and `fieldname:-1` for descending. schema: type: string pattern: ^((date)|(connection)|(client_id)|(client_name)|(ip)|(user_id)|(user_name)|(description)|(user_agent)|(type)|(details)|(strategy)|(strategy_type))\:(1|-1)$ - name: include_totals in: query description: Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). schema: type: boolean responses: '200': description: Logs successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/UserListLogResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:logs, read:logs_users.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_logs_by_user x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListUserLogsRequestParameters x-operation-group: - users - logs security: - bearerAuth: [] - oAuth2ClientCredentials: - read:logs - read:logs_users /users/{id}/multifactor/actions/invalidate-remember-browser: post: summary: Invalidate All Remembered Browsers for Multi-factor Authentication (MFA) description: Invalidate all remembered browsers across all authentication factors for a user. tags: - users parameters: - name: id in: path description: ID of the user to invalidate all remembered browsers and authentication factors for. required: true schema: type: string responses: '204': description: Remembered browsers for MFA invalidated. '400': description: Invalid input based on schemas. '401': description: Token has expired or signature is invalid. '403': description: 'Insufficient scope; expected: update:users.' operationId: post_invalidate-remember-browser x-release-lifecycle: GA x-operation-name: invalidateRememberBrowser x-operation-group: - users - multifactor security: - bearerAuth: [] - oAuth2ClientCredentials: - update:users /users/{id}/multifactor/{provider}: delete: summary: Delete a User's Multi-factor Provider description: Remove a multifactor authentication configuration from a user's account. This forces the user to manually reconfigure the multi-factor provider. tags: - users parameters: - name: id in: path description: ID of the user to remove a multifactor configuration from. required: true schema: type: string - name: provider in: path description: The multi-factor provider. Supported values 'duo' or 'google-authenticator' required: true schema: $ref: '#/components/schemas/UserMultifactorProviderEnum' responses: '204': description: Multi-factor provider successfully deleted for user. '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: User to be acted on does not match subject in bearer token. x-description-1: 'Insufficient scope; expected any of: update:users.' '404': description: User not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_multifactor_by_provider x-release-lifecycle: GA x-operation-name: deleteProvider x-operation-group: - users - multifactor security: - bearerAuth: [] - oAuth2ClientCredentials: - update:users /users/{id}/organizations: get: summary: List User's Organizations description: 'Retrieve list of the specified user''s current Organization memberships. User must be specified by user ID. For more information, review Auth0 Organizations. ' tags: - users parameters: - name: id in: path description: ID of the user to retrieve the organizations for. required: true schema: type: string - name: page in: query description: Page index of the results to return. First page is 0. schema: type: integer minimum: 0 maximum: 1000 - name: per_page in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 - name: include_totals in: query description: Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). schema: type: boolean responses: '200': description: Organizations successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListUserOrganizationsResponseContent' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:users, read:organizations.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_user_organizations x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListUserOrganizationsRequestParameters x-operation-group: - users - organizations security: - bearerAuth: [] - oAuth2ClientCredentials: - read:organizations /users/{id}/permissions: get: summary: Get a User's Permissions description: Retrieve all permissions associated with the user. tags: - users parameters: - name: id in: path description: ID of the user to retrieve the permissions for. required: true schema: type: string - name: per_page in: query description: Number of results per page. schema: type: integer minimum: 1 maximum: 100 - name: page in: query description: Page index of the results to return. First page is 0. schema: type: integer minimum: 0 - name: include_totals in: query description: Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). schema: type: boolean responses: '200': description: Permissions successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListUserPermissionsResponseContent' '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected: read:users.' '404': description: User not found. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_permissions x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListUserPermissionsRequestParameters x-operation-group: - users - permissions security: - bearerAuth: [] - oAuth2ClientCredentials: - read:users delete: summary: Remove Permissions from a User description: 'Remove permissions from a user. ' tags: - users parameters: - name: id in: path description: ID of the user to remove permissions from. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/DeleteUserPermissionsRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/DeleteUserPermissionsRequestContent' responses: '204': description: User permissions removed. '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected: update:users.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_permissions x-release-lifecycle: GA x-operation-name: delete x-operation-group: - users - permissions security: - bearerAuth: [] - oAuth2ClientCredentials: - update:users post: summary: Assign Permissions to a User description: Assign permissions to a user. tags: - users parameters: - name: id in: path description: ID of the user to assign permissions to. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateUserPermissionsRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateUserPermissionsRequestContent' responses: '201': description: Permissions assigned to user. '400': description: Invalid request URI. The message will vary depending on the cause. x-description-1: Invalid request body. The message will vary depending on the cause. x-description-2: No more permissions can be assigned to this user. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected: update:users.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_permissions x-release-lifecycle: GA x-operation-name: create x-operation-group: - users - permissions security: - bearerAuth: [] - oAuth2ClientCredentials: - update:users /users/{id}/recovery-code-regeneration: post: summary: Generate New Multi-factor Authentication (MFA) Recovery Code description: 'Remove an existing multi-factor authentication (MFA) recovery code and generate a new one. If a user cannot access the original device or account used for MFA enrollment, they can use a recovery code to authenticate. ' tags: - users parameters: - name: id in: path description: ID of the user to regenerate a multi-factor authentication recovery code for. required: true schema: type: string responses: '200': description: New recovery code successfully generated. content: application/json: schema: $ref: '#/components/schemas/RegenerateUsersRecoveryCodeResponseContent' '400': description: Invalid input based on schemas. '401': description: Token has expired or signature is invalid. '403': description: 'Insufficient scope; expected: update:users.' '404': description: Enrollment not found. operationId: post_recovery-code-regeneration x-release-lifecycle: GA x-operation-name: regenerateRecoveryCode x-operation-request-parameters-name: RegenerateRecoveryCodeRequestParameters x-operation-group: users security: - bearerAuth: [] - oAuth2ClientCredentials: - update:users /users/{id}/revoke-access: post: summary: Revokes Selected Resources from a User description: Revokes selected resources related to a user (sessions, refresh tokens, ...). tags: - users parameters: - name: id in: path description: ID of the user. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/RevokeUserAccessRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/RevokeUserAccessRequestContent' responses: '202': description: Session deletion request accepted. '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected: delete:sessions' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: user_revoke_access x-release-lifecycle: GA x-operation-name: revokeAccess x-operation-group: users security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:sessions - delete:refresh_tokens /users/{id}/risk-assessments/clear: post: summary: Clear Risk Assessment Assessors for a Specific User description: Clear risk assessment assessors for a specific user tags: - users parameters: - name: id in: path description: ID of the user to clear assessors for. required: true schema: type: string maxLength: 1024 requestBody: content: application/json: schema: $ref: '#/components/schemas/ClearAssessorsRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/ClearAssessorsRequestContent' responses: '204': description: Risk assessment assessors cleared. '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: update:users.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_clear_assessors x-release-lifecycle: GA x-operation-name: clear x-operation-group: - users - riskAssessments security: - bearerAuth: [] - oAuth2ClientCredentials: - update:users /users/{id}/roles: get: summary: Get a User's Roles description: 'Retrieve detailed list of all user roles currently assigned to a user. Note: This action retrieves all roles assigned to a user in the context of your whole tenant. To retrieve Organization-specific roles, use the following endpoint: Get user roles assigned to an Organization member. ' tags: - users parameters: - name: id in: path description: ID of the user to list roles for. required: true schema: type: string - name: per_page in: query description: Number of results per page. schema: type: integer minimum: 1 maximum: 100 - name: page in: query description: Page index of the results to return. First page is 0. schema: type: integer minimum: 0 - name: include_totals in: query description: Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). schema: type: boolean responses: '200': description: Roles successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListUserRolesResponseContent' '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected all of: read:users, read:roles.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_user_roles x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListUserRolesRequestParameters x-operation-group: - users - roles security: - bearerAuth: [] - oAuth2ClientCredentials: - read:users - read:roles - read:role_members delete: summary: Removes Roles from a User description: 'Remove one or more specified user roles assigned to a user. Note: This action removes a role from a user in the context of your whole tenant. If you want to unassign a role from a user in the context of a specific Organization, use the following endpoint: Delete user roles from an Organization member. ' tags: - users parameters: - name: id in: path description: ID of the user to remove roles from. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/DeleteUserRolesRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/DeleteUserRolesRequestContent' responses: '204': description: Users roles successfully removed. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: update:users.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_user_roles x-release-lifecycle: GA x-operation-name: delete x-operation-group: - users - roles security: - bearerAuth: [] - oAuth2ClientCredentials: - update:users - delete:role_members post: summary: Assign Roles to a User description: 'Assign one or more existing user roles to a user. For more information, review Role-Based Access Control. Note: New roles cannot be created through this action. Additionally, this action is used to assign roles to a user in the context of your whole tenant. To assign roles in the context of a specific Organization, use the following endpoint: Assign user roles to an Organization member. ' tags: - users parameters: - name: id in: path description: ID of the user to associate roles with. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/AssignUserRolesRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/AssignUserRolesRequestContent' responses: '204': description: Roles successfully associated with user. '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Client is not global. x-description-2: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected any of: read:roles, update:users.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_user_roles x-release-lifecycle: GA x-operation-name: assign x-operation-group: - users - roles security: - bearerAuth: [] - oAuth2ClientCredentials: - update:users - create:role_members /users/{user_id}/refresh-tokens: get: summary: Get Refresh Tokens for a User description: Retrieve details for a user's refresh tokens. tags: - users parameters: - name: user_id in: path description: ID of the user to get refresh tokens for required: true schema: type: string - name: include_totals in: query description: Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). schema: type: boolean - name: from in: query description: An optional cursor from which to start the selection (exclusive). schema: type: string - name: take in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 responses: '200': description: The refresh tokens were retrieved content: application/json: schema: $ref: '#/components/schemas/ListRefreshTokensPaginatedResponseContent' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation '403': description: 'Insufficient scope, expected: read:refresh_tokens' '404': description: User not found '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_refresh_tokens_for_user x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListRefreshTokensRequestParameters x-operation-group: - users - refreshToken security: - bearerAuth: [] - oAuth2ClientCredentials: - read:refresh_tokens delete: summary: Delete Refresh Tokens for a User description: Delete all refresh tokens for a user. tags: - users parameters: - name: user_id in: path description: ID of the user to get remove refresh tokens for required: true schema: type: string responses: '202': description: Refresh token deletion request accepted. '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected: delete:refresh_tokens' '404': description: User not found '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_refresh_tokens_for_user x-release-lifecycle: GA x-operation-name: delete x-operation-group: - users - refreshToken security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:refresh_tokens /users/{user_id}/sessions: get: summary: Get Sessions for User description: Retrieve details for a user's sessions. tags: - users parameters: - name: user_id in: path description: ID of the user to get sessions for required: true schema: type: string - name: include_totals in: query description: Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). schema: type: boolean - name: from in: query description: An optional cursor from which to start the selection (exclusive). schema: type: string - name: take in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 responses: '200': description: The sessions were retrieved content: application/json: schema: $ref: '#/components/schemas/ListUserSessionsPaginatedResponseContent' '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation '403': description: 'Insufficient scope, expected any of: read:sessions' '404': description: User not found '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_sessions_for_user x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListUserSessionsRequestParameters x-operation-group: - users - sessions security: - bearerAuth: [] - oAuth2ClientCredentials: - read:sessions delete: summary: Delete Sessions for User description: Delete all sessions for a user. tags: - users parameters: - name: user_id in: path description: ID of the user to get sessions for required: true schema: type: string responses: '202': description: Session deletion request accepted. '400': description: Invalid request URI. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. '403': description: 'Insufficient scope; expected: delete:sessions' '404': description: User not found '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_sessions_for_user x-release-lifecycle: GA x-operation-name: delete x-operation-group: - users - sessions security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:sessions /verifiable-credentials/verification/templates: get: summary: List Verifiable Credential Templates for a Tenant. description: List verifiable credential templates. tags: - verifiable-credentials parameters: - name: from in: query description: Optional Id from which to start selection. schema: type: string - name: take in: query description: Number of results per page. Defaults to 50. schema: type: integer minimum: 1 maximum: 100 responses: '200': description: Templates successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ListVerifiableCredentialTemplatesPaginatedResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:vdcs_templates.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_vc_templates x-release-lifecycle: GA x-operation-name: list x-operation-request-parameters-name: ListVerifiableCredentialTemplatesRequestParameters x-operation-group: - verifiableCredentials - verification - templates security: - bearerAuth: [] - oAuth2ClientCredentials: - read:vdcs_templates post: summary: Create a Verifiable Credential Template. description: Create a verifiable credential template. tags: - verifiable-credentials requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateVerifiableCredentialTemplateRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/CreateVerifiableCredentialTemplateRequestContent' responses: '201': description: Template successfully created. content: application/json: schema: $ref: '#/components/schemas/CreateVerifiableCredentialTemplateResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: update:vdcs_templates.' '409': description: Template (name) already exists. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: post_vc_templates x-release-lifecycle: GA x-operation-name: create x-operation-group: - verifiableCredentials - verification - templates security: - bearerAuth: [] - oAuth2ClientCredentials: - create:vdcs_templates /verifiable-credentials/verification/templates/{id}: get: summary: Get a Verifiable Credential Template by ID. description: Get a verifiable credential template. tags: - verifiable-credentials parameters: - name: id in: path description: ID of the template to retrieve. required: true schema: type: string maxLength: 26 responses: '200': description: Template successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/GetVerifiableCredentialTemplateResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: read:vdcs_templates.' '404': description: The verifiable credential template does not exist. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: get_vc_templates_by_id x-release-lifecycle: GA x-operation-name: get x-operation-group: - verifiableCredentials - verification - templates security: - bearerAuth: [] - oAuth2ClientCredentials: - read:vdcs_templates delete: summary: Delete a Verifiable Credential Template by ID. description: Delete a verifiable credential template. tags: - verifiable-credentials parameters: - name: id in: path description: ID of the template to retrieve. required: true schema: type: string maxLength: 26 responses: '204': description: Template successfully deleted. '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: delete:vdcs_templates.' '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: delete_vc_templates_by_id x-release-lifecycle: GA x-operation-name: delete x-operation-group: - verifiableCredentials - verification - templates security: - bearerAuth: [] - oAuth2ClientCredentials: - delete:vdcs_templates patch: summary: Update a Verifiable Credential Template by ID. description: Update a verifiable credential template. tags: - verifiable-credentials parameters: - name: id in: path description: ID of the template to retrieve. required: true schema: type: string maxLength: 26 requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateVerifiableCredentialTemplateRequestContent' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/UpdateVerifiableCredentialTemplateRequestContent' responses: '200': description: Template successfully updated. content: application/json: schema: $ref: '#/components/schemas/UpdateVerifiableCredentialTemplateResponseContent' '400': description: Invalid request body. The message will vary depending on the cause. '401': description: Invalid token. x-description-1: Invalid signature received for JSON Web Token validation. x-description-2: Client is not global. '403': description: 'Insufficient scope; expected any of: update:vdcs_templates.' '409': description: Template (name) already exists. '429': description: Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers. operationId: patch_vc_templates_by_id x-release-lifecycle: GA x-operation-name: update x-operation-group: - verifiableCredentials - verification - templates security: - bearerAuth: [] - oAuth2ClientCredentials: - update:vdcs_templates components: schemas: Action: type: object additionalProperties: false properties: id: type: string description: The unique ID of the action. default: 910b1053-577f-4d81-a8c8-020e7319a38a name: type: string description: The name of an action. default: my-action supported_triggers: type: array description: The list of triggers that this action supports. At this time, an action can only target a single trigger at a time. minItems: 1 items: $ref: '#/components/schemas/ActionTrigger' x-release-lifecycle: GA all_changes_deployed: type: boolean description: True if all of an Action's contents have been deployed. default: false created_at: type: string description: The time when this action was created. default: '2021-01-01T00:00:00.000Z' format: date-time updated_at: type: string description: The time when this action was updated. default: '2021-01-01T00:00:00.000Z' format: date-time code: type: string description: The source code of the action. default: module.exports = () => {} dependencies: type: array description: The list of third party npm modules, and their versions, that this action depends on. items: $ref: '#/components/schemas/ActionVersionDependency' runtime: type: string description: 'The Node runtime. For example: `node22`, defaults to `node22`' default: node22 secrets: type: array description: The list of secrets that are included in an action or a version of an action. items: $ref: '#/components/schemas/ActionSecretResponse' deployed_version: $ref: '#/components/schemas/ActionDeployedVersion' installed_integration_id: type: string description: installed_integration_id is the fk reference to the InstalledIntegration entity. default: 7d2bc0c9-c0c2-433a-9f4e-86ef80270aad integration: $ref: '#/components/schemas/Integration' status: $ref: '#/components/schemas/ActionBuildStatusEnum' built_at: type: string description: The time when this action was built successfully. default: '2021-01-01T00:00:00.000Z' format: date-time deploy: type: boolean description: True if the action should be deployed after creation. default: false modules: type: array description: The list of action modules and their versions used by this action. items: $ref: '#/components/schemas/ActionModuleReference' ActionBase: type: object description: The action to which this version belongs. additionalProperties: false properties: id: type: string description: The unique ID of the action. default: 910b1053-577f-4d81-a8c8-020e7319a38a name: type: string description: The name of an action. default: my-action supported_triggers: type: array description: The list of triggers that this action supports. At this time, an action can only target a single trigger at a time. minItems: 1 items: $ref: '#/components/schemas/ActionTrigger' x-release-lifecycle: GA all_changes_deployed: type: boolean description: True if all of an Action's contents have been deployed. default: false created_at: type: string description: The time when this action was created. default: '2021-01-01T00:00:00.000Z' format: date-time updated_at: type: string description: The time when this action was updated. default: '2021-01-01T00:00:00.000Z' format: date-time ActionBinding: type: object description: Binding is the associative entity joining a trigger, and an action together. additionalProperties: false properties: id: type: string description: The unique ID of this binding. default: 4a881e22-0562-4178-bc91-b0f2b321dc13 trigger_id: $ref: '#/components/schemas/ActionTriggerTypeEnum' display_name: type: string description: The name of the binding. default: my-action-1 action: $ref: '#/components/schemas/Action' created_at: type: string description: The time when the binding was created. default: '2021-01-01T00:00:00.000Z' format: date-time updated_at: type: string description: The time when the binding was updated. default: '2021-01-01T00:00:00.000Z' format: date-time ActionBindingRef: type: object description: A reference to an action. An action can be referred to by ID or by Name. additionalProperties: true properties: type: $ref: '#/components/schemas/ActionBindingRefTypeEnum' value: type: string description: The id or name of an action that is being bound to a trigger. default: my-action ActionBindingRefTypeEnum: type: string description: 'How the action is being referred to: `action_id` or `action_name`.' default: action_name enum: - binding_id - action_id - action_name ActionBindingTypeEnum: type: string description: In order to execute an Action, it must be bound to a trigger using a binding. `trigger-bound` means that bindings are managed by the tenant. `entity-bound` means that the bindings are automatically managed by Auth0 and other internal resouces will control those bindings. Tenants cannot manage `entity-bound` bindings. enum: - trigger-bound - entity-bound ActionBindingWithRef: type: object additionalProperties: false required: - ref properties: ref: $ref: '#/components/schemas/ActionBindingRef' display_name: type: string description: The name of the binding. default: my-action-1 secrets: type: array description: The list of secrets that are included in an action or a version of an action. items: $ref: '#/components/schemas/ActionSecretRequest' ActionBuildStatusEnum: type: string description: The build status of this action. default: built enum: - pending - building - packaged - built - retrying - failed ActionDeployedVersion: type: object description: The version of the action that is currently deployed. additionalProperties: false properties: id: type: string description: The unique id of an action version. default: 12a3b9e6-06e6-4a29-96bf-90c82fe79a0d action_id: type: string description: The id of the action to which this version belongs. default: 910b1053-577f-4d81-a8c8-020e7319a38a code: type: string description: The source code of this specific version of the action. default: module.exports = () => {} dependencies: type: array description: 'The list of third party npm modules, and their versions, that this specific version depends on. ' items: $ref: '#/components/schemas/ActionVersionDependency' deployed: type: boolean description: Indicates if this specific version is the currently one deployed. default: true runtime: type: string description: 'The Node runtime. For example: `node22`' default: node22 secrets: type: array description: The list of secrets that are included in an action or a version of an action. items: $ref: '#/components/schemas/ActionSecretResponse' status: $ref: '#/components/schemas/ActionVersionBuildStatusEnum' number: type: number description: The index of this version in list of versions for the action. default: 1 errors: type: array description: Any errors that occurred while the version was being built. items: $ref: '#/components/schemas/ActionError' action: $ref: '#/components/schemas/ActionBase' built_at: type: string description: The time when this version was built successfully. default: '2021-01-01T00:00:00.000Z' format: date-time created_at: type: string description: The time when this version was created. default: '2021-01-01T00:00:00.000Z' format: date-time updated_at: type: string description: The time when a version was updated. Versions are never updated externally. Only Auth0 will update an action version as it is being built. default: '2021-01-01T00:00:00.000Z' format: date-time supported_triggers: type: array description: The list of triggers that this version supports. At this time, a version can only target a single trigger at a time. minItems: 1 items: $ref: '#/components/schemas/ActionTrigger' x-release-lifecycle: GA modules: type: array description: The list of action modules and their versions used by this action version. items: $ref: '#/components/schemas/ActionModuleReference' ActionError: type: object description: Error is a generic error with a human readable id which should be easily referenced in support tickets. additionalProperties: false properties: id: type: string msg: type: string url: type: string ActionExecutionResult: type: object description: Captures the results of a single action being executed. additionalProperties: false properties: action_name: type: string description: The name of the action that was executed. default: my-action error: $ref: '#/components/schemas/ActionError' started_at: type: string description: The time when the action was started. default: '2021-01-01T00:00:00.000Z' format: date-time ended_at: type: string description: The time when the action finished executing. default: '2021-01-01T00:00:00.000Z' format: date-time ActionExecutionStatusEnum: type: string description: The overall status of an execution. default: final enum: - unspecified - pending - final - partial - canceled - suspended ActionModuleAction: type: object additionalProperties: false properties: action_id: type: string description: The unique ID of the action. action_name: type: string description: The name of the action. module_version_id: type: string description: The ID of the module version this action is using. module_version_number: type: integer description: The version number of the module this action is using. supported_triggers: type: array description: The triggers that this action supports. items: $ref: '#/components/schemas/ActionTrigger' x-release-lifecycle: GA ActionModuleDependency: type: object additionalProperties: false properties: name: type: string description: The name of the npm dependency. version: type: string description: The version of the npm dependency. ActionModuleDependencyRequest: type: object additionalProperties: false required: - name - version properties: name: type: string description: The name of the npm dependency. maxLength: 255 pattern: "^[^\0]*$" version: type: string description: The version of the npm dependency. maxLength: 50 pattern: "^[^\0]*$" ActionModuleListItem: type: object additionalProperties: false properties: id: type: string description: The unique ID of the module. name: type: string description: The name of the module. code: type: string description: The source code from the module's draft version. dependencies: type: array description: The npm dependencies from the module's draft version. items: $ref: '#/components/schemas/ActionModuleDependency' secrets: type: array description: The secrets from the module's draft version (names and timestamps only, values never returned). items: $ref: '#/components/schemas/ActionModuleSecret' actions_using_module_total: type: integer description: The number of deployed actions using this module. all_changes_published: type: boolean description: Whether all draft changes have been published as a version. latest_version_number: type: integer description: The version number of the latest published version. Omitted if no versions have been published. created_at: type: string description: Timestamp when the module was created. format: date-time updated_at: type: string description: Timestamp when the module was last updated. format: date-time ActionModuleReference: type: object description: Reference to a module and its version used by an action. additionalProperties: false properties: module_id: type: string description: The unique ID of the module. module_name: type: string description: The name of the module. module_version_id: type: string description: The ID of the specific module version. module_version_number: type: integer description: The version number of the module. ActionModuleSecret: type: object additionalProperties: false properties: name: type: string description: The name of the secret. updated_at: type: string description: The time when the secret was last updated. format: date-time ActionModuleSecretRequest: type: object additionalProperties: false required: - name - value properties: name: type: string description: The name of the secret. maxLength: 255 pattern: "^[^\0]*$" value: type: string description: The value of the secret. maxLength: 4096 pattern: "^[^\0]*$" ActionModuleVersion: type: object additionalProperties: false properties: id: type: string description: The unique ID for this version. module_id: type: string description: The ID of the parent module. version_number: type: integer description: The sequential version number. code: type: string description: The exact source code that was published with this version. secrets: type: array description: Secrets available to this version (name and updated_at only, values never returned). items: $ref: '#/components/schemas/ActionModuleSecret' dependencies: type: array description: Dependencies locked to this version. items: $ref: '#/components/schemas/ActionModuleDependency' created_at: type: string description: The timestamp when this version was created. format: date-time ActionModuleVersionReference: type: object description: The latest published version as a reference object. Omitted if no versions have been published. additionalProperties: false properties: id: type: string description: The unique ID of the version. version_number: type: integer description: The version number. code: type: string description: The source code from this version. dependencies: type: array description: The npm dependencies from this version. items: $ref: '#/components/schemas/ActionModuleDependency' secrets: type: array description: The secrets from this version (names and timestamps only, values never returned). items: $ref: '#/components/schemas/ActionModuleSecret' created_at: type: string description: Timestamp when the version was created. format: date-time ActionSecretRequest: type: object additionalProperties: true properties: name: type: string description: The name of the particular secret, e.g. API_KEY. default: mySecret value: type: string description: The value of the particular secret, e.g. secret123. A secret's value can only be set upon creation. A secret's value will never be returned by the API. default: mySecretValue ActionSecretResponse: type: object additionalProperties: true properties: name: type: string description: The name of the particular secret, e.g. API_KEY. default: mySecret updated_at: type: string description: The time when the secret was last updated. default: '2021-01-01T00:00:00.000Z' format: date-time ActionTrigger: type: object additionalProperties: false required: - id x-release-lifecycle: GA properties: id: $ref: '#/components/schemas/ActionTriggerTypeEnum' version: type: string description: The version of a trigger. v1, v2, etc. status: type: string description: status points to the trigger status. runtimes: type: array description: runtimes supported by this trigger. items: type: string default_runtime: type: string description: Runtime that will be used when none is specified when creating an action. compatible_triggers: type: array description: compatible_triggers informs which other trigger supports the same event and api. items: $ref: '#/components/schemas/ActionTriggerCompatibleTrigger' binding_policy: $ref: '#/components/schemas/ActionBindingTypeEnum' ActionTriggerCompatibleTrigger: type: object additionalProperties: true required: - id - version properties: id: $ref: '#/components/schemas/ActionTriggerTypeEnum' version: type: string description: The version of a trigger. v1, v2, etc. ActionTriggerTypeEnum: type: string description: An actions extensibility point. enum: - post-login - credentials-exchange - pre-user-registration - post-user-registration - post-change-password - send-phone-message - custom-phone-provider - custom-email-provider - password-reset-post-challenge - custom-token-exchange - event-stream - password-hash-migration - login-post-identifier - signup-post-identifier ActionVersion: type: object additionalProperties: false properties: id: type: string description: The unique id of an action version. default: 12a3b9e6-06e6-4a29-96bf-90c82fe79a0d action_id: type: string description: The id of the action to which this version belongs. default: 910b1053-577f-4d81-a8c8-020e7319a38a code: type: string description: The source code of this specific version of the action. default: module.exports = () => {} dependencies: type: array description: 'The list of third party npm modules, and their versions, that this specific version depends on. ' items: $ref: '#/components/schemas/ActionVersionDependency' deployed: type: boolean description: Indicates if this specific version is the currently one deployed. default: true runtime: type: string description: 'The Node runtime. For example: `node22`' default: node22 secrets: type: array description: The list of secrets that are included in an action or a version of an action. items: $ref: '#/components/schemas/ActionSecretResponse' status: $ref: '#/components/schemas/ActionVersionBuildStatusEnum' number: type: number description: The index of this version in list of versions for the action. default: 1 errors: type: array description: Any errors that occurred while the version was being built. items: $ref: '#/components/schemas/ActionError' action: $ref: '#/components/schemas/ActionBase' built_at: type: string description: The time when this version was built successfully. default: '2021-01-01T00:00:00.000Z' format: date-time created_at: type: string description: The time when this version was created. default: '2021-01-01T00:00:00.000Z' format: date-time updated_at: type: string description: The time when a version was updated. Versions are never updated externally. Only Auth0 will update an action version as it is being built. default: '2021-01-01T00:00:00.000Z' format: date-time supported_triggers: type: array description: The list of triggers that this version supports. At this time, a version can only target a single trigger at a time. minItems: 1 items: $ref: '#/components/schemas/ActionTrigger' x-release-lifecycle: GA modules: type: array description: The list of action modules and their versions used by this action version. items: $ref: '#/components/schemas/ActionModuleReference' ActionVersionBuildStatusEnum: type: string description: The build status of this specific version. default: built enum: - pending - building - packaged - built - retrying - failed ActionVersionDependency: type: object description: Dependency is an npm module. These values are used to produce an immutable artifact, which manifests as a layer_id. additionalProperties: false properties: name: type: string description: name is the name of the npm module, e.g. lodash version: type: string description: description is the version of the npm module, e.g. 4.17.1 registry_url: type: string description: registry_url is an optional value used primarily for private npm registries. AculClientFilter: type: object description: Client array filter items oneOf: - $ref: '#/components/schemas/AculClientFilterById' - $ref: '#/components/schemas/AculClientFilterByMetadata' AculClientFilterById: type: object additionalProperties: false required: - id properties: id: type: string description: Client ID AculClientFilterByMetadata: type: object additionalProperties: false required: - metadata properties: metadata: $ref: '#/components/schemas/AculClientMetadata' AculClientMetadata: type: object description: Client metadata key/value pairs additionalProperties: true maxProperties: 1 AculConfigs: type: array description: Array of screen configurations to update minItems: 1 items: type: object additionalProperties: false required: - prompt - screen properties: prompt: $ref: '#/components/schemas/PromptGroupNameEnum' screen: $ref: '#/components/schemas/ScreenGroupNameEnum' rendering_mode: $ref: '#/components/schemas/AculRenderingModeEnum' description: Rendering mode context_configuration: $ref: '#/components/schemas/AculContextConfiguration' default_head_tags_disabled: type: - boolean - 'null' description: Override Universal Login default head tags default: false use_page_template: type: - boolean - 'null' description: Use page template with ACUL default: false head_tags: type: - array - 'null' description: An array of head tags items: $ref: '#/components/schemas/AculHeadTag' filters: $ref: '#/components/schemas/AculFilters' AculContextConfiguration: type: - array - 'null' description: Context values to make available items: $ref: '#/components/schemas/AculContextConfigurationItem' AculContextConfigurationItem: oneOf: - $ref: '#/components/schemas/AculContextEnum' - type: string description: Dynamic client metadata key (e.g., `client.metadata.myKey`) pattern: ^client\.metadata\.[^\.]+$ - type: string description: Dynamic organization metadata key (e.g., `organization.metadata.myKey`) pattern: ^organization\.metadata\.[^\.]+$ - type: string description: Dynamic transaction custom domain metadata key (e.g., `transaction.custom_domain.domain_metadata.myKey`) pattern: ^transaction\.custom_domain\.domain_metadata\.[^\.]+$ - type: string description: Dynamic user metadata key (e.g., `user.user_metadata.myKey`) pattern: ^user\.user_metadata\.[^\.]+$ - type: string description: Dynamic app metadata key (e.g., `user.app_metadata.myKey`) pattern: ^user\.app_metadata\.[^\.]+$ - type: string description: Dynamic authorization param ext key (e.g., `untrusted_data.authorization_params.ext-myKey`) pattern: ^untrusted_data\.authorization_params\.ext-[^\.]+$ AculContextEnum: type: string description: Static context values enum: - branding.settings - branding.themes.default - client.logo_uri - client.description - organization.display_name - organization.branding - screen.texts - tenant.name - tenant.friendly_name - tenant.logo_url - tenant.enabled_locales - untrusted_data.submitted_form_data - untrusted_data.authorization_params.login_hint - untrusted_data.authorization_params.screen_hint - untrusted_data.authorization_params.ui_locales - user.organizations - transaction.custom_domain.domain AculDomainFilter: type: object description: Domains array filter items oneOf: - $ref: '#/components/schemas/AculDomainFilterById' - $ref: '#/components/schemas/AculDomainFilterByMetadata' AculDomainFilterById: type: object additionalProperties: false required: - id properties: id: type: string description: Domain ID AculDomainFilterByMetadata: type: object additionalProperties: false required: - metadata properties: metadata: $ref: '#/components/schemas/AculDomainMetadata' AculDomainMetadata: type: object description: Domain metadata key/value pairs additionalProperties: true maxProperties: 1 AculFilters: type: - object - 'null' description: Optional filters to apply rendering rules to specific entities additionalProperties: false properties: match_type: $ref: '#/components/schemas/AculMatchTypeEnum' clients: type: array description: Clients filter items: $ref: '#/components/schemas/AculClientFilter' organizations: type: array description: Organizations filter items: $ref: '#/components/schemas/AculOrganizationFilter' domains: type: array description: Domains filter items: $ref: '#/components/schemas/AculDomainFilter' AculHeadTag: type: object additionalProperties: true properties: tag: type: string description: Any HTML element valid for use in the head tag attributes: $ref: '#/components/schemas/AculHeadTagAttributes' content: $ref: '#/components/schemas/AculHeadTagContent' AculHeadTagAttributes: type: object description: Attributes of the HTML tag. See MDN documentation for valid attributes. additionalProperties: true maxProperties: 10 AculHeadTagContent: type: string description: "Text or markup between the element’s opening and closing tags. \nYou can use context variables to display dynamic values." AculMatchTypeEnum: type: string description: Type of match to apply enum: - includes_any - excludes_any AculOrganizationFilter: type: object description: Organizations array filter items oneOf: - $ref: '#/components/schemas/AculOrganizationFilterById' - $ref: '#/components/schemas/AculOrganizationFilterByMetadata' AculOrganizationFilterById: type: object additionalProperties: false required: - id properties: id: type: string description: Organization ID AculOrganizationFilterByMetadata: type: object additionalProperties: false required: - metadata properties: metadata: $ref: '#/components/schemas/AculOrganizationMetadata' AculOrganizationMetadata: type: object description: Organization metadata key/value pairs additionalProperties: true maxProperties: 1 AculRenderingModeEnum: type: string enum: - advanced - standard description: Rendering mode to filter by AddOrganizationConnectionRequestContent: type: object additionalProperties: false required: - connection_id properties: connection_id: type: string description: Single connection ID to add to the organization. format: connection-id assign_membership_on_login: type: boolean description: When true, all users that log in with this connection will be automatically granted membership in the organization. When false, users must be granted membership in the organization before logging in with this connection. is_signup_enabled: type: boolean description: 'Determines whether organization signup should be enabled for this organization connection. Only applicable for database connections. Default: false.' show_as_button: type: boolean description: 'Determines whether a connection should be displayed on this organization’s login prompt. Only applicable for enterprise connections. Default: true.' AddOrganizationConnectionResponseContent: type: object additionalProperties: false properties: connection_id: type: string description: ID of the connection. assign_membership_on_login: type: boolean description: When true, all users that log in with this connection will be automatically granted membership in the organization. When false, users must be granted membership in the organization before logging in with this connection. show_as_button: type: boolean description: 'Determines whether a connection should be displayed on this organization’s login prompt. Only applicable for enterprise connections. Default: true.' is_signup_enabled: type: boolean description: 'Determines whether organization signup should be enabled for this organization connection. Only applicable for database connections. Default: false.' connection: $ref: '#/components/schemas/OrganizationConnectionInformation' AddRolePermissionsRequestContent: type: object additionalProperties: false required: - permissions properties: permissions: type: array description: array of resource_server_identifier, permission_name pairs. minItems: 1 items: $ref: '#/components/schemas/PermissionRequestPayload' AnomalyIPFormat: type: string oneOf: - type: string format: ipv4 - type: string format: ipv6 description: IP address to check. AppMetadata: type: object description: Data related to the user that does affect the application's core functionality. additionalProperties: true properties: {} AssessorsTypeEnum: type: string description: Assessors to clear. enum: - new-device AssignOrganizationMemberRolesRequestContent: type: object additionalProperties: false required: - roles properties: roles: type: array description: List of roles IDs to associated with the user. minItems: 1 items: type: string format: role-id AssignRoleUsersRequestContent: type: object additionalProperties: false required: - users properties: users: type: array description: user_id's of the users to assign the role to. items: type: string format: user-id-with-max-length AssignUserRolesRequestContent: type: object additionalProperties: false required: - roles properties: roles: type: array description: List of roles IDs to associated with the user. minItems: 1 items: type: string minLength: 1 AssociateOrganizationClientGrantRequestContent: type: object additionalProperties: false required: - grant_id properties: grant_id: type: string description: A Client Grant ID to add to the organization. format: client-grant-id AssociateOrganizationClientGrantResponseContent: type: object additionalProperties: false properties: id: type: string description: ID of the client grant. client_id: type: string description: ID of the client. audience: type: string description: The audience (API identifier) of this client grant minLength: 1 scope: type: array description: Scopes allowed for this client grant. items: type: string minLength: 1 organization_usage: $ref: '#/components/schemas/OrganizationUsageEnum' allow_any_organization: type: boolean description: If enabled, any organization can be used with this grant. If disabled (default), the grant must be explicitly assigned to the desired organizations. AsyncApprovalNotificationsChannelsEnum: type: string enum: - guardian-push - email AttackProtectionCaptchaArkoseResponseContent: type: object additionalProperties: true properties: site_key: type: string description: The site key for the Arkose captcha provider. fail_open: type: boolean description: Whether the captcha should fail open. client_subdomain: type: string description: The subdomain used for client requests to the Arkose captcha provider. verify_subdomain: type: string description: The subdomain used for server-side verification requests to the Arkose captcha provider. AttackProtectionCaptchaAuthChallengeRequest: type: object additionalProperties: false required: - fail_open properties: fail_open: type: boolean description: Whether the auth challenge should fail open. AttackProtectionCaptchaAuthChallengeResponseContent: type: object additionalProperties: true properties: fail_open: type: boolean description: Whether the auth challenge should fail open. AttackProtectionCaptchaFriendlyCaptchaResponseContent: type: object additionalProperties: true properties: site_key: type: string description: The site key for the Friendly Captcha provider. AttackProtectionCaptchaHcaptchaResponseContent: type: object additionalProperties: true properties: site_key: type: string description: The site key for the hCaptcha provider. AttackProtectionCaptchaProviderId: type: string description: The id of the active provider for the CAPTCHA. maxLength: 36 enum: - arkose - auth_challenge - friendly_captcha - hcaptcha - recaptcha_v2 - recaptcha_enterprise - simple_captcha AttackProtectionCaptchaRecaptchaEnterpriseResponseContent: type: object additionalProperties: true properties: site_key: type: string description: The site key for the reCAPTCHA Enterprise provider. project_id: type: string description: The project ID for the reCAPTCHA Enterprise provider. AttackProtectionCaptchaRecaptchaV2ResponseContent: type: object additionalProperties: true properties: site_key: type: string description: The site key for the reCAPTCHA v2 provider. AttackProtectionCaptchaSimpleCaptchaResponseContent: type: object additionalProperties: true properties: {} AttackProtectionUpdateCaptchaArkose: type: object additionalProperties: false required: - site_key - secret properties: site_key: type: string description: The site key for the Arkose captcha provider. maxLength: 100 secret: type: string description: The secret key for the Arkose captcha provider. maxLength: 100 client_subdomain: type: string description: The subdomain used for client requests to the Arkose captcha provider. maxLength: 100 verify_subdomain: type: string description: The subdomain used for server-side verification requests to the Arkose captcha provider. maxLength: 100 fail_open: type: boolean description: Whether the captcha should fail open. AttackProtectionUpdateCaptchaFriendlyCaptcha: type: object additionalProperties: false required: - site_key - secret properties: site_key: type: string description: The site key for the Friendly Captcha provider. maxLength: 100 secret: type: string description: The secret key for the Friendly Captcha provider. maxLength: 100 AttackProtectionUpdateCaptchaHcaptcha: type: object additionalProperties: false required: - site_key - secret properties: site_key: type: string description: The site key for the hCaptcha provider. maxLength: 100 secret: type: string description: The secret key for the hCaptcha provider. maxLength: 100 AttackProtectionUpdateCaptchaRecaptchaEnterprise: type: object additionalProperties: false required: - site_key - api_key - project_id properties: site_key: type: string description: The site key for the reCAPTCHA Enterprise provider. maxLength: 100 api_key: type: string description: The API key for the reCAPTCHA Enterprise provider. maxLength: 100 project_id: type: string description: The project ID for the reCAPTCHA Enterprise provider. maxLength: 100 AttackProtectionUpdateCaptchaRecaptchaV2: type: object additionalProperties: false required: - site_key - secret properties: site_key: type: string description: The site key for the reCAPTCHA v2 provider. maxLength: 100 secret: type: string description: The secret key for the reCAPTCHA v2 provider. maxLength: 100 AuthenticationMethodTypeEnum: type: string enum: - recovery-code - totp - push - phone - email - email-verification - webauthn-roaming - webauthn-platform - guardian - passkey - password AuthenticationTypeEnum: type: string enum: - phone - email - totp BotDetectionAllowlist: type: array description: List of IP addresses or CIDR blocks to allowlist items: $ref: '#/components/schemas/BotDetectionIPAddressOrCidrBlock' BotDetectionChallengePolicyPasswordFlowEnum: type: string description: The policy that defines how often to show CAPTCHA enum: - never - when_risky - always BotDetectionChallengePolicyPasswordResetFlowEnum: type: string description: The policy that defines how often to show CAPTCHA enum: - never - when_risky - always BotDetectionChallengePolicyPasswordlessFlowEnum: type: string description: The policy that defines how often to show CAPTCHA enum: - never - when_risky - always BotDetectionCidrBlock: type: string description: CIDR block format: cidr BotDetectionIPAddressOrCidrBlock: type: string description: IP address (IPv4 or IPv6) or CIDR block oneOf: - $ref: '#/components/schemas/BotDetectionIPv4' - $ref: '#/components/schemas/BotDetectionIPv6' - $ref: '#/components/schemas/BotDetectionCidrBlock' - $ref: '#/components/schemas/BotDetectionIPv6CidrBlock' BotDetectionIPv4: type: string description: IPv4 address format: ipv4 BotDetectionIPv6: type: string description: IPv6 address format: ipv6 BotDetectionIPv6CidrBlock: type: string description: IPv6 CIDR block format: ipv6_cidr BotDetectionLevelEnum: type: string description: The level of bot detection sensitivity enum: - low - medium - high BotDetectionMonitoringModeEnabled: type: boolean description: Whether monitoring mode is enabled (logs but does not block) BrandingColors: type: object description: Custom color settings. additionalProperties: false minProperties: 1 properties: primary: type: string description: Accent color. format: html-color page_background: $ref: '#/components/schemas/BrandingPageBackground' BrandingFont: type: object description: Custom font settings. additionalProperties: false minProperties: 1 properties: url: type: string description: URL for the custom font. The URL must point to a font file and not a stylesheet. Must use HTTPS. format: strict-https-uri BrandingIdentifiers: type: object description: Identifier input display settings. additionalProperties: false properties: login_display: $ref: '#/components/schemas/BrandingLoginDisplayEnum' otp_autocomplete: type: boolean description: Whether OTP autocomplete (autocomplete="one-time-code") is enabled. default: true phone_display: $ref: '#/components/schemas/BrandingPhoneDisplay' BrandingLoginDisplayEnum: type: string description: Controls identifier input presentation on the login flow. Defaults to "unified" for legacy tenants, "separate" for tenants created post-GA of this feature. default: unified enum: - unified - separate BrandingPageBackground: description: "Page Background Color or Gradient.\nProperty contains either null to unset, a solid color as a string value #FFFFFF,\ \ or a gradient as an object.\n\n
\n{\n  type: 'linear-gradient',\n  start: '#FFFFFF',\n  end: '#000000',\n  angle_deg: 35\n}\n
\n" oneOf: - type: - string - 'null' - type: - object - 'null' additionalProperties: true BrandingPhoneDisplay: type: object description: Phone number display settings. additionalProperties: false properties: masking: $ref: '#/components/schemas/BrandingPhoneMaskingEnum' formatting: $ref: '#/components/schemas/BrandingPhoneFormattingEnum' BrandingPhoneFormattingEnum: type: string description: Controls the format used when displaying phone numbers. default: international enum: - regional - international BrandingPhoneMaskingEnum: type: string description: Controls how phone numbers are masked when displayed back to users. default: mask_digits enum: - show_all - hide_country_code - mask_digits BrandingThemeBorders: type: object additionalProperties: false required: - button_border_radius - button_border_weight - buttons_style - input_border_radius - input_border_weight - inputs_style - show_widget_shadow - widget_border_weight - widget_corner_radius properties: button_border_radius: type: number description: Button border radius minimum: 1 maximum: 10 button_border_weight: type: number description: Button border weight minimum: 0 maximum: 10 buttons_style: $ref: '#/components/schemas/BrandingThemeBordersButtonsStyleEnum' input_border_radius: type: number description: Input border radius minimum: 0 maximum: 10 input_border_weight: type: number description: Input border weight minimum: 0 maximum: 3 inputs_style: $ref: '#/components/schemas/BrandingThemeBordersInputsStyleEnum' show_widget_shadow: type: boolean description: Show widget shadow widget_border_weight: type: number description: Widget border weight minimum: 0 maximum: 10 widget_corner_radius: type: number description: Widget corner radius minimum: 0 maximum: 50 BrandingThemeBordersButtonsStyleEnum: type: string description: Buttons style enum: - pill - rounded - sharp BrandingThemeBordersInputsStyleEnum: type: string description: Inputs style enum: - pill - rounded - sharp BrandingThemeColors: type: object additionalProperties: false required: - body_text - error - header - icons - input_background - input_border - input_filled_text - input_labels_placeholders - links_focused_components - primary_button - primary_button_label - secondary_button_border - secondary_button_label - success - widget_background - widget_border properties: base_focus_color: type: string description: Base Focus Color pattern: ^#(([0-9a-fA-F]{3}){1,2}|([0-9a-fA-F]{4}){1,2})$ base_hover_color: type: string description: Base Hover Color pattern: ^#(([0-9a-fA-F]{3}){1,2}|([0-9a-fA-F]{4}){1,2})$ body_text: type: string description: Body text pattern: ^#(([0-9a-fA-F]{3}){1,2}|([0-9a-fA-F]{4}){1,2})$ captcha_widget_theme: $ref: '#/components/schemas/BrandingThemeColorsCaptchaWidgetThemeEnum' error: type: string description: Error pattern: ^#(([0-9a-fA-F]{3}){1,2}|([0-9a-fA-F]{4}){1,2})$ header: type: string description: Header pattern: ^#(([0-9a-fA-F]{3}){1,2}|([0-9a-fA-F]{4}){1,2})$ icons: type: string description: Icons pattern: ^#(([0-9a-fA-F]{3}){1,2}|([0-9a-fA-F]{4}){1,2})$ input_background: type: string description: Input background pattern: ^#(([0-9a-fA-F]{3}){1,2}|([0-9a-fA-F]{4}){1,2})$ input_border: type: string description: Input border pattern: ^#(([0-9a-fA-F]{3}){1,2}|([0-9a-fA-F]{4}){1,2})$ input_filled_text: type: string description: Input filled text pattern: ^#(([0-9a-fA-F]{3}){1,2}|([0-9a-fA-F]{4}){1,2})$ input_labels_placeholders: type: string description: Input labels & placeholders pattern: ^#(([0-9a-fA-F]{3}){1,2}|([0-9a-fA-F]{4}){1,2})$ links_focused_components: type: string description: Links & focused components pattern: ^#(([0-9a-fA-F]{3}){1,2}|([0-9a-fA-F]{4}){1,2})$ primary_button: type: string description: Primary button pattern: ^#(([0-9a-fA-F]{3}){1,2}|([0-9a-fA-F]{4}){1,2})$ primary_button_label: type: string description: Primary button label pattern: ^#(([0-9a-fA-F]{3}){1,2}|([0-9a-fA-F]{4}){1,2})$ read_only_background: type: string description: Read only background pattern: ^#(([0-9a-fA-F]{3}){1,2}|([0-9a-fA-F]{4}){1,2})$ secondary_button_border: type: string description: Secondary button border pattern: ^#(([0-9a-fA-F]{3}){1,2}|([0-9a-fA-F]{4}){1,2})$ secondary_button_label: type: string description: Secondary button label pattern: ^#(([0-9a-fA-F]{3}){1,2}|([0-9a-fA-F]{4}){1,2})$ success: type: string description: Success pattern: ^#(([0-9a-fA-F]{3}){1,2}|([0-9a-fA-F]{4}){1,2})$ widget_background: type: string description: Widget background pattern: ^#(([0-9a-fA-F]{3}){1,2}|([0-9a-fA-F]{4}){1,2})$ widget_border: type: string description: Widget border pattern: ^#(([0-9a-fA-F]{3}){1,2}|([0-9a-fA-F]{4}){1,2})$ BrandingThemeColorsCaptchaWidgetThemeEnum: type: string description: Captcha Widget Theme enum: - auto - dark - light BrandingThemeFontBodyText: type: object description: Body text additionalProperties: false required: - bold - size properties: bold: type: boolean description: Body text bold size: type: number description: Body text size minimum: 0 maximum: 150 BrandingThemeFontButtonsText: type: object description: Buttons text additionalProperties: false required: - bold - size properties: bold: type: boolean description: Buttons text bold size: type: number description: Buttons text size minimum: 0 maximum: 150 BrandingThemeFontInputLabels: type: object description: Input Labels additionalProperties: false required: - bold - size properties: bold: type: boolean description: Input Labels bold size: type: number description: Input Labels size minimum: 0 maximum: 150 BrandingThemeFontLinks: type: object description: Links additionalProperties: false required: - bold - size properties: bold: type: boolean description: Links bold size: type: number description: Links size minimum: 0 maximum: 150 BrandingThemeFontLinksStyleEnum: type: string description: Links style enum: - normal - underlined BrandingThemeFontSubtitle: type: object description: Subtitle additionalProperties: false required: - bold - size properties: bold: type: boolean description: Subtitle bold size: type: number description: Subtitle size minimum: 0 maximum: 150 BrandingThemeFontTitle: type: object description: Title additionalProperties: false required: - bold - size properties: bold: type: boolean description: Title bold size: type: number description: Title size minimum: 75 maximum: 150 BrandingThemeFonts: type: object additionalProperties: false required: - body_text - buttons_text - font_url - input_labels - links - links_style - reference_text_size - subtitle - title properties: body_text: $ref: '#/components/schemas/BrandingThemeFontBodyText' buttons_text: $ref: '#/components/schemas/BrandingThemeFontButtonsText' font_url: type: string description: Font URL pattern: ^$|^(?=.)(?!https?:\/(?:$|[^/]))(?!https?:\/\/\/)(?!https?:[^/])(?:(?:https):(?:(?:\/\/(?:[\w-\.~%\dA-Fa-f!\$&'\(\)\*\+,;=:]*@)?(?:\[(?:(?:(?:[\dA-Fa-f]{1,4}:){6}(?:[\dA-Fa-f]{1,4}:[\dA-Fa-f]{1,4}|(?:(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5]))|::(?:[\dA-Fa-f]{1,4}:){5}(?:[\dA-Fa-f]{1,4}:[\dA-Fa-f]{1,4}|(?:(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5]))|(?:[\dA-Fa-f]{1,4})?::(?:[\dA-Fa-f]{1,4}:){4}(?:[\dA-Fa-f]{1,4}:[\dA-Fa-f]{1,4}|(?:(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5]))|(?:(?:[\dA-Fa-f]{1,4}:){0,1}[\dA-Fa-f]{1,4})?::(?:[\dA-Fa-f]{1,4}:){3}(?:[\dA-Fa-f]{1,4}:[\dA-Fa-f]{1,4}|(?:(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5]))|(?:(?:[\dA-Fa-f]{1,4}:){0,2}[\dA-Fa-f]{1,4})?::(?:[\dA-Fa-f]{1,4}:){2}(?:[\dA-Fa-f]{1,4}:[\dA-Fa-f]{1,4}|(?:(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5]))|(?:(?:[\dA-Fa-f]{1,4}:){0,3}[\dA-Fa-f]{1,4})?::[\dA-Fa-f]{1,4}:(?:[\dA-Fa-f]{1,4}:[\dA-Fa-f]{1,4}|(?:(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5]))|(?:(?:[\dA-Fa-f]{1,4}:){0,4}[\dA-Fa-f]{1,4})?::(?:[\dA-Fa-f]{1,4}:[\dA-Fa-f]{1,4}|(?:(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5]))|(?:(?:[\dA-Fa-f]{1,4}:){0,5}[\dA-Fa-f]{1,4})?::[\dA-Fa-f]{1,4}|(?:(?:[\dA-Fa-f]{1,4}:){0,6}[\dA-Fa-f]{1,4})?::)|v[\dA-Fa-f]+\.[\w-\.~!\$&'\(\)\*\+,;=:]+)\]|(?:(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5])|[\w-\.~%\dA-Fa-f!\$&'\(\)\*\+,;=]{1,255})(?::\d*)?(?:\/[\w-\.~%\dA-Fa-f!\$&'\(\)\*\+,;=:@]*)*)|\/(?:[\w-\.~%\dA-Fa-f!\$&'\(\)\*\+,;=:@]+(?:\/[\w-\.~%\dA-Fa-f!\$&'\(\)\*\+,;=:@]*)*)?|[\w-\.~%\dA-Fa-f!\$&'\(\)\*\+,;=:@]+(?:\/[\w-\.~%\dA-Fa-f!\$&'\(\)\*\+,;=:@]*)*|(?:\/\/\/[\w-\.~%\dA-Fa-f!\$&'\(\)\*\+,;=:@]*(?:\/[\w-\.~%\dA-Fa-f!\$&'\(\)\*\+,;=:@]*)*)))(?:\?[\w-\.~%\dA-Fa-f!\$&'\(\)\*\+,;=:@\/\?]*(?=#|$))?(?:#[\w-\.~%\dA-Fa-f!\$&'\(\)\*\+,;=:@\/\?]*)?$ input_labels: $ref: '#/components/schemas/BrandingThemeFontInputLabels' links: $ref: '#/components/schemas/BrandingThemeFontLinks' links_style: $ref: '#/components/schemas/BrandingThemeFontLinksStyleEnum' reference_text_size: type: number description: Reference text size minimum: 12 maximum: 24 subtitle: $ref: '#/components/schemas/BrandingThemeFontSubtitle' title: $ref: '#/components/schemas/BrandingThemeFontTitle' BrandingThemePageBackground: type: object additionalProperties: false required: - background_color - background_image_url - page_layout properties: background_color: type: string description: Background color pattern: ^#(([0-9a-fA-F]{3}){1,2}|([0-9a-fA-F]{4}){1,2})$ background_image_url: type: string description: Background image url pattern: ^$|^(?=.)(?!https?:\/(?:$|[^/]))(?!https?:\/\/\/)(?!https?:[^/])(?:(?:https):(?:(?:\/\/(?:[\w-\.~%\dA-Fa-f!\$&'\(\)\*\+,;=:]*@)?(?:\[(?:(?:(?:[\dA-Fa-f]{1,4}:){6}(?:[\dA-Fa-f]{1,4}:[\dA-Fa-f]{1,4}|(?:(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5]))|::(?:[\dA-Fa-f]{1,4}:){5}(?:[\dA-Fa-f]{1,4}:[\dA-Fa-f]{1,4}|(?:(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5]))|(?:[\dA-Fa-f]{1,4})?::(?:[\dA-Fa-f]{1,4}:){4}(?:[\dA-Fa-f]{1,4}:[\dA-Fa-f]{1,4}|(?:(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5]))|(?:(?:[\dA-Fa-f]{1,4}:){0,1}[\dA-Fa-f]{1,4})?::(?:[\dA-Fa-f]{1,4}:){3}(?:[\dA-Fa-f]{1,4}:[\dA-Fa-f]{1,4}|(?:(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5]))|(?:(?:[\dA-Fa-f]{1,4}:){0,2}[\dA-Fa-f]{1,4})?::(?:[\dA-Fa-f]{1,4}:){2}(?:[\dA-Fa-f]{1,4}:[\dA-Fa-f]{1,4}|(?:(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5]))|(?:(?:[\dA-Fa-f]{1,4}:){0,3}[\dA-Fa-f]{1,4})?::[\dA-Fa-f]{1,4}:(?:[\dA-Fa-f]{1,4}:[\dA-Fa-f]{1,4}|(?:(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5]))|(?:(?:[\dA-Fa-f]{1,4}:){0,4}[\dA-Fa-f]{1,4})?::(?:[\dA-Fa-f]{1,4}:[\dA-Fa-f]{1,4}|(?:(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5]))|(?:(?:[\dA-Fa-f]{1,4}:){0,5}[\dA-Fa-f]{1,4})?::[\dA-Fa-f]{1,4}|(?:(?:[\dA-Fa-f]{1,4}:){0,6}[\dA-Fa-f]{1,4})?::)|v[\dA-Fa-f]+\.[\w-\.~!\$&'\(\)\*\+,;=:]+)\]|(?:(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5])|[\w-\.~%\dA-Fa-f!\$&'\(\)\*\+,;=]{1,255})(?::\d*)?(?:\/[\w-\.~%\dA-Fa-f!\$&'\(\)\*\+,;=:@]*)*)|\/(?:[\w-\.~%\dA-Fa-f!\$&'\(\)\*\+,;=:@]+(?:\/[\w-\.~%\dA-Fa-f!\$&'\(\)\*\+,;=:@]*)*)?|[\w-\.~%\dA-Fa-f!\$&'\(\)\*\+,;=:@]+(?:\/[\w-\.~%\dA-Fa-f!\$&'\(\)\*\+,;=:@]*)*|(?:\/\/\/[\w-\.~%\dA-Fa-f!\$&'\(\)\*\+,;=:@]*(?:\/[\w-\.~%\dA-Fa-f!\$&'\(\)\*\+,;=:@]*)*)))(?:\?[\w-\.~%\dA-Fa-f!\$&'\(\)\*\+,;=:@\/\?]*(?=#|$))?(?:#[\w-\.~%\dA-Fa-f!\$&'\(\)\*\+,;=:@\/\?]*)?$ page_layout: $ref: '#/components/schemas/BrandingThemePageBackgroundPageLayoutEnum' BrandingThemePageBackgroundPageLayoutEnum: type: string description: Page Layout enum: - center - left - right BrandingThemeWidget: type: object additionalProperties: false required: - header_text_alignment - logo_height - logo_position - logo_url - social_buttons_layout properties: header_text_alignment: $ref: '#/components/schemas/BrandingThemeWidgetHeaderTextAlignmentEnum' logo_height: type: number description: Logo height minimum: 1 maximum: 100 logo_position: $ref: '#/components/schemas/BrandingThemeWidgetLogoPositionEnum' logo_url: type: string description: Logo url pattern: ^$|^(?=.)(?!https?:\/(?:$|[^/]))(?!https?:\/\/\/)(?!https?:[^/])(?:(?:https):(?:(?:\/\/(?:[\w-\.~%\dA-Fa-f!\$&'\(\)\*\+,;=:]*@)?(?:\[(?:(?:(?:[\dA-Fa-f]{1,4}:){6}(?:[\dA-Fa-f]{1,4}:[\dA-Fa-f]{1,4}|(?:(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5]))|::(?:[\dA-Fa-f]{1,4}:){5}(?:[\dA-Fa-f]{1,4}:[\dA-Fa-f]{1,4}|(?:(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5]))|(?:[\dA-Fa-f]{1,4})?::(?:[\dA-Fa-f]{1,4}:){4}(?:[\dA-Fa-f]{1,4}:[\dA-Fa-f]{1,4}|(?:(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5]))|(?:(?:[\dA-Fa-f]{1,4}:){0,1}[\dA-Fa-f]{1,4})?::(?:[\dA-Fa-f]{1,4}:){3}(?:[\dA-Fa-f]{1,4}:[\dA-Fa-f]{1,4}|(?:(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5]))|(?:(?:[\dA-Fa-f]{1,4}:){0,2}[\dA-Fa-f]{1,4})?::(?:[\dA-Fa-f]{1,4}:){2}(?:[\dA-Fa-f]{1,4}:[\dA-Fa-f]{1,4}|(?:(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5]))|(?:(?:[\dA-Fa-f]{1,4}:){0,3}[\dA-Fa-f]{1,4})?::[\dA-Fa-f]{1,4}:(?:[\dA-Fa-f]{1,4}:[\dA-Fa-f]{1,4}|(?:(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5]))|(?:(?:[\dA-Fa-f]{1,4}:){0,4}[\dA-Fa-f]{1,4})?::(?:[\dA-Fa-f]{1,4}:[\dA-Fa-f]{1,4}|(?:(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5]))|(?:(?:[\dA-Fa-f]{1,4}:){0,5}[\dA-Fa-f]{1,4})?::[\dA-Fa-f]{1,4}|(?:(?:[\dA-Fa-f]{1,4}:){0,6}[\dA-Fa-f]{1,4})?::)|v[\dA-Fa-f]+\.[\w-\.~!\$&'\(\)\*\+,;=:]+)\]|(?:(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:0{0,2}\d|0?[1-9]\d|1\d\d|2[0-4]\d|25[0-5])|[\w-\.~%\dA-Fa-f!\$&'\(\)\*\+,;=]{1,255})(?::\d*)?(?:\/[\w-\.~%\dA-Fa-f!\$&'\(\)\*\+,;=:@]*)*)|\/(?:[\w-\.~%\dA-Fa-f!\$&'\(\)\*\+,;=:@]+(?:\/[\w-\.~%\dA-Fa-f!\$&'\(\)\*\+,;=:@]*)*)?|[\w-\.~%\dA-Fa-f!\$&'\(\)\*\+,;=:@]+(?:\/[\w-\.~%\dA-Fa-f!\$&'\(\)\*\+,;=:@]*)*|(?:\/\/\/[\w-\.~%\dA-Fa-f!\$&'\(\)\*\+,;=:@]*(?:\/[\w-\.~%\dA-Fa-f!\$&'\(\)\*\+,;=:@]*)*)))(?:\?[\w-\.~%\dA-Fa-f!\$&'\(\)\*\+,;=:@\/\?]*(?=#|$))?(?:#[\w-\.~%\dA-Fa-f!\$&'\(\)\*\+,;=:@\/\?]*)?$ social_buttons_layout: $ref: '#/components/schemas/BrandingThemeWidgetSocialButtonsLayoutEnum' BrandingThemeWidgetHeaderTextAlignmentEnum: type: string description: Header text alignment enum: - center - left - right BrandingThemeWidgetLogoPositionEnum: type: string description: Logo position enum: - center - left - none - right BrandingThemeWidgetSocialButtonsLayoutEnum: type: string description: Social buttons layout enum: - bottom - top BreachedPasswordDetectionAdminNotificationFrequencyEnum: type: string enum: - immediately - daily - weekly - monthly BreachedPasswordDetectionMethodEnum: type: string description: "The subscription level for breached password detection methods. Use \"enhanced\" to enable Credential Guard.\n Possible values: standard,\ \ enhanced." default: standard enum: - standard - enhanced BreachedPasswordDetectionPreChangePasswordShieldsEnum: type: string enum: - block - admin_notification BreachedPasswordDetectionPreChangePasswordStage: type: object additionalProperties: false properties: shields: type: array description: "Action to take when a breached password is detected during a password reset.\n Possible values: block, admin_notification." items: $ref: '#/components/schemas/BreachedPasswordDetectionPreChangePasswordShieldsEnum' BreachedPasswordDetectionPreUserRegistrationShieldsEnum: type: string enum: - block - admin_notification BreachedPasswordDetectionPreUserRegistrationStage: type: object additionalProperties: false properties: shields: type: array description: "Action to take when a breached password is detected during a signup.\n Possible values: block, admin_notification." items: $ref: '#/components/schemas/BreachedPasswordDetectionPreUserRegistrationShieldsEnum' BreachedPasswordDetectionShieldsEnum: type: string enum: - block - user_notification - admin_notification BreachedPasswordDetectionStage: type: object additionalProperties: false properties: pre-user-registration: $ref: '#/components/schemas/BreachedPasswordDetectionPreUserRegistrationStage' pre-change-password: $ref: '#/components/schemas/BreachedPasswordDetectionPreChangePasswordStage' BruteForceProtectionModeEnum: type: string description: "Account Lockout: Determines whether or not IP address is used when counting failed attempts.\n Possible values: count_per_identifier_and_ip,\ \ count_per_identifier." default: count_per_identifier_and_ip enum: - count_per_identifier_and_ip - count_per_identifier BruteForceProtectionShieldsEnum: type: string enum: - block - user_notification BulkUpdateAculRequestContent: type: object description: Bulk update render settings for multiple screens additionalProperties: false required: - configs properties: configs: $ref: '#/components/schemas/AculConfigs' BulkUpdateAculResponseContent: type: object additionalProperties: true required: - configs properties: configs: $ref: '#/components/schemas/AculConfigs' CertificateSubjectDNCredential: type: object additionalProperties: false required: - credential_type properties: credential_type: $ref: '#/components/schemas/CertificateSubjectDNCredentialTypeEnum' name: type: string description: Friendly name for a credential. default: '' maxLength: 128 subject_dn: type: string description: Subject Distinguished Name. Mutually exclusive with `pem` property. Applies to `cert_subject_dn` credential type. minLength: 1 maxLength: 256 pem: type: string description: PEM-formatted X509 certificate. Must be JSON escaped. Mutually exclusive with `subject_dn` property. default: "-----BEGIN CERTIFICATE-----\r\nMIIBIjANBg...\r\n-----END CERTIFICATE-----\r\n" minLength: 1 maxLength: 4096 CertificateSubjectDNCredentialTypeEnum: type: string enum: - cert_subject_dn ChangePasswordTicketIdentity: type: object description: The user's identity. If you set this value, you must also send the user_id parameter. additionalProperties: false required: - user_id - provider x-release-lifecycle: EA properties: user_id: type: string description: user_id of the identity. default: 5457edea1b8f22891a000004 provider: $ref: '#/components/schemas/IdentityProviderOnlyAuth0Enum' connection_id: type: string description: connection_id of the identity. pattern: ^con_[A-Za-z0-9]{16}$ ChangePasswordTicketRequestContent: type: object additionalProperties: false properties: result_url: type: string description: URL the user will be redirected to in the classic Universal Login experience once the ticket is used. Cannot be specified when using client_id or organization_id. default: http://myapp.com/callback format: url user_id: type: string description: user_id of for whom the ticket should be created. format: user-id client_id: type: string description: ID of the client (application). If provided for tenants using the New Universal Login experience, the email template and UI displays application details, and the user is prompted to redirect to the application's default login route after the ticket is used. client_id is required to use the Password Reset Post Challenge trigger. default: DaM8bokEXBWrTUFCiJjWn50jei6ardyX format: client-id organization_id: type: string description: (Optional) Organization ID – the ID of the Organization. If provided, organization parameters will be made available to the email template and organization branding will be applied to the prompt. In addition, the redirect link in the prompt will include organization_id and organization_name query string parameters. default: org_2eondWoxcMIpaLQc format: organization-id connection_id: type: string description: ID of the connection. If provided, allows the user to be specified using email instead of user_id. If you set this value, you must also send the email parameter. You cannot send user_id when specifying a connection_id. default: con_0000000000000001 pattern: ^con_[A-Za-z0-9]{16}$ email: type: string description: Email address of the user for whom the tickets should be created. Requires the connection_id parameter. Cannot be specified when using user_id. format: email ttl_sec: type: integer description: Number of seconds for which the ticket is valid before expiration. If unspecified or set to 0, this value defaults to 432000 seconds (5 days). minimum: 0 mark_email_as_verified: type: boolean description: Whether to set the email_verified attribute to true (true) or whether it should not be updated (false). default: false includeEmailInRedirect: type: boolean description: Whether to include the email address as part of the returnUrl in the reset_email (true), or not (false). identity: $ref: '#/components/schemas/ChangePasswordTicketIdentity' x-release-lifecycle: EA ChangePasswordTicketResponseContent: type: object additionalProperties: true required: - ticket properties: ticket: type: string description: URL representing the ticket. default: https://login.auth0.com/lo/reset?client_id=nsaPS2p3cargoFy82WT7betaOPOt3qSh&tenant=mdocs&bewit=bmNlR01CcDNOUE1GeXVzODJXVDdyY1RUT1BPdDNxU2hcMTQzMDY2MjE4MVxuRTcxM0RSeUNlbEpzUUJmaFVaS3A1NEdJbWFzSUZMYzRTdEFtY2NMMXhZPVx7ImVtYWloojoiZGFtaWtww2NoQGhvdG1haWwuY29tIiwidGVuYW50IjoiZHNjaGVua2tjwWFuIiwiY2xpZW50X2lkIjoibmNlR01CcDNOUE1GeXVzODJXVDdyY1RUT1BPiiqxU2giLCJjb25uZWN0aW9uIjoiRGFtaWmsdiwicmVzdWx0VXJsIjoiIn0 format: url CimdMappedClientAuthenticationMethods: type: object description: Client authentication methods derived from the JWKS document additionalProperties: true properties: private_key_jwt: $ref: '#/components/schemas/CimdMappedClientAuthenticationMethodsPrivateKeyJwt' CimdMappedClientAuthenticationMethodsPrivateKeyJwt: type: object description: Private Key JWT authentication configuration additionalProperties: true required: - credentials properties: credentials: type: array description: Credentials derived from the JWKS document items: $ref: '#/components/schemas/CimdMappedPrivateKeyJwtCredential' CimdMappedClientFields: type: object description: Auth0 client fields mapped from the Client ID Metadata Document additionalProperties: true properties: external_client_id: type: string description: The URL of the Client ID Metadata Document name: type: string description: Client name app_type: type: string description: Application type (e.g., web, native) callbacks: type: array description: Callback URLs items: type: string logo_uri: type: string description: Logo URI description: type: string description: Human-readable brief description of this client presentable to the end-user grant_types: type: array description: List of grant types items: type: string token_endpoint_auth_method: type: string description: Token endpoint authentication method jwks_uri: type: string description: URL for the JSON Web Key Set containing the public keys for private_key_jwt authentication client_authentication_methods: $ref: '#/components/schemas/CimdMappedClientAuthenticationMethods' CimdMappedPrivateKeyJwtCredential: type: object additionalProperties: true required: - credential_type - kid - alg properties: credential_type: type: string description: Type of credential (e.g., public_key) kid: type: string description: Key identifier from JWKS or calculated thumbprint alg: type: string description: Algorithm (e.g., RS256, RS384, PS256) CimdValidationResult: type: object description: Validation result for the Client ID Metadata Document additionalProperties: true required: - valid - violations - warnings properties: valid: type: boolean description: Whether the metadata document passed validation violations: type: array description: Array of validation violation messages (if any) items: type: string warnings: type: array description: Array of warning messages (if any) items: type: string ClearAssessorsRequestContent: type: object additionalProperties: false required: - connection - assessors properties: connection: type: string description: The name of the connection containing the user whose assessors should be cleared. minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$ assessors: type: array description: List of assessors to clear. minItems: 1 items: $ref: '#/components/schemas/AssessorsTypeEnum' Client: type: object additionalProperties: true properties: client_id: type: string description: ID of this client. default: AaiyAPdpYdesoKnqjj8HJqRn4T5titww tenant: type: string description: Name of the tenant this client belongs to. default: '' name: type: string description: 'Name of this client (min length: 1 character, does not allow `<` or `>`).' default: My application description: type: string description: 'Free text description of this client (max length: 140 characters).' default: '' global: type: boolean description: Whether this is your global 'All Applications' client representing legacy tenant settings (true) or a regular client (false). default: false client_secret: type: string description: Client secret (which you must not make public). default: MG_TNT2ver-SylNat-_VeMmd-4m0Waba0jr1troztBniSChEw0glxEmgEi2Kw40H app_type: $ref: '#/components/schemas/ClientAppTypeEnum' logo_uri: type: string description: URL of the logo to display for this client. Recommended size is 150x150 pixels. is_first_party: type: boolean description: Whether this client a first party client (true) or not (false). default: false oidc_conformant: type: boolean description: Whether this client conforms to strict OIDC specifications (true) or uses legacy features (false). default: false callbacks: type: array description: Comma-separated list of URLs whitelisted for Auth0 to use as a callback to the client after authentication. items: type: string allowed_origins: type: array description: Comma-separated list of URLs allowed to make requests from JavaScript to Auth0 API (typically used with CORS). By default, all your callback URLs will be allowed. This field allows you to enter other origins if necessary. You can also use wildcards at the subdomain level (e.g., https://*.contoso.com). Query strings and hash information are not taken into account when validating these URLs. items: type: string web_origins: type: array description: Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode. items: type: string client_aliases: type: array description: List of audiences/realms for SAML protocol. Used by the wsfed addon. items: type: string allowed_clients: type: array description: List of allow clients and API ids that are allowed to make delegation requests. Empty means all all your clients are allowed. items: type: string allowed_logout_urls: type: array description: Comma-separated list of URLs that are valid to redirect to after logout from Auth0. Wildcards are allowed for subdomains. items: type: string session_transfer: $ref: '#/components/schemas/ClientSessionTransferConfiguration' oidc_logout: $ref: '#/components/schemas/ClientOIDCBackchannelLogoutSettings' grant_types: type: array description: List of grant types supported for this application. Can include `authorization_code`, `implicit`, `refresh_token`, `client_credentials`, `password`, `http://auth0.com/oauth/grant-type/password-realm`, `http://auth0.com/oauth/grant-type/mfa-oob`, `http://auth0.com/oauth/grant-type/mfa-otp`, `http://auth0.com/oauth/grant-type/mfa-recovery-code`, `urn:openid:params:grant-type:ciba`, `urn:ietf:params:oauth:grant-type:device_code`, and `urn:auth0:params:oauth:grant-type:token-exchange:federated-connection-access-token`. items: type: string jwt_configuration: $ref: '#/components/schemas/ClientJwtConfiguration' signing_keys: $ref: '#/components/schemas/ClientSigningKeys' encryption_key: $ref: '#/components/schemas/ClientEncryptionKey' sso: type: boolean description: Applies only to SSO clients and determines whether Auth0 will handle Single Sign On (true) or whether the Identity Provider will (false). default: false sso_disabled: type: boolean description: Whether Single Sign On is disabled (true) or enabled (true). Defaults to true. default: false cross_origin_authentication: type: boolean description: Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false). cross_origin_loc: type: string description: URL of the location in your site where the cross origin verification takes place for the cross-origin auth flow when performing Auth in your own domain instead of Auth0 hosted login page. format: url custom_login_page_on: type: boolean description: Whether a custom login page is to be used (true) or the default provided login page (false). default: true custom_login_page: type: string description: The content (HTML, CSS, JS) of the custom login page. default: '' custom_login_page_preview: type: string description: The content (HTML, CSS, JS) of the custom login page. (Used on Previews) default: '' form_template: type: string description: HTML form template to be used for WS-Federation. default: '' addons: $ref: '#/components/schemas/ClientAddons' token_endpoint_auth_method: $ref: '#/components/schemas/ClientTokenEndpointAuthMethodEnum' is_token_endpoint_ip_header_trusted: type: boolean description: If true, trust that the IP specified in the `auth0-forwarded-for` header is the end-user's IP for brute-force-protection on token endpoint. default: false client_metadata: $ref: '#/components/schemas/ClientMetadata' mobile: $ref: '#/components/schemas/ClientMobile' initiate_login_uri: type: string description: Initiate login uri, must be https format: absolute-https-uri-with-placeholders-or-empty native_social_login: {} refresh_token: $ref: '#/components/schemas/ClientRefreshTokenConfiguration' default_organization: $ref: '#/components/schemas/ClientDefaultOrganization' organization_usage: $ref: '#/components/schemas/ClientOrganizationUsageEnum' organization_require_behavior: $ref: '#/components/schemas/ClientOrganizationRequireBehaviorEnum' organization_discovery_methods: type: array description: Defines the available methods for organization discovery during the `pre_login_prompt`. Users can discover their organization either by `email`, `organization_name` or both. minItems: 1 x-release-lifecycle: EA items: $ref: '#/components/schemas/ClientOrganizationDiscoveryEnum' client_authentication_methods: $ref: '#/components/schemas/ClientAuthenticationMethod' require_pushed_authorization_requests: type: boolean description: Makes the use of Pushed Authorization Requests mandatory for this client default: false require_proof_of_possession: type: boolean description: Makes the use of Proof-of-Possession mandatory for this client default: false signed_request_object: $ref: '#/components/schemas/ClientSignedRequestObjectWithCredentialId' compliance_level: $ref: '#/components/schemas/ClientComplianceLevelEnum' skip_non_verifiable_callback_uri_confirmation_prompt: type: boolean description: 'Controls whether a confirmation prompt is shown during login flows when the redirect URI uses non-verifiable callback URIs (for example, a custom URI schema such as `myapp://`, or `localhost`). If set to true, a confirmation prompt will not be shown. We recommend that this is set to false for improved protection from malicious apps. See https://auth0.com/docs/secure/security-guidance/measures-against-app-impersonation for more information.' token_exchange: $ref: '#/components/schemas/ClientTokenExchangeConfiguration' x-release-lifecycle: GA par_request_expiry: type: - integer - 'null' description: Specifies how long, in seconds, a Pushed Authorization Request URI remains valid minimum: 10 maximum: 600 token_quota: $ref: '#/components/schemas/TokenQuota' x-release-lifecycle: EA express_configuration: $ref: '#/components/schemas/ExpressConfiguration' my_organization_configuration: $ref: '#/components/schemas/ClientMyOrganizationResponseConfiguration' x-release-lifecycle: EA third_party_security_mode: $ref: '#/components/schemas/ClientThirdPartySecurityModeEnum' x-release-lifecycle: GA redirection_policy: $ref: '#/components/schemas/ClientRedirectionPolicyEnum' x-release-lifecycle: GA resource_server_identifier: type: string description: The identifier of the resource server that this client is linked to. async_approval_notification_channels: $ref: '#/components/schemas/ClientAsyncApprovalNotificationsChannelsAPIPostConfiguration' external_metadata_type: $ref: '#/components/schemas/ClientExternalMetadataTypeEnum' external_metadata_created_by: $ref: '#/components/schemas/ClientExternalMetadataCreatedByEnum' external_client_id: type: string description: An alternate client identifier to be used during authorization flows. Only supports CIMD-based client identifiers. format: absolute-https-uri-or-empty jwks_uri: type: string description: URL for the JSON Web Key Set (JWKS) containing the public keys used for private_key_jwt authentication. Only present for CIMD clients using private_key_jwt authentication. format: absolute-https-uri-or-empty ClientAddonAWS: type: object description: AWS addon configuration. additionalProperties: true properties: principal: type: string description: AWS principal ARN, e.g. `arn:aws:iam::010616021751:saml-provider/idpname` role: type: string description: AWS role ARN, e.g. `arn:aws:iam::010616021751:role/foo` lifetime_in_seconds: type: integer description: AWS token lifetime in seconds minimum: 900 maximum: 43200 ClientAddonAzureBlob: type: object description: Azure Blob Storage addon configuration. additionalProperties: true properties: accountName: type: string description: Your Azure storage account name. Usually first segment in your Azure storage URL. e.g. `https://acme-org.blob.core.windows.net` would be the account name `acme-org`. pattern: ^([a-z0-9]){3,24}$ storageAccessKey: type: string description: Access key associated with this storage account. pattern: ^([A-Za-z0-9+/]){86}==$ containerName: type: string description: Container to request a token for. e.g. `my-container`. pattern: ^([a-z0-9]){1}([a-z0-9-]){2,62}$ blobName: type: string description: Entity to request a token for. e.g. `my-blob`. If blank the computed SAS will apply to the entire storage container. pattern: ^(.){1,1024}$ expiration: type: integer description: Expiration in minutes for the generated token (default of 5 minutes). minimum: 0 signedIdentifier: type: string description: Shared access policy identifier defined in your storage account resource. blob_read: type: boolean description: Indicates if the issued token has permission to read the content, properties, metadata and block list. Use the blob as the source of a copy operation. blob_write: type: boolean description: Indicates if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account. blob_delete: type: boolean description: Indicates if the issued token has permission to delete the blob. container_read: type: boolean description: Indicates if the issued token has permission to read the content, properties, metadata or block list of any blob in the container. Use any blob in the container as the source of a copy operation container_write: type: boolean description: Indicates that for any blob in the container if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account. container_delete: type: boolean description: Indicates if issued token has permission to delete any blob in the container. container_list: type: boolean description: Indicates if the issued token has permission to list blobs in the container. ClientAddonAzureSB: type: object description: Azure Storage Bus addon configuration. additionalProperties: true properties: namespace: type: string description: Your Azure Service Bus namespace. Usually the first segment of your Service Bus URL (e.g. `https://acme-org.servicebus.windows.net` would be `acme-org`). sasKeyName: type: string description: Your shared access policy name defined in your Service Bus entity. sasKey: type: string description: Primary Key associated with your shared access policy. entityPath: type: string description: Entity you want to request a token for. e.g. `my-queue`.' expiration: type: integer description: Optional expiration in minutes for the generated token. Defaults to 5 minutes. ClientAddonBox: type: object description: Box SSO indicator (no configuration settings needed for Box SSO). additionalProperties: true ClientAddonCloudBees: type: object description: CloudBees SSO indicator (no configuration settings needed for CloudBees SSO). additionalProperties: true ClientAddonConcur: type: object description: Concur SSO indicator (no configuration settings needed for Concur SSO). additionalProperties: true ClientAddonDropbox: type: object description: Dropbox SSO indicator (no configuration settings needed for Dropbox SSO). additionalProperties: true ClientAddonEchoSign: type: object description: Adobe EchoSign SSO configuration. additionalProperties: true properties: domain: type: string description: Your custom domain found in your EchoSign URL. e.g. `https://acme-org.echosign.com` would be `acme-org`. ClientAddonEgnyte: type: object description: Egnyte SSO configuration. additionalProperties: true properties: domain: type: string description: Your custom domain found in your Egnyte URL. e.g. `https://acme-org.egnyte.com` would be `acme-org`. ClientAddonFirebase: type: object description: Google Firebase addon configuration. additionalProperties: true properties: secret: type: string description: Google Firebase Secret. (SDK 2 only). private_key_id: type: string description: Optional ID of the private key to obtain kid header in the issued token (SDK v3+ tokens only). private_key: type: string description: Private Key for signing the token (SDK v3+ tokens only). client_email: type: string description: ID of the Service Account you have created (shown as `client_email` in the generated JSON file, SDK v3+ tokens only). lifetime_in_seconds: type: integer description: Optional expiration in seconds for the generated token. Defaults to 3600 seconds (SDK v3+ tokens only). ClientAddonLayer: type: object description: Layer addon configuration. additionalProperties: true required: - providerId - keyId - privateKey properties: providerId: type: string description: Provider ID of your Layer account keyId: type: string description: Authentication Key identifier used to sign the Layer token. privateKey: type: string description: Private key for signing the Layer token. principal: type: string description: Name of the property used as the unique user id in Layer. If not specified `user_id` is used. expiration: type: integer description: Optional expiration in minutes for the generated token. Defaults to 5 minutes. minimum: 0 ClientAddonMSCRM: type: object description: Microsoft Dynamics CRM SSO configuration. additionalProperties: true required: - url properties: url: type: string description: Microsoft Dynamics CRM application URL. format: url ClientAddonNewRelic: type: object description: New Relic SSO configuration. additionalProperties: true properties: account: type: string description: Your New Relic Account ID found in your New Relic URL after the `/accounts/` path. e.g. `https://rpm.newrelic.com/accounts/123456/query` would be `123456`. ClientAddonOAG: type: - object - 'null' description: Okta Access Gateway SSO configuration additionalProperties: false properties: {} ClientAddonOffice365: type: object description: Microsoft Office 365 SSO configuration. additionalProperties: true properties: domain: type: string description: Your Office 365 domain name. e.g. `acme-org.com`. connection: type: string description: Optional Auth0 database connection for testing an already-configured Office 365 tenant. ClientAddonRMS: type: object description: Active Directory Rights Management Service SSO configuration. additionalProperties: true required: - url properties: url: type: string description: URL of your Rights Management Server. It can be internal or external, but users will have to be able to reach it. format: url ClientAddonSAML: type: object description: SAML2 addon indicator (no configuration settings needed for SAML2 addon). additionalProperties: true properties: mappings: $ref: '#/components/schemas/ClientAddonSAMLMapping' audience: type: string recipient: type: string createUpnClaim: type: boolean mapUnknownClaimsAsIs: type: boolean passthroughClaimsWithNoMapping: type: boolean mapIdentities: type: boolean signatureAlgorithm: type: string digestAlgorithm: type: string issuer: type: string destination: type: string lifetimeInSeconds: type: integer signResponse: type: boolean nameIdentifierFormat: type: string nameIdentifierProbes: type: array items: type: string minLength: 1 authnContextClassRef: type: string ClientAddonSAMLMapping: type: object additionalProperties: true ClientAddonSAPAPI: type: object description: SAP API addon configuration. additionalProperties: true properties: clientid: type: string description: If activated in the OAuth 2.0 client configuration (transaction SOAUTH2) the SAML attribute client_id must be set and equal the client_id form parameter of the access token request. usernameAttribute: type: string description: Name of the property in the user object that maps to a SAP username. e.g. `email`. tokenEndpointUrl: type: string description: Your SAP OData server OAuth2 token endpoint URL. format: url scope: type: string description: Requested scope for SAP APIs. servicePassword: type: string description: Service account password to use to authenticate API calls to the token endpoint. nameIdentifierFormat: type: string description: NameID element of the Subject which can be used to express the user's identity. Defaults to `urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified`. ClientAddonSSOIntegration: type: object additionalProperties: true properties: name: type: string description: SSO integration name version: type: string description: SSO integration version installed ClientAddonSalesforce: type: object description: Salesforce SSO configuration. additionalProperties: true properties: entity_id: type: string description: Arbitrary logical URL that identifies the Saleforce resource. e.g. `https://acme-org.com`. format: url ClientAddonSalesforceAPI: type: object description: Salesforce API addon configuration. additionalProperties: true properties: clientid: type: string description: Consumer Key assigned by Salesforce to the Connected App. principal: type: string description: Name of the property in the user object that maps to a Salesforce username. e.g. `email`. communityName: type: string description: Community name. community_url_section: type: string description: Community url section. ClientAddonSalesforceSandboxAPI: type: object description: Salesforce Sandbox addon configuration. additionalProperties: true properties: clientid: type: string description: Consumer Key assigned by Salesforce to the Connected App. principal: type: string description: Name of the property in the user object that maps to a Salesforce username. e.g. `email`. communityName: type: string description: Community name. community_url_section: type: string description: Community url section. ClientAddonSentry: type: object description: Sentry SSO configuration. additionalProperties: true properties: org_slug: type: string description: Generated slug for your Sentry organization. Found in your Sentry URL. e.g. `https://sentry.acme.com/acme-org/` would be `acme-org`. base_url: type: string description: URL prefix only if running Sentry Community Edition, otherwise leave should be blank. ClientAddonSharePoint: type: object description: SharePoint SSO configuration. additionalProperties: true properties: url: type: string description: Internal SharePoint application URL. external_url: $ref: '#/components/schemas/ClientAddonSharePointExternalURL' ClientAddonSharePointExternalURL: description: External SharePoint application URLs if exposed to the Internet. oneOf: - type: array items: type: string - type: string ClientAddonSlack: type: object description: Slack team or workspace name usually first segment in your Slack URL. e.g. `https://acme-org.slack.com` would be `acme-org`. additionalProperties: true required: - team properties: team: type: string description: Slack team name. ClientAddonSpringCM: type: object description: SpringCM SSO configuration. additionalProperties: true properties: acsurl: type: string description: SpringCM ACS URL, e.g. `https://na11.springcm.com/atlas/sso/SSOEndpoint.ashx`. ClientAddonWAMS: type: object description: Windows Azure Mobile Services addon configuration. additionalProperties: true properties: masterkey: type: string description: Your master key for Windows Azure Mobile Services. ClientAddonWSFed: type: object description: WS-Fed (WIF) addon indicator. Actual configuration is stored in `callback` and `client_aliases` properties on the client. additionalProperties: true ClientAddonZendesk: type: object description: Zendesk SSO configuration. additionalProperties: true properties: accountName: type: string description: Zendesk account name usually first segment in your Zendesk URL. e.g. `https://acme-org.zendesk.com` would be `acme-org`. ClientAddonZoom: type: object description: Zoom SSO configuration. additionalProperties: true properties: account: type: string description: Zoom account name usually first segment of your Zoom URL, e.g. `https://acme-org.zoom.us` would be `acme-org`. ClientAddons: type: object description: Addons enabled for this client and their associated configurations. additionalProperties: false properties: aws: $ref: '#/components/schemas/ClientAddonAWS' azure_blob: $ref: '#/components/schemas/ClientAddonAzureBlob' azure_sb: $ref: '#/components/schemas/ClientAddonAzureSB' rms: $ref: '#/components/schemas/ClientAddonRMS' mscrm: $ref: '#/components/schemas/ClientAddonMSCRM' slack: $ref: '#/components/schemas/ClientAddonSlack' sentry: $ref: '#/components/schemas/ClientAddonSentry' box: $ref: '#/components/schemas/ClientAddonBox' cloudbees: $ref: '#/components/schemas/ClientAddonCloudBees' concur: $ref: '#/components/schemas/ClientAddonConcur' dropbox: $ref: '#/components/schemas/ClientAddonDropbox' echosign: $ref: '#/components/schemas/ClientAddonEchoSign' egnyte: $ref: '#/components/schemas/ClientAddonEgnyte' firebase: $ref: '#/components/schemas/ClientAddonFirebase' newrelic: $ref: '#/components/schemas/ClientAddonNewRelic' office365: $ref: '#/components/schemas/ClientAddonOffice365' salesforce: $ref: '#/components/schemas/ClientAddonSalesforce' salesforce_api: $ref: '#/components/schemas/ClientAddonSalesforceAPI' salesforce_sandbox_api: $ref: '#/components/schemas/ClientAddonSalesforceSandboxAPI' samlp: $ref: '#/components/schemas/ClientAddonSAML' layer: $ref: '#/components/schemas/ClientAddonLayer' sap_api: $ref: '#/components/schemas/ClientAddonSAPAPI' sharepoint: $ref: '#/components/schemas/ClientAddonSharePoint' springcm: $ref: '#/components/schemas/ClientAddonSpringCM' wams: $ref: '#/components/schemas/ClientAddonWAMS' wsfed: $ref: '#/components/schemas/ClientAddonWSFed' zendesk: $ref: '#/components/schemas/ClientAddonZendesk' zoom: $ref: '#/components/schemas/ClientAddonZoom' sso_integration: $ref: '#/components/schemas/ClientAddonSSOIntegration' oag: $ref: '#/components/schemas/ClientAddonOAG' ClientAppTypeEnum: type: string description: The type of application this client represents enum: - native - spa - regular_web - non_interactive - resource_server - express_configuration - rms - box - cloudbees - concur - dropbox - mscrm - echosign - egnyte - newrelic - office365 - salesforce - sentry - sharepoint - slack - springcm - zendesk - zoom - sso_integration - oag ClientAsyncApprovalNotificationsChannelsAPIPatchConfiguration: type: - array - 'null' description: Array of notification channels for contacting the user when their approval is required. Valid values are `guardian-push`, `email`. minItems: 1 items: $ref: '#/components/schemas/AsyncApprovalNotificationsChannelsEnum' ClientAsyncApprovalNotificationsChannelsAPIPostConfiguration: type: array description: Array of notification channels for contacting the user when their approval is required. Valid values are `guardian-push`, `email`. minItems: 1 items: $ref: '#/components/schemas/AsyncApprovalNotificationsChannelsEnum' ClientAuthenticationMethod: type: - object - 'null' description: Defines client authentication methods. additionalProperties: false minProperties: 1 maxProperties: 1 properties: private_key_jwt: $ref: '#/components/schemas/ClientAuthenticationMethodPrivateKeyJWT' tls_client_auth: $ref: '#/components/schemas/ClientAuthenticationMethodTLSClientAuth' self_signed_tls_client_auth: $ref: '#/components/schemas/ClientAuthenticationMethodSelfSignedTLSClientAuth' ClientAuthenticationMethodPrivateKeyJWT: type: object description: Defines `private_key_jwt` client authentication method. If this property is defined, the client is enabled to use the Private Key JWT authentication method. additionalProperties: false required: - credentials properties: credentials: $ref: '#/components/schemas/ClientAuthenticationMethodPrivateKeyJWTCredentials' ClientAuthenticationMethodPrivateKeyJWTCredentials: type: array description: A list of unique and previously created credential IDs enabled on the client for Private Key JWT authentication. minItems: 0 items: $ref: '#/components/schemas/CredentialId' ClientAuthenticationMethodSelfSignedTLSClientAuth: type: object description: Defines `self_signed_tls_client_auth` client authentication method. If the property is defined, the client is configured to use mTLS authentication method utilizing self-signed certificate. additionalProperties: false required: - credentials properties: credentials: $ref: '#/components/schemas/ClientAuthenticationMethodSelfSignedTLSClientAuthCredentials' ClientAuthenticationMethodSelfSignedTLSClientAuthCredentials: type: array description: A list of unique and previously created credential IDs enabled on the client for mTLS authentication utilizing self-signed certificate. minItems: 0 items: $ref: '#/components/schemas/CredentialId' ClientAuthenticationMethodTLSClientAuth: type: object description: Defines `tls_client_auth` client authentication method. If the property is defined, the client is configured to use CA-based mTLS authentication method. additionalProperties: false required: - credentials properties: credentials: $ref: '#/components/schemas/ClientAuthenticationMethodTLSClientAuthCredentials' ClientAuthenticationMethodTLSClientAuthCredentials: type: array description: A list of unique and previously created credential IDs enabled on the client for CA-based mTLS authentication. minItems: 0 items: $ref: '#/components/schemas/CredentialId' ClientComplianceLevelEnum: type: - string - 'null' description: Defines the compliance level for this client, which may restrict it's capabilities enum: - none - fapi1_adv_pkj_par - fapi1_adv_mtls_par - fapi2_sp_pkj_mtls - fapi2_sp_mtls_mtls - null ClientCreateAuthenticationMethod: type: object description: Defines client authentication methods. additionalProperties: false minProperties: 1 maxProperties: 1 properties: private_key_jwt: $ref: '#/components/schemas/ClientCreateAuthenticationMethodPrivateKeyJWT' tls_client_auth: $ref: '#/components/schemas/ClientCreateAuthenticationMethodTLSClientAuth' self_signed_tls_client_auth: $ref: '#/components/schemas/CreateClientAuthenticationMethodSelfSignedTLSClientAuth' ClientCreateAuthenticationMethodPrivateKeyJWT: type: object description: Defines `private_key_jwt` client authentication method. If this property is defined, the client is enabled to use the Private Key JWT authentication method. additionalProperties: false required: - credentials properties: credentials: $ref: '#/components/schemas/ClientCreateAuthenticationMethodPrivateKeyJWTCredentials' ClientCreateAuthenticationMethodPrivateKeyJWTCredentials: type: array description: Fully defined credentials that will be enabled on the client for Private Key JWT authentication. minItems: 0 items: $ref: '#/components/schemas/PublicKeyCredential' ClientCreateAuthenticationMethodTLSClientAuth: type: object description: Defines `tls_client_auth` client authentication method. If the property is defined, the client is configured to use CA-based mTLS authentication method. additionalProperties: false required: - credentials properties: credentials: $ref: '#/components/schemas/ClientCreateAuthenticationMethodTLSClientAuthCredentials' ClientCreateAuthenticationMethodTLSClientAuthCredentials: type: array description: Fully defined credentials that will be enabled on the client for CA-based mTLS authentication. minItems: 0 items: $ref: '#/components/schemas/CertificateSubjectDNCredential' ClientCredential: type: object additionalProperties: true properties: id: type: string description: ID of the credential. Generated on creation. default: cred_1m7sfABoNTTKYwTQ8qt6tX name: type: string description: The name given to the credential by the user. default: '' kid: type: string description: The key identifier of the credential, generated on creation. default: IZSSTECp... alg: $ref: '#/components/schemas/ClientCredentialAlgorithmEnum' credential_type: $ref: '#/components/schemas/ClientCredentialTypeEnum' subject_dn: type: string description: The X509 certificate's Subject Distinguished Name thumbprint_sha256: type: string description: The X509 certificate's SHA256 thumbprint created_at: type: string description: The ISO 8601 formatted date the credential was created. format: date-time updated_at: type: string description: The ISO 8601 formatted date the credential was updated. format: date-time expires_at: type: string description: The ISO 8601 formatted date representing the expiration of the credential. format: date-time ClientCredentialAlgorithmEnum: type: string description: 'Algorithm which will be used with the credential. Supported algorithms: RS256,RS384,PS256' default: RS256 enum: - RS256 - RS384 - PS256 ClientCredentialTypeEnum: type: string description: The type of credential. enum: - public_key - cert_subject_dn - x509_cert ClientDefaultOrganization: type: - object - 'null' description: Defines the default Organization ID and flows additionalProperties: false required: - organization_id - flows properties: organization_id: type: string description: The default Organization ID to be used format: organization-id flows: type: array description: The default Organization usage items: $ref: '#/components/schemas/ClientDefaultOrganizationFlowsEnum' ClientDefaultOrganizationFlowsEnum: type: string enum: - client_credentials ClientEncryptionKey: type: - object - 'null' description: Encryption used for WsFed responses with this client. additionalProperties: true properties: pub: type: string description: Encryption Public RSA Key. cert: type: string description: Encryption certificate for public key in X.509 (.CER) format. subject: type: string description: Encryption certificate name for this certificate in the format `/CN={domain}`. ClientExternalMetadataCreatedByEnum: type: string description: Indicates who created the external metadata client. The value admin indicates the client was registered via the Management API. The value client indicates the client was registered dynamically. This field is only present when external_metadata_type is set. enum: - admin - client ClientExternalMetadataTypeEnum: type: string description: Indicates the type of external metadata used to register the client. This field is omitted for regular clients. The value cimd identifies clients registered via a Client ID Metadata Document. enum: - cimd ClientGrantAllowAnyOrganizationEnum: type: boolean enum: - true description: Optional filter on allow_any_organization. ClientGrantDefaultForEnum: type: string enum: - third_party_clients x-release-lifecycle: GA description: Applies this client grant as the default for all clients in the specified group. The only accepted value is `third_party_clients`, which applies the grant to all third-party clients. Per-client grants for the same audience take precedence. Mutually exclusive with `client_id`. ClientGrantOrganizationNullableUsageEnum: type: - string - 'null' description: Controls how organizations may be used with this grant enum: - deny - allow - require - null ClientGrantOrganizationUsageEnum: type: string description: Defines whether organizations can be used with client credentials exchanges for this grant. enum: - deny - allow - require ClientGrantResponseContent: type: object additionalProperties: false properties: id: type: string description: ID of the client grant. client_id: type: string description: ID of the client. audience: type: string description: The audience (API identifier) of this client grant. minLength: 1 scope: type: array description: Scopes allowed for this client grant. items: type: string minLength: 1 organization_usage: $ref: '#/components/schemas/ClientGrantOrganizationUsageEnum' allow_any_organization: type: boolean description: If enabled, any organization can be used with this grant. If disabled (default), the grant must be explicitly assigned to the desired organizations. default_for: $ref: '#/components/schemas/ClientGrantDefaultForEnum' x-release-lifecycle: GA is_system: type: boolean description: If enabled, this grant is a special grant created by Auth0. It cannot be modified or deleted directly. subject_type: $ref: '#/components/schemas/ClientGrantSubjectTypeEnum' authorization_details_types: type: array description: Types of authorization_details allowed for this client grant. items: type: string minLength: 1 maxLength: 255 allow_all_scopes: type: boolean description: If enabled, all scopes configured on the resource server are allowed for this grant. ClientGrantSubjectTypeEnum: type: string enum: - client - user description: The type of application access the client grant allows. ClientJwtConfiguration: type: object description: Configuration related to JWTs for the client. additionalProperties: true properties: lifetime_in_seconds: type: integer description: Number of seconds the JWT will be valid for (affects `exp` claim). default: 36000 secret_encoded: type: boolean description: Whether the client secret is base64 encoded (true) or unencoded (false). default: true scopes: $ref: '#/components/schemas/ClientJwtConfigurationScopes' alg: $ref: '#/components/schemas/SigningAlgorithmEnum' ClientJwtConfigurationScopes: type: object description: Configuration related to id token claims for the client. additionalProperties: true ClientMetadata: type: object description: "Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed.\ \ Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?\"/\\()<>@\t[Tab] [Space]" additionalProperties: true maxProperties: 10 ClientMobile: type: object description: Additional configuration for native mobile apps. additionalProperties: true properties: android: $ref: '#/components/schemas/ClientMobileAndroid' ios: $ref: '#/components/schemas/ClientMobileiOS' ClientMobileAndroid: type: object description: Android native app configuration. additionalProperties: true properties: app_package_name: type: string description: App package name found in AndroidManifest.xml. default: '' sha256_cert_fingerprints: type: array description: SHA256 fingerprints of the app's signing certificate. Multiple fingerprints can be used to support different versions of your app, such as debug and production builds. minItems: 1 items: type: string minLength: 1 ClientMobileiOS: type: object description: iOS native app configuration. additionalProperties: true properties: team_id: type: string description: Identifier assigned to the Apple account that signs and uploads the app to the store. default: '' app_bundle_identifier: type: string description: Assigned by developer to the app as its unique identifier inside the store. Usually this is a reverse domain plus the app name, e.g. `com.you.MyApp`. default: '' ClientMyOrganizationConfigurationAllowedStrategiesEnum: type: string description: The allowed connection strategy values for the My Organization Configuration. enum: - pingfederate - adfs - waad - google-apps - okta - oidc - samlp ClientMyOrganizationDeletionBehaviorEnum: type: string description: The deletion behavior for this client. default: allow enum: - allow - allow_if_empty ClientMyOrganizationPatchConfiguration: type: - object - 'null' description: Configuration related to the My Organization Configuration for the client. additionalProperties: false required: - allowed_strategies - connection_deletion_behavior x-release-lifecycle: EA properties: connection_profile_id: type: string description: The connection profile ID that this client should validate against. format: connection-profile-id user_attribute_profile_id: type: string description: The user attribute profile ID that this client should validate against. format: user-attribute-profile-id allowed_strategies: type: array description: The allowed connection strategies for the My Organization Configuration. items: $ref: '#/components/schemas/ClientMyOrganizationConfigurationAllowedStrategiesEnum' connection_deletion_behavior: $ref: '#/components/schemas/ClientMyOrganizationDeletionBehaviorEnum' ClientMyOrganizationPostConfiguration: type: object description: Configuration related to the My Organization Configuration for the client. additionalProperties: false required: - allowed_strategies - connection_deletion_behavior x-release-lifecycle: EA properties: connection_profile_id: type: string description: The connection profile ID that this client should validate against. format: connection-profile-id user_attribute_profile_id: type: string description: The user attribute profile ID that this client should validate against. format: user-attribute-profile-id allowed_strategies: type: array description: The allowed connection strategies for the My Organization Configuration. items: $ref: '#/components/schemas/ClientMyOrganizationConfigurationAllowedStrategiesEnum' connection_deletion_behavior: $ref: '#/components/schemas/ClientMyOrganizationDeletionBehaviorEnum' ClientMyOrganizationResponseConfiguration: type: object description: Configuration related to the My Organization Configuration for the client. additionalProperties: false required: - allowed_strategies - connection_deletion_behavior x-release-lifecycle: EA properties: connection_profile_id: type: string description: The connection profile ID that this client should validate against. format: connection-profile-id user_attribute_profile_id: type: string description: The user attribute profile ID that this client should validate against. format: user-attribute-profile-id allowed_strategies: type: array description: The allowed connection strategies for the My Organization Configuration. items: $ref: '#/components/schemas/ClientMyOrganizationConfigurationAllowedStrategiesEnum' connection_deletion_behavior: $ref: '#/components/schemas/ClientMyOrganizationDeletionBehaviorEnum' ClientOIDCBackchannelLogoutInitiators: type: object description: Configuration for OIDC backchannel logout initiators additionalProperties: true properties: mode: $ref: '#/components/schemas/ClientOIDCBackchannelLogoutInitiatorsModeEnum' selected_initiators: type: array items: $ref: '#/components/schemas/ClientOIDCBackchannelLogoutInitiatorsEnum' ClientOIDCBackchannelLogoutInitiatorsEnum: type: string description: The `selected_initiators` property contains the list of initiators to be enabled for the given application. enum: - rp-logout - idp-logout - password-changed - session-expired - session-revoked - account-deleted - email-identifier-changed - mfa-phone-unenrolled - account-deactivated ClientOIDCBackchannelLogoutInitiatorsModeEnum: type: string description: The `mode` property determines the configuration method for enabling initiators. `custom` enables only the initiators listed in the selected_initiators array, `all` enables all current and future initiators. enum: - custom - all ClientOIDCBackchannelLogoutSessionMetadata: type: - object - 'null' description: Controls whether session metadata is included in the logout token. Default value is null. additionalProperties: true properties: include: type: boolean description: The `include` property determines whether session metadata is included in the logout token. ClientOIDCBackchannelLogoutSettings: type: object description: Configuration for OIDC backchannel logout additionalProperties: true properties: backchannel_logout_urls: type: array description: Comma-separated list of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed. items: type: string format: absolute-https-uri-with-placeholders-or-empty backchannel_logout_initiators: $ref: '#/components/schemas/ClientOIDCBackchannelLogoutInitiators' backchannel_logout_session_metadata: $ref: '#/components/schemas/ClientOIDCBackchannelLogoutSessionMetadata' ClientOrganizationDiscoveryEnum: type: string description: Method for discovering organizations during the `pre_login_prompt`. `email` allows users to find their organization by entering their email address and performing domain matching, while `organization_name` requires users to enter the organization name directly. These methods can be combined. enum: - email - organization_name ClientOrganizationRequireBehaviorEnum: type: string description: 'Defines how to proceed during an authentication transaction when `client.organization_usage: ''require''`. Can be `no_prompt` (default), `pre_login_prompt` or `post_login_prompt`. `post_login_prompt` requires `oidc_conformant: true`.' default: no_prompt enum: - no_prompt - pre_login_prompt - post_login_prompt ClientOrganizationRequireBehaviorPatchEnum: type: - string - 'null' description: 'Defines how to proceed during an authentication transaction when `client.organization_usage: ''require''`. Can be `no_prompt` (default), `pre_login_prompt` or `post_login_prompt`. `post_login_prompt` requires `oidc_conformant: true`.' default: no_prompt enum: - no_prompt - pre_login_prompt - post_login_prompt - null ClientOrganizationUsageEnum: type: string description: Defines how to proceed during an authentication transaction with regards an organization. Can be `deny` (default), `allow` or `require`. default: deny enum: - deny - allow - require ClientOrganizationUsagePatchEnum: type: - string - 'null' description: Defines how to proceed during an authentication transaction with regards an organization. Can be `deny` (default), `allow` or `require`. default: deny enum: - deny - allow - require - null ClientRedirectionPolicyEnum: type: string description: Controls whether Auth0 redirects users to the application's callback URL on authentication errors or in email verification flows. `open_redirect_protection` shows an error page instead of redirecting, and hides the callback domain from email templates. `allow_always` enables standard redirect behavior. Defaults to `open_redirect_protection` for third-party clients. Only applies when `is_first_party` is `false` and `third_party_security_mode` is `strict`. To learn more, read Redirect protection. enum: - allow_always - open_redirect_protection x-release-lifecycle: GA ClientRefreshTokenConfiguration: type: - object - 'null' description: Refresh token configuration additionalProperties: false required: - rotation_type - expiration_type properties: rotation_type: $ref: '#/components/schemas/RefreshTokenRotationTypeEnum' expiration_type: $ref: '#/components/schemas/RefreshTokenExpirationTypeEnum' leeway: type: integer description: Period in seconds where the previous refresh token can be exchanged without triggering breach detection default: 0 minimum: 0 token_lifetime: type: integer description: Period (in seconds) for which refresh tokens will remain valid minimum: 1 maximum: 157788000 infinite_token_lifetime: type: boolean description: Prevents tokens from having a set lifetime when `true` (takes precedence over `token_lifetime` values) idle_token_lifetime: type: integer description: Period (in seconds) for which refresh tokens will remain valid without use minimum: 1 infinite_idle_token_lifetime: type: boolean description: Prevents tokens from expiring without use when `true` (takes precedence over `idle_token_lifetime` values) default: false policies: type: - array - 'null' description: A collection of policies governing multi-resource refresh token exchange (MRRT), defining how refresh tokens can be used across different resource servers minItems: 1 items: $ref: '#/components/schemas/ClientRefreshTokenPolicy' ClientRefreshTokenPolicy: type: object additionalProperties: false required: - audience - scope properties: audience: type: string description: The identifier of the resource server to which the Multi Resource Refresh Token Policy applies minLength: 1 maxLength: 600 scope: type: array description: The resource server permissions granted under the Multi Resource Refresh Token Policy, defining the context in which an access token can be used items: type: string description: A resource server permission granted under the Multi Resource Refresh Token Policy minLength: 1 maxLength: 280 ClientSessionTransferAllowedAuthenticationMethodsEnum: type: string enum: - cookie - query ClientSessionTransferConfiguration: type: - object - 'null' description: Native to Web SSO Configuration additionalProperties: false properties: can_create_session_transfer_token: type: boolean description: Indicates whether an app can issue a Session Transfer Token through Token Exchange. If set to 'false', the app will not be able to issue a Session Transfer Token. Usually configured in the native application. Default value is `false`. default: false enforce_cascade_revocation: type: boolean description: Indicates whether revoking the parent Refresh Token that initiated a Native to Web flow and was used to issue a Session Transfer Token should trigger a cascade revocation affecting its dependent child entities. Usually configured in the native application. Default value is `true`, applicable only in Native to Web SSO context. default: true allowed_authentication_methods: type: - array - 'null' description: Indicates whether an app can create a session from a Session Transfer Token received via indicated methods. Can include `cookie` and/or `query`. Usually configured in the web application. Default value is an empty array []. items: $ref: '#/components/schemas/ClientSessionTransferAllowedAuthenticationMethodsEnum' enforce_device_binding: $ref: '#/components/schemas/ClientSessionTransferDeviceBindingEnum' allow_refresh_token: type: boolean description: Indicates whether Refresh Tokens are allowed to be issued when authenticating with a Session Transfer Token. Usually configured in the web application. Default value is `false`. default: false enforce_online_refresh_tokens: type: boolean description: Indicates whether Refresh Tokens created during a Native to Web session are tied to that session's lifetime. This determines if such refresh tokens should be automatically revoked when their corresponding sessions are. Usually configured in the web application. Default value is `true`, applicable only in Native to Web SSO context. default: true delegation: $ref: '#/components/schemas/ClientSessionTransferDelegationConfiguration' x-release-lifecycle: EA ClientSessionTransferDelegationConfiguration: type: - object - 'null' description: Configuration for delegation (impersonation) access using Session Transfer Tokens additionalProperties: false x-release-lifecycle: EA properties: allow_delegated_access: type: boolean description: Indicates whether delegation (impersonation) access is allowed using Session Transfer Tokens. Default value is `false`. default: false enforce_device_binding: $ref: '#/components/schemas/ClientSessionTransferDelegationDeviceBindingEnum' ClientSessionTransferDelegationDeviceBindingEnum: type: string description: Indicates the device binding enforcement for delegation (impersonation) access. If set to 'ip', device binding is enforced by IP. If set to 'asn', device binding is enforced by ASN. Default value is `ip`. default: ip enum: - ip - asn ClientSessionTransferDeviceBindingEnum: type: string description: Indicates whether device binding security should be enforced for the app. If set to 'ip', the app will enforce device binding by IP, meaning that consumption of Session Transfer Token must be done from the same IP of the issuer. Likewise, if set to 'asn', device binding is enforced by ASN, meaning consumption of Session Transfer Token must be done from the same ASN as the issuer. If set to 'none', device binding is not enforced. Usually configured in the web application. Default value is `ip`. default: ip enum: - ip - asn - none ClientSignedRequestObjectWithCredentialId: type: object description: JWT-secured Authorization Requests (JAR) settings. additionalProperties: false properties: required: type: boolean description: Indicates whether the JAR requests are mandatory default: false credentials: type: array minItems: 0 items: $ref: '#/components/schemas/CredentialId' ClientSignedRequestObjectWithPublicKey: type: object description: JWT-secured Authorization Requests (JAR) settings. additionalProperties: false properties: required: type: boolean description: Indicates whether the JAR requests are mandatory default: false credentials: type: array minItems: 0 items: $ref: '#/components/schemas/PublicKeyCredential' ClientSigningKey: type: object additionalProperties: true properties: pkcs7: type: string description: Signing certificate public key and chain in PKCS#7 (.P7B) format. default: '' cert: type: string description: Signing certificate public key in X.509 (.CER) format. default: '' subject: type: string description: Subject name for this certificate in the format `/CN={domain}`. default: '' ClientSigningKeys: type: - array - 'null' description: Signing certificates associated with this client. items: $ref: '#/components/schemas/ClientSigningKey' ClientThirdPartySecurityModeEnum: type: string description: 'Security mode for third-party clients. `strict` enforces enhanced security controls: OAuth 2.1 alignment, explicit API authorization, and a curated set of supported features. `permissive` preserves pre-existing behavior and is only available to tenants with prior third-party client usage. Set on creation and cannot be modified.' enum: - strict - permissive x-release-lifecycle: GA ClientTokenEndpointAuthMethodEnum: type: string description: Defines the requested authentication method for the token endpoint. Can be `none` (public client without a client secret), `client_secret_post` (client uses HTTP POST parameters), or `client_secret_basic` (client uses HTTP Basic). default: none enum: - none - client_secret_post - client_secret_basic ClientTokenEndpointAuthMethodOrNullEnum: type: - string - 'null' description: Defines the requested authentication method for the token endpoint. Can be `none` (public client without a client secret), `client_secret_post` (client uses HTTP POST parameters), or `client_secret_basic` (client uses HTTP Basic). default: none enum: - none - client_secret_post - client_secret_basic - null ClientTokenExchangeConfiguration: type: object description: Configuration for token exchange. additionalProperties: false x-release-lifecycle: GA properties: allow_any_profile_of_type: type: array description: List the enabled token exchange types for this client. minItems: 0 items: $ref: '#/components/schemas/ClientTokenExchangeTypeEnum' ClientTokenExchangeConfigurationOrNull: type: - object - 'null' description: Configuration for token exchange. additionalProperties: false x-release-lifecycle: GA properties: allow_any_profile_of_type: type: array description: List the enabled token exchange types for this client. minItems: 0 items: $ref: '#/components/schemas/ClientTokenExchangeTypeEnum' ClientTokenExchangeTypeEnum: type: string description: 'Token exchange type. `on_behalf_of_token_exchange`: enables On-Behalf-Of token exchange (Generally Available). `custom_authentication`: enables custom token exchange profiles (Early Access, requires entitlement).' minLength: 1 enum: - custom_authentication - on_behalf_of_token_exchange ConnectedAccount: type: object additionalProperties: false required: - id - connection - connection_id - strategy - access_type - created_at properties: id: type: string description: The unique identifier for the connected account. connection: type: string description: The name of the connection associated with the account. connection_id: type: string description: The unique identifier of the connection associated with the account. strategy: type: string description: The authentication strategy used by the connection. access_type: $ref: '#/components/schemas/ConnectedAccountAccessTypeEnum' scopes: type: array description: The scopes granted for this connected account. items: type: string created_at: type: string description: ISO 8601 timestamp when the connected account was created. format: date-time expires_at: type: string description: ISO 8601 timestamp when the connected account expires. format: date-time organization_id: type: string description: The identifier of the organization associated with the connected account. format: organization-id ConnectedAccountAccessTypeEnum: type: string description: The access type for the connected account. enum: - offline ConnectionAccessTokenURLOAuth1: description: The URL of the OAuth 1.0a access-token endpoint. This endpoint is used to exchange the temporary request token obtained from the request-token endpoint for an access token during the OAuth 1.0a authentication flow. allOf: - $ref: '#/components/schemas/ConnectionHttpsUrlWithHttpFallback255' ConnectionAcrValuesSupported: type: array description: A list of the Authentication Context Class References that this OP supports maxItems: 30 minItems: 0 items: type: string maxLength: 100 ConnectionAdminAccessTokenExpiresInGoogleApps: description: Expiration timestamp for the `admin_access_token` in ISO 8601 format. Auth0 uses this value to determine when to refresh the token. type: string format: date-time ConnectionAdminAccessTokenGoogleApps: description: Google Workspace admin access token used to retrieve extended user attributes (such as group memberships, admin status, and suspension state) from the [Google Directory API](https://developers.google.com/admin-sdk/directory). This token is automatically managed by Auth0. type: string minLength: 1 maxLength: 1024 ConnectionAdminRefreshTokenGoogleApps: description: Google Workspace admin refresh token used to obtain new access tokens for the [Google Directory API](https://developers.google.com/admin-sdk/directory). This token is granted when a Google Workspace admin authorizes Auth0 to access directory data. type: string minLength: 1 maxLength: 1024 ConnectionAgentIPAD: description: IP address of the AD connector agent used to validate that authentication requests originate from the corporate network for Kerberos authentication (managed by the AD Connector agent). type: string minLength: 2 maxLength: 39 ConnectionAgentModeAD: description: When enabled, allows direct username/password authentication through the AD connector agent instead of WS-Federation protocol (managed by the AD Connector agent). type: boolean ConnectionAgentVersionAD: description: Version identifier of the installed AD connector agent software (managed by the AD Connector agent). type: string minLength: 5 maxLength: 12 ConnectionAllowedAudiencesGoogleOAuth2: description: List of allowed audiences in the ID token for Google Native Social Login type: array minItems: 1 maxItems: 64 items: type: string description: An allowed client id minLength: 1 maxLength: 255 ConnectionApiBehaviorEnum: type: string description: Specifies the API behavior for password authentication enum: - required - optional x-release-lifecycle: EA ConnectionApiEnableGroups: type: boolean default: false ConnectionApiEnableGroupsGoogleApps: description: Enables integration with the Google Workspace Admin SDK Directory API for groups. When true, Auth0 can synchronize groups & group memberships and supports inbound directory provisioning for groups. Defaults to false. anyOf: - $ref: '#/components/schemas/ConnectionApiEnableGroups' ConnectionApiEnableUsers: type: boolean default: false ConnectionApiEnableUsersGoogleApps: description: 'Enables integration with the Google Workspace Admin SDK Directory API. When true, Auth0 can retrieve extended user attributes (admin status, suspension status, group memberships) and supports inbound directory provisioning (SCIM). Defaults to true. ' anyOf: - $ref: '#/components/schemas/ConnectionApiEnableUsers' ConnectionAppDomainAzureAD: description: The Azure AD application domain (e.g., 'contoso.onmicrosoft.com'). Used primarily with WS-Federation protocol and Azure AD v1 endpoints. type: string minLength: 0 maxLength: 255 ConnectionAssertionDecryptionAlgorithmProfileEnum: type: string description: The algorithm profile to use for decrypting SAML assertions. enum: - v2026-1 ConnectionAssertionDecryptionSettings: type: object description: Settings for SAML assertion decryption. additionalProperties: false required: - algorithm_profile properties: algorithm_profile: $ref: '#/components/schemas/ConnectionAssertionDecryptionAlgorithmProfileEnum' algorithm_exceptions: type: array description: A list of insecure algorithms to allow for SAML assertion decryption. items: type: string minLength: 1 maxLength: 100 ConnectionAttributeIdentifier: type: object additionalProperties: false properties: active: type: boolean description: Determines if the attribute is used for identification default_method: $ref: '#/components/schemas/DefaultMethodEmailIdentifierEnum' x-release-lifecycle: EA ConnectionAttributeMapAttributes: type: object additionalProperties: true description: Object containing mapping details for incoming claims ConnectionAttributeMapOIDC: type: object description: Configuration for mapping claims from the identity provider to Auth0 user profile attributes. Allows customizing which IdP claims populate user fields and how they are transformed. properties: attributes: $ref: '#/components/schemas/ConnectionAttributeMapAttributes' mapping_mode: $ref: '#/components/schemas/ConnectionMappingModeEnumOIDC' userinfo_scope: $ref: '#/components/schemas/ConnectionAttributeMapUserinfoScope' ConnectionAttributeMapOkta: type: object description: Mapping of claims received from the identity provider (IdP) properties: attributes: $ref: '#/components/schemas/ConnectionAttributeMapAttributes' mapping_mode: $ref: '#/components/schemas/ConnectionMappingModeEnumOkta' userinfo_scope: $ref: '#/components/schemas/ConnectionAttributeMapUserinfoScope' ConnectionAttributeMapUserinfoScope: type: string description: Scopes to send to the IdP's Userinfo endpoint minLength: 0 maxLength: 255 ConnectionAttributes: type: object description: Attribute configuration additionalProperties: false minProperties: 1 properties: email: $ref: '#/components/schemas/EmailAttribute' phone_number: $ref: '#/components/schemas/PhoneAttribute' username: $ref: '#/components/schemas/UsernameAttribute' ConnectionAuthParamsAdditionalPropertiesOAuth2: description: Additional properties for OAuth2 connection authentication parameters type: string minLength: 1 maxLength: 256 ConnectionAuthParamsEmail: description: Authentication Parameters (must be valid JSON string) type: string minLength: 1 maxLength: 1024 ConnectionAuthParamsMap: type: object description: Maps parameter names from Auth0's /authorize endpoint to the identity provider's authorization endpoint parameters. For example, mapping 'audience' to 'resource' transforms the parameter name during authorization requests. Applied after authParams merging. See https://auth0.com/docs/authenticate/identity-providers/social-identity-providers/oauth2#pass-dynamic-parameters maxProperties: 21 additionalProperties: type: string minLength: 1 maxLength: 128 ConnectionAuthParamsOAuth2: type: object description: Additional static parameters included in every authorization request to the identity provider. These parameters are merged with runtime parameters before the authorization redirect. Keys and values are passed as-is to the identity provider's authorization endpoint. See https://auth0.com/docs/authenticate/identity-providers/social-identity-providers/oauth2#pass-static-parameters maxProperties: 30 additionalProperties: $ref: '#/components/schemas/ConnectionAuthParamsAdditionalPropertiesOAuth2' ConnectionAuthenticationMethods: type: - object - 'null' description: Options for enabling authentication methods. additionalProperties: false properties: password: $ref: '#/components/schemas/ConnectionPasswordAuthenticationMethod' passkey: $ref: '#/components/schemas/ConnectionPasskeyAuthenticationMethod' email_otp: $ref: '#/components/schemas/ConnectionEmailOtpAuthenticationMethod' x-release-lifecycle: EA phone_otp: $ref: '#/components/schemas/ConnectionPhoneOtpAuthenticationMethod' x-release-lifecycle: EA ConnectionAuthenticationPurpose: type: object description: Configure the purpose of a connection to be used for authentication during login. additionalProperties: false required: - active x-release-lifecycle: GA properties: active: type: boolean ConnectionAuthorizationEndpoint: type: string format: uri allOf: - type: string description: URL of the identity provider's OAuth 2.0 authorization endpoint where users are redirected for authentication. Must be a valid HTTPS URL. This endpoint initiates the OAuth 2.0 authorization code flow. minLength: 8 maxLength: 2083 - $ref: '#/components/schemas/ConnectionHttpsUrlWithHttpFallback' ConnectionAuthorizationEndpointOAuth2: anyOf: - $ref: '#/components/schemas/ConnectionAuthorizationEndpoint' ConnectionBaseUrlExact: description: Base URL override for the Exact Online API endpoint used for OAuth2 authorization and API requests. Defaults to https://start.exactonline.nl. allOf: - $ref: '#/components/schemas/ConnectionHttpsUrlWithHttpFallback' - maxLength: 128 ConnectionBruteForceProtection: type: boolean description: Enables Auth0's brute force protection to prevent credential stuffing attacks. When enabled, blocks suspicious login attempts from specific IP addresses after repeated failures. ConnectionCalculatedThumbprintSAML: allOf: - $ref: '#/components/schemas/ConnectionSha1Thumbprint' ConnectionCertsAD: description: Array of X.509 certificates in PEM format used for validating SAML signatures from the AD identity provider (managed by the AD Connector agent). type: array items: type: string minLength: 256 maxLength: 3072 minItems: 0 maxItems: 2 ConnectionClaimTypesSupported: type: array description: JSON array containing a list of the Claim Types that the OpenID Provider supports. These Claim Types are described in Section 5.6 of OpenID Connect Core 1.0 [OpenID.Core]. If omitted, the implementation supports only normal Claims. minItems: 0 maxItems: 10 items: type: string maxLength: 25 ConnectionClaimsLocalesSupported: type: array description: Languages and scripts supported for values in Claims being returned, represented as a JSON array of BCP47 [RFC5646] language tag values. Not all languages and scripts are necessarily supported for all Claim values. minItems: 0 maxItems: 100 items: type: string maxLength: 50 ConnectionClaimsParameterSupported: type: boolean description: Boolean value specifying whether the OP supports use of the claims parameter, with true indicating support. If omitted, the default value is false. default: false ConnectionClaimsSupported: type: array description: JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply values for. Note that for privacy or other reasons, this might not be an exhaustive list. minItems: 0 maxItems: 150 items: type: string maxLength: 100 ConnectionClientIDBitbucket: description: OAuth 2.0 client identifier issued by the identity provider during application registration. This value identifies your Auth0 connection to the identity provider. type: string minLength: 18 maxLength: 18 ConnectionClientId: type: string description: OAuth 2.0 client identifier issued by the identity provider during application registration. This value identifies your Auth0 connection to the identity provider. minLength: 0 ConnectionClientIdAmazon: description: OAuth 2.0 client identifier obtained from Amazon Developer Console during Login with Amazon application registration. When not provided, Auth0 development keys are used for testing purposes. allOf: - $ref: '#/components/schemas/ConnectionClientId' - maxLength: 255 ConnectionClientIdAzureAD: allOf: - $ref: '#/components/schemas/ConnectionClientId' - pattern: ^[a-zA-Z0-9-:./_~]+$ minLength: 0 - maxLength: 100 ConnectionClientIdExact: description: OAuth2.0 client identifier for the Exact Online connection, obtained when registering your application in the Exact App Center. allOf: - $ref: '#/components/schemas/ConnectionClientId' - format: uuid minLength: 36 maxLength: 36 ConnectionClientIdFacebook: description: Your Facebook App ID. You can find this in your [Facebook Developers Console](https://developers.facebook.com/apps) under the App Settings section. allOf: - $ref: '#/components/schemas/ConnectionClientId' - minLength: 0 maxLength: 4096 ConnectionClientIdGoogleApps: description: Your Google OAuth 2.0 client ID. You can find this in your [Google Cloud Console](https://console.cloud.google.com/apis/credentials) under the OAuth 2.0 Client IDs section. allOf: - $ref: '#/components/schemas/ConnectionClientId' - type: string minLength: 1 maxLength: 128 ConnectionClientIdGoogleOAuth2: description: Your Google OAuth 2.0 client ID. You can find this in your [Google Cloud Console](https://console.cloud.google.com/apis/credentials) under the OAuth 2.0 Client IDs section. type: string minLength: 1 maxLength: 255 ConnectionClientIdLine: description: LINE Channel ID issued by LINE during application registration. This value identifies your Auth0 connection to LINE. type: string minLength: 10 maxLength: 10 pattern: ^\d+$ ConnectionClientIdLinkedin: description: LinkedIn application client identifier type: string minLength: 14 maxLength: 14 pattern: ^[a-z0-9]$ ConnectionClientIdOAuth1: description: OAuth 1.0a client ID (consumer key) that identifies the client to the provider and is used to sign OAuth 1.0a requests. allOf: - $ref: '#/components/schemas/ConnectionClientId' - maxLength: 255 ConnectionClientIdOAuth2: allOf: - $ref: '#/components/schemas/ConnectionClientId' - minLength: 1 maxLength: 128 ConnectionClientIdOIDC: allOf: - $ref: '#/components/schemas/ConnectionClientId' - maxLength: 255 ConnectionClientIdPaypal: description: OAuth 2.0 client identifier issued by PayPal during application registration. This value identifies your Auth0 connection to PayPal. Leave empty to use Auth0 Dev Keys. allOf: - $ref: '#/components/schemas/ConnectionClientId' - maxLength: 255 ConnectionClientIdSalesforce: description: The OAuth 2.0 client identifier type: string minLength: 1 maxLength: 255 ConnectionClientIdWindowsLive: description: OAuth 2.0 client identifier issued by the identity provider during application registration. This value identifies your Auth0 connection to the identity provider. type: string anyOf: - description: The Windows Live client ID as a UUID. The unique identifier for your Windows Live application. Must be a valid 36-character UUID. format: uuid minLength: 36 maxLength: 36 - description: The Windows Live client ID as a legacy hexadecimal string. The unique identifier for your Windows Live application. Must be a valid 16-character hexadecimal string. format: hexadecimal minLength: 16 maxLength: 16 ConnectionClientProtocolSAML: description: The response protocol used to communicate with the default application. oneOf: - $ref: '#/components/schemas/ConnectionOptionsIdpInitiatedClientProtocolEnumSAML' ConnectionClientSecret: type: string description: OAuth 2.0 client secret issued by the identity provider during application registration. Used to authenticate your Auth0 connection when exchanging authorization codes for tokens. May be null for public clients. minLength: 0 ConnectionClientSecretAmazon: description: OAuth 2.0 client secret obtained from Amazon Developer Console during Login with Amazon application registration. Used to authenticate your application when exchanging authorization codes for tokens. allOf: - $ref: '#/components/schemas/ConnectionClientSecret' - maxLength: 255 ConnectionClientSecretAzureAD: description: The client secret (application password) from your Azure AD app registration. Used to authenticate your application when exchanging authorization codes for tokens. type: string maxLength: 10000 ConnectionClientSecretBitbucket: allOf: - $ref: '#/components/schemas/ConnectionClientSecret' - maxLength: 512 ConnectionClientSecretExact: description: OAuth2.0 client secret for the Exact Online connection, obtained when registering your application in the Exact App Center. allOf: - $ref: '#/components/schemas/ConnectionClientSecret' - maxLength: 255 ConnectionClientSecretFacebook: description: Your Facebook App Secret. You can find this in your [Facebook Developers Console](https://developers.facebook.com/apps) under the App Settings section. allOf: - $ref: '#/components/schemas/ConnectionClientSecret' - minLength: 1 maxLength: 13000 ConnectionClientSecretGoogleApps: description: Your Google OAuth 2.0 client secret. You can find this in your [Google Cloud Console](https://console.cloud.google.com/apis/credentials) under the OAuth 2.0 Client IDs section. allOf: - $ref: '#/components/schemas/ConnectionClientSecret' - type: string minLength: 1 maxLength: 4096 ConnectionClientSecretGoogleOAuth2: description: Your Google OAuth 2.0 client secret. You can find this in your [Google Cloud Console](https://console.cloud.google.com/apis/credentials) under the OAuth 2.0 Client IDs section. type: string minLength: 1 maxLength: 255 ConnectionClientSecretLine: description: LINE Channel Secret issued by provider during application registration. This value is used to authenticate your Auth0 connection to the identity provider. type: string minLength: 1 maxLength: 255 ConnectionClientSecretLinkedin: description: OAuth 2.0 client secret issued by the identity provider during application registration. This value is used to authenticate your Auth0 connection to the identity provider. type: string minLength: 1 maxLength: 255 ConnectionClientSecretOAuth1: description: OAuth 1.0a client secret paired with the consumer key to sign request-token and access-token requests for this connection. Treat as a sensitive credential and supply the exact secret issued by the upstream provider. allOf: - $ref: '#/components/schemas/ConnectionClientSecret' - maxLength: 2400 ConnectionClientSecretOAuth2: allOf: - $ref: '#/components/schemas/ConnectionClientSecret' - maxLength: 1024 ConnectionClientSecretOIDC: allOf: - $ref: '#/components/schemas/ConnectionClientSecret' - maxLength: 700 ConnectionClientSecretPaypal: description: OAuth 2.0 client secret issued by PayPal during application registration. Leave empty to use Auth0 Dev Keys. allOf: - $ref: '#/components/schemas/ConnectionClientSecret' - maxLength: 255 ConnectionClientSecretSalesforce: description: The OAuth 2.0 client secret type: string minLength: 1 maxLength: 255 ConnectionClientSecretWindowsLive: allOf: - $ref: '#/components/schemas/ConnectionClientSecret' - maxLength: 256 ConnectionCommon: type: object additionalProperties: false minProperties: 1 properties: display_name: $ref: '#/components/schemas/ConnectionDisplayName' enabled_clients: $ref: '#/components/schemas/ConnectionEnabledClients' is_domain_connection: $ref: '#/components/schemas/ConnectionIsDomainConnection' metadata: $ref: '#/components/schemas/ConnectionsMetadata' ConnectionCommunityBaseUrlSalesforce: description: The base URL of your Salesforce Community (Experience Cloud) site. When specified, authentication flows will use this Community URL instead of the standard Salesforce login page, enabling users to authenticate through your branded Community portal. anyOf: - $ref: '#/components/schemas/ConnectionHttpsUrlWithHttpFallback' ConnectionConfiguration: type: object description: A hash of configuration key/value pairs. additionalProperties: type: string ConnectionConnectedAccountsPurpose: type: object description: Configure the purpose of a connection to be used for connected accounts and Token Vault. additionalProperties: false required: - active x-release-lifecycle: GA properties: active: type: boolean cross_app_access: type: boolean ConnectionConnectedAccountsPurposeXAA: type: object description: Configure the purpose of a connection to be used for connected accounts and Token Vault. allOf: - $ref: '#/components/schemas/ConnectionConnectedAccountsPurpose' - type: object properties: cross_app_access: type: boolean default: false ConnectionConnectionSettings: type: object description: OAuth 2.0 PKCE (Proof Key for Code Exchange) settings. PKCE enhances security for public clients by preventing authorization code interception attacks. 'auto' (recommended) uses the strongest method supported by the IdP. properties: pkce: $ref: '#/components/schemas/ConnectionConnectionSettingsPkceEnum' ConnectionConnectionSettingsPkceEnum: type: string description: PKCE configuration. enum: - auto - S256 - plain - disabled ConnectionCustomHeadersOAuth2: description: 'Custom HTTP headers sent with token exchange requests to the identity provider''s token endpoint. Provided as key-value pairs (e.g., {''X-Custom-Header'': ''value''}). Auth0''s User-Agent header is always included by default.' type: object maxProperties: 30 additionalProperties: type: string minLength: 1 maxLength: 1024 ConnectionCustomScripts: type: object description: A map of scripts used to integrate with a custom database. additionalProperties: true properties: login: type: string minLength: 1 get_user: type: string minLength: 1 delete: type: string minLength: 1 change_password: type: string minLength: 1 verify: type: string minLength: 1 create: type: string minLength: 1 change_username: type: string minLength: 1 change_email: type: string minLength: 1 change_phone_number: type: string minLength: 1 ConnectionDebugSAML: description: 'When true, enables detailed SAML debugging by issuing ''w'' (warning) events in tenant logs containing SAML request/response details. WARNING: Potentially exposes sensitive user information (PII, credentials) and should only be enabled temporarily for debugging purposes.' type: boolean ConnectionDecryptionKeySAML: description: Private key used to decrypt encrypted SAML Assertions received from the identity provider. Required when the identity provider encrypts assertions for enhanced security. Can be a string (PEM) or an object with key-value pairs. anyOf: - type: object description: Key pair with 'key' and 'cert' properties. properties: cert: description: Base64-encoded X.509 certificate in PEM format. type: string minLength: 1 maxLength: 10240 key: description: Private key in PEM format. type: string minLength: 1 maxLength: 10240 additionalProperties: false - description: Private key in PEM format. type: string minLength: 1 maxLength: 10240 ConnectionDestinationUrlSAML: description: The URL where Auth0 will send SAML authentication requests (the Identity Provider's SSO URL). Must be a valid HTTPS URL. anyOf: - $ref: '#/components/schemas/ConnectionHttpsUrlWithHttpFallback255' ConnectionDigestAlgorithmEnumSAML: description: Algorithm used for computing digest values when signing SAML requests and logout requests. Defaults to 'sha256'. type: string enum: - sha1 - sha256 ConnectionDigestAlgorithmSAML: description: Algorithm used for computing digest values when signing SAML requests and logout requests. Defaults to 'sha256'. anyOf: - $ref: '#/components/schemas/ConnectionDigestAlgorithmEnumSAML' ConnectionDisableSelfServiceChangePassword: type: boolean description: Indicates whether to disable self-service change password. Set to true to stop the "Forgot Password" being displayed on login pages default: false ConnectionDisableSignup: description: When true, prevents new user registration through this connection. Existing users can still authenticate. Useful for invite-only applications or during user migration. type: boolean ConnectionDisableSignupSMS: description: Controls whether new user signups are allowed via SMS authentication anyOf: - $ref: '#/components/schemas/ConnectionDisableSignup' ConnectionDiscoveryUrl: description: URL of the identity provider's OIDC Discovery endpoint (/.well-known/openid-configuration). When provided and oidc_metadata is empty, Auth0 automatically retrieves the provider's configuration including endpoints and supported features. anyOf: - $ref: '#/components/schemas/ConnectionHttpsUrlWithHttpFallback255' ConnectionDisplayName: type: string description: Connection name used in the new universal login experience maxLength: 128 minLength: 1 ConnectionDisplayValuesSupported: type: array description: JSON array containing a list of the JWS signing algorithms (alg values) supported by the Token Endpoint for the signature on the JWT [JWT] used to authenticate the Client at the Token Endpoint for the private_key_jwt and client_secret_jwt authentication methods. Servers SHOULD support RS256. The value none MUST NOT be used. minItems: 0 maxItems: 6 items: type: string maxLength: 10 ConnectionDomainAliases: description: Email domains associated with this connection for Home Realm Discovery (HRD). When a user's email matches one of these domains, they are automatically routed to this connection during authentication. type: array items: $ref: '#/components/schemas/ConnectionDomainAliasesItems' minItems: 0 maxItems: 1000 ConnectionDomainAliasesAD: description: List of domain names that can be used with identifier-first authentication flow to route users to this AD connection; each domain must be a valid DNS name up to 256 characters type: array items: type: string minLength: 1 maxLength: 255 minItems: 0 maxItems: 1000 ConnectionDomainAliasesAzureAD: description: Alternative domain names associated with this Azure AD tenant. Allows users from multiple verified domains to authenticate through this connection. Can be an array of domain strings. type: array items: type: string minLength: 0 maxLength: 255 minItems: 0 maxItems: 1000 ConnectionDomainAliasesItems: oneOf: - type: string minLength: 0 maxLength: 256 pattern: ^((?!-))(xn--)?([a-zA-Z0-9](?:[a-zA-Z0-9\-]*[a-zA-Z0-9])?\.)*(xn--)?[a-zA-Z0-9](?:[a-zA-Z0-9\-]*[a-zA-Z0-9])?$ - type: string format: uri minLength: 0 maxLength: 255 ConnectionDomainAliasesSAML: description: Domain aliases for the connection type: array items: $ref: '#/components/schemas/ConnectionDomainAliasesItems' minItems: 0 maxItems: 50001 ConnectionDomainGoogleApps: description: Primary Google Workspace domain name that users must belong to. type: string minLength: 1 maxLength: 1024 ConnectionDomainOkta: type: string description: Domain of the Okta organization (e.g., dev-123456.okta.com). Should be just the domain of the okta server with no scheme or trailing backslash. Discovery runs only when connection.options.oidc_metadata is empty and a domain is provided minLength: 4 maxLength: 255 ConnectionDpopSigningAlgEnum: type: string x-release-lifecycle: EA description: Algorithm used for DPoP proof JWT signing. enum: - ES256 - Ed25519 ConnectionDpopSigningAlgValuesSupported: type: array description: JSON array containing a list of the JWS signing algorithms (alg values) supported for DPoP proof JWT signing. minItems: 0 maxItems: 26 items: type: string maxLength: 14 ConnectionEmailBodyEmail: description: Email body content type: string minLength: 1 maxLength: 20480 ConnectionEmailEmail: description: Email template configuration type: object properties: body: $ref: '#/components/schemas/ConnectionEmailBodyEmail' from: $ref: '#/components/schemas/ConnectionEmailFromEmail' subject: $ref: '#/components/schemas/ConnectionEmailSubjectEmail' syntax: type: string description: Email template syntax type const: liquid additionalProperties: false ConnectionEmailFromEmail: type: string description: From email address minLength: 1 maxLength: 1024 ConnectionEmailOtpAuthenticationMethod: type: object description: Email OTP authentication enablement additionalProperties: false x-release-lifecycle: EA properties: enabled: type: boolean description: Determines whether email OTP is enabled ConnectionEmailSubjectEmail: type: string description: Email subject line minLength: 1 maxLength: 1024 ConnectionEnableScriptContext: type: boolean description: 'Set to true to inject context into custom DB scripts (warning: cannot be disabled once enabled)' ConnectionEnabledClient: type: object additionalProperties: true required: - client_id properties: client_id: type: string description: The client id ConnectionEnabledClients: type: array description: DEPRECATED property. Use the PATCH /v2/connections/{id}/clients endpoint to enable the connection for a set of clients. x-release-lifecycle: deprecated items: type: string description: 'The id of the client to for which the connection is to be enabled. ' format: client-id ConnectionEnabledDatabaseCustomization: type: boolean description: Set to true to use a legacy user store ConnectionEndSessionEndpoint: type: string description: URL of the identity provider's logout/end session endpoint. When configured as a static URL, users are redirected here after logging out from Auth0. Must use HTTPS scheme. format: uri pattern: ^https:\/\/.* minLength: 8 maxLength: 255 ConnectionEndSessionEndpointOAuth2: anyOf: - $ref: '#/components/schemas/ConnectionEndSessionEndpoint' ConnectionEntityIdSAML: description: The entity identifier (Issuer) for the SAML Service Provider. When not provided, defaults to 'urn:auth0:{tenant}:{connection}'. This value is included in SAML AuthnRequest messages sent to the identity provider. type: string minLength: 1 maxLength: 128 ConnectionExtAdmin: description: Indicates to store whether the user is a domain administrator. type: boolean default: false ConnectionExtAgreedTerms: type: boolean description: Indicates to store whether the user has agreed to the terms of service. default: false ConnectionExtAgreedTermsGoogleApps: description: Fetches the `agreedToTerms` flag from the Google Directory profile. anyOf: - $ref: '#/components/schemas/ConnectionExtAgreedTerms' ConnectionExtAssignedPlans: type: boolean description: Indicates whether to store a list of the Office 365 assigned plans for the user. default: false ConnectionExtGroups: type: boolean default: false ConnectionExtGroupsAzureAD: description: When enabled (true), retrieves and stores Azure AD security group memberships for the user. Requires Microsoft Graph API permissions (Directory.Read.All). Allows configuring max_groups_to_retrieve. allOf: - $ref: '#/components/schemas/ConnectionExtGroups' ConnectionExtGroupsGoogleApps: description: Enables enrichment with Google group memberships (required for `ext_groups_extended`). anyOf: - $ref: '#/components/schemas/ConnectionExtGroups' ConnectionExtIsAdminGoogleApps: description: Fetches the Google Directory admin flag for the signing-in user. anyOf: - $ref: '#/components/schemas/ConnectionExtAdmin' ConnectionExtIsSuspended: description: Indicates to store whether a user's account is suspended. type: boolean default: false ConnectionExtIsSuspendedGoogleApps: description: Fetches the Google Directory suspended flag for the signing-in user. anyOf: - $ref: '#/components/schemas/ConnectionExtIsSuspended' ConnectionExtProfile: type: boolean description: When enabled (true), retrieves extended profile attributes from Azure AD via Microsoft Graph API (job title, department, office location, etc.). Requires Graph API permissions. Only available with Azure AD v1 or when explicitly enabled for v2. default: false ConnectionFederatedConnectionsAccessTokens: type: - object - 'null' description: Federated Connections Access Tokens additionalProperties: false properties: active: type: boolean description: Enables refresh tokens and access tokens collection for federated connections ConnectionFieldsMap: type: object description: Mapping of user profile fields returned from the OAuth2 provider to Auth0 user attributes maxProperties: 100 additionalProperties: type: string minLength: 1 maxLength: 128 ConnectionFieldsMapSAML: description: 'Maps SAML assertion attributes from the identity provider to Auth0 user profile attributes. Format: { ''auth0_field'': ''saml_attribute'' } or { ''auth0_field'': [''saml_attr1'', ''saml_attr2''] } for fallback options. Merged with default mappings for email, name, given_name, family_name, and groups.' type: object maxProperties: 44 additionalProperties: anyOf: - type: string minLength: 0 maxLength: 2048 - type: array items: type: string minLength: 0 maxLength: 2048 minItems: 0 maxItems: 4 ConnectionForList: type: object additionalProperties: false properties: name: type: string description: The name of the connection default: My connection display_name: type: string description: Connection name used in login screen options: $ref: '#/components/schemas/ConnectionOptions' id: type: string description: The connection's identifier default: con_0000000000000001 strategy: type: string description: The type of the connection, related to the identity provider default: auth0 realms: type: array description: 'Defines the realms for which the connection will be used (ie: email domains). If the array is empty or the property is not specified, the connection name will be added as realm.' items: type: string description: The realm where this connection belongs format: connection-realm is_domain_connection: type: boolean description: True if the connection is domain level show_as_button: type: boolean description: Enables showing a button for the connection in the login page (new experience only). If false, it will be usable only by HRD. metadata: $ref: '#/components/schemas/ConnectionsMetadata' authentication: $ref: '#/components/schemas/ConnectionAuthenticationPurpose' x-release-lifecycle: GA connected_accounts: $ref: '#/components/schemas/ConnectionConnectedAccountsPurpose' x-release-lifecycle: GA ConnectionForOrganization: type: object description: Connection to be added to the organization. additionalProperties: false required: - connection_id properties: connection_id: type: string description: ID of the connection. assign_membership_on_login: type: boolean description: When true, all users that log in with this connection will be automatically granted membership in the organization. When false, users must be granted membership in the organization before logging in with this connection. show_as_button: type: boolean description: 'Determines whether a connection should be displayed on this organization’s login prompt. Only applicable for enterprise connections. Default: true.' is_signup_enabled: type: boolean description: 'Determines whether organization signup should be enabled for this organization connection. Only applicable for database connections. Default: false.' ConnectionForwardReqInfoSMS: description: When set to true, the gateway receives HTTP request details including IP address and User Agent from the client. x-release-lifecycle: deprecated type: boolean ConnectionFreeformScopesAmazon: description: Additional OAuth scopes to request from Amazon beyond the standard profile and postal_code scopes. These scopes must be valid Amazon Login scopes. anyOf: - $ref: '#/components/schemas/ConnectionScopeArray' ConnectionFreeformScopesGoogleOAuth2: description: Array of custom OAuth 2.0 scopes to request from Google during authentication. Use this to request scopes not covered by the predefined scope options. anyOf: - $ref: '#/components/schemas/ConnectionScopeArray' ConnectionFreeformScopesLinkedin: description: Array of custom OAuth 2.0 scopes to request from Linkedin during authentication. Use this to request scopes not covered by the predefined scope options. anyOf: - $ref: '#/components/schemas/ConnectionScopeArray' ConnectionFreeformScopesPaypal: description: Additional OAuth scopes to request from PayPal beyond the standard attribute scopes. Enter valid PayPal scopes from their documentation. Invalid scopes may cause authentication errors. anyOf: - $ref: '#/components/schemas/ConnectionScopeArray' ConnectionFreeformScopesSalesforce: description: Additional OAuth scopes to request from Salesforce beyond the standard profile permissions. Enter valid scopes from the Salesforce documentation. Invalid scopes may cause authentication errors. anyOf: - $ref: '#/components/schemas/ConnectionScopeArray' ConnectionFreeformScopesWindowsLive: description: Custom OAuth scopes not predefined in the standard scope list. anyOf: - $ref: '#/components/schemas/ConnectionScopeArray' ConnectionFromSMS: description: The sender phone number or alphanumeric sender ID for outgoing SMS messages x-release-lifecycle: deprecated type: string minLength: 1 maxLength: 128 ConnectionGatewayAuthentication: type: - object - 'null' description: Token-based authentication settings to be applied when connection is using an sms strategy. additionalProperties: true required: - method - audience - secret properties: method: type: string description: The Authorization header type. subject: type: string description: The subject to be added to the JWT payload. audience: type: string description: The audience to be added to the JWT payload. secret: type: string description: The secret to be used for signing tokens. secret_base64_encoded: type: boolean description: Set to true if the provided secret is base64 encoded. ConnectionGatewayAuthenticationAudienceSMS: description: '`aud` claim value in the JWT sent to the SMS gateway. Identifies the gateway service (e.g., ''urn:MySmsGateway'').' type: string minLength: 1 maxLength: 128 ConnectionGatewayAuthenticationMethodSMS: description: The Authorization header type when calling the SMS gateway. Set to 'bearer' for JWT token authentication. type: string minLength: 1 maxLength: 20 ConnectionGatewayAuthenticationSMS: type: - object - 'null' description: Optional token-based authentication configuration for the SMS gateway default: null required: - audience - method - secret properties: audience: $ref: '#/components/schemas/ConnectionGatewayAuthenticationAudienceSMS' method: $ref: '#/components/schemas/ConnectionGatewayAuthenticationMethodSMS' secret: description: The secret used to sign the JSON Web Token sent to the SMS gateway type: string minLength: 1 maxLength: 5120 secret_base64_encoded: description: Set to true if the secret is base64-url-encoded type: boolean default: false subject: $ref: '#/components/schemas/ConnectionGatewayAuthenticationSubjectSMS' additionalProperties: true x-release-lifecycle: deprecated ConnectionGatewayAuthenticationSubjectSMS: description: '`sub` claim value in the JWT sent to the SMS gateway. Identifies the requester (e.g., ''urn:Auth0'').' type: string minLength: 1 maxLength: 64 ConnectionGatewayUrlSMS: description: The URL of your SMS gateway. Auth0 must be able to reach this URL for it to use your gateway to send messages on your behalf. anyOf: - $ref: '#/components/schemas/ConnectionHttpsUrlWithHttpFallback255' x-release-lifecycle: deprecated ConnectionGlobalTokenRevocationJwtIssSAML: description: Expected 'iss' (Issuer) claim value for JWT tokens in Global Token Revocation requests from the identity provider. When configured, Auth0 validates the JWT issuer matches this value before processing token revocation. Must be used together with global_token_revocation_jwt_sub. type: string minLength: 1 maxLength: 1024 ConnectionGlobalTokenRevocationJwtSubSAML: description: Expected 'sub' (Subject) claim value for JWT tokens in Global Token Revocation requests from the identity provider. When configured, Auth0 validates the JWT subject matches this value before processing token revocation. Must be used together with global_token_revocation_jwt_iss. type: string minLength: 1 maxLength: 1024 ConnectionGrantTypesSupported: type: array description: A list of the OAuth 2.0 Grant Type values that this OP supports. Dynamic OpenID Providers MUST support the authorization_code and implicit Grant Type values and MAY support other Grant Types. If omitted, the default value is ["authorization_code", "implicit"]. maxItems: 20 minItems: 0 items: type: string maxLength: 100 ConnectionHandleLoginFromSocialGoogleApps: description: When enabled, users who sign in with their Google account through a social login will be automatically routed to this Google Workspace connection if their email domain matches the configured tenant_domain or domain_aliases. This ensures enterprise users authenticate through their organization's Google Workspace identity provider rather than through a generic Google social login, enabling access to directory-based attributes and enforcing organizational security policies. Defaults to true for new connections. default: true type: boolean ConnectionHttpsUrlWithHttpFallback: type: string format: uri pattern: ^https:\/\/.* minLength: 8 ConnectionHttpsUrlWithHttpFallback2048: allOf: - $ref: '#/components/schemas/ConnectionHttpsUrlWithHttpFallback' - maxLength: 2048 ConnectionHttpsUrlWithHttpFallback255: allOf: - $ref: '#/components/schemas/ConnectionHttpsUrlWithHttpFallback' - maxLength: 255 ConnectionIconUrl: description: https url of the icon to be shown type: string format: uri pattern: ^https:\/\/.* minLength: 8 maxLength: 255 ConnectionIconUrlADFS: description: URL for the connection icon displayed in Auth0 login pages. Accepts HTTPS URLs. Used for visual branding in authentication flows. anyOf: - $ref: '#/components/schemas/ConnectionIconUrl' ConnectionIconUrlAzureAD: description: URL for the connection icon displayed in Auth0 login pages. Accepts HTTPS URLs. Used for visual branding in authentication flows. anyOf: - $ref: '#/components/schemas/ConnectionIconUrl' ConnectionIconUrlGoogleApps: description: URL for the connection icon displayed in Auth0 login pages. Accepts HTTPS URLs. Used for visual branding in authentication flows. anyOf: - $ref: '#/components/schemas/ConnectionIconUrl' ConnectionIconUrlGoogleOAuth2: description: URL for the connection icon displayed in Auth0 login pages. Accepts HTTPS URLs. Used for visual branding in authentication flows. anyOf: - $ref: '#/components/schemas/ConnectionIconUrl' ConnectionIconUrlSAML: description: URL for the connection icon displayed in Auth0 login pages. Accepts HTTPS URLs. Used for visual branding in authentication flows. anyOf: - $ref: '#/components/schemas/ConnectionIconUrl' ConnectionId: type: string description: The connection's identifier default: con_0000000000000001 ConnectionIdTokenEncryptionAlgValuesSupported: type: array description: JSON array containing a list of the JWE encryption algorithms (alg values) supported by the OP for the ID Token to encode the Claims in a JWT minItems: 0 maxItems: 26 items: type: string maxLength: 14 ConnectionIdTokenEncryptionEncValuesSupported: type: array description: JSON array containing a list of the JWE encryption algorithms (enc values) supported by the OP for the ID Token to encode the Claims in a JWT [JWT]. minItems: 0 maxItems: 12 items: type: string maxLength: 26 ConnectionIdTokenSignedResponseAlgEnum: description: Algorithm allowed to verify the ID tokens. type: string enum: - ES256 - ES384 - PS256 - PS384 - RS256 - RS384 - RS512 x-merge-priority: -5 ConnectionIdTokenSignedResponseAlgs: description: List of algorithms allowed to verify the ID tokens. type: - array - 'null' items: $ref: '#/components/schemas/ConnectionIdTokenSignedResponseAlgEnum' x-merge-priority: -5 ConnectionIdTokenSigningAlgValuesSupported: type: array description: A list of the JWS signing algorithms (alg values) supported by the OP for the ID Token to encode the Claims in a JWT. The algorithm RS256 MUST be included. The value none MAY be supported, but MUST NOT be used unless the Response Type used returns no ID Token from the Authorization Endpoint (such as when using the Authorization Code Flow). https://datatracker.ietf.org/doc/html/rfc7518 minItems: 1 maxItems: 26 items: type: string maxLength: 10 ConnectionIdentifierPrecedence: type: array description: Order of precedence for attribute types. If the property is not specified, the default precedence of attributes will be used. items: $ref: '#/components/schemas/ConnectionIdentifierPrecedenceEnum' default: - email - phone_number - username uniqueItems: true minItems: 3 maxItems: 3 ConnectionIdentifierPrecedenceEnum: type: string description: Order of precedence for attribute types enum: - email - phone_number - username ConnectionIdentityApiAzureAD: description: The Azure AD endpoint version for authentication. 'microsoft-identity-platform-v2.0' (recommended, default) supports modern OAuth 2.0 features. 'azure-active-directory-v1.0' is the legacy endpoint with protocol limitations. Selection affects available features. default: microsoft-identity-platform-v2.0 anyOf: - $ref: '#/components/schemas/ConnectionIdentityApiEnumAzureAD' ConnectionIdentityApiEnumAzureAD: description: Identity API version to use default: microsoft-identity-platform-v2.0 type: string enum: - microsoft-identity-platform-v2.0 - azure-active-directory-v1.0 ConnectionIdentityProviderEnum: type: string description: The identity provider identifier for the connection enum: - ad - adfs - amazon - apple - dropbox - bitbucket - auth0-oidc - auth0 - baidu - bitly - box - custom - daccount - dwolla - email - evernote-sandbox - evernote - exact - facebook - fitbit - github - google-apps - google-oauth2 - instagram - ip - line - linkedin - oauth1 - oauth2 - office365 - oidc - okta - paypal - paypal-sandbox - pingfederate - planningcenter - salesforce-community - salesforce-sandbox - salesforce - samlp - sharepoint - shopify - shop - sms - soundcloud - thirtysevensignals - twitter - untappd - vkontakte - waad - weibo - windowslive - wordpress - yahoo - yandex ConnectionImportMode: type: boolean description: Enables lazy migration mode for importing users from an external database. When a user authenticates, their credentials are validated against the legacy store, then the user is created in Auth0 for future logins. ConnectionIpsAD: description: Array of IP address ranges in CIDR notation used to determine if authentication requests originate from the corporate network for Kerberos or certificate authentication. type: array items: type: string minLength: 2 maxLength: 39 minItems: 0 maxItems: 256 ConnectionIsDomainConnection: type: boolean description: true promotes to a domain-level connection so that third-party applications can use it. false does not promote the connection, so only first-party applications with the connection enabled can use it. (Defaults to false.) default: false ConnectionIssuer: allOf: - description: The identity provider's unique issuer identifier URL (e.g., https://accounts.google.com). Must match the 'iss' claim in ID tokens from the identity provider. - $ref: '#/components/schemas/ConnectionHttpsUrlWithHttpFallback255' ConnectionJwksUri: allOf: - description: URL of the identity provider's JSON Web Key Set (JWKS) endpoint containing public keys for signature verification. Auth0 retrieves these keys to validate ID token signatures. - $ref: '#/components/schemas/ConnectionHttpsUrlWithHttpFallback255' ConnectionKey: type: object additionalProperties: true required: - cert - kid - fingerprint - thumbprint properties: kid: type: string description: The key id of the signing key maxLength: 255 cert: type: string description: The public certificate of the signing key default: "-----BEGIN CERTIFICATE-----\r\nMIIDDTCCA...YiA0TQhAt8=\r\n-----END CERTIFICATE-----" maxLength: 4096 pkcs: type: string description: The public certificate of the signing key in pkcs7 format default: "-----BEGIN PKCS7-----\r\nMIIDPA....t8xAA==\r\n-----END PKCS7-----" maxLength: 4096 current: type: boolean description: True if the key is the the current key default: true next: type: boolean description: True if the key is the the next key previous: type: boolean description: True if the key is the the previous key current_since: type: string description: The date and time when the key became the current key fingerprint: type: string description: The cert fingerprint default: CC:FB:DD:D8:9A:B5:DE:1B:F0:CC:36:D2:99:59:21:12:03:DD:A8:25 thumbprint: type: string description: The cert thumbprint default: CCFBDDD89AB5DE1BF0CC36D29959211203DDA825 maxLength: 255 algorithm: type: string description: Signing key algorithm key_use: $ref: '#/components/schemas/ConnectionKeyUseEnum' subject_dn: type: string maxLength: 132 ConnectionKeyUseEnum: type: string description: Signing key use, whether for encryption or signing enum: - encryption - signing ConnectionMappingModeEnumOIDC: type: string description: Method used to map incoming claims when strategy=oidc. enum: - bind_all - use_map ConnectionMappingModeEnumOkta: type: string description: Method used to map incoming claims when strategy=okta. enum: - basic_profile - use_map ConnectionMaxGroupsToRetrieve: description: Maximum number of Azure AD groups to retrieve per user during authentication. Helps prevent performance issues for users in many groups. Only applies when ext_groups is enabled. Leave empty to use platform default. type: string pattern: ^[0-9]+$ minLength: 0 maxLength: 10 ConnectionMessagingServiceSidSMS: description: Twilio Messaging Service SID x-release-lifecycle: deprecated type: string minLength: 34 maxLength: 34 pattern: ^MG[0-9a-fA-F]{32}$ ConnectionMetadataUrlSAML: description: HTTPS URL to the identity provider's SAML metadata document. When provided, Auth0 automatically fetches and parses the metadata to extract signInEndpoint, signOutEndpoint, signingCert, signSAMLRequest, and protocolBinding. Use metadataUrl OR metadataXml, not both. anyOf: - $ref: '#/components/schemas/ConnectionHttpsUrlWithHttpFallback2048' ConnectionMetadataXml: description: Standard IdP metadata XML payload used across SAML-compatible strategies. type: string minLength: 1 maxLength: 102400 ConnectionMetadataXmlADFS: description: Inline XML alternative to 'adfs_server'. Cannot be set together with 'adfs_server'. anyOf: - $ref: '#/components/schemas/ConnectionMetadataXml' ConnectionMetadataXmlSAML: description: SAML metadata XML document from the identity provider. When provided, automatically parsed to extract signInEndpoint, signOutEndpoint, signingCert, signSAMLRequest, and protocolBinding. Deleted after parsing to avoid persisting large documents. Not persisted to database - deleted after parsing metadata. Use metadataUrl OR metadataXml, not both. writeOnly: true anyOf: - $ref: '#/components/schemas/ConnectionMetadataXml' ConnectionMfa: type: object description: Multi-factor authentication configuration properties: active: type: boolean description: Indicates whether MFA is active for this connection return_enroll_settings: type: boolean description: Indicates whether to return MFA enrollment settings ConnectionName: type: string description: The name of the connection. Must start and end with an alphanumeric character and can only contain alphanumeric characters and '-'. Max length 128 pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$ minLength: 1 maxLength: 128 ConnectionNamePrefixTemplate: type: string description: Connection name prefix template. minLength: 0 maxLength: 15 pattern: ^(?!-)(?!.*--)(?:[a-zA-Z0-9-]|{org_id}|{org_name})*$ ConnectionNonPersistentAttrs: description: An array of user fields that should not be stored in the Auth0 database (https://auth0.com/docs/security/data-security/denylist) type: array items: type: string minLength: 0 maxLength: 255 minItems: 0 maxItems: 96 ConnectionOpPolicyUri: allOf: - description: URL that the OpenID Provider provides to the person registering the Client to read about the OPs requirements on how the Relying Party can use the data provided by the OP. The registration process SHOULD display this URL to the person registering the Client if it is given. - $ref: '#/components/schemas/ConnectionHttpsUrlWithHttpFallback255' ConnectionOpTosUri: allOf: - description: URL that the OpenID Provider provides to the person registering the Client to read about OpenID Providers terms of service. The registration process SHOULD display this URL to the person registering the Client if it is given. - $ref: '#/components/schemas/ConnectionHttpsUrlWithHttpFallback255' ConnectionOptions: type: object description: In order to return options in the response, the `read:connections_options` scope must be present additionalProperties: true ConnectionOptionsAD: description: Options for the 'ad' connection type: object allOf: - $ref: '#/components/schemas/ConnectionOptionsCommon' - type: object properties: agentIP: $ref: '#/components/schemas/ConnectionAgentIPAD' agentMode: $ref: '#/components/schemas/ConnectionAgentModeAD' agentVersion: $ref: '#/components/schemas/ConnectionAgentVersionAD' brute_force_protection: $ref: '#/components/schemas/ConnectionBruteForceProtection' certAuth: type: boolean description: Enables client SSL certificate authentication for the AD connector, requiring HTTPS on the sign-in endpoint certs: $ref: '#/components/schemas/ConnectionCertsAD' disable_cache: type: boolean description: When enabled, disables caching of AD connector authentication results to ensure real-time validation against the directory disable_self_service_change_password: type: boolean description: When enabled, hides the 'Forgot Password' link on login pages to prevent users from initiating self-service password resets domain_aliases: $ref: '#/components/schemas/ConnectionDomainAliasesAD' icon_url: $ref: '#/components/schemas/ConnectionIconUrl' ips: $ref: '#/components/schemas/ConnectionIpsAD' kerberos: type: boolean description: Enables Windows Integrated Authentication (Kerberos) for seamless SSO when users authenticate from within the corporate network IP ranges default: false set_user_root_attributes: $ref: '#/components/schemas/ConnectionSetUserRootAttributesEnum' signInEndpoint: $ref: '#/components/schemas/ConnectionSignInEndpointAD' tenant_domain: $ref: '#/components/schemas/ConnectionTenantDomainAD' thumbprints: $ref: '#/components/schemas/ConnectionThumbprintsAD' upstream_params: $ref: '#/components/schemas/ConnectionUpstreamParams' additionalProperties: true ConnectionOptionsADFS: description: Options for the 'adfs' connection additionalProperties: true allOf: - $ref: '#/components/schemas/ConnectionOptionsCommon' - type: object properties: adfs_server: type: string description: ADFS federation metadata host or XML URL used to discover WS-Fed endpoints and certificates. Errors if adfs_server and fedMetadataXml are both absent. minLength: 0 maxLength: 2048 domain_aliases: $ref: '#/components/schemas/ConnectionDomainAliases' entityId: description: The entity identifier (Issuer) for the ADFS Service Provider. When not provided, defaults to 'urn:auth0:{tenant}:{connection}'. type: string minLength: 1 maxLength: 128 fedMetadataXml: $ref: '#/components/schemas/ConnectionMetadataXmlADFS' icon_url: $ref: '#/components/schemas/ConnectionIconUrlADFS' prev_thumbprints: $ref: '#/components/schemas/ConnectionThumbprints' set_user_root_attributes: $ref: '#/components/schemas/ConnectionSetUserRootAttributesEnum' should_trust_email_verified_connection: $ref: '#/components/schemas/ConnectionShouldTrustEmailVerifiedConnectionEnum' signInEndpoint: $ref: '#/components/schemas/ConnectionSignInEndpointADFS' tenant_domain: $ref: '#/components/schemas/ConnectionTenantDomain' thumbprints: $ref: '#/components/schemas/ConnectionThumbprints' upstream_params: $ref: '#/components/schemas/ConnectionUpstreamParamsADFS' user_id_attribute: description: Custom ADFS claim to use as the unique user identifier. When provided, this attribute is prepended to the default user_id mapping list with highest priority. Accepts a string (single ADFS claim name). type: string minLength: 1 maxLength: 128 ConnectionOptionsAmazon: description: Options for the 'amazon' connection type: object additionalProperties: true allOf: - $ref: '#/components/schemas/ConnectionOptionsCommon' - type: object properties: client_id: $ref: '#/components/schemas/ConnectionClientIdAmazon' client_secret: $ref: '#/components/schemas/ConnectionClientSecretAmazon' freeform_scopes: $ref: '#/components/schemas/ConnectionFreeformScopesAmazon' postal_code: type: boolean description: When enabled, requests the user's postal code from Amazon during authentication. This adds the 'postal_code' scope to the authorization request. default: false profile: type: boolean description: When enabled, requests the user's basic profile information (name, email, user ID) from Amazon during authentication. This scope is always enabled for Amazon connections. const: true scope: $ref: '#/components/schemas/ConnectionScopeAmazon' set_user_root_attributes: $ref: '#/components/schemas/ConnectionSetUserRootAttributesEnum' upstream_params: $ref: '#/components/schemas/ConnectionUpstreamParams' ConnectionOptionsApple: description: Options for the 'apple' connection type: object allOf: - $ref: '#/components/schemas/ConnectionOptionsCommon' - type: object properties: app_secret: type: - string - 'null' description: Apple App Secret (must be a PEM) minLength: 0 maxLength: 5120 client_id: type: - string - 'null' description: Apple Services ID minLength: 0 maxLength: 384 email: type: boolean description: User has the option to obfuscate the email with Apple's relay service freeform_scopes: type: array description: Array of freeform scopes minItems: 0 maxItems: 1024 items: type: string description: A freeform scope minLength: 0 maxLength: 2560 kid: type: - string - 'null' description: Apple Key ID minLength: 0 maxLength: 1536 name: type: boolean description: Whether to request name from Apple scope: type: string description: Space separated list of scopes minLength: 0 maxLength: 91260 set_user_root_attributes: $ref: '#/components/schemas/ConnectionSetUserRootAttributesEnum' team_id: type: - string - 'null' description: Apple Team ID minLength: 0 maxLength: 256 upstream_params: $ref: '#/components/schemas/ConnectionUpstreamParams' additionalProperties: true ConnectionOptionsAuth0: description: Options for the 'auth0' connection type: object allOf: - $ref: '#/components/schemas/ConnectionOptionsCommon' - type: object properties: attributes: $ref: '#/components/schemas/ConnectionAttributes' authentication_methods: $ref: '#/components/schemas/ConnectionAuthenticationMethods' brute_force_protection: $ref: '#/components/schemas/ConnectionBruteForceProtection' configuration: $ref: '#/components/schemas/ConnectionConfiguration' customScripts: $ref: '#/components/schemas/ConnectionCustomScripts' disable_self_service_change_password: $ref: '#/components/schemas/ConnectionDisableSelfServiceChangePassword' disable_signup: $ref: '#/components/schemas/ConnectionDisableSignup' enable_script_context: $ref: '#/components/schemas/ConnectionEnableScriptContext' enabledDatabaseCustomization: $ref: '#/components/schemas/ConnectionEnabledDatabaseCustomization' import_mode: $ref: '#/components/schemas/ConnectionImportMode' mfa: $ref: '#/components/schemas/ConnectionMfa' passkey_options: $ref: '#/components/schemas/ConnectionPasskeyOptions' passwordPolicy: $ref: '#/components/schemas/ConnectionPasswordPolicyEnum' password_complexity_options: $ref: '#/components/schemas/ConnectionPasswordComplexityOptions' password_dictionary: $ref: '#/components/schemas/ConnectionPasswordDictionaryOptions' password_history: $ref: '#/components/schemas/ConnectionPasswordHistoryOptions' password_no_personal_info: $ref: '#/components/schemas/ConnectionPasswordNoPersonalInfoOptions' password_options: $ref: '#/components/schemas/ConnectionPasswordOptions' precedence: $ref: '#/components/schemas/ConnectionIdentifierPrecedence' realm_fallback: $ref: '#/components/schemas/ConnectionRealmFallback' requires_username: $ref: '#/components/schemas/ConnectionRequiresUsername' validation: $ref: '#/components/schemas/ConnectionValidationOptions' additionalProperties: true ConnectionOptionsAuth0OIDC: description: Options for the 'auth0-oidc' connection type: object additionalProperties: true properties: client_id: $ref: '#/components/schemas/ConnectionClientId' client_secret: $ref: '#/components/schemas/ConnectionClientSecret' ConnectionOptionsAzureAD: description: Options for the 'waad' connection type: object allOf: - type: object properties: api_enable_users: type: boolean description: Enable users API app_domain: $ref: '#/components/schemas/ConnectionAppDomainAzureAD' app_id: type: string description: The Application ID URI (App ID URI) for the Azure AD application. Required when using Azure AD v1 with the Resource Owner Password flow. Used to identify the resource being requested in OAuth token requests. minLength: 0 maxLength: 500 basic_profile: type: boolean description: Includes basic user profile information from Azure AD (name, email, given_name, family_name). Always enabled and required - represents the minimum profile data retrieved during authentication. client_id: $ref: '#/components/schemas/ConnectionClientIdAzureAD' client_secret: $ref: '#/components/schemas/ConnectionClientSecretAzureAD' domain_aliases: $ref: '#/components/schemas/ConnectionDomainAliasesAzureAD' ext_access_token: type: boolean description: When false, prevents storing the user's Azure AD access token in the Auth0 user profile. When true (default), the access token is persisted for API access. ext_account_enabled: type: boolean description: When false, prevents storing whether the user's Azure AD account is enabled. When true (default), the account enabled status is persisted in the user profile. ext_admin: $ref: '#/components/schemas/ConnectionExtAdmin' ext_agreed_terms: $ref: '#/components/schemas/ConnectionExtAgreedTerms' ext_assigned_licenses: type: boolean description: When false, prevents storing the list of Microsoft 365/Office 365 licenses assigned to the user. When true (default), license information is persisted in the user profile. ext_assigned_plans: $ref: '#/components/schemas/ConnectionExtAssignedPlans' ext_azure_id: type: boolean description: 'When false, prevents storing the user''s Azure ID identifier. When true (default), the Azure ID is persisted. Note: ''oid'' (Object ID) is the recommended unique identifier for single-tenant connections.' ext_city: type: boolean description: When false, prevents storing the user's city from Azure AD. When true (default), city information is persisted in the user profile. ext_country: type: boolean description: When false, prevents storing the user's country from Azure AD. When true (default), country information is persisted in the user profile. ext_department: type: boolean description: When false, prevents storing the user's department from Azure AD. When true (default), department information is persisted in the user profile. ext_dir_sync_enabled: type: boolean description: When false, prevents storing whether directory synchronization is enabled for the user. When true (default), directory sync status is persisted in the user profile. ext_email: type: boolean description: When false, prevents storing the user's email address from Azure AD. When true (default), email is persisted in the user profile. ext_expires_in: type: boolean description: When false, prevents storing the token expiration time (in seconds). When true (default), expiration information is persisted in the user profile. ext_family_name: type: boolean description: When false, prevents storing the user's family name (last name) from Azure AD. When true (default), family name is persisted in the user profile. ext_fax: type: boolean description: When false, prevents storing the user's fax number from Azure AD. When true (default), fax information is persisted in the user profile. ext_given_name: type: boolean description: When false, prevents storing the user's given name (first name) from Azure AD. When true (default), given name is persisted in the user profile. ext_group_ids: type: boolean description: When false, prevents storing the list of Azure AD group IDs the user is a member of. When true (default), group membership IDs are persisted. See ext_groups for retrieving group details. ext_groups: $ref: '#/components/schemas/ConnectionExtGroupsAzureAD' ext_is_suspended: $ref: '#/components/schemas/ConnectionExtIsSuspended' ext_job_title: type: boolean description: When false, prevents storing the user's job title from Azure AD. When true (default), job title information is persisted in the user profile. ext_last_sync: type: boolean description: When false, prevents storing the timestamp of the last directory synchronization. When true (default), the last sync date is persisted in the user profile. ext_mobile: type: boolean description: When false, prevents storing the user's mobile phone number from Azure AD. When true (default), mobile number is persisted in the user profile. ext_name: type: boolean description: When false, prevents storing the user's full name from Azure AD. When true (default), full name is persisted in the user profile. ext_nested_groups: type: boolean description: When true, stores all groups the user is member of, including transitive group memberships (groups within groups). When false (default), only direct group memberships are included. default: false ext_nickname: type: boolean description: When false, prevents storing the user's nickname or display name from Azure AD. When true (default), nickname is persisted in the user profile. ext_oid: type: boolean description: 'When false, prevents storing the user''s Object ID (oid) from Azure AD. When true (default), the oid is persisted. Note: ''oid'' is the recommended unique identifier for single-tenant connections and required for SCIM.' ext_phone: type: boolean description: When false, prevents storing the user's phone number from Azure AD. When true (default), phone number is persisted in the user profile. ext_physical_delivery_office_name: type: boolean description: When false, prevents storing the user's office location from Azure AD. When true (default), office location is persisted in the user profile. ext_postal_code: type: boolean description: When false, prevents storing the user's postal code from Azure AD. When true (default), postal code is persisted in the user profile. ext_preferred_language: type: boolean description: When false, prevents storing the user's preferred language from Azure AD. When true (default), language preference is persisted in the user profile. ext_profile: $ref: '#/components/schemas/ConnectionExtProfile' ext_provisioned_plans: type: boolean description: When false, prevents storing the list of service plans provisioned to the user. When true (default), provisioned plans are persisted in the user profile. ext_provisioning_errors: type: boolean description: When false, prevents storing provisioning errors that occurred during synchronization. When true (default), error information is persisted. Useful for troubleshooting sync issues. ext_proxy_addresses: type: boolean description: When false, prevents storing all proxy email addresses (email aliases) for the user. When true (default), proxy addresses are persisted in the user profile. ext_puid: type: boolean description: When false, prevents storing the user's Passport User ID (puid). When true (default), puid is persisted in the user profile. Legacy attribute. ext_refresh_token: type: boolean description: When false, prevents storing the Azure AD refresh token. When true (default), the refresh token is persisted for offline access. Required for token refresh in long-lived applications. ext_roles: type: boolean description: When false, prevents storing Azure AD application roles assigned to the user. When true (default), role information is persisted. Useful for RBAC in applications. ext_state: type: boolean description: When false, prevents storing the user's state (province/region) from Azure AD. When true (default), state information is persisted in the user profile. ext_street: type: boolean description: When false, prevents storing the user's street address from Azure AD. When true (default), street address is persisted in the user profile. ext_telephoneNumber: type: boolean description: When false, prevents storing the user's telephone number from Azure AD. When true (default), telephone number is persisted in the user profile. ext_tenantid: type: boolean description: When false, prevents storing the user's Azure AD tenant ID. When true (default), tenant ID is persisted. Useful for identifying which Azure AD organization the user belongs to. ext_upn: type: boolean description: When false, prevents storing the user's User Principal Name (UPN) from Azure AD. When true (default), UPN is persisted. UPN is the user's logon name (e.g., user@contoso.com). ext_usage_location: type: boolean description: When false, prevents storing the user's usage location for license assignment. When true (default), usage location is persisted in the user profile. ext_user_id: type: boolean description: When false, prevents storing an alternative user ID. When true (default), this user ID is persisted in the user profile. federated_connections_access_tokens: $ref: '#/components/schemas/ConnectionFederatedConnectionsAccessTokens' granted: type: boolean description: Indicates whether admin consent has been granted for the required Azure AD permissions. Read-only status field managed by Auth0 during the OAuth authorization flow. icon_url: $ref: '#/components/schemas/ConnectionIconUrlAzureAD' identity_api: $ref: '#/components/schemas/ConnectionIdentityApiAzureAD' max_groups_to_retrieve: $ref: '#/components/schemas/ConnectionMaxGroupsToRetrieve' scope: $ref: '#/components/schemas/ConnectionScopeAzureAD' set_user_root_attributes: $ref: '#/components/schemas/ConnectionSetUserRootAttributesEnum' should_trust_email_verified_connection: $ref: '#/components/schemas/ConnectionShouldTrustEmailVerifiedConnectionEnum' tenant_domain: $ref: '#/components/schemas/ConnectionTenantDomainAzureAD' tenantId: $ref: '#/components/schemas/ConnectionTenantIdAzureAD' thumbprints: $ref: '#/components/schemas/ConnectionThumbprints' upstream_params: $ref: '#/components/schemas/ConnectionUpstreamParams' use_wsfed: type: boolean description: Indicates WS-Federation protocol usage. When true, uses WS-Federation; when false, uses OpenID Connect. useCommonEndpoint: $ref: '#/components/schemas/ConnectionUseCommonEndpointAzureAD' userid_attribute: $ref: '#/components/schemas/ConnectionUseridAttributeAzureAD' waad_protocol: $ref: '#/components/schemas/ConnectionWaadProtocol' - $ref: '#/components/schemas/ConnectionOptionsCommon' required: - client_id additionalProperties: true ConnectionOptionsBaidu: description: Options for the 'baidu' connection type: object additionalProperties: true allOf: - $ref: '#/components/schemas/ConnectionOptionsOAuth2Common' - type: object properties: {} ConnectionOptionsBitbucket: description: Options for the 'bitbucket' connection type: object additionalProperties: true allOf: - $ref: '#/components/schemas/ConnectionOptionsCommon' - type: object properties: client_id: $ref: '#/components/schemas/ConnectionClientIDBitbucket' client_secret: $ref: '#/components/schemas/ConnectionClientSecretBitbucket' freeform_scopes: $ref: '#/components/schemas/ConnectionScopeArray' profile: $ref: '#/components/schemas/ConnectionProfileBitbucket' scope: $ref: '#/components/schemas/ConnectionScopeArray' set_user_root_attributes: $ref: '#/components/schemas/ConnectionSetUserRootAttributesEnum' ConnectionOptionsBitly: description: Options for the 'bitly' connection type: object additionalProperties: true allOf: - $ref: '#/components/schemas/ConnectionOptionsOAuth2Common' - type: object properties: {} ConnectionOptionsBox: description: Options for the 'box' connection type: object additionalProperties: true allOf: - $ref: '#/components/schemas/ConnectionOptionsOAuth2Common' - type: object properties: {} ConnectionOptionsClientIdGithub: description: OAuth 2.0 client identifier issued by the identity provider during application registration. This value identifies your Auth0 connection to the identity provider. type: string minLength: 1 maxLength: 255 ConnectionOptionsClientIdTwitter: description: OAuth 2.0 client identifier issued by the identity provider during application registration. This value identifies your Auth0 connection to the identity provider. type: string minLength: 1 maxLength: 255 ConnectionOptionsClientSecretGithub: description: OAuth 2.0 client secret issued by the identity provider during application registration. This value is used to authenticate your Auth0 connection to the identity provider. type: string minLength: 1 maxLength: 255 ConnectionOptionsClientSecretTwitter: description: OAuth 2.0 client secret issued by the identity provider during application registration. This value is used to authenticate your Auth0 connection to the identity provider. type: string minLength: 1 maxLength: 255 ConnectionOptionsCommon: type: object description: Common attributes for connection options including non-persistent attributes and Cross App Access properties: non_persistent_attrs: $ref: '#/components/schemas/ConnectionNonPersistentAttrs' ConnectionOptionsCommonOIDC: description: common options for OIDC connections type: object properties: authorization_endpoint: $ref: '#/components/schemas/ConnectionAuthorizationEndpoint' client_id: $ref: '#/components/schemas/ConnectionClientIdOIDC' client_secret: $ref: '#/components/schemas/ConnectionClientSecretOIDC' connection_settings: $ref: '#/components/schemas/ConnectionConnectionSettings' domain_aliases: $ref: '#/components/schemas/ConnectionDomainAliases' dpop_signing_alg: $ref: '#/components/schemas/ConnectionDpopSigningAlgEnum' federated_connections_access_tokens: $ref: '#/components/schemas/ConnectionFederatedConnectionsAccessTokens' icon_url: $ref: '#/components/schemas/ConnectionIconUrl' id_token_signed_response_algs: $ref: '#/components/schemas/ConnectionIdTokenSignedResponseAlgs' issuer: $ref: '#/components/schemas/ConnectionIssuer' jwks_uri: $ref: '#/components/schemas/ConnectionJwksUri' oidc_metadata: $ref: '#/components/schemas/ConnectionOptionsOIDCMetadata' scope: $ref: '#/components/schemas/ConnectionScopeOIDC' send_back_channel_nonce: $ref: '#/components/schemas/ConnectionSendBackChannelNonce' set_user_root_attributes: $ref: '#/components/schemas/ConnectionSetUserRootAttributesEnum' tenant_domain: $ref: '#/components/schemas/ConnectionTenantDomain' token_endpoint: $ref: '#/components/schemas/ConnectionTokenEndpointOIDC' token_endpoint_auth_method: $ref: '#/components/schemas/ConnectionTokenEndpointAuthMethodEnum' token_endpoint_auth_signing_alg: $ref: '#/components/schemas/ConnectionTokenEndpointAuthSigningAlgEnum' token_endpoint_jwtca_aud_format: $ref: '#/components/schemas/ConnectionTokenEndpointJwtcaAudFormatEnumOIDC' upstream_params: $ref: '#/components/schemas/ConnectionUpstreamParams' userinfo_endpoint: $ref: '#/components/schemas/ConnectionUserinfoEndpointOIDC' additionalProperties: true required: - client_id ConnectionOptionsCommonSAML: description: Common options for SAML-based enterprise connections (shared by samlp and pingfederate). type: object properties: assertion_decryption_settings: $ref: '#/components/schemas/ConnectionAssertionDecryptionSettings' cert: $ref: '#/components/schemas/ConnectionSigningCertificateDerSAML' decryptionKey: $ref: '#/components/schemas/ConnectionDecryptionKeySAML' digestAlgorithm: $ref: '#/components/schemas/ConnectionDigestAlgorithmSAML' domain_aliases: $ref: '#/components/schemas/ConnectionDomainAliasesSAML' entityId: $ref: '#/components/schemas/ConnectionEntityIdSAML' icon_url: $ref: '#/components/schemas/ConnectionIconUrlSAML' idpinitiated: $ref: '#/components/schemas/ConnectionOptionsIdpinitiatedSAML' protocolBinding: $ref: '#/components/schemas/ConnectionProtocolBindingSAML' set_user_root_attributes: $ref: '#/components/schemas/ConnectionSetUserRootAttributesEnum' signInEndpoint: $ref: '#/components/schemas/ConnectionSignInEndpointSAML' signSAMLRequest: $ref: '#/components/schemas/ConnectionSignSAMLRequestSAML' signatureAlgorithm: $ref: '#/components/schemas/ConnectionSignatureAlgorithmSAML' tenant_domain: $ref: '#/components/schemas/ConnectionTenantDomainSAML' thumbprints: $ref: '#/components/schemas/ConnectionThumbprintsSAML' upstream_params: $ref: '#/components/schemas/ConnectionUpstreamParams' ConnectionOptionsCustom: description: Options for 'custom' connections type: object additionalProperties: true properties: {} ConnectionOptionsDaccount: description: Options for the 'daccount' connection type: object additionalProperties: true allOf: - $ref: '#/components/schemas/ConnectionOptionsOAuth2Common' - type: object properties: {} ConnectionOptionsDeflateSAML: description: When true, enables DEFLATE compression for SAML requests sent via HTTP-Redirect binding. type: boolean ConnectionOptionsDropbox: description: Options for the 'dropbox' connection type: object additionalProperties: true allOf: - $ref: '#/components/schemas/ConnectionOptionsOAuth2Common' - type: object properties: {} ConnectionOptionsDwolla: description: Options for the 'dwolla' connection type: object additionalProperties: true allOf: - $ref: '#/components/schemas/ConnectionOptionsOAuth2Common' - type: object properties: {} ConnectionOptionsEmail: description: Options for the 'email' connection type: object allOf: - properties: authParams: $ref: '#/components/schemas/ConnectionAuthParamsEmail' brute_force_protection: $ref: '#/components/schemas/ConnectionBruteForceProtection' disable_signup: $ref: '#/components/schemas/ConnectionDisableSignup' email: $ref: '#/components/schemas/ConnectionEmailEmail' name: type: string description: Connection name minLength: 3 maxLength: 128 totp: $ref: '#/components/schemas/ConnectionTotpEmail' required: - brute_force_protection - email - name - $ref: '#/components/schemas/ConnectionOptionsCommon' additionalProperties: true ConnectionOptionsEvernote: description: Options for the evernote family of connections type: object additionalProperties: true allOf: - $ref: '#/components/schemas/ConnectionOptionsOAuth1Common' - type: object properties: {} ConnectionOptionsExact: description: Options for the 'exact' connection type: object additionalProperties: true allOf: - $ref: '#/components/schemas/ConnectionOptionsCommon' - type: object properties: baseUrl: $ref: '#/components/schemas/ConnectionBaseUrlExact' client_id: $ref: '#/components/schemas/ConnectionClientIdExact' client_secret: $ref: '#/components/schemas/ConnectionClientSecretExact' profile: description: Enables retrieval of basic profile attributes from Exact Online including name, username, picture, email, gender, and language. type: boolean set_user_root_attributes: $ref: '#/components/schemas/ConnectionSetUserRootAttributesEnum' upstream_params: $ref: '#/components/schemas/ConnectionUpstreamParams' ConnectionOptionsFacebook: description: Options for the 'facebook' connection type: object allOf: - $ref: '#/components/schemas/ConnectionOptionsCommon' - type: object properties: client_id: $ref: '#/components/schemas/ConnectionClientIdFacebook' client_secret: $ref: '#/components/schemas/ConnectionClientSecretFacebook' freeform_scopes: $ref: '#/components/schemas/ConnectionScopeArrayFacebook' upstream_params: $ref: '#/components/schemas/ConnectionUpstreamParamsFacebook' scope: $ref: '#/components/schemas/ConnectionScopeFacebook' set_user_root_attributes: $ref: '#/components/schemas/ConnectionSetUserRootAttributesEnum' - type: object properties: ads_management: default: false description: Grants permission to both read and manage ads for ad accounts you own or have been granted access to by the owner. By default, your app may only access ad accounts owned by admins of the app when in developer mode. type: boolean ads_read: default: false description: Grants access to the Ads Insights API to pull ads report information for ad accounts you own or have been granted access to by the owner of other ad accounts. type: boolean allow_context_profile_field: default: false deprecated: true description: Provides access to a social context. Deprecated on April 30th, 2019. type: boolean x-release-lifecycle: deprecated business_management: default: false description: Grants permission to read and write with the Business Manager API. type: boolean email: default: false description: Grants permission to access a person's primary email address. type: boolean groups_access_member_info: default: false description: Grants permission to publicly available group member information. type: boolean leads_retrieval: default: false description: Grants permission to retrieve all the information captured within a lead. type: boolean manage_notifications: default: false deprecated: true description: Enables your app to read a person's notifications and mark them as read. This permission does not let you send notifications to a person. Deprecated in Graph API v2.3. type: boolean x-release-lifecycle: deprecated manage_pages: default: false description: Grants permission to retrieve Page Access Tokens for the Pages and Apps that the person administers. Apps need both manage_pages and publish_pages to be able to publish as a Page. type: boolean pages_manage_cta: default: false description: Allows the app to perform POST and DELETE operations on endpoints used for managing a Page's Call To Action buttons. type: boolean pages_manage_instant_articles: default: false description: Grants permission to manage Instant Articles on behalf of Facebook Pages administered by people using your app. type: boolean pages_messaging: default: false description: Grants permission to send and receive messages through a Facebook Page. type: boolean pages_messaging_phone_number: default: false description: Grants permission to use the phone number messaging feature. type: boolean pages_messaging_subscriptions: default: false description: Grants permission to send messages using Facebook Pages at any time after the first user interaction. Your app may only send advertising or promotional content through sponsored messages or within 24 hours of user interaction. type: boolean pages_show_list: default: false description: Grants access to show the list of the Pages that a person manages. type: boolean public_profile: default: true description: Provides access to a user's public profile information including id, first_name, last_name, middle_name, name, name_format, picture, and short_name. This is the most basic permission and is required by Facebook. type: boolean publish_actions: default: false deprecated: true description: Allows your app to publish to the Open Graph using Built-in Actions, Achievements, Scores, or Custom Actions. Deprecated on August 1st, 2018. type: boolean x-release-lifecycle: deprecated publish_pages: default: false description: Grants permission to publish posts, comments, and like Pages managed by a person using your app. Your app must also have manage_pages to publish as a Page. type: boolean publish_to_groups: default: false description: Grants permission to post content into a group on behalf of a user who has granted the app this permission. type: boolean publish_video: default: false description: Grants permission to publish live videos to the app User's timeline. type: boolean read_audience_network_insights: default: false description: Grants read-only access to the Audience Network Insights data for Apps the person owns. type: boolean read_insights: default: false description: Grants read-only access to the Insights data for Pages, Apps, and web domains the person owns. type: boolean read_mailbox: default: false deprecated: true description: Provides the ability to read the messages in a person's Facebook Inbox through the inbox edge and the thread node. Deprecated in Graph API v2.3. type: boolean x-release-lifecycle: deprecated read_page_mailboxes: default: false description: Grants permission to read from the Page Inboxes of the Pages managed by a person. This permission is often used alongside the manage_pages permission. type: boolean read_stream: default: false deprecated: true description: Provides access to read the posts in a person's News Feed, or the posts on their Profile. Deprecated in Graph API v2.3. type: boolean x-release-lifecycle: deprecated user_age_range: default: false description: Grants permission to access a person's age range. type: boolean user_birthday: default: false description: Grants permission to access a person's birthday. type: boolean user_events: default: false description: Grants read-only access to the Events a person is a host of or has RSVPed to. This permission is restricted to a limited set of partners and usage requires prior approval by Facebook. type: boolean user_friends: default: false description: Grants permission to access a list of friends that also use said app. This permission is restricted to a limited set of partners and usage requires prior approval by Facebook. type: boolean user_gender: default: false description: Grants permission to access a person's gender. type: boolean user_groups: default: false deprecated: true description: Enables your app to read the Groups a person is a member of through the groups edge on the User object. Deprecated in Graph API v2.3. type: boolean x-release-lifecycle: deprecated user_hometown: default: false description: Grants permission to access a person's hometown location set in their User Profile. type: boolean user_likes: default: false description: Grants permission to access the list of all Facebook Pages that a person has liked. type: boolean user_link: default: false description: Grants permission to access the Facebook Profile URL of the user of your app. type: boolean user_location: default: false description: Provides access to a person's current city through the location field on the User object. The current city is set by a person on their Profile. type: boolean user_managed_groups: default: false deprecated: true description: Enables your app to read the Groups a person is an admin of through the groups edge on the User object. Deprecated in Graph API v3.0. type: boolean x-release-lifecycle: deprecated user_photos: default: false description: Provides access to the photos a person has uploaded or been tagged in. This permission is restricted to a limited set of partners and usage requires prior approval by Facebook. type: boolean user_posts: default: false description: Provides access to the posts on a person's Timeline including their own posts, posts they are tagged in, and posts other people make on their Timeline. This permission is restricted to a limited set of partners and usage requires prior approval by Facebook. type: boolean user_status: default: false deprecated: true description: Provides access to a person's statuses. These are posts on Facebook which don't include links, videos or photos. Deprecated in Graph API v2.3. type: boolean x-release-lifecycle: deprecated user_tagged_places: default: false description: Provides access to the Places a person has been tagged at in photos, videos, statuses and links. This permission is restricted to a limited set of partners and usage requires prior approval by Facebook. type: boolean user_videos: default: false description: Provides access to the videos a person has uploaded or been tagged in. This permission is restricted to a limited set of partners and usage requires prior approval by Facebook. type: boolean additionalProperties: true ConnectionOptionsFitbit: description: Options for the 'fitbit' connection type: object additionalProperties: true allOf: - $ref: '#/components/schemas/ConnectionOptionsOAuth2Common' - type: object properties: {} ConnectionOptionsFreeformScopesGithub: description: Array of custom OAuth 2.0 scopes to request from GitHub during authentication. Use this to request scopes not covered by the predefined scope options. anyOf: - $ref: '#/components/schemas/ConnectionScopeArray' ConnectionOptionsGitHub: description: Options for the 'github' connection type: object additionalProperties: true allOf: - $ref: '#/components/schemas/ConnectionOptionsCommon' - type: object properties: client_id: $ref: '#/components/schemas/ConnectionOptionsClientIdGithub' client_secret: $ref: '#/components/schemas/ConnectionOptionsClientSecretGithub' freeform_scopes: $ref: '#/components/schemas/ConnectionOptionsFreeformScopesGithub' scope: $ref: '#/components/schemas/ConnectionOptionsScopeGithub' set_user_root_attributes: $ref: '#/components/schemas/ConnectionSetUserRootAttributesEnum' upstream_params: $ref: '#/components/schemas/ConnectionUpstreamParams' - type: object properties: admin_org: type: boolean default: false description: Requests the GitHub admin:org scope so Auth0 can fully manage organizations, teams, and memberships on behalf of the user. admin_public_key: type: boolean default: false description: Requests the admin:public_key scope to allow creating, updating, and deleting the user's SSH public keys. admin_repo_hook: type: boolean default: false description: Requests the admin:repo_hook scope so Auth0 can read, write, ping, and delete repository webhooks. delete_repo: type: boolean default: false description: Requests the delete_repo scope so the user can remove repositories they administer while signing in through Auth0. email: type: boolean default: false description: Requests the user:email scope so Auth0 pulls addresses from GitHub's /user/emails endpoint and populates the profile. follow: type: boolean default: false description: Requests the user:follow scope to allow following or unfollowing GitHub users for the signed-in account. gist: type: boolean default: false description: Requests the gist scope so the application can create or update gists on behalf of the user. notifications: type: boolean default: false description: Requests the notifications scope to read GitHub inbox notifications; repo also implicitly grants this access. profile: default: true description: Controls the GitHub read:user call that returns the user's basic profile (name, avatar, profile URL) and is on by default for successful logins. type: boolean public_repo: type: boolean default: false description: Requests the public_repo scope for read and write operations on public repositories, deployments, and statuses. read_org: type: boolean default: false description: Requests the read:org scope so Auth0 can view organizations, teams, and membership lists without making changes. read_public_key: type: boolean default: false description: Requests the read:public_key scope so Auth0 can list and inspect the user's SSH public keys. read_repo_hook: type: boolean default: false description: Requests the read:repo_hook scope to read and ping repository webhooks. read_user: type: boolean default: false description: Requests the read:user scope to load extended profile information, implicitly covering user:email and user:follow. repo: type: boolean default: false description: Requests the repo scope for read and write access to both public and private repositories, deployments, and statuses. repo_deployment: type: boolean default: false description: Requests the repo_deployment scope in order to read and write deployment statuses for repositories. repo_status: type: boolean default: false description: Requests the repo:status scope to manage commit statuses on public and private repositories. write_org: type: boolean default: false description: Requests the write:org scope so Auth0 can change whether organization memberships are publicized. write_public_key: type: boolean default: false description: Requests the write:public_key scope to create or update SSH public keys for the user. write_repo_hook: type: boolean default: false description: Requests the write:repo_hook scope so Auth0 can read, create, update, and ping repository webhooks. ConnectionOptionsGoogleApps: description: Options for the 'google-apps' connection type: object allOf: - $ref: '#/components/schemas/ConnectionOptionsCommon' - type: object required: - client_id properties: admin_access_token: $ref: '#/components/schemas/ConnectionAdminAccessTokenGoogleApps' admin_access_token_expiresin: $ref: '#/components/schemas/ConnectionAdminAccessTokenExpiresInGoogleApps' admin_refresh_token: $ref: '#/components/schemas/ConnectionAdminRefreshTokenGoogleApps' allow_setting_login_scopes: type: boolean description: When true, allows customization of OAuth scopes requested during user login. Custom scopes are appended to the mandatory email and profile scopes. When false or omitted, only the default email and profile scopes are used. This property is automatically enabled when Token Vault or Connected Accounts features are activated. default: false api_enable_groups: $ref: '#/components/schemas/ConnectionApiEnableGroupsGoogleApps' api_enable_users: $ref: '#/components/schemas/ConnectionApiEnableUsersGoogleApps' client_id: $ref: '#/components/schemas/ConnectionClientIdGoogleApps' client_secret: $ref: '#/components/schemas/ConnectionClientSecretGoogleApps' domain: $ref: '#/components/schemas/ConnectionDomainGoogleApps' domain_aliases: $ref: '#/components/schemas/ConnectionDomainAliases' email: type: boolean description: Whether the OAuth flow requests the `email` scope. default: true ext_agreed_terms: $ref: '#/components/schemas/ConnectionExtAgreedTermsGoogleApps' ext_groups: $ref: '#/components/schemas/ConnectionExtGroupsGoogleApps' ext_groups_extended: type: boolean description: Controls whether enriched group entries include `id`, `email`, `name` (true) or only the group name (false); can only be set when `ext_groups` is true. default: true ext_is_admin: $ref: '#/components/schemas/ConnectionExtIsAdminGoogleApps' ext_is_suspended: $ref: '#/components/schemas/ConnectionExtIsSuspendedGoogleApps' federated_connections_access_tokens: $ref: '#/components/schemas/ConnectionFederatedConnectionsAccessTokens' handle_login_from_social: $ref: '#/components/schemas/ConnectionHandleLoginFromSocialGoogleApps' icon_url: $ref: '#/components/schemas/ConnectionIconUrlGoogleApps' map_user_id_to_id: type: boolean description: Determines how Auth0 generates the user_id for Google Workspace users. When false (default), the user's email address is used. When true, Google's stable numeric user ID is used instead, which persists even if the user's email changes. This setting can only be configured when creating the connection and cannot be changed afterward. default: false profile: type: boolean description: Whether the OAuth flow requests the `profile` scope. default: true scope: $ref: '#/components/schemas/ConnectionScopeGoogleApps' set_user_root_attributes: $ref: '#/components/schemas/ConnectionSetUserRootAttributesEnum' tenant_domain: $ref: '#/components/schemas/ConnectionTenantDomainGoogleApps' upstream_params: $ref: '#/components/schemas/ConnectionUpstreamParams' additionalProperties: true ConnectionOptionsGoogleOAuth2: description: Options for the 'google-oauth2' connection type: object allOf: - $ref: '#/components/schemas/ConnectionOptionsCommon' - type: object properties: allowed_audiences: $ref: '#/components/schemas/ConnectionAllowedAudiencesGoogleOAuth2' client_id: $ref: '#/components/schemas/ConnectionClientIdGoogleOAuth2' client_secret: $ref: '#/components/schemas/ConnectionClientSecretGoogleOAuth2' freeform_scopes: $ref: '#/components/schemas/ConnectionFreeformScopesGoogleOAuth2' icon_url: $ref: '#/components/schemas/ConnectionIconUrlGoogleOAuth2' scope: $ref: '#/components/schemas/ConnectionScopeGoogleOAuth2' set_user_root_attributes: $ref: '#/components/schemas/ConnectionSetUserRootAttributesEnum' upstream_params: $ref: '#/components/schemas/ConnectionUpstreamParams' - type: object properties: adsense_management: type: boolean description: View and manage user's ad applications, ad units, and channels in AdSense analytics: type: boolean description: View user's configuration information and reports blogger: type: boolean description: View and manage user's posts and blogs on Blogger and Blogger comments calendar: type: boolean description: See, edit, share, and permanently delete all the calendars you can access using Google Calendar calendar_addons_execute: type: boolean description: Run as a Calendar add-on calendar_events: type: boolean description: View and edit events on all your calendars calendar_events_readonly: type: boolean description: View events on all your calendars calendar_settings_readonly: type: boolean description: View your Calendar settings chrome_web_store: type: boolean description: Read access to user's chrome web store contacts: type: boolean description: Full access to the authenticated user's contacts contacts_new: type: boolean description: Full access to the authenticated user's contacts contacts_other_readonly: type: boolean description: Read-only access to the authenticated user's 'Other contacts' contacts_readonly: type: boolean description: Read-only access to the authenticated user's contacts content_api_for_shopping: type: boolean description: View and manage user's products, feeds, and subaccounts coordinate: type: boolean description: Grants read and write access to the Coordinate API coordinate_readonly: type: boolean description: Grants read access to the Coordinate API directory_readonly: type: boolean description: Read-only access to the authenticated user's corporate directory (if applicable) document_list: type: boolean description: Access to Google Docs document list feed drive: type: boolean description: Full access to all files and folders in the user's Google Drive drive_activity: type: boolean description: View and add to the activity record of files in your Drive drive_activity_readonly: type: boolean description: View the activity record of files in your Drive drive_appdata: type: boolean description: Access to the application's configuration data in the user's Google Drive drive_apps_readonly: type: boolean description: View apps authorized to access your Drive drive_file: type: boolean description: Access to files created or opened by the app drive_metadata: type: boolean description: Access to file metadata, including listing files and folders drive_metadata_readonly: type: boolean description: Read-only access to file metadata drive_photos_readonly: type: boolean description: Read-only access to the user's Google Photos drive_readonly: type: boolean description: Read-only access to all files and folders in the user's Google Drive drive_scripts: type: boolean description: Modify the behavior of Google Apps Scripts email: type: boolean description: Email and verified email flag gmail: type: boolean description: Full access to the account's mailboxes, including permanent deletion of threads and messages gmail_compose: type: boolean description: Read all resources and their metadata—no write operations gmail_insert: type: boolean description: Insert and import messages only gmail_labels: type: boolean description: Create, read, update, and delete labels only gmail_metadata: type: boolean description: Read resources metadata including labels, history records, and email message headers, but not the message body or attachments gmail_modify: type: boolean description: All read/write operations except immediate, permanent deletion of threads and messages, bypassing Trash gmail_new: type: boolean description: Full access to the account's mailboxes, including permanent deletion of threads and messages gmail_readonly: type: boolean description: Read all resources and their metadata—no write operations gmail_send: type: boolean description: Send messages only. No read or modify privileges on mailbox gmail_settings_basic: type: boolean description: Manage basic mail settings gmail_settings_sharing: type: boolean description: 'Manage sensitive mail settings, including forwarding rules and aliases. Note: Operations guarded by this scope are restricted to administrative use only' google_affiliate_network: type: boolean description: View and manage user's publisher data in the Google Affiliate Network google_books: type: boolean description: View and manage user's books and library in Google Books google_cloud_storage: type: boolean description: View and manage user's data stored in Google Cloud Storage google_drive: type: boolean description: Full access to all files and folders in the user's Google Drive google_drive_files: type: boolean description: Access to files created or opened by the app google_plus: type: boolean description: Associate user with its public Google profile latitude_best: type: boolean description: View and manage user's best-available current location and location history in Google Latitude latitude_city: type: boolean description: View and manage user's city-level current location and location history in Google Latitude moderator: type: boolean description: View and manage user's votes, topics, and submissions offline_access: type: boolean description: Request a refresh token when the user authorizes your application orkut: type: boolean description: View and manage user's friends, applications and profile and status picasa_web: type: boolean description: View and manage user's Google photos, videos, photo and video tags and comments profile: type: boolean description: Name, public profile URL, photo, country, language, and timezone sites: type: boolean description: View and manage user's sites on Google Sites tasks: type: boolean description: Full access to create, edit, organize, and delete all your tasks tasks_readonly: type: boolean description: Read-only access to view your tasks and task lists url_shortener: type: boolean description: View, manage and view statistics user's short URLs webmaster_tools: type: boolean description: View and manage user's sites and messages, view keywords youtube: type: boolean description: Manage your YouTube account youtube_channelmemberships_creator: type: boolean description: See a list of your current active channel members, their current level, and when they became a member youtube_new: type: boolean description: Manage your YouTube account youtube_readonly: type: boolean description: View your YouTube account youtube_upload: type: boolean description: Manage your YouTube videos youtubepartner: type: boolean description: View and manage your assets and associated content on YouTube additionalProperties: true ConnectionOptionsIP: description: Options for the 'ip' connection type: object additionalProperties: true properties: {} x-release-lifecycle: deprecated ConnectionOptionsIdpInitiatedClientProtocolEnumSAML: description: The response protocol used to communicate with the default application. type: string enum: - oidc - samlp - wsfed ConnectionOptionsIdpinitiatedSAML: description: Configuration for IdP-Initiated SAML Single Sign-On. When enabled, allows users to initiate login directly from their SAML identity provider without first visiting Auth0. The IdP must include the connection parameter in the post-back URL (Assertion Consumer Service URL). type: object properties: client_authorizequery: description: The query string sent to the default application type: string minLength: 1 maxLength: 2048 client_id: description: The client ID to use for IdP-initiated login requests. type: string minLength: 1 maxLength: 256 client_protocol: $ref: '#/components/schemas/ConnectionClientProtocolSAML' enabled: description: When true, enables IdP-initiated login support for this SAML connection. Allows users to log in directly from the identity provider without first visiting Auth0. type: boolean additionalProperties: false maxProperties: 6 ConnectionOptionsInstagram: description: Options for the 'instagram' connection type: object additionalProperties: true allOf: - $ref: '#/components/schemas/ConnectionOptionsOAuth2Common' - type: object properties: {} x-release-lifecycle: deprecated ConnectionOptionsLine: description: Options for the 'line' connection type: object additionalProperties: true allOf: - $ref: '#/components/schemas/ConnectionOptionsCommon' - type: object properties: client_id: $ref: '#/components/schemas/ConnectionClientIdLine' client_secret: $ref: '#/components/schemas/ConnectionClientSecretLine' freeform_scopes: $ref: '#/components/schemas/ConnectionScopeArray' scope: $ref: '#/components/schemas/ConnectionScopeArray' set_user_root_attributes: $ref: '#/components/schemas/ConnectionSetUserRootAttributesEnum' upstream_params: $ref: '#/components/schemas/ConnectionUpstreamParams' - type: object properties: email: description: 'Permission to request the user''s email address from LINE. When enabled, adds the ''email'' scope to OAuth requests. Note: LINE requires special approval to access user email addresses.' type: boolean default: false profile: description: Permission to request the user's basic profile information from LINE. When enabled, adds the 'profile' scope to OAuth requests. LINE requires this scope to retrieve user display name, profile picture, and status message. type: boolean const: true ConnectionOptionsLinkedin: description: Options for the 'linkedin' connection type: object additionalProperties: true allOf: - $ref: '#/components/schemas/ConnectionOptionsCommon' - type: object properties: client_id: $ref: '#/components/schemas/ConnectionClientIdLinkedin' client_secret: $ref: '#/components/schemas/ConnectionClientSecretLinkedin' freeform_scopes: $ref: '#/components/schemas/ConnectionFreeformScopesLinkedin' scope: $ref: '#/components/schemas/ConnectionScopeLinkedin' set_user_root_attributes: $ref: '#/components/schemas/ConnectionSetUserRootAttributesEnum' strategy_version: description: The strategy_version property determines which LinkedIn API version and OAuth scopes are used for authentication. Version 1 uses legacy scopes (r_basicprofile, r_fullprofile, r_network), Version 2 uses updated scopes (r_liteprofile, r_basicprofile), and Version 3 uses OpenID Connect scopes (profile, email, openid). If not specified, the connection defaults to Version 3. anyOf: - $ref: '#/components/schemas/ConnectionStrategyVersionEnumLinkedin' upstream_params: $ref: '#/components/schemas/ConnectionUpstreamParams' - type: object properties: basic_profile: type: boolean default: false description: Request the LinkedIn lite profile scope (r_liteprofile) to retrieve member id, localized first/last name, and profile picture. Off by default. email: type: boolean default: false description: Request the email address scope (r_emailaddress) to return the member's primary email. Off by default. full_profile: type: boolean default: false description: Request the legacy full profile scope (r_fullprofile) for extended attributes. Deprecated by LinkedIn; use only if enabled for your app. Off by default. network: type: boolean default: false description: Request legacy network access (first-degree connections). Deprecated by LinkedIn and typically unavailable to new apps. Off by default. openid: type: boolean const: true description: Request OpenID Connect authentication support (openid scope). When enabled, the connection will request the 'openid' scope from LinkedIn, allowing the use of OpenID Connect flows for authentication and enabling the issuance of ID tokens. This is off by default and should only be enabled if your LinkedIn application is configured for OpenID Connect. profile: type: boolean const: true description: Always-true flag that ensures the LinkedIn profile scope (r_basicprofile/r_liteprofile/profile) is requested. ConnectionOptionsOAuth1: description: Options for the 'oauth1' connection type: object additionalProperties: true allOf: - $ref: '#/components/schemas/ConnectionOptionsCommon' - type: object properties: accessTokenURL: $ref: '#/components/schemas/ConnectionAccessTokenURLOAuth1' client_id: $ref: '#/components/schemas/ConnectionClientIdOAuth1' client_secret: $ref: '#/components/schemas/ConnectionClientSecretOAuth1' requestTokenURL: $ref: '#/components/schemas/ConnectionRequestTokenURLOAuth1' scripts: $ref: '#/components/schemas/ConnectionScriptsOAuth1' signatureMethod: $ref: '#/components/schemas/ConnectionSignatureMethodOAuth1' upstream_params: $ref: '#/components/schemas/ConnectionUpstreamParams' userAuthorizationURL: $ref: '#/components/schemas/ConnectionUserAuthorizationURLOAuth1' ConnectionOptionsOAuth1Common: allOf: - type: object properties: client_id: type: string description: OAuth 1.0 client identifier issued by the identity provider during application registration. This value identifies your Auth0 connection to the identity provider. minLength: 0 client_secret: type: string description: OAuth 1.0 client secret issued by the identity provider during application registration. Used to authenticate your Auth0 connection when signing requests and exchanging request tokens and verifiers for access tokens. May be null for public clients. minLength: 0 set_user_root_attributes: $ref: '#/components/schemas/ConnectionSetUserRootAttributesEnum' upstream_params: $ref: '#/components/schemas/ConnectionUpstreamParams' - $ref: '#/components/schemas/ConnectionOptionsCommon' ConnectionOptionsOAuth2: description: Options for the 'oauth2' connection type: object allOf: - type: object properties: authParams: $ref: '#/components/schemas/ConnectionAuthParamsOAuth2' authParamsMap: $ref: '#/components/schemas/ConnectionAuthParamsMap' authorizationURL: $ref: '#/components/schemas/ConnectionAuthorizationEndpointOAuth2' client_id: $ref: '#/components/schemas/ConnectionClientIdOAuth2' client_secret: $ref: '#/components/schemas/ConnectionClientSecretOAuth2' customHeaders: $ref: '#/components/schemas/ConnectionCustomHeadersOAuth2' fieldsMap: $ref: '#/components/schemas/ConnectionFieldsMap' icon_url: $ref: '#/components/schemas/ConnectionIconUrl' logoutUrl: $ref: '#/components/schemas/ConnectionEndSessionEndpointOAuth2' pkce_enabled: type: boolean description: When true, enables Proof Key for Code Exchange (PKCE) for the authorization code flow. PKCE provides additional security by preventing authorization code interception attacks. scope: $ref: '#/components/schemas/ConnectionScopeOAuth2' scripts: $ref: '#/components/schemas/ConnectionScriptsOAuth2' set_user_root_attributes: $ref: '#/components/schemas/ConnectionSetUserRootAttributesEnum' tokenURL: $ref: '#/components/schemas/ConnectionTokenEndpointOAuth2' upstream_params: $ref: '#/components/schemas/ConnectionUpstreamParams' useOauthSpecScope: type: boolean description: When true, uses space-delimited scopes (per OAuth 2.0 spec) instead of comma-delimited when calling the identity provider's authorization endpoint. Only relevant when using the connection_scope parameter. See https://auth0.com/docs/authenticate/identity-providers/adding-scopes-for-an-external-idp#pass-scopes-to-authorize-endpoint - $ref: '#/components/schemas/ConnectionOptionsCommon' additionalProperties: true ConnectionOptionsOAuth2Common: allOf: - type: object properties: client_id: $ref: '#/components/schemas/ConnectionClientId' client_secret: $ref: '#/components/schemas/ConnectionClientSecret' scope: $ref: '#/components/schemas/ConnectionScopeOAuth2' set_user_root_attributes: $ref: '#/components/schemas/ConnectionSetUserRootAttributesEnum' upstream_params: $ref: '#/components/schemas/ConnectionUpstreamParams' - $ref: '#/components/schemas/ConnectionOptionsCommon' ConnectionOptionsOIDC: description: Options for the 'oidc' connection type: object allOf: - $ref: '#/components/schemas/ConnectionOptionsCommonOIDC' - type: object properties: attribute_map: $ref: '#/components/schemas/ConnectionAttributeMapOIDC' discovery_url: $ref: '#/components/schemas/ConnectionDiscoveryUrl' type: $ref: '#/components/schemas/ConnectionTypeEnumOIDC' - $ref: '#/components/schemas/ConnectionOptionsCommon' additionalProperties: true ConnectionOptionsOIDCMetadata: description: OpenID Connect Provider Metadata as per https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata type: object properties: acr_values_supported: $ref: '#/components/schemas/ConnectionAcrValuesSupported' authorization_endpoint: $ref: '#/components/schemas/ConnectionAuthorizationEndpoint' claim_types_supported: $ref: '#/components/schemas/ConnectionClaimTypesSupported' claims_locales_supported: $ref: '#/components/schemas/ConnectionClaimsLocalesSupported' claims_parameter_supported: $ref: '#/components/schemas/ConnectionClaimsParameterSupported' claims_supported: $ref: '#/components/schemas/ConnectionClaimsSupported' display_values_supported: $ref: '#/components/schemas/ConnectionDisplayValuesSupported' dpop_signing_alg_values_supported: $ref: '#/components/schemas/ConnectionDpopSigningAlgValuesSupported' end_session_endpoint: $ref: '#/components/schemas/ConnectionEndSessionEndpoint' grant_types_supported: $ref: '#/components/schemas/ConnectionGrantTypesSupported' id_token_encryption_alg_values_supported: $ref: '#/components/schemas/ConnectionIdTokenEncryptionAlgValuesSupported' id_token_encryption_enc_values_supported: $ref: '#/components/schemas/ConnectionIdTokenEncryptionEncValuesSupported' id_token_signing_alg_values_supported: $ref: '#/components/schemas/ConnectionIdTokenSigningAlgValuesSupported' issuer: $ref: '#/components/schemas/ConnectionIssuer' jwks_uri: $ref: '#/components/schemas/ConnectionJwksUri' op_policy_uri: $ref: '#/components/schemas/ConnectionOpPolicyUri' op_tos_uri: $ref: '#/components/schemas/ConnectionOpTosUri' registration_endpoint: $ref: '#/components/schemas/ConnectionRegistrationEndpoint' request_object_encryption_alg_values_supported: $ref: '#/components/schemas/ConnectionRequestObjectEncryptionAlgValuesSupported' request_object_encryption_enc_values_supported: $ref: '#/components/schemas/ConnectionRequestObjectEncryptionEncValuesSupported' request_object_signing_alg_values_supported: $ref: '#/components/schemas/ConnectionRequestObjectSigningAlgValuesSupported' request_parameter_supported: $ref: '#/components/schemas/ConnectionRequestParameterSupported' request_uri_parameter_supported: $ref: '#/components/schemas/ConnectionRequestUriParameterSupported' require_request_uri_registration: $ref: '#/components/schemas/ConnectionRequireRequestUriRegistration' response_modes_supported: $ref: '#/components/schemas/ConnectionResponseModesSupported' response_types_supported: $ref: '#/components/schemas/ConnectionResponseTypesSupported' scopes_supported: $ref: '#/components/schemas/ConnectionScopesSupported' service_documentation: $ref: '#/components/schemas/ConnectionServiceDocumentation' subject_types_supported: $ref: '#/components/schemas/ConnectionSubjectTypesSupported' token_endpoint: $ref: '#/components/schemas/ConnectionTokenEndpoint' token_endpoint_auth_methods_supported: $ref: '#/components/schemas/ConnectionTokenEndpointAuthMethodsSupported' token_endpoint_auth_signing_alg_values_supported: $ref: '#/components/schemas/ConnectionTokenEndpointAuthSigningAlgValuesSupported' ui_locales_supported: $ref: '#/components/schemas/ConnectionUiLocalesSupported' userinfo_encryption_alg_values_supported: $ref: '#/components/schemas/ConnectionUserinfoEncryptionAlgValuesSupported' userinfo_encryption_enc_values_supported: $ref: '#/components/schemas/ConnectionUserinfoEncryptionEncValuesSupported' userinfo_endpoint: $ref: '#/components/schemas/ConnectionUserinfoEndpoint' userinfo_signing_alg_values_supported: $ref: '#/components/schemas/ConnectionUserinfoSigningAlgValuesSupported' required: - authorization_endpoint - id_token_signing_alg_values_supported - issuer - jwks_uri additionalProperties: true ConnectionOptionsOffice365: description: Options for the 'office365' connection type: object additionalProperties: true properties: client_id: $ref: '#/components/schemas/ConnectionClientId' client_secret: $ref: '#/components/schemas/ConnectionClientSecret' ConnectionOptionsOkta: description: Options for the 'okta' connection type: object allOf: - $ref: '#/components/schemas/ConnectionOptionsCommon' - $ref: '#/components/schemas/ConnectionOptionsCommonOIDC' - type: object properties: attribute_map: $ref: '#/components/schemas/ConnectionAttributeMapOkta' domain: $ref: '#/components/schemas/ConnectionDomainOkta' type: $ref: '#/components/schemas/ConnectionTypeEnumOkta' additionalProperties: true ConnectionOptionsPaypal: description: Options for the 'paypal' and 'paypal-sandbox' connections type: object additionalProperties: true allOf: - $ref: '#/components/schemas/ConnectionOptionsCommon' - type: object properties: client_id: $ref: '#/components/schemas/ConnectionClientIdPaypal' client_secret: $ref: '#/components/schemas/ConnectionClientSecretPaypal' freeform_scopes: $ref: '#/components/schemas/ConnectionFreeformScopesPaypal' scope: $ref: '#/components/schemas/ConnectionScopePaypal' set_user_root_attributes: $ref: '#/components/schemas/ConnectionSetUserRootAttributesEnum' - type: object properties: address: type: boolean description: When enabled, requests the 'address' scope from PayPal to access the user's address information. default: false email: type: boolean description: When enabled, requests the 'email' scope from PayPal to access the user's email address. default: false phone: type: boolean description: When enabled, requests the 'phone' scope from PayPal to access the user's phone number. default: false profile: type: boolean description: When enabled, requests the 'profile' scope from PayPal to access basic profile information including first name, last name, date of birth, time zone, locale, and language. This scope is always enabled by the system. const: true ConnectionOptionsPingFederate: description: Options for the 'pingfederate' connection type: object allOf: - $ref: '#/components/schemas/ConnectionOptionsCommonSAML' - $ref: '#/components/schemas/ConnectionOptionsCommon' - type: object properties: pingFederateBaseUrl: $ref: '#/components/schemas/ConnectionPingFederateBaseUrl' signingCert: $ref: '#/components/schemas/ConnectionSigningCertificatePemPingFederate' required: - pingFederateBaseUrl additionalProperties: true ConnectionOptionsPlanningCenter: description: Options for the 'planningcenter' connection type: object additionalProperties: true allOf: - $ref: '#/components/schemas/ConnectionOptionsOAuth2Common' - type: object properties: {} ConnectionOptionsProtocolEnumTwitter: description: Allowed protocol identifiers for Twitter connections. Use oauth1 for the legacy v1.1 OAuth flow or oauth2 for the newer OAuth 2.0 flow. type: string enum: - oauth1 - oauth2 ConnectionOptionsSAML: description: Options for the 'samlp' connection type: object allOf: - $ref: '#/components/schemas/ConnectionOptionsCommonSAML' - $ref: '#/components/schemas/ConnectionOptionsCommon' - type: object properties: debug: $ref: '#/components/schemas/ConnectionDebugSAML' deflate: $ref: '#/components/schemas/ConnectionOptionsDeflateSAML' destinationUrl: $ref: '#/components/schemas/ConnectionDestinationUrlSAML' disableSignout: description: When true, disables sending SAML logout requests (SingleLogoutService) to the identity provider during user sign-out. The user will be logged out of Auth0 but will remain logged into the identity provider. Defaults to false (federated logout enabled). type: boolean fieldsMap: $ref: '#/components/schemas/ConnectionFieldsMapSAML' global_token_revocation_jwt_iss: $ref: '#/components/schemas/ConnectionGlobalTokenRevocationJwtIssSAML' global_token_revocation_jwt_sub: $ref: '#/components/schemas/ConnectionGlobalTokenRevocationJwtSubSAML' metadataUrl: $ref: '#/components/schemas/ConnectionMetadataUrlSAML' metadataXml: $ref: '#/components/schemas/ConnectionMetadataXmlSAML' recipientUrl: $ref: '#/components/schemas/ConnectionRecipientUrlSAML' requestTemplate: $ref: '#/components/schemas/ConnectionRequestTemplateSAML' signingCert: $ref: '#/components/schemas/ConnectionSigningCertSAML' signing_key: $ref: '#/components/schemas/ConnectionSigningKeySAML' signOutEndpoint: $ref: '#/components/schemas/ConnectionSignOutEndpointSAML' user_id_attribute: $ref: '#/components/schemas/ConnectionUserIdAttributeSAML' additionalProperties: true ConnectionOptionsSMS: description: Options for the 'sms' connection type: object allOf: - $ref: '#/components/schemas/ConnectionOptionsCommon' - type: object properties: brute_force_protection: type: boolean description: Whether brute force protection is enabled disable_signup: $ref: '#/components/schemas/ConnectionDisableSignupSMS' forward_req_info: $ref: '#/components/schemas/ConnectionForwardReqInfoSMS' from: $ref: '#/components/schemas/ConnectionFromSMS' gateway_authentication: $ref: '#/components/schemas/ConnectionGatewayAuthenticationSMS' gateway_url: $ref: '#/components/schemas/ConnectionGatewayUrlSMS' messaging_service_sid: $ref: '#/components/schemas/ConnectionMessagingServiceSidSMS' name: description: Connection name type: string minLength: 1 maxLength: 255 provider: $ref: '#/components/schemas/ConnectionProviderSMS' syntax: $ref: '#/components/schemas/ConnectionTemplateSyntaxEnumSMS' template: $ref: '#/components/schemas/ConnectionTemplateSMS' totp: $ref: '#/components/schemas/ConnectionTotpSMS' twilio_sid: $ref: '#/components/schemas/ConnectionTwilioSidSMS' twilio_token: $ref: '#/components/schemas/ConnectionTwilioTokenSMS' additionalProperties: true ConnectionOptionsSalesforce: description: Options for the salesforce family of connections (salesforce, salesforce-sandbox, salesforce-community) type: object additionalProperties: true allOf: - $ref: '#/components/schemas/ConnectionOptionsCommon' - type: object properties: client_id: $ref: '#/components/schemas/ConnectionClientIdSalesforce' client_secret: $ref: '#/components/schemas/ConnectionClientSecretSalesforce' freeform_scopes: $ref: '#/components/schemas/ConnectionFreeformScopesSalesforce' profile: description: When enabled, requests the Salesforce profile scope to retrieve basic user information including user_id, organization_id, username, display_name, email, status, photos, and URLs. type: boolean default: true scope: $ref: '#/components/schemas/ConnectionScopeSalesforce' set_user_root_attributes: $ref: '#/components/schemas/ConnectionSetUserRootAttributesEnum' upstream_params: $ref: '#/components/schemas/ConnectionUpstreamParams' ConnectionOptionsSalesforceCommunity: description: Options for the 'salesforce-community' connection type: object additionalProperties: true allOf: - $ref: '#/components/schemas/ConnectionOptionsSalesforce' - type: object properties: community_base_url: $ref: '#/components/schemas/ConnectionCommunityBaseUrlSalesforce' ConnectionOptionsScopeGithub: description: Scope options for GitHub connections. anyOf: - $ref: '#/components/schemas/ConnectionScopeArray' ConnectionOptionsScopeTwitter: description: Array of OAuth 2.0 scopes to request from Twitter during authentication. Use this to request scopes not covered by the predefined scope options. anyOf: - $ref: '#/components/schemas/ConnectionScopeArray' ConnectionOptionsSharepoint: description: Options for the 'sharepoint' connection type: object additionalProperties: true allOf: - $ref: '#/components/schemas/ConnectionOptionsOAuth2Common' - type: object properties: {} x-release-lifecycle: deprecated ConnectionOptionsShop: description: Options for the 'shop' connection type: object additionalProperties: true allOf: - $ref: '#/components/schemas/ConnectionOptionsOAuth2Common' - type: object properties: {} ConnectionOptionsShopify: description: Options for the 'shopify' connection type: object additionalProperties: true allOf: - $ref: '#/components/schemas/ConnectionOptionsOAuth2Common' - type: object properties: {} ConnectionOptionsSoundcloud: description: Options for the 'soundcloud' connection type: object additionalProperties: true allOf: - $ref: '#/components/schemas/ConnectionOptionsOAuth2Common' - type: object properties: {} x-release-lifecycle: deprecated ConnectionOptionsThirtySevenSignals: description: Options for the 'thirtysevensignals' connection type: object additionalProperties: true allOf: - $ref: '#/components/schemas/ConnectionOptionsOAuth2Common' - type: object properties: {} ConnectionOptionsTwitter: description: Options for the 'twitter' connection type: object additionalProperties: true allOf: - $ref: '#/components/schemas/ConnectionOptionsCommon' - type: object properties: client_id: $ref: '#/components/schemas/ConnectionOptionsClientIdTwitter' client_secret: $ref: '#/components/schemas/ConnectionOptionsClientSecretTwitter' freeform_scopes: $ref: '#/components/schemas/ConnectionScopeArray' protocol: $ref: '#/components/schemas/ConnectionOptionsProtocolEnumTwitter' scope: $ref: '#/components/schemas/ConnectionOptionsScopeTwitter' set_user_root_attributes: $ref: '#/components/schemas/ConnectionSetUserRootAttributesEnum' upstream_params: $ref: '#/components/schemas/ConnectionUpstreamParams' - type: object properties: offline_access: type: boolean description: 'Request long-lived refresh tokens so your app can act on behalf of users even when they’re not actively signed in. Typical Twitter use case: keeping a background service synced without forcing users to reauthorize every session.' profile: type: boolean const: true description: Pull account profile metadata such as display name, bio, location, and URL so downstream apps can prefill or personalize user experiences. tweet_read: type: boolean const: true description: Allow the application to read a user’s public and protected Tweets—required for timelines, analytics, or moderation workflows. users_read: type: boolean const: true description: Read non-Tweet user information (e.g., followers/following, account settings) to power relationship graphs or audience insights. ConnectionOptionsUntappd: description: Options for the 'untappd' connection type: object additionalProperties: true allOf: - $ref: '#/components/schemas/ConnectionOptionsOAuth2Common' - type: object properties: {} x-release-lifecycle: deprecated ConnectionOptionsVkontakte: description: Options for the 'vkontakte' connection type: object additionalProperties: true allOf: - $ref: '#/components/schemas/ConnectionOptionsOAuth2Common' - type: object properties: {} ConnectionOptionsWeibo: description: Options for the 'weibo' connection type: object additionalProperties: true allOf: - $ref: '#/components/schemas/ConnectionOptionsOAuth2Common' - type: object properties: {} ConnectionOptionsWindowsLive: description: Options for the 'windowslive' connection type: object additionalProperties: true allOf: - $ref: '#/components/schemas/ConnectionOptionsCommon' - type: object properties: client_id: $ref: '#/components/schemas/ConnectionClientIdWindowsLive' client_secret: $ref: '#/components/schemas/ConnectionClientSecretWindowsLive' freeform_scopes: $ref: '#/components/schemas/ConnectionFreeformScopesWindowsLive' scope: $ref: '#/components/schemas/ConnectionScopeArrayWindowsLive' set_user_root_attributes: $ref: '#/components/schemas/ConnectionSetUserRootAttributesEnum' strategy_version: $ref: '#/components/schemas/ConnectionStrategyVersionEnumWindowsLive' upstream_params: $ref: '#/components/schemas/ConnectionUpstreamParams' - type: object properties: applications: type: boolean description: When enabled, requests access to user's applications. applications_create: type: boolean description: When enabled, requests permission to create applications. basic: type: boolean description: When enabled, requests read access to user's basic profile information and contacts list. birthday: type: boolean description: When enabled, requests read access to user's birth day, month, and year. calendars: type: boolean description: When enabled, requests read access to user's calendars and events. calendars_update: type: boolean description: When enabled, requests read and write access to user's calendars and events. contacts_birthday: type: boolean description: When enabled, requests read access to contacts' birth day and birth month. contacts_calendars: type: boolean description: When enabled, requests read access to user's calendars and shared calendars/events from others. contacts_create: type: boolean description: When enabled, requests permission to create new contacts in user's address book. contacts_photos: type: boolean description: When enabled, requests read access to user's and shared albums, photos, videos, and audio. contacts_skydrive: type: boolean description: When enabled, requests read access to OneDrive files shared by other users. directory_accessasuser_all: type: boolean description: When enabled, allows the app to have the same access to information in the directory as the signed-in user. directory_read_all: type: boolean description: When enabled, allows the app to read data in your organization's directory, such as users, groups, and apps. directory_readwrite_all: type: boolean description: When enabled, allows the app to read and write data in your organization's directory, such as users and groups. emails: type: boolean description: When enabled, requests read access to personal, preferred, and business email addresses. events_create: type: boolean description: When enabled, requests permission to create events on user's default calendar. graph_calendars: description: When enabled, requests permission to read the user's calendars. type: boolean graph_calendars_update: description: When enabled, requests permission to read and write the user's calendars. type: boolean graph_contacts: description: When enabled, requests permission to read the user's contacts. type: boolean graph_contacts_update: description: When enabled, requests permission to read and write the user's contacts. type: boolean graph_device: description: When enabled, requests permission to read the user's device information. type: boolean graph_device_command: description: When enabled, requests permission to send commands to the user's devices. type: boolean graph_emails: description: When enabled, requests permission to read the user's emails. type: boolean graph_emails_update: description: When enabled, requests permission to read and write the user's emails. type: boolean graph_files: description: When enabled, requests permission to read the user's files. type: boolean graph_files_all: description: When enabled, requests permission to read all files the user has access to. type: boolean graph_files_all_update: description: When enabled, requests permission to read and write all files the user has access to. type: boolean graph_files_update: description: When enabled, requests permission to read and write the user's files. type: boolean graph_notes: description: When enabled, requests permission to read the user's OneNote notebooks. type: boolean graph_notes_create: description: When enabled, requests permission to create new OneNote notebooks. type: boolean graph_notes_update: description: When enabled, requests permission to read and write the user's OneNote notebooks. type: boolean graph_tasks: description: When enabled, requests permission to read the user's tasks. type: boolean graph_tasks_update: description: When enabled, requests permission to read and write the user's tasks. type: boolean graph_user: description: When enabled, requests permission to read the user's profile. type: boolean graph_user_activity: description: When enabled, requests permission to read the user's activity history. type: boolean graph_user_update: description: When enabled, requests permission to read and write the user's profile. type: boolean group_read_all: type: boolean description: When enabled, allows the app to read all group properties and memberships. group_readwrite_all: type: boolean description: When enabled, allows the app to create groups, read all group properties and memberships, update group properties and memberships, and delete groups. mail_readwrite_all: type: boolean description: When enabled, allows the app to create, read, update, and delete all mail in all mailboxes. mail_send: type: boolean description: When enabled, allows the app to send mail as users in the organization. messenger: type: boolean description: When enabled, requests access to user's Windows Live Messenger data. offline_access: description: When enabled, requests a refresh token for offline access. type: boolean phone_numbers: type: boolean description: When enabled, requests read access to personal, business, and mobile phone numbers. photos: type: boolean description: When enabled, requests read access to user's photos, videos, audio, and albums. postal_addresses: type: boolean description: When enabled, requests read access to personal and business postal addresses. rolemanagement_read_all: type: boolean description: When enabled, allows the app to read the role-based access control (RBAC) settings for your company's directory. rolemanagement_readwrite_directory: type: boolean description: When enabled, allows the app to read and write the role-based access control (RBAC) settings for your company's directory. share: type: boolean description: When enabled, requests permission to share content with other users. signin: description: When enabled, provides single sign-in behavior for users already signed into their Microsoft account. type: boolean const: true sites_read_all: type: boolean description: When enabled, allows the app to read documents and list items in all SharePoint site collections. sites_readwrite_all: type: boolean description: When enabled, allows the app to create, read, update, and delete documents and list items in all SharePoint site collections. skydrive: type: boolean description: When enabled, requests read access to user's files stored on OneDrive. skydrive_update: type: boolean description: When enabled, requests read and write access to user's OneDrive files. team_readbasic_all: type: boolean description: When enabled, allows the app to read the names and descriptions of all teams. team_readwrite_all: type: boolean description: When enabled, allows the app to read and write all teams' information and change team membership. user_read_all: type: boolean description: When enabled, allows the app to read the full set of profile properties, reports, and managers of all users. user_readbasic_all: type: boolean description: When enabled, allows the app to read a basic set of profile properties of all users in the directory. work_profile: type: boolean description: When enabled, requests read access to employer and work position information. ConnectionOptionsWordpress: description: Options for the 'wordpress' connection type: object additionalProperties: true allOf: - $ref: '#/components/schemas/ConnectionOptionsOAuth2Common' - type: object properties: {} ConnectionOptionsYahoo: description: Options for the 'yahoo' connection type: object additionalProperties: true allOf: - $ref: '#/components/schemas/ConnectionOptionsOAuth2Common' - type: object properties: {} ConnectionOptionsYandex: description: Options for the 'yandex' connection type: object additionalProperties: true allOf: - $ref: '#/components/schemas/ConnectionOptionsOAuth2Common' - type: object properties: {} ConnectionPasskeyAuthenticationMethod: type: object description: Passkey authentication enablement additionalProperties: false properties: enabled: type: boolean description: Determines whether passkeys are enabled ConnectionPasskeyChallengeUIEnum: type: string description: Controls the UI used to challenge the user for their passkey. enum: - both - autofill - button ConnectionPasskeyOptions: type: - object - 'null' description: Options for the passkey authentication method additionalProperties: false properties: challenge_ui: $ref: '#/components/schemas/ConnectionPasskeyChallengeUIEnum' progressive_enrollment_enabled: type: boolean description: Enables or disables progressive enrollment of passkeys for the connection. local_enrollment_enabled: type: boolean description: Enables or disables enrollment prompt for local passkey when user authenticates using a cross-device passkey for the connection. ConnectionPasswordAuthenticationMethod: type: object description: Password authentication enablement additionalProperties: false properties: enabled: type: boolean description: Determines whether passwords are enabled api_behavior: $ref: '#/components/schemas/ConnectionApiBehaviorEnum' x-release-lifecycle: EA signup_behavior: $ref: '#/components/schemas/ConnectionSignupBehaviorEnum' x-release-lifecycle: EA ConnectionPasswordComplexityOptions: type: - object - 'null' description: Password complexity options additionalProperties: false properties: min_length: type: integer description: Minimum password length minimum: 1 maximum: 128 ConnectionPasswordDictionaryOptions: type: - object - 'null' description: Options for password dictionary policy additionalProperties: false required: - enable properties: enable: type: boolean dictionary: type: array description: Custom Password Dictionary. An array of up to 200 entries. items: type: string description: Custom Password Dictionary entry. 50 characters max. maxLength: 50 ConnectionPasswordHistoryOptions: type: - object - 'null' description: Options for password history policy additionalProperties: false required: - enable properties: enable: type: boolean size: type: integer minimum: 0 maximum: 24 ConnectionPasswordNoPersonalInfoOptions: type: - object - 'null' description: Options for personal info in passwords policy additionalProperties: false required: - enable properties: enable: type: boolean ConnectionPasswordOptions: type: object description: Password policy options for flexible password policy configuration additionalProperties: false x-release-lifecycle: EA properties: complexity: $ref: '#/components/schemas/ConnectionPasswordOptionsComplexity' dictionary: $ref: '#/components/schemas/ConnectionPasswordOptionsDictionary' history: $ref: '#/components/schemas/ConnectionPasswordOptionsHistory' profile_data: $ref: '#/components/schemas/ConnectionPasswordOptionsProfileData' ConnectionPasswordOptionsComplexity: type: object description: Password complexity requirements configuration additionalProperties: false properties: min_length: type: integer description: Minimum password length required (1-72 characters) minimum: 1 maximum: 72 character_types: type: array description: 'Required character types that must be present in passwords. Valid options: uppercase, lowercase, number, special' items: $ref: '#/components/schemas/PasswordCharacterTypeEnum' character_type_rule: $ref: '#/components/schemas/PasswordCharacterTypeRulePolicyEnum' identical_characters: $ref: '#/components/schemas/PasswordIdenticalCharactersPolicyEnum' sequential_characters: $ref: '#/components/schemas/PasswordSequentialCharactersPolicyEnum' max_length_exceeded: $ref: '#/components/schemas/PasswordMaxLengthExceededPolicyEnum' ConnectionPasswordOptionsDictionary: type: object description: Dictionary-based password restriction policy to prevent common passwords additionalProperties: false properties: active: type: boolean description: Enables dictionary checking to prevent use of common passwords and custom blocked words custom: type: array description: Array of custom words to block in passwords. Maximum 200 items, each up to 50 characters items: type: string maxLength: 50 default: $ref: '#/components/schemas/PasswordDefaultDictionariesEnum' ConnectionPasswordOptionsHistory: type: object description: Password history policy configuration to prevent password reuse additionalProperties: false properties: active: type: boolean description: Enables password history checking to prevent users from reusing recent passwords size: type: integer description: Number of previous passwords to remember and prevent reuse (1-24) minimum: 1 maximum: 24 ConnectionPasswordOptionsProfileData: type: object description: Personal information restriction policy to prevent use of profile data in passwords additionalProperties: false properties: active: type: boolean description: Prevents users from including profile data (like name, email) in their passwords blocked_fields: type: array description: Blocked profile fields. An array of up to 12 entries. items: type: string description: Blocked profile fields entry. 100 characters max. maxLength: 100 ConnectionPasswordPolicyEnum: type: - string - 'null' description: Password strength level enum: - none - low - fair - good - excellent - null ConnectionPhoneOtpAuthenticationMethod: type: object description: Phone OTP authentication enablement additionalProperties: false x-release-lifecycle: EA properties: enabled: type: boolean description: Determines whether phone OTP is enabled ConnectionPingFederateBaseUrl: description: URL provided by PingFederate which returns information used for creating the connection oneOf: - $ref: '#/components/schemas/ConnectionPingFederateBaseUrlPingFederate' ConnectionPingFederateBaseUrlPingFederate: description: PingFederate base URL constrained to HTTP/HTTPS with length bounds allOf: - $ref: '#/components/schemas/ConnectionHttpsUrlWithHttpFallback' - type: string minLength: 1 maxLength: 256 ConnectionProfile: type: object additionalProperties: false properties: id: $ref: '#/components/schemas/ConnectionProfileId' name: $ref: '#/components/schemas/ConnectionProfileName' organization: $ref: '#/components/schemas/ConnectionProfileOrganization' connection_name_prefix_template: $ref: '#/components/schemas/ConnectionNamePrefixTemplate' enabled_features: $ref: '#/components/schemas/ConnectionProfileEnabledFeatures' connection_config: $ref: '#/components/schemas/ConnectionProfileConfig' strategy_overrides: $ref: '#/components/schemas/ConnectionProfileStrategyOverrides' ConnectionProfileBitbucket: description: '`profile` is a boolean that controls whether basic profile information (name, picture, email) is requested from Bitbucket during authentication. When `true`, the connection requests access to the user''s basic profile data.' default: true type: boolean const: true ConnectionProfileConfig: type: object description: Connection profile configuration. additionalProperties: false properties: {} ConnectionProfileEnabledFeatures: type: array description: Enabled features for the connection profile. items: $ref: '#/components/schemas/EnabledFeaturesEnum' ConnectionProfileId: type: string description: Connection Profile identifier. format: connection-profile-id ConnectionProfileName: type: string description: The name of the connection profile. minLength: 1 maxLength: 50 ConnectionProfileOrganization: type: object description: The organization of the connection profile. additionalProperties: false properties: show_as_button: $ref: '#/components/schemas/ConnectionProfileOrganizationShowAsButtonEnum' assign_membership_on_login: $ref: '#/components/schemas/ConnectionProfileOrganizationAssignMembershipOnLoginEnum' ConnectionProfileOrganizationAssignMembershipOnLoginEnum: type: string description: Indicates if membership should be assigned on login. enum: - none - optional - required ConnectionProfileOrganizationShowAsButtonEnum: type: string description: Indicates if the organization should be shown as a button. enum: - none - optional - required ConnectionProfileStrategyOverride: type: object description: Connection Profile Strategy Override additionalProperties: false properties: enabled_features: $ref: '#/components/schemas/ConnectionProfileStrategyOverridesEnabledFeatures' connection_config: $ref: '#/components/schemas/ConnectionProfileStrategyOverridesConnectionConfig' ConnectionProfileStrategyOverrides: type: object description: Strategy-specific overrides for this attribute additionalProperties: false properties: pingfederate: $ref: '#/components/schemas/ConnectionProfileStrategyOverride' ad: $ref: '#/components/schemas/ConnectionProfileStrategyOverride' adfs: $ref: '#/components/schemas/ConnectionProfileStrategyOverride' waad: $ref: '#/components/schemas/ConnectionProfileStrategyOverride' google-apps: $ref: '#/components/schemas/ConnectionProfileStrategyOverride' okta: $ref: '#/components/schemas/ConnectionProfileStrategyOverride' oidc: $ref: '#/components/schemas/ConnectionProfileStrategyOverride' samlp: $ref: '#/components/schemas/ConnectionProfileStrategyOverride' ConnectionProfileStrategyOverridesConnectionConfig: type: object description: Connection profile strategy overrides connection configuration. additionalProperties: false properties: {} ConnectionProfileStrategyOverridesEnabledFeatures: type: array description: Enabled features for a connections profile strategy override. items: $ref: '#/components/schemas/EnabledFeaturesEnum' ConnectionProfileTemplate: type: object description: The structure of the template, which can be used as the payload for creating or updating a Connection Profile. additionalProperties: false properties: name: $ref: '#/components/schemas/ConnectionProfileName' organization: $ref: '#/components/schemas/ConnectionProfileOrganization' connection_name_prefix_template: $ref: '#/components/schemas/ConnectionNamePrefixTemplate' enabled_features: $ref: '#/components/schemas/ConnectionProfileEnabledFeatures' connection_config: $ref: '#/components/schemas/ConnectionProfileConfig' strategy_overrides: $ref: '#/components/schemas/ConnectionProfileStrategyOverrides' ConnectionProfileTemplateItem: type: object additionalProperties: false properties: id: type: string description: The id of the template. display_name: type: string description: The user-friendly name of the template displayed in the UI. template: $ref: '#/components/schemas/ConnectionProfileTemplate' ConnectionPropertiesOptions: type: object description: The connection's options (depend on the connection strategy) additionalProperties: true properties: validation: $ref: '#/components/schemas/ConnectionValidationOptions' non_persistent_attrs: type: - array - 'null' description: An array of user fields that should not be stored in the Auth0 database (https://auth0.com/docs/security/data-security/denylist) items: type: string precedence: type: array description: Order of precedence for attribute types. If the property is not specified, the default precedence of attributes will be used. minItems: 3 items: $ref: '#/components/schemas/ConnectionIdentifierPrecedenceEnum' attributes: $ref: '#/components/schemas/ConnectionAttributes' enable_script_context: type: boolean description: 'Set to true to inject context into custom DB scripts (warning: cannot be disabled once enabled)' enabledDatabaseCustomization: type: boolean description: Set to true to use a legacy user store import_mode: type: boolean description: Enable this if you have a legacy user store and you want to gradually migrate those users to the Auth0 user store configuration: type: - object - 'null' description: Stores encrypted string only configurations for connections additionalProperties: type: - string - 'null' customScripts: $ref: '#/components/schemas/ConnectionCustomScripts' authentication_methods: $ref: '#/components/schemas/ConnectionAuthenticationMethods' passkey_options: $ref: '#/components/schemas/ConnectionPasskeyOptions' passwordPolicy: $ref: '#/components/schemas/ConnectionPasswordPolicyEnum' password_complexity_options: $ref: '#/components/schemas/ConnectionPasswordComplexityOptions' password_history: $ref: '#/components/schemas/ConnectionPasswordHistoryOptions' password_no_personal_info: $ref: '#/components/schemas/ConnectionPasswordNoPersonalInfoOptions' password_dictionary: $ref: '#/components/schemas/ConnectionPasswordDictionaryOptions' api_enable_users: type: boolean api_enable_groups: type: boolean x-release-lifecycle: EA basic_profile: type: boolean ext_admin: type: boolean ext_is_suspended: type: boolean ext_agreed_terms: type: boolean ext_groups: type: boolean ext_assigned_plans: type: boolean ext_profile: type: boolean disable_self_service_change_password: type: boolean upstream_params: $ref: '#/components/schemas/ConnectionUpstreamParams' set_user_root_attributes: $ref: '#/components/schemas/ConnectionSetUserRootAttributesEnum' gateway_authentication: $ref: '#/components/schemas/ConnectionGatewayAuthentication' federated_connections_access_tokens: $ref: '#/components/schemas/ConnectionFederatedConnectionsAccessTokens' password_options: $ref: '#/components/schemas/ConnectionPasswordOptions' x-release-lifecycle: EA assertion_decryption_settings: $ref: '#/components/schemas/ConnectionAssertionDecryptionSettings' id_token_signed_response_algs: $ref: '#/components/schemas/ConnectionIdTokenSignedResponseAlgs' token_endpoint_auth_method: $ref: '#/components/schemas/ConnectionTokenEndpointAuthMethodEnum' token_endpoint_auth_signing_alg: $ref: '#/components/schemas/ConnectionTokenEndpointAuthSigningAlgEnum' token_endpoint_jwtca_aud_format: $ref: '#/components/schemas/ConnectionTokenEndpointJwtcaAudFormatEnumOIDC' ConnectionProtocolBindingEnumSAML: description: Valid SAML protocol bindings type: string enum: - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect ConnectionProtocolBindingSAML: description: SAML protocol binding mechanism for sending authentication requests to the identity provider. anyOf: - $ref: '#/components/schemas/ConnectionProtocolBindingEnumSAML' ConnectionProviderEnumSMS: description: SMS provider values. Use 'sms_gateway' to use a custom SMS gateway instead of Twilio. type: string enum: - sms_gateway - twilio ConnectionProviderSMS: description: SMS provider. Set to 'sms_gateway' to use a custom SMS gateway instead of Twilio. anyOf: - $ref: '#/components/schemas/ConnectionProviderEnumSMS' x-release-lifecycle: deprecated ConnectionProvisioningTicketUrl: description: A ticket URL used for provisioning the connection readOnly: true type: string format: uri pattern: ^https:\/\/.* minLength: 32 maxLength: 256 ConnectionPurposes: description: Purposes for a connection type: object properties: authentication: $ref: '#/components/schemas/ConnectionAuthenticationPurpose' connected_accounts: $ref: '#/components/schemas/ConnectionConnectedAccountsPurpose' ConnectionRealmFallback: type: boolean description: Indicates whether to use realm fallback. default: false ConnectionRealms: type: array description: 'Defines the realms for which the connection will be used (ie: email domains). If the array is empty or the property is not specified, the connection name will be added as realm.' items: type: string description: The realm where this connection belongs format: connection-realm minItems: 0 maxItems: 10 ConnectionRecipientUrlSAML: description: The URL where Auth0 will send SAML authentication requests (the Identity Provider's SSO URL). Must be a valid HTTPS URL. anyOf: - $ref: '#/components/schemas/ConnectionHttpsUrlWithHttpFallback255' ConnectionRegistrationEndpoint: allOf: - description: URL of the OPs Dynamic Client Registration Endpoint. RECOMMENDED but not REQUIRED. https://openid.net/specs/openid-connect-discovery-1_0.html#OpenID.Registration - $ref: '#/components/schemas/ConnectionHttpsUrlWithHttpFallback255' ConnectionRequestObjectEncryptionAlgValuesSupported: type: array description: JSON array containing a list of the JWE encryption algorithms (alg values) supported by the OP for Request Objects. These algorithms are used both when the Request Object is passed by value and when it is passed by reference. minItems: 0 maxItems: 26 items: type: string maxLength: 28 ConnectionRequestObjectEncryptionEncValuesSupported: type: array description: JSON array containing a list of the JWE encryption algorithms (enc values) supported by the OP for Request Objects. These algorithms are used both when the Request Object is passed by value and when it is passed by reference. minItems: 0 maxItems: 12 items: type: string maxLength: 26 ConnectionRequestObjectSigningAlgValuesSupported: type: array description: JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for Request Objects, which are described in Section 6.1 of OpenID Connect Core 1.0 [OpenID.Core]. These algorithms are used both when the Request Object is passed by value (using the request parameter) and when it is passed by reference (using the request_uri parameter). Servers SHOULD support none and RS256. minItems: 0 maxItems: 26 items: type: string maxLength: 10 ConnectionRequestParameterSupported: type: boolean description: Boolean value specifying whether the OP supports use of the request parameter, with true indicating support. If omitted, the default value is false. default: false ConnectionRequestTemplateSAML: description: Custom XML template for SAML authentication requests. Supports variable substitution using @@variableName@@ syntax. When not provided, uses default SAML AuthnRequest template. See https://auth0.com/docs/authenticate/protocols/saml/saml-sso-integrations/configure-auth0-saml-service-provider#customize-the-request-template type: string minLength: 1 maxLength: 10240 ConnectionRequestTokenURLOAuth1: description: The URL of the OAuth 1.0a request-token endpoint. This endpoint is used to obtain a temporary request token during the OAuth 1.0a authentication flow. allOf: - $ref: '#/components/schemas/ConnectionHttpsUrlWithHttpFallback255' ConnectionRequestUriParameterSupported: type: boolean description: Boolean value specifying whether the OP supports use of the request_uri parameter, with true indicating support. If omitted, the default value is false. default: false ConnectionRequireRequestUriRegistration: type: boolean description: Boolean value specifying whether the OP requires use of the request_uri parameter. If omitted, the default value is false. default: false ConnectionRequiresUsername: type: boolean description: Indicates whether the user is required to provide a username in addition to an email address. ConnectionResponseCommon: allOf: - type: object additionalProperties: false properties: id: $ref: '#/components/schemas/ConnectionId' realms: $ref: '#/components/schemas/ConnectionRealms' - $ref: '#/components/schemas/CreateConnectionCommon' required: - display_name - id - name - strategy ConnectionResponseContentAD: description: Response for connections with strategy=ad allOf: - type: object properties: strategy: const: ad options: $ref: '#/components/schemas/ConnectionOptionsAD' provisioning_ticket_url: $ref: '#/components/schemas/ConnectionProvisioningTicketUrl' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentADFS: description: Response for connections with strategy=adfs allOf: - type: object properties: strategy: const: adfs options: $ref: '#/components/schemas/ConnectionOptionsADFS' provisioning_ticket_url: $ref: '#/components/schemas/ConnectionProvisioningTicketUrl' show_as_button: $ref: '#/components/schemas/ConnectionShowAsButton' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentAmazon: description: Response for connections with strategy=amazon allOf: - type: object properties: strategy: const: amazon options: $ref: '#/components/schemas/ConnectionOptionsAmazon' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentApple: description: Response for connections with strategy=apple allOf: - type: object properties: strategy: const: apple options: $ref: '#/components/schemas/ConnectionOptionsApple' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentAuth0: description: Response for connections with strategy=auth0 allOf: - type: object properties: strategy: const: auth0 options: $ref: '#/components/schemas/ConnectionOptionsAuth0' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentAuth0OIDC: description: Response for connections with strategy=auth0-oidc allOf: - type: object properties: strategy: const: auth0-oidc options: $ref: '#/components/schemas/ConnectionOptionsAuth0OIDC' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentAzureAD: description: Response for connections with strategy=waad allOf: - type: object properties: strategy: const: waad options: $ref: '#/components/schemas/ConnectionOptionsAzureAD' provisioning_ticket_url: $ref: '#/components/schemas/ConnectionProvisioningTicketUrl' show_as_button: $ref: '#/components/schemas/ConnectionShowAsButton' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentBaidu: description: Response for connections with strategy=baidu allOf: - type: object properties: strategy: const: baidu options: $ref: '#/components/schemas/ConnectionOptionsBaidu' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentBitbucket: description: Response for connections with strategy=bitbucket allOf: - type: object properties: strategy: const: bitbucket options: $ref: '#/components/schemas/ConnectionOptionsBitbucket' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentBitly: description: Response for connections with strategy=bitly allOf: - type: object properties: strategy: const: bitly options: $ref: '#/components/schemas/ConnectionOptionsBitly' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentBox: description: Response for connections with strategy=box allOf: - type: object properties: strategy: const: box options: $ref: '#/components/schemas/ConnectionOptionsBox' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentCustom: description: Response for connections with strategy=custom allOf: - type: object properties: strategy: const: custom options: $ref: '#/components/schemas/ConnectionOptionsCustom' provisioning_ticket_url: $ref: '#/components/schemas/ConnectionProvisioningTicketUrl' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentDaccount: description: Response for connections with strategy=daccount allOf: - type: object properties: strategy: const: daccount options: $ref: '#/components/schemas/ConnectionOptionsDaccount' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentDropbox: description: Response for connections with strategy=dropbox allOf: - type: object properties: strategy: const: dropbox options: $ref: '#/components/schemas/ConnectionOptionsDropbox' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentDwolla: description: Response for connections with strategy=dwolla allOf: - type: object properties: strategy: const: dwolla options: $ref: '#/components/schemas/ConnectionOptionsDwolla' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentEmail: description: Response for connections with strategy=email allOf: - type: object properties: strategy: const: email options: $ref: '#/components/schemas/ConnectionOptionsEmail' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentEvernote: description: Response for connections with strategy=evernote allOf: - type: object properties: strategy: const: evernote options: $ref: '#/components/schemas/ConnectionOptionsEvernote' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentEvernoteSandbox: description: Response for connections with strategy=evernote-sandbox allOf: - type: object properties: strategy: const: evernote-sandbox options: $ref: '#/components/schemas/ConnectionOptionsEvernote' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentExact: description: Response for connections with strategy=exact allOf: - type: object properties: strategy: const: exact options: $ref: '#/components/schemas/ConnectionOptionsExact' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentFacebook: description: Response for connections with strategy=facebook allOf: - type: object properties: strategy: const: facebook options: $ref: '#/components/schemas/ConnectionOptionsFacebook' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentFitbit: description: Response for connections with strategy=fitbit allOf: - type: object properties: strategy: const: fitbit options: $ref: '#/components/schemas/ConnectionOptionsFitbit' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentGitHub: description: Response for connections with strategy=github allOf: - type: object properties: strategy: const: github options: $ref: '#/components/schemas/ConnectionOptionsGitHub' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentGoogleApps: description: Response for connections with strategy=google-apps allOf: - type: object properties: strategy: const: google-apps options: $ref: '#/components/schemas/ConnectionOptionsGoogleApps' provisioning_ticket_url: $ref: '#/components/schemas/ConnectionProvisioningTicketUrl' show_as_button: $ref: '#/components/schemas/ConnectionShowAsButton' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentGoogleOAuth2: description: Response for connections with strategy=google-oauth2 allOf: - type: object properties: strategy: const: google-oauth2 options: $ref: '#/components/schemas/ConnectionOptionsGoogleOAuth2' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentIP: description: Response for connections with strategy=ip allOf: - type: object properties: strategy: const: ip options: $ref: '#/components/schemas/ConnectionOptionsIP' show_as_button: $ref: '#/components/schemas/ConnectionShowAsButton' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' x-release-lifecycle: deprecated ConnectionResponseContentInstagram: description: Response for connections with strategy=instagram allOf: - type: object properties: strategy: const: instagram options: $ref: '#/components/schemas/ConnectionOptionsInstagram' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' x-release-lifecycle: deprecated ConnectionResponseContentLine: description: Response for connections with strategy=line allOf: - type: object properties: strategy: const: line options: $ref: '#/components/schemas/ConnectionOptionsLine' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentLinkedin: description: Response for connections with strategy=linkedin allOf: - type: object properties: strategy: const: linkedin options: $ref: '#/components/schemas/ConnectionOptionsLinkedin' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentOAuth1: description: Response for connections with strategy=oauth1 allOf: - type: object properties: strategy: const: oauth1 options: $ref: '#/components/schemas/ConnectionOptionsOAuth1' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' x-release-lifecycle: deprecated ConnectionResponseContentOAuth2: description: Response for connections with strategy=oauth2 allOf: - type: object properties: strategy: const: oauth2 options: $ref: '#/components/schemas/ConnectionOptionsOAuth2' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentOIDC: description: Response for connections with strategy=oidc allOf: - type: object properties: strategy: const: oidc authentication: $ref: '#/components/schemas/ConnectionAuthenticationPurpose' connected_accounts: $ref: '#/components/schemas/ConnectionConnectedAccountsPurposeXAA' options: $ref: '#/components/schemas/ConnectionOptionsOIDC' show_as_button: $ref: '#/components/schemas/ConnectionShowAsButton' required: - strategy - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentOffice365: description: Response for connections with strategy=office365 allOf: - type: object properties: strategy: const: office365 options: $ref: '#/components/schemas/ConnectionOptionsOffice365' provisioning_ticket_url: $ref: '#/components/schemas/ConnectionProvisioningTicketUrl' show_as_button: $ref: '#/components/schemas/ConnectionShowAsButton' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentOkta: description: Response for connections with strategy=okta allOf: - type: object properties: strategy: const: okta options: $ref: '#/components/schemas/ConnectionOptionsOkta' show_as_button: $ref: '#/components/schemas/ConnectionShowAsButton' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentPaypal: description: Response for connections with strategy=paypal allOf: - type: object properties: strategy: const: paypal options: $ref: '#/components/schemas/ConnectionOptionsPaypal' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentPaypalSandbox: description: Response for connections with strategy=paypal-sandbox allOf: - type: object properties: strategy: const: paypal-sandbox options: $ref: '#/components/schemas/ConnectionOptionsPaypal' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentPingFederate: description: Response for connections with strategy=pingfederate allOf: - type: object properties: strategy: const: pingfederate options: $ref: '#/components/schemas/ConnectionOptionsPingFederate' provisioning_ticket_url: $ref: '#/components/schemas/ConnectionProvisioningTicketUrl' show_as_button: $ref: '#/components/schemas/ConnectionShowAsButton' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentPlanningCenter: description: Response for connections with strategy=planningcenter allOf: - type: object properties: strategy: const: planningcenter options: $ref: '#/components/schemas/ConnectionOptionsPlanningCenter' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentSAML: description: Response for connections with strategy=samlp allOf: - type: object properties: strategy: const: samlp options: $ref: '#/components/schemas/ConnectionOptionsSAML' provisioning_ticket_url: $ref: '#/components/schemas/ConnectionProvisioningTicketUrl' show_as_button: $ref: '#/components/schemas/ConnectionShowAsButton' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentSMS: description: Response for connections with strategy=sms allOf: - type: object properties: strategy: const: sms options: $ref: '#/components/schemas/ConnectionOptionsSMS' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentSalesforce: description: Response for connections with strategy=salesforce allOf: - type: object properties: strategy: const: salesforce options: $ref: '#/components/schemas/ConnectionOptionsSalesforce' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentSalesforceCommunity: description: Response for connections with strategy=salesforce-community allOf: - type: object properties: strategy: const: salesforce-community options: $ref: '#/components/schemas/ConnectionOptionsSalesforceCommunity' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentSalesforceSandbox: description: Response for connections with strategy=salesforce-sandbox allOf: - type: object properties: strategy: const: salesforce-sandbox options: $ref: '#/components/schemas/ConnectionOptionsSalesforce' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentSharepoint: description: Response for connections with strategy=sharepoint allOf: - type: object properties: strategy: const: sharepoint options: $ref: '#/components/schemas/ConnectionOptionsSharepoint' show_as_button: $ref: '#/components/schemas/ConnectionShowAsButton' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' x-release-lifecycle: deprecated ConnectionResponseContentShop: description: Response for connections with strategy=shop allOf: - type: object properties: strategy: const: shop options: $ref: '#/components/schemas/ConnectionOptionsShop' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentShopify: description: Response for connections with strategy=shopify allOf: - type: object properties: strategy: const: shopify options: $ref: '#/components/schemas/ConnectionOptionsShopify' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentSoundcloud: description: Response for connections with strategy=soundcloud allOf: - type: object properties: strategy: const: soundcloud options: $ref: '#/components/schemas/ConnectionOptionsSoundcloud' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' x-release-lifecycle: deprecated ConnectionResponseContentThirtySevenSignals: description: Response for connections with strategy=thirtysevensignals allOf: - type: object properties: strategy: const: thirtysevensignals options: $ref: '#/components/schemas/ConnectionOptionsThirtySevenSignals' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentTwitter: description: Response for connections with strategy=twitter allOf: - type: object properties: strategy: const: twitter options: $ref: '#/components/schemas/ConnectionOptionsTwitter' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentUntappd: description: Response for connections with strategy=untappd allOf: - type: object properties: strategy: const: untappd options: $ref: '#/components/schemas/ConnectionOptionsUntappd' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentVkontakte: description: Response for connections with strategy=vkontakte allOf: - type: object properties: strategy: const: vkontakte options: $ref: '#/components/schemas/ConnectionOptionsVkontakte' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentWeibo: description: Response for connections with strategy=weibo allOf: - type: object properties: strategy: const: weibo options: $ref: '#/components/schemas/ConnectionOptionsWeibo' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentWindowsLive: description: Response for connections with strategy=windowslive allOf: - type: object properties: strategy: const: windowslive options: $ref: '#/components/schemas/ConnectionOptionsWindowsLive' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentWordpress: description: Response for connections with strategy=wordpress allOf: - type: object properties: strategy: const: wordpress options: $ref: '#/components/schemas/ConnectionOptionsWordpress' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentYahoo: description: Response for connections with strategy=yahoo allOf: - type: object properties: strategy: const: yahoo options: $ref: '#/components/schemas/ConnectionOptionsYahoo' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseContentYandex: description: Response for connections with strategy=yandex allOf: - type: object properties: strategy: const: yandex options: $ref: '#/components/schemas/ConnectionOptionsYandex' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/ConnectionResponseCommon' ConnectionResponseModesSupported: type: array description: A list of the OAuth 2.0 response_mode values that this OP supports. If omitted, the default for Dynamic OpenID Providers is ["query", "fragment"] minItems: 0 maxItems: 16 items: type: string maxLength: 20 ConnectionResponseTypesSupported: type: array description: A list of the OAuth 2.0 response_type values that this OP supports. Dynamic OpenID Providers MUST support the code, id_token, and the token id_token Response Type values minItems: 1 maxItems: 40 items: type: string maxLength: 40 ConnectionScopeAmazon: description: OAuth 2.0 scopes that will be requested from Amazon during authorization. This is automatically populated based on the profile and postal_code settings, plus any freeform_scopes. anyOf: - $ref: '#/components/schemas/ConnectionScopeArray' ConnectionScopeArray: description: Array of custom OAuth 2.0 scopes to request during authentication. type: array minItems: 0 maxItems: 255 items: $ref: '#/components/schemas/ConnectionScopeItem' ConnectionScopeArrayFacebook: description: Array of custom OAuth 2.0 scopes to request during authentication. type: array minItems: 1 maxItems: 255 items: $ref: '#/components/schemas/ConnectionScopeItem' ConnectionScopeArrayWindowsLive: description: Array of custom OAuth 2.0 scopes to request during authentication. anyOf: - $ref: '#/components/schemas/ConnectionScopeArray' ConnectionScopeAzureAD: description: OAuth 2.0 scopes to request from Azure AD during authentication. Each scope represents a permission (e.g., 'User.Read', 'Group.Read.All'). Only applies with Microsoft Identity Platform v2.0. See Microsoft Graph permissions reference for available scopes. type: array minItems: 0 maxItems: 100 items: type: string minLength: 0 maxLength: 100 ConnectionScopeFacebook: description: Computed comma-separated OAuth scope string sent to Facebook. type: string minLength: 0 maxLength: 2048 ConnectionScopeGoogleApps: description: Additional OAuth scopes requested beyond the default `email profile` scopes; ignored unless `allow_setting_login_scopes` is true. type: array items: $ref: '#/components/schemas/ConnectionScopeItemGoogleApps' minItems: 1 maxItems: 64 default: - email - profile ConnectionScopeGoogleOAuth2: description: Array of OAuth 2.0 scopes requested during Google authentication. anyOf: - $ref: '#/components/schemas/ConnectionScopeArray' ConnectionScopeItem: description: A single OAuth 2.0 scope string type: string minLength: 1 maxLength: 255 ConnectionScopeItemGoogleApps: description: An OAuth scope string. type: string minLength: 1 maxLength: 255 ConnectionScopeLinkedin: description: Scopes to request from LinkedIn during OAuth. Use standard scopes such as r_liteprofile and r_emailaddress; legacy or partner scopes (e.g., r_basicprofile, r_fullprofile, rw_company_admin) may require LinkedIn approval and may not be available to new apps. anyOf: - $ref: '#/components/schemas/ConnectionScopeArray' ConnectionScopeOAuth2: description: OAuth 2.0 scopes requested from the identity provider during authorization. Determines what user information and permissions Auth0 can access. Can be specified as a space-delimited string (e.g., 'openid profile email') or array of scope values. The 'useOauthSpecScope' setting controls delimiter behavior when using connection_scope parameter. anyOf: - type: string minLength: 0 maxLength: 4096 - type: array minItems: 0 maxItems: 20 items: type: string minLength: 0 maxLength: 189 ConnectionScopeOIDC: type: string description: 'Space-separated list of OAuth 2.0 scopes requested during authorization. Must include ''openid'' (required by OIDC spec). Common values: ''openid profile email''. Additional scopes depend on the identity provider.' minLength: 6 maxLength: 255 ConnectionScopePaypal: description: OAuth 2.0 scopes requested from PayPal during authorization. Built automatically from the enabled attribute flags (profile, email, address, phone) plus any freeform_scopes. Always includes 'openid' as the base scope. anyOf: - $ref: '#/components/schemas/ConnectionScopeArray' ConnectionScopeSalesforce: description: OAuth scopes to request from Salesforce. This is computed from enabled permission options and any additional freeform scopes. anyOf: - $ref: '#/components/schemas/ConnectionScopeArray' ConnectionScopesSupported: type: - array - 'null' description: A list of the OAuth 2.0 [RFC6749] scope values that this server supports. The server MUST support the openid scope value. Servers MAY choose not to advertise some supported scope values even when this parameter is used, although those defined in [OpenID.Core] SHOULD be listed, if supported. RECOMMENDED but not REQUIRED maxItems: 7000 minItems: 0 items: type: string maxLength: 100 contains: type: string const: openid ConnectionScriptsOAuth1: type: object description: Custom scripts to transform user profile data or modify OAuth1 flow behavior additionalProperties: false properties: fetchUserProfile: type: string description: Custom JavaScript function to retrieve and transform user profile data from the identity provider. Called with the access token and token exchange response. Must return a user profile object. Executed in a sandboxed environment. If not provided, an empty profile object is used. minLength: 0 maxLength: 51200 ConnectionScriptsOAuth2: type: object description: Custom scripts to transform user profile data or modify OAuth2 flow behavior additionalProperties: false properties: fetchUserProfile: type: string description: Custom JavaScript function to retrieve and transform user profile data from the identity provider. Called with the access token and token exchange response. Must return a user profile object. Executed in a sandboxed environment. If not provided, an empty profile object is used. minLength: 0 maxLength: 51200 getLogoutUrl: type: string description: Custom JavaScript function to dynamically construct the logout URL for the identity provider. Called with the request query parameters and must invoke a callback with the logout URL. Only used if 'logoutUrl' is not configured. Executed in a sandboxed environment. minLength: 0 maxLength: 51200 ConnectionSendBackChannelNonce: type: boolean description: When true and type is 'back_channel', includes a cryptographic nonce in authorization requests to prevent replay attacks. The identity provider must include this nonce in the ID token for validation. ConnectionServiceDocumentation: allOf: - description: URL of a page containing human-readable information that developers might want or need to know when using the OpenID Provider. In particular, if the OpenID Provider does not support Dynamic Client Registration, then information on how to register Clients needs to be provided in this documentation. - $ref: '#/components/schemas/ConnectionHttpsUrlWithHttpFallback255' ConnectionSetUserRootAttributesEnum: type: string description: When using an external IdP, this flag determines whether 'name', 'given_name', 'family_name', 'nickname', and 'picture' attributes are updated. In addition, it also determines whether the user is created when user doesnt exist previously. Possible values are 'on_each_login' (default value, it configures the connection to automatically create the user if necessary and update the root attributes from the external IdP with each user login. When this setting is used, root attributes cannot be independently updated), 'on_first_login' (configures the connection to create the user and set the root attributes on first login only, allowing them to be independently updated thereafter), and 'never_on_login' (configures the connection not to create the user and not to set the root attributes from the external IdP, allowing them to be independently updated). default: on_each_login enum: - on_each_login - on_first_login - never_on_login ConnectionSha1Thumbprint: description: SHA-1 thumbprint of the certificate type: string format: hexadecimal minLength: 40 maxLength: 40 ConnectionShouldTrustEmailVerifiedConnectionEnum: type: string description: Choose how Auth0 sets the email_verified field in the user profile. enum: - never_set_emails_as_verified - always_set_emails_as_verified default: never_set_emails_as_verified ConnectionShowAsButton: type: boolean description: Enables showing a button for the connection in the login page (new experience only). If false, it will be usable only by HRD. Defaults to `false`. default: false ConnectionSignInEndpointAD: description: The sign-in endpoint type for the AD-LDAP connector agent (managed by the AD Connector agent). anyOf: - $ref: '#/components/schemas/ConnectionHttpsUrlWithHttpFallback255' ConnectionSignInEndpointADFS: description: Passive Requestor (WS-Fed) sign-in endpoint discovered from metadata or provided explicitly. anyOf: - $ref: '#/components/schemas/ConnectionHttpsUrlWithHttpFallback2048' ConnectionSignInEndpointSAML: description: Identity provider's SAML SingleSignOnService endpoint URL where Auth0 sends SAML authentication requests. This is the primary login URL for the SAML connection. Required unless using metadataUrl or metadataXml. anyOf: - $ref: '#/components/schemas/ConnectionHttpsUrlWithHttpFallback2048' ConnectionSignOutEndpointSAML: description: Identity provider's SAML SingleLogoutService endpoint URL where Auth0 sends logout requests for federated sign-out. When not provided, defaults to signInEndpoint. Only used if disableSignout is false. anyOf: - $ref: '#/components/schemas/ConnectionHttpsUrlWithHttpFallback2048' ConnectionSignSAMLRequestSAML: description: When true, Auth0 signs SAML authentication requests using the connection's signing key. The signature includes the request's digest and is validated by the identity provider. Defaults to false (unsigned requests). type: boolean ConnectionSignatureAlgorithmEnumSAML: description: Valid SAML signature algorithms type: string enum: - rsa-sha1 - rsa-sha256 ConnectionSignatureAlgorithmSAML: description: 'Algorithm used to sign SAML authentication requests and logout requests using the connection''s signing key. Common values: ''rsa-sha256'' (RSA signature with SHA-256 digest) or ''rsa-sha1''. Defaults to ''rsa-sha256''.' anyOf: - $ref: '#/components/schemas/ConnectionSignatureAlgorithmEnumSAML' ConnectionSignatureMethodOAuth1: description: OAuth 1.0a signature algorithm used when signing request-token and access-token calls for this connection (RSA-SHA1 only). type: string const: RSA-SHA1 ConnectionSigningCertSAML: description: Base64-encoded X.509 certificate from the identity provider used to validate signatures in SAML responses and assertions. The certificate is decoded and used for cryptographic signature verification. anyOf: - $ref: '#/components/schemas/ConnectionSigningCertificatePemSAML' ConnectionSigningCertificateDerSAML: description: X.509 signing certificate from the identity provider in .der format. Used to validate signatures in SAML Responses and Assertions. This is an alternative to signingCert and is kept for backward compatibility. Prefer using signingCert instead. type: string x-release-lifecycle: deprecated minLength: 1 maxLength: 10240 ConnectionSigningCertificatePemPingFederate: description: Base64-encoded X.509 certificate from the identity provider used to validate signatures in SAML responses and assertions. The certificate is decoded and used for cryptographic signature verification. type: string writeOnly: true minLength: 1 maxLength: 10240 ConnectionSigningCertificatePemSAML: description: Base64-encoded X.509 certificate from the identity provider used to validate signatures in SAML responses and assertions. The certificate is decoded and used for cryptographic signature verification. type: string minLength: 1 maxLength: 10240 ConnectionSigningKeySAML: description: Key pair with 'key' and 'cert' properties for signing SAML messages type: object properties: cert: description: Base64-encoded X.509 certificate in PEM format used by Auth0 to sign SAML requests and logout messages. type: string minLength: 1 maxLength: 10240 key: description: Private key in PEM format used by Auth0 to sign SAML requests and logout messages. type: string minLength: 1 maxLength: 10240 additionalProperties: type: string minLength: 0 maxLength: 9216 maxProperties: 6 ConnectionSignupBehaviorEnum: type: string description: Specifies the signup behavior for password authentication enum: - allow - block x-release-lifecycle: EA ConnectionStrategyEnum: type: string enum: - ad - adfs - amazon - apple - dropbox - bitbucket - auth0-oidc - auth0 - baidu - bitly - box - custom - daccount - dwolla - email - evernote-sandbox - evernote - exact - facebook - fitbit - github - google-apps - google-oauth2 - instagram - ip - line - linkedin - oauth1 - oauth2 - office365 - oidc - okta - paypal - paypal-sandbox - pingfederate - planningcenter - salesforce-community - salesforce-sandbox - salesforce - samlp - sharepoint - shopify - shop - sms - soundcloud - thirtysevensignals - twitter - untappd - vkontakte - waad - weibo - windowslive - wordpress - yahoo - yandex - auth0-adldap ConnectionStrategyVersionEnumLinkedin: type: integer default: 3 enum: - 1 - 2 - 3 ConnectionStrategyVersionEnumWindowsLive: type: integer description: Version number of the windowslive strategy implementation. default: 2 enum: - 1 - 2 ConnectionSubjectTypesSupported: description: A list of the Subject Identifier types that this OP supports. Valid types include pairwise and public type: array minItems: 0 maxItems: 20 items: type: string minLength: 0 maxLength: 100 ConnectionTemplateSMS: description: SMS message template. Use `@@password@@` as a placeholder for the verification code. example: 'Your verification code is: @@password@@' x-release-lifecycle: deprecated type: string minLength: 1 maxLength: 5120 ConnectionTemplateSyntaxEnumSMS: description: SMS template syntax type. Set to 'md_with_macros' to enable macro processing in templates. type: string enum: - liquid - md_with_macros x-release-lifecycle: deprecated ConnectionTenantDomain: description: Tenant domain type: string minLength: 1 maxLength: 255 ConnectionTenantDomainAD: description: Primary AD domain hint used for HRD and discovery. type: string format: hostname minLength: 1 maxLength: 512 ConnectionTenantDomainAzureAD: description: The Azure AD tenant domain or tenant ID (UUID). Auto-populated from the 'domain' field. Can be either a hostname (e.g., 'contoso.onmicrosoft.com') or a UUID tenant ID. anyOf: - type: string format: hostname minLength: 0 maxLength: 512 - type: string format: uuid ConnectionTenantDomainGoogleApps: description: The Google Workspace primary domain used to identify the organization during authentication. anyOf: - $ref: '#/components/schemas/ConnectionTenantDomain' ConnectionTenantDomainSAML: allOf: - description: For SAML connections, the tenant domain used to construct the login endpoint URL. Can be a string for single-tenant or an array of strings for multi-tenant validation. - $ref: '#/components/schemas/ConnectionTenantDomain' ConnectionTenantIdAzureAD: description: The Azure AD tenant ID as a UUID. The unique identifier for your Azure AD organization. Must be a valid 36-character UUID. type: string format: uuid minLength: 36 maxLength: 36 ConnectionThumbprints: description: Array of certificate thumbprints (SHA-128/SHA-256/SHA-512 hex hashes) for validating SAML signatures. Used with WS-Federation protocol. Maximum 20 thumbprints. Each thumbprint must be a hexadecimal string. type: array minItems: 0 maxItems: 20 items: type: string pattern: ^[0-9a-fA-F]+$ minLength: 0 maxLength: 64 ConnectionThumbprintsAD: description: Array of certificate SHA-1 thumbprints for validating signatures. Managed by Auth0 when using the AD Connector agent. type: array minItems: 0 maxItems: 2 items: $ref: '#/components/schemas/ConnectionSha1Thumbprint' ConnectionThumbprintsSAML: description: SHA-1 thumbprints (fingerprints) of the identity provider's signing certificates. Automatically computed from signingCert during connection creation. Each thumbprint must be a 40-character hexadecimal string. type: array minItems: 0 maxItems: 1 items: $ref: '#/components/schemas/ConnectionSha1Thumbprint' ConnectionTokenEndpoint: allOf: - description: URL of the identity provider's OAuth 2.0 token endpoint where authorization codes are exchanged for access tokens. Must be a valid HTTPS URL. Required for authorization code flow but optional for implicit flow. - $ref: '#/components/schemas/ConnectionHttpsUrlWithHttpFallback255' ConnectionTokenEndpointAuthMethodEnum: type: - string - 'null' description: Authentication method used at the identity provider's token endpoint. 'client_secret_post' sends credentials in the request body; 'private_key_jwt' uses a signed JWT assertion for enhanced security. enum: - client_secret_post - private_key_jwt x-merge-priority: -5 ConnectionTokenEndpointAuthMethodsSupported: type: array description: JSON array containing a list of Client Authentication methods supported by this Token Endpoint. The options are client_secret_post, client_secret_basic, client_secret_jwt, and private_key_jwt, as described in Section 9 of OpenID Connect Core 1.0 [OpenID.Core]. Other authentication methods MAY be defined by extensions. If omitted, the default is client_secret_basic -- the HTTP Basic Authentication Scheme specified in Section 2.3.1 of OAuth 2.0 [RFC6749]. minItems: 0 maxItems: 14 items: type: string maxLength: 60 ConnectionTokenEndpointAuthSigningAlgEnum: type: - string - 'null' description: Algorithm used to sign client_assertions. enum: - ES256 - ES384 - PS256 - PS384 - RS256 - RS384 - RS512 x-merge-priority: -5 ConnectionTokenEndpointAuthSigningAlgValuesSupported: type: array description: JSON array containing a list of the JWS signing algorithms (alg values) supported by the Token Endpoint for the signature on the JWT [JWT] used to authenticate the Client at the Token Endpoint for the private_key_jwt and client_secret_jwt authentication methods. Servers SHOULD support RS256. The value none MUST NOT be used. minItems: 0 maxItems: 24 items: type: string maxLength: 10 ConnectionTokenEndpointJwtcaAudFormatEnumOIDC: type: string description: 'Specifies the format of the aud (audience) claim included in the JWT used for client authentication at the token endpoint. Accepted values are: ''issuer'' (the aud claim is set to the OIDC issuer URL) or ''token_endpoint'' (the aud claim is set to the token endpoint URL).' enum: - issuer - token_endpoint x-merge-priority: -5 ConnectionTokenEndpointOAuth2: anyOf: - $ref: '#/components/schemas/ConnectionTokenEndpoint' ConnectionTokenEndpointOIDC: oneOf: - $ref: '#/components/schemas/ConnectionTokenEndpoint' ConnectionTotpEmail: type: object properties: length: $ref: '#/components/schemas/ConnectionTotpLengthEmail' time_step: $ref: '#/components/schemas/ConnectionTotpTimeStepEmail' additionalProperties: false ConnectionTotpLengthEmail: description: Length of the TOTP code anyOf: - $ref: '#/components/schemas/ConnectionTotpLengthPasswordless' ConnectionTotpLengthPasswordless: description: Length of the TOTP code type: integer minimum: 4 maximum: 40 ConnectionTotpLengthSMS: description: Number of digits in the verification code anyOf: - $ref: '#/components/schemas/ConnectionTotpLengthPasswordless' ConnectionTotpSMS: type: object description: Time-based One-Time Password (TOTP) options properties: length: $ref: '#/components/schemas/ConnectionTotpLengthSMS' time_step: $ref: '#/components/schemas/ConnectionTotpTimeStepSMS' additionalProperties: false ConnectionTotpTimeStepEmail: description: Time step for TOTP in seconds anyOf: - $ref: '#/components/schemas/ConnectionTotpTimeStepPasswordless' ConnectionTotpTimeStepPasswordless: description: Time step for TOTP in seconds type: integer minimum: 60 ConnectionTotpTimeStepSMS: description: Code validity duration in seconds anyOf: - $ref: '#/components/schemas/ConnectionTotpTimeStepPasswordless' ConnectionTwilioSidSMS: description: Twilio Account SID x-release-lifecycle: deprecated type: string minLength: 34 maxLength: 34 pattern: ^AC[0-9a-fA-F]{32}$ ConnectionTwilioTokenSMS: description: Twilio Auth Token x-release-lifecycle: deprecated type: string minLength: 32 maxLength: 2048 ConnectionTypeEnumOIDC: type: string description: OIDC communication channel type. 'back_channel' (confidential client) exchanges tokens server-side for stronger security; 'front_channel' handles responses in the browser. enum: - back_channel - front_channel default: front_channel ConnectionTypeEnumOkta: type: string description: Connection type enum: - back_channel default: back_channel ConnectionUiLocalesSupported: type: array description: Languages and scripts supported for the user interface, represented as a JSON array of BCP47 [RFC5646] language tag values. minItems: 0 maxItems: 150 items: type: string maxLength: 50 ConnectionUpstreamAdditionalProperties: type: object oneOf: - $ref: '#/components/schemas/ConnectionUpstreamAlias' - $ref: '#/components/schemas/ConnectionUpstreamValue' ConnectionUpstreamAlias: type: object additionalProperties: false properties: alias: $ref: '#/components/schemas/ConnectionUpstreamAliasEnum' ConnectionUpstreamAliasEnum: type: string enum: - acr_values - audience - client_id - display - id_token_hint - login_hint - max_age - prompt - resource - response_mode - response_type - ui_locales ConnectionUpstreamParams: type: - object - 'null' description: Options for adding parameters in the request to the upstream IdP additionalProperties: $ref: '#/components/schemas/ConnectionUpstreamAdditionalProperties' ConnectionUpstreamParamsADFS: oneOf: - $ref: '#/components/schemas/ConnectionUpstreamParams' ConnectionUpstreamParamsFacebook: description: Options for adding parameters in the request to the upstream IdP. See https://auth0.com/docs/authenticate/identity-providers/pass-parameters-to-idps type: object additionalProperties: $ref: '#/components/schemas/ConnectionUpstreamAdditionalProperties' maxProperties: 10 ConnectionUpstreamValue: type: object additionalProperties: false properties: value: type: string ConnectionUseCommonEndpointAzureAD: description: When enabled (true), uses the Azure AD common endpoint for multi-tenant authentication. Allows users from any Azure AD organization to sign in. Requires userid_attribute set to 'sub' (not 'oid'). Cannot be used with SCIM provisioning. Defaults to false. default: false type: boolean ConnectionUserAuthorizationURLOAuth1: description: The URL of the OAuth 1.0a user-authorization endpoint. This endpoint is used to redirect users to the provider's site to authorize the temporary request token obtained from the request-token endpoint during the OAuth 1.0a authentication flow. allOf: - $ref: '#/components/schemas/ConnectionHttpsUrlWithHttpFallback255' ConnectionUserIdAttributeSAML: description: Custom SAML assertion attribute to use as the unique user identifier. When provided, this attribute is prepended to the default user_id mapping list with highest priority. Accepts a string (single SAML attribute name). type: string minLength: 1 maxLength: 2396 ConnectionUseridAttributeAzureAD: description: The Azure AD claim to use as the unique user identifier. 'oid' (Object ID) is recommended for single-tenant connections and required for SCIM. 'sub' (Subject) is required for multi-tenant/common endpoint. Only applies with OpenID Connect protocol. anyOf: - $ref: '#/components/schemas/ConnectionUseridAttributeEnumAzureAD' ConnectionUseridAttributeEnumAzureAD: description: User ID attribute to use. Only applies when waad_protocol=openid-connect type: string enum: - oid - sub ConnectionUserinfoEncryptionAlgValuesSupported: type: array description: JSON array containing a list of the JWE [JWE] encryption algorithms (alg values) [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT [JWT]. minItems: 0 maxItems: 26 items: type: string ConnectionUserinfoEncryptionEncValuesSupported: type: array description: JSON array containing a list of the JWE encryption algorithms (enc values) [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT [JWT]. minItems: 0 maxItems: 12 items: type: string ConnectionUserinfoEndpoint: allOf: - description: Optional URL of the identity provider's UserInfo endpoint. When configured with attribute mapping, Auth0 calls this endpoint to retrieve additional user profile claims using the access token. - $ref: '#/components/schemas/ConnectionHttpsUrlWithHttpFallback255' ConnectionUserinfoEndpointOIDC: oneOf: - $ref: '#/components/schemas/ConnectionUserinfoEndpoint' ConnectionUserinfoSigningAlgValuesSupported: type: array description: JSON array containing a list of the JWS [JWS] signing algorithms (alg values) [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT [JWT]. The value none MAY be included. minItems: 0 maxItems: 26 items: type: string maxLength: 10 ConnectionUsernameValidationOptions: type: - object - 'null' additionalProperties: false required: - max - min properties: min: type: integer minimum: 1 max: type: integer maximum: 128 ConnectionValidationOptions: type: - object - 'null' description: Options for validation additionalProperties: false properties: username: $ref: '#/components/schemas/ConnectionUsernameValidationOptions' ConnectionWaadProtocol: description: The authentication protocol for Azure AD v1 endpoints. 'openid-connect' (default, recommended) uses modern OAuth 2.0/OIDC. 'ws-federation' is a legacy SAML-based protocol for older integrations. Only available with Azure AD v1 API. anyOf: - $ref: '#/components/schemas/ConnectionWaadProtocolEnumAzureAD' ConnectionWaadProtocolEnumAzureAD: type: string description: Available WAAD protocols enum: - ws-federation - openid-connect default: openid-connect ConnectionsMetadata: type: object description: Metadata associated with the connection in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. additionalProperties: type: - string - 'null' maxLength: 255 maxProperties: 10 CreateActionModuleRequestContent: type: object additionalProperties: false required: - name - code properties: name: type: string description: The name of the action module. maxLength: 255 pattern: "^[^\0]*$" code: type: string description: The source code of the action module. maxLength: 65536 pattern: "^[^\0]*$" secrets: type: array description: The secrets to associate with the action module. items: $ref: '#/components/schemas/ActionModuleSecretRequest' dependencies: type: array description: The npm dependencies of the action module. items: $ref: '#/components/schemas/ActionModuleDependencyRequest' api_version: type: string description: The API version of the module. maxLength: 20 pattern: "^[^\0]*$" publish: type: boolean description: Whether to publish the module immediately after creation. CreateActionModuleResponseContent: type: object additionalProperties: false properties: id: type: string description: The unique ID of the module. name: type: string description: The name of the module. code: type: string description: The source code from the module's draft version. dependencies: type: array description: The npm dependencies from the module's draft version. items: $ref: '#/components/schemas/ActionModuleDependency' secrets: type: array description: The secrets from the module's draft version (names and timestamps only, values never returned). items: $ref: '#/components/schemas/ActionModuleSecret' actions_using_module_total: type: integer description: The number of deployed actions using this module. all_changes_published: type: boolean description: Whether all draft changes have been published as a version. latest_version_number: type: integer description: The version number of the latest published version. Omitted if no versions have been published. created_at: type: string description: Timestamp when the module was created. format: date-time updated_at: type: string description: Timestamp when the module was last updated. format: date-time latest_version: $ref: '#/components/schemas/ActionModuleVersionReference' CreateActionModuleVersionResponseContent: type: object additionalProperties: false properties: id: type: string description: The unique ID for this version. module_id: type: string description: The ID of the parent module. version_number: type: integer description: The sequential version number. code: type: string description: The exact source code that was published with this version. secrets: type: array description: Secrets available to this version (name and updated_at only, values never returned). items: $ref: '#/components/schemas/ActionModuleSecret' dependencies: type: array description: Dependencies locked to this version. items: $ref: '#/components/schemas/ActionModuleDependency' created_at: type: string description: The timestamp when this version was created. format: date-time CreateActionRequestContent: type: object additionalProperties: false required: - name - supported_triggers properties: name: type: string description: The name of an action. default: my-action supported_triggers: type: array description: The list of triggers that this action supports. At this time, an action can only target a single trigger at a time. minItems: 1 items: $ref: '#/components/schemas/ActionTrigger' x-release-lifecycle: GA code: type: string description: The source code of the action. default: module.exports = () => {} dependencies: type: array description: The list of third party npm modules, and their versions, that this action depends on. items: $ref: '#/components/schemas/ActionVersionDependency' runtime: type: string description: 'The Node runtime. For example: `node22`, defaults to `node22`' default: node22 secrets: type: array description: The list of secrets that are included in an action or a version of an action. items: $ref: '#/components/schemas/ActionSecretRequest' modules: type: array description: The list of action modules and their versions used by this action. items: $ref: '#/components/schemas/ActionModuleReference' deploy: type: boolean description: True if the action should be deployed after creation. default: false CreateActionResponseContent: type: object additionalProperties: false properties: id: type: string description: The unique ID of the action. default: 910b1053-577f-4d81-a8c8-020e7319a38a name: type: string description: The name of an action. default: my-action supported_triggers: type: array description: The list of triggers that this action supports. At this time, an action can only target a single trigger at a time. minItems: 1 items: $ref: '#/components/schemas/ActionTrigger' x-release-lifecycle: GA all_changes_deployed: type: boolean description: True if all of an Action's contents have been deployed. default: false created_at: type: string description: The time when this action was created. default: '2021-01-01T00:00:00.000Z' format: date-time updated_at: type: string description: The time when this action was updated. default: '2021-01-01T00:00:00.000Z' format: date-time code: type: string description: The source code of the action. default: module.exports = () => {} dependencies: type: array description: The list of third party npm modules, and their versions, that this action depends on. items: $ref: '#/components/schemas/ActionVersionDependency' runtime: type: string description: 'The Node runtime. For example: `node22`, defaults to `node22`' default: node22 secrets: type: array description: The list of secrets that are included in an action or a version of an action. items: $ref: '#/components/schemas/ActionSecretResponse' deployed_version: $ref: '#/components/schemas/ActionDeployedVersion' installed_integration_id: type: string description: installed_integration_id is the fk reference to the InstalledIntegration entity. default: 7d2bc0c9-c0c2-433a-9f4e-86ef80270aad integration: $ref: '#/components/schemas/Integration' status: $ref: '#/components/schemas/ActionBuildStatusEnum' built_at: type: string description: The time when this action was built successfully. default: '2021-01-01T00:00:00.000Z' format: date-time deploy: type: boolean description: True if the action should be deployed after creation. default: false modules: type: array description: The list of action modules and their versions used by this action. items: $ref: '#/components/schemas/ActionModuleReference' CreateBrandingPhoneProviderRequestContent: type: object description: Phone provider configuration schema additionalProperties: true required: - name - credentials properties: name: $ref: '#/components/schemas/PhoneProviderNameEnum' disabled: type: boolean description: Whether the provider is enabled (false) or disabled (true). configuration: $ref: '#/components/schemas/PhoneProviderConfiguration' credentials: $ref: '#/components/schemas/PhoneProviderCredentials' CreateBrandingPhoneProviderResponseContent: type: object description: Phone provider configuration schema additionalProperties: false required: - name - credentials properties: id: type: string minLength: 1 maxLength: 255 tenant: type: string description: The name of the tenant minLength: 1 maxLength: 255 name: $ref: '#/components/schemas/PhoneProviderNameEnum' channel: $ref: '#/components/schemas/PhoneProviderChannelEnum' disabled: type: boolean description: Whether the provider is enabled (false) or disabled (true). configuration: $ref: '#/components/schemas/PhoneProviderConfiguration' created_at: type: string description: The provider's creation date and time in ISO 8601 format maxLength: 27 format: date-time updated_at: type: string description: The date and time of the last update to the provider in ISO 8601 format maxLength: 27 format: date-time CreateBrandingThemeRequestContent: type: object description: Branding theme additionalProperties: false required: - borders - colors - fonts - page_background - widget minProperties: 1 properties: borders: $ref: '#/components/schemas/BrandingThemeBorders' colors: $ref: '#/components/schemas/BrandingThemeColors' displayName: type: string description: Display Name maxLength: 2048 pattern: ^[^<>]*$ fonts: $ref: '#/components/schemas/BrandingThemeFonts' page_background: $ref: '#/components/schemas/BrandingThemePageBackground' widget: $ref: '#/components/schemas/BrandingThemeWidget' CreateBrandingThemeResponseContent: type: object additionalProperties: false required: - borders - colors - displayName - fonts - page_background - themeId - widget properties: borders: $ref: '#/components/schemas/BrandingThemeBorders' colors: $ref: '#/components/schemas/BrandingThemeColors' displayName: type: string description: Display Name maxLength: 2048 pattern: ^[^<>]*$ fonts: $ref: '#/components/schemas/BrandingThemeFonts' page_background: $ref: '#/components/schemas/BrandingThemePageBackground' themeId: type: string description: Theme Id maxLength: 32 pattern: ^[a-zA-Z0-9]{32}$ widget: $ref: '#/components/schemas/BrandingThemeWidget' CreateClientAuthenticationMethodSelfSignedTLSClientAuth: type: object description: Defines `self_signed_tls_client_auth` client authentication method. If the property is defined, the client is configured to use mTLS authentication method utilizing self-signed certificate. additionalProperties: false required: - credentials properties: credentials: $ref: '#/components/schemas/CreateClientAuthenticationMethodSelfSignedTLSClientAuthCredentials' CreateClientAuthenticationMethodSelfSignedTLSClientAuthCredentials: type: array description: Fully defined credentials that will be enabled on the client for mTLS authentication utilizing self-signed certificate. minItems: 0 items: $ref: '#/components/schemas/X509CertificateCredential' CreateClientGrantRequestContent: type: object additionalProperties: false required: - audience properties: client_id: type: string description: ID of the client. audience: type: string description: The audience (API identifier) of this client grant minLength: 1 default_for: $ref: '#/components/schemas/ClientGrantDefaultForEnum' x-release-lifecycle: GA organization_usage: $ref: '#/components/schemas/ClientGrantOrganizationUsageEnum' allow_any_organization: type: boolean description: If enabled, any organization can be used with this grant. If disabled (default), the grant must be explicitly assigned to the desired organizations. default: false scope: type: array description: Scopes allowed for this client grant. items: type: string minLength: 1 maxLength: 280 subject_type: $ref: '#/components/schemas/ClientGrantSubjectTypeEnum' authorization_details_types: type: array description: Types of authorization_details allowed for this client grant. items: type: string minLength: 1 maxLength: 255 allow_all_scopes: type: boolean description: If enabled, all scopes configured on the resource server are allowed for this grant. CreateClientGrantResponseContent: type: object additionalProperties: false properties: id: type: string description: ID of the client grant. client_id: type: string description: ID of the client. audience: type: string description: The audience (API identifier) of this client grant. minLength: 1 scope: type: array description: Scopes allowed for this client grant. items: type: string minLength: 1 organization_usage: $ref: '#/components/schemas/ClientGrantOrganizationUsageEnum' allow_any_organization: type: boolean description: If enabled, any organization can be used with this grant. If disabled (default), the grant must be explicitly assigned to the desired organizations. default_for: $ref: '#/components/schemas/ClientGrantDefaultForEnum' x-release-lifecycle: GA is_system: type: boolean description: If enabled, this grant is a special grant created by Auth0. It cannot be modified or deleted directly. subject_type: $ref: '#/components/schemas/ClientGrantSubjectTypeEnum' authorization_details_types: type: array description: Types of authorization_details allowed for this client grant. items: type: string minLength: 1 maxLength: 255 allow_all_scopes: type: boolean description: If enabled, all scopes configured on the resource server are allowed for this grant. CreateClientRequestContent: type: object additionalProperties: false required: - name properties: name: type: string description: 'Name of this client (min length: 1 character, does not allow `<` or `>`).' pattern: ^[^<>]+$ description: type: string description: 'Free text description of this client (max length: 140 characters).' maxLength: 140 logo_uri: type: string description: URL of the logo to display for this client. Recommended size is 150x150 pixels. format: absolute-uri-or-empty callbacks: type: array description: Comma-separated list of URLs whitelisted for Auth0 to use as a callback to the client after authentication. items: type: string format: callback-url oidc_logout: $ref: '#/components/schemas/ClientOIDCBackchannelLogoutSettings' oidc_backchannel_logout: $ref: '#/components/schemas/ClientOIDCBackchannelLogoutSettings' x-release-lifecycle: deprecated description: Configuration for OIDC backchannel logout (deprecated, in favor of oidc_logout) session_transfer: $ref: '#/components/schemas/ClientSessionTransferConfiguration' allowed_origins: type: array description: Comma-separated list of URLs allowed to make requests from JavaScript to Auth0 API (typically used with CORS). By default, all your callback URLs will be allowed. This field allows you to enter other origins if necessary. You can also use wildcards at the subdomain level (e.g., https://*.contoso.com). Query strings and hash information are not taken into account when validating these URLs. items: type: string format: url-with-placeholders web_origins: type: array description: Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode. items: type: string format: url-with-placeholders client_aliases: type: array description: List of audiences/realms for SAML protocol. Used by the wsfed addon. items: type: string minLength: 1 allowed_clients: type: array description: List of allow clients and API ids that are allowed to make delegation requests. Empty means all all your clients are allowed. items: type: string minLength: 1 allowed_logout_urls: type: array description: Comma-separated list of URLs that are valid to redirect to after logout from Auth0. Wildcards are allowed for subdomains. items: type: string format: url-with-placeholders grant_types: type: array description: List of grant types supported for this application. Can include `authorization_code`, `implicit`, `refresh_token`, `client_credentials`, `password`, `http://auth0.com/oauth/grant-type/password-realm`, `http://auth0.com/oauth/grant-type/mfa-oob`, `http://auth0.com/oauth/grant-type/mfa-otp`, `http://auth0.com/oauth/grant-type/mfa-recovery-code`, `urn:openid:params:grant-type:ciba`, `urn:ietf:params:oauth:grant-type:device_code`, and `urn:auth0:params:oauth:grant-type:token-exchange:federated-connection-access-token`. items: type: string minLength: 1 token_endpoint_auth_method: $ref: '#/components/schemas/ClientTokenEndpointAuthMethodEnum' is_token_endpoint_ip_header_trusted: type: boolean description: If true, trust that the IP specified in the `auth0-forwarded-for` header is the end-user's IP for brute-force-protection on token endpoint. default: false app_type: $ref: '#/components/schemas/ClientAppTypeEnum' is_first_party: type: boolean description: Whether this client a first party client or not default: true oidc_conformant: type: boolean description: Whether this client conforms to strict OIDC specifications (true) or uses legacy features (false). default: false jwt_configuration: $ref: '#/components/schemas/ClientJwtConfiguration' encryption_key: $ref: '#/components/schemas/ClientEncryptionKey' sso: type: boolean description: Applies only to SSO clients and determines whether Auth0 will handle Single Sign On (true) or whether the Identity Provider will (false). cross_origin_authentication: type: boolean description: Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false). default: false cross_origin_loc: type: string description: URL of the location in your site where the cross origin verification takes place for the cross-origin auth flow when performing Auth in your own domain instead of Auth0 hosted login page. format: url sso_disabled: type: boolean description: 'true to disable Single Sign On, false otherwise (default: false)' custom_login_page_on: type: boolean description: true if the custom login page is to be used, false otherwise. Defaults to true custom_login_page: type: string description: The content (HTML, CSS, JS) of the custom login page. minLength: 1 custom_login_page_preview: type: string description: The content (HTML, CSS, JS) of the custom login page. (Used on Previews) minLength: 1 form_template: type: string description: HTML form template to be used for WS-Federation. minLength: 1 addons: $ref: '#/components/schemas/ClientAddons' client_metadata: $ref: '#/components/schemas/ClientMetadata' mobile: $ref: '#/components/schemas/ClientMobile' initiate_login_uri: type: string description: Initiate login uri, must be https format: absolute-https-uri-with-placeholders-or-empty native_social_login: $ref: '#/components/schemas/NativeSocialLogin' refresh_token: $ref: '#/components/schemas/ClientRefreshTokenConfiguration' default_organization: $ref: '#/components/schemas/ClientDefaultOrganization' organization_usage: $ref: '#/components/schemas/ClientOrganizationUsageEnum' organization_require_behavior: $ref: '#/components/schemas/ClientOrganizationRequireBehaviorEnum' organization_discovery_methods: type: array description: Defines the available methods for organization discovery during the `pre_login_prompt`. Users can discover their organization either by `email`, `organization_name` or both. minItems: 1 x-release-lifecycle: EA items: $ref: '#/components/schemas/ClientOrganizationDiscoveryEnum' client_authentication_methods: $ref: '#/components/schemas/ClientCreateAuthenticationMethod' require_pushed_authorization_requests: type: boolean description: Makes the use of Pushed Authorization Requests mandatory for this client default: false require_proof_of_possession: type: boolean description: Makes the use of Proof-of-Possession mandatory for this client default: false signed_request_object: $ref: '#/components/schemas/ClientSignedRequestObjectWithPublicKey' compliance_level: $ref: '#/components/schemas/ClientComplianceLevelEnum' skip_non_verifiable_callback_uri_confirmation_prompt: type: boolean description: 'Controls whether a confirmation prompt is shown during login flows when the redirect URI uses non-verifiable callback URIs (for example, a custom URI schema such as `myapp://`, or `localhost`). If set to true, a confirmation prompt will not be shown. We recommend that this is set to false for improved protection from malicious apps. See https://auth0.com/docs/secure/security-guidance/measures-against-app-impersonation for more information.' token_exchange: $ref: '#/components/schemas/ClientTokenExchangeConfiguration' x-release-lifecycle: GA par_request_expiry: type: - integer - 'null' description: Specifies how long, in seconds, a Pushed Authorization Request URI remains valid minimum: 10 maximum: 600 token_quota: $ref: '#/components/schemas/CreateTokenQuota' x-release-lifecycle: EA resource_server_identifier: type: string description: The identifier of the resource server that this client is linked to. minLength: 1 maxLength: 600 third_party_security_mode: $ref: '#/components/schemas/ClientThirdPartySecurityModeEnum' x-release-lifecycle: GA redirection_policy: $ref: '#/components/schemas/ClientRedirectionPolicyEnum' x-release-lifecycle: GA express_configuration: $ref: '#/components/schemas/ExpressConfiguration' my_organization_configuration: $ref: '#/components/schemas/ClientMyOrganizationPostConfiguration' x-release-lifecycle: EA async_approval_notification_channels: $ref: '#/components/schemas/ClientAsyncApprovalNotificationsChannelsAPIPostConfiguration' CreateClientResponseContent: type: object additionalProperties: true properties: client_id: type: string description: ID of this client. default: AaiyAPdpYdesoKnqjj8HJqRn4T5titww tenant: type: string description: Name of the tenant this client belongs to. default: '' name: type: string description: 'Name of this client (min length: 1 character, does not allow `<` or `>`).' default: My application description: type: string description: 'Free text description of this client (max length: 140 characters).' default: '' global: type: boolean description: Whether this is your global 'All Applications' client representing legacy tenant settings (true) or a regular client (false). default: false client_secret: type: string description: Client secret (which you must not make public). default: MG_TNT2ver-SylNat-_VeMmd-4m0Waba0jr1troztBniSChEw0glxEmgEi2Kw40H app_type: $ref: '#/components/schemas/ClientAppTypeEnum' logo_uri: type: string description: URL of the logo to display for this client. Recommended size is 150x150 pixels. is_first_party: type: boolean description: Whether this client a first party client (true) or not (false). default: false oidc_conformant: type: boolean description: Whether this client conforms to strict OIDC specifications (true) or uses legacy features (false). default: false callbacks: type: array description: Comma-separated list of URLs whitelisted for Auth0 to use as a callback to the client after authentication. items: type: string allowed_origins: type: array description: Comma-separated list of URLs allowed to make requests from JavaScript to Auth0 API (typically used with CORS). By default, all your callback URLs will be allowed. This field allows you to enter other origins if necessary. You can also use wildcards at the subdomain level (e.g., https://*.contoso.com). Query strings and hash information are not taken into account when validating these URLs. items: type: string web_origins: type: array description: Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode. items: type: string client_aliases: type: array description: List of audiences/realms for SAML protocol. Used by the wsfed addon. items: type: string allowed_clients: type: array description: List of allow clients and API ids that are allowed to make delegation requests. Empty means all all your clients are allowed. items: type: string allowed_logout_urls: type: array description: Comma-separated list of URLs that are valid to redirect to after logout from Auth0. Wildcards are allowed for subdomains. items: type: string session_transfer: $ref: '#/components/schemas/ClientSessionTransferConfiguration' oidc_logout: $ref: '#/components/schemas/ClientOIDCBackchannelLogoutSettings' grant_types: type: array description: List of grant types supported for this application. Can include `authorization_code`, `implicit`, `refresh_token`, `client_credentials`, `password`, `http://auth0.com/oauth/grant-type/password-realm`, `http://auth0.com/oauth/grant-type/mfa-oob`, `http://auth0.com/oauth/grant-type/mfa-otp`, `http://auth0.com/oauth/grant-type/mfa-recovery-code`, `urn:openid:params:grant-type:ciba`, `urn:ietf:params:oauth:grant-type:device_code`, and `urn:auth0:params:oauth:grant-type:token-exchange:federated-connection-access-token`. items: type: string jwt_configuration: $ref: '#/components/schemas/ClientJwtConfiguration' signing_keys: $ref: '#/components/schemas/ClientSigningKeys' encryption_key: $ref: '#/components/schemas/ClientEncryptionKey' sso: type: boolean description: Applies only to SSO clients and determines whether Auth0 will handle Single Sign On (true) or whether the Identity Provider will (false). default: false sso_disabled: type: boolean description: Whether Single Sign On is disabled (true) or enabled (true). Defaults to true. default: false cross_origin_authentication: type: boolean description: Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false). cross_origin_loc: type: string description: URL of the location in your site where the cross origin verification takes place for the cross-origin auth flow when performing Auth in your own domain instead of Auth0 hosted login page. format: url custom_login_page_on: type: boolean description: Whether a custom login page is to be used (true) or the default provided login page (false). default: true custom_login_page: type: string description: The content (HTML, CSS, JS) of the custom login page. default: '' custom_login_page_preview: type: string description: The content (HTML, CSS, JS) of the custom login page. (Used on Previews) default: '' form_template: type: string description: HTML form template to be used for WS-Federation. default: '' addons: $ref: '#/components/schemas/ClientAddons' token_endpoint_auth_method: $ref: '#/components/schemas/ClientTokenEndpointAuthMethodEnum' is_token_endpoint_ip_header_trusted: type: boolean description: If true, trust that the IP specified in the `auth0-forwarded-for` header is the end-user's IP for brute-force-protection on token endpoint. default: false client_metadata: $ref: '#/components/schemas/ClientMetadata' mobile: $ref: '#/components/schemas/ClientMobile' initiate_login_uri: type: string description: Initiate login uri, must be https format: absolute-https-uri-with-placeholders-or-empty native_social_login: {} refresh_token: $ref: '#/components/schemas/ClientRefreshTokenConfiguration' default_organization: $ref: '#/components/schemas/ClientDefaultOrganization' organization_usage: $ref: '#/components/schemas/ClientOrganizationUsageEnum' organization_require_behavior: $ref: '#/components/schemas/ClientOrganizationRequireBehaviorEnum' organization_discovery_methods: type: array description: Defines the available methods for organization discovery during the `pre_login_prompt`. Users can discover their organization either by `email`, `organization_name` or both. minItems: 1 x-release-lifecycle: EA items: $ref: '#/components/schemas/ClientOrganizationDiscoveryEnum' client_authentication_methods: $ref: '#/components/schemas/ClientAuthenticationMethod' require_pushed_authorization_requests: type: boolean description: Makes the use of Pushed Authorization Requests mandatory for this client default: false require_proof_of_possession: type: boolean description: Makes the use of Proof-of-Possession mandatory for this client default: false signed_request_object: $ref: '#/components/schemas/ClientSignedRequestObjectWithCredentialId' compliance_level: $ref: '#/components/schemas/ClientComplianceLevelEnum' skip_non_verifiable_callback_uri_confirmation_prompt: type: boolean description: 'Controls whether a confirmation prompt is shown during login flows when the redirect URI uses non-verifiable callback URIs (for example, a custom URI schema such as `myapp://`, or `localhost`). If set to true, a confirmation prompt will not be shown. We recommend that this is set to false for improved protection from malicious apps. See https://auth0.com/docs/secure/security-guidance/measures-against-app-impersonation for more information.' token_exchange: $ref: '#/components/schemas/ClientTokenExchangeConfiguration' x-release-lifecycle: GA par_request_expiry: type: - integer - 'null' description: Specifies how long, in seconds, a Pushed Authorization Request URI remains valid minimum: 10 maximum: 600 token_quota: $ref: '#/components/schemas/TokenQuota' x-release-lifecycle: EA express_configuration: $ref: '#/components/schemas/ExpressConfiguration' my_organization_configuration: $ref: '#/components/schemas/ClientMyOrganizationResponseConfiguration' x-release-lifecycle: EA third_party_security_mode: $ref: '#/components/schemas/ClientThirdPartySecurityModeEnum' x-release-lifecycle: GA redirection_policy: $ref: '#/components/schemas/ClientRedirectionPolicyEnum' x-release-lifecycle: GA resource_server_identifier: type: string description: The identifier of the resource server that this client is linked to. async_approval_notification_channels: $ref: '#/components/schemas/ClientAsyncApprovalNotificationsChannelsAPIPostConfiguration' external_metadata_type: $ref: '#/components/schemas/ClientExternalMetadataTypeEnum' external_metadata_created_by: $ref: '#/components/schemas/ClientExternalMetadataCreatedByEnum' external_client_id: type: string description: An alternate client identifier to be used during authorization flows. Only supports CIMD-based client identifiers. format: absolute-https-uri-or-empty jwks_uri: type: string description: URL for the JSON Web Key Set (JWKS) containing the public keys used for private_key_jwt authentication. Only present for CIMD clients using private_key_jwt authentication. format: absolute-https-uri-or-empty CreateConnectionCommon: allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object additionalProperties: false properties: name: $ref: '#/components/schemas/ConnectionName' enabled_clients: type: array description: Use of this property is NOT RECOMMENDED. Use the PATCH /v2/connections/{id}/clients endpoint to enable the connection for a set of clients. items: type: string description: The id of the client for which the connection is to be enabled. format: client-id required: - name CreateConnectionProfileRequestContent: type: object additionalProperties: false required: - name properties: name: $ref: '#/components/schemas/ConnectionProfileName' organization: $ref: '#/components/schemas/ConnectionProfileOrganization' connection_name_prefix_template: $ref: '#/components/schemas/ConnectionNamePrefixTemplate' enabled_features: $ref: '#/components/schemas/ConnectionProfileEnabledFeatures' connection_config: $ref: '#/components/schemas/ConnectionProfileConfig' strategy_overrides: $ref: '#/components/schemas/ConnectionProfileStrategyOverrides' CreateConnectionProfileResponseContent: type: object additionalProperties: false properties: id: $ref: '#/components/schemas/ConnectionProfileId' name: $ref: '#/components/schemas/ConnectionProfileName' organization: $ref: '#/components/schemas/ConnectionProfileOrganization' connection_name_prefix_template: $ref: '#/components/schemas/ConnectionNamePrefixTemplate' enabled_features: $ref: '#/components/schemas/ConnectionProfileEnabledFeatures' connection_config: $ref: '#/components/schemas/ConnectionProfileConfig' strategy_overrides: $ref: '#/components/schemas/ConnectionProfileStrategyOverrides' CreateConnectionRequestContent: type: object additionalProperties: false required: - name - strategy properties: name: type: string description: The name of the connection. Must start and end with an alphanumeric character and can only contain alphanumeric characters and '-'. Max length 128 maxLength: 128 pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$ display_name: type: string description: Connection name used in the new universal login experience maxLength: 128 strategy: $ref: '#/components/schemas/ConnectionIdentityProviderEnum' options: $ref: '#/components/schemas/ConnectionPropertiesOptions' enabled_clients: type: array description: Use of this property is NOT RECOMMENDED. Use the PATCH /v2/connections/{id}/clients endpoint to enable the connection for a set of clients. items: type: string description: The id of the client for which the connection is to be enabled. format: client-id is_domain_connection: type: boolean description: true promotes to a domain-level connection so that third-party applications can use it. false does not promote the connection, so only first-party applications with the connection enabled can use it. (Defaults to false.) show_as_button: type: boolean description: Enables showing a button for the connection in the login page (new experience only). If false, it will be usable only by HRD. (Defaults to false.) realms: type: array description: 'Defines the realms for which the connection will be used (ie: email domains). If the array is empty or the property is not specified, the connection name will be added as realm.' items: type: string description: The realm where this connection belongs format: connection-realm metadata: $ref: '#/components/schemas/ConnectionsMetadata' authentication: $ref: '#/components/schemas/ConnectionAuthenticationPurpose' x-release-lifecycle: GA connected_accounts: $ref: '#/components/schemas/ConnectionConnectedAccountsPurpose' x-release-lifecycle: GA CreateConnectionRequestContentAD: description: Create a connection with strategy=ad allOf: - type: object properties: strategy: const: ad options: $ref: '#/components/schemas/ConnectionOptionsAD' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentADFS: description: Create a connection with strategy=adfs allOf: - type: object properties: strategy: const: adfs options: $ref: '#/components/schemas/ConnectionOptionsADFS' show_as_button: $ref: '#/components/schemas/ConnectionShowAsButton' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentAmazon: description: Create a connection with strategy=amazon allOf: - type: object properties: strategy: const: amazon options: $ref: '#/components/schemas/ConnectionOptionsAmazon' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentApple: description: Create a connection with strategy=apple allOf: - type: object properties: strategy: const: apple options: $ref: '#/components/schemas/ConnectionOptionsApple' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentAuth0: description: Create a connection with strategy=auth0 allOf: - type: object properties: strategy: const: auth0 options: $ref: '#/components/schemas/ConnectionOptionsAuth0' realms: $ref: '#/components/schemas/ConnectionRealms' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentAuth0OIDC: description: Create a connection with strategy=auth0-oidc allOf: - type: object properties: strategy: const: auth0-oidc options: $ref: '#/components/schemas/ConnectionOptionsAuth0OIDC' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentAzureAD: description: Create a connection with strategy=waad allOf: - type: object properties: strategy: const: waad options: $ref: '#/components/schemas/ConnectionOptionsAzureAD' show_as_button: $ref: '#/components/schemas/ConnectionShowAsButton' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentBaidu: description: Create a connection with strategy=baidu allOf: - type: object properties: strategy: const: baidu options: $ref: '#/components/schemas/ConnectionOptionsBaidu' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentBitbucket: description: Create a connection with strategy=bitbucket allOf: - type: object properties: strategy: const: bitbucket options: $ref: '#/components/schemas/ConnectionOptionsBitbucket' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentBitly: description: Create a connection with strategy=bitly allOf: - type: object properties: strategy: const: bitly options: $ref: '#/components/schemas/ConnectionOptionsBitly' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentBox: description: Create a connection with strategy=box allOf: - type: object properties: strategy: const: box options: $ref: '#/components/schemas/ConnectionOptionsBox' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentCustom: description: Create a connection with strategy=custom allOf: - type: object properties: strategy: const: custom options: $ref: '#/components/schemas/ConnectionOptionsCustom' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentDaccount: description: Create a connection with strategy=daccount allOf: - type: object properties: strategy: const: daccount options: $ref: '#/components/schemas/ConnectionOptionsDaccount' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentDropbox: description: Create a connection with strategy=dropbox allOf: - type: object properties: strategy: const: dropbox options: $ref: '#/components/schemas/ConnectionOptionsDropbox' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentDwolla: description: Create a connection with strategy=dwolla allOf: - type: object properties: strategy: const: dwolla options: $ref: '#/components/schemas/ConnectionOptionsDwolla' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentEmail: description: Create a connection with strategy=email allOf: - type: object properties: strategy: const: email options: $ref: '#/components/schemas/ConnectionOptionsEmail' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentEvernote: description: Create a connection with strategy=evernote allOf: - type: object properties: strategy: const: evernote options: $ref: '#/components/schemas/ConnectionOptionsEvernote' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentEvernoteSandbox: description: Create a connection with strategy=evernote-sandbox allOf: - type: object properties: strategy: const: evernote-sandbox options: $ref: '#/components/schemas/ConnectionOptionsEvernote' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentExact: description: Create a connection with strategy=exact allOf: - type: object properties: strategy: const: exact options: $ref: '#/components/schemas/ConnectionOptionsExact' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentFacebook: description: Create a connection with strategy=facebook allOf: - type: object properties: strategy: const: facebook options: $ref: '#/components/schemas/ConnectionOptionsFacebook' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentFitbit: description: Create a connection with strategy=fitbit allOf: - type: object properties: strategy: const: fitbit options: $ref: '#/components/schemas/ConnectionOptionsFitbit' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentGitHub: description: Create a connection with strategy=github allOf: - type: object properties: strategy: const: github options: $ref: '#/components/schemas/ConnectionOptionsGitHub' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentGoogleApps: description: Create a connection with strategy=google-apps allOf: - type: object properties: strategy: const: google-apps options: $ref: '#/components/schemas/ConnectionOptionsGoogleApps' show_as_button: $ref: '#/components/schemas/ConnectionShowAsButton' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentGoogleOAuth2: description: Create a connection with strategy=google-oauth2 allOf: - type: object properties: strategy: const: google-oauth2 options: $ref: '#/components/schemas/ConnectionOptionsGoogleOAuth2' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentIP: description: Create a connection with strategy=ip allOf: - type: object properties: strategy: const: ip options: $ref: '#/components/schemas/ConnectionOptionsIP' show_as_button: $ref: '#/components/schemas/ConnectionShowAsButton' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' x-release-lifecycle: deprecated CreateConnectionRequestContentInstagram: description: Create a connection with strategy=instagram allOf: - type: object properties: strategy: const: instagram options: $ref: '#/components/schemas/ConnectionOptionsInstagram' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' x-release-lifecycle: deprecated CreateConnectionRequestContentLine: description: Create a connection with strategy=line allOf: - type: object properties: strategy: const: line options: $ref: '#/components/schemas/ConnectionOptionsLine' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentLinkedin: description: Create a connection with strategy=linkedin allOf: - type: object properties: strategy: const: linkedin options: $ref: '#/components/schemas/ConnectionOptionsLinkedin' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentOAuth1: description: Create a connection with strategy=oauth1 allOf: - type: object properties: strategy: const: oauth1 options: $ref: '#/components/schemas/ConnectionOptionsOAuth1' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' x-release-lifecycle: deprecated CreateConnectionRequestContentOAuth2: description: Create a connection with strategy=oauth2 allOf: - type: object properties: strategy: const: oauth2 options: $ref: '#/components/schemas/ConnectionOptionsOAuth2' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentOIDC: description: Create a connection with strategy=oidc allOf: - type: object properties: strategy: const: oidc authentication: $ref: '#/components/schemas/ConnectionAuthenticationPurpose' connected_accounts: $ref: '#/components/schemas/ConnectionConnectedAccountsPurposeXAA' options: $ref: '#/components/schemas/ConnectionOptionsOIDC' show_as_button: $ref: '#/components/schemas/ConnectionShowAsButton' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentOffice365: description: Create a connection with strategy=office365 allOf: - type: object properties: strategy: const: office365 options: $ref: '#/components/schemas/ConnectionOptionsOffice365' show_as_button: $ref: '#/components/schemas/ConnectionShowAsButton' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' x-release-lifecycle: deprecated CreateConnectionRequestContentOkta: description: Create a connection with strategy=okta allOf: - type: object properties: strategy: const: okta options: $ref: '#/components/schemas/ConnectionOptionsOkta' show_as_button: $ref: '#/components/schemas/ConnectionShowAsButton' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentPaypal: description: Create a connection with strategy=paypal allOf: - type: object properties: strategy: const: paypal options: $ref: '#/components/schemas/ConnectionOptionsPaypal' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentPaypalSandbox: description: Create a connection with strategy=paypal-sandbox allOf: - type: object properties: strategy: const: paypal-sandbox options: $ref: '#/components/schemas/ConnectionOptionsPaypal' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentPingFederate: description: Create a connection with strategy=pingfederate allOf: - type: object properties: strategy: const: pingfederate options: $ref: '#/components/schemas/ConnectionOptionsPingFederate' show_as_button: $ref: '#/components/schemas/ConnectionShowAsButton' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentPlanningCenter: description: Create a connection with strategy=planningcenter allOf: - type: object properties: strategy: const: planningcenter options: $ref: '#/components/schemas/ConnectionOptionsPlanningCenter' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentSAML: description: Create a connection with strategy=samlp allOf: - type: object properties: strategy: const: samlp options: $ref: '#/components/schemas/ConnectionOptionsSAML' show_as_button: $ref: '#/components/schemas/ConnectionShowAsButton' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentSMS: description: Create a connection with strategy=sms allOf: - type: object properties: strategy: const: sms options: $ref: '#/components/schemas/ConnectionOptionsSMS' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentSalesforce: description: Create a connection with strategy=salesforce allOf: - type: object properties: strategy: const: salesforce options: $ref: '#/components/schemas/ConnectionOptionsSalesforce' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentSalesforceCommunity: description: Create a connection with strategy=salesforce-community allOf: - type: object properties: strategy: const: salesforce-community options: $ref: '#/components/schemas/ConnectionOptionsSalesforceCommunity' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentSalesforceSandbox: description: Create a connection with strategy=salesforce-sandbox allOf: - type: object properties: strategy: const: salesforce-sandbox options: $ref: '#/components/schemas/ConnectionOptionsSalesforce' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentSharepoint: description: Create a connection with strategy=sharepoint allOf: - type: object properties: strategy: const: sharepoint options: $ref: '#/components/schemas/ConnectionOptionsSharepoint' show_as_button: $ref: '#/components/schemas/ConnectionShowAsButton' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' x-release-lifecycle: deprecated CreateConnectionRequestContentShop: description: Create a connection with strategy=shop allOf: - type: object properties: strategy: const: shop options: $ref: '#/components/schemas/ConnectionOptionsShop' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentShopify: description: Create a connection with strategy=shopify allOf: - type: object properties: strategy: const: shopify options: $ref: '#/components/schemas/ConnectionOptionsShopify' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentSoundcloud: description: Create a connection with strategy=soundcloud allOf: - type: object properties: strategy: const: soundcloud options: $ref: '#/components/schemas/ConnectionOptionsSoundcloud' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' x-release-lifecycle: deprecated CreateConnectionRequestContentThirtySevenSignals: description: Create a connection with strategy=thirtysevensignals allOf: - type: object properties: strategy: const: thirtysevensignals options: $ref: '#/components/schemas/ConnectionOptionsThirtySevenSignals' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentTwitter: description: Create a connection with strategy=twitter allOf: - type: object properties: strategy: const: twitter options: $ref: '#/components/schemas/ConnectionOptionsTwitter' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentUntappd: description: Create a connection with strategy=untappd allOf: - type: object properties: strategy: const: untappd options: $ref: '#/components/schemas/ConnectionOptionsUntappd' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' x-release-lifecycle: deprecated CreateConnectionRequestContentVkontakte: description: Create a connection with strategy=vkontakte allOf: - type: object properties: strategy: const: vkontakte options: $ref: '#/components/schemas/ConnectionOptionsVkontakte' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentWeibo: description: Create a connection with strategy=weibo allOf: - type: object properties: strategy: const: weibo options: $ref: '#/components/schemas/ConnectionOptionsWeibo' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentWindowsLive: description: Create a connection with strategy=windowslive allOf: - type: object properties: strategy: const: windowslive options: $ref: '#/components/schemas/ConnectionOptionsWindowsLive' required: - strategy - $ref: '#/components/schemas/ConnectionPurposes' - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentWordpress: description: Create a connection with strategy=wordpress allOf: - type: object properties: strategy: const: wordpress options: $ref: '#/components/schemas/ConnectionOptionsWordpress' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentYahoo: description: Create a connection with strategy=yahoo allOf: - type: object properties: strategy: const: yahoo options: $ref: '#/components/schemas/ConnectionOptionsYahoo' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionRequestContentYandex: description: Create a connection with strategy=yandex allOf: - type: object properties: strategy: const: yandex options: $ref: '#/components/schemas/ConnectionOptionsYandex' required: - strategy - $ref: '#/components/schemas/CreateConnectionCommon' CreateConnectionResponseContent: type: object additionalProperties: false properties: name: type: string description: The name of the connection default: My connection display_name: type: string description: Connection name used in login screen options: $ref: '#/components/schemas/ConnectionOptions' id: type: string description: The connection's identifier default: con_0000000000000001 strategy: type: string description: The type of the connection, related to the identity provider default: auth0 realms: type: array description: 'Defines the realms for which the connection will be used (ie: email domains). If the array is empty or the property is not specified, the connection name will be added as realm.' items: type: string description: The realm where this connection belongs format: connection-realm enabled_clients: type: array description: DEPRECATED property. Use the GET /connections/:id/clients endpoint to get the ids of the clients for which the connection is enabled x-release-lifecycle: deprecated items: type: string description: The client id is_domain_connection: type: boolean description: True if the connection is domain level show_as_button: type: boolean description: Enables showing a button for the connection in the login page (new experience only). If false, it will be usable only by HRD. metadata: $ref: '#/components/schemas/ConnectionsMetadata' authentication: $ref: '#/components/schemas/ConnectionAuthenticationPurpose' x-release-lifecycle: GA connected_accounts: $ref: '#/components/schemas/ConnectionConnectedAccountsPurpose' x-release-lifecycle: GA CreateCustomDomainRequestContent: type: object additionalProperties: false required: - domain - type properties: domain: type: string description: Domain name. minLength: 3 maxLength: 255 pattern: ^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]{0,61}[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])$ type: $ref: '#/components/schemas/CustomDomainProvisioningTypeEnum' verification_method: $ref: '#/components/schemas/CustomDomainVerificationMethodEnum' tls_policy: $ref: '#/components/schemas/CustomDomainTlsPolicyEnum' custom_client_ip_header: $ref: '#/components/schemas/CustomDomainCustomClientIpHeader' domain_metadata: $ref: '#/components/schemas/DomainMetadata' relying_party_identifier: type: string description: Relying Party ID (rpId) to be used for Passkeys on this custom domain. If not provided, the full domain will be used. maxLength: 255 format: hostname CreateCustomDomainResponseContent: type: object additionalProperties: false required: - custom_domain_id - domain - primary - status - type - verification properties: custom_domain_id: type: string description: ID of the custom domain. default: cd_0000000000000001 domain: type: string description: Domain name. default: login.mycompany.com primary: type: boolean description: Whether this is a primary domain (true) or not (false). default: false is_default: type: boolean description: Whether this is the default custom domain (true) or not (false). default: false status: $ref: '#/components/schemas/CustomDomainStatusFilterEnum' type: $ref: '#/components/schemas/CustomDomainTypeEnum' verification: $ref: '#/components/schemas/DomainVerification' custom_client_ip_header: type: - string - 'null' description: The HTTP header to fetch the client's IP address tls_policy: type: string description: The TLS version policy default: recommended domain_metadata: $ref: '#/components/schemas/DomainMetadata' certificate: $ref: '#/components/schemas/DomainCertificate' relying_party_identifier: type: string description: Relying Party ID (rpId) to be used for Passkeys on this custom domain. If not present, the full domain will be used. format: hostname CreateDirectoryProvisioningRequestContent: type: - object - 'null' additionalProperties: false properties: mapping: type: array description: The mapping between Auth0 and IDP user attributes minItems: 1 items: $ref: '#/components/schemas/DirectoryProvisioningMappingItem' synchronize_automatically: type: boolean description: Whether periodic automatic synchronization is enabled synchronize_groups: $ref: '#/components/schemas/SynchronizeGroupsEnum' x-release-lifecycle: EA CreateDirectoryProvisioningResponseContent: type: object additionalProperties: false required: - connection_id - connection_name - strategy - mapping - synchronize_automatically - created_at - updated_at properties: connection_id: type: string description: The connection's identifier connection_name: type: string description: The connection's name strategy: type: string description: The connection's strategy mapping: type: array description: The mapping between Auth0 and IDP user attributes minItems: 1 items: $ref: '#/components/schemas/DirectoryProvisioningMappingItem' synchronize_automatically: type: boolean description: Whether periodic automatic synchronization is enabled synchronize_groups: $ref: '#/components/schemas/SynchronizeGroupsEnum' x-release-lifecycle: EA created_at: type: string description: The timestamp at which the directory provisioning configuration was created format: date-time updated_at: type: string description: The timestamp at which the directory provisioning configuration was last updated format: date-time last_synchronization_at: type: string description: The timestamp at which the connection was last synchronized format: date-time last_synchronization_status: type: string description: The status of the last synchronization last_synchronization_error: type: string description: The error message of the last synchronization, if any CreateDirectorySynchronizationResponseContent: type: object additionalProperties: false required: - connection_id - synchronization_id - status properties: connection_id: type: string description: The connection's identifier synchronization_id: type: string description: The synchronization's identifier status: type: string description: The synchronization status CreateEmailProviderRequestContent: type: object additionalProperties: false required: - name - credentials properties: name: $ref: '#/components/schemas/EmailProviderNameEnum' enabled: type: boolean description: Whether the provider is enabled (true) or disabled (false). default: true default_from_address: type: string description: Email address to use as "from" when no other address specified. credentials: $ref: '#/components/schemas/EmailProviderCredentialsSchema' settings: $ref: '#/components/schemas/EmailSpecificProviderSettingsWithAdditionalProperties' CreateEmailProviderResponseContent: type: object additionalProperties: false properties: name: type: string description: Name of the email provider. Can be `mailgun`, `mandrill`, `sendgrid`, `resend`, `ses`, `sparkpost`, `smtp`, `azure_cs`, `ms365`, or `custom`. default: sendgrid enabled: type: boolean description: Whether the provider is enabled (true) or disabled (false). default: true default_from_address: type: string description: Email address to use as "from" when no other address specified. credentials: $ref: '#/components/schemas/EmailProviderCredentials' settings: $ref: '#/components/schemas/EmailProviderSettings' CreateEmailTemplateRequestContent: type: object additionalProperties: false required: - template - body - from - subject - syntax - enabled properties: template: $ref: '#/components/schemas/EmailTemplateNameEnum' body: type: - string - 'null' description: Body of the email template. from: type: - string - 'null' description: Senders `from` email address. default: sender@auth0.com resultUrl: type: - string - 'null' description: URL to redirect the user to after a successful action. subject: type: - string - 'null' description: Subject line of the email. syntax: type: - string - 'null' description: Syntax of the template body. default: liquid urlLifetimeInSeconds: type: - number - 'null' description: Lifetime in seconds that the link within the email will be valid for. minimum: 0 includeEmailInRedirect: type: boolean description: Whether the `reset_email` and `verify_email` templates should include the user's email address as the `email` parameter in the returnUrl (true) or whether no email address should be included in the redirect (false). Defaults to true. enabled: type: - boolean - 'null' description: Whether the template is enabled (true) or disabled (false). CreateEmailTemplateResponseContent: type: object additionalProperties: false required: - template - body - from - subject - syntax - enabled properties: template: $ref: '#/components/schemas/EmailTemplateNameEnum' body: type: - string - 'null' description: Body of the email template. from: type: - string - 'null' description: Senders `from` email address. default: sender@auth0.com resultUrl: type: - string - 'null' description: URL to redirect the user to after a successful action. subject: type: - string - 'null' description: Subject line of the email. syntax: type: - string - 'null' description: Syntax of the template body. default: liquid urlLifetimeInSeconds: type: - number - 'null' description: Lifetime in seconds that the link within the email will be valid for. minimum: 0 includeEmailInRedirect: type: boolean description: Whether the `reset_email` and `verify_email` templates should include the user's email address as the `email` parameter in the returnUrl (true) or whether no email address should be included in the redirect (false). Defaults to true. enabled: type: - boolean - 'null' description: Whether the template is enabled (true) or disabled (false). CreateEncryptionKeyPublicWrappingResponseContent: type: object additionalProperties: true required: - public_key - algorithm properties: public_key: type: string description: Public wrapping key in PEM format algorithm: $ref: '#/components/schemas/EncryptionKeyPublicWrappingAlgorithm' CreateEncryptionKeyRequestContent: type: object additionalProperties: true required: - type properties: type: $ref: '#/components/schemas/CreateEncryptionKeyType' CreateEncryptionKeyResponseContent: type: object description: Encryption key additionalProperties: false required: - kid - type - state - created_at - updated_at properties: kid: type: string description: Key ID type: $ref: '#/components/schemas/EncryptionKeyType' state: $ref: '#/components/schemas/EncryptionKeyState' created_at: type: string description: Key creation timestamp format: date-time updated_at: type: string description: Key update timestamp format: date-time parent_kid: type: - string - 'null' description: ID of parent wrapping key public_key: type: - string - 'null' description: Public key in PEM format CreateEncryptionKeyType: type: string description: Type of the encryption key to be created. enum: - customer-provided-root-key - tenant-encryption-key CreateEventStreamActionRequestContent: type: object additionalProperties: false required: - destination properties: name: type: string description: Name of the event stream. minLength: 1 maxLength: 128 subscriptions: type: array description: List of event types subscribed to in this stream. minItems: 1 items: $ref: '#/components/schemas/EventStreamSubscription' destination: $ref: '#/components/schemas/EventStreamActionDestination' status: $ref: '#/components/schemas/EventStreamStatusEnum' CreateEventStreamEventBridgeRequestContent: type: object additionalProperties: false required: - destination properties: name: type: string description: Name of the event stream. minLength: 1 maxLength: 128 subscriptions: type: array description: List of event types subscribed to in this stream. minItems: 1 items: $ref: '#/components/schemas/EventStreamSubscription' destination: $ref: '#/components/schemas/EventStreamEventBridgeDestination' status: $ref: '#/components/schemas/EventStreamStatusEnum' CreateEventStreamRedeliveryRequestContent: type: object additionalProperties: false properties: date_from: type: string description: An RFC-3339 date-time for redelivery start, inclusive. Does not allow sub-second precision. maxLength: 20 format: date-time date_to: type: string description: An RFC-3339 date-time for redelivery end, exclusive. Does not allow sub-second precision. maxLength: 20 format: date-time statuses: type: array description: Filter by status items: $ref: '#/components/schemas/EventStreamDeliveryStatusEnum' event_types: type: array description: Filter by event type items: $ref: '#/components/schemas/EventStreamEventTypeEnum' CreateEventStreamRedeliveryResponseContent: type: object additionalProperties: false properties: date_from: type: string description: An RFC-3339 date-time for redelivery start, inclusive. Does not allow sub-second precision. maxLength: 20 format: date-time date_to: type: string description: An RFC-3339 date-time for redelivery end, exclusive. Does not allow sub-second precision. maxLength: 20 format: date-time statuses: type: array description: Filter by status items: $ref: '#/components/schemas/EventStreamDeliveryStatusEnum' event_types: type: array description: Filter by event type items: $ref: '#/components/schemas/EventStreamEventTypeEnum' CreateEventStreamResponseContent: oneOf: - $ref: '#/components/schemas/EventStreamWebhookResponseContent' - $ref: '#/components/schemas/EventStreamEventBridgeResponseContent' - $ref: '#/components/schemas/EventStreamActionResponseContent' CreateEventStreamTestEventRequestContent: type: object description: The payload for sending a test event to an event stream. additionalProperties: false required: - event_type properties: event_type: $ref: '#/components/schemas/EventStreamTestEventTypeEnum' data: $ref: '#/components/schemas/TestEventDataContent' CreateEventStreamTestEventResponseContent: type: object description: Metadata about a specific attempt to deliver an event additionalProperties: false required: - id - event_stream_id - status - event_type - attempts properties: id: type: string description: Unique identifier for the delivery event_stream_id: type: string description: Unique identifier for the event stream. minLength: 26 maxLength: 26 format: event-stream-id status: $ref: '#/components/schemas/EventStreamDeliveryStatusEnum' event_type: $ref: '#/components/schemas/EventStreamDeliveryEventTypeEnum' attempts: type: array description: Results of delivery attempts items: $ref: '#/components/schemas/EventStreamDeliveryAttempt' event: $ref: '#/components/schemas/EventStreamCloudEvent' CreateEventStreamWebHookRequestContent: type: object additionalProperties: false required: - destination properties: name: type: string description: Name of the event stream. minLength: 1 maxLength: 128 subscriptions: type: array description: List of event types subscribed to in this stream. minItems: 1 items: $ref: '#/components/schemas/EventStreamSubscription' destination: $ref: '#/components/schemas/EventStreamWebhookDestination' status: $ref: '#/components/schemas/EventStreamStatusEnum' CreateExportUsersFields: type: object additionalProperties: false required: - name properties: name: type: string description: Name of the field in the profile. maxLength: 100 export_as: type: string description: Title of the column in the exported CSV. maxLength: 100 CreateExportUsersRequestContent: type: object additionalProperties: false properties: connection_id: type: string description: connection_id of the connection from which users will be exported. default: con_0000000000000001 pattern: ^con_[A-Za-z0-9]{16}$ format: $ref: '#/components/schemas/JobFileFormatEnum' limit: type: integer description: Limit the number of records. default: 5 minimum: 1 fields: type: array description: List of fields to be included in the CSV. Defaults to a predefined set of fields. items: $ref: '#/components/schemas/CreateExportUsersFields' CreateExportUsersResponseContent: type: object additionalProperties: true required: - id - type - status - connection properties: status: type: string description: Status of this job. default: pending type: type: string description: Type of job this is. default: users_export created_at: type: string description: When this job was created. id: type: string description: ID of this job. default: job_0000000000000001 connection_id: type: string description: connection_id of the connection from which users will be exported. default: con_0000000000000001 pattern: ^con_[A-Za-z0-9]{16}$ format: $ref: '#/components/schemas/JobFileFormatEnum' limit: type: integer description: Limit the number of records. default: 5 minimum: 1 fields: type: array description: List of fields to be included in the CSV. Defaults to a predefined set of fields. items: $ref: '#/components/schemas/CreateExportUsersFields' CreateFlowRequestContent: type: object additionalProperties: false required: - name x-release-lifecycle: GA properties: name: type: string minLength: 1 maxLength: 150 actions: type: array minItems: 0 items: $ref: '#/components/schemas/FlowAction' CreateFlowResponseContent: type: object additionalProperties: false required: - id - name - created_at - updated_at x-release-lifecycle: GA properties: id: type: string maxLength: 30 format: flow-id name: type: string minLength: 1 maxLength: 150 actions: type: array minItems: 0 items: $ref: '#/components/schemas/FlowAction' created_at: type: string format: date-time updated_at: type: string format: date-time executed_at: type: string format: date CreateFlowsVaultConnectionActivecampaign: type: object oneOf: - $ref: '#/components/schemas/CreateFlowsVaultConnectionActivecampaignApiKey' - $ref: '#/components/schemas/CreateFlowsVaultConnectionActivecampaignUninitialized' CreateFlowsVaultConnectionActivecampaignApiKey: type: object additionalProperties: false required: - name - app_id - setup properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdActivecampaignEnum' setup: $ref: '#/components/schemas/FlowsVaultConnectioSetupApiKeyWithBaseUrl' CreateFlowsVaultConnectionActivecampaignUninitialized: type: object additionalProperties: false required: - name - app_id properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdActivecampaignEnum' CreateFlowsVaultConnectionAirtable: type: object oneOf: - $ref: '#/components/schemas/CreateFlowsVaultConnectionAirtableApiKey' - $ref: '#/components/schemas/CreateFlowsVaultConnectionAirtableUninitialized' CreateFlowsVaultConnectionAirtableApiKey: type: object additionalProperties: false required: - name - app_id - setup properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdAirtableEnum' setup: $ref: '#/components/schemas/FlowsVaultConnectioSetupApiKey' CreateFlowsVaultConnectionAirtableUninitialized: type: object additionalProperties: false required: - name - app_id properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdAirtableEnum' CreateFlowsVaultConnectionAuth0: type: object oneOf: - $ref: '#/components/schemas/CreateFlowsVaultConnectionAuth0OauthApp' - $ref: '#/components/schemas/CreateFlowsVaultConnectionAuth0Uninitialized' CreateFlowsVaultConnectionAuth0OauthApp: type: object additionalProperties: false required: - name - app_id - setup properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdAuth0Enum' setup: $ref: '#/components/schemas/FlowsVaultConnectioSetupOauthApp' CreateFlowsVaultConnectionAuth0Uninitialized: type: object additionalProperties: false required: - name - app_id properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdAuth0Enum' CreateFlowsVaultConnectionBigquery: type: object oneOf: - $ref: '#/components/schemas/CreateFlowsVaultConnectionBigqueryJwt' - $ref: '#/components/schemas/CreateFlowsVaultConnectionBigqueryUninitialized' CreateFlowsVaultConnectionBigqueryJwt: type: object additionalProperties: false required: - name - app_id - setup properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdBigqueryEnum' setup: $ref: '#/components/schemas/FlowsVaultConnectioSetupBigqueryOauthJwt' CreateFlowsVaultConnectionBigqueryUninitialized: type: object additionalProperties: false required: - name - app_id properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdBigqueryEnum' CreateFlowsVaultConnectionClearbit: type: object oneOf: - $ref: '#/components/schemas/CreateFlowsVaultConnectionClearbitApiKey' - $ref: '#/components/schemas/CreateFlowsVaultConnectionClearbitUninitialized' CreateFlowsVaultConnectionClearbitApiKey: type: object additionalProperties: false required: - name - app_id - setup properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdClearbitEnum' setup: $ref: '#/components/schemas/FlowsVaultConnectioSetupSecretApiKey' CreateFlowsVaultConnectionClearbitUninitialized: type: object additionalProperties: false required: - name - app_id properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdClearbitEnum' CreateFlowsVaultConnectionDocusign: type: object oneOf: - $ref: '#/components/schemas/CreateFlowsVaultConnectionDocusignOauthCode' - $ref: '#/components/schemas/CreateFlowsVaultConnectionDocusignUninitialized' CreateFlowsVaultConnectionDocusignOauthCode: type: object additionalProperties: false required: - name - app_id - setup properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdDocusignEnum' setup: $ref: '#/components/schemas/FlowsVaultConnectioSetupOauthCode' CreateFlowsVaultConnectionDocusignUninitialized: type: object additionalProperties: false required: - name - app_id properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdDocusignEnum' CreateFlowsVaultConnectionGoogleSheets: type: object oneOf: - $ref: '#/components/schemas/CreateFlowsVaultConnectionGoogleSheetsOauthCode' - $ref: '#/components/schemas/CreateFlowsVaultConnectionGoogleSheetsUninitialized' CreateFlowsVaultConnectionGoogleSheetsOauthCode: type: object additionalProperties: false required: - name - app_id - setup properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdGoogleSheetsEnum' setup: $ref: '#/components/schemas/FlowsVaultConnectioSetupOauthCode' CreateFlowsVaultConnectionGoogleSheetsUninitialized: type: object additionalProperties: false required: - name - app_id properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdGoogleSheetsEnum' CreateFlowsVaultConnectionHttp: type: object oneOf: - $ref: '#/components/schemas/CreateFlowsVaultConnectionHttpBearer' - $ref: '#/components/schemas/CreateFlowsVaultConnectionHttpBasicAuth' - $ref: '#/components/schemas/CreateFlowsVaultConnectionHttpApiKey' - $ref: '#/components/schemas/CreateFlowsVaultConnectionHttpOauthClientCredentials' - $ref: '#/components/schemas/CreateFlowsVaultConnectionHttpUninitialized' CreateFlowsVaultConnectionHttpApiKey: type: object additionalProperties: false required: - name - app_id - setup properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdHttpEnum' setup: $ref: '#/components/schemas/FlowsVaultConnectionHttpApiKeySetup' CreateFlowsVaultConnectionHttpBasicAuth: type: object additionalProperties: false required: - name - app_id - setup properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdHttpEnum' setup: $ref: '#/components/schemas/FlowsVaultConnectionHttpBasicAuthSetup' CreateFlowsVaultConnectionHttpBearer: type: object additionalProperties: false required: - name - app_id - setup properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdHttpEnum' setup: $ref: '#/components/schemas/FlowsVaultConnectioSetupHttpBearer' CreateFlowsVaultConnectionHttpOauthClientCredentials: type: object additionalProperties: false required: - name - app_id - setup properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdHttpEnum' setup: $ref: '#/components/schemas/FlowsVaultConnectionHttpOauthClientCredentialsSetup' CreateFlowsVaultConnectionHttpUninitialized: type: object additionalProperties: false required: - name - app_id properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdHttpEnum' CreateFlowsVaultConnectionHubspot: type: object oneOf: - $ref: '#/components/schemas/CreateFlowsVaultConnectionHubspotApiKey' - $ref: '#/components/schemas/CreateFlowsVaultConnectionHubspotOauthCode' - $ref: '#/components/schemas/CreateFlowsVaultConnectionHubspotUninitialized' CreateFlowsVaultConnectionHubspotApiKey: type: object additionalProperties: false required: - name - app_id - setup properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdHubspotEnum' setup: $ref: '#/components/schemas/FlowsVaultConnectioSetupApiKey' CreateFlowsVaultConnectionHubspotOauthCode: type: object additionalProperties: false required: - name - app_id - setup properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdHubspotEnum' setup: $ref: '#/components/schemas/FlowsVaultConnectioSetupOauthCode' CreateFlowsVaultConnectionHubspotUninitialized: type: object additionalProperties: false required: - name - app_id properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdHubspotEnum' CreateFlowsVaultConnectionJwt: type: object oneOf: - $ref: '#/components/schemas/CreateFlowsVaultConnectionJwtJwt' - $ref: '#/components/schemas/CreateFlowsVaultConnectionJwtUninitialized' CreateFlowsVaultConnectionJwtJwt: type: object additionalProperties: false required: - name - app_id - setup properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdJwtEnum' setup: $ref: '#/components/schemas/FlowsVaultConnectioSetupJwt' CreateFlowsVaultConnectionJwtUninitialized: type: object additionalProperties: false required: - name - app_id properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdJwtEnum' CreateFlowsVaultConnectionMailchimp: type: object oneOf: - $ref: '#/components/schemas/CreateFlowsVaultConnectionMailchimpApiKey' - $ref: '#/components/schemas/CreateFlowsVaultConnectionMailchimpOauthCode' - $ref: '#/components/schemas/CreateFlowsVaultConnectionMailchimpUninitialized' CreateFlowsVaultConnectionMailchimpApiKey: type: object additionalProperties: false required: - name - app_id - setup properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdMailchimpEnum' setup: $ref: '#/components/schemas/FlowsVaultConnectioSetupSecretApiKey' CreateFlowsVaultConnectionMailchimpOauthCode: type: object additionalProperties: false required: - name - app_id - setup properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdMailchimpEnum' setup: $ref: '#/components/schemas/FlowsVaultConnectioSetupOauthCode' CreateFlowsVaultConnectionMailchimpUninitialized: type: object additionalProperties: false required: - name - app_id properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdMailchimpEnum' CreateFlowsVaultConnectionMailjet: type: object oneOf: - $ref: '#/components/schemas/CreateFlowsVaultConnectionMailjetApiKey' - $ref: '#/components/schemas/CreateFlowsVaultConnectionMailjetUninitialized' CreateFlowsVaultConnectionMailjetApiKey: type: object additionalProperties: false required: - name - app_id - setup properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdMailjetEnum' setup: $ref: '#/components/schemas/FlowsVaultConnectioSetupMailjetApiKey' CreateFlowsVaultConnectionMailjetUninitialized: type: object additionalProperties: false required: - name - app_id properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdMailjetEnum' CreateFlowsVaultConnectionPipedrive: type: object oneOf: - $ref: '#/components/schemas/CreateFlowsVaultConnectionPipedriveToken' - $ref: '#/components/schemas/CreateFlowsVaultConnectionPipedriveOauthCode' - $ref: '#/components/schemas/CreateFlowsVaultConnectionPipedriveUninitialized' CreateFlowsVaultConnectionPipedriveOauthCode: type: object additionalProperties: false required: - name - app_id - setup properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdPipedriveEnum' setup: $ref: '#/components/schemas/FlowsVaultConnectioSetupOauthCode' CreateFlowsVaultConnectionPipedriveToken: type: object additionalProperties: false required: - name - app_id - setup properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdPipedriveEnum' setup: $ref: '#/components/schemas/FlowsVaultConnectioSetupToken' CreateFlowsVaultConnectionPipedriveUninitialized: type: object additionalProperties: false required: - name - app_id properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdPipedriveEnum' CreateFlowsVaultConnectionRequestContent: type: object oneOf: - $ref: '#/components/schemas/CreateFlowsVaultConnectionActivecampaign' - $ref: '#/components/schemas/CreateFlowsVaultConnectionAirtable' - $ref: '#/components/schemas/CreateFlowsVaultConnectionAuth0' - $ref: '#/components/schemas/CreateFlowsVaultConnectionBigquery' - $ref: '#/components/schemas/CreateFlowsVaultConnectionClearbit' - $ref: '#/components/schemas/CreateFlowsVaultConnectionDocusign' - $ref: '#/components/schemas/CreateFlowsVaultConnectionGoogleSheets' - $ref: '#/components/schemas/CreateFlowsVaultConnectionHttp' - $ref: '#/components/schemas/CreateFlowsVaultConnectionHubspot' - $ref: '#/components/schemas/CreateFlowsVaultConnectionJwt' - $ref: '#/components/schemas/CreateFlowsVaultConnectionMailchimp' - $ref: '#/components/schemas/CreateFlowsVaultConnectionMailjet' - $ref: '#/components/schemas/CreateFlowsVaultConnectionPipedrive' - $ref: '#/components/schemas/CreateFlowsVaultConnectionSalesforce' - $ref: '#/components/schemas/CreateFlowsVaultConnectionSendgrid' - $ref: '#/components/schemas/CreateFlowsVaultConnectionSlack' - $ref: '#/components/schemas/CreateFlowsVaultConnectionStripe' - $ref: '#/components/schemas/CreateFlowsVaultConnectionTelegram' - $ref: '#/components/schemas/CreateFlowsVaultConnectionTwilio' - $ref: '#/components/schemas/CreateFlowsVaultConnectionWhatsapp' - $ref: '#/components/schemas/CreateFlowsVaultConnectionZapier' CreateFlowsVaultConnectionResponseContent: type: object additionalProperties: false required: - id - app_id - name - ready - created_at - updated_at - fingerprint properties: id: type: string description: Flows Vault Connection identifier. maxLength: 30 format: flows-vault-connections-id app_id: type: string description: Flows Vault Connection app identifier. minLength: 1 maxLength: 55 environment: type: string description: Flows Vault Connection environment. minLength: 1 maxLength: 55 name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 account_name: type: string description: Flows Vault Connection custom account name. minLength: 1 maxLength: 150 ready: type: boolean description: Whether the Flows Vault Connection is configured. created_at: type: string description: The ISO 8601 formatted date when this Flows Vault Connection was created. format: date-time updated_at: type: string description: The ISO 8601 formatted date when this Flows Vault Connection was updated. format: date-time refreshed_at: type: string description: The ISO 8601 formatted date when this Flows Vault Connection was refreshed. format: date-time fingerprint: type: string minLength: 1 CreateFlowsVaultConnectionSalesforce: type: object oneOf: - $ref: '#/components/schemas/CreateFlowsVaultConnectionSalesforceOauthCode' - $ref: '#/components/schemas/CreateFlowsVaultConnectionSalesforceUninitialized' CreateFlowsVaultConnectionSalesforceOauthCode: type: object additionalProperties: false required: - name - app_id - setup properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdSalesforceEnum' setup: $ref: '#/components/schemas/FlowsVaultConnectioSetupOauthCode' CreateFlowsVaultConnectionSalesforceUninitialized: type: object additionalProperties: false required: - name - app_id properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdSalesforceEnum' CreateFlowsVaultConnectionSendgrid: type: object oneOf: - $ref: '#/components/schemas/CreateFlowsVaultConnectionSendgridApiKey' - $ref: '#/components/schemas/CreateFlowsVaultConnectionSendgridUninitialized' CreateFlowsVaultConnectionSendgridApiKey: type: object additionalProperties: false required: - name - app_id - setup properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdSendgridEnum' setup: $ref: '#/components/schemas/FlowsVaultConnectioSetupApiKey' CreateFlowsVaultConnectionSendgridUninitialized: type: object additionalProperties: false required: - name - app_id properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdSendgridEnum' CreateFlowsVaultConnectionSlack: type: object oneOf: - $ref: '#/components/schemas/CreateFlowsVaultConnectionSlackWebhook' - $ref: '#/components/schemas/CreateFlowsVaultConnectionSlackOauthCode' - $ref: '#/components/schemas/CreateFlowsVaultConnectionSlackUninitialized' CreateFlowsVaultConnectionSlackOauthCode: type: object additionalProperties: false required: - name - app_id - setup properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdSlackEnum' setup: $ref: '#/components/schemas/FlowsVaultConnectioSetupOauthCode' CreateFlowsVaultConnectionSlackUninitialized: type: object additionalProperties: false required: - name - app_id properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdSlackEnum' CreateFlowsVaultConnectionSlackWebhook: type: object additionalProperties: false required: - name - app_id - setup properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdSlackEnum' setup: $ref: '#/components/schemas/FlowsVaultConnectioSetupWebhook' CreateFlowsVaultConnectionStripe: type: object oneOf: - $ref: '#/components/schemas/CreateFlowsVaultConnectionStripeKeyPair' - $ref: '#/components/schemas/CreateFlowsVaultConnectionStripeOauthCode' - $ref: '#/components/schemas/CreateFlowsVaultConnectionStripeUninitialized' CreateFlowsVaultConnectionStripeKeyPair: type: object additionalProperties: false required: - name - app_id - setup properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdStripeEnum' setup: $ref: '#/components/schemas/FlowsVaultConnectioSetupStripeKeyPair' CreateFlowsVaultConnectionStripeOauthCode: type: object additionalProperties: false required: - name - app_id - setup properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdStripeEnum' setup: $ref: '#/components/schemas/FlowsVaultConnectioSetupOauthCode' CreateFlowsVaultConnectionStripeUninitialized: type: object additionalProperties: false required: - name - app_id properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdStripeEnum' CreateFlowsVaultConnectionTelegram: type: object oneOf: - $ref: '#/components/schemas/CreateFlowsVaultConnectionTelegramToken' - $ref: '#/components/schemas/CreateFlowsVaultConnectionTelegramUninitialized' CreateFlowsVaultConnectionTelegramToken: type: object additionalProperties: false required: - name - app_id - setup properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdTelegramEnum' setup: $ref: '#/components/schemas/FlowsVaultConnectioSetupToken' CreateFlowsVaultConnectionTelegramUninitialized: type: object additionalProperties: false required: - name - app_id properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdTelegramEnum' CreateFlowsVaultConnectionTwilio: type: object oneOf: - $ref: '#/components/schemas/CreateFlowsVaultConnectionTwilioApiKey' - $ref: '#/components/schemas/CreateFlowsVaultConnectionTwilioUninitialized' CreateFlowsVaultConnectionTwilioApiKey: type: object additionalProperties: false required: - name - app_id - setup properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdTwilioEnum' setup: $ref: '#/components/schemas/FlowsVaultConnectioSetupTwilioApiKey' CreateFlowsVaultConnectionTwilioUninitialized: type: object additionalProperties: false required: - name - app_id properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdTwilioEnum' CreateFlowsVaultConnectionWhatsapp: type: object oneOf: - $ref: '#/components/schemas/CreateFlowsVaultConnectionWhatsappToken' - $ref: '#/components/schemas/CreateFlowsVaultConnectionWhatsappUninitialized' CreateFlowsVaultConnectionWhatsappToken: type: object additionalProperties: false required: - name - app_id - setup properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdWhatsappEnum' setup: $ref: '#/components/schemas/FlowsVaultConnectioSetupToken' CreateFlowsVaultConnectionWhatsappUninitialized: type: object additionalProperties: false required: - name - app_id properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdWhatsappEnum' CreateFlowsVaultConnectionZapier: type: object oneOf: - $ref: '#/components/schemas/CreateFlowsVaultConnectionZapierWebhook' - $ref: '#/components/schemas/CreateFlowsVaultConnectionZapierUninitialized' CreateFlowsVaultConnectionZapierUninitialized: type: object additionalProperties: false required: - name - app_id properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdZapierEnum' CreateFlowsVaultConnectionZapierWebhook: type: object additionalProperties: false required: - name - app_id - setup properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 app_id: $ref: '#/components/schemas/FlowsVaultConnectionAppIdZapierEnum' setup: $ref: '#/components/schemas/FlowsVaultConnectioSetupWebhook' CreateFormRequestContent: type: object additionalProperties: false required: - name properties: name: type: string minLength: 1 maxLength: 150 messages: $ref: '#/components/schemas/FormMessages' languages: $ref: '#/components/schemas/FormLanguages' translations: $ref: '#/components/schemas/FormTranslations' nodes: $ref: '#/components/schemas/FormNodeList' start: $ref: '#/components/schemas/FormStartNode' ending: $ref: '#/components/schemas/FormEndingNode' style: $ref: '#/components/schemas/FormStyle' CreateFormResponseContent: type: object additionalProperties: false required: - id - name - created_at - updated_at properties: id: type: string maxLength: 30 format: form-id name: type: string minLength: 1 maxLength: 150 messages: $ref: '#/components/schemas/FormMessages' languages: $ref: '#/components/schemas/FormLanguages' translations: $ref: '#/components/schemas/FormTranslations' nodes: $ref: '#/components/schemas/FormNodeList' start: $ref: '#/components/schemas/FormStartNode' ending: $ref: '#/components/schemas/FormEndingNode' style: $ref: '#/components/schemas/FormStyle' created_at: type: string format: date-time updated_at: type: string format: date-time embedded_at: type: string format: date submitted_at: type: string format: date CreateGuardianEnrollmentTicketRequestContent: type: object additionalProperties: false required: - user_id properties: user_id: type: string description: user_id for the enrollment ticket format: user-id email: type: string description: alternate email to which the enrollment email will be sent. Optional - by default, the email will be sent to the user's default address format: email send_mail: type: boolean description: Send an email to the user to start the enrollment email_locale: type: string description: Optional. Specify the locale of the enrollment email. Used with send_email. factor: $ref: '#/components/schemas/GuardianEnrollmentFactorEnum' allow_multiple_enrollments: type: boolean description: 'Optional. Allows a user who has previously enrolled in MFA to enroll with additional factors.
Note: Parameter can only be used with Universal Login; it cannot be used with Classic Login or custom MFA pages.' CreateGuardianEnrollmentTicketResponseContent: type: object additionalProperties: true properties: ticket_id: type: string description: The ticket_id used to identify the enrollment default: u2x2-u2x2-u2x2-u2x2-u2x2-u2x2 ticket_url: type: string description: The url you can use to start enrollment format: url CreateHookRequestContent: type: object additionalProperties: false required: - name - script - triggerId properties: name: type: string description: Name of this hook. default: my-hook pattern: ^[a-zA-Z0-9]([ \-a-zA-Z0-9]*[a-zA-Z0-9])?$ script: type: string description: Code to be executed when this hook runs. default: module.exports = function(client, scope, audience, context, cb) cb(null, access_token); }; minLength: 1 enabled: type: boolean description: Whether this hook will be executed (true) or ignored (false). default: false dependencies: $ref: '#/components/schemas/HookDependencies' triggerId: $ref: '#/components/schemas/HookTriggerIdEnum' description: Execution stage of this rule. Can be `credentials-exchange`, `pre-user-registration`, `post-user-registration`, `post-change-password`, or `send-phone-message`. CreateHookResponseContent: type: object additionalProperties: false properties: triggerId: type: string description: Trigger ID id: type: string description: ID of this hook. default: '00001' name: type: string description: Name of this hook. default: hook enabled: type: boolean description: Whether this hook will be executed (true) or ignored (false). default: true script: type: string description: Code to be executed when this hook runs. default: module.exports = function(client, scope, audience, context, cb) cb(null, access_token); }; dependencies: $ref: '#/components/schemas/HookDependencies' CreateHookSecretRequestContent: type: object description: Hashmap of key-value pairs where the value must be a string. additionalProperties: type: string minProperties: 1 maxProperties: 20 CreateImportUsersRequestContent: type: object additionalProperties: true required: - users - connection_id properties: users: type: string contentMediaType: application/octet-stream connection_id: type: string description: connection_id of the connection to which users will be imported. default: con_0000000000000001 pattern: ^con_[A-Za-z0-9]{16}$ upsert: type: boolean description: Whether to update users if they already exist (true) or to ignore them (false). default: false external_id: type: string description: Customer-defined ID. send_completion_email: type: boolean description: Whether to send a completion email to all tenant owners when the job is finished (true) or not (false). default: true CreateImportUsersResponseContent: type: object additionalProperties: true required: - id - type - status - connection - connection_id - created_at properties: status: type: string description: Status of this job. default: pending type: type: string description: Type of job this is. default: users_import created_at: type: string description: When this job was created. id: type: string description: ID of this job. default: job_0000000000000001 connection_id: type: string description: connection_id of the connection to which users will be imported. default: con_0000000000000001 pattern: ^con_[A-Za-z0-9]{16}$ external_id: type: string description: Customer-defined ID. CreateLogStreamDatadogRequestBody: type: object additionalProperties: false required: - type - sink properties: name: type: string description: log stream name type: $ref: '#/components/schemas/LogStreamDatadogEnum' isPriority: type: boolean description: True for priority log streams, false for non-priority filters: type: array description: Only logs events matching these filters will be delivered by the stream. If omitted or empty, all events will be delivered. items: $ref: '#/components/schemas/LogStreamFilter' pii_config: $ref: '#/components/schemas/LogStreamPiiConfig' sink: $ref: '#/components/schemas/LogStreamDatadogSink' startFrom: type: string description: The optional datetime (ISO 8601) to start streaming logs from default: '2021-03-01T19:57:29.532Z' CreateLogStreamEventBridgeRequestBody: type: object additionalProperties: false required: - type - sink properties: name: type: string description: log stream name type: $ref: '#/components/schemas/LogStreamEventBridgeEnum' isPriority: type: boolean description: True for priority log streams, false for non-priority filters: type: array description: Only logs events matching these filters will be delivered by the stream. If omitted or empty, all events will be delivered. items: $ref: '#/components/schemas/LogStreamFilter' pii_config: $ref: '#/components/schemas/LogStreamPiiConfig' sink: $ref: '#/components/schemas/LogStreamEventBridgeSink' startFrom: type: string description: The optional datetime (ISO 8601) to start streaming logs from default: '2021-03-01T19:57:29.532Z' CreateLogStreamEventGridRequestBody: type: object additionalProperties: false required: - type - sink properties: name: type: string description: log stream name type: $ref: '#/components/schemas/LogStreamEventGridEnum' isPriority: type: boolean description: True for priority log streams, false for non-priority filters: type: array description: Only logs events matching these filters will be delivered by the stream. If omitted or empty, all events will be delivered. items: $ref: '#/components/schemas/LogStreamFilter' pii_config: $ref: '#/components/schemas/LogStreamPiiConfig' sink: $ref: '#/components/schemas/LogStreamEventGridSink' startFrom: type: string description: The optional datetime (ISO 8601) to start streaming logs from default: '2021-03-01T19:57:29.532Z' CreateLogStreamHttpRequestBody: type: object additionalProperties: false required: - type - sink properties: name: type: string description: log stream name type: $ref: '#/components/schemas/LogStreamHttpEnum' isPriority: type: boolean description: True for priority log streams, false for non-priority filters: type: array description: Only logs events matching these filters will be delivered by the stream. If omitted or empty, all events will be delivered. items: $ref: '#/components/schemas/LogStreamFilter' pii_config: $ref: '#/components/schemas/LogStreamPiiConfig' sink: $ref: '#/components/schemas/LogStreamHttpSink' startFrom: type: string description: The optional datetime (ISO 8601) to start streaming logs from default: '2021-03-01T19:57:29.532Z' CreateLogStreamMixpanelRequestBody: type: object additionalProperties: false required: - type - sink properties: name: type: string description: log stream name type: $ref: '#/components/schemas/LogStreamMixpanelEnum' isPriority: type: boolean description: True for priority log streams, false for non-priority filters: type: array description: Only logs events matching these filters will be delivered by the stream. If omitted or empty, all events will be delivered. items: $ref: '#/components/schemas/LogStreamFilter' pii_config: $ref: '#/components/schemas/LogStreamPiiConfig' sink: $ref: '#/components/schemas/LogStreamMixpanelSink' startFrom: type: string description: The optional datetime (ISO 8601) to start streaming logs from default: '2021-03-01T19:57:29.532Z' CreateLogStreamRequestContent: oneOf: - $ref: '#/components/schemas/CreateLogStreamHttpRequestBody' - $ref: '#/components/schemas/CreateLogStreamEventBridgeRequestBody' - $ref: '#/components/schemas/CreateLogStreamEventGridRequestBody' - $ref: '#/components/schemas/CreateLogStreamDatadogRequestBody' - $ref: '#/components/schemas/CreateLogStreamSplunkRequestBody' - $ref: '#/components/schemas/CreateLogStreamSumoRequestBody' - $ref: '#/components/schemas/CreateLogStreamSegmentRequestBody' - $ref: '#/components/schemas/CreateLogStreamMixpanelRequestBody' CreateLogStreamResponseContent: oneOf: - $ref: '#/components/schemas/LogStreamHttpResponseSchema' - $ref: '#/components/schemas/LogStreamEventBridgeResponseSchema' - $ref: '#/components/schemas/LogStreamEventGridResponseSchema' - $ref: '#/components/schemas/LogStreamDatadogResponseSchema' - $ref: '#/components/schemas/LogStreamSplunkResponseSchema' - $ref: '#/components/schemas/LogStreamSumoResponseSchema' - $ref: '#/components/schemas/LogStreamSegmentResponseSchema' - $ref: '#/components/schemas/LogStreamMixpanelResponseSchema' CreateLogStreamSegmentRequestBody: type: object additionalProperties: false required: - type - sink properties: name: type: string description: log stream name type: $ref: '#/components/schemas/LogStreamSegmentEnum' isPriority: type: boolean description: True for priority log streams, false for non-priority filters: type: array description: Only logs events matching these filters will be delivered by the stream. If omitted or empty, all events will be delivered. items: $ref: '#/components/schemas/LogStreamFilter' pii_config: $ref: '#/components/schemas/LogStreamPiiConfig' sink: $ref: '#/components/schemas/LogStreamSegmentSinkWriteKey' startFrom: type: string description: The optional datetime (ISO 8601) to start streaming logs from default: '2021-03-01T19:57:29.532Z' CreateLogStreamSplunkRequestBody: type: object additionalProperties: false required: - type - sink properties: name: type: string description: log stream name type: $ref: '#/components/schemas/LogStreamSplunkEnum' isPriority: type: boolean description: True for priority log streams, false for non-priority filters: type: array description: Only logs events matching these filters will be delivered by the stream. If omitted or empty, all events will be delivered. items: $ref: '#/components/schemas/LogStreamFilter' pii_config: $ref: '#/components/schemas/LogStreamPiiConfig' sink: $ref: '#/components/schemas/LogStreamSplunkSink' startFrom: type: string description: The optional datetime (ISO 8601) to start streaming logs from default: '2021-03-01T19:57:29.532Z' CreateLogStreamSumoRequestBody: type: object additionalProperties: false required: - type - sink properties: name: type: string description: log stream name type: $ref: '#/components/schemas/LogStreamSumoEnum' isPriority: type: boolean description: True for priority log streams, false for non-priority filters: type: array description: Only logs events matching these filters will be delivered by the stream. If omitted or empty, all events will be delivered. items: $ref: '#/components/schemas/LogStreamFilter' pii_config: $ref: '#/components/schemas/LogStreamPiiConfig' sink: $ref: '#/components/schemas/LogStreamSumoSink' startFrom: type: string description: The optional datetime (ISO 8601) to start streaming logs from default: '2021-03-01T19:57:29.532Z' CreateNetworkAclRequestContent: type: object additionalProperties: false required: - description - active - rule properties: description: type: string maxLength: 255 active: type: boolean description: Indicates whether or not this access control list is actively being used priority: type: number description: Indicates the order in which the ACL will be evaluated relative to other ACL rules. default: 50 minimum: 1 maximum: 100 rule: $ref: '#/components/schemas/NetworkAclRule' CreateOrganizationAllConnectionRequestContent: type: object additionalProperties: false required: - connection_id properties: organization_connection_name: type: string description: Name of the connection in the scope of this organization. minLength: 1 maxLength: 50 pattern: "^[^\0]*$" assign_membership_on_login: type: boolean description: When true, all users that log in with this connection will be automatically granted membership in the organization. When false, users must be granted membership in the organization before logging in with this connection. show_as_button: type: boolean description: 'Determines whether a connection should be displayed on this organization’s login prompt. Only applicable for enterprise connections. Default: true.' is_signup_enabled: type: boolean description: 'Determines whether organization signup should be enabled for this organization connection. Only applicable for database connections. Default: false.' organization_access_level: $ref: '#/components/schemas/OrganizationAccessLevelEnum' is_enabled: type: boolean description: Whether the connection is enabled for the organization. connection_id: type: string description: Connection identifier. minLength: 1 maxLength: 50 format: connection-id CreateOrganizationAllConnectionResponseContent: type: object additionalProperties: false required: - connection_id properties: organization_connection_name: type: string description: Name of the connection in the scope of this organization. minLength: 1 maxLength: 50 pattern: "^[^\0]*$" assign_membership_on_login: type: boolean description: When true, all users that log in with this connection will be automatically granted membership in the organization. When false, users must be granted membership in the organization before logging in with this connection. show_as_button: type: boolean description: 'Determines whether a connection should be displayed on this organization’s login prompt. Only applicable for enterprise connections. Default: true.' is_signup_enabled: type: boolean description: 'Determines whether organization signup should be enabled for this organization connection. Only applicable for database connections. Default: false.' organization_access_level: $ref: '#/components/schemas/OrganizationAccessLevelEnum' is_enabled: type: boolean description: Whether the connection is enabled for the organization. connection_id: type: string description: Connection identifier. minLength: 1 maxLength: 50 format: connection-id connection: $ref: '#/components/schemas/OrganizationConnectionInformation' CreateOrganizationDiscoveryDomainRequestContent: type: object additionalProperties: false required: - domain properties: domain: type: string description: The domain name to associate with the organization e.g. acme.com. minLength: 3 maxLength: 255 status: $ref: '#/components/schemas/OrganizationDiscoveryDomainStatus' use_for_organization_discovery: type: boolean description: Indicates whether this domain should be used for organization discovery. CreateOrganizationDiscoveryDomainResponseContent: type: object additionalProperties: false required: - id - domain - status - verification_host - verification_txt properties: id: type: string description: Organization discovery domain identifier. format: organization-discovery-domain-id domain: type: string description: The domain name to associate with the organization e.g. acme.com. minLength: 3 maxLength: 255 pattern: ^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9-]*[A-Za-z0-9])$ status: $ref: '#/components/schemas/OrganizationDiscoveryDomainStatus' use_for_organization_discovery: type: boolean description: Indicates whether this domain should be used for organization discovery. verification_txt: type: string description: A unique token generated for the discovery domain. This must be placed in a DNS TXT record at the location specified by the verification_host field to prove domain ownership. verification_host: type: string description: The full domain where the TXT record should be added. CreateOrganizationInvitationRequestContent: type: object additionalProperties: false required: - inviter - invitee - client_id properties: inviter: $ref: '#/components/schemas/OrganizationInvitationInviter' invitee: $ref: '#/components/schemas/OrganizationInvitationInvitee' client_id: type: string description: Auth0 client ID. Used to resolve the application's login initiation endpoint. default: AaiyAPdpYdesoKnqjj8HJqRn4T5titww format: client-id connection_id: type: string description: The id of the connection to force invitee to authenticate with. default: con_0000000000000001 format: connection-id app_metadata: $ref: '#/components/schemas/AppMetadata' user_metadata: $ref: '#/components/schemas/UserMetadata' ttl_sec: type: integer description: 'Number of seconds for which the invitation is valid before expiration. If unspecified or set to 0, this value defaults to 604800 seconds (7 days). Max value: 2592000 seconds (30 days).' minimum: 0 maximum: 2592000 roles: type: array description: List of roles IDs to associated with the user. minItems: 1 items: type: string format: role-id send_invitation_email: type: boolean description: Whether the user will receive an invitation email (true) or no email (false), true by default default: true CreateOrganizationInvitationResponseContent: type: object additionalProperties: false properties: id: type: string description: The id of the user invitation. default: uinv_0000000000000001 format: user-invitation-id organization_id: type: string description: Organization identifier. maxLength: 50 format: organization-id inviter: $ref: '#/components/schemas/OrganizationInvitationInviter' invitee: $ref: '#/components/schemas/OrganizationInvitationInvitee' invitation_url: type: string description: The invitation url to be send to the invitee. default: https://mycompany.org/login?invitation=f81dWWYW6gzGGicxT8Ha0txBkGNcAcYr&organization=org_0000000000000001&organization_name=acme format: strict-https-uri created_at: type: string description: The ISO 8601 formatted timestamp representing the creation time of the invitation. default: '2020-08-20T19:10:06.299Z' format: date-time expires_at: type: string description: The ISO 8601 formatted timestamp representing the expiration time of the invitation. default: '2020-08-27T19:10:06.299Z' format: date-time client_id: type: string description: Auth0 client ID. Used to resolve the application's login initiation endpoint. default: AaiyAPdpYdesoKnqjj8HJqRn4T5titww format: client-id connection_id: type: string description: The id of the connection to force invitee to authenticate with. default: con_0000000000000001 format: connection-id app_metadata: $ref: '#/components/schemas/AppMetadata' user_metadata: $ref: '#/components/schemas/UserMetadata' roles: type: array description: List of roles IDs to associated with the user. minItems: 1 items: type: string format: role-id ticket_id: type: string description: The id of the invitation ticket format: ticket-id CreateOrganizationMemberRequestContent: type: object additionalProperties: true required: - members properties: members: type: array description: List of user IDs to add to the organization as members. minItems: 1 items: type: string format: user-id-with-max-length CreateOrganizationRequestContent: type: object additionalProperties: false required: - name properties: name: type: string description: The name of this organization. default: organization-1 minLength: 1 maxLength: 50 format: organization-name display_name: type: string description: Friendly name of this organization. default: Acme Users minLength: 1 maxLength: 255 branding: $ref: '#/components/schemas/OrganizationBranding' metadata: $ref: '#/components/schemas/OrganizationMetadata' enabled_connections: type: array description: Connections that will be enabled for this organization. See POST enabled_connections endpoint for the object format. (Max of 10 connections allowed) items: $ref: '#/components/schemas/ConnectionForOrganization' token_quota: $ref: '#/components/schemas/CreateTokenQuota' x-release-lifecycle: EA CreateOrganizationResponseContent: type: object additionalProperties: true properties: id: type: string description: Organization identifier. maxLength: 50 format: organization-id name: type: string description: The name of this organization. default: organization-1 minLength: 1 maxLength: 50 format: organization-name display_name: type: string description: Friendly name of this organization. default: Acme Users minLength: 1 maxLength: 255 branding: $ref: '#/components/schemas/OrganizationBranding' metadata: $ref: '#/components/schemas/OrganizationMetadata' token_quota: $ref: '#/components/schemas/TokenQuota' x-release-lifecycle: EA enabled_connections: type: array items: $ref: '#/components/schemas/OrganizationEnabledConnection' CreatePhoneProviderSendTestRequestContent: type: object additionalProperties: false required: - to properties: to: type: string description: The recipient phone number to receive a given notification. minLength: 1 maxLength: 16 delivery_method: $ref: '#/components/schemas/PhoneProviderDeliveryMethodEnum' CreatePhoneProviderSendTestResponseContent: type: object additionalProperties: false properties: code: type: number description: The status code of the operation. message: type: string description: The description of the operation status. CreatePhoneTemplateRequestContent: type: object additionalProperties: false properties: type: $ref: '#/components/schemas/PhoneTemplateNotificationTypeEnum' disabled: type: boolean description: Whether the template is enabled (false) or disabled (true). default: false content: $ref: '#/components/schemas/PhoneTemplateContent' CreatePhoneTemplateResponseContent: type: object additionalProperties: false required: - content - disabled - id - type properties: id: type: string minLength: 1 maxLength: 255 channel: type: string customizable: type: boolean tenant: type: string minLength: 1 maxLength: 255 content: $ref: '#/components/schemas/PhoneTemplateContent' type: $ref: '#/components/schemas/PhoneTemplateNotificationTypeEnum' disabled: type: boolean description: Whether the template is enabled (false) or disabled (true). default: false CreatePhoneTemplateTestNotificationRequestContent: type: object additionalProperties: true required: - to properties: to: type: string description: Destination of the testing phone notification minLength: 1 maxLength: 16 delivery_method: $ref: '#/components/schemas/PhoneProviderDeliveryMethodEnum' description: Medium to use to send the notification CreatePhoneTemplateTestNotificationResponseContent: type: object additionalProperties: true required: - message properties: message: type: string CreatePublicKeyDeviceCredentialRequestContent: type: object additionalProperties: true required: - device_name - type - value - device_id properties: device_name: type: string description: Name for this device easily recognized by owner. minLength: 1 type: $ref: '#/components/schemas/DeviceCredentialPublicKeyTypeEnum' value: type: string description: Base64 encoded string containing the credential. minLength: 1 device_id: type: string description: Unique identifier for the device. Recommend using Android_ID on Android and identifierForVendor. maxLength: 36 pattern: ^[-A-Fa-f0-9]+$ client_id: type: string description: client_id of the client (application) this credential is for. format: client-id CreatePublicKeyDeviceCredentialResponseContent: type: object additionalProperties: true required: - id properties: id: type: string description: The credential's identifier default: dcr_0000000000000001 CreateResourceServerRequestContent: type: object additionalProperties: false required: - identifier properties: name: type: string description: Friendly name for this resource server. Can not contain `<` or `>` characters. maxLength: 200 pattern: ^[^<>]+$ identifier: type: string description: Unique identifier for the API used as the audience parameter on authorization calls. Can not be changed once set. minLength: 1 maxLength: 600 scopes: type: array description: List of permissions (scopes) that this API uses. items: $ref: '#/components/schemas/ResourceServerScope' signing_alg: $ref: '#/components/schemas/SigningAlgorithmEnum' signing_secret: type: string description: Secret used to sign tokens when using symmetric algorithms (HS256). minLength: 16 allow_offline_access: type: boolean description: Whether refresh tokens can be issued for this API (true) or not (false). allow_online_access: type: boolean description: Whether Online Refresh Tokens can be issued for this API (true) or not (false). token_lifetime: type: integer description: Expiration value (in seconds) for access tokens issued for this API from the token endpoint. minimum: 0 maximum: 2592000 token_dialect: $ref: '#/components/schemas/ResourceServerTokenDialectSchemaEnum' skip_consent_for_verifiable_first_party_clients: type: boolean description: Whether to skip user consent for applications flagged as first party (true) or not (false). enforce_policies: type: boolean description: Whether to enforce authorization policies (true) or to ignore them (false). token_encryption: $ref: '#/components/schemas/ResourceServerTokenEncryption' consent_policy: $ref: '#/components/schemas/ResourceServerConsentPolicyEnum' authorization_details: type: - array - 'null' items: {} proof_of_possession: $ref: '#/components/schemas/ResourceServerProofOfPossession' subject_type_authorization: $ref: '#/components/schemas/ResourceServerSubjectTypeAuthorization' authorization_policy: $ref: '#/components/schemas/ResourceServerAuthorizationPolicy' x-release-lifecycle: EA CreateResourceServerResponseContent: type: object additionalProperties: false properties: id: type: string description: ID of the API (resource server). name: type: string description: Friendly name for this resource server. Can not contain `<` or `>` characters. is_system: type: boolean description: Whether this is an Auth0 system API (true) or a custom API (false). identifier: type: string description: Unique identifier for the API used as the audience parameter on authorization calls. Can not be changed once set. scopes: type: array description: List of permissions (scopes) that this API uses. items: $ref: '#/components/schemas/ResourceServerScope' signing_alg: $ref: '#/components/schemas/SigningAlgorithmEnum' signing_secret: type: string description: Secret used to sign tokens when using symmetric algorithms (HS256). minLength: 16 allow_offline_access: type: boolean description: Whether refresh tokens can be issued for this API (true) or not (false). allow_online_access: type: boolean description: Whether Online Refresh Tokens can be issued for this API (true) or not (false). skip_consent_for_verifiable_first_party_clients: type: boolean description: Whether to skip user consent for applications flagged as first party (true) or not (false). token_lifetime: type: integer description: Expiration value (in seconds) for access tokens issued for this API from the token endpoint. token_lifetime_for_web: type: integer description: Expiration value (in seconds) for access tokens issued for this API via Implicit or Hybrid Flows. Cannot be greater than the `token_lifetime` value. enforce_policies: type: boolean description: Whether authorization polices are enforced (true) or unenforced (false). token_dialect: $ref: '#/components/schemas/ResourceServerTokenDialectResponseEnum' token_encryption: $ref: '#/components/schemas/ResourceServerTokenEncryption' consent_policy: $ref: '#/components/schemas/ResourceServerConsentPolicyEnum' authorization_details: type: - array - 'null' items: {} proof_of_possession: $ref: '#/components/schemas/ResourceServerProofOfPossession' subject_type_authorization: $ref: '#/components/schemas/ResourceServerSubjectTypeAuthorization' authorization_policy: $ref: '#/components/schemas/ResourceServerAuthorizationPolicy' x-release-lifecycle: EA client_id: type: string description: The client ID of the client that this resource server is linked to format: client-id CreateRoleRequestContent: type: object additionalProperties: false required: - name properties: name: type: string description: Name of the role. description: type: string description: Description of the role. CreateRoleResponseContent: type: object additionalProperties: false properties: id: type: string description: ID for this role. name: type: string description: Name of this role. description: type: string description: Description of this role. CreateRuleRequestContent: type: object additionalProperties: false required: - name - script properties: name: type: string description: Name of this rule. default: my-rule pattern: ^[a-zA-Z0-9]([ \-a-zA-Z0-9]*[a-zA-Z0-9])?$ script: type: string description: Code to be executed when this rule runs. default: "function (user, context, callback) {\n callback(null, user, context);\n}" minLength: 1 order: type: number description: Order that this rule should execute in relative to other rules. Lower-valued rules execute first. default: 2 minimum: 0 enabled: type: boolean description: Whether the rule is enabled (true), or disabled (false). default: true CreateRuleResponseContent: type: object additionalProperties: false properties: name: type: string description: Name of this rule. default: rule_1 id: type: string description: ID of this rule. default: con_0000000000000001 enabled: type: boolean description: Whether the rule is enabled (true), or disabled (false). default: true script: type: string description: Code to be executed when this rule runs. default: "function (user, context, callback) {\n callback(null, user, context);\n}" order: type: number description: Order that this rule should execute in relative to other rules. Lower-valued rules execute first. default: 1 stage: type: string description: Execution stage of this rule. Can be `login_success`, `login_failure`, or `pre_authorize`. default: login_success CreateScimConfigurationRequestContent: type: - object - 'null' additionalProperties: false properties: user_id_attribute: type: string description: User ID attribute for generating unique user ids mapping: type: array description: The mapping between auth0 and SCIM items: $ref: '#/components/schemas/ScimMappingItem' CreateScimConfigurationResponseContent: type: object additionalProperties: false required: - tenant_name - connection_id - connection_name - strategy - created_at - updated_on - mapping - user_id_attribute properties: connection_id: type: string description: The connection's identifier connection_name: type: string description: The connection's name strategy: type: string description: The connection's strategy tenant_name: type: string description: The tenant's name user_id_attribute: type: string description: User ID attribute for generating unique user ids mapping: type: array description: The mapping between auth0 and SCIM items: $ref: '#/components/schemas/ScimMappingItem' created_at: type: string description: The ISO 8601 date and time the SCIM configuration was created at format: date-time updated_on: type: string description: The ISO 8601 date and time the SCIM configuration was last updated on format: date-time CreateScimTokenRequestContent: type: object description: SCIM Token additionalProperties: false properties: scopes: type: array description: The scopes of the scim token minItems: 1 items: type: string description: The token's scope token_lifetime: type: - integer - 'null' description: Lifetime of the token in seconds. Must be greater than 900 CreateScimTokenResponseContent: type: object additionalProperties: false properties: token_id: type: string description: The token's identifier token: type: string description: The scim client's token scopes: type: array description: The scopes of the scim token items: type: string description: The token's scope created_at: type: string description: The token's created at timestamp valid_until: type: string description: The token's valid until at timestamp CreateSelfServiceProfileRequestContent: type: object additionalProperties: false required: - name properties: name: type: string description: The name of the self-service Profile. minLength: 1 maxLength: 100 description: type: string description: The description of the self-service Profile. minLength: 1 maxLength: 140 branding: $ref: '#/components/schemas/SelfServiceProfileBrandingProperties' allowed_strategies: type: array description: 'List of IdP strategies that will be shown to users during the Self-Service Enterprise Configuration flow. Possible values: [`oidc`, `samlp`, `waad`, `google-apps`, `adfs`, `okta`, `auth0-samlp`, `okta-samlp`, `keycloak-samlp`, `pingfederate`]' minItems: 1 items: $ref: '#/components/schemas/SelfServiceProfileAllowedStrategyEnum' user_attributes: type: array description: List of attributes to be mapped that will be shown to the user during the Self-Service Enterprise Configuration flow. items: $ref: '#/components/schemas/SelfServiceProfileUserAttribute' user_attribute_profile_id: type: string description: ID of the user-attribute-profile to associate with this self-service profile. format: user-attribute-profile-id x-release-lifecycle: EA CreateSelfServiceProfileResponseContent: type: object additionalProperties: false properties: id: type: string description: The unique ID of the self-service Profile. default: ssp_n7SNCL8seoyV1TuSTCnAeo name: type: string description: The name of the self-service Profile. description: type: string description: The description of the self-service Profile. user_attributes: type: array description: List of attributes to be mapped that will be shown to the user during the Self-Service Enterprise Configuration flow. items: $ref: '#/components/schemas/SelfServiceProfileUserAttribute' created_at: type: string description: The time when this self-service Profile was created. default: '2021-01-01T00:00:00.000Z' format: date-time updated_at: type: string description: The time when this self-service Profile was updated. default: '2021-01-01T00:00:00.000Z' format: date-time branding: $ref: '#/components/schemas/SelfServiceProfileBrandingProperties' allowed_strategies: type: array description: 'List of IdP strategies that will be shown to users during the Self-Service Enterprise Configuration flow. Possible values: [`oidc`, `samlp`, `waad`, `google-apps`, `adfs`, `okta`, `auth0-samlp`, `okta-samlp`, `keycloak-samlp`, `pingfederate`]' minItems: 1 items: $ref: '#/components/schemas/SelfServiceProfileAllowedStrategyEnum' user_attribute_profile_id: type: string description: ID of the user-attribute-profile to associate with this self-service profile. format: user-attribute-profile-id x-release-lifecycle: EA CreateSelfServiceProfileSsoTicketRequestContent: type: object additionalProperties: false properties: connection_id: type: string description: If provided, this will allow editing of the provided connection during the Self-Service Enterprise Configuration flow format: connection-id connection_config: $ref: '#/components/schemas/SelfServiceProfileSsoTicketConnectionConfig' enabled_clients: type: array description: List of client_ids that the connection will be enabled for. minItems: 0 items: type: string enabled_organizations: type: array description: List of organizations that the connection will be enabled for. minItems: 0 items: $ref: '#/components/schemas/SelfServiceProfileSsoTicketEnabledOrganization' ttl_sec: type: integer description: Number of seconds for which the ticket is valid before expiration. If unspecified or set to 0, this value defaults to 432000 seconds (5 days). minimum: 0 maximum: 432000 domain_aliases_config: $ref: '#/components/schemas/SelfServiceProfileSsoTicketDomainAliasesConfig' provisioning_config: $ref: '#/components/schemas/SelfServiceProfileSsoTicketProvisioningConfig' x-release-lifecycle: GA use_for_organization_discovery: type: boolean description: Indicates whether a verified domain should be used for organization discovery during authentication. x-release-lifecycle: GA enabled_features: $ref: '#/components/schemas/SelfServiceProfileSsoTicketEnabledFeatures' x-release-lifecycle: GA CreateSelfServiceProfileSsoTicketResponseContent: type: object additionalProperties: false properties: ticket: type: string description: The URL for the created ticket. CreateTokenExchangeProfileRequestContent: type: object additionalProperties: false required: - name - subject_token_type - action_id - type properties: name: type: string description: Friendly name of this profile. default: Token Exchange Profile 1 minLength: 3 maxLength: 50 subject_token_type: type: string description: Subject token type for this profile. When receiving a token exchange request on the Authentication API, the corresponding token exchange profile with a matching subject_token_type will be executed. This must be a URI. minLength: 8 maxLength: 100 format: url action_id: type: string description: The ID of the Custom Token Exchange action to execute for this profile, in order to validate the subject_token. The action must use the custom-token-exchange trigger. minLength: 1 maxLength: 36 type: $ref: '#/components/schemas/TokenExchangeProfileTypeEnum' CreateTokenExchangeProfileResponseContent: type: object additionalProperties: true properties: id: type: string description: The unique ID of the token exchange profile. format: token-exchange-profile-id name: type: string description: Friendly name of this profile. default: Token Exchange Profile 1 minLength: 3 maxLength: 50 subject_token_type: type: string description: Subject token type for this profile. When receiving a token exchange request on the Authentication API, the corresponding token exchange profile with a matching subject_token_type will be executed. This must be a URI. minLength: 8 maxLength: 100 format: url action_id: type: string description: The ID of the Custom Token Exchange action to execute for this profile, in order to validate the subject_token. The action must use the custom-token-exchange trigger. minLength: 1 maxLength: 36 type: $ref: '#/components/schemas/TokenExchangeProfileTypeEnum' created_at: type: string description: The time when this profile was created. default: '2024-01-01T00:00:00.000Z' format: date-time updated_at: type: string description: The time when this profile was updated. default: '2024-01-01T00:00:00.000Z' format: date-time CreateTokenQuota: type: object additionalProperties: false required: - client_credentials x-release-lifecycle: EA properties: client_credentials: $ref: '#/components/schemas/TokenQuotaClientCredentials' CreateUserAttributeProfileRequestContent: type: object additionalProperties: false required: - name - user_attributes properties: name: $ref: '#/components/schemas/UserAttributeProfileName' user_id: $ref: '#/components/schemas/UserAttributeProfileUserId' user_attributes: $ref: '#/components/schemas/UserAttributeProfileUserAttributes' CreateUserAttributeProfileResponseContent: type: object additionalProperties: false properties: id: $ref: '#/components/schemas/UserAttributeProfileId' name: $ref: '#/components/schemas/UserAttributeProfileName' user_id: $ref: '#/components/schemas/UserAttributeProfileUserId' user_attributes: $ref: '#/components/schemas/UserAttributeProfileUserAttributes' CreateUserAuthenticationMethodRequestContent: type: object additionalProperties: false required: - type properties: type: $ref: '#/components/schemas/CreatedUserAuthenticationMethodTypeEnum' name: type: string description: A human-readable label to identify the authentication method. totp_secret: type: string description: Base32 encoded secret for TOTP generation. phone_number: type: string description: Applies to phone authentication methods only. The destination phone number used to send verification codes via text and voice. minLength: 2 maxLength: 30 email: type: string description: Applies to email authentication methods only. The email address used to send verification messages. preferred_authentication_method: $ref: '#/components/schemas/PreferredAuthenticationMethodEnum' key_id: type: string description: Applies to webauthn authentication methods only. The id of the credential. public_key: type: string description: Applies to webauthn authentication methods only. The public key, which is encoded as base64. relying_party_identifier: type: string description: Applies to webauthn authentication methods only. The relying party identifier. format: hostname CreateUserAuthenticationMethodResponseContent: type: object description: The successfully created authentication method. additionalProperties: false required: - type properties: id: type: string description: The ID of the newly created authentication method (automatically generated by the application) format: authenticator-id type: $ref: '#/components/schemas/CreatedUserAuthenticationMethodTypeEnum' name: type: string description: A human-readable label to identify the authentication method. totp_secret: type: string description: Base32 encoded secret for TOTP generation phone_number: type: string description: Applies to phone authentication methods only. The destination phone number used to send verification codes via text and voice. minLength: 2 maxLength: 30 email: type: string description: Applies to email authentication methods only. The email address used to send verification messages. authentication_methods: type: array items: $ref: '#/components/schemas/UserAuthenticationMethodProperties' preferred_authentication_method: $ref: '#/components/schemas/PreferredAuthenticationMethodEnum' description: Preferred phone authentication method key_id: type: string description: Applies to webauthn authenticators only. The id of the credential. public_key: type: string description: Applies to webauthn authenticators only. The public key. aaguid: type: string description: Applies to passkeys only. Authenticator Attestation Globally Unique Identifier. relying_party_identifier: type: string description: Applies to webauthn authenticators only. The relying party identifier. created_at: type: string description: Authentication method creation date format: date-time CreateUserPermissionsRequestContent: type: object additionalProperties: false required: - permissions properties: permissions: type: array description: List of permissions to add to this user. minItems: 1 items: $ref: '#/components/schemas/PermissionRequestPayload' CreateUserRequestContent: type: object additionalProperties: false required: - connection properties: email: type: string description: The user's email. default: john.doe@gmail.com format: email phone_number: type: string description: The user's phone number (following the E.164 recommendation). default: '+199999999999999' pattern: ^\+[0-9]{1,15}$ user_metadata: $ref: '#/components/schemas/UserMetadata' blocked: type: boolean description: Whether this user was blocked by an administrator (true) or not (false). default: false email_verified: type: boolean description: Whether this email address is verified (true) or unverified (false). User will receive a verification email after creation if `email_verified` is false or not specified default: false phone_verified: type: boolean description: Whether this phone number has been verified (true) or not (false). default: false app_metadata: $ref: '#/components/schemas/AppMetadata' given_name: type: string description: The user's given name(s). default: John minLength: 1 maxLength: 150 family_name: type: string description: The user's family name(s). default: Doe minLength: 1 maxLength: 150 name: type: string description: The user's full name. default: John Doe minLength: 1 maxLength: 300 nickname: type: string description: The user's nickname. default: Johnny minLength: 1 maxLength: 300 picture: type: string description: A URI pointing to the user's picture. default: https://secure.gravatar.com/avatar/15626c5e0c749cb912f9d1ad48dba440?s=480&r=pg&d=https%3A%2F%2Fssl.gstatic.com%2Fs2%2Fprofiles%2Fimages%2Fsilhouette80.png format: strict-uri user_id: type: string description: The external user's id provided by the identity provider. default: abc minLength: 0 maxLength: 255 pattern: ^\S*$ connection: type: string description: Name of the connection this user should be created in. default: Initial-Connection minLength: 1 password: type: string description: Initial password for this user. Only valid for auth0 connection strategy. default: secret minLength: 1 verify_email: type: boolean description: Whether the user will receive a verification email after creation (true) or no email (false). Overrides behavior of `email_verified` parameter. default: false username: type: string description: The user's username. Only valid if the connection requires a username. default: johndoe minLength: 1 maxLength: 128 CreateUserResponseContent: type: object additionalProperties: true properties: user_id: type: string description: ID of the user which can be used when interacting with other APIs. default: auth0|507f1f77bcf86cd799439020 email: type: string description: Email address of this user. default: john.doe@gmail.com format: email email_verified: type: boolean description: Whether this email address is verified (true) or unverified (false). default: false username: type: string description: Username of this user. default: johndoe phone_number: type: string description: Phone number for this user. Follows the E.164 recommendation. default: '+199999999999999' phone_verified: type: boolean description: Whether this phone number has been verified (true) or not (false). default: false created_at: $ref: '#/components/schemas/UserDateSchema' updated_at: $ref: '#/components/schemas/UserDateSchema' identities: type: array description: Array of user identity objects when accounts are linked. items: $ref: '#/components/schemas/UserIdentitySchema' app_metadata: $ref: '#/components/schemas/UserAppMetadataSchema' user_metadata: $ref: '#/components/schemas/UserMetadataSchema' picture: type: string description: URL to picture, photo, or avatar of this user. name: type: string description: Name of this user. nickname: type: string description: Preferred nickname or alias of this user. multifactor: type: array description: List of multi-factor authentication providers with which this user has enrolled. items: type: string last_ip: type: string description: Last IP address from which this user logged in. last_login: $ref: '#/components/schemas/UserDateSchema' logins_count: type: integer description: Total number of logins this user has performed. blocked: type: boolean description: Whether this user was blocked by an administrator (true) or is not (false). given_name: type: string description: Given name/first name/forename of this user. family_name: type: string description: Family name/last name/surname of this user. CreateVerifiableCredentialTemplateRequestContent: type: object additionalProperties: false required: - name - dialect - presentation - type - well_known_trusted_issuers properties: name: type: string minLength: 1 maxLength: 255 type: type: string minLength: 1 maxLength: 255 dialect: type: string maxLength: 255 pattern: ^simplified/1.0$ presentation: $ref: '#/components/schemas/MdlPresentationRequest' custom_certificate_authority: type: - string - 'null' minLength: 1 maxLength: 4096 well_known_trusted_issuers: type: string minLength: 1 maxLength: 255 pattern: ^aamva$ CreateVerifiableCredentialTemplateResponseContent: type: object additionalProperties: true properties: id: type: string description: The id of the template. default: vct_0000000000000001 name: type: string description: The name of the template. type: type: string description: The type of the template. default: mdl dialect: type: string description: The dialect of the template. default: simplified/1.0 maxLength: 255 presentation: $ref: '#/components/schemas/MdlPresentationRequest' custom_certificate_authority: type: - string - 'null' description: The custom certificate authority. minLength: 1 maxLength: 4096 well_known_trusted_issuers: type: - string - 'null' description: The well-known trusted issuers, comma separated. minLength: 1 maxLength: 255 created_at: type: string description: The date and time the template was created. default: '2021-01-01T00:00:00Z' format: date-time updated_at: type: string description: The date and time the template was created. default: '2021-01-01T00:00:00Z' format: date-time CreateVerificationEmailRequestContent: type: object additionalProperties: false required: - user_id properties: user_id: type: string description: user_id of the user to send the verification email to. default: google-oauth2|1234 format: user-id client_id: type: string description: client_id of the client (application). If no value provided, the global Client ID will be used. format: client-id identity: $ref: '#/components/schemas/Identity' organization_id: type: string description: (Optional) Organization ID – the ID of the Organization. If provided, organization parameters will be made available to the email template and organization branding will be applied to the prompt. In addition, the redirect link in the prompt will include organization_id and organization_name query string parameters. default: org_2eondWoxcMIpaLQc format: organization-id CreateVerificationEmailResponseContent: type: object additionalProperties: true required: - id - type - status properties: status: type: string description: Status of this job. default: completed type: type: string description: Type of job this is. default: verification_email created_at: type: string description: When this job was created. id: type: string description: ID of this job. default: job_0000000000000001 CreatedAuthenticationMethodTypeEnum: type: string enum: - phone - email - totp - webauthn-roaming CreatedUserAuthenticationMethodTypeEnum: type: string enum: - phone - email - totp - webauthn-roaming - passkey CredentialId: type: object additionalProperties: false required: - id properties: id: type: string description: Credential ID format: credential-id CustomDomain: type: object additionalProperties: false required: - custom_domain_id - domain - primary - status - type properties: custom_domain_id: type: string description: ID of the custom domain. default: cd_0000000000000001 domain: type: string description: Domain name. default: login.mycompany.com primary: type: boolean description: Whether this is a primary domain (true) or not (false). default: false is_default: type: boolean description: Whether this is the default custom domain (true) or not (false). default: false status: $ref: '#/components/schemas/CustomDomainStatusFilterEnum' type: $ref: '#/components/schemas/CustomDomainTypeEnum' origin_domain_name: type: string description: Intermediate address. default: mycompany_cd_0000000000000001.edge.tenants.auth0.com verification: $ref: '#/components/schemas/DomainVerification' custom_client_ip_header: type: - string - 'null' description: The HTTP header to fetch the client's IP address tls_policy: type: string description: The TLS version policy default: recommended domain_metadata: $ref: '#/components/schemas/DomainMetadata' certificate: $ref: '#/components/schemas/DomainCertificate' relying_party_identifier: type: string description: Relying Party ID (rpId) to be used for Passkeys on this custom domain. If not present, the full domain will be used. format: hostname CustomDomainCustomClientIpHeader: oneOf: - $ref: '#/components/schemas/CustomDomainCustomClientIpHeaderEnum' - type: 'null' CustomDomainCustomClientIpHeaderEnum: type: string description: The HTTP header to fetch the client's IP address default: true-client-ip enum: - true-client-ip - cf-connecting-ip - x-forwarded-for - x-azure-clientip - '' CustomDomainProvisioningTypeEnum: type: string description: Custom domain provisioning type. Must be `auth0_managed_certs` or `self_managed_certs`. enum: - auth0_managed_certs - self_managed_certs CustomDomainStatusFilterEnum: type: string description: Custom domain configuration status. Can be `failed`, `pending_verification`, or `ready`. default: ready enum: - pending_verification - ready - failed CustomDomainTlsPolicyEnum: type: string description: Custom domain TLS policy. Must be `recommended`, includes TLS 1.2. default: recommended enum: - recommended CustomDomainTypeEnum: type: string description: Custom domain provisioning type. Can be `auth0_managed_certs` or `self_managed_certs`. default: self_managed_certs enum: - auth0_managed_certs - self_managed_certs CustomDomainVerificationMethodEnum: type: string description: Custom domain verification method. Must be `txt`. default: txt enum: - txt CustomProviderConfiguration: type: object additionalProperties: false required: - delivery_methods properties: delivery_methods: type: array minItems: 1 items: $ref: '#/components/schemas/CustomProviderDeliveryMethodEnum' CustomProviderCredentials: type: object additionalProperties: false properties: {} CustomProviderDeliveryMethodEnum: type: string enum: - text - voice CustomSigningKeyAlgorithmEnum: type: string description: Key algorithm enum: - RS256 - RS384 - RS512 - ES256 - ES384 - ES512 - PS256 - PS384 - PS512 CustomSigningKeyCurveEnum: type: string description: Curve enum: - P-256 - P-384 - P-521 CustomSigningKeyJWK: type: object description: JWK representing a custom public signing key. additionalProperties: false required: - kty properties: kty: $ref: '#/components/schemas/CustomSigningKeyTypeEnum' kid: type: string description: Key identifier use: $ref: '#/components/schemas/CustomSigningKeyUseEnum' key_ops: type: array description: Key operations minItems: 1 items: $ref: '#/components/schemas/CustomSigningKeyOperationEnum' alg: $ref: '#/components/schemas/CustomSigningKeyAlgorithmEnum' n: type: string description: Key modulus e: type: string description: Key exponent crv: $ref: '#/components/schemas/CustomSigningKeyCurveEnum' x: type: string description: X coordinate y: type: string description: Y coordinate x5u: type: string description: X.509 URL x5c: type: array description: X.509 certificate chain minItems: 1 items: type: string x5t: type: string description: X.509 certificate SHA-1 thumbprint x5t#S256: type: string description: X.509 certificate SHA-256 thumbprint CustomSigningKeyOperationEnum: type: string enum: - verify CustomSigningKeyTypeEnum: type: string description: Key type enum: - EC - RSA CustomSigningKeyUseEnum: type: string description: Key use enum: - sig DailyStats: type: object additionalProperties: true properties: date: type: string description: Date these events occurred in ISO 8601 format. default: '2014-01-01T00:00:00.000Z' logins: type: integer description: Number of logins on this date. default: 100 signups: type: integer description: Number of signups on this date. default: 100 leaked_passwords: type: integer description: Number of breached-password detections on this date (subscription required). default: 100 updated_at: type: string description: Date and time this stats entry was last updated in ISO 8601 format. default: '2014-01-01T02:00:00.000Z' created_at: type: string description: Approximate date and time the first event occurred in ISO 8601 format. default: '2014-01-01T20:00:00.000Z' DefaultMethodEmailIdentifierEnum: type: string description: Default authentication method for email identifier enum: - password - email_otp x-release-lifecycle: EA DefaultTokenQuota: type: - object - 'null' description: Token Quota configuration, to configure quotas for token issuance for clients and organizations. Applied to all clients and organizations unless overridden in individual client or organization settings. additionalProperties: false minProperties: 1 x-release-lifecycle: EA properties: clients: $ref: '#/components/schemas/TokenQuotaConfiguration' organizations: $ref: '#/components/schemas/TokenQuotaConfiguration' DeleteHookSecretRequestContent: type: array description: Array of secret names to delete. minItems: 1 items: type: string DeleteOrganizationMemberRolesRequestContent: type: object additionalProperties: false required: - roles properties: roles: type: array description: List of roles IDs associated with the organization member to remove. minItems: 1 items: type: string format: role-id DeleteOrganizationMembersRequestContent: type: object additionalProperties: true required: - members properties: members: type: array description: List of user IDs to remove from the organization. minItems: 1 items: type: string format: user-id-with-max-length DeleteRolePermissionsRequestContent: type: object additionalProperties: false required: - permissions properties: permissions: type: array description: array of resource_server_identifier, permission_name pairs. minItems: 1 items: $ref: '#/components/schemas/PermissionRequestPayload' DeleteUserIdentityResponseContent: type: array description: An array of objects with information about the user's identities. items: type: object additionalProperties: false required: - provider - user_id - connection properties: connection: type: string description: The name of the connection for the identity. default: Initial-Connection user_id: type: string description: The unique identifier for the user for the identity. default: 5457edea1b8f22891a000004 provider: type: string description: The type of identity provider. default: auth0 isSocial: type: boolean description: true if the identity provider is a social provider, falses otherwise access_token: type: string description: IDP access token returned only if scope read:user_idp_tokens is defined access_token_secret: type: string description: IDP access token secret returned only if scope read:user_idp_tokens is defined. refresh_token: type: string description: IDP refresh token returned only if scope read:user_idp_tokens is defined. profileData: $ref: '#/components/schemas/UserProfileData' DeleteUserPermissionsRequestContent: type: object additionalProperties: false required: - permissions properties: permissions: type: array description: List of permissions to remove from this user. minItems: 1 items: $ref: '#/components/schemas/PermissionRequestPayload' DeleteUserRolesRequestContent: type: object additionalProperties: false required: - roles properties: roles: type: array description: List of roles IDs to remove from the user. minItems: 1 items: type: string minLength: 1 DeployActionResponseContent: type: object additionalProperties: false properties: id: type: string description: The unique id of an action version. default: 12a3b9e6-06e6-4a29-96bf-90c82fe79a0d action_id: type: string description: The id of the action to which this version belongs. default: 910b1053-577f-4d81-a8c8-020e7319a38a code: type: string description: The source code of this specific version of the action. default: module.exports = () => {} dependencies: type: array description: 'The list of third party npm modules, and their versions, that this specific version depends on. ' items: $ref: '#/components/schemas/ActionVersionDependency' deployed: type: boolean description: Indicates if this specific version is the currently one deployed. default: true runtime: type: string description: 'The Node runtime. For example: `node22`' default: node22 secrets: type: array description: The list of secrets that are included in an action or a version of an action. items: $ref: '#/components/schemas/ActionSecretResponse' status: $ref: '#/components/schemas/ActionVersionBuildStatusEnum' number: type: number description: The index of this version in list of versions for the action. default: 1 errors: type: array description: Any errors that occurred while the version was being built. items: $ref: '#/components/schemas/ActionError' action: $ref: '#/components/schemas/ActionBase' built_at: type: string description: The time when this version was built successfully. default: '2021-01-01T00:00:00.000Z' format: date-time created_at: type: string description: The time when this version was created. default: '2021-01-01T00:00:00.000Z' format: date-time updated_at: type: string description: The time when a version was updated. Versions are never updated externally. Only Auth0 will update an action version as it is being built. default: '2021-01-01T00:00:00.000Z' format: date-time supported_triggers: type: array description: The list of triggers that this version supports. At this time, a version can only target a single trigger at a time. minItems: 1 items: $ref: '#/components/schemas/ActionTrigger' x-release-lifecycle: GA modules: type: array description: The list of action modules and their versions used by this action version. items: $ref: '#/components/schemas/ActionModuleReference' DeployActionVersionRequestContent: type: - object - 'null' additionalProperties: false properties: update_draft: type: boolean description: True if the draft of the action should be updated with the reverted version. default: false DeployActionVersionResponseContent: type: object additionalProperties: false properties: id: type: string description: The unique id of an action version. default: 12a3b9e6-06e6-4a29-96bf-90c82fe79a0d action_id: type: string description: The id of the action to which this version belongs. default: 910b1053-577f-4d81-a8c8-020e7319a38a code: type: string description: The source code of this specific version of the action. default: module.exports = () => {} dependencies: type: array description: 'The list of third party npm modules, and their versions, that this specific version depends on. ' items: $ref: '#/components/schemas/ActionVersionDependency' deployed: type: boolean description: Indicates if this specific version is the currently one deployed. default: true runtime: type: string description: 'The Node runtime. For example: `node22`' default: node22 secrets: type: array description: The list of secrets that are included in an action or a version of an action. items: $ref: '#/components/schemas/ActionSecretResponse' status: $ref: '#/components/schemas/ActionVersionBuildStatusEnum' number: type: number description: The index of this version in list of versions for the action. default: 1 errors: type: array description: Any errors that occurred while the version was being built. items: $ref: '#/components/schemas/ActionError' action: $ref: '#/components/schemas/ActionBase' built_at: type: string description: The time when this version was built successfully. default: '2021-01-01T00:00:00.000Z' format: date-time created_at: type: string description: The time when this version was created. default: '2021-01-01T00:00:00.000Z' format: date-time updated_at: type: string description: The time when a version was updated. Versions are never updated externally. Only Auth0 will update an action version as it is being built. default: '2021-01-01T00:00:00.000Z' format: date-time supported_triggers: type: array description: The list of triggers that this version supports. At this time, a version can only target a single trigger at a time. minItems: 1 items: $ref: '#/components/schemas/ActionTrigger' x-release-lifecycle: GA modules: type: array description: The list of action modules and their versions used by this action version. items: $ref: '#/components/schemas/ActionModuleReference' DeviceCredential: type: object additionalProperties: false properties: id: type: string description: ID of this device. default: dcr_0000000000000001 device_name: type: string description: User agent for this device default: iPhone Mobile Safari UI/WKWebView device_id: type: string description: 'Unique identifier for the device. NOTE: This field is generally not populated for refresh_tokens and rotating_refresh_tokens' default: 550e8400-e29b-41d4-a716-446655440000 type: $ref: '#/components/schemas/DeviceCredentialTypeEnum' description: Type of credential. Can be `public_key`, `refresh_token`, or `rotating_refresh_token`. user_id: type: string description: user_id this credential is associated with. default: usr_5457edea1b8f33391a000004 client_id: type: string description: client_id of the client (application) this credential is for. default: AaiyAPdpYdesoKnqjj8HJqRn4T5titww DeviceCredentialPublicKeyTypeEnum: type: string description: Type of credential. Must be `public_key`. enum: - public_key DeviceCredentialTypeEnum: type: string enum: - public_key - refresh_token - rotating_refresh_token description: Type of credentials to retrieve. Must be `public_key`, `refresh_token` or `rotating_refresh_token`. The property will default to `refresh_token` when paging is requested DirectoryProvisioning: type: object additionalProperties: false required: - connection_id - connection_name - strategy - mapping - synchronize_automatically - created_at - updated_at properties: connection_id: type: string description: The connection's identifier connection_name: type: string description: The connection's name strategy: type: string description: The connection's strategy mapping: type: array description: The mapping between Auth0 and IDP user attributes minItems: 1 items: $ref: '#/components/schemas/DirectoryProvisioningMappingItem' synchronize_automatically: type: boolean description: Whether periodic automatic synchronization is enabled synchronize_groups: $ref: '#/components/schemas/SynchronizeGroupsEnum' x-release-lifecycle: EA created_at: type: string description: The timestamp at which the directory provisioning configuration was created format: date-time updated_at: type: string description: The timestamp at which the directory provisioning configuration was last updated format: date-time last_synchronization_at: type: string description: The timestamp at which the connection was last synchronized format: date-time last_synchronization_status: type: string description: The status of the last synchronization last_synchronization_error: type: string description: The error message of the last synchronization, if any DirectoryProvisioningMappingItem: type: object additionalProperties: false required: - auth0 - idp properties: auth0: type: string description: The field location in the Auth0 schema idp: type: string description: The field location in the IDP schema DomainCertificate: type: object description: Certificate information. This object is relevant only for Custom Domains with Auth0-Managed Certificates. additionalProperties: false properties: status: $ref: '#/components/schemas/DomainCertificateStatusEnum' error_msg: type: string description: A user-friendly error message will be presented if the certificate status is provisioning_failed or renewing_failed. certificate_authority: $ref: '#/components/schemas/DomainCertificateAuthorityEnum' renews_before: type: string description: The certificate will be renewed prior to this date. DomainCertificateAuthorityEnum: type: string description: The Certificate Authority issued the certificate. enum: - letsencrypt - googletrust DomainCertificateStatusEnum: type: string description: The provisioning status of the certificate. enum: - provisioning - provisioning_failed - provisioned - renewing_failed DomainMetadata: type: object description: Domain metadata associated with the custom domain, in the form of an object with string values (max 255 chars). Maximum of 10 domain metadata properties allowed. additionalProperties: type: - string - 'null' maxLength: 255 maxProperties: 10 DomainVerification: type: object description: Domain verification settings. additionalProperties: false properties: methods: type: array description: Domain verification methods. minItems: 1 items: $ref: '#/components/schemas/DomainVerificationMethod' status: $ref: '#/components/schemas/DomainVerificationStatusEnum' error_msg: type: string description: The user0-friendly error message in case of failed verification. This field is relevant only for Custom Domains with Auth0-Managed Certificates. last_verified_at: type: string description: The date and time when the custom domain was last verified. This field is relevant only for Custom Domains with Auth0-Managed Certificates. DomainVerificationMethod: type: object additionalProperties: false required: - name - record properties: name: $ref: '#/components/schemas/DomainVerificationMethodNameEnum' record: type: string description: Value used to verify the domain. default: auth0-domain-verification=... domain: type: string description: The name of the txt record for verification default: _cf-custom-hostname.login.mycompany.com DomainVerificationMethodNameEnum: type: string description: Domain verification method. default: txt enum: - cname - txt DomainVerificationStatusEnum: type: string description: The DNS record verification status. This field is relevant only for Custom Domains with Auth0-Managed Certificates. enum: - verified - pending - failed EmailAttribute: type: object description: Configuration for the email attribute for users. additionalProperties: false properties: identifier: $ref: '#/components/schemas/ConnectionAttributeIdentifier' unique: type: boolean description: Determines if the attribute is unique in a given connection profile_required: type: boolean description: Determines if property should be required for users verification_method: $ref: '#/components/schemas/VerificationMethodEnum' signup: $ref: '#/components/schemas/SignupVerified' EmailMailgunRegionEnum: description: Set to eu if your domain is provisioned to use Mailgun's EU region. Otherwise, set to null. enum: - eu - null EmailProviderCredentials: type: object description: Credentials required to use the provider. additionalProperties: false properties: api_user: type: string description: API User. region: type: string description: AWS or SparkPost region. smtp_host: type: string description: SMTP host. smtp_port: type: integer description: SMTP port. smtp_user: type: string description: SMTP username. EmailProviderCredentialsSchema: type: object description: Credentials required to use the provider. anyOf: - type: object additionalProperties: false required: - api_key properties: api_key: type: string description: API Key minLength: 1 - type: object additionalProperties: false minProperties: 1 properties: accessKeyId: type: string description: AWS Access Key ID. minLength: 1 secretAccessKey: type: string description: AWS Secret Access Key. minLength: 1 region: type: string description: AWS region. minLength: 1 - type: object additionalProperties: false minProperties: 1 properties: smtp_host: $ref: '#/components/schemas/EmailSMTPHost' smtp_port: type: integer description: SMTP port. smtp_user: type: string description: SMTP username. minLength: 1 smtp_pass: type: string description: SMTP password. minLength: 1 - type: object additionalProperties: false minProperties: 1 properties: api_key: type: string description: API Key minLength: 1 region: $ref: '#/components/schemas/EmailSparkPostRegionEnum' - type: object additionalProperties: false minProperties: 1 properties: api_key: type: string description: API Key minLength: 1 domain: type: string description: Domain minLength: 4 region: $ref: '#/components/schemas/EmailMailgunRegionEnum' - type: object additionalProperties: false minProperties: 1 properties: connectionString: type: string description: Azure Communication Services Connection String. minLength: 1 - type: object additionalProperties: false minProperties: 1 properties: tenantId: type: string description: Microsoft 365 Tenant ID. minLength: 1 clientId: type: string description: Microsoft 365 Client ID. minLength: 1 clientSecret: type: string description: Microsoft 365 Client Secret. minLength: 1 - $ref: '#/components/schemas/ExtensibilityEmailProviderCredentials' EmailProviderNameEnum: type: string description: Name of the email provider. Can be `mailgun`, `mandrill`, `sendgrid`, `resend`, `ses`, `sparkpost`, `smtp`, `azure_cs`, `ms365`, or `custom`. enum: - mailgun - mandrill - sendgrid - resend - ses - sparkpost - smtp - azure_cs - ms365 - custom EmailProviderSettings: type: object description: Specific provider setting additionalProperties: true EmailSMTPHost: type: string description: SMTP host. anyOf: - type: string format: hostname-rfc2181 - type: string format: ipv4 - type: string format: ipv6 EmailSparkPostRegionEnum: description: Set to eu to use SparkPost service hosted in Western Europe. To use SparkPost hosted in North America, set it to null. enum: - eu - null EmailSpecificProviderSettingsWithAdditionalProperties: type: - object - 'null' description: Specific provider setting additionalProperties: true EmailTemplateNameEnum: type: string description: Template name. Can be `verify_email`, `verify_email_by_code`, `reset_email`, `reset_email_by_code`, `welcome_email`, `blocked_account`, `stolen_credentials`, `enrollment_email`, `mfa_oob_code`, `user_invitation`, `async_approval`, `change_password` (legacy), or `password_reset` (legacy). default: verify_email enum: - verify_email - verify_email_by_code - reset_email - reset_email_by_code - welcome_email - blocked_account - stolen_credentials - enrollment_email - mfa_oob_code - user_invitation - change_password - password_reset - async_approval EnabledFeaturesEnum: type: string description: Enum for enabled features. enum: - scim - universal_logout EncryptionKey: type: object description: Encryption key additionalProperties: false required: - kid - type - state - created_at - updated_at properties: kid: type: string description: Key ID type: $ref: '#/components/schemas/EncryptionKeyType' state: $ref: '#/components/schemas/EncryptionKeyState' created_at: type: string description: Key creation timestamp format: date-time updated_at: type: string description: Key update timestamp format: date-time parent_kid: type: - string - 'null' description: ID of parent wrapping key public_key: type: - string - 'null' description: Public key in PEM format EncryptionKeyPublicWrappingAlgorithm: type: string description: Encryption algorithm that shall be used to wrap your key material enum: - CKM_RSA_AES_KEY_WRAP EncryptionKeyState: type: string description: Key state enum: - pre-activation - active - deactivated - destroyed EncryptionKeyType: type: string description: Key type enum: - customer-provided-root-key - environment-root-key - tenant-master-key - tenant-encryption-key EventStreamActionConfiguration: type: object description: Configuration specific to an action destination. additionalProperties: false required: - action_id properties: action_id: type: string description: Action ID for the action destination. EventStreamActionDestination: type: object additionalProperties: false required: - type - configuration properties: type: $ref: '#/components/schemas/EventStreamActionDestinationTypeEnum' configuration: $ref: '#/components/schemas/EventStreamActionConfiguration' EventStreamActionDestinationTypeEnum: type: string enum: - action EventStreamActionResponseContent: type: object additionalProperties: false properties: id: type: string description: Unique identifier for the event stream. minLength: 26 maxLength: 26 format: event-stream-id name: type: string description: Name of the event stream. minLength: 1 maxLength: 128 subscriptions: type: array description: List of event types subscribed to in this stream. minItems: 1 items: $ref: '#/components/schemas/EventStreamSubscription' destination: $ref: '#/components/schemas/EventStreamActionDestination' status: $ref: '#/components/schemas/EventStreamStatusEnum' created_at: type: string description: Timestamp when the event stream was created. format: date-time updated_at: type: string description: Timestamp when the event stream was last updated. format: date-time EventStreamCloudEvent: type: object description: Event content. This will only be set if delivery failed. additionalProperties: false properties: id: type: string description: Unique identifier for the event minLength: 26 maxLength: 26 format: event-id source: type: string description: Where the event originated specversion: type: string description: Version of CloudEvents spec type: type: string description: Type of the event (e.g., user.created) time: type: string description: Timestamp at which the event was generated format: date-time data: type: string description: Event contents encoded as a string. EventStreamCloudEventA0PurposeEnum: type: string description: 'The purpose of this event. This field will typically appear only in special cases such as sending a test event. For normal events, this field will be omitted.' enum: - test EventStreamCloudEventContext: type: object description: 'Information about the context in which the event was produced. This may include things like HTTP request details, client information, connection information, etc. Note: This field may not be present on all events, depending on the event type and the context in which it was generated.' additionalProperties: false required: - tenant properties: client: $ref: '#/components/schemas/EventStreamCloudEventContextClient' connection: $ref: '#/components/schemas/EventStreamCloudEventContextConnection' request: $ref: '#/components/schemas/EventStreamCloudEventContextRequest' tenant: $ref: '#/components/schemas/EventStreamCloudEventContextTenant' EventStreamCloudEventContextClient: type: object description: The OAuth Client requesting or presenting an access token. additionalProperties: false required: - id - name - metadata properties: id: type: string description: The client identifier. name: type: string description: The client name. metadata: $ref: '#/components/schemas/EventStreamCloudEventContextClientMetadata' EventStreamCloudEventContextClientMetadata: type: object description: Client metadata. additionalProperties: true properties: {} EventStreamCloudEventContextConnection: type: object description: The Auth0 Connection used for the authentication transaction that generated the event. additionalProperties: false required: - id - name - strategy properties: id: type: string description: The ID of the connection. pattern: con_[a-zA-Z0-9]{16} name: type: string description: The name of the connection. pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$ strategy: type: string description: The auth strategy implemented by the connection. EventStreamCloudEventContextRequest: type: object description: An HTTP request. additionalProperties: false required: - geo - hostname - ip - method - user_agent properties: geo: $ref: '#/components/schemas/EventStreamCloudEventContextRequestGeo' hostname: type: string description: The hostname the request is for. custom_domain: type: string description: The custom domain used in the request (if any). ip: type: string description: The originating IP address of the request. method: type: string description: The HTTP method used for the request. user_agent: type: string description: The value of the `User-Agent` header. EventStreamCloudEventContextRequestGeo: type: object description: Geographic information about the request origin. additionalProperties: false properties: continent_code: type: string description: Continent code. country_code: type: string description: Country code. country_name: type: string description: Country name. latitude: type: number description: Latitude coordinate. longitude: type: number description: Longitude coordinate. subdivision_code: type: string description: Subdivision (state/province) code. subdivision_name: type: string description: Subdivision (state/province) name. city_name: type: string description: City name. time_zone: type: string description: Time zone. EventStreamCloudEventContextTenant: type: object description: Reference to a tenant in event context additionalProperties: false required: - tenant_id properties: tenant_id: type: string description: Machine-generated unique tenant identifier. pattern: ten_[a-zA-Z0-9]{16} EventStreamCloudEventErrorCodeEnum: type: string description: Machine-readable error code. enum: - invalid_cursor - cursor_expired - timeout - payload_too_large - processing_error - connection_timeout EventStreamCloudEventErrorDetail: type: object description: Error details. additionalProperties: false required: - code - message properties: code: $ref: '#/components/schemas/EventStreamCloudEventErrorCodeEnum' message: type: string description: Human-readable error message. offset: type: string description: The cursor at the time of the error (when available). Can be used to resume from this position. EventStreamCloudEventErrorMessage: type: object description: An error message delivered via the SSE stream. The stream closes after this message. additionalProperties: false required: - type - error properties: type: $ref: '#/components/schemas/EventStreamCloudEventErrorMessageTypeEnum' error: $ref: '#/components/schemas/EventStreamCloudEventErrorDetail' EventStreamCloudEventErrorMessageTypeEnum: type: string description: Identifies this as an error message (injected from the SSE event field). enum: - error EventStreamCloudEventGroupCreated: type: object description: SSE message for group.created. additionalProperties: false required: - type - offset - event properties: type: $ref: '#/components/schemas/EventStreamCloudEventGroupCreatedTypeEnum' offset: type: string description: Opaque cursor representing position in the stream. Pass as the `from` query parameter to resume. event: $ref: '#/components/schemas/EventStreamCloudEventGroupCreatedCloudEvent' EventStreamCloudEventGroupCreatedCloudEvent: type: object description: Represents an event that occurs when a group is created. additionalProperties: false required: - specversion - type - source - id - time - data - a0tenant - a0stream properties: specversion: type: string description: The version of the CloudEvents specification which the event uses. type: $ref: '#/components/schemas/EventStreamCloudEventGroupCreatedCloudEventTypeEnum' source: type: string description: The source of the event. This will take the form 'urn:auth0:.'. id: type: string description: A unique identifier for the event. pattern: evt_[a-zA-Z0-9]{16} time: type: string description: An ISO-8601 timestamp indicating when the event physically occurred. format: date-time data: $ref: '#/components/schemas/EventStreamCloudEventGroupCreatedData' a0tenant: type: string description: The auth0 tenant ID to which the event is associated. minLength: 3 maxLength: 63 pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]' a0stream: type: string description: The auth0 event stream ID of the stream the event was delivered on. pattern: est_[a-zA-Z0-9]{16} a0purpose: $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum' EventStreamCloudEventGroupCreatedCloudEventTypeEnum: type: string description: The type of the event which has happened. enum: - group.created EventStreamCloudEventGroupCreatedData: type: object description: The event payload. additionalProperties: false required: - object properties: object: $ref: '#/components/schemas/EventStreamCloudEventGroupCreatedObject' context: $ref: '#/components/schemas/EventStreamCloudEventContext' EventStreamCloudEventGroupCreatedObject: description: The event content. oneOf: - $ref: '#/components/schemas/EventStreamCloudEventGroupCreatedObject0' - $ref: '#/components/schemas/EventStreamCloudEventGroupCreatedObject1' - $ref: '#/components/schemas/EventStreamCloudEventGroupCreatedObject2' EventStreamCloudEventGroupCreatedObject0: type: object description: Represents a connection group entity. additionalProperties: false required: - id - name - created_at - type - connection_id properties: id: type: string description: The unique identifier for the group. pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22} name: type: string description: The name of the group. external_id: type: string description: The external identifier for the group. created_at: type: string description: Date and time when this entity was created (ISO_8601 format). format: date-time type: $ref: '#/components/schemas/EventStreamCloudEventGroupCreatedObject0TypeEnum' connection_id: type: string description: The connection ID associated with the group. pattern: con_[a-zA-Z0-9]{16} EventStreamCloudEventGroupCreatedObject0TypeEnum: type: string description: The type of the group. enum: - connection EventStreamCloudEventGroupCreatedObject1: type: object description: Represents an organization group entity. additionalProperties: false required: - id - name - created_at - type - organization_id properties: id: type: string description: The unique identifier for the group. pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22} name: type: string description: The name of the group. external_id: type: string description: The external identifier for the group. created_at: type: string description: Date and time when this entity was created (ISO_8601 format). format: date-time type: $ref: '#/components/schemas/EventStreamCloudEventGroupCreatedObject1TypeEnum' organization_id: type: string description: The organization ID associated with the group. pattern: org_[a-zA-Z0-9]{16} EventStreamCloudEventGroupCreatedObject1TypeEnum: type: string description: The type of the group. enum: - organization EventStreamCloudEventGroupCreatedObject2: type: object description: Represents a tenant group entity. additionalProperties: false required: - id - name - created_at - type properties: id: type: string description: The unique identifier for the group. pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22} name: type: string description: The name of the group. external_id: type: string description: The external identifier for the group. created_at: type: string description: Date and time when this entity was created (ISO_8601 format). format: date-time type: $ref: '#/components/schemas/EventStreamCloudEventGroupCreatedObject2TypeEnum' EventStreamCloudEventGroupCreatedObject2TypeEnum: type: string description: The type of the group. enum: - tenant EventStreamCloudEventGroupCreatedTypeEnum: type: string description: The event type (injected from the SSE event field). enum: - group.created EventStreamCloudEventGroupDeleted: type: object description: SSE message for group.deleted. additionalProperties: false required: - type - offset - event properties: type: $ref: '#/components/schemas/EventStreamCloudEventGroupDeletedTypeEnum' offset: type: string description: Opaque cursor representing position in the stream. Pass as the `from` query parameter to resume. event: $ref: '#/components/schemas/EventStreamCloudEventGroupDeletedCloudEvent' EventStreamCloudEventGroupDeletedCloudEvent: type: object description: Represents an event that occurs when a group is deleted. additionalProperties: false required: - specversion - type - source - id - time - data - a0tenant - a0stream properties: specversion: type: string description: The version of the CloudEvents specification which the event uses. type: $ref: '#/components/schemas/EventStreamCloudEventGroupDeletedCloudEventTypeEnum' source: type: string description: The source of the event. This will take the form 'urn:auth0:.'. id: type: string description: A unique identifier for the event. pattern: evt_[a-zA-Z0-9]{16} time: type: string description: An ISO-8601 timestamp indicating when the event physically occurred. format: date-time data: $ref: '#/components/schemas/EventStreamCloudEventGroupDeletedData' a0tenant: type: string description: The auth0 tenant ID to which the event is associated. minLength: 3 maxLength: 63 pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]' a0stream: type: string description: The auth0 event stream ID of the stream the event was delivered on. pattern: est_[a-zA-Z0-9]{16} a0purpose: $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum' EventStreamCloudEventGroupDeletedCloudEventTypeEnum: type: string description: The type of the event which has happened. enum: - group.deleted EventStreamCloudEventGroupDeletedData: type: object description: The event payload. additionalProperties: false required: - object properties: object: $ref: '#/components/schemas/EventStreamCloudEventGroupDeletedObject' context: $ref: '#/components/schemas/EventStreamCloudEventContext' EventStreamCloudEventGroupDeletedObject: description: The event content. oneOf: - $ref: '#/components/schemas/EventStreamCloudEventGroupDeletedObject0' - $ref: '#/components/schemas/EventStreamCloudEventGroupDeletedObject1' - $ref: '#/components/schemas/EventStreamCloudEventGroupDeletedObject2' EventStreamCloudEventGroupDeletedObject0: type: object description: Connection group with updated_at timestamp additionalProperties: false required: - id - name - created_at - type - connection_id - updated_at properties: id: type: string description: The unique identifier for the group. pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22} name: type: string description: The name of the group. external_id: type: string description: The external identifier for the group. created_at: type: string description: Date and time when this entity was created (ISO_8601 format). format: date-time type: $ref: '#/components/schemas/EventStreamCloudEventGroupDeletedObject0TypeEnum' connection_id: type: string description: The connection ID associated with the group. pattern: con_[a-zA-Z0-9]{16} updated_at: type: string description: Date and time when this entity was last updated/modified (ISO_8601 format). format: date-time EventStreamCloudEventGroupDeletedObject0TypeEnum: type: string description: The type of the group. enum: - connection EventStreamCloudEventGroupDeletedObject1: type: object description: Organization group with updated_at timestamp additionalProperties: false required: - id - name - created_at - type - organization_id - updated_at properties: id: type: string description: The unique identifier for the group. pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22} name: type: string description: The name of the group. external_id: type: string description: The external identifier for the group. created_at: type: string description: Date and time when this entity was created (ISO_8601 format). format: date-time type: $ref: '#/components/schemas/EventStreamCloudEventGroupDeletedObject1TypeEnum' organization_id: type: string description: The organization ID associated with the group. pattern: org_[a-zA-Z0-9]{16} updated_at: type: string description: Date and time when this entity was last updated/modified (ISO_8601 format). format: date-time EventStreamCloudEventGroupDeletedObject1TypeEnum: type: string description: The type of the group. enum: - organization EventStreamCloudEventGroupDeletedObject2: type: object description: Tenant group with updated_at timestamp additionalProperties: false required: - id - name - created_at - type - updated_at properties: id: type: string description: The unique identifier for the group. pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22} name: type: string description: The name of the group. external_id: type: string description: The external identifier for the group. created_at: type: string description: Date and time when this entity was created (ISO_8601 format). format: date-time type: $ref: '#/components/schemas/EventStreamCloudEventGroupDeletedObject2TypeEnum' updated_at: type: string description: Date and time when this entity was last updated/modified (ISO_8601 format). format: date-time EventStreamCloudEventGroupDeletedObject2TypeEnum: type: string description: The type of the group. enum: - tenant EventStreamCloudEventGroupDeletedTypeEnum: type: string description: The event type (injected from the SSE event field). enum: - group.deleted EventStreamCloudEventGroupMemberAdded: type: object description: SSE message for group.member.added. additionalProperties: false required: - type - offset - event properties: type: $ref: '#/components/schemas/EventStreamCloudEventGroupMemberAddedTypeEnum' offset: type: string description: Opaque cursor representing position in the stream. Pass as the `from` query parameter to resume. event: $ref: '#/components/schemas/EventStreamCloudEventGroupMemberAddedCloudEvent' EventStreamCloudEventGroupMemberAddedCloudEvent: type: object description: Represents an event that occurs when a member is added to a group. additionalProperties: false required: - specversion - type - source - id - time - data - a0tenant - a0stream properties: specversion: type: string description: The version of the CloudEvents specification which the event uses. type: $ref: '#/components/schemas/EventStreamCloudEventGroupMemberAddedCloudEventTypeEnum' source: type: string description: The source of the event. This will take the form 'urn:auth0:.'. id: type: string description: A unique identifier for the event. pattern: evt_[a-zA-Z0-9]{16} time: type: string description: An ISO-8601 timestamp indicating when the event physically occurred. format: date-time data: $ref: '#/components/schemas/EventStreamCloudEventGroupMemberAddedData' a0tenant: type: string description: The auth0 tenant ID to which the event is associated. minLength: 3 maxLength: 63 pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]' a0stream: type: string description: The auth0 event stream ID of the stream the event was delivered on. pattern: est_[a-zA-Z0-9]{16} a0purpose: $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum' EventStreamCloudEventGroupMemberAddedCloudEventTypeEnum: type: string description: The type of the event which has happened. enum: - group.member.added EventStreamCloudEventGroupMemberAddedData: type: object description: The event payload. additionalProperties: false required: - object properties: object: $ref: '#/components/schemas/EventStreamCloudEventGroupMemberAddedObject' context: $ref: '#/components/schemas/EventStreamCloudEventContext' EventStreamCloudEventGroupMemberAddedObject: type: object description: The event content. additionalProperties: false required: - group - member properties: group: $ref: '#/components/schemas/EventStreamCloudEventGroupMemberAddedObjectGroup' member: $ref: '#/components/schemas/EventStreamCloudEventGroupMemberAddedObjectMember' EventStreamCloudEventGroupMemberAddedObjectGroup: description: The group the member belongs to. oneOf: - $ref: '#/components/schemas/EventStreamCloudEventGroupMemberAddedObjectGroup0' - $ref: '#/components/schemas/EventStreamCloudEventGroupMemberAddedObjectGroup1' - $ref: '#/components/schemas/EventStreamCloudEventGroupMemberAddedObjectGroup2' EventStreamCloudEventGroupMemberAddedObjectGroup0: type: object description: Reference to a connection group additionalProperties: false required: - id - type - connection_id properties: id: type: string description: The unique identifier for the group. pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22} external_id: type: string description: The external identifier for the group. type: $ref: '#/components/schemas/EventStreamCloudEventGroupMemberAddedObjectGroup0TypeEnum' connection_id: type: string description: The connection ID associated with the group. pattern: con_[a-zA-Z0-9]{16} EventStreamCloudEventGroupMemberAddedObjectGroup0TypeEnum: type: string description: The type of the group. enum: - connection EventStreamCloudEventGroupMemberAddedObjectGroup1: type: object description: Reference to an organization group additionalProperties: false required: - id - type - organization_id properties: id: type: string description: The unique identifier for the group. pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22} external_id: type: string description: The external identifier for the group. type: $ref: '#/components/schemas/EventStreamCloudEventGroupMemberAddedObjectGroup1TypeEnum' organization_id: type: string description: The organization ID associated with the group. pattern: org_[a-zA-Z0-9]{16} EventStreamCloudEventGroupMemberAddedObjectGroup1TypeEnum: type: string description: The type of the group. enum: - organization EventStreamCloudEventGroupMemberAddedObjectGroup2: type: object description: Reference to a tenant group additionalProperties: false required: - id - type properties: id: type: string description: The unique identifier for the group. pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22} external_id: type: string description: The external identifier for the group. type: $ref: '#/components/schemas/EventStreamCloudEventGroupMemberAddedObjectGroup2TypeEnum' EventStreamCloudEventGroupMemberAddedObjectGroup2TypeEnum: type: string description: The type of the group. enum: - tenant EventStreamCloudEventGroupMemberAddedObjectMember: description: The member that is a part of the group. oneOf: - $ref: '#/components/schemas/EventStreamCloudEventGroupMemberAddedObjectMember0' - $ref: '#/components/schemas/EventStreamCloudEventGroupMemberAddedObjectMember1' EventStreamCloudEventGroupMemberAddedObjectMember0: type: object description: A group member of member_type user additionalProperties: false required: - member_type - id properties: member_type: $ref: '#/components/schemas/EventStreamCloudEventGroupMemberAddedObjectMember0MemberTypeEnum' id: type: string description: The user's unique identifier EventStreamCloudEventGroupMemberAddedObjectMember0MemberTypeEnum: type: string description: Type discriminator for user members enum: - user EventStreamCloudEventGroupMemberAddedObjectMember1: type: object description: A group member of member_type group additionalProperties: false required: - member_type - id - type - connection_id properties: member_type: $ref: '#/components/schemas/EventStreamCloudEventGroupMemberAddedObjectMember1MemberTypeEnum' id: type: string description: The connection member's unique identifier type: type: string description: The type of the connection connection_id: type: string description: Connection ID associated with the member pattern: con_[a-zA-Z0-9]{16} EventStreamCloudEventGroupMemberAddedObjectMember1MemberTypeEnum: type: string description: Type discriminator for connection members enum: - connection EventStreamCloudEventGroupMemberAddedTypeEnum: type: string description: The event type (injected from the SSE event field). enum: - group.member.added EventStreamCloudEventGroupMemberDeleted: type: object description: SSE message for group.member.deleted. additionalProperties: false required: - type - offset - event properties: type: $ref: '#/components/schemas/EventStreamCloudEventGroupMemberDeletedTypeEnum' offset: type: string description: Opaque cursor representing position in the stream. Pass as the `from` query parameter to resume. event: $ref: '#/components/schemas/EventStreamCloudEventGroupMemberDeletedCloudEvent' EventStreamCloudEventGroupMemberDeletedCloudEvent: type: object description: Represents an event that occurs when a member is removed from a group. additionalProperties: false required: - specversion - type - source - id - time - data - a0tenant - a0stream properties: specversion: type: string description: The version of the CloudEvents specification which the event uses. type: $ref: '#/components/schemas/EventStreamCloudEventGroupMemberDeletedCloudEventTypeEnum' source: type: string description: The source of the event. This will take the form 'urn:auth0:.'. id: type: string description: A unique identifier for the event. pattern: evt_[a-zA-Z0-9]{16} time: type: string description: An ISO-8601 timestamp indicating when the event physically occurred. format: date-time data: $ref: '#/components/schemas/EventStreamCloudEventGroupMemberDeletedData' a0tenant: type: string description: The auth0 tenant ID to which the event is associated. minLength: 3 maxLength: 63 pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]' a0stream: type: string description: The auth0 event stream ID of the stream the event was delivered on. pattern: est_[a-zA-Z0-9]{16} a0purpose: $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum' EventStreamCloudEventGroupMemberDeletedCloudEventTypeEnum: type: string description: The type of the event which has happened. enum: - group.member.deleted EventStreamCloudEventGroupMemberDeletedData: type: object description: The event payload. additionalProperties: false required: - object properties: object: $ref: '#/components/schemas/EventStreamCloudEventGroupMemberDeletedObject' context: $ref: '#/components/schemas/EventStreamCloudEventContext' EventStreamCloudEventGroupMemberDeletedObject: type: object description: The event content. additionalProperties: false required: - group - member properties: group: $ref: '#/components/schemas/EventStreamCloudEventGroupMemberDeletedObjectGroup' member: $ref: '#/components/schemas/EventStreamCloudEventGroupMemberDeletedObjectMember' EventStreamCloudEventGroupMemberDeletedObjectGroup: description: The group the member belongs to. oneOf: - $ref: '#/components/schemas/EventStreamCloudEventGroupMemberDeletedObjectGroup0' - $ref: '#/components/schemas/EventStreamCloudEventGroupMemberDeletedObjectGroup1' - $ref: '#/components/schemas/EventStreamCloudEventGroupMemberDeletedObjectGroup2' EventStreamCloudEventGroupMemberDeletedObjectGroup0: type: object description: Reference to a connection group additionalProperties: false required: - id - type - connection_id properties: id: type: string description: The unique identifier for the group. pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22} external_id: type: string description: The external identifier for the group. type: $ref: '#/components/schemas/EventStreamCloudEventGroupMemberDeletedObjectGroup0TypeEnum' connection_id: type: string description: The connection ID associated with the group. pattern: con_[a-zA-Z0-9]{16} EventStreamCloudEventGroupMemberDeletedObjectGroup0TypeEnum: type: string description: The type of the group. enum: - connection EventStreamCloudEventGroupMemberDeletedObjectGroup1: type: object description: Reference to an organization group additionalProperties: false required: - id - type - organization_id properties: id: type: string description: The unique identifier for the group. pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22} external_id: type: string description: The external identifier for the group. type: $ref: '#/components/schemas/EventStreamCloudEventGroupMemberDeletedObjectGroup1TypeEnum' organization_id: type: string description: The organization ID associated with the group. pattern: org_[a-zA-Z0-9]{16} EventStreamCloudEventGroupMemberDeletedObjectGroup1TypeEnum: type: string description: The type of the group. enum: - organization EventStreamCloudEventGroupMemberDeletedObjectGroup2: type: object description: Reference to a tenant group additionalProperties: false required: - id - type properties: id: type: string description: The unique identifier for the group. pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22} external_id: type: string description: The external identifier for the group. type: $ref: '#/components/schemas/EventStreamCloudEventGroupMemberDeletedObjectGroup2TypeEnum' EventStreamCloudEventGroupMemberDeletedObjectGroup2TypeEnum: type: string description: The type of the group. enum: - tenant EventStreamCloudEventGroupMemberDeletedObjectMember: description: The member that is a part of the group. oneOf: - $ref: '#/components/schemas/EventStreamCloudEventGroupMemberDeletedObjectMember0' - $ref: '#/components/schemas/EventStreamCloudEventGroupMemberDeletedObjectMember1' EventStreamCloudEventGroupMemberDeletedObjectMember0: type: object description: A group member of member_type user additionalProperties: false required: - member_type - id properties: member_type: $ref: '#/components/schemas/EventStreamCloudEventGroupMemberDeletedObjectMember0MemberTypeEnum' id: type: string description: The user's unique identifier EventStreamCloudEventGroupMemberDeletedObjectMember0MemberTypeEnum: type: string description: Type discriminator for user members enum: - user EventStreamCloudEventGroupMemberDeletedObjectMember1: type: object description: A group member of member_type group additionalProperties: false required: - member_type - id - type - connection_id properties: member_type: $ref: '#/components/schemas/EventStreamCloudEventGroupMemberDeletedObjectMember1MemberTypeEnum' id: type: string description: The connection member's unique identifier type: type: string description: The type of the connection connection_id: type: string description: Connection ID associated with the member pattern: con_[a-zA-Z0-9]{16} EventStreamCloudEventGroupMemberDeletedObjectMember1MemberTypeEnum: type: string description: Type discriminator for connection members enum: - connection EventStreamCloudEventGroupMemberDeletedTypeEnum: type: string description: The event type (injected from the SSE event field). enum: - group.member.deleted EventStreamCloudEventGroupRoleAssigned: type: object description: SSE message for group.role.assigned. additionalProperties: false required: - type - offset - event properties: type: $ref: '#/components/schemas/EventStreamCloudEventGroupRoleAssignedTypeEnum' offset: type: string description: Opaque cursor representing position in the stream. Pass as the `from` query parameter to resume. event: $ref: '#/components/schemas/EventStreamCloudEventGroupRoleAssignedCloudEvent' EventStreamCloudEventGroupRoleAssignedCloudEvent: type: object description: Represents an event that occurs when a role is assigned to a group. additionalProperties: false required: - specversion - type - source - id - time - data - a0tenant - a0stream properties: specversion: type: string description: The version of the CloudEvents specification which the event uses. type: $ref: '#/components/schemas/EventStreamCloudEventGroupRoleAssignedCloudEventTypeEnum' source: type: string description: The source of the event. This will take the form 'urn:auth0:.'. id: type: string description: A unique identifier for the event. pattern: evt_[a-zA-Z0-9]{16} time: type: string description: An ISO-8601 timestamp indicating when the event physically occurred. format: date-time data: $ref: '#/components/schemas/EventStreamCloudEventGroupRoleAssignedData' a0tenant: type: string description: The auth0 tenant ID to which the event is associated. minLength: 3 maxLength: 63 pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]' a0stream: type: string description: The auth0 event stream ID of the stream the event was delivered on. pattern: est_[a-zA-Z0-9]{16} a0purpose: $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum' EventStreamCloudEventGroupRoleAssignedCloudEventTypeEnum: type: string description: The type of the event which has happened. enum: - group.role.assigned EventStreamCloudEventGroupRoleAssignedData: type: object description: The event payload. additionalProperties: false required: - object properties: object: $ref: '#/components/schemas/EventStreamCloudEventGroupRoleAssignedObject' context: $ref: '#/components/schemas/EventStreamCloudEventContext' EventStreamCloudEventGroupRoleAssignedObject: type: object description: The event content. additionalProperties: false required: - group - role - created_at properties: group: $ref: '#/components/schemas/EventStreamCloudEventGroupRoleAssignedObjectGroup' role: $ref: '#/components/schemas/EventStreamCloudEventGroupRoleAssignedObjectRole' created_at: type: string description: The time at which the role was assigned to the group. format: date-time EventStreamCloudEventGroupRoleAssignedObjectGroup: description: The group the role is assigned to. oneOf: - $ref: '#/components/schemas/EventStreamCloudEventGroupRoleAssignedObjectGroup0' - $ref: '#/components/schemas/EventStreamCloudEventGroupRoleAssignedObjectGroup1' - $ref: '#/components/schemas/EventStreamCloudEventGroupRoleAssignedObjectGroup2' EventStreamCloudEventGroupRoleAssignedObjectGroup0: type: object description: Reference to a connection group additionalProperties: false required: - id - type - connection_id properties: id: type: string description: The unique identifier for the group. pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22} external_id: type: string description: The external identifier for the group. type: $ref: '#/components/schemas/EventStreamCloudEventGroupRoleAssignedObjectGroup0TypeEnum' connection_id: type: string description: The connection ID associated with the group. pattern: con_[a-zA-Z0-9]{16} EventStreamCloudEventGroupRoleAssignedObjectGroup0TypeEnum: type: string description: The type of the group. enum: - connection EventStreamCloudEventGroupRoleAssignedObjectGroup1: type: object description: Reference to an organization group additionalProperties: false required: - id - type - organization_id properties: id: type: string description: The unique identifier for the group. pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22} external_id: type: string description: The external identifier for the group. type: $ref: '#/components/schemas/EventStreamCloudEventGroupRoleAssignedObjectGroup1TypeEnum' organization_id: type: string description: The organization ID associated with the group. pattern: org_[a-zA-Z0-9]{16} EventStreamCloudEventGroupRoleAssignedObjectGroup1TypeEnum: type: string description: The type of the group. enum: - organization EventStreamCloudEventGroupRoleAssignedObjectGroup2: type: object description: Reference to a tenant group additionalProperties: false required: - id - type properties: id: type: string description: The unique identifier for the group. pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22} external_id: type: string description: The external identifier for the group. type: $ref: '#/components/schemas/EventStreamCloudEventGroupRoleAssignedObjectGroup2TypeEnum' EventStreamCloudEventGroupRoleAssignedObjectGroup2TypeEnum: type: string description: The type of the group. enum: - tenant EventStreamCloudEventGroupRoleAssignedObjectRole: type: object description: The role assigned to the group. additionalProperties: false required: - id - name properties: id: type: string description: The ID of the role. pattern: rol_[a-zA-Z0-9]{16} name: type: string description: The name of the role. EventStreamCloudEventGroupRoleAssignedTypeEnum: type: string description: The event type (injected from the SSE event field). enum: - group.role.assigned EventStreamCloudEventGroupRoleDeleted: type: object description: SSE message for group.role.deleted. additionalProperties: false required: - type - offset - event properties: type: $ref: '#/components/schemas/EventStreamCloudEventGroupRoleDeletedTypeEnum' offset: type: string description: Opaque cursor representing position in the stream. Pass as the `from` query parameter to resume. event: $ref: '#/components/schemas/EventStreamCloudEventGroupRoleDeletedCloudEvent' EventStreamCloudEventGroupRoleDeletedCloudEvent: type: object description: Represents an event that occurs when a role is removed from a group. additionalProperties: false required: - specversion - type - source - id - time - data - a0tenant - a0stream properties: specversion: type: string description: The version of the CloudEvents specification which the event uses. type: $ref: '#/components/schemas/EventStreamCloudEventGroupRoleDeletedCloudEventTypeEnum' source: type: string description: The source of the event. This will take the form 'urn:auth0:.'. id: type: string description: A unique identifier for the event. pattern: evt_[a-zA-Z0-9]{16} time: type: string description: An ISO-8601 timestamp indicating when the event physically occurred. format: date-time data: $ref: '#/components/schemas/EventStreamCloudEventGroupRoleDeletedData' a0tenant: type: string description: The auth0 tenant ID to which the event is associated. minLength: 3 maxLength: 63 pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]' a0stream: type: string description: The auth0 event stream ID of the stream the event was delivered on. pattern: est_[a-zA-Z0-9]{16} a0purpose: $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum' EventStreamCloudEventGroupRoleDeletedCloudEventTypeEnum: type: string description: The type of the event which has happened. enum: - group.role.deleted EventStreamCloudEventGroupRoleDeletedData: type: object description: The event payload. additionalProperties: false required: - object properties: object: $ref: '#/components/schemas/EventStreamCloudEventGroupRoleDeletedObject' context: $ref: '#/components/schemas/EventStreamCloudEventContext' EventStreamCloudEventGroupRoleDeletedObject: type: object description: The event content. additionalProperties: false required: - group - role - deleted_at properties: group: $ref: '#/components/schemas/EventStreamCloudEventGroupRoleDeletedObjectGroup' role: $ref: '#/components/schemas/EventStreamCloudEventGroupRoleDeletedObjectRole' deleted_at: type: string description: The time at which the role was removed from the group. format: date-time EventStreamCloudEventGroupRoleDeletedObjectGroup: description: The group the role is removed from. oneOf: - $ref: '#/components/schemas/EventStreamCloudEventGroupRoleDeletedObjectGroup0' - $ref: '#/components/schemas/EventStreamCloudEventGroupRoleDeletedObjectGroup1' - $ref: '#/components/schemas/EventStreamCloudEventGroupRoleDeletedObjectGroup2' EventStreamCloudEventGroupRoleDeletedObjectGroup0: type: object description: Reference to a connection group additionalProperties: false required: - id - type - connection_id properties: id: type: string description: The unique identifier for the group. pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22} external_id: type: string description: The external identifier for the group. type: $ref: '#/components/schemas/EventStreamCloudEventGroupRoleDeletedObjectGroup0TypeEnum' connection_id: type: string description: The connection ID associated with the group. pattern: con_[a-zA-Z0-9]{16} EventStreamCloudEventGroupRoleDeletedObjectGroup0TypeEnum: type: string description: The type of the group. enum: - connection EventStreamCloudEventGroupRoleDeletedObjectGroup1: type: object description: Reference to an organization group additionalProperties: false required: - id - type - organization_id properties: id: type: string description: The unique identifier for the group. pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22} external_id: type: string description: The external identifier for the group. type: $ref: '#/components/schemas/EventStreamCloudEventGroupRoleDeletedObjectGroup1TypeEnum' organization_id: type: string description: The organization ID associated with the group. pattern: org_[a-zA-Z0-9]{16} EventStreamCloudEventGroupRoleDeletedObjectGroup1TypeEnum: type: string description: The type of the group. enum: - organization EventStreamCloudEventGroupRoleDeletedObjectGroup2: type: object description: Reference to a tenant group additionalProperties: false required: - id - type properties: id: type: string description: The unique identifier for the group. pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22} external_id: type: string description: The external identifier for the group. type: $ref: '#/components/schemas/EventStreamCloudEventGroupRoleDeletedObjectGroup2TypeEnum' EventStreamCloudEventGroupRoleDeletedObjectGroup2TypeEnum: type: string description: The type of the group. enum: - tenant EventStreamCloudEventGroupRoleDeletedObjectRole: type: object description: The role removed from the group. additionalProperties: false required: - id properties: id: type: string description: The ID of the role. pattern: rol_[a-zA-Z0-9]{16} EventStreamCloudEventGroupRoleDeletedTypeEnum: type: string description: The event type (injected from the SSE event field). enum: - group.role.deleted EventStreamCloudEventGroupUpdated: type: object description: SSE message for group.updated. additionalProperties: false required: - type - offset - event properties: type: $ref: '#/components/schemas/EventStreamCloudEventGroupUpdatedTypeEnum' offset: type: string description: Opaque cursor representing position in the stream. Pass as the `from` query parameter to resume. event: $ref: '#/components/schemas/EventStreamCloudEventGroupUpdatedCloudEvent' EventStreamCloudEventGroupUpdatedCloudEvent: type: object description: Represents an event that occurs when a group is updated. additionalProperties: false required: - specversion - type - source - id - time - data - a0tenant - a0stream properties: specversion: type: string description: The version of the CloudEvents specification which the event uses. type: $ref: '#/components/schemas/EventStreamCloudEventGroupUpdatedCloudEventTypeEnum' source: type: string description: The source of the event. This will take the form 'urn:auth0:.'. id: type: string description: A unique identifier for the event. pattern: evt_[a-zA-Z0-9]{16} time: type: string description: An ISO-8601 timestamp indicating when the event physically occurred. format: date-time data: $ref: '#/components/schemas/EventStreamCloudEventGroupUpdatedData' a0tenant: type: string description: The auth0 tenant ID to which the event is associated. minLength: 3 maxLength: 63 pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]' a0stream: type: string description: The auth0 event stream ID of the stream the event was delivered on. pattern: est_[a-zA-Z0-9]{16} a0purpose: $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum' EventStreamCloudEventGroupUpdatedCloudEventTypeEnum: type: string description: The type of the event which has happened. enum: - group.updated EventStreamCloudEventGroupUpdatedData: type: object description: The event payload. additionalProperties: false required: - object properties: object: $ref: '#/components/schemas/EventStreamCloudEventGroupUpdatedObject' context: $ref: '#/components/schemas/EventStreamCloudEventContext' EventStreamCloudEventGroupUpdatedObject: description: The event content. oneOf: - $ref: '#/components/schemas/EventStreamCloudEventGroupUpdatedObject0' - $ref: '#/components/schemas/EventStreamCloudEventGroupUpdatedObject1' - $ref: '#/components/schemas/EventStreamCloudEventGroupUpdatedObject2' EventStreamCloudEventGroupUpdatedObject0: type: object description: Connection group with updated_at timestamp additionalProperties: false required: - id - name - created_at - type - connection_id - updated_at properties: id: type: string description: The unique identifier for the group. pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22} name: type: string description: The name of the group. external_id: type: string description: The external identifier for the group. created_at: type: string description: Date and time when this entity was created (ISO_8601 format). format: date-time type: $ref: '#/components/schemas/EventStreamCloudEventGroupUpdatedObject0TypeEnum' connection_id: type: string description: The connection ID associated with the group. pattern: con_[a-zA-Z0-9]{16} updated_at: type: string description: Date and time when this entity was last updated/modified (ISO_8601 format). format: date-time EventStreamCloudEventGroupUpdatedObject0TypeEnum: type: string description: The type of the group. enum: - connection EventStreamCloudEventGroupUpdatedObject1: type: object description: Organization group with updated_at timestamp additionalProperties: false required: - id - name - created_at - type - organization_id - updated_at properties: id: type: string description: The unique identifier for the group. pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22} name: type: string description: The name of the group. external_id: type: string description: The external identifier for the group. created_at: type: string description: Date and time when this entity was created (ISO_8601 format). format: date-time type: $ref: '#/components/schemas/EventStreamCloudEventGroupUpdatedObject1TypeEnum' organization_id: type: string description: The organization ID associated with the group. pattern: org_[a-zA-Z0-9]{16} updated_at: type: string description: Date and time when this entity was last updated/modified (ISO_8601 format). format: date-time EventStreamCloudEventGroupUpdatedObject1TypeEnum: type: string description: The type of the group. enum: - organization EventStreamCloudEventGroupUpdatedObject2: type: object description: Tenant group with updated_at timestamp additionalProperties: false required: - id - name - created_at - type - updated_at properties: id: type: string description: The unique identifier for the group. pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22} name: type: string description: The name of the group. external_id: type: string description: The external identifier for the group. created_at: type: string description: Date and time when this entity was created (ISO_8601 format). format: date-time type: $ref: '#/components/schemas/EventStreamCloudEventGroupUpdatedObject2TypeEnum' updated_at: type: string description: Date and time when this entity was last updated/modified (ISO_8601 format). format: date-time EventStreamCloudEventGroupUpdatedObject2TypeEnum: type: string description: The type of the group. enum: - tenant EventStreamCloudEventGroupUpdatedTypeEnum: type: string description: The event type (injected from the SSE event field). enum: - group.updated EventStreamCloudEventOffsetOnlyMessage: type: object description: An offset-only heartbeat message. Advances the cursor without delivering an event. additionalProperties: false required: - type - offset properties: type: $ref: '#/components/schemas/EventStreamCloudEventOffsetOnlyMessageTypeEnum' offset: type: string description: Opaque cursor representing the latest position in the stream. Pass as the `from` query parameter to resume. EventStreamCloudEventOffsetOnlyMessageTypeEnum: type: string description: Identifies this as an offset-only heartbeat message (injected from the SSE event field). enum: - offset-only EventStreamCloudEventOrgConnectionAdded: type: object description: SSE message for organization.connection.added. additionalProperties: false required: - type - offset - event properties: type: $ref: '#/components/schemas/EventStreamCloudEventOrgConnectionAddedTypeEnum' offset: type: string description: Opaque cursor representing position in the stream. Pass as the `from` query parameter to resume. event: $ref: '#/components/schemas/EventStreamCloudEventOrgConnectionAddedCloudEvent' EventStreamCloudEventOrgConnectionAddedCloudEvent: type: object description: Represents an event that occurs when a connection is added to an organization. additionalProperties: false required: - specversion - type - source - id - time - data - a0tenant - a0stream properties: specversion: type: string description: The version of the CloudEvents specification which the event uses. type: $ref: '#/components/schemas/EventStreamCloudEventOrgConnectionAddedCloudEventTypeEnum' source: type: string description: The source of the event. This will take the form 'urn:auth0:.'. id: type: string description: A unique identifier for the event. pattern: evt_[a-zA-Z0-9]{16} time: type: string description: An ISO-8601 timestamp indicating when the event physically occurred. format: date-time data: $ref: '#/components/schemas/EventStreamCloudEventOrgConnectionAddedData' a0tenant: type: string description: The auth0 tenant ID to which the event is associated. minLength: 3 maxLength: 63 pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]' a0stream: type: string description: The auth0 event stream ID of the stream the event was delivered on. pattern: est_[a-zA-Z0-9]{16} a0purpose: $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum' EventStreamCloudEventOrgConnectionAddedCloudEventTypeEnum: type: string description: The type of the event which has happened. enum: - organization.connection.added EventStreamCloudEventOrgConnectionAddedData: type: object description: The event payload. additionalProperties: false required: - object properties: object: $ref: '#/components/schemas/EventStreamCloudEventOrgConnectionAddedObject' context: $ref: '#/components/schemas/EventStreamCloudEventContext' EventStreamCloudEventOrgConnectionAddedObject: type: object description: The event content. additionalProperties: false required: - organization - connection properties: organization: $ref: '#/components/schemas/EventStreamCloudEventOrgConnectionAddedObjectOrganization' connection: $ref: '#/components/schemas/EventStreamCloudEventOrgConnectionAddedObjectConnection' assign_membership_on_login: type: boolean description: 'When true, all users that log in with this connection will be automatically granted membership in the organization. When false, users must be granted membership in the organization before logging in with this connection.' show_as_button: type: boolean description: 'Determines whether a connection should be displayed on this organization’s login prompt. Only applicable for enterprise connections.' is_signup_enabled: type: boolean description: 'Determines whether organization signup should be enabled for this organization connection. Only applicable for database connections.' EventStreamCloudEventOrgConnectionAddedObjectConnection: type: object additionalProperties: false required: - id properties: id: type: string description: The ID of the connection. pattern: con_[a-zA-Z0-9]{16} EventStreamCloudEventOrgConnectionAddedObjectOrganization: type: object description: Information about an Auth0 Organization. additionalProperties: false required: - id properties: name: type: string description: The human-readable identifier for the organization that will be used by end-users to direct them to their organization in your application.. pattern: ^(?:(?!org_))[a-z0-9]([a-z0-9-_]*[a-z0-9])?$ id: type: string description: ID of the organization. pattern: org_[a-zA-Z0-9]{16} EventStreamCloudEventOrgConnectionAddedTypeEnum: type: string description: The event type (injected from the SSE event field). enum: - organization.connection.added EventStreamCloudEventOrgConnectionRemoved: type: object description: SSE message for organization.connection.removed. additionalProperties: false required: - type - offset - event properties: type: $ref: '#/components/schemas/EventStreamCloudEventOrgConnectionRemovedTypeEnum' offset: type: string description: Opaque cursor representing position in the stream. Pass as the `from` query parameter to resume. event: $ref: '#/components/schemas/EventStreamCloudEventOrgConnectionRemovedCloudEvent' EventStreamCloudEventOrgConnectionRemovedCloudEvent: type: object description: Represents an event that occurs when a connection is removed from an organization. additionalProperties: false required: - specversion - type - source - id - time - data - a0tenant - a0stream properties: specversion: type: string description: The version of the CloudEvents specification which the event uses. type: $ref: '#/components/schemas/EventStreamCloudEventOrgConnectionRemovedCloudEventTypeEnum' source: type: string description: The source of the event. This will take the form 'urn:auth0:.'. id: type: string description: A unique identifier for the event. pattern: evt_[a-zA-Z0-9]{16} time: type: string description: An ISO-8601 timestamp indicating when the event physically occurred. format: date-time data: $ref: '#/components/schemas/EventStreamCloudEventOrgConnectionRemovedData' a0tenant: type: string description: The auth0 tenant ID to which the event is associated. minLength: 3 maxLength: 63 pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]' a0stream: type: string description: The auth0 event stream ID of the stream the event was delivered on. pattern: est_[a-zA-Z0-9]{16} a0purpose: $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum' EventStreamCloudEventOrgConnectionRemovedCloudEventTypeEnum: type: string description: The type of the event which has happened. enum: - organization.connection.removed EventStreamCloudEventOrgConnectionRemovedData: type: object description: The event payload. additionalProperties: false required: - object properties: object: $ref: '#/components/schemas/EventStreamCloudEventOrgConnectionRemovedObject' context: $ref: '#/components/schemas/EventStreamCloudEventContext' EventStreamCloudEventOrgConnectionRemovedObject: type: object description: The event content. additionalProperties: false required: - organization - connection properties: organization: $ref: '#/components/schemas/EventStreamCloudEventOrgConnectionRemovedObjectOrganization' connection: $ref: '#/components/schemas/EventStreamCloudEventOrgConnectionRemovedObjectConnection' EventStreamCloudEventOrgConnectionRemovedObjectConnection: type: object additionalProperties: false required: - id properties: id: type: string description: The ID of the connection. pattern: con_[a-zA-Z0-9]{16} EventStreamCloudEventOrgConnectionRemovedObjectOrganization: type: object description: Information about an Auth0 Organization. additionalProperties: false required: - id properties: name: type: string description: The human-readable identifier for the organization that will be used by end-users to direct them to their organization in your application.. pattern: ^(?:(?!org_))[a-z0-9]([a-z0-9-_]*[a-z0-9])?$ id: type: string description: ID of the organization. pattern: org_[a-zA-Z0-9]{16} EventStreamCloudEventOrgConnectionRemovedTypeEnum: type: string description: The event type (injected from the SSE event field). enum: - organization.connection.removed EventStreamCloudEventOrgConnectionUpdated: type: object description: SSE message for organization.connection.updated. additionalProperties: false required: - type - offset - event properties: type: $ref: '#/components/schemas/EventStreamCloudEventOrgConnectionUpdatedTypeEnum' offset: type: string description: Opaque cursor representing position in the stream. Pass as the `from` query parameter to resume. event: $ref: '#/components/schemas/EventStreamCloudEventOrgConnectionUpdatedCloudEvent' EventStreamCloudEventOrgConnectionUpdatedCloudEvent: type: object description: Represents an event that occurs when a organization connection is updated. additionalProperties: false required: - specversion - type - source - id - time - data - a0tenant - a0stream properties: specversion: type: string description: The version of the CloudEvents specification which the event uses. type: $ref: '#/components/schemas/EventStreamCloudEventOrgConnectionUpdatedCloudEventTypeEnum' source: type: string description: The source of the event. This will take the form 'urn:auth0:.'. id: type: string description: A unique identifier for the event. pattern: evt_[a-zA-Z0-9]{16} time: type: string description: An ISO-8601 timestamp indicating when the event physically occurred. format: date-time data: $ref: '#/components/schemas/EventStreamCloudEventOrgConnectionUpdatedData' a0tenant: type: string description: The auth0 tenant ID to which the event is associated. minLength: 3 maxLength: 63 pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]' a0stream: type: string description: The auth0 event stream ID of the stream the event was delivered on. pattern: est_[a-zA-Z0-9]{16} a0purpose: $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum' EventStreamCloudEventOrgConnectionUpdatedCloudEventTypeEnum: type: string description: The type of the event which has happened. enum: - organization.connection.updated EventStreamCloudEventOrgConnectionUpdatedData: type: object description: The event payload. additionalProperties: false required: - object properties: object: $ref: '#/components/schemas/EventStreamCloudEventOrgConnectionUpdatedObject' context: $ref: '#/components/schemas/EventStreamCloudEventContext' EventStreamCloudEventOrgConnectionUpdatedObject: type: object description: The event content. additionalProperties: false required: - organization - connection properties: organization: $ref: '#/components/schemas/EventStreamCloudEventOrgConnectionUpdatedObjectOrganization' connection: $ref: '#/components/schemas/EventStreamCloudEventOrgConnectionUpdatedObjectConnection' assign_membership_on_login: type: boolean description: 'When true, all users that log in with this connection will be automatically granted membership in the organization. When false, users must be granted membership in the organization before logging in with this connection.' show_as_button: type: boolean description: 'Determines whether a connection should be displayed on this organization’s login prompt. Only applicable for enterprise connections.' is_signup_enabled: type: boolean description: 'Determines whether organization signup should be enabled for this organization connection. Only applicable for database connections.' EventStreamCloudEventOrgConnectionUpdatedObjectConnection: type: object additionalProperties: false required: - id properties: id: type: string description: The ID of the connection. pattern: con_[a-zA-Z0-9]{16} EventStreamCloudEventOrgConnectionUpdatedObjectOrganization: type: object description: Information about an Auth0 Organization. additionalProperties: false required: - id properties: name: type: string description: The human-readable identifier for the organization that will be used by end-users to direct them to their organization in your application.. pattern: ^(?:(?!org_))[a-z0-9]([a-z0-9-_]*[a-z0-9])?$ id: type: string description: ID of the organization. pattern: org_[a-zA-Z0-9]{16} EventStreamCloudEventOrgConnectionUpdatedTypeEnum: type: string description: The event type (injected from the SSE event field). enum: - organization.connection.updated EventStreamCloudEventOrgCreated: type: object description: SSE message for organization.created. additionalProperties: false required: - type - offset - event properties: type: $ref: '#/components/schemas/EventStreamCloudEventOrgCreatedTypeEnum' offset: type: string description: Opaque cursor representing position in the stream. Pass as the `from` query parameter to resume. event: $ref: '#/components/schemas/EventStreamCloudEventOrgCreatedCloudEvent' EventStreamCloudEventOrgCreatedCloudEvent: type: object description: Represents an event that occurs when an organization is created. additionalProperties: false required: - specversion - type - source - id - time - data - a0tenant - a0stream properties: specversion: type: string description: The version of the CloudEvents specification which the event uses. type: $ref: '#/components/schemas/EventStreamCloudEventOrgCreatedCloudEventTypeEnum' source: type: string description: The source of the event. This will take the form 'urn:auth0:.'. id: type: string description: A unique identifier for the event. pattern: evt_[a-zA-Z0-9]{16} time: type: string description: An ISO-8601 timestamp indicating when the event physically occurred. format: date-time data: $ref: '#/components/schemas/EventStreamCloudEventOrgCreatedData' a0tenant: type: string description: The auth0 tenant ID to which the event is associated. minLength: 3 maxLength: 63 pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]' a0stream: type: string description: The auth0 event stream ID of the stream the event was delivered on. pattern: est_[a-zA-Z0-9]{16} a0purpose: $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum' EventStreamCloudEventOrgCreatedCloudEventTypeEnum: type: string description: The type of the event which has happened. enum: - organization.created EventStreamCloudEventOrgCreatedData: type: object description: The event payload. additionalProperties: false required: - object properties: object: $ref: '#/components/schemas/EventStreamCloudEventOrgCreatedObject' context: $ref: '#/components/schemas/EventStreamCloudEventContext' EventStreamCloudEventOrgCreatedObject: type: object description: The event content. additionalProperties: false required: - id properties: name: type: string description: The human-readable identifier for the organization that will be used by end-users to direct them to their organization in your application.. pattern: ^(?:(?!org_))[a-z0-9]([a-z0-9-_]*[a-z0-9])?$ id: type: string description: ID of the organization. pattern: org_[a-zA-Z0-9]{16} display_name: type: string description: If set, the name that will be displayed to end-users for this organization in any interaction with them. metadata: $ref: '#/components/schemas/EventStreamCloudEventOrgCreatedObjectMetadata' branding: $ref: '#/components/schemas/EventStreamCloudEventOrgCreatedObjectBranding' EventStreamCloudEventOrgCreatedObjectBranding: type: object description: The branding associated with the organization. additionalProperties: false properties: logo_url: type: string description: URL of logo to display on login page. format: uri colors: $ref: '#/components/schemas/EventStreamCloudEventOrgCreatedObjectBrandingColors' EventStreamCloudEventOrgCreatedObjectBrandingColors: type: object description: Color scheme used to customize the login pages. additionalProperties: false properties: primary: type: string description: HEX Color for primary elements. page_background: type: string description: HEX Color for background. EventStreamCloudEventOrgCreatedObjectMetadata: type: object description: The metadata associated with the organization. additionalProperties: true properties: {} EventStreamCloudEventOrgCreatedTypeEnum: type: string description: The event type (injected from the SSE event field). enum: - organization.created EventStreamCloudEventOrgDeleted: type: object description: SSE message for organization.deleted. additionalProperties: false required: - type - offset - event properties: type: $ref: '#/components/schemas/EventStreamCloudEventOrgDeletedTypeEnum' offset: type: string description: Opaque cursor representing position in the stream. Pass as the `from` query parameter to resume. event: $ref: '#/components/schemas/EventStreamCloudEventOrgDeletedCloudEvent' EventStreamCloudEventOrgDeletedCloudEvent: type: object description: Represents an event that occurs when an organization is deleted. additionalProperties: false required: - specversion - type - source - id - time - data - a0tenant - a0stream properties: specversion: type: string description: The version of the CloudEvents specification which the event uses. type: $ref: '#/components/schemas/EventStreamCloudEventOrgDeletedCloudEventTypeEnum' source: type: string description: The source of the event. This will take the form 'urn:auth0:.'. id: type: string description: A unique identifier for the event. pattern: evt_[a-zA-Z0-9]{16} time: type: string description: An ISO-8601 timestamp indicating when the event physically occurred. format: date-time data: $ref: '#/components/schemas/EventStreamCloudEventOrgDeletedData' a0tenant: type: string description: The auth0 tenant ID to which the event is associated. minLength: 3 maxLength: 63 pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]' a0stream: type: string description: The auth0 event stream ID of the stream the event was delivered on. pattern: est_[a-zA-Z0-9]{16} a0purpose: $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum' EventStreamCloudEventOrgDeletedCloudEventTypeEnum: type: string description: The type of the event which has happened. enum: - organization.deleted EventStreamCloudEventOrgDeletedData: type: object description: The event payload. additionalProperties: false required: - object properties: object: $ref: '#/components/schemas/EventStreamCloudEventOrgDeletedObject' context: $ref: '#/components/schemas/EventStreamCloudEventContext' EventStreamCloudEventOrgDeletedObject: type: object description: The event content. additionalProperties: false required: - id properties: name: type: string description: The human-readable identifier for the organization that will be used by end-users to direct them to their organization in your application.. pattern: ^(?:(?!org_))[a-z0-9]([a-z0-9-_]*[a-z0-9])?$ id: type: string description: ID of the organization. pattern: org_[a-zA-Z0-9]{16} display_name: type: string description: If set, the name that will be displayed to end-users for this organization in any interaction with them. metadata: $ref: '#/components/schemas/EventStreamCloudEventOrgDeletedObjectMetadata' EventStreamCloudEventOrgDeletedObjectMetadata: type: object description: The metadata associated with the organization. additionalProperties: true properties: {} EventStreamCloudEventOrgDeletedTypeEnum: type: string description: The event type (injected from the SSE event field). enum: - organization.deleted EventStreamCloudEventOrgGroupRoleAssigned: type: object description: SSE message for organization.group.role.assigned. additionalProperties: false required: - type - offset - event properties: type: $ref: '#/components/schemas/EventStreamCloudEventOrgGroupRoleAssignedTypeEnum' offset: type: string description: Opaque cursor representing position in the stream. Pass as the `from` query parameter to resume. event: $ref: '#/components/schemas/EventStreamCloudEventOrgGroupRoleAssignedCloudEvent' EventStreamCloudEventOrgGroupRoleAssignedCloudEvent: type: object description: Represents an event that occurs when a role is assigned to an organization group. additionalProperties: false required: - specversion - type - source - id - time - data - a0tenant - a0stream properties: specversion: type: string description: The version of the CloudEvents specification which the event uses. type: $ref: '#/components/schemas/EventStreamCloudEventOrgGroupRoleAssignedCloudEventTypeEnum' source: type: string description: The source of the event. This will take the form 'urn:auth0:.'. id: type: string description: A unique identifier for the event. pattern: evt_[a-zA-Z0-9]{16} time: type: string description: An ISO-8601 timestamp indicating when the event physically occurred. format: date-time data: $ref: '#/components/schemas/EventStreamCloudEventOrgGroupRoleAssignedData' a0tenant: type: string description: The auth0 tenant ID to which the event is associated. minLength: 3 maxLength: 63 pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]' a0stream: type: string description: The auth0 event stream ID of the stream the event was delivered on. pattern: est_[a-zA-Z0-9]{16} a0purpose: $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum' EventStreamCloudEventOrgGroupRoleAssignedCloudEventTypeEnum: type: string description: The type of the event which has happened. enum: - organization.group.role.assigned EventStreamCloudEventOrgGroupRoleAssignedData: type: object description: The event payload. additionalProperties: false required: - object properties: object: $ref: '#/components/schemas/EventStreamCloudEventOrgGroupRoleAssignedObject' context: $ref: '#/components/schemas/EventStreamCloudEventContext' EventStreamCloudEventOrgGroupRoleAssignedObject: type: object description: The event content. additionalProperties: false required: - organization - role - group - created_at properties: organization: $ref: '#/components/schemas/EventStreamCloudEventOrgGroupRoleAssignedObjectOrganization' role: $ref: '#/components/schemas/EventStreamCloudEventOrgGroupRoleAssignedObjectRole' group: $ref: '#/components/schemas/EventStreamCloudEventOrgGroupRoleAssignedObjectGroup' created_at: type: string description: The time at which the role was assigned to the group in the organization. format: date-time EventStreamCloudEventOrgGroupRoleAssignedObjectGroup: description: The group the role is assigned to. oneOf: - $ref: '#/components/schemas/EventStreamCloudEventOrgGroupRoleAssignedObjectGroup0' - $ref: '#/components/schemas/EventStreamCloudEventOrgGroupRoleAssignedObjectGroup1' - $ref: '#/components/schemas/EventStreamCloudEventOrgGroupRoleAssignedObjectGroup2' EventStreamCloudEventOrgGroupRoleAssignedObjectGroup0: type: object description: Reference to a connection group additionalProperties: false required: - id - type - connection_id properties: id: type: string description: The unique identifier for the group. pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22} external_id: type: string description: The external identifier for the group. type: $ref: '#/components/schemas/EventStreamCloudEventOrgGroupRoleAssignedObjectGroup0TypeEnum' connection_id: type: string description: The connection ID associated with the group. pattern: con_[a-zA-Z0-9]{16} EventStreamCloudEventOrgGroupRoleAssignedObjectGroup0TypeEnum: type: string description: The type of the group. enum: - connection EventStreamCloudEventOrgGroupRoleAssignedObjectGroup1: type: object description: Reference to an organization group additionalProperties: false required: - id - type - organization_id properties: id: type: string description: The unique identifier for the group. pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22} external_id: type: string description: The external identifier for the group. type: $ref: '#/components/schemas/EventStreamCloudEventOrgGroupRoleAssignedObjectGroup1TypeEnum' organization_id: type: string description: The organization ID associated with the group. pattern: org_[a-zA-Z0-9]{16} EventStreamCloudEventOrgGroupRoleAssignedObjectGroup1TypeEnum: type: string description: The type of the group. enum: - organization EventStreamCloudEventOrgGroupRoleAssignedObjectGroup2: type: object description: Reference to a tenant group additionalProperties: false required: - id - type properties: id: type: string description: The unique identifier for the group. pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22} external_id: type: string description: The external identifier for the group. type: $ref: '#/components/schemas/EventStreamCloudEventOrgGroupRoleAssignedObjectGroup2TypeEnum' EventStreamCloudEventOrgGroupRoleAssignedObjectGroup2TypeEnum: type: string description: The type of the group. enum: - tenant EventStreamCloudEventOrgGroupRoleAssignedObjectOrganization: type: object description: The organization the group role is assigned in. additionalProperties: false required: - id properties: id: type: string description: ID of the organization. pattern: org_[a-zA-Z0-9]{16} EventStreamCloudEventOrgGroupRoleAssignedObjectRole: type: object description: The role assigned to the group in the organization. additionalProperties: false required: - id - name properties: id: type: string description: The ID of the role. pattern: rol_[a-zA-Z0-9]{16} name: type: string description: The name of the role. EventStreamCloudEventOrgGroupRoleAssignedTypeEnum: type: string description: The event type (injected from the SSE event field). enum: - organization.group.role.assigned EventStreamCloudEventOrgGroupRoleDeleted: type: object description: SSE message for organization.group.role.deleted. additionalProperties: false required: - type - offset - event properties: type: $ref: '#/components/schemas/EventStreamCloudEventOrgGroupRoleDeletedTypeEnum' offset: type: string description: Opaque cursor representing position in the stream. Pass as the `from` query parameter to resume. event: $ref: '#/components/schemas/EventStreamCloudEventOrgGroupRoleDeletedCloudEvent' EventStreamCloudEventOrgGroupRoleDeletedCloudEvent: type: object description: Represents an event that occurs when a role is removed from an organization group. additionalProperties: false required: - specversion - type - source - id - time - data - a0tenant - a0stream properties: specversion: type: string description: The version of the CloudEvents specification which the event uses. type: $ref: '#/components/schemas/EventStreamCloudEventOrgGroupRoleDeletedCloudEventTypeEnum' source: type: string description: The source of the event. This will take the form 'urn:auth0:.'. id: type: string description: A unique identifier for the event. pattern: evt_[a-zA-Z0-9]{16} time: type: string description: An ISO-8601 timestamp indicating when the event physically occurred. format: date-time data: $ref: '#/components/schemas/EventStreamCloudEventOrgGroupRoleDeletedData' a0tenant: type: string description: The auth0 tenant ID to which the event is associated. minLength: 3 maxLength: 63 pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]' a0stream: type: string description: The auth0 event stream ID of the stream the event was delivered on. pattern: est_[a-zA-Z0-9]{16} a0purpose: $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum' EventStreamCloudEventOrgGroupRoleDeletedCloudEventTypeEnum: type: string description: The type of the event which has happened. enum: - organization.group.role.deleted EventStreamCloudEventOrgGroupRoleDeletedData: type: object description: The event payload. additionalProperties: false required: - object properties: object: $ref: '#/components/schemas/EventStreamCloudEventOrgGroupRoleDeletedObject' context: $ref: '#/components/schemas/EventStreamCloudEventContext' EventStreamCloudEventOrgGroupRoleDeletedObject: type: object description: The event content. additionalProperties: false required: - organization - role - group - deleted_at properties: organization: $ref: '#/components/schemas/EventStreamCloudEventOrgGroupRoleDeletedObjectOrganization' role: $ref: '#/components/schemas/EventStreamCloudEventOrgGroupRoleDeletedObjectRole' group: $ref: '#/components/schemas/EventStreamCloudEventOrgGroupRoleDeletedObjectGroup' deleted_at: type: string description: The time at which the role was removed from the group in the organization. format: date-time EventStreamCloudEventOrgGroupRoleDeletedObjectGroup: description: The group the role is removed from. oneOf: - $ref: '#/components/schemas/EventStreamCloudEventOrgGroupRoleDeletedObjectGroup0' - $ref: '#/components/schemas/EventStreamCloudEventOrgGroupRoleDeletedObjectGroup1' - $ref: '#/components/schemas/EventStreamCloudEventOrgGroupRoleDeletedObjectGroup2' EventStreamCloudEventOrgGroupRoleDeletedObjectGroup0: type: object description: Reference to a connection group additionalProperties: false required: - id - type - connection_id properties: id: type: string description: The unique identifier for the group. pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22} external_id: type: string description: The external identifier for the group. type: $ref: '#/components/schemas/EventStreamCloudEventOrgGroupRoleDeletedObjectGroup0TypeEnum' connection_id: type: string description: The connection ID associated with the group. pattern: con_[a-zA-Z0-9]{16} EventStreamCloudEventOrgGroupRoleDeletedObjectGroup0TypeEnum: type: string description: The type of the group. enum: - connection EventStreamCloudEventOrgGroupRoleDeletedObjectGroup1: type: object description: Reference to an organization group additionalProperties: false required: - id - type - organization_id properties: id: type: string description: The unique identifier for the group. pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22} external_id: type: string description: The external identifier for the group. type: $ref: '#/components/schemas/EventStreamCloudEventOrgGroupRoleDeletedObjectGroup1TypeEnum' organization_id: type: string description: The organization ID associated with the group. pattern: org_[a-zA-Z0-9]{16} EventStreamCloudEventOrgGroupRoleDeletedObjectGroup1TypeEnum: type: string description: The type of the group. enum: - organization EventStreamCloudEventOrgGroupRoleDeletedObjectGroup2: type: object description: Reference to a tenant group additionalProperties: false required: - id - type properties: id: type: string description: The unique identifier for the group. pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22} external_id: type: string description: The external identifier for the group. type: $ref: '#/components/schemas/EventStreamCloudEventOrgGroupRoleDeletedObjectGroup2TypeEnum' EventStreamCloudEventOrgGroupRoleDeletedObjectGroup2TypeEnum: type: string description: The type of the group. enum: - tenant EventStreamCloudEventOrgGroupRoleDeletedObjectOrganization: type: object description: The organization the group role is removed from. additionalProperties: false required: - id properties: id: type: string description: ID of the organization. pattern: org_[a-zA-Z0-9]{16} EventStreamCloudEventOrgGroupRoleDeletedObjectRole: type: object description: The role removed from the group. additionalProperties: false required: - id properties: id: type: string description: The ID of the role. pattern: rol_[a-zA-Z0-9]{16} EventStreamCloudEventOrgGroupRoleDeletedTypeEnum: type: string description: The event type (injected from the SSE event field). enum: - organization.group.role.deleted EventStreamCloudEventOrgMemberAdded: type: object description: SSE message for organization.member.added. additionalProperties: false required: - type - offset - event properties: type: $ref: '#/components/schemas/EventStreamCloudEventOrgMemberAddedTypeEnum' offset: type: string description: Opaque cursor representing position in the stream. Pass as the `from` query parameter to resume. event: $ref: '#/components/schemas/EventStreamCloudEventOrgMemberAddedCloudEvent' EventStreamCloudEventOrgMemberAddedCloudEvent: type: object description: Represents an event that occurs when a member is added to an organization. additionalProperties: false required: - specversion - type - source - id - time - data - a0tenant - a0stream properties: specversion: type: string description: The version of the CloudEvents specification which the event uses. type: $ref: '#/components/schemas/EventStreamCloudEventOrgMemberAddedCloudEventTypeEnum' source: type: string description: The source of the event. This will take the form 'urn:auth0:.'. id: type: string description: A unique identifier for the event. pattern: evt_[a-zA-Z0-9]{16} time: type: string description: An ISO-8601 timestamp indicating when the event physically occurred. format: date-time data: $ref: '#/components/schemas/EventStreamCloudEventOrgMemberAddedData' a0tenant: type: string description: The auth0 tenant ID to which the event is associated. minLength: 3 maxLength: 63 pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]' a0stream: type: string description: The auth0 event stream ID of the stream the event was delivered on. pattern: est_[a-zA-Z0-9]{16} a0purpose: $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum' EventStreamCloudEventOrgMemberAddedCloudEventTypeEnum: type: string description: The type of the event which has happened. enum: - organization.member.added EventStreamCloudEventOrgMemberAddedData: type: object description: The event payload. additionalProperties: false required: - object properties: object: $ref: '#/components/schemas/EventStreamCloudEventOrgMemberAddedObject' context: $ref: '#/components/schemas/EventStreamCloudEventContext' EventStreamCloudEventOrgMemberAddedObject: type: object description: The event content. additionalProperties: false required: - organization - user properties: organization: $ref: '#/components/schemas/EventStreamCloudEventOrgMemberAddedObjectOrganization' user: $ref: '#/components/schemas/EventStreamCloudEventOrgMemberAddedObjectUser' EventStreamCloudEventOrgMemberAddedObjectOrganization: type: object description: The organization the member belongs to. additionalProperties: false required: - id properties: name: type: string description: The human-readable identifier for the organization that will be used by end-users to direct them to their organization in your application.. pattern: ^(?:(?!org_))[a-z0-9]([a-z0-9-_]*[a-z0-9])?$ id: type: string description: ID of the organization. pattern: org_[a-zA-Z0-9]{16} EventStreamCloudEventOrgMemberAddedObjectUser: type: object description: The user that is a member of the organization. additionalProperties: true required: - user_id properties: user_id: type: string description: ID of the user which can be used when interacting with other APIs. EventStreamCloudEventOrgMemberAddedTypeEnum: type: string description: The event type (injected from the SSE event field). enum: - organization.member.added EventStreamCloudEventOrgMemberDeleted: type: object description: SSE message for organization.member.deleted. additionalProperties: false required: - type - offset - event properties: type: $ref: '#/components/schemas/EventStreamCloudEventOrgMemberDeletedTypeEnum' offset: type: string description: Opaque cursor representing position in the stream. Pass as the `from` query parameter to resume. event: $ref: '#/components/schemas/EventStreamCloudEventOrgMemberDeletedCloudEvent' EventStreamCloudEventOrgMemberDeletedCloudEvent: type: object description: Represents an event that occurs when a member is removed from an organization. additionalProperties: false required: - specversion - type - source - id - time - data - a0tenant - a0stream properties: specversion: type: string description: The version of the CloudEvents specification which the event uses. type: $ref: '#/components/schemas/EventStreamCloudEventOrgMemberDeletedCloudEventTypeEnum' source: type: string description: The source of the event. This will take the form 'urn:auth0:.'. id: type: string description: A unique identifier for the event. pattern: evt_[a-zA-Z0-9]{16} time: type: string description: An ISO-8601 timestamp indicating when the event physically occurred. format: date-time data: $ref: '#/components/schemas/EventStreamCloudEventOrgMemberDeletedData' a0tenant: type: string description: The auth0 tenant ID to which the event is associated. minLength: 3 maxLength: 63 pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]' a0stream: type: string description: The auth0 event stream ID of the stream the event was delivered on. pattern: est_[a-zA-Z0-9]{16} a0purpose: $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum' EventStreamCloudEventOrgMemberDeletedCloudEventTypeEnum: type: string description: The type of the event which has happened. enum: - organization.member.deleted EventStreamCloudEventOrgMemberDeletedData: type: object description: The event payload. additionalProperties: false required: - object properties: object: $ref: '#/components/schemas/EventStreamCloudEventOrgMemberDeletedObject' context: $ref: '#/components/schemas/EventStreamCloudEventContext' EventStreamCloudEventOrgMemberDeletedObject: type: object description: The event content. additionalProperties: false required: - organization - user properties: organization: $ref: '#/components/schemas/EventStreamCloudEventOrgMemberDeletedObjectOrganization' user: $ref: '#/components/schemas/EventStreamCloudEventOrgMemberDeletedObjectUser' EventStreamCloudEventOrgMemberDeletedObjectOrganization: type: object description: The organization the member belongs to. additionalProperties: false required: - id properties: name: type: string description: The human-readable identifier for the organization that will be used by end-users to direct them to their organization in your application.. pattern: ^(?:(?!org_))[a-z0-9]([a-z0-9-_]*[a-z0-9])?$ id: type: string description: ID of the organization. pattern: org_[a-zA-Z0-9]{16} EventStreamCloudEventOrgMemberDeletedObjectUser: type: object description: The user that is a member of the organization. additionalProperties: true required: - user_id properties: user_id: type: string description: ID of the user which can be used when interacting with other APIs. EventStreamCloudEventOrgMemberDeletedTypeEnum: type: string description: The event type (injected from the SSE event field). enum: - organization.member.deleted EventStreamCloudEventOrgMemberRoleAssigned: type: object description: SSE message for organization.member.role.assigned. additionalProperties: false required: - type - offset - event properties: type: $ref: '#/components/schemas/EventStreamCloudEventOrgMemberRoleAssignedTypeEnum' offset: type: string description: Opaque cursor representing position in the stream. Pass as the `from` query parameter to resume. event: $ref: '#/components/schemas/EventStreamCloudEventOrgMemberRoleAssignedCloudEvent' EventStreamCloudEventOrgMemberRoleAssignedCloudEvent: type: object description: Represents an event that occurs when a member is added to an organization. additionalProperties: false required: - specversion - type - source - id - time - data - a0tenant - a0stream properties: specversion: type: string description: The version of the CloudEvents specification which the event uses. type: $ref: '#/components/schemas/EventStreamCloudEventOrgMemberRoleAssignedCloudEventTypeEnum' source: type: string description: The source of the event. This will take the form 'urn:auth0:.'. id: type: string description: A unique identifier for the event. pattern: evt_[a-zA-Z0-9]{16} time: type: string description: An ISO-8601 timestamp indicating when the event physically occurred. format: date-time data: $ref: '#/components/schemas/EventStreamCloudEventOrgMemberRoleAssignedData' a0tenant: type: string description: The auth0 tenant ID to which the event is associated. minLength: 3 maxLength: 63 pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]' a0stream: type: string description: The auth0 event stream ID of the stream the event was delivered on. pattern: est_[a-zA-Z0-9]{16} a0purpose: $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum' EventStreamCloudEventOrgMemberRoleAssignedCloudEventTypeEnum: type: string description: The type of the event which has happened. enum: - organization.member.role.assigned EventStreamCloudEventOrgMemberRoleAssignedData: type: object description: The event payload. additionalProperties: false required: - object properties: object: $ref: '#/components/schemas/EventStreamCloudEventOrgMemberRoleAssignedObject' context: $ref: '#/components/schemas/EventStreamCloudEventContext' EventStreamCloudEventOrgMemberRoleAssignedObject: type: object description: The event content. additionalProperties: false required: - organization - user - role properties: organization: $ref: '#/components/schemas/EventStreamCloudEventOrgMemberRoleAssignedObjectOrganization' user: $ref: '#/components/schemas/EventStreamCloudEventOrgMemberRoleAssignedObjectUser' role: $ref: '#/components/schemas/EventStreamCloudEventOrgMemberRoleAssignedObjectRole' EventStreamCloudEventOrgMemberRoleAssignedObjectOrganization: type: object description: The organization the member belongs to. additionalProperties: false required: - id properties: id: type: string description: ID of the organization. pattern: org_[a-zA-Z0-9]{16} EventStreamCloudEventOrgMemberRoleAssignedObjectRole: type: object description: The role assigned to the user in the organization. additionalProperties: false required: - id - name properties: id: type: string description: The ID of the role. pattern: rol_[a-zA-Z0-9]{16} name: type: string description: The name of the role. EventStreamCloudEventOrgMemberRoleAssignedObjectUser: type: object description: The user that is a member of the organization. additionalProperties: true required: - user_id properties: user_id: type: string description: ID of the user which can be used when interacting with other APIs. EventStreamCloudEventOrgMemberRoleAssignedTypeEnum: type: string description: The event type (injected from the SSE event field). enum: - organization.member.role.assigned EventStreamCloudEventOrgMemberRoleDeleted: type: object description: SSE message for organization.member.role.deleted. additionalProperties: false required: - type - offset - event properties: type: $ref: '#/components/schemas/EventStreamCloudEventOrgMemberRoleDeletedTypeEnum' offset: type: string description: Opaque cursor representing position in the stream. Pass as the `from` query parameter to resume. event: $ref: '#/components/schemas/EventStreamCloudEventOrgMemberRoleDeletedCloudEvent' EventStreamCloudEventOrgMemberRoleDeletedCloudEvent: type: object description: Represents an event that occurs when a member is removed from an organization. additionalProperties: false required: - specversion - type - source - id - time - data - a0tenant - a0stream properties: specversion: type: string description: The version of the CloudEvents specification which the event uses. type: $ref: '#/components/schemas/EventStreamCloudEventOrgMemberRoleDeletedCloudEventTypeEnum' source: type: string description: The source of the event. This will take the form 'urn:auth0:.'. id: type: string description: A unique identifier for the event. pattern: evt_[a-zA-Z0-9]{16} time: type: string description: An ISO-8601 timestamp indicating when the event physically occurred. format: date-time data: $ref: '#/components/schemas/EventStreamCloudEventOrgMemberRoleDeletedData' a0tenant: type: string description: The auth0 tenant ID to which the event is associated. minLength: 3 maxLength: 63 pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]' a0stream: type: string description: The auth0 event stream ID of the stream the event was delivered on. pattern: est_[a-zA-Z0-9]{16} a0purpose: $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum' EventStreamCloudEventOrgMemberRoleDeletedCloudEventTypeEnum: type: string description: The type of the event which has happened. enum: - organization.member.role.deleted EventStreamCloudEventOrgMemberRoleDeletedData: type: object description: The event payload. additionalProperties: false required: - object properties: object: $ref: '#/components/schemas/EventStreamCloudEventOrgMemberRoleDeletedObject' context: $ref: '#/components/schemas/EventStreamCloudEventContext' EventStreamCloudEventOrgMemberRoleDeletedObject: type: object description: The event content. additionalProperties: false required: - organization - user - role properties: organization: $ref: '#/components/schemas/EventStreamCloudEventOrgMemberRoleDeletedObjectOrganization' user: $ref: '#/components/schemas/EventStreamCloudEventOrgMemberRoleDeletedObjectUser' role: $ref: '#/components/schemas/EventStreamCloudEventOrgMemberRoleDeletedObjectRole' EventStreamCloudEventOrgMemberRoleDeletedObjectOrganization: type: object description: The organization the member belongs to. additionalProperties: false required: - id properties: id: type: string description: ID of the organization. pattern: org_[a-zA-Z0-9]{16} EventStreamCloudEventOrgMemberRoleDeletedObjectRole: type: object description: The role assigned to the user in the organization. additionalProperties: false required: - id - name properties: id: type: string description: The ID of the role. pattern: rol_[a-zA-Z0-9]{16} name: type: string description: The name of the role. EventStreamCloudEventOrgMemberRoleDeletedObjectUser: type: object description: The user that is a member of the organization. additionalProperties: true required: - user_id properties: user_id: type: string description: ID of the user which can be used when interacting with other APIs. EventStreamCloudEventOrgMemberRoleDeletedTypeEnum: type: string description: The event type (injected from the SSE event field). enum: - organization.member.role.deleted EventStreamCloudEventOrgUpdated: type: object description: SSE message for organization.updated. additionalProperties: false required: - type - offset - event properties: type: $ref: '#/components/schemas/EventStreamCloudEventOrgUpdatedTypeEnum' offset: type: string description: Opaque cursor representing position in the stream. Pass as the `from` query parameter to resume. event: $ref: '#/components/schemas/EventStreamCloudEventOrgUpdatedCloudEvent' EventStreamCloudEventOrgUpdatedCloudEvent: type: object description: Represents an event that occurs when an organization is updated. additionalProperties: false required: - specversion - type - source - id - time - data - a0tenant - a0stream properties: specversion: type: string description: The version of the CloudEvents specification which the event uses. type: $ref: '#/components/schemas/EventStreamCloudEventOrgUpdatedCloudEventTypeEnum' source: type: string description: The source of the event. This will take the form 'urn:auth0:.'. id: type: string description: A unique identifier for the event. pattern: evt_[a-zA-Z0-9]{16} time: type: string description: An ISO-8601 timestamp indicating when the event physically occurred. format: date-time data: $ref: '#/components/schemas/EventStreamCloudEventOrgUpdatedData' a0tenant: type: string description: The auth0 tenant ID to which the event is associated. minLength: 3 maxLength: 63 pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]' a0stream: type: string description: The auth0 event stream ID of the stream the event was delivered on. pattern: est_[a-zA-Z0-9]{16} a0purpose: $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum' EventStreamCloudEventOrgUpdatedCloudEventTypeEnum: type: string description: The type of the event which has happened. enum: - organization.updated EventStreamCloudEventOrgUpdatedData: type: object description: The event payload. additionalProperties: false required: - object properties: object: $ref: '#/components/schemas/EventStreamCloudEventOrgUpdatedObject' context: $ref: '#/components/schemas/EventStreamCloudEventContext' EventStreamCloudEventOrgUpdatedObject: type: object description: The event content. additionalProperties: false required: - id properties: name: type: string description: The human-readable identifier for the organization that will be used by end-users to direct them to their organization in your application.. pattern: ^(?:(?!org_))[a-z0-9]([a-z0-9-_]*[a-z0-9])?$ id: type: string description: ID of the organization. pattern: org_[a-zA-Z0-9]{16} display_name: type: string description: If set, the name that will be displayed to end-users for this organization in any interaction with them. metadata: $ref: '#/components/schemas/EventStreamCloudEventOrgUpdatedObjectMetadata' branding: $ref: '#/components/schemas/EventStreamCloudEventOrgUpdatedObjectBranding' EventStreamCloudEventOrgUpdatedObjectBranding: type: object description: The branding associated with the organization. additionalProperties: false properties: logo_url: type: string description: URL of logo to display on login page. format: uri colors: $ref: '#/components/schemas/EventStreamCloudEventOrgUpdatedObjectBrandingColors' EventStreamCloudEventOrgUpdatedObjectBrandingColors: type: object description: Color scheme used to customize the login pages. additionalProperties: false properties: primary: type: string description: HEX Color for primary elements. page_background: type: string description: HEX Color for background. EventStreamCloudEventOrgUpdatedObjectMetadata: type: object description: The metadata associated with the organization. additionalProperties: true properties: {} EventStreamCloudEventOrgUpdatedTypeEnum: type: string description: The event type (injected from the SSE event field). enum: - organization.updated EventStreamCloudEventUserCreated: type: object description: SSE message for user.created. additionalProperties: false required: - type - offset - event properties: type: $ref: '#/components/schemas/EventStreamCloudEventUserCreatedTypeEnum' offset: type: string description: Opaque cursor representing position in the stream. Pass as the `from` query parameter to resume. event: $ref: '#/components/schemas/EventStreamCloudEventUserCreatedCloudEvent' EventStreamCloudEventUserCreatedCloudEvent: type: object description: Represents an event that occurs when a user is created. additionalProperties: false required: - specversion - type - source - id - time - data - a0tenant - a0stream properties: specversion: type: string description: The version of the CloudEvents specification which the event uses. type: $ref: '#/components/schemas/EventStreamCloudEventUserCreatedCloudEventTypeEnum' source: type: string description: The source of the event. This will take the form 'urn:auth0:.'. id: type: string description: A unique identifier for the event. pattern: evt_[a-zA-Z0-9]{16} time: type: string description: An ISO-8601 timestamp indicating when the event physically occurred. format: date-time data: $ref: '#/components/schemas/EventStreamCloudEventUserCreatedData' a0tenant: type: string description: The auth0 tenant ID to which the event is associated. minLength: 3 maxLength: 63 pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]' a0stream: type: string description: The auth0 event stream ID of the stream the event was delivered on. pattern: est_[a-zA-Z0-9]{16} a0purpose: $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum' EventStreamCloudEventUserCreatedCloudEventTypeEnum: type: string description: The type of the event which has happened. enum: - user.created EventStreamCloudEventUserCreatedData: type: object description: The event payload. additionalProperties: false required: - object properties: object: $ref: '#/components/schemas/EventStreamCloudEventUserCreatedObject' context: $ref: '#/components/schemas/EventStreamCloudEventContext' EventStreamCloudEventUserCreatedObject: type: object description: The event content. additionalProperties: true required: - user_id - created_at - updated_at - identities properties: user_id: type: string description: ID of the user which can be used when interacting with other APIs. email: type: string description: Email address of this user. format: email email_verified: type: boolean description: Whether this email address is verified (true) or unverified (false). username: type: string description: Username of this user. minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9_+\-.!#\$\^`~@']*$ phone_number: type: string description: Phone number of this user. pattern: ^\+[0-9]{1,15}$ phone_verified: type: boolean description: Whether this phone number has been verified (true) or not (false). created_at: type: string description: Date and time when this entity was created (ISO_8601 format). format: date-time updated_at: type: string description: Date and time when this entity was last updated/modified (ISO_8601 format). format: date-time identities: type: array description: Array of user identity objects when accounts are linked. items: $ref: '#/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItem' app_metadata: $ref: '#/components/schemas/EventStreamCloudEventUserCreatedObjectAppMetadata' user_metadata: $ref: '#/components/schemas/EventStreamCloudEventUserCreatedObjectUserMetadata' picture: type: string description: URL to picture, photo, or avatar of this user. format: uri name: type: string description: Name of this user. minLength: 1 maxLength: 300 nickname: type: string description: Preferred nickname or alias of this user. minLength: 1 maxLength: 300 multifactor: type: array description: List of multi-factor authentication providers with which this user has enrolled. items: type: string last_ip: type: string description: Last IP address from which this user logged in. last_login: type: string description: Last date and time this user logged in (ISO_8601 format). format: date-time logins_count: type: integer description: Total number of logins this user has performed. blocked: type: boolean description: Whether this user was blocked by an administrator (true) or is not (false). given_name: type: string description: Given name/first name/forename of this user. minLength: 1 maxLength: 150 family_name: type: string description: Family name/last name/surname of this user. minLength: 1 maxLength: 150 EventStreamCloudEventUserCreatedObjectAppMetadata: type: object description: User metadata to which this user has read-only access. additionalProperties: true properties: {} EventStreamCloudEventUserCreatedObjectIdentitiesItem: description: Identity object when accounts are linked. oneOf: - $ref: '#/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemCustom' - $ref: '#/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemDatabase' - $ref: '#/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemEnterprise' - $ref: '#/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemPasswordless' - $ref: '#/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemSocial' EventStreamCloudEventUserCreatedObjectIdentitiesItemCustom: type: object description: The identity object for custom identity providers. additionalProperties: false required: - connection - user_id - provider - isSocial properties: connection: type: string description: Name of the connection containing this identity. pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$ user_id: $ref: '#/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemCustomUserId' profileData: $ref: '#/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemCustomProfileData' provider: $ref: '#/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemCustomProviderEnum' isSocial: $ref: '#/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemCustomIsSocialEnum' EventStreamCloudEventUserCreatedObjectIdentitiesItemCustomIsSocialEnum: type: boolean enum: - false EventStreamCloudEventUserCreatedObjectIdentitiesItemCustomProfileData: type: object description: Profile data for the user. additionalProperties: true properties: email: type: string description: Email address of this user. format: email email_verified: type: boolean description: Whether this email address is verified (true) or unverified (false). name: type: string description: Name of this user. minLength: 1 maxLength: 300 username: type: string description: Username of this user. minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9_+\-.!#\$\^`~@']*$ given_name: type: string description: Given name/first name/forename of this user. minLength: 1 maxLength: 150 family_name: type: string description: Family name/last name/surname of this user. minLength: 1 maxLength: 150 phone_number: type: string description: Phone number of this user. pattern: ^\+[0-9]{1,15}$ phone_verified: type: boolean description: Whether this phone number has been verified (true) or not (false). EventStreamCloudEventUserCreatedObjectIdentitiesItemCustomProviderEnum: type: string description: List of custom identity providers. enum: - custom EventStreamCloudEventUserCreatedObjectIdentitiesItemCustomUserId: description: The IDP-specific identifer for the user. anyOf: - type: string - type: integer EventStreamCloudEventUserCreatedObjectIdentitiesItemDatabase: type: object description: The identity object for database identity providers. additionalProperties: false required: - connection - user_id - provider - isSocial properties: connection: type: string description: Name of the connection containing this identity. pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$ user_id: $ref: '#/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemDatabaseUserId' profileData: $ref: '#/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemDatabaseProfileData' provider: $ref: '#/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemDatabaseProviderEnum' isSocial: $ref: '#/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemDatabaseIsSocialEnum' EventStreamCloudEventUserCreatedObjectIdentitiesItemDatabaseIsSocialEnum: type: boolean enum: - false EventStreamCloudEventUserCreatedObjectIdentitiesItemDatabaseProfileData: type: object description: Profile data for the user. additionalProperties: true properties: email: type: string description: Email address of this user. format: email email_verified: type: boolean description: Whether this email address is verified (true) or unverified (false). name: type: string description: Name of this user. minLength: 1 maxLength: 300 username: type: string description: Username of this user. minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9_+\-.!#\$\^`~@']*$ given_name: type: string description: Given name/first name/forename of this user. minLength: 1 maxLength: 150 family_name: type: string description: Family name/last name/surname of this user. minLength: 1 maxLength: 150 phone_number: type: string description: Phone number of this user. pattern: ^\+[0-9]{1,15}$ phone_verified: type: boolean description: Whether this phone number has been verified (true) or not (false). EventStreamCloudEventUserCreatedObjectIdentitiesItemDatabaseProviderEnum: type: string description: List of database identity providers. enum: - auth0 EventStreamCloudEventUserCreatedObjectIdentitiesItemDatabaseUserId: description: The IDP-specific identifer for the user. anyOf: - type: string - type: integer EventStreamCloudEventUserCreatedObjectIdentitiesItemEnterprise: type: object description: The identity object for enterprise identity providers. additionalProperties: false required: - connection - user_id - provider - isSocial properties: connection: type: string description: Name of the connection containing this identity. pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$ user_id: $ref: '#/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemEnterpriseUserId' profileData: $ref: '#/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemEnterpriseProfileData' provider: $ref: '#/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemEnterpriseProviderEnum' isSocial: $ref: '#/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemEnterpriseIsSocialEnum' EventStreamCloudEventUserCreatedObjectIdentitiesItemEnterpriseIsSocialEnum: type: boolean enum: - false EventStreamCloudEventUserCreatedObjectIdentitiesItemEnterpriseProfileData: type: object description: Profile data for the user. additionalProperties: true properties: email: type: string description: Email address of this user. format: email email_verified: type: boolean description: Whether this email address is verified (true) or unverified (false). name: type: string description: Name of this user. minLength: 1 maxLength: 300 username: type: string description: Username of this user. minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9_+\-.!#\$\^`~@']*$ given_name: type: string description: Given name/first name/forename of this user. minLength: 1 maxLength: 150 family_name: type: string description: Family name/last name/surname of this user. minLength: 1 maxLength: 150 phone_number: type: string description: Phone number of this user. pattern: ^\+[0-9]{1,15}$ phone_verified: type: boolean description: Whether this phone number has been verified (true) or not (false). EventStreamCloudEventUserCreatedObjectIdentitiesItemEnterpriseProviderEnum: type: string description: List of enterprise identity providers. enum: - ad - adfs - google-apps - ip - office365 - oidc - okta - pingfederate - samlp - sharepoint - waad EventStreamCloudEventUserCreatedObjectIdentitiesItemEnterpriseUserId: description: The IDP-specific identifer for the user. anyOf: - type: string - type: integer EventStreamCloudEventUserCreatedObjectIdentitiesItemPasswordless: type: object description: The identity object for passwordless identity providers. additionalProperties: false required: - connection - user_id - provider - isSocial properties: connection: type: string description: Name of the connection containing this identity. pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$ user_id: $ref: '#/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemPasswordlessUserId' profileData: $ref: '#/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemPasswordlessProfileData' provider: $ref: '#/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemPasswordlessProviderEnum' isSocial: $ref: '#/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemPasswordlessIsSocialEnum' EventStreamCloudEventUserCreatedObjectIdentitiesItemPasswordlessIsSocialEnum: type: boolean enum: - false EventStreamCloudEventUserCreatedObjectIdentitiesItemPasswordlessProfileData: type: object description: Profile data for the user. additionalProperties: true properties: email: type: string description: Email address of this user. format: email email_verified: type: boolean description: Whether this email address is verified (true) or unverified (false). name: type: string description: Name of this user. minLength: 1 maxLength: 300 username: type: string description: Username of this user. minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9_+\-.!#\$\^`~@']*$ given_name: type: string description: Given name/first name/forename of this user. minLength: 1 maxLength: 150 family_name: type: string description: Family name/last name/surname of this user. minLength: 1 maxLength: 150 phone_number: type: string description: Phone number of this user. pattern: ^\+[0-9]{1,15}$ phone_verified: type: boolean description: Whether this phone number has been verified (true) or not (false). EventStreamCloudEventUserCreatedObjectIdentitiesItemPasswordlessProviderEnum: type: string description: List of passwordless identity providers. enum: - email - sms EventStreamCloudEventUserCreatedObjectIdentitiesItemPasswordlessUserId: description: The IDP-specific identifer for the user. anyOf: - type: string - type: integer EventStreamCloudEventUserCreatedObjectIdentitiesItemSocial: type: object description: The identity object for social identity providers. additionalProperties: false required: - connection - user_id - provider - isSocial properties: connection: type: string description: Name of the connection containing this identity. pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$ user_id: $ref: '#/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemSocialUserId' profileData: $ref: '#/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemSocialProfileData' provider: $ref: '#/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemSocialProviderEnum' isSocial: $ref: '#/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemSocialIsSocialEnum' EventStreamCloudEventUserCreatedObjectIdentitiesItemSocialIsSocialEnum: type: boolean enum: - true EventStreamCloudEventUserCreatedObjectIdentitiesItemSocialProfileData: type: object description: Profile data for the user. additionalProperties: true properties: email: type: string description: Email address of this user. format: email email_verified: type: boolean description: Whether this email address is verified (true) or unverified (false). name: type: string description: Name of this user. minLength: 1 maxLength: 300 username: type: string description: Username of this user. minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9_+\-.!#\$\^`~@']*$ given_name: type: string description: Given name/first name/forename of this user. minLength: 1 maxLength: 150 family_name: type: string description: Family name/last name/surname of this user. minLength: 1 maxLength: 150 phone_number: type: string description: Phone number of this user. pattern: ^\+[0-9]{1,15}$ phone_verified: type: boolean description: Whether this phone number has been verified (true) or not (false). EventStreamCloudEventUserCreatedObjectIdentitiesItemSocialProviderEnum: type: string description: List of social identity providers. enum: - amazon - apple - dropbox - bitbucket - auth0-oidc - baidu - bitly - box - daccount - dwolla - evernote-sandbox - evernote - exact - facebook - fitbit - github - google-oauth2 - instagram - line - linkedin - oauth1 - oauth2 - paypal - paypal-sandbox - planningcenter - salesforce-community - salesforce-sandbox - salesforce - shopify - soundcloud - thirtysevensignals - twitter - untapped - vkontakte - weibo - windowslive - wordpress - yahoo - yandex EventStreamCloudEventUserCreatedObjectIdentitiesItemSocialUserId: description: The IDP-specific identifer for the user. anyOf: - type: string - type: integer EventStreamCloudEventUserCreatedObjectUserMetadata: type: object description: User metadata to which this user has read/write access. additionalProperties: true properties: {} EventStreamCloudEventUserCreatedTypeEnum: type: string description: The event type (injected from the SSE event field). enum: - user.created EventStreamCloudEventUserDeleted: type: object description: SSE message for user.deleted. additionalProperties: false required: - type - offset - event properties: type: $ref: '#/components/schemas/EventStreamCloudEventUserDeletedTypeEnum' offset: type: string description: Opaque cursor representing position in the stream. Pass as the `from` query parameter to resume. event: $ref: '#/components/schemas/EventStreamCloudEventUserDeletedCloudEvent' EventStreamCloudEventUserDeletedCloudEvent: type: object description: Represents an event that occurs when a user is deleted. additionalProperties: false required: - specversion - type - source - id - time - data - a0tenant - a0stream properties: specversion: type: string description: The version of the CloudEvents specification which the event uses. type: $ref: '#/components/schemas/EventStreamCloudEventUserDeletedCloudEventTypeEnum' source: type: string description: The source of the event. This will take the form 'urn:auth0:.'. id: type: string description: A unique identifier for the event. pattern: evt_[a-zA-Z0-9]{16} time: type: string description: An ISO-8601 timestamp indicating when the event physically occurred. format: date-time data: $ref: '#/components/schemas/EventStreamCloudEventUserDeletedData' a0tenant: type: string description: The auth0 tenant ID to which the event is associated. minLength: 3 maxLength: 63 pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]' a0stream: type: string description: The auth0 event stream ID of the stream the event was delivered on. pattern: est_[a-zA-Z0-9]{16} a0purpose: $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum' EventStreamCloudEventUserDeletedCloudEventTypeEnum: type: string description: The type of the event which has happened. enum: - user.deleted EventStreamCloudEventUserDeletedData: type: object description: The event payload. additionalProperties: false required: - object properties: object: $ref: '#/components/schemas/EventStreamCloudEventUserDeletedObject' context: $ref: '#/components/schemas/EventStreamCloudEventContext' EventStreamCloudEventUserDeletedObject: type: object description: The event content. additionalProperties: true required: - user_id - created_at - updated_at - identities - deleted_at properties: user_id: type: string description: ID of the user which can be used when interacting with other APIs. email: type: string description: Email address of this user. format: email email_verified: type: boolean description: Whether this email address is verified (true) or unverified (false). username: type: string description: Username of this user. minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9_+\-.!#\$\^`~@']*$ phone_number: type: string description: Phone number of this user. pattern: ^\+[0-9]{1,15}$ phone_verified: type: boolean description: Whether this phone number has been verified (true) or not (false). created_at: type: string description: Date and time when this entity was created (ISO_8601 format). format: date-time updated_at: type: string description: Date and time when this entity was last updated/modified (ISO_8601 format). format: date-time identities: type: array description: Array of user identity objects when accounts are linked. items: $ref: '#/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItem' app_metadata: $ref: '#/components/schemas/EventStreamCloudEventUserDeletedObjectAppMetadata' user_metadata: $ref: '#/components/schemas/EventStreamCloudEventUserDeletedObjectUserMetadata' picture: type: string description: URL to picture, photo, or avatar of this user. format: uri name: type: string description: Name of this user. minLength: 1 maxLength: 300 nickname: type: string description: Preferred nickname or alias of this user. minLength: 1 maxLength: 300 multifactor: type: array description: List of multi-factor authentication providers with which this user has enrolled. items: type: string last_ip: type: string description: Last IP address from which this user logged in. last_login: type: string description: Last date and time this user logged in (ISO_8601 format). format: date-time logins_count: type: integer description: Total number of logins this user has performed. blocked: type: boolean description: Whether this user was blocked by an administrator (true) or is not (false). given_name: type: string description: Given name/first name/forename of this user. minLength: 1 maxLength: 150 family_name: type: string description: Family name/last name/surname of this user. minLength: 1 maxLength: 150 deleted_at: type: string description: Date and time when this entity was deleted (ISO_8601 format). format: date-time EventStreamCloudEventUserDeletedObjectAppMetadata: type: object description: User metadata to which this user has read-only access. additionalProperties: true properties: {} EventStreamCloudEventUserDeletedObjectIdentitiesItem: description: Identity object when accounts are linked. oneOf: - $ref: '#/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemCustom' - $ref: '#/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemDatabase' - $ref: '#/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemEnterprise' - $ref: '#/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemPasswordless' - $ref: '#/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemSocial' EventStreamCloudEventUserDeletedObjectIdentitiesItemCustom: type: object description: The identity object for custom identity providers. additionalProperties: false required: - connection - user_id - provider - isSocial properties: connection: type: string description: Name of the connection containing this identity. pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$ user_id: $ref: '#/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemCustomUserId' profileData: $ref: '#/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemCustomProfileData' provider: $ref: '#/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemCustomProviderEnum' isSocial: $ref: '#/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemCustomIsSocialEnum' EventStreamCloudEventUserDeletedObjectIdentitiesItemCustomIsSocialEnum: type: boolean enum: - false EventStreamCloudEventUserDeletedObjectIdentitiesItemCustomProfileData: type: object description: Profile data for the user. additionalProperties: true properties: email: type: string description: Email address of this user. format: email email_verified: type: boolean description: Whether this email address is verified (true) or unverified (false). name: type: string description: Name of this user. minLength: 1 maxLength: 300 username: type: string description: Username of this user. minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9_+\-.!#\$\^`~@']*$ given_name: type: string description: Given name/first name/forename of this user. minLength: 1 maxLength: 150 family_name: type: string description: Family name/last name/surname of this user. minLength: 1 maxLength: 150 phone_number: type: string description: Phone number of this user. pattern: ^\+[0-9]{1,15}$ phone_verified: type: boolean description: Whether this phone number has been verified (true) or not (false). EventStreamCloudEventUserDeletedObjectIdentitiesItemCustomProviderEnum: type: string description: List of custom identity providers. enum: - custom EventStreamCloudEventUserDeletedObjectIdentitiesItemCustomUserId: description: The IDP-specific identifer for the user. anyOf: - type: string - type: integer EventStreamCloudEventUserDeletedObjectIdentitiesItemDatabase: type: object description: The identity object for database identity providers. additionalProperties: false required: - connection - user_id - provider - isSocial properties: connection: type: string description: Name of the connection containing this identity. pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$ user_id: $ref: '#/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemDatabaseUserId' profileData: $ref: '#/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemDatabaseProfileData' provider: $ref: '#/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemDatabaseProviderEnum' isSocial: $ref: '#/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemDatabaseIsSocialEnum' EventStreamCloudEventUserDeletedObjectIdentitiesItemDatabaseIsSocialEnum: type: boolean enum: - false EventStreamCloudEventUserDeletedObjectIdentitiesItemDatabaseProfileData: type: object description: Profile data for the user. additionalProperties: true properties: email: type: string description: Email address of this user. format: email email_verified: type: boolean description: Whether this email address is verified (true) or unverified (false). name: type: string description: Name of this user. minLength: 1 maxLength: 300 username: type: string description: Username of this user. minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9_+\-.!#\$\^`~@']*$ given_name: type: string description: Given name/first name/forename of this user. minLength: 1 maxLength: 150 family_name: type: string description: Family name/last name/surname of this user. minLength: 1 maxLength: 150 phone_number: type: string description: Phone number of this user. pattern: ^\+[0-9]{1,15}$ phone_verified: type: boolean description: Whether this phone number has been verified (true) or not (false). EventStreamCloudEventUserDeletedObjectIdentitiesItemDatabaseProviderEnum: type: string description: List of database identity providers. enum: - auth0 EventStreamCloudEventUserDeletedObjectIdentitiesItemDatabaseUserId: description: The IDP-specific identifer for the user. anyOf: - type: string - type: integer EventStreamCloudEventUserDeletedObjectIdentitiesItemEnterprise: type: object description: The identity object for enterprise identity providers. additionalProperties: false required: - connection - user_id - provider - isSocial properties: connection: type: string description: Name of the connection containing this identity. pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$ user_id: $ref: '#/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemEnterpriseUserId' profileData: $ref: '#/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemEnterpriseProfileData' provider: $ref: '#/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemEnterpriseProviderEnum' isSocial: $ref: '#/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemEnterpriseIsSocialEnum' EventStreamCloudEventUserDeletedObjectIdentitiesItemEnterpriseIsSocialEnum: type: boolean enum: - false EventStreamCloudEventUserDeletedObjectIdentitiesItemEnterpriseProfileData: type: object description: Profile data for the user. additionalProperties: true properties: email: type: string description: Email address of this user. format: email email_verified: type: boolean description: Whether this email address is verified (true) or unverified (false). name: type: string description: Name of this user. minLength: 1 maxLength: 300 username: type: string description: Username of this user. minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9_+\-.!#\$\^`~@']*$ given_name: type: string description: Given name/first name/forename of this user. minLength: 1 maxLength: 150 family_name: type: string description: Family name/last name/surname of this user. minLength: 1 maxLength: 150 phone_number: type: string description: Phone number of this user. pattern: ^\+[0-9]{1,15}$ phone_verified: type: boolean description: Whether this phone number has been verified (true) or not (false). EventStreamCloudEventUserDeletedObjectIdentitiesItemEnterpriseProviderEnum: type: string description: List of enterprise identity providers. enum: - ad - adfs - google-apps - ip - office365 - oidc - okta - pingfederate - samlp - sharepoint - waad EventStreamCloudEventUserDeletedObjectIdentitiesItemEnterpriseUserId: description: The IDP-specific identifer for the user. anyOf: - type: string - type: integer EventStreamCloudEventUserDeletedObjectIdentitiesItemPasswordless: type: object description: The identity object for passwordless identity providers. additionalProperties: false required: - connection - user_id - provider - isSocial properties: connection: type: string description: Name of the connection containing this identity. pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$ user_id: $ref: '#/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemPasswordlessUserId' profileData: $ref: '#/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemPasswordlessProfileData' provider: $ref: '#/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemPasswordlessProviderEnum' isSocial: $ref: '#/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemPasswordlessIsSocialEnum' EventStreamCloudEventUserDeletedObjectIdentitiesItemPasswordlessIsSocialEnum: type: boolean enum: - false EventStreamCloudEventUserDeletedObjectIdentitiesItemPasswordlessProfileData: type: object description: Profile data for the user. additionalProperties: true properties: email: type: string description: Email address of this user. format: email email_verified: type: boolean description: Whether this email address is verified (true) or unverified (false). name: type: string description: Name of this user. minLength: 1 maxLength: 300 username: type: string description: Username of this user. minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9_+\-.!#\$\^`~@']*$ given_name: type: string description: Given name/first name/forename of this user. minLength: 1 maxLength: 150 family_name: type: string description: Family name/last name/surname of this user. minLength: 1 maxLength: 150 phone_number: type: string description: Phone number of this user. pattern: ^\+[0-9]{1,15}$ phone_verified: type: boolean description: Whether this phone number has been verified (true) or not (false). EventStreamCloudEventUserDeletedObjectIdentitiesItemPasswordlessProviderEnum: type: string description: List of passwordless identity providers. enum: - email - sms EventStreamCloudEventUserDeletedObjectIdentitiesItemPasswordlessUserId: description: The IDP-specific identifer for the user. anyOf: - type: string - type: integer EventStreamCloudEventUserDeletedObjectIdentitiesItemSocial: type: object description: The identity object for social identity providers. additionalProperties: false required: - connection - user_id - provider - isSocial properties: connection: type: string description: Name of the connection containing this identity. pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$ user_id: $ref: '#/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemSocialUserId' profileData: $ref: '#/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemSocialProfileData' provider: $ref: '#/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemSocialProviderEnum' isSocial: $ref: '#/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemSocialIsSocialEnum' EventStreamCloudEventUserDeletedObjectIdentitiesItemSocialIsSocialEnum: type: boolean enum: - true EventStreamCloudEventUserDeletedObjectIdentitiesItemSocialProfileData: type: object description: Profile data for the user. additionalProperties: true properties: email: type: string description: Email address of this user. format: email email_verified: type: boolean description: Whether this email address is verified (true) or unverified (false). name: type: string description: Name of this user. minLength: 1 maxLength: 300 username: type: string description: Username of this user. minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9_+\-.!#\$\^`~@']*$ given_name: type: string description: Given name/first name/forename of this user. minLength: 1 maxLength: 150 family_name: type: string description: Family name/last name/surname of this user. minLength: 1 maxLength: 150 phone_number: type: string description: Phone number of this user. pattern: ^\+[0-9]{1,15}$ phone_verified: type: boolean description: Whether this phone number has been verified (true) or not (false). EventStreamCloudEventUserDeletedObjectIdentitiesItemSocialProviderEnum: type: string description: List of social identity providers. enum: - amazon - apple - dropbox - bitbucket - auth0-oidc - baidu - bitly - box - daccount - dwolla - evernote-sandbox - evernote - exact - facebook - fitbit - github - google-oauth2 - instagram - line - linkedin - oauth1 - oauth2 - paypal - paypal-sandbox - planningcenter - salesforce-community - salesforce-sandbox - salesforce - shopify - soundcloud - thirtysevensignals - twitter - untapped - vkontakte - weibo - windowslive - wordpress - yahoo - yandex EventStreamCloudEventUserDeletedObjectIdentitiesItemSocialUserId: description: The IDP-specific identifer for the user. anyOf: - type: string - type: integer EventStreamCloudEventUserDeletedObjectUserMetadata: type: object description: User metadata to which this user has read/write access. additionalProperties: true properties: {} EventStreamCloudEventUserDeletedTypeEnum: type: string description: The event type (injected from the SSE event field). enum: - user.deleted EventStreamCloudEventUserUpdated: type: object description: SSE message for user.updated. additionalProperties: false required: - type - offset - event properties: type: $ref: '#/components/schemas/EventStreamCloudEventUserUpdatedTypeEnum' offset: type: string description: Opaque cursor representing position in the stream. Pass as the `from` query parameter to resume. event: $ref: '#/components/schemas/EventStreamCloudEventUserUpdatedCloudEvent' EventStreamCloudEventUserUpdatedCloudEvent: type: object description: Represents an event that occurs when a user is updated. additionalProperties: false required: - specversion - type - source - id - time - data - a0tenant - a0stream properties: specversion: type: string description: The version of the CloudEvents specification which the event uses. type: $ref: '#/components/schemas/EventStreamCloudEventUserUpdatedCloudEventTypeEnum' source: type: string description: The source of the event. This will take the form 'urn:auth0:.'. id: type: string description: A unique identifier for the event. pattern: evt_[a-zA-Z0-9]{16} time: type: string description: An ISO-8601 timestamp indicating when the event physically occurred. format: date-time data: $ref: '#/components/schemas/EventStreamCloudEventUserUpdatedData' a0tenant: type: string description: The auth0 tenant ID to which the event is associated. minLength: 3 maxLength: 63 pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]' a0stream: type: string description: The auth0 event stream ID of the stream the event was delivered on. pattern: est_[a-zA-Z0-9]{16} a0purpose: $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum' EventStreamCloudEventUserUpdatedCloudEventTypeEnum: type: string description: The type of the event which has happened. enum: - user.updated EventStreamCloudEventUserUpdatedData: type: object description: The event payload. additionalProperties: false required: - object properties: object: $ref: '#/components/schemas/EventStreamCloudEventUserUpdatedObject' context: $ref: '#/components/schemas/EventStreamCloudEventContext' EventStreamCloudEventUserUpdatedObject: type: object description: The event content. additionalProperties: true required: - user_id - created_at - updated_at - identities properties: user_id: type: string description: ID of the user which can be used when interacting with other APIs. email: type: string description: Email address of this user. format: email email_verified: type: boolean description: Whether this email address is verified (true) or unverified (false). username: type: string description: Username of this user. minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9_+\-.!#\$\^`~@']*$ phone_number: type: string description: Phone number of this user. pattern: ^\+[0-9]{1,15}$ phone_verified: type: boolean description: Whether this phone number has been verified (true) or not (false). created_at: type: string description: Date and time when this entity was created (ISO_8601 format). format: date-time updated_at: type: string description: Date and time when this entity was last updated/modified (ISO_8601 format). format: date-time identities: type: array description: Array of user identity objects when accounts are linked. items: $ref: '#/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItem' app_metadata: $ref: '#/components/schemas/EventStreamCloudEventUserUpdatedObjectAppMetadata' user_metadata: $ref: '#/components/schemas/EventStreamCloudEventUserUpdatedObjectUserMetadata' picture: type: string description: URL to picture, photo, or avatar of this user. format: uri name: type: string description: Name of this user. minLength: 1 maxLength: 300 nickname: type: string description: Preferred nickname or alias of this user. minLength: 1 maxLength: 300 multifactor: type: array description: List of multi-factor authentication providers with which this user has enrolled. items: type: string last_ip: type: string description: Last IP address from which this user logged in. last_login: type: string description: Last date and time this user logged in (ISO_8601 format). format: date-time logins_count: type: integer description: Total number of logins this user has performed. blocked: type: boolean description: Whether this user was blocked by an administrator (true) or is not (false). given_name: type: string description: Given name/first name/forename of this user. minLength: 1 maxLength: 150 family_name: type: string description: Family name/last name/surname of this user. minLength: 1 maxLength: 150 EventStreamCloudEventUserUpdatedObjectAppMetadata: type: object description: User metadata to which this user has read-only access. additionalProperties: true properties: {} EventStreamCloudEventUserUpdatedObjectIdentitiesItem: description: Identity object when accounts are linked. oneOf: - $ref: '#/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemCustom' - $ref: '#/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemDatabase' - $ref: '#/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemEnterprise' - $ref: '#/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemPasswordless' - $ref: '#/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemSocial' EventStreamCloudEventUserUpdatedObjectIdentitiesItemCustom: type: object description: The identity object for custom identity providers. additionalProperties: false required: - connection - user_id - provider - isSocial properties: connection: type: string description: Name of the connection containing this identity. pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$ user_id: $ref: '#/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemCustomUserId' profileData: $ref: '#/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemCustomProfileData' provider: $ref: '#/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemCustomProviderEnum' isSocial: $ref: '#/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemCustomIsSocialEnum' EventStreamCloudEventUserUpdatedObjectIdentitiesItemCustomIsSocialEnum: type: boolean enum: - false EventStreamCloudEventUserUpdatedObjectIdentitiesItemCustomProfileData: type: object description: Profile data for the user. additionalProperties: true properties: email: type: string description: Email address of this user. format: email email_verified: type: boolean description: Whether this email address is verified (true) or unverified (false). name: type: string description: Name of this user. minLength: 1 maxLength: 300 username: type: string description: Username of this user. minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9_+\-.!#\$\^`~@']*$ given_name: type: string description: Given name/first name/forename of this user. minLength: 1 maxLength: 150 family_name: type: string description: Family name/last name/surname of this user. minLength: 1 maxLength: 150 phone_number: type: string description: Phone number of this user. pattern: ^\+[0-9]{1,15}$ phone_verified: type: boolean description: Whether this phone number has been verified (true) or not (false). EventStreamCloudEventUserUpdatedObjectIdentitiesItemCustomProviderEnum: type: string description: List of custom identity providers. enum: - custom EventStreamCloudEventUserUpdatedObjectIdentitiesItemCustomUserId: description: The IDP-specific identifer for the user. anyOf: - type: string - type: integer EventStreamCloudEventUserUpdatedObjectIdentitiesItemDatabase: type: object description: The identity object for database identity providers. additionalProperties: false required: - connection - user_id - provider - isSocial properties: connection: type: string description: Name of the connection containing this identity. pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$ user_id: $ref: '#/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemDatabaseUserId' profileData: $ref: '#/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemDatabaseProfileData' provider: $ref: '#/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemDatabaseProviderEnum' isSocial: $ref: '#/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemDatabaseIsSocialEnum' EventStreamCloudEventUserUpdatedObjectIdentitiesItemDatabaseIsSocialEnum: type: boolean enum: - false EventStreamCloudEventUserUpdatedObjectIdentitiesItemDatabaseProfileData: type: object description: Profile data for the user. additionalProperties: true properties: email: type: string description: Email address of this user. format: email email_verified: type: boolean description: Whether this email address is verified (true) or unverified (false). name: type: string description: Name of this user. minLength: 1 maxLength: 300 username: type: string description: Username of this user. minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9_+\-.!#\$\^`~@']*$ given_name: type: string description: Given name/first name/forename of this user. minLength: 1 maxLength: 150 family_name: type: string description: Family name/last name/surname of this user. minLength: 1 maxLength: 150 phone_number: type: string description: Phone number of this user. pattern: ^\+[0-9]{1,15}$ phone_verified: type: boolean description: Whether this phone number has been verified (true) or not (false). EventStreamCloudEventUserUpdatedObjectIdentitiesItemDatabaseProviderEnum: type: string description: List of database identity providers. enum: - auth0 EventStreamCloudEventUserUpdatedObjectIdentitiesItemDatabaseUserId: description: The IDP-specific identifer for the user. anyOf: - type: string - type: integer EventStreamCloudEventUserUpdatedObjectIdentitiesItemEnterprise: type: object description: The identity object for enterprise identity providers. additionalProperties: false required: - connection - user_id - provider - isSocial properties: connection: type: string description: Name of the connection containing this identity. pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$ user_id: $ref: '#/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemEnterpriseUserId' profileData: $ref: '#/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemEnterpriseProfileData' provider: $ref: '#/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemEnterpriseProviderEnum' isSocial: $ref: '#/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemEnterpriseIsSocialEnum' EventStreamCloudEventUserUpdatedObjectIdentitiesItemEnterpriseIsSocialEnum: type: boolean enum: - false EventStreamCloudEventUserUpdatedObjectIdentitiesItemEnterpriseProfileData: type: object description: Profile data for the user. additionalProperties: true properties: email: type: string description: Email address of this user. format: email email_verified: type: boolean description: Whether this email address is verified (true) or unverified (false). name: type: string description: Name of this user. minLength: 1 maxLength: 300 username: type: string description: Username of this user. minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9_+\-.!#\$\^`~@']*$ given_name: type: string description: Given name/first name/forename of this user. minLength: 1 maxLength: 150 family_name: type: string description: Family name/last name/surname of this user. minLength: 1 maxLength: 150 phone_number: type: string description: Phone number of this user. pattern: ^\+[0-9]{1,15}$ phone_verified: type: boolean description: Whether this phone number has been verified (true) or not (false). EventStreamCloudEventUserUpdatedObjectIdentitiesItemEnterpriseProviderEnum: type: string description: List of enterprise identity providers. enum: - ad - adfs - google-apps - ip - office365 - oidc - okta - pingfederate - samlp - sharepoint - waad EventStreamCloudEventUserUpdatedObjectIdentitiesItemEnterpriseUserId: description: The IDP-specific identifer for the user. anyOf: - type: string - type: integer EventStreamCloudEventUserUpdatedObjectIdentitiesItemPasswordless: type: object description: The identity object for passwordless identity providers. additionalProperties: false required: - connection - user_id - provider - isSocial properties: connection: type: string description: Name of the connection containing this identity. pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$ user_id: $ref: '#/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemPasswordlessUserId' profileData: $ref: '#/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemPasswordlessProfileData' provider: $ref: '#/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemPasswordlessProviderEnum' isSocial: $ref: '#/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemPasswordlessIsSocialEnum' EventStreamCloudEventUserUpdatedObjectIdentitiesItemPasswordlessIsSocialEnum: type: boolean enum: - false EventStreamCloudEventUserUpdatedObjectIdentitiesItemPasswordlessProfileData: type: object description: Profile data for the user. additionalProperties: true properties: email: type: string description: Email address of this user. format: email email_verified: type: boolean description: Whether this email address is verified (true) or unverified (false). name: type: string description: Name of this user. minLength: 1 maxLength: 300 username: type: string description: Username of this user. minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9_+\-.!#\$\^`~@']*$ given_name: type: string description: Given name/first name/forename of this user. minLength: 1 maxLength: 150 family_name: type: string description: Family name/last name/surname of this user. minLength: 1 maxLength: 150 phone_number: type: string description: Phone number of this user. pattern: ^\+[0-9]{1,15}$ phone_verified: type: boolean description: Whether this phone number has been verified (true) or not (false). EventStreamCloudEventUserUpdatedObjectIdentitiesItemPasswordlessProviderEnum: type: string description: List of passwordless identity providers. enum: - email - sms EventStreamCloudEventUserUpdatedObjectIdentitiesItemPasswordlessUserId: description: The IDP-specific identifer for the user. anyOf: - type: string - type: integer EventStreamCloudEventUserUpdatedObjectIdentitiesItemSocial: type: object description: The identity object for social identity providers. additionalProperties: false required: - connection - user_id - provider - isSocial properties: connection: type: string description: Name of the connection containing this identity. pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$ user_id: $ref: '#/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemSocialUserId' profileData: $ref: '#/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemSocialProfileData' provider: $ref: '#/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemSocialProviderEnum' isSocial: $ref: '#/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemSocialIsSocialEnum' EventStreamCloudEventUserUpdatedObjectIdentitiesItemSocialIsSocialEnum: type: boolean enum: - true EventStreamCloudEventUserUpdatedObjectIdentitiesItemSocialProfileData: type: object description: Profile data for the user. additionalProperties: true properties: email: type: string description: Email address of this user. format: email email_verified: type: boolean description: Whether this email address is verified (true) or unverified (false). name: type: string description: Name of this user. minLength: 1 maxLength: 300 username: type: string description: Username of this user. minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9_+\-.!#\$\^`~@']*$ given_name: type: string description: Given name/first name/forename of this user. minLength: 1 maxLength: 150 family_name: type: string description: Family name/last name/surname of this user. minLength: 1 maxLength: 150 phone_number: type: string description: Phone number of this user. pattern: ^\+[0-9]{1,15}$ phone_verified: type: boolean description: Whether this phone number has been verified (true) or not (false). EventStreamCloudEventUserUpdatedObjectIdentitiesItemSocialProviderEnum: type: string description: List of social identity providers. enum: - amazon - apple - dropbox - bitbucket - auth0-oidc - baidu - bitly - box - daccount - dwolla - evernote-sandbox - evernote - exact - facebook - fitbit - github - google-oauth2 - instagram - line - linkedin - oauth1 - oauth2 - paypal - paypal-sandbox - planningcenter - salesforce-community - salesforce-sandbox - salesforce - shopify - soundcloud - thirtysevensignals - twitter - untapped - vkontakte - weibo - windowslive - wordpress - yahoo - yandex EventStreamCloudEventUserUpdatedObjectIdentitiesItemSocialUserId: description: The IDP-specific identifer for the user. anyOf: - type: string - type: integer EventStreamCloudEventUserUpdatedObjectUserMetadata: type: object description: User metadata to which this user has read/write access. additionalProperties: true properties: {} EventStreamCloudEventUserUpdatedTypeEnum: type: string description: The event type (injected from the SSE event field). enum: - user.updated EventStreamDelivery: type: object description: Metadata about a specific attempt to deliver an event additionalProperties: false required: - id - event_stream_id - status - event_type - attempts properties: id: type: string description: Unique identifier for the delivery event_stream_id: type: string description: Unique identifier for the event stream. minLength: 26 maxLength: 26 format: event-stream-id status: $ref: '#/components/schemas/EventStreamDeliveryStatusEnum' event_type: $ref: '#/components/schemas/EventStreamDeliveryEventTypeEnum' attempts: type: array description: Results of delivery attempts items: $ref: '#/components/schemas/EventStreamDeliveryAttempt' event: $ref: '#/components/schemas/EventStreamCloudEvent' EventStreamDeliveryAttempt: type: object additionalProperties: false required: - status - timestamp properties: status: $ref: '#/components/schemas/EventStreamDeliveryStatusEnum' timestamp: type: string description: Timestamp of delivery attempt format: date-time error_message: type: string description: Delivery error message, if applicable EventStreamDeliveryEventTypeEnum: type: string description: Type of event maxLength: 33 enum: - group.created - group.deleted - group.member.added - group.member.deleted - group.role.assigned - group.role.deleted - group.updated - organization.connection.added - organization.connection.removed - organization.connection.updated - organization.created - organization.deleted - organization.group.role.assigned - organization.group.role.deleted - organization.member.added - organization.member.deleted - organization.member.role.assigned - organization.member.role.deleted - organization.updated - user.created - user.deleted - user.updated EventStreamDeliveryStatusEnum: type: string description: Delivery status maxLength: 6 enum: - failed EventStreamDestinationPatch: oneOf: - $ref: '#/components/schemas/EventStreamWebhookDestination' - $ref: '#/components/schemas/EventStreamActionDestination' EventStreamEventBridgeAWSRegionEnum: type: string description: AWS Region for EventBridge destination. enum: - af-south-1 - ap-east-1 - ap-east-2 - ap-northeast-1 - ap-northeast-2 - ap-northeast-3 - ap-south-1 - ap-south-2 - ap-southeast-1 - ap-southeast-2 - ap-southeast-3 - ap-southeast-4 - ap-southeast-5 - ap-southeast-6 - ap-southeast-7 - ca-central-1 - ca-west-1 - eu-central-1 - eu-central-2 - eu-north-1 - eu-south-1 - eu-south-2 - eu-west-1 - eu-west-2 - eu-west-3 - il-central-1 - me-central-1 - me-south-1 - mx-central-1 - sa-east-1 - us-gov-east-1 - us-gov-west-1 - us-east-1 - us-east-2 - us-west-1 - us-west-2 EventStreamEventBridgeConfiguration: type: object description: Configuration specific to an eventbridge destination. additionalProperties: false required: - aws_account_id - aws_region properties: aws_account_id: type: string description: 'AWS Account ID for EventBridge destination. ' pattern: ^\d{12}$ aws_region: $ref: '#/components/schemas/EventStreamEventBridgeAWSRegionEnum' aws_partner_event_source: type: string description: 'AWS Partner Event Source for EventBridge destination. ' EventStreamEventBridgeDestination: type: object additionalProperties: false required: - type - configuration properties: type: $ref: '#/components/schemas/EventStreamEventBridgeDestinationTypeEnum' configuration: $ref: '#/components/schemas/EventStreamEventBridgeConfiguration' EventStreamEventBridgeDestinationTypeEnum: type: string enum: - eventbridge EventStreamEventBridgeResponseContent: type: object additionalProperties: false properties: id: type: string description: Unique identifier for the event stream. minLength: 26 maxLength: 26 format: event-stream-id name: type: string description: Name of the event stream. minLength: 1 maxLength: 128 subscriptions: type: array description: List of event types subscribed to in this stream. minItems: 1 items: $ref: '#/components/schemas/EventStreamSubscription' destination: $ref: '#/components/schemas/EventStreamEventBridgeDestination' status: $ref: '#/components/schemas/EventStreamStatusEnum' created_at: type: string description: Timestamp when the event stream was created. format: date-time updated_at: type: string description: Timestamp when the event stream was last updated. format: date-time EventStreamEventTypeEnum: type: string enum: - group.created - group.deleted - group.member.added - group.member.deleted - group.role.assigned - group.role.deleted - group.updated - organization.connection.added - organization.connection.removed - organization.connection.updated - organization.created - organization.deleted - organization.group.role.assigned - organization.group.role.deleted - organization.member.added - organization.member.deleted - organization.member.role.assigned - organization.member.role.deleted - organization.updated - user.created - user.deleted - user.updated EventStreamResponseContent: oneOf: - $ref: '#/components/schemas/EventStreamWebhookResponseContent' - $ref: '#/components/schemas/EventStreamEventBridgeResponseContent' - $ref: '#/components/schemas/EventStreamActionResponseContent' EventStreamStatusEnum: type: string description: Indicates whether the event stream is actively forwarding events. maxLength: 8 enum: - enabled - disabled EventStreamSubscribeEventsEventTypeEnum: type: string enum: - group.created - group.deleted - group.member.added - group.member.deleted - group.role.assigned - group.role.deleted - group.updated - organization.connection.added - organization.connection.removed - organization.connection.updated - organization.created - organization.deleted - organization.group.role.assigned - organization.group.role.deleted - organization.member.added - organization.member.deleted - organization.member.role.assigned - organization.member.role.deleted - organization.updated - user.created - user.deleted - user.updated EventStreamSubscribeEventsEventTypeParam: type: array items: $ref: '#/components/schemas/EventStreamSubscribeEventsEventTypeEnum' description: Event type(s) to listen for. Specify multiple times for multiple types (e.g., ?event_type=user.created&event_type=user.updated). If not provided, all event types will be streamed. EventStreamSubscribeEventsResponseContent: description: 'The JSON payload delivered in each SSE data line. The type field is injected from the SSE event field by the SDK. Discriminated by type: an event type name for events, "error" for errors, and "offset-only" for cursor-only heartbeats.' discriminator: propertyName: type x-discriminator-context: protocol mapping: group.created: '#/components/schemas/EventStreamCloudEventGroupCreated' group.deleted: '#/components/schemas/EventStreamCloudEventGroupDeleted' group.member.added: '#/components/schemas/EventStreamCloudEventGroupMemberAdded' group.member.deleted: '#/components/schemas/EventStreamCloudEventGroupMemberDeleted' group.role.assigned: '#/components/schemas/EventStreamCloudEventGroupRoleAssigned' group.role.deleted: '#/components/schemas/EventStreamCloudEventGroupRoleDeleted' group.updated: '#/components/schemas/EventStreamCloudEventGroupUpdated' organization.connection.added: '#/components/schemas/EventStreamCloudEventOrgConnectionAdded' organization.connection.removed: '#/components/schemas/EventStreamCloudEventOrgConnectionRemoved' organization.connection.updated: '#/components/schemas/EventStreamCloudEventOrgConnectionUpdated' organization.created: '#/components/schemas/EventStreamCloudEventOrgCreated' organization.deleted: '#/components/schemas/EventStreamCloudEventOrgDeleted' organization.group.role.assigned: '#/components/schemas/EventStreamCloudEventOrgGroupRoleAssigned' organization.group.role.deleted: '#/components/schemas/EventStreamCloudEventOrgGroupRoleDeleted' organization.member.added: '#/components/schemas/EventStreamCloudEventOrgMemberAdded' organization.member.deleted: '#/components/schemas/EventStreamCloudEventOrgMemberDeleted' organization.member.role.assigned: '#/components/schemas/EventStreamCloudEventOrgMemberRoleAssigned' organization.member.role.deleted: '#/components/schemas/EventStreamCloudEventOrgMemberRoleDeleted' organization.updated: '#/components/schemas/EventStreamCloudEventOrgUpdated' user.created: '#/components/schemas/EventStreamCloudEventUserCreated' user.deleted: '#/components/schemas/EventStreamCloudEventUserDeleted' user.updated: '#/components/schemas/EventStreamCloudEventUserUpdated' error: '#/components/schemas/EventStreamCloudEventErrorMessage' offset-only: '#/components/schemas/EventStreamCloudEventOffsetOnlyMessage' oneOf: - $ref: '#/components/schemas/EventStreamCloudEventGroupCreated' - $ref: '#/components/schemas/EventStreamCloudEventGroupDeleted' - $ref: '#/components/schemas/EventStreamCloudEventGroupMemberAdded' - $ref: '#/components/schemas/EventStreamCloudEventGroupMemberDeleted' - $ref: '#/components/schemas/EventStreamCloudEventGroupRoleAssigned' - $ref: '#/components/schemas/EventStreamCloudEventGroupRoleDeleted' - $ref: '#/components/schemas/EventStreamCloudEventGroupUpdated' - $ref: '#/components/schemas/EventStreamCloudEventOrgConnectionAdded' - $ref: '#/components/schemas/EventStreamCloudEventOrgConnectionRemoved' - $ref: '#/components/schemas/EventStreamCloudEventOrgConnectionUpdated' - $ref: '#/components/schemas/EventStreamCloudEventOrgCreated' - $ref: '#/components/schemas/EventStreamCloudEventOrgDeleted' - $ref: '#/components/schemas/EventStreamCloudEventOrgGroupRoleAssigned' - $ref: '#/components/schemas/EventStreamCloudEventOrgGroupRoleDeleted' - $ref: '#/components/schemas/EventStreamCloudEventOrgMemberAdded' - $ref: '#/components/schemas/EventStreamCloudEventOrgMemberDeleted' - $ref: '#/components/schemas/EventStreamCloudEventOrgMemberRoleAssigned' - $ref: '#/components/schemas/EventStreamCloudEventOrgMemberRoleDeleted' - $ref: '#/components/schemas/EventStreamCloudEventOrgUpdated' - $ref: '#/components/schemas/EventStreamCloudEventUserCreated' - $ref: '#/components/schemas/EventStreamCloudEventUserDeleted' - $ref: '#/components/schemas/EventStreamCloudEventUserUpdated' - $ref: '#/components/schemas/EventStreamCloudEventErrorMessage' - $ref: '#/components/schemas/EventStreamCloudEventOffsetOnlyMessage' EventStreamSubscription: type: object description: Event types additionalProperties: false properties: event_type: type: string EventStreamTestEventTypeEnum: type: string description: The type of event this test event represents. maxLength: 33 enum: - group.created - group.deleted - group.member.added - group.member.deleted - group.role.assigned - group.role.deleted - group.updated - organization.connection.added - organization.connection.removed - organization.connection.updated - organization.created - organization.deleted - organization.group.role.assigned - organization.group.role.deleted - organization.member.added - organization.member.deleted - organization.member.role.assigned - organization.member.role.deleted - organization.updated - user.created - user.deleted - user.updated EventStreamWebhookAuthorizationResponse: oneOf: - $ref: '#/components/schemas/EventStreamWebhookBasicAuth' - $ref: '#/components/schemas/EventStreamWebhookBearerAuth' - $ref: '#/components/schemas/EventStreamWebhookCustomHeaderAuth' EventStreamWebhookBasicAuth: type: object description: 'Basic Authorization for HTTP requests (e.g., ''Basic credentials''). ' additionalProperties: false required: - method - username properties: method: $ref: '#/components/schemas/EventStreamWebhookBasicAuthMethodEnum' username: type: string description: Username maxLength: 128 pattern: ^[^:]+$ EventStreamWebhookBasicAuthMethodEnum: type: string description: Type of authorization. enum: - basic EventStreamWebhookBearerAuth: type: object description: 'Bearer Authorization for HTTP requests (e.g., ''Bearer token''). ' additionalProperties: false required: - method properties: method: $ref: '#/components/schemas/EventStreamWebhookBearerAuthMethodEnum' EventStreamWebhookBearerAuthMethodEnum: type: string description: Type of authorization. enum: - bearer EventStreamWebhookConfiguration: type: object description: Configuration specific to a webhook destination. additionalProperties: false required: - webhook_endpoint - webhook_authorization properties: webhook_endpoint: type: string description: Target HTTP endpoint URL. pattern: ^https://.* webhook_authorization: $ref: '#/components/schemas/EventStreamWebhookAuthorizationResponse' EventStreamWebhookCustomHeaderAuth: type: object description: Custom header authorization for HTTP requests. additionalProperties: false required: - method - header_key properties: method: $ref: '#/components/schemas/EventStreamWebhookCustomHeaderAuthMethodEnum' header_key: type: string description: HTTP header name. minLength: 1 pattern: ^[a-zA-Z0-9!#$%&'*+.^_`|~-]+$ EventStreamWebhookCustomHeaderAuthMethodEnum: type: string description: Type of authorization. enum: - custom_header EventStreamWebhookDestination: type: object additionalProperties: false required: - type - configuration properties: type: $ref: '#/components/schemas/EventStreamWebhookDestinationTypeEnum' configuration: $ref: '#/components/schemas/EventStreamWebhookConfiguration' EventStreamWebhookDestinationTypeEnum: type: string enum: - webhook EventStreamWebhookResponseContent: type: object additionalProperties: false properties: id: type: string description: Unique identifier for the event stream. minLength: 26 maxLength: 26 format: event-stream-id name: type: string description: Name of the event stream. minLength: 1 maxLength: 128 subscriptions: type: array description: List of event types subscribed to in this stream. minItems: 1 items: $ref: '#/components/schemas/EventStreamSubscription' destination: $ref: '#/components/schemas/EventStreamWebhookDestination' status: $ref: '#/components/schemas/EventStreamStatusEnum' created_at: type: string description: Timestamp when the event stream was created. format: date-time updated_at: type: string description: Timestamp when the event stream was last updated. format: date-time ExpressConfiguration: type: object description: Application specific configuration for use with the OIN Express Configuration feature. additionalProperties: false required: - initiate_login_uri_template - user_attribute_profile_id - connection_profile_id - enable_client - enable_organization - okta_oin_client_id - admin_login_domain properties: initiate_login_uri_template: type: string description: 'The URI users should bookmark to log in to this application. Variable substitution is permitted for the following properties: organization_name, organization_id, and connection_name.' format: ec-initiate-login-uri-template-url user_attribute_profile_id: type: string description: The ID of the user attribute profile to use for this application. format: user-attribute-profile-id connection_profile_id: type: string description: The ID of the connection profile to use for this application. format: connection-profile-id enable_client: type: boolean description: When true, all connections made via express configuration will be enabled for this application. enable_organization: type: boolean description: When true, all connections made via express configuration will have the associated organization enabled. linked_clients: type: array description: List of client IDs that are linked to this express configuration (e.g. web or mobile clients). items: $ref: '#/components/schemas/LinkedClientConfiguration' okta_oin_client_id: type: string description: This is the unique identifier for the Okta OIN Express Configuration Client, which Okta will use for this application. format: client-id admin_login_domain: type: string description: This is the domain that admins are expected to log in via for authenticating for express configuration. It can be either the canonical domain or a registered custom domain. minLength: 1 oin_submission_id: type: string description: The identifier of the published application in the OKTA OIN. minLength: 1 maxLength: 200 ExpressConfigurationOrNull: type: - object - 'null' description: Application specific configuration for use with the OIN Express Configuration feature. additionalProperties: false required: - initiate_login_uri_template - user_attribute_profile_id - connection_profile_id - enable_client - enable_organization - okta_oin_client_id - admin_login_domain properties: initiate_login_uri_template: type: string description: 'The URI users should bookmark to log in to this application. Variable substitution is permitted for the following properties: organization_name, organization_id, and connection_name.' format: ec-initiate-login-uri-template-url user_attribute_profile_id: type: string description: The ID of the user attribute profile to use for this application. format: user-attribute-profile-id connection_profile_id: type: string description: The ID of the connection profile to use for this application. format: connection-profile-id enable_client: type: boolean description: When true, all connections made via express configuration will be enabled for this application. enable_organization: type: boolean description: When true, all connections made via express configuration will have the associated organization enabled. linked_clients: type: array description: List of client IDs that are linked to this express configuration (e.g. web or mobile clients). items: $ref: '#/components/schemas/LinkedClientConfiguration' okta_oin_client_id: type: string description: This is the unique identifier for the Okta OIN Express Configuration Client, which Okta will use for this application. format: client-id admin_login_domain: type: string description: This is the domain that admins are expected to log in via for authenticating for express configuration. It can be either the canonical domain or a registered custom domain. minLength: 1 oin_submission_id: type: string description: The identifier of the published application in the OKTA OIN. minLength: 1 maxLength: 200 ExtensibilityEmailProviderCredentials: type: object additionalProperties: false properties: {} FederatedConnectionTokenSet: type: object additionalProperties: true properties: id: type: string connection: type: string scope: type: string expires_at: type: - string - 'null' format: date-time issued_at: type: string format: date-time last_used_at: type: - string - 'null' format: date-time FlowAction: type: object oneOf: - $ref: '#/components/schemas/FlowActionActivecampaign' - $ref: '#/components/schemas/FlowActionAirtable' - $ref: '#/components/schemas/FlowActionAuth0' - $ref: '#/components/schemas/FlowActionBigquery' - $ref: '#/components/schemas/FlowActionClearbit' - $ref: '#/components/schemas/FlowActionEmail' - $ref: '#/components/schemas/FlowActionFlow' - $ref: '#/components/schemas/FlowActionGoogleSheets' - $ref: '#/components/schemas/FlowActionHttp' - $ref: '#/components/schemas/FlowActionHubspot' - $ref: '#/components/schemas/FlowActionJson' - $ref: '#/components/schemas/FlowActionJwt' - $ref: '#/components/schemas/FlowActionMailchimp' - $ref: '#/components/schemas/FlowActionMailjet' - $ref: '#/components/schemas/FlowActionOtp' - $ref: '#/components/schemas/FlowActionPipedrive' - $ref: '#/components/schemas/FlowActionSalesforce' - $ref: '#/components/schemas/FlowActionSendgrid' - $ref: '#/components/schemas/FlowActionSlack' - $ref: '#/components/schemas/FlowActionStripe' - $ref: '#/components/schemas/FlowActionTelegram' - $ref: '#/components/schemas/FlowActionTwilio' - $ref: '#/components/schemas/FlowActionWhatsapp' - $ref: '#/components/schemas/FlowActionXml' - $ref: '#/components/schemas/FlowActionZapier' FlowActionActivecampaign: type: object oneOf: - $ref: '#/components/schemas/FlowActionActivecampaignListContacts' - $ref: '#/components/schemas/FlowActionActivecampaignUpsertContact' FlowActionActivecampaignListContacts: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - ACTIVECAMPAIGN action: type: string enum: - LIST_CONTACTS allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionActivecampaignListContactsParams' FlowActionActivecampaignListContactsParams: type: object additionalProperties: false required: - connection_id - email properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id email: type: string FlowActionActivecampaignUpsertContact: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - ACTIVECAMPAIGN action: type: string enum: - UPSERT_CONTACT allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionActivecampaignUpsertContactParams' FlowActionActivecampaignUpsertContactParams: type: object additionalProperties: false required: - connection_id - email properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id email: type: string first_name: type: string last_name: type: string phone: type: string custom_fields: $ref: '#/components/schemas/FlowActionActivecampaignUpsertContactParamsCustomFields' FlowActionActivecampaignUpsertContactParamsCustomFields: type: object additionalProperties: true FlowActionAirtable: type: object oneOf: - $ref: '#/components/schemas/FlowActionAirtableCreateRecord' - $ref: '#/components/schemas/FlowActionAirtableListRecords' - $ref: '#/components/schemas/FlowActionAirtableUpdateRecord' FlowActionAirtableCreateRecord: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - AIRTABLE action: type: string enum: - CREATE_RECORD allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionAirtableCreateRecordParams' FlowActionAirtableCreateRecordParams: type: object additionalProperties: false required: - connection_id - base_id - table_name properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id base_id: type: string table_name: type: string fields: $ref: '#/components/schemas/FlowActionAirtableCreateRecordParamsFields' FlowActionAirtableCreateRecordParamsFields: type: object additionalProperties: true properties: {} FlowActionAirtableListRecords: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - AIRTABLE action: type: string enum: - LIST_RECORDS allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionAirtableListRecordsParams' FlowActionAirtableListRecordsParams: type: object additionalProperties: false required: - connection_id - base_id - table_name properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id base_id: type: string table_name: type: string query: type: string view: type: string FlowActionAirtableUpdateRecord: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - AIRTABLE action: type: string enum: - UPDATE_RECORD allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionAirtableUpdateRecordParams' FlowActionAirtableUpdateRecordParams: type: object additionalProperties: false required: - connection_id - base_id - table_name - record_id properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id base_id: type: string table_name: type: string record_id: type: string fields: $ref: '#/components/schemas/FlowActionAirtableUpdateRecordParamsFields' FlowActionAirtableUpdateRecordParamsFields: type: object additionalProperties: true properties: {} FlowActionAuth0: type: object oneOf: - $ref: '#/components/schemas/FlowActionAuth0CreateUser' - $ref: '#/components/schemas/FlowActionAuth0GetUser' - $ref: '#/components/schemas/FlowActionAuth0UpdateUser' - $ref: '#/components/schemas/FlowActionAuth0SendRequest' - $ref: '#/components/schemas/FlowActionAuth0SendEmail' - $ref: '#/components/schemas/FlowActionAuth0SendSms' - $ref: '#/components/schemas/FlowActionAuth0MakeCall' FlowActionAuth0CreateUser: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - AUTH0 action: type: string enum: - CREATE_USER allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionAuth0CreateUserParams' FlowActionAuth0CreateUserParams: type: object additionalProperties: false required: - connection_id - payload properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id payload: $ref: '#/components/schemas/FlowActionAuth0CreateUserParamsPayload' FlowActionAuth0CreateUserParamsPayload: type: object additionalProperties: true properties: {} FlowActionAuth0GetUser: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - AUTH0 action: type: string enum: - GET_USER allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionAuth0GetUserParams' FlowActionAuth0GetUserParams: type: object additionalProperties: false required: - connection_id - user_id properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id user_id: type: string FlowActionAuth0MakeCall: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - AUTH0 action: type: string enum: - MAKE_CALL allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionAuth0MakeCallParams' FlowActionAuth0MakeCallParams: type: object additionalProperties: false required: - to - message properties: from: type: string minLength: 1 maxLength: 255 to: type: string minLength: 1 maxLength: 255 message: type: string minLength: 1 maxLength: 1024 custom_vars: $ref: '#/components/schemas/FlowActionAuth0MakeCallParamsCustomVars' FlowActionAuth0MakeCallParamsCustomVars: type: object additionalProperties: true FlowActionAuth0SendEmail: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - AUTH0 action: type: string enum: - SEND_EMAIL allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionAuth0SendEmailParams' FlowActionAuth0SendEmailParams: type: object additionalProperties: false required: - to - subject - body properties: from: $ref: '#/components/schemas/FlowActionAuth0SendEmailParamsFrom' to: $ref: '#/components/schemas/FlowActionAuth0SendEmailParamsTo' subject: type: string minLength: 1 maxLength: 255 body: type: string minLength: 1 maxLength: 102400 custom_vars: $ref: '#/components/schemas/FlowActionAuth0SendRequestParamsCustomVars' FlowActionAuth0SendEmailParamsFrom: type: object additionalProperties: false required: - email properties: name: type: string minLength: 1 maxLength: 125 email: $ref: '#/components/schemas/FlowActionAuth0SendEmailParamsFromEmail' FlowActionAuth0SendEmailParamsFromEmail: type: string oneOf: - type: string format: email - type: string format: forms-expression FlowActionAuth0SendEmailParamsTo: type: string oneOf: - type: string format: email - type: string format: forms-expression FlowActionAuth0SendRequest: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - AUTH0 action: type: string enum: - SEND_REQUEST allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionAuth0SendRequestParams' FlowActionAuth0SendRequestParams: type: object additionalProperties: false required: - connection_id - pathname properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id pathname: type: string method: type: string enum: - GET - POST - PUT - PATCH - DELETE headers: $ref: '#/components/schemas/FlowActionAuth0SendRequestParamsHeaders' params: $ref: '#/components/schemas/FlowActionAuth0SendRequestParamsQueryParams' payload: $ref: '#/components/schemas/FlowActionAuth0SendRequestParamsPayload' FlowActionAuth0SendRequestParamsCustomVars: type: object additionalProperties: true FlowActionAuth0SendRequestParamsHeaders: type: object additionalProperties: true FlowActionAuth0SendRequestParamsPayload: oneOf: - type: string - type: array items: {} - $ref: '#/components/schemas/FlowActionAuth0SendRequestParamsPayloadObject' FlowActionAuth0SendRequestParamsPayloadObject: type: object additionalProperties: true properties: {} FlowActionAuth0SendRequestParamsQueryParams: type: object additionalProperties: oneOf: - type: number - type: string - type: 'null' FlowActionAuth0SendSms: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - AUTH0 action: type: string enum: - SEND_SMS allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionAuth0SendSmsParams' FlowActionAuth0SendSmsParams: type: object additionalProperties: false required: - to - message properties: from: type: string minLength: 1 maxLength: 255 to: type: string minLength: 1 maxLength: 255 message: type: string minLength: 1 maxLength: 1024 custom_vars: $ref: '#/components/schemas/FlowActionAuth0SendSmsParamsCustomVars' FlowActionAuth0SendSmsParamsCustomVars: type: object additionalProperties: true FlowActionAuth0UpdateUser: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - AUTH0 action: type: string enum: - UPDATE_USER allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionAuth0UpdateUserParams' FlowActionAuth0UpdateUserParams: type: object additionalProperties: false required: - connection_id - user_id - changes properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id user_id: type: string changes: $ref: '#/components/schemas/FlowActionAuth0UpdateUserParamsChanges' FlowActionAuth0UpdateUserParamsChanges: type: object additionalProperties: true properties: {} FlowActionBigquery: type: object oneOf: - $ref: '#/components/schemas/FlowActionBigqueryInsertRows' FlowActionBigqueryInsertRows: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - BIGQUERY action: type: string enum: - INSERT_ROWS allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionBigqueryInsertRowsParams' FlowActionBigqueryInsertRowsParams: type: object additionalProperties: false required: - connection_id - dataset_id - table_id properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id dataset_id: type: string table_id: type: string data: $ref: '#/components/schemas/FlowActionBigqueryInsertRowsParamsData' FlowActionBigqueryInsertRowsParamsData: type: object additionalProperties: true properties: {} FlowActionClearbit: type: object oneOf: - $ref: '#/components/schemas/FlowActionClearbitFindPerson' - $ref: '#/components/schemas/FlowActionClearbitFindCompany' FlowActionClearbitFindCompany: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - CLEARBIT action: type: string enum: - FIND_COMPANY allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionClearbitFindCompanyParams' FlowActionClearbitFindCompanyParams: type: object additionalProperties: false required: - connection_id - domain properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id domain: type: string FlowActionClearbitFindPerson: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - CLEARBIT action: type: string enum: - FIND_PERSON allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionClearbitFindPersonParams' FlowActionClearbitFindPersonParams: type: object additionalProperties: false required: - connection_id - email properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id email: type: string FlowActionEmail: type: object oneOf: - $ref: '#/components/schemas/FlowActionEmailVerifyEmail' FlowActionEmailVerifyEmail: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - EMAIL action: type: string enum: - VERIFY_EMAIL allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionEmailVerifyEmailParams' FlowActionEmailVerifyEmailParams: type: object additionalProperties: false required: - email properties: email: type: string rules: $ref: '#/components/schemas/FlowActionEmailVerifyEmailParamsRules' FlowActionEmailVerifyEmailParamsRules: type: object additionalProperties: false properties: require_mx_record: type: boolean block_aliases: type: boolean block_free_emails: type: boolean block_disposable_emails: type: boolean blocklist: type: array items: type: string allowlist: type: array items: type: string FlowActionFlow: type: object oneOf: - $ref: '#/components/schemas/FlowActionFlowBooleanCondition' - $ref: '#/components/schemas/FlowActionFlowDelayFlow' - $ref: '#/components/schemas/FlowActionFlowDoNothing' - $ref: '#/components/schemas/FlowActionFlowErrorMessage' - $ref: '#/components/schemas/FlowActionFlowMapValue' - $ref: '#/components/schemas/FlowActionFlowReturnJson' - $ref: '#/components/schemas/FlowActionFlowStoreVars' FlowActionFlowBooleanCondition: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - FLOW action: type: string enum: - BOOLEAN_CONDITION allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionFlowBooleanConditionParams' FlowActionFlowBooleanConditionParams: type: object additionalProperties: false required: - if properties: if: {} then: type: array items: $ref: '#/components/schemas/FlowAction' else: type: array items: $ref: '#/components/schemas/FlowAction' FlowActionFlowDelayFlow: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - FLOW action: type: string enum: - DELAY_FLOW allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionFlowDelayFlowParams' FlowActionFlowDelayFlowParams: type: object additionalProperties: false required: - number properties: number: $ref: '#/components/schemas/FlowActionFlowDelayFlowParamsNumber' units: type: string enum: - SECONDS - MINUTES - HOURS - DAYS FlowActionFlowDelayFlowParamsNumber: oneOf: - type: integer minimum: 0 - type: string maxLength: 250 FlowActionFlowDoNothing: type: object additionalProperties: false required: - id - type - action properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - FLOW action: type: string enum: - DO_NOTHING allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionFlowDoNothingParams' FlowActionFlowDoNothingParams: type: object additionalProperties: false properties: {} FlowActionFlowErrorMessage: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - FLOW action: type: string enum: - ERROR_MESSAGE allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionFlowErrorMessageParams' FlowActionFlowErrorMessageParams: type: object additionalProperties: false required: - message properties: message: type: string maxLength: 2048 FlowActionFlowMapValue: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - FLOW action: type: string enum: - MAP_VALUE allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionFlowMapValueParams' FlowActionFlowMapValueParams: type: object additionalProperties: false required: - input properties: input: $ref: '#/components/schemas/FlowActionFlowMapValueParamsInput' cases: $ref: '#/components/schemas/FlowActionFlowMapValueParamsCases' fallback: $ref: '#/components/schemas/FlowActionFlowMapValueParamsFallback' FlowActionFlowMapValueParamsCases: type: object additionalProperties: true properties: {} FlowActionFlowMapValueParamsFallback: oneOf: - type: string - type: number - $ref: '#/components/schemas/FlowActionFlowMapValueParamsFallbackObject' - type: array items: {} - type: 'null' FlowActionFlowMapValueParamsFallbackObject: type: object additionalProperties: true FlowActionFlowMapValueParamsInput: oneOf: - type: string - type: number FlowActionFlowReturnJson: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - FLOW action: type: string enum: - RETURN_JSON allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionFlowReturnJsonParams' FlowActionFlowReturnJsonParams: type: object additionalProperties: false required: - payload properties: payload: $ref: '#/components/schemas/FlowActionFlowReturnJsonParamsPayload' FlowActionFlowReturnJsonParamsPayload: oneOf: - $ref: '#/components/schemas/FlowActionFlowReturnJsonParamsPayloadObject' - type: string FlowActionFlowReturnJsonParamsPayloadObject: type: object additionalProperties: true properties: {} FlowActionFlowStoreVars: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - FLOW action: type: string enum: - STORE_VARS allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionFlowStoreVarsParams' FlowActionFlowStoreVarsParams: type: object additionalProperties: false required: - vars properties: vars: $ref: '#/components/schemas/FlowActionFlowStoreVarsParamsVars' FlowActionFlowStoreVarsParamsVars: type: object additionalProperties: true properties: {} FlowActionGoogleSheets: type: object oneOf: - $ref: '#/components/schemas/FlowActionGoogleSheetsAddRow' FlowActionGoogleSheetsAddRow: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - GOOGLE_SHEETS action: type: string enum: - ADD_ROW allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionGoogleSheetsAddRowParams' FlowActionGoogleSheetsAddRowParams: type: object additionalProperties: false required: - connection_id - spreadsheet_id properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id spreadsheet_id: type: string minLength: 1 sheet_id: $ref: '#/components/schemas/FlowActionGoogleSheetsAddRowParamsSheetId' values: $ref: '#/components/schemas/FlowActionGoogleSheetsAddRowParamsValues' FlowActionGoogleSheetsAddRowParamsSheetId: oneOf: - type: integer minimum: 0 - type: string FlowActionGoogleSheetsAddRowParamsValues: type: array items: type: - string - 'null' FlowActionHttp: type: object oneOf: - $ref: '#/components/schemas/FlowActionHttpSendRequest' FlowActionHttpSendRequest: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - HTTP action: type: string enum: - SEND_REQUEST allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionHttpSendRequestParams' FlowActionHttpSendRequestParams: type: object additionalProperties: false required: - url properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id url: type: string method: type: string enum: - GET - POST - PUT - PATCH - DELETE headers: $ref: '#/components/schemas/FlowActionHttpSendRequestParamsHeaders' basic: $ref: '#/components/schemas/FlowActionHttpSendRequestParamsBasicAuth' params: $ref: '#/components/schemas/FlowActionHttpSendRequestParamsQueryParams' payload: $ref: '#/components/schemas/FlowActionHttpSendRequestParamsPayload' content_type: type: string enum: - JSON - FORM - XML FlowActionHttpSendRequestParamsBasicAuth: type: object additionalProperties: false properties: username: type: string minLength: 1 password: type: string minLength: 1 FlowActionHttpSendRequestParamsHeaders: type: object additionalProperties: true FlowActionHttpSendRequestParamsPayload: oneOf: - type: string - type: array items: {} - $ref: '#/components/schemas/FlowActionHttpSendRequestParamsPayloadObject' FlowActionHttpSendRequestParamsPayloadObject: type: object additionalProperties: true properties: {} FlowActionHttpSendRequestParamsQueryParams: type: object additionalProperties: oneOf: - type: number - type: string - type: 'null' FlowActionHubspot: type: object oneOf: - $ref: '#/components/schemas/FlowActionHubspotEnrollContact' - $ref: '#/components/schemas/FlowActionHubspotGetContact' - $ref: '#/components/schemas/FlowActionHubspotUpsertContact' FlowActionHubspotEnrollContact: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - HUBSPOT action: type: string enum: - ENROLL_CONTACT allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionHubspotEnrollContactParams' FlowActionHubspotEnrollContactParams: type: object additionalProperties: false required: - connection_id - email - workflow_id properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id email: type: string workflow_id: $ref: '#/components/schemas/FlowActionHubspotEnrollContactParamsWorkflowId' FlowActionHubspotEnrollContactParamsWorkflowId: oneOf: - type: string - type: integer FlowActionHubspotGetContact: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - HUBSPOT action: type: string enum: - GET_CONTACT allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionHubspotGetContactParams' FlowActionHubspotGetContactParams: type: object additionalProperties: false required: - connection_id - email properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id email: type: string FlowActionHubspotUpsertContact: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - HUBSPOT action: type: string enum: - UPSERT_CONTACT allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionHubspotUpsertContactParams' FlowActionHubspotUpsertContactParams: type: object additionalProperties: true required: - connection_id - email properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id email: type: string properties: type: array items: $ref: '#/components/schemas/FlowActionHubspotUpsertContactParamsProperty' FlowActionHubspotUpsertContactParamsProperty: type: object additionalProperties: false required: - property properties: property: type: string maxLength: 100 value: {} FlowActionJson: type: object oneOf: - $ref: '#/components/schemas/FlowActionJsonCreateJson' - $ref: '#/components/schemas/FlowActionJsonParseJson' - $ref: '#/components/schemas/FlowActionJsonSerializeJson' FlowActionJsonCreateJson: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - JSON action: type: string enum: - CREATE_JSON allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionJsonCreateJsonParams' FlowActionJsonCreateJsonParams: type: object additionalProperties: false required: - object properties: object: $ref: '#/components/schemas/FlowActionJsonCreateJsonParamsObject' FlowActionJsonCreateJsonParamsObject: type: object additionalProperties: true properties: {} FlowActionJsonParseJson: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - JSON action: type: string enum: - PARSE_JSON allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionJsonParseJsonParams' FlowActionJsonParseJsonParams: type: object additionalProperties: false required: - json properties: json: type: string FlowActionJsonSerializeJson: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - JSON action: type: string enum: - SERIALIZE_JSON allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionJsonSerializeJsonParams' FlowActionJsonSerializeJsonParams: type: object additionalProperties: false required: - object properties: object: $ref: '#/components/schemas/FlowActionJsonSerializeJsonParamsObject' FlowActionJsonSerializeJsonParamsObject: oneOf: - type: string - $ref: '#/components/schemas/FlowActionJsonSerializeJsonParamsObjectObject' FlowActionJsonSerializeJsonParamsObjectObject: type: object additionalProperties: true properties: {} FlowActionJwt: type: object oneOf: - $ref: '#/components/schemas/FlowActionJwtDecodeJwt' - $ref: '#/components/schemas/FlowActionJwtSignJwt' - $ref: '#/components/schemas/FlowActionJwtVerifyJwt' FlowActionJwtDecodeJwt: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - JWT action: type: string enum: - DECODE_JWT allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionJwtDecodeJwtParams' FlowActionJwtDecodeJwtParams: type: object additionalProperties: false required: - token properties: token: type: string maxLength: 10000 FlowActionJwtSignJwt: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - JWT action: type: string enum: - SIGN_JWT allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionJwtSignJwtParams' FlowActionJwtSignJwtParams: type: object additionalProperties: false required: - connection_id properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id payload: $ref: '#/components/schemas/FlowActionJwtSignJwtParamsPayload' subject: type: string maxLength: 100 issuer: type: string maxLength: 100 audience: type: string maxLength: 100 expires_in: type: string maxLength: 25 FlowActionJwtSignJwtParamsPayload: type: object additionalProperties: true properties: {} FlowActionJwtVerifyJwt: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - JWT action: type: string enum: - VERIFY_JWT allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionJwtVerifyJwtParams' FlowActionJwtVerifyJwtParams: type: object additionalProperties: false required: - connection_id - token properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id token: type: string maxLength: 100 audience: type: string maxLength: 500 issuer: type: string maxLength: 500 FlowActionMailchimp: type: object oneOf: - $ref: '#/components/schemas/FlowActionMailchimpUpsertMember' FlowActionMailchimpUpsertMember: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - MAILCHIMP action: type: string enum: - UPSERT_MEMBER allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionMailchimpUpsertMemberParams' FlowActionMailchimpUpsertMemberParams: type: object additionalProperties: false required: - connection_id - list_id - member properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id list_id: type: string member: $ref: '#/components/schemas/FlowActionMailchimpUpsertMemberParamsMember' FlowActionMailchimpUpsertMemberParamsMember: type: object additionalProperties: false required: - email_address - status_if_new properties: email_address: type: string status_if_new: type: string merge_fields: $ref: '#/components/schemas/FlowActionMailchimpUpsertMemberParamsMemberMergeFields' FlowActionMailchimpUpsertMemberParamsMemberMergeFields: type: object additionalProperties: true properties: {} FlowActionMailjet: type: object oneOf: - $ref: '#/components/schemas/FlowActionMailjetSendEmail' FlowActionMailjetSendEmail: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - MAILJET action: type: string enum: - SEND_EMAIL allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionMailjetSendEmailParams' FlowActionMailjetSendEmailParams: type: object oneOf: - type: object additionalProperties: true required: - content properties: content: type: string - type: object additionalProperties: true required: - template_id properties: template_id: type: integer variables: type: object additionalProperties: true properties: {} FlowActionOtp: type: object oneOf: - $ref: '#/components/schemas/FlowActionOtpGenerateCode' - $ref: '#/components/schemas/FlowActionOtpVerifyCode' FlowActionOtpGenerateCode: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - OTP action: type: string enum: - GENERATE_CODE allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionOtpGenerateCodeParams' FlowActionOtpGenerateCodeParams: type: object additionalProperties: false required: - reference - length properties: reference: type: string maxLength: 250 length: type: integer minimum: 1 maximum: 10 FlowActionOtpVerifyCode: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - OTP action: type: string enum: - VERIFY_CODE allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionOtpVerifyCodeParams' FlowActionOtpVerifyCodeParams: type: object additionalProperties: false required: - reference - code properties: reference: type: string maxLength: 250 code: $ref: '#/components/schemas/FlowActionOtpVerifyCodeParamsCode' FlowActionOtpVerifyCodeParamsCode: oneOf: - type: integer minimum: 0 maximum: 9999999999 - type: string maxLength: 250 FlowActionPipedrive: type: object oneOf: - $ref: '#/components/schemas/FlowActionPipedriveAddDeal' - $ref: '#/components/schemas/FlowActionPipedriveAddOrganization' - $ref: '#/components/schemas/FlowActionPipedriveAddPerson' FlowActionPipedriveAddDeal: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - PIPEDRIVE action: type: string enum: - ADD_DEAL allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionPipedriveAddDealParams' FlowActionPipedriveAddDealParams: type: object additionalProperties: false required: - connection_id - title properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id title: type: string value: type: string user_id: $ref: '#/components/schemas/FlowActionPipedriveAddDealParamsUserId' person_id: $ref: '#/components/schemas/FlowActionPipedriveAddDealParamsPersonId' organization_id: $ref: '#/components/schemas/FlowActionPipedriveAddDealParamsOrganizationId' stage_id: $ref: '#/components/schemas/FlowActionPipedriveAddDealParamsStageId' fields: $ref: '#/components/schemas/FlowActionPipedriveAddDealParamsFields' FlowActionPipedriveAddDealParamsFields: type: object additionalProperties: true properties: {} FlowActionPipedriveAddDealParamsOrganizationId: oneOf: - type: string - type: number FlowActionPipedriveAddDealParamsPersonId: oneOf: - type: string - type: number FlowActionPipedriveAddDealParamsStageId: oneOf: - type: string - type: number FlowActionPipedriveAddDealParamsUserId: oneOf: - type: string - type: number FlowActionPipedriveAddOrganization: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - PIPEDRIVE action: type: string enum: - ADD_ORGANIZATION allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionPipedriveAddOrganizationParams' FlowActionPipedriveAddOrganizationParams: type: object additionalProperties: false required: - connection_id - name properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id name: type: string owner_id: $ref: '#/components/schemas/FlowActionPipedriveAddOrganizationParamsOwnerId' fields: $ref: '#/components/schemas/FlowActionPipedriveAddOrganizationParamsFields' FlowActionPipedriveAddOrganizationParamsFields: type: object additionalProperties: true properties: {} FlowActionPipedriveAddOrganizationParamsOwnerId: oneOf: - type: string - type: number FlowActionPipedriveAddPerson: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - PIPEDRIVE action: type: string enum: - ADD_PERSON allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionPipedriveAddPersonParams' FlowActionPipedriveAddPersonParams: type: object additionalProperties: false required: - connection_id - name properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id name: type: string email: type: string phone: type: string owner_id: $ref: '#/components/schemas/FlowActionPipedriveAddPersonParamsOwnerId' organization_id: $ref: '#/components/schemas/FlowActionPipedriveAddPersonParamsOrganizationId' fields: $ref: '#/components/schemas/FlowActionPipedriveAddPersonParamsFields' FlowActionPipedriveAddPersonParamsFields: type: object additionalProperties: true properties: {} FlowActionPipedriveAddPersonParamsOrganizationId: oneOf: - type: string - type: number FlowActionPipedriveAddPersonParamsOwnerId: oneOf: - type: string - type: number FlowActionSalesforce: type: object oneOf: - $ref: '#/components/schemas/FlowActionSalesforceCreateLead' - $ref: '#/components/schemas/FlowActionSalesforceGetLead' - $ref: '#/components/schemas/FlowActionSalesforceSearchLeads' - $ref: '#/components/schemas/FlowActionSalesforceUpdateLead' FlowActionSalesforceCreateLead: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - SALESFORCE action: type: string enum: - CREATE_LEAD allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionSalesforceCreateLeadParams' FlowActionSalesforceCreateLeadParams: type: object additionalProperties: false required: - connection_id - last_name - company properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id first_name: type: string last_name: type: string minLength: 1 company: type: string minLength: 1 email: type: string phone: type: string payload: $ref: '#/components/schemas/FlowActionSalesforceCreateLeadParamsPayload' FlowActionSalesforceCreateLeadParamsPayload: type: object additionalProperties: true properties: {} FlowActionSalesforceGetLead: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - SALESFORCE action: type: string enum: - GET_LEAD allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionSalesforceGetLeadParams' FlowActionSalesforceGetLeadParams: type: object additionalProperties: false required: - connection_id - lead_id properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id lead_id: type: string FlowActionSalesforceSearchLeads: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - SALESFORCE action: type: string enum: - SEARCH_LEADS allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionSalesforceSearchLeadsParams' FlowActionSalesforceSearchLeadsParams: type: object additionalProperties: false required: - connection_id - search_field - search_value - lead_fields properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id search_field: type: string enum: - email - name - phone - all search_value: type: string maxLength: 2000 lead_fields: type: array minItems: 1 items: type: string maxLength: 2000 FlowActionSalesforceUpdateLead: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - SALESFORCE action: type: string enum: - UPDATE_LEAD allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionSalesforceUpdateLeadParams' FlowActionSalesforceUpdateLeadParams: type: object additionalProperties: false required: - connection_id - lead_id properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id lead_id: type: string minLength: 1 payload: $ref: '#/components/schemas/FlowActionSalesforceUpdateLeadParamsPayload' FlowActionSalesforceUpdateLeadParamsPayload: type: object additionalProperties: true properties: {} FlowActionSendgrid: type: object oneOf: - $ref: '#/components/schemas/FlowActionSendgridSendEmail' FlowActionSendgridSendEmail: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - SENDGRID action: type: string enum: - SEND_EMAIL allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionSendgridSendEmailParams' FlowActionSendgridSendEmailParams: type: object additionalProperties: true required: - connection_id - personalizations - from properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id from: $ref: '#/components/schemas/FlowActionSendgridSendEmailParamsPerson' personalizations: type: array minItems: 1 items: {} FlowActionSendgridSendEmailParamsPerson: type: object additionalProperties: false required: - email properties: name: type: string email: type: string FlowActionSlack: type: object oneOf: - $ref: '#/components/schemas/FlowActionSlackPostMessage' FlowActionSlackPostMessage: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - SLACK action: type: string enum: - POST_MESSAGE allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionSlackPostMessageParams' FlowActionSlackPostMessageParams: type: object additionalProperties: false required: - connection_id properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id text: type: string attachments: type: array items: $ref: '#/components/schemas/FlowActionSlackPostMessageParamsAttachment' FlowActionSlackPostMessageParamsAttachment: type: object additionalProperties: false properties: color: type: string enum: - GOOD - WARNING - DANGER pretext: type: string text: type: string fields: type: array items: $ref: '#/components/schemas/FlowActionSlackPostMessageParamsAttachmentField' FlowActionSlackPostMessageParamsAttachmentField: type: object additionalProperties: false required: - title properties: title: type: string value: type: string minLength: 0 short: type: boolean FlowActionStripe: type: object oneOf: - $ref: '#/components/schemas/FlowActionStripeAddTaxId' - $ref: '#/components/schemas/FlowActionStripeCreateCustomer' - $ref: '#/components/schemas/FlowActionStripeCreatePortalSession' - $ref: '#/components/schemas/FlowActionStripeDeleteTaxId' - $ref: '#/components/schemas/FlowActionStripeFindCustomers' - $ref: '#/components/schemas/FlowActionStripeGetCustomer' - $ref: '#/components/schemas/FlowActionStripeUpdateCustomer' FlowActionStripeAddTaxId: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - STRIPE action: type: string enum: - ADD_TAX_ID allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionStripeAddTaxIdParams' FlowActionStripeAddTaxIdParams: type: object additionalProperties: false required: - connection_id - customer_id - type - value properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id customer_id: type: string maxLength: 250 type: type: string maxLength: 250 value: type: string maxLength: 250 FlowActionStripeAddress: type: object additionalProperties: false properties: line1: type: string maxLength: 250 line2: type: string maxLength: 250 postalCode: type: string maxLength: 250 city: type: string maxLength: 250 state: type: string maxLength: 250 country: type: string maxLength: 250 FlowActionStripeCreateCustomer: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - STRIPE action: type: string enum: - CREATE_CUSTOMER allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionStripeCreateCustomerParams' FlowActionStripeCreateCustomerParams: type: object additionalProperties: false required: - connection_id properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id tax_id: $ref: '#/components/schemas/FlowActionStripeTaxId' name: type: string maxLength: 250 description: type: string maxLength: 250 email: type: string maxLength: 512 phone: type: string maxLength: 250 tax_exempt: type: string address: $ref: '#/components/schemas/FlowActionStripeAddress' metadata: $ref: '#/components/schemas/FlowActionStripeMetadata' FlowActionStripeCreatePortalSession: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - STRIPE action: type: string enum: - CREATE_PORTAL_SESSION allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionStripeCreatePortalSessionParams' FlowActionStripeCreatePortalSessionParams: type: object additionalProperties: false required: - connection_id - customer_id properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id customer_id: type: string maxLength: 250 return_url: type: string FlowActionStripeDeleteTaxId: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - STRIPE action: type: string enum: - DELETE_TAX_ID allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionStripeDeleteTaxIdParams' FlowActionStripeDeleteTaxIdParams: type: object additionalProperties: false required: - connection_id - customer_id - id properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id customer_id: type: string maxLength: 250 id: type: string maxLength: 250 FlowActionStripeFindCustomers: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - STRIPE action: type: string enum: - FIND_CUSTOMERS allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionStripeFindCustomersParams' FlowActionStripeFindCustomersParams: type: object additionalProperties: false required: - connection_id - email properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id email: type: string FlowActionStripeGetCustomer: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - STRIPE action: type: string enum: - GET_CUSTOMER allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionStripeGetCustomerParams' FlowActionStripeGetCustomerParams: type: object additionalProperties: false required: - connection_id - id properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id id: type: string maxLength: 250 FlowActionStripeMetadata: type: object additionalProperties: type: string maxLength: 500 maxProperties: 50 FlowActionStripeTaxId: type: object additionalProperties: false required: - type - value properties: type: type: string maxLength: 250 value: type: string maxLength: 250 FlowActionStripeUpdateCustomer: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - STRIPE action: type: string enum: - UPDATE_CUSTOMER allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionStripeUpdateCustomerParams' FlowActionStripeUpdateCustomerParams: type: object additionalProperties: false required: - connection_id - id properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id id: type: string maxLength: 250 name: type: string maxLength: 250 description: type: string maxLength: 250 email: type: string maxLength: 512 phone: type: string maxLength: 250 tax_exempt: type: string address: $ref: '#/components/schemas/FlowActionStripeAddress' metadata: $ref: '#/components/schemas/FlowActionStripeMetadata' FlowActionTelegram: type: object oneOf: - $ref: '#/components/schemas/FlowActionTelegramSendMessage' FlowActionTelegramSendMessage: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - TELEGRAM action: type: string enum: - SEND_MESSAGE allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionTelegramSendMessageParams' FlowActionTelegramSendMessageParams: type: object additionalProperties: false required: - connection_id - chat_id - text properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id chat_id: type: string text: type: string FlowActionTwilio: type: object oneOf: - $ref: '#/components/schemas/FlowActionTwilioMakeCall' - $ref: '#/components/schemas/FlowActionTwilioSendSms' FlowActionTwilioMakeCall: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - TWILIO action: type: string enum: - MAKE_CALL allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionTwilioMakeCallParams' FlowActionTwilioMakeCallParams: type: object additionalProperties: false required: - connection_id - from - to - payload properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id from: type: string to: type: string payload: type: string maxLength: 4096 FlowActionTwilioSendSms: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - TWILIO action: type: string enum: - SEND_SMS allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionTwilioSendSmsParams' FlowActionTwilioSendSmsParams: type: object additionalProperties: false required: - connection_id - from - to - message properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id from: type: string maxLength: 50 to: type: string maxLength: 50 message: type: string maxLength: 1500 FlowActionWhatsapp: type: object oneOf: - $ref: '#/components/schemas/FlowActionWhatsappSendMessage' FlowActionWhatsappSendMessage: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - WHATSAPP action: type: string enum: - SEND_MESSAGE allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionWhatsappSendMessageParams' FlowActionWhatsappSendMessageParams: type: object additionalProperties: false required: - connection_id - sender_id - recipient_number - type - payload properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id sender_id: type: string recipient_number: type: string type: type: string enum: - AUDIO - CONTACTS - DOCUMENT - IMAGE - INTERACTIVE - LOCATION - STICKER - TEMPLATE - TEXT payload: $ref: '#/components/schemas/FlowActionWhatsappSendMessageParamsPayload' FlowActionWhatsappSendMessageParamsPayload: oneOf: - $ref: '#/components/schemas/FlowActionWhatsappSendMessageParamsPayloadObject' - type: string FlowActionWhatsappSendMessageParamsPayloadObject: type: object additionalProperties: true properties: {} FlowActionXml: type: object oneOf: - $ref: '#/components/schemas/FlowActionXmlParseXml' - $ref: '#/components/schemas/FlowActionXmlSerializeXml' FlowActionXmlParseXml: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - XML action: type: string enum: - PARSE_XML allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionXmlParseXmlParams' FlowActionXmlParseXmlParams: type: object additionalProperties: false required: - xml properties: xml: type: string FlowActionXmlSerializeXml: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - XML action: type: string enum: - SERIALIZE_XML allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionXmlSerializeXmlParams' FlowActionXmlSerializeXmlParams: type: object additionalProperties: false required: - object properties: object: $ref: '#/components/schemas/FlowActionXmlSerializeXmlParamsObject' FlowActionXmlSerializeXmlParamsObject: oneOf: - type: string - $ref: '#/components/schemas/FlowActionXmlSerializeXmlParamsObjectObject' FlowActionXmlSerializeXmlParamsObjectObject: type: object additionalProperties: true properties: {} FlowActionZapier: type: object oneOf: - $ref: '#/components/schemas/FlowActionZapierTriggerWebhook' FlowActionZapierTriggerWebhook: type: object additionalProperties: false required: - id - type - action - params properties: id: type: string format: forms-custom-identifier alias: type: string maxLength: 100 type: type: string enum: - ZAPIER action: type: string enum: - TRIGGER_WEBHOOK allow_failure: type: boolean mask_output: type: boolean params: $ref: '#/components/schemas/FlowActionZapierTriggerWebhookParams' FlowActionZapierTriggerWebhookParams: type: object additionalProperties: true required: - connection_id properties: connection_id: type: string maxLength: 30 format: flows-vault-connections-id method: type: string enum: - GET - POST - PUT FlowExecutionDebug: type: object description: Flow execution debug. additionalProperties: true FlowExecutionSummary: type: object additionalProperties: false required: - id - trace_id - status - created_at - updated_at properties: id: type: string description: Flow execution identifier maxLength: 30 format: flow-execution-id trace_id: type: string description: Trace id minLength: 1 maxLength: 50 journey_id: type: string description: Journey id minLength: 1 maxLength: 50 status: type: string description: Execution status minLength: 1 maxLength: 50 created_at: type: string description: The ISO 8601 formatted date when this flow execution was created. format: date-time updated_at: type: string description: The ISO 8601 formatted date when this flow execution was updated. format: date-time started_at: type: string description: The ISO 8601 formatted date when this flow execution started. format: date-time ended_at: type: string description: The ISO 8601 formatted date when this flow execution ended. format: date-time FlowSummary: type: object additionalProperties: false required: - id - name - created_at - updated_at properties: id: type: string maxLength: 30 format: flow-id name: type: string minLength: 1 maxLength: 150 created_at: type: string format: date-time updated_at: type: string format: date-time executed_at: type: string format: date FlowsVaultConnectioSetupApiKey: type: object additionalProperties: false required: - type - api_key properties: type: $ref: '#/components/schemas/FlowsVaultConnectioSetupTypeApiKeyEnum' api_key: type: string FlowsVaultConnectioSetupApiKeyWithBaseUrl: type: object additionalProperties: false required: - type - api_key - base_url properties: type: $ref: '#/components/schemas/FlowsVaultConnectioSetupTypeApiKeyEnum' api_key: type: string base_url: type: string format: forms-url-https FlowsVaultConnectioSetupBigqueryOauthJwt: type: object additionalProperties: false properties: type: $ref: '#/components/schemas/FlowsVaultConnectioSetupTypeOauthJwtEnum' project_id: type: string private_key: type: string client_email: type: string format: email FlowsVaultConnectioSetupHttpBearer: type: object additionalProperties: false required: - type - token properties: type: $ref: '#/components/schemas/FlowsVaultConnectioSetupTypeBearerEnum' token: type: string FlowsVaultConnectioSetupJwt: type: object additionalProperties: true required: - type - algorithm properties: type: $ref: '#/components/schemas/FlowsVaultConnectioSetupTypeJwtEnum' algorithm: $ref: '#/components/schemas/FlowsVaultConnectioSetupJwtAlgorithmEnum' FlowsVaultConnectioSetupJwtAlgorithmEnum: type: string enum: - HS256 - HS384 - HS512 - RS256 - RS384 - RS512 - ES256 - ES384 - ES512 - PS256 - PS384 - PS512 FlowsVaultConnectioSetupMailjetApiKey: type: object additionalProperties: false required: - type - api_key - secret_key properties: type: $ref: '#/components/schemas/FlowsVaultConnectioSetupTypeApiKeyEnum' api_key: type: string secret_key: type: string FlowsVaultConnectioSetupOauthApp: type: object additionalProperties: false required: - type - client_id - client_secret - domain properties: type: $ref: '#/components/schemas/FlowsVaultConnectioSetupTypeOauthAppEnum' client_id: type: string client_secret: type: string domain: type: string format: hostname-rfc2181 audience: type: string minLength: 1 format: forms-url-https FlowsVaultConnectioSetupOauthCode: type: object additionalProperties: true properties: type: $ref: '#/components/schemas/FlowsVaultConnectioSetupTypeOauthCodeEnum' code: type: string FlowsVaultConnectioSetupSecretApiKey: type: object additionalProperties: false required: - type - secret_key properties: type: $ref: '#/components/schemas/FlowsVaultConnectioSetupTypeApiKeyEnum' secret_key: type: string FlowsVaultConnectioSetupStripeKeyPair: type: object additionalProperties: false required: - type - private_key - public_key properties: type: $ref: '#/components/schemas/FlowsVaultConnectioSetupTypeKeyPairEnum' private_key: type: string public_key: type: string FlowsVaultConnectioSetupToken: type: object additionalProperties: false required: - type - token properties: type: $ref: '#/components/schemas/FlowsVaultConnectioSetupTypeTokenEnum' token: type: string FlowsVaultConnectioSetupTwilioApiKey: type: object additionalProperties: false required: - type - account_id - api_key properties: type: $ref: '#/components/schemas/FlowsVaultConnectioSetupTypeApiKeyEnum' account_id: type: string api_key: type: string FlowsVaultConnectioSetupTypeApiKeyEnum: type: string enum: - API_KEY FlowsVaultConnectioSetupTypeBearerEnum: type: string enum: - BEARER FlowsVaultConnectioSetupTypeJwtEnum: type: string enum: - JWT FlowsVaultConnectioSetupTypeKeyPairEnum: type: string enum: - KEY_PAIR FlowsVaultConnectioSetupTypeOauthAppEnum: type: string enum: - OAUTH_APP FlowsVaultConnectioSetupTypeOauthCodeEnum: type: string enum: - OAUTH_CODE FlowsVaultConnectioSetupTypeOauthJwtEnum: type: string enum: - OAUTH_JWT FlowsVaultConnectioSetupTypeTokenEnum: type: string enum: - TOKEN FlowsVaultConnectioSetupTypeWebhookEnum: type: string enum: - WEBHOOK FlowsVaultConnectioSetupWebhook: type: object additionalProperties: false required: - type - url properties: type: $ref: '#/components/schemas/FlowsVaultConnectioSetupTypeWebhookEnum' url: type: string format: forms-url-https FlowsVaultConnectionAppIdActivecampaignEnum: type: string description: Flows Vault Connection app identifier. minLength: 1 maxLength: 55 enum: - ACTIVECAMPAIGN FlowsVaultConnectionAppIdAirtableEnum: type: string description: Flows Vault Connection app identifier. minLength: 1 maxLength: 55 enum: - AIRTABLE FlowsVaultConnectionAppIdAuth0Enum: type: string description: Flows Vault Connection app identifier. minLength: 1 maxLength: 55 enum: - AUTH0 FlowsVaultConnectionAppIdBigqueryEnum: type: string description: Flows Vault Connection app identifier. minLength: 1 maxLength: 55 enum: - BIGQUERY FlowsVaultConnectionAppIdClearbitEnum: type: string description: Flows Vault Connection app identifier. minLength: 1 maxLength: 55 enum: - CLEARBIT FlowsVaultConnectionAppIdDocusignEnum: type: string description: Flows Vault Connection app identifier. minLength: 1 maxLength: 55 enum: - DOCUSIGN FlowsVaultConnectionAppIdGoogleSheetsEnum: type: string description: Flows Vault Connection app identifier. minLength: 1 maxLength: 55 enum: - GOOGLE_SHEETS FlowsVaultConnectionAppIdHttpEnum: type: string description: Flows Vault Connection app identifier. minLength: 1 maxLength: 55 enum: - HTTP FlowsVaultConnectionAppIdHubspotEnum: type: string description: Flows Vault Connection app identifier. minLength: 1 maxLength: 55 enum: - HUBSPOT FlowsVaultConnectionAppIdJwtEnum: type: string description: Flows Vault Connection app identifier. minLength: 1 maxLength: 55 enum: - JWT FlowsVaultConnectionAppIdMailchimpEnum: type: string description: Flows Vault Connection app identifier. minLength: 1 maxLength: 55 enum: - MAILCHIMP FlowsVaultConnectionAppIdMailjetEnum: type: string description: Flows Vault Connection app identifier. minLength: 1 maxLength: 55 enum: - MAILJET FlowsVaultConnectionAppIdPipedriveEnum: type: string description: Flows Vault Connection app identifier. minLength: 1 maxLength: 55 enum: - PIPEDRIVE FlowsVaultConnectionAppIdSalesforceEnum: type: string description: Flows Vault Connection app identifier. minLength: 1 maxLength: 55 enum: - SALESFORCE FlowsVaultConnectionAppIdSendgridEnum: type: string description: Flows Vault Connection app identifier. minLength: 1 maxLength: 55 enum: - SENDGRID FlowsVaultConnectionAppIdSlackEnum: type: string description: Flows Vault Connection app identifier. minLength: 1 maxLength: 55 enum: - SLACK FlowsVaultConnectionAppIdStripeEnum: type: string description: Flows Vault Connection app identifier. minLength: 1 maxLength: 55 enum: - STRIPE FlowsVaultConnectionAppIdTelegramEnum: type: string description: Flows Vault Connection app identifier. minLength: 1 maxLength: 55 enum: - TELEGRAM FlowsVaultConnectionAppIdTwilioEnum: type: string description: Flows Vault Connection app identifier. minLength: 1 maxLength: 55 enum: - TWILIO FlowsVaultConnectionAppIdWhatsappEnum: type: string description: Flows Vault Connection app identifier. minLength: 1 maxLength: 55 enum: - WHATSAPP FlowsVaultConnectionAppIdZapierEnum: type: string description: Flows Vault Connection app identifier. minLength: 1 maxLength: 55 enum: - ZAPIER FlowsVaultConnectionHttpApiKeySetup: type: object additionalProperties: false required: - type - name - value - in properties: type: $ref: '#/components/schemas/FlowsVaultConnectionSetupTypeApiKeyEnum' name: type: string minLength: 1 maxLength: 55 value: type: string minLength: 1 maxLength: 255 in: $ref: '#/components/schemas/FlowsVaultConnectionHttpApiKeySetupInEnum' FlowsVaultConnectionHttpApiKeySetupInEnum: type: string enum: - HEADER - QUERY FlowsVaultConnectionHttpBasicAuthSetup: type: object additionalProperties: false required: - type - username properties: type: $ref: '#/components/schemas/FlowsVaultConnectionSetupTypeBasicAuthEnum' username: type: string minLength: 1 maxLength: 155 password: type: string minLength: 1 maxLength: 155 FlowsVaultConnectionHttpOauthClientCredentialsSetup: type: object additionalProperties: false required: - type - client_id - client_secret - token_endpoint properties: type: $ref: '#/components/schemas/FlowsVaultConnectionSetupTypeOauthClientCredentialsEnum' client_id: type: string minLength: 1 maxLength: 255 client_secret: type: string minLength: 1 maxLength: 255 token_endpoint: type: string minLength: 1 maxLength: 500 format: forms-url-https audience: type: string minLength: 1 maxLength: 255 resource: type: string minLength: 1 maxLength: 255 scope: type: string minLength: 1 maxLength: 1024 FlowsVaultConnectionSetupTypeApiKeyEnum: type: string enum: - API_KEY FlowsVaultConnectionSetupTypeBasicAuthEnum: type: string enum: - BASIC_AUTH FlowsVaultConnectionSetupTypeOauthClientCredentialsEnum: type: string enum: - OAUTH_CLIENT_CREDENTIALS FlowsVaultConnectionSummary: type: object additionalProperties: false required: - id - app_id - name - ready - created_at - updated_at - fingerprint properties: id: type: string description: Flows Vault Connection identifier. maxLength: 30 format: flows-vault-connections-id app_id: type: string description: Flows Vault Connection app identifier. minLength: 1 maxLength: 55 name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 account_name: type: string description: Flows Vault Connection custom account name. minLength: 1 maxLength: 150 ready: type: boolean description: Whether the Flows Vault Connection is configured. created_at: type: string description: The ISO 8601 formatted date when this Flows Vault Connection was created. format: date-time updated_at: type: string description: The ISO 8601 formatted date when this Flows Vault Connection was updated. format: date-time refreshed_at: type: string description: The ISO 8601 formatted date when this Flows Vault Connection was refreshed. format: date-time fingerprint: type: string minLength: 1 FormBlock: type: object oneOf: - $ref: '#/components/schemas/FormBlockDivider' - $ref: '#/components/schemas/FormBlockHtml' - $ref: '#/components/schemas/FormBlockImage' - $ref: '#/components/schemas/FormBlockJumpButton' - $ref: '#/components/schemas/FormBlockResendButton' - $ref: '#/components/schemas/FormBlockNextButton' - $ref: '#/components/schemas/FormBlockPreviousButton' - $ref: '#/components/schemas/FormBlockRichText' FormBlockDivider: type: object additionalProperties: false required: - id - category - type properties: id: type: string format: forms-custom-identifier category: $ref: '#/components/schemas/FormComponentCategoryBlockConst' type: $ref: '#/components/schemas/FormBlockTypeDividerConst' config: $ref: '#/components/schemas/FormBlockDividerConfig' FormBlockDividerConfig: type: object additionalProperties: false properties: text: type: string maxLength: 50 FormBlockHtml: type: object additionalProperties: false required: - id - category - type properties: id: type: string format: forms-custom-identifier category: $ref: '#/components/schemas/FormComponentCategoryBlockConst' type: $ref: '#/components/schemas/FormBlockTypeHtmlConst' config: $ref: '#/components/schemas/FormBlockHtmlConfig' FormBlockHtmlConfig: type: object additionalProperties: false properties: content: type: string maxLength: 10000 FormBlockImage: type: object additionalProperties: false required: - id - category - type properties: id: type: string format: forms-custom-identifier category: $ref: '#/components/schemas/FormComponentCategoryBlockConst' type: $ref: '#/components/schemas/FormBlockTypeImageConst' config: $ref: '#/components/schemas/FormBlockImageConfig' FormBlockImageConfig: type: object additionalProperties: false required: - src properties: src: type: string maxLength: 500 position: $ref: '#/components/schemas/FormBlockImageConfigPositionEnum' height: type: number minimum: 1 maximum: 500 FormBlockImageConfigPositionEnum: type: string enum: - LEFT - CENTER - RIGHT FormBlockJumpButton: type: object additionalProperties: false required: - id - category - type - config properties: id: type: string format: forms-custom-identifier category: $ref: '#/components/schemas/FormComponentCategoryBlockConst' type: $ref: '#/components/schemas/FormBlockTypeJumpButtonConst' config: $ref: '#/components/schemas/FormBlockJumpButtonConfig' FormBlockJumpButtonConfig: type: object additionalProperties: false required: - text - next_node properties: text: type: string maxLength: 150 next_node: $ref: '#/components/schemas/FormNodePointer' style: $ref: '#/components/schemas/FormBlockJumpButtonConfigStyle' FormBlockJumpButtonConfigStyle: type: object additionalProperties: false properties: background_color: type: string format: forms-hex-color FormBlockNextButton: type: object additionalProperties: false required: - id - category - type - config properties: id: type: string format: forms-custom-identifier category: $ref: '#/components/schemas/FormComponentCategoryBlockConst' type: $ref: '#/components/schemas/FormBlockTypeNextButtonConst' config: $ref: '#/components/schemas/FormBlockNextButtonConfig' FormBlockNextButtonConfig: type: object additionalProperties: false required: - text properties: text: type: string maxLength: 150 FormBlockPreviousButton: type: object additionalProperties: false required: - id - category - type - config properties: id: type: string format: forms-custom-identifier category: $ref: '#/components/schemas/FormComponentCategoryBlockConst' type: $ref: '#/components/schemas/FormBlockTypePreviousButtonConst' config: $ref: '#/components/schemas/FormBlockPreviousButtonConfig' FormBlockPreviousButtonConfig: type: object additionalProperties: false required: - text properties: text: type: string maxLength: 150 FormBlockResendButton: type: object additionalProperties: false required: - id - category - type - config properties: id: type: string format: forms-custom-identifier category: $ref: '#/components/schemas/FormComponentCategoryBlockConst' type: $ref: '#/components/schemas/FormBlockTypeResendButtonConst' config: $ref: '#/components/schemas/FormBlockResendButtonConfig' FormBlockResendButtonConfig: type: object additionalProperties: false required: - active_text - button_text - waiting_text - flow_id properties: active_text: type: string minLength: 1 maxLength: 255 button_text: type: string minLength: 1 maxLength: 255 waiting_text: type: string minLength: 1 maxLength: 255 text_alignment: $ref: '#/components/schemas/FormBlockResendButtonConfigTextAlignmentEnum' flow_id: type: string maxLength: 30 format: flow-id max_attempts: type: number minimum: 1 maximum: 10 waiting_time: type: number minimum: 1 maximum: 60 FormBlockResendButtonConfigTextAlignmentEnum: type: string enum: - LEFT - CENTER - RIGHT FormBlockRichText: type: object additionalProperties: false required: - id - category - type properties: id: type: string format: forms-custom-identifier category: $ref: '#/components/schemas/FormComponentCategoryBlockConst' type: $ref: '#/components/schemas/FormBlockTypeRichTextConst' config: $ref: '#/components/schemas/FormBlockRichTextConfig' FormBlockRichTextConfig: type: object additionalProperties: false properties: content: type: string maxLength: 10000 FormBlockTypeDividerConst: type: string enum: - DIVIDER FormBlockTypeHtmlConst: type: string enum: - HTML FormBlockTypeImageConst: type: string enum: - IMAGE FormBlockTypeJumpButtonConst: type: string enum: - JUMP_BUTTON FormBlockTypeNextButtonConst: type: string enum: - NEXT_BUTTON FormBlockTypePreviousButtonConst: type: string enum: - PREVIOUS_BUTTON FormBlockTypeResendButtonConst: type: string enum: - RESEND_BUTTON FormBlockTypeRichTextConst: type: string enum: - RICH_TEXT FormComponent: type: object oneOf: - $ref: '#/components/schemas/FormBlock' - $ref: '#/components/schemas/FormWidget' - $ref: '#/components/schemas/FormField' FormComponentCategoryBlockConst: type: string enum: - BLOCK FormComponentCategoryFieldConst: type: string enum: - FIELD FormComponentCategoryWidgetConst: type: string enum: - WIDGET FormEndingNode: type: object additionalProperties: false properties: redirection: $ref: '#/components/schemas/FormEndingNodeRedirection' after_submit: $ref: '#/components/schemas/FormEndingNodeAfterSubmit' coordinates: $ref: '#/components/schemas/FormNodeCoordinates' resume_flow: $ref: '#/components/schemas/FormEndingNodeResumeFlowTrueConst' FormEndingNodeAfterSubmit: type: object additionalProperties: false properties: flow_id: type: string maxLength: 30 format: flow-id FormEndingNodeId: type: string enum: - $ending FormEndingNodeNullable: oneOf: - $ref: '#/components/schemas/FormEndingNode' - type: 'null' FormEndingNodeRedirection: type: object additionalProperties: false required: - target properties: delay: type: integer minimum: 0 maximum: 10 target: type: string minLength: 1 maxLength: 1024 FormEndingNodeResumeFlowTrueConst: type: boolean enum: - true FormField: type: object oneOf: - $ref: '#/components/schemas/FormFieldBoolean' - $ref: '#/components/schemas/FormFieldCards' - $ref: '#/components/schemas/FormFieldChoice' - $ref: '#/components/schemas/FormFieldCustom' - $ref: '#/components/schemas/FormFieldDate' - $ref: '#/components/schemas/FormFieldDropdown' - $ref: '#/components/schemas/FormFieldEmail' - $ref: '#/components/schemas/FormFieldFile' - $ref: '#/components/schemas/FormFieldLegal' - $ref: '#/components/schemas/FormFieldNumber' - $ref: '#/components/schemas/FormFieldPassword' - $ref: '#/components/schemas/FormFieldPayment' - $ref: '#/components/schemas/FormFieldSocial' - $ref: '#/components/schemas/FormFieldTel' - $ref: '#/components/schemas/FormFieldText' - $ref: '#/components/schemas/FormFieldUrl' FormFieldBoolean: type: object additionalProperties: false required: - id - category - type - config properties: id: type: string format: forms-custom-identifier category: $ref: '#/components/schemas/FormComponentCategoryFieldConst' type: $ref: '#/components/schemas/FormFieldTypeBooleanConst' config: $ref: '#/components/schemas/FormFieldBooleanConfig' label: type: string minLength: 1 hint: type: string minLength: 1 maxLength: 500 required: type: boolean sensitive: type: boolean FormFieldBooleanConfig: type: object additionalProperties: false properties: default_value: type: boolean options: $ref: '#/components/schemas/FormFieldBooleanConfigOptions' FormFieldBooleanConfigOptions: type: object additionalProperties: false properties: 'true': type: string minLength: 1 maxLength: 50 'false': type: string minLength: 1 maxLength: 50 FormFieldCards: type: object additionalProperties: false required: - id - category - type properties: id: type: string format: forms-custom-identifier category: $ref: '#/components/schemas/FormComponentCategoryFieldConst' type: $ref: '#/components/schemas/FormFieldTypeCardsConst' config: $ref: '#/components/schemas/FormFieldCardsConfig' label: type: string minLength: 1 hint: type: string minLength: 1 maxLength: 500 required: type: boolean sensitive: type: boolean FormFieldCardsConfig: type: object additionalProperties: false properties: hide_labels: type: boolean multiple: type: boolean options: type: array minItems: 0 items: $ref: '#/components/schemas/FormFieldCardsConfigOption' default_value: {} FormFieldCardsConfigOption: type: object additionalProperties: false required: - value - label - image_url properties: value: type: string minLength: 1 label: type: string minLength: 1 image_url: type: string format: forms-url-https FormFieldChoice: type: object additionalProperties: false required: - id - category - type properties: id: type: string format: forms-custom-identifier category: $ref: '#/components/schemas/FormComponentCategoryFieldConst' type: $ref: '#/components/schemas/FormFieldTypeChoiceConst' config: $ref: '#/components/schemas/FormFieldChoiceConfig' label: type: string minLength: 1 hint: type: string minLength: 1 maxLength: 500 required: type: boolean sensitive: type: boolean FormFieldChoiceConfig: type: object additionalProperties: false properties: multiple: type: boolean options: type: array minItems: 0 items: $ref: '#/components/schemas/FormFieldChoiceConfigOption' allow_other: $ref: '#/components/schemas/FormFieldChoiceConfigAllowOther' default_value: {} FormFieldChoiceConfigAllowOther: type: object additionalProperties: false properties: enabled: $ref: '#/components/schemas/FormFieldChoiceConfigAllowOtherEnabledTrueEnum' label: type: string minLength: 1 placeholder: type: string minLength: 1 FormFieldChoiceConfigAllowOtherEnabledTrueEnum: type: boolean enum: - true FormFieldChoiceConfigOption: type: object additionalProperties: false required: - value - label properties: value: type: string minLength: 1 label: type: string minLength: 1 FormFieldCustom: type: object additionalProperties: false required: - id - category - type - config properties: id: type: string format: forms-custom-identifier category: $ref: '#/components/schemas/FormComponentCategoryFieldConst' type: $ref: '#/components/schemas/FormFieldTypeCustomConst' config: $ref: '#/components/schemas/FormFieldCustomConfig' label: type: string minLength: 1 hint: type: string minLength: 1 maxLength: 500 required: type: boolean sensitive: type: boolean FormFieldCustomConfig: type: object additionalProperties: false required: - schema - code properties: schema: $ref: '#/components/schemas/FormFieldCustomConfigSchema' code: type: string minLength: 1 css: type: string minLength: 1 params: $ref: '#/components/schemas/FormFieldCustomConfigParams' FormFieldCustomConfigParams: type: object additionalProperties: type: string FormFieldCustomConfigSchema: type: object additionalProperties: true FormFieldDate: type: object additionalProperties: false required: - id - category - type - config properties: id: type: string format: forms-custom-identifier category: $ref: '#/components/schemas/FormComponentCategoryFieldConst' type: $ref: '#/components/schemas/FormFieldTypeDateConst' config: $ref: '#/components/schemas/FormFieldDateConfig' label: type: string minLength: 1 hint: type: string minLength: 1 maxLength: 500 required: type: boolean sensitive: type: boolean FormFieldDateConfig: type: object additionalProperties: false properties: format: $ref: '#/components/schemas/FormFieldDateConfigFormatEnum' default_value: type: string FormFieldDateConfigFormatEnum: type: string enum: - DATE - TIME FormFieldDropdown: type: object additionalProperties: false required: - id - category - type properties: id: type: string format: forms-custom-identifier category: $ref: '#/components/schemas/FormComponentCategoryFieldConst' type: $ref: '#/components/schemas/FormFieldTypeDropdownConst' config: $ref: '#/components/schemas/FormFieldDropdownConfig' label: type: string minLength: 1 hint: type: string minLength: 1 maxLength: 500 required: type: boolean sensitive: type: boolean FormFieldDropdownConfig: type: object additionalProperties: false properties: multiple: type: boolean options: type: array minItems: 0 items: $ref: '#/components/schemas/FormFieldDropdownConfigOption' default_value: {} placeholder: type: string minLength: 1 maxLength: 500 FormFieldDropdownConfigOption: type: object additionalProperties: false required: - value - label properties: value: type: string minLength: 1 label: type: string minLength: 1 FormFieldEmail: type: object additionalProperties: false required: - id - category - type properties: id: type: string format: forms-custom-identifier category: $ref: '#/components/schemas/FormComponentCategoryFieldConst' type: $ref: '#/components/schemas/FormFieldTypeEmailConst' config: $ref: '#/components/schemas/FormFieldEmailConfig' label: type: string minLength: 1 hint: type: string minLength: 1 maxLength: 500 required: type: boolean sensitive: type: boolean FormFieldEmailConfig: type: object additionalProperties: false properties: default_value: type: string minLength: 1 placeholder: type: string minLength: 1 maxLength: 500 FormFieldFile: type: object additionalProperties: false required: - id - category - type properties: id: type: string format: forms-custom-identifier category: $ref: '#/components/schemas/FormComponentCategoryFieldConst' type: $ref: '#/components/schemas/FormFieldTypeFileConst' config: $ref: '#/components/schemas/FormFieldFileConfig' label: type: string minLength: 1 hint: type: string minLength: 1 maxLength: 500 required: type: boolean sensitive: type: boolean FormFieldFileConfig: type: object additionalProperties: false properties: multiple: type: boolean storage: $ref: '#/components/schemas/FormFieldFileConfigStorage' categories: type: array items: $ref: '#/components/schemas/FormFieldFileConfigCategoryEnum' extensions: type: array items: type: string maxLength: 50 format: forms-file-extension maxSize: type: integer minimum: 1024 maxFiles: type: integer minimum: 1 FormFieldFileConfigCategoryEnum: type: string enum: - AUDIO - VIDEO - IMAGE - DOCUMENT - ARCHIVE FormFieldFileConfigStorage: type: object additionalProperties: true required: - type properties: type: $ref: '#/components/schemas/FormFieldFileConfigStorageTypeEnum' FormFieldFileConfigStorageTypeEnum: type: string enum: - MANAGED - CUSTOM FormFieldLegal: type: object additionalProperties: false required: - id - category - type properties: id: type: string format: forms-custom-identifier category: $ref: '#/components/schemas/FormComponentCategoryFieldConst' type: $ref: '#/components/schemas/FormFieldTypeLegalConst' config: $ref: '#/components/schemas/FormFieldLegalConfig' label: type: string minLength: 1 hint: type: string minLength: 1 maxLength: 500 required: type: boolean sensitive: type: boolean FormFieldLegalConfig: type: object additionalProperties: false properties: text: type: string minLength: 1 maxLength: 10000 FormFieldNumber: type: object additionalProperties: false required: - id - category - type properties: id: type: string format: forms-custom-identifier category: $ref: '#/components/schemas/FormComponentCategoryFieldConst' type: $ref: '#/components/schemas/FormFieldTypeNumberConst' config: $ref: '#/components/schemas/FormFieldNumberConfig' label: type: string minLength: 1 hint: type: string minLength: 1 maxLength: 500 required: type: boolean sensitive: type: boolean FormFieldNumberConfig: type: object additionalProperties: false properties: default_value: type: number placeholder: type: string minLength: 1 maxLength: 500 min_value: type: number max_value: type: number FormFieldPassword: type: object additionalProperties: false required: - id - category - type - config properties: id: type: string format: forms-custom-identifier category: $ref: '#/components/schemas/FormComponentCategoryFieldConst' type: $ref: '#/components/schemas/FormFieldTypePasswordConst' config: $ref: '#/components/schemas/FormFieldPasswordConfig' label: type: string minLength: 1 hint: type: string minLength: 1 maxLength: 500 required: type: boolean sensitive: type: boolean FormFieldPasswordConfig: type: object additionalProperties: false properties: hash: $ref: '#/components/schemas/FormFieldPasswordConfigHashEnum' placeholder: type: string maxLength: 500 min_length: type: integer minimum: 1 max_length: type: integer minimum: 1 complexity: type: boolean nist: type: boolean strength_meter: type: boolean FormFieldPasswordConfigHashEnum: type: string enum: - NONE - MD5 - SHA1 - SHA256 - SHA512 FormFieldPayment: type: object additionalProperties: false required: - id - category - type - config properties: id: type: string format: forms-custom-identifier category: $ref: '#/components/schemas/FormComponentCategoryFieldConst' type: $ref: '#/components/schemas/FormFieldTypePaymentConst' config: $ref: '#/components/schemas/FormFieldPaymentConfig' label: type: string minLength: 1 hint: type: string minLength: 1 maxLength: 500 required: type: boolean sensitive: type: boolean FormFieldPaymentConfig: type: object additionalProperties: false required: - charge - credentials properties: provider: $ref: '#/components/schemas/FormFieldPaymentConfigProviderEnum' charge: $ref: '#/components/schemas/FormFieldPaymentConfigCharge' credentials: $ref: '#/components/schemas/FormFieldPaymentConfigCredentials' customer: $ref: '#/components/schemas/FormFieldPaymentConfigCustomer' fields: $ref: '#/components/schemas/FormFieldPaymentConfigFields' FormFieldPaymentConfigCharge: type: object oneOf: - $ref: '#/components/schemas/FormFieldPaymentConfigChargeOneOff' - type: object additionalProperties: false required: - type - subscription properties: type: $ref: '#/components/schemas/FormFieldPaymentConfigChargeTypeSubscriptionConst' subscription: $ref: '#/components/schemas/FormFieldPaymentConfigSubscription' FormFieldPaymentConfigChargeOneOff: type: object additionalProperties: false required: - type - one_off properties: type: $ref: '#/components/schemas/FormFieldPaymentConfigChargeTypeOneOffConst' one_off: $ref: '#/components/schemas/FormFieldPaymentConfigChargeOneOffOneOff' FormFieldPaymentConfigChargeOneOffCurrencyEnum: type: string enum: - AUD - CAD - CHF - EUR - GBP - INR - MXN - SEK - USD FormFieldPaymentConfigChargeOneOffOneOff: type: object additionalProperties: true required: - amount - currency properties: amount: $ref: '#/components/schemas/FormFieldPaymentConfigChargeOneOffOneOffAmount' currency: $ref: '#/components/schemas/FormFieldPaymentConfigChargeOneOffCurrencyEnum' FormFieldPaymentConfigChargeOneOffOneOffAmount: oneOf: - type: string minLength: 1 - type: number minimum: 0.01 FormFieldPaymentConfigChargeTypeOneOffConst: type: string enum: - ONE_OFF FormFieldPaymentConfigChargeTypeSubscriptionConst: type: string enum: - SUBSCRIPTION FormFieldPaymentConfigCredentials: type: object additionalProperties: false required: - public_key - private_key properties: public_key: type: string minLength: 1 maxLength: 250 private_key: type: string minLength: 1 maxLength: 250 FormFieldPaymentConfigCustomer: type: object additionalProperties: true FormFieldPaymentConfigFieldProperties: type: object additionalProperties: false properties: label: type: string minLength: 1 maxLength: 250 placeholder: type: string minLength: 1 maxLength: 250 FormFieldPaymentConfigFields: type: object additionalProperties: false properties: card_number: $ref: '#/components/schemas/FormFieldPaymentConfigFieldProperties' expiration_date: $ref: '#/components/schemas/FormFieldPaymentConfigFieldProperties' security_code: $ref: '#/components/schemas/FormFieldPaymentConfigFieldProperties' trustmarks: type: boolean FormFieldPaymentConfigProviderEnum: type: string enum: - STRIPE FormFieldPaymentConfigSubscription: type: object additionalProperties: true FormFieldSocial: type: object additionalProperties: false required: - id - category - type properties: id: type: string format: forms-custom-identifier category: $ref: '#/components/schemas/FormComponentCategoryFieldConst' type: $ref: '#/components/schemas/FormFieldTypeSocialConst' config: $ref: '#/components/schemas/FormFieldSocialConfig' label: type: string minLength: 1 hint: type: string minLength: 1 maxLength: 500 required: type: boolean sensitive: type: boolean FormFieldSocialConfig: type: object additionalProperties: false properties: {} FormFieldTel: type: object additionalProperties: false required: - id - category - type properties: id: type: string format: forms-custom-identifier category: $ref: '#/components/schemas/FormComponentCategoryFieldConst' type: $ref: '#/components/schemas/FormFieldTypeTelConst' config: $ref: '#/components/schemas/FormFieldTelConfig' label: type: string minLength: 1 hint: type: string minLength: 1 maxLength: 500 required: type: boolean sensitive: type: boolean FormFieldTelConfig: type: object allOf: - type: object additionalProperties: true - type: object additionalProperties: true - type: object additionalProperties: true additionalProperties: false properties: default_value: type: string placeholder: type: string maxLength: 500 min_length: type: integer minimum: 1 max_length: type: integer minimum: 1 country_picker: type: boolean strings: $ref: '#/components/schemas/FormFieldTelConfigStrings' FormFieldTelConfigStrings: type: object additionalProperties: false properties: filter_placeholder: type: string minLength: 1 FormFieldText: type: object additionalProperties: false required: - id - category - type properties: id: type: string format: forms-custom-identifier category: $ref: '#/components/schemas/FormComponentCategoryFieldConst' type: $ref: '#/components/schemas/FormFieldTypeTextConst' config: $ref: '#/components/schemas/FormFieldTextConfig' label: type: string minLength: 1 hint: type: string minLength: 1 maxLength: 500 required: type: boolean sensitive: type: boolean FormFieldTextConfig: type: object allOf: - type: object additionalProperties: true - type: object additionalProperties: true - type: object additionalProperties: true additionalProperties: false properties: multiline: type: boolean default_value: type: string minLength: 1 placeholder: type: string minLength: 1 maxLength: 500 min_length: type: integer minimum: 1 max_length: type: integer minimum: 1 FormFieldTypeBooleanConst: type: string enum: - BOOLEAN FormFieldTypeCardsConst: type: string enum: - CARDS FormFieldTypeChoiceConst: type: string enum: - CHOICE FormFieldTypeCustomConst: type: string enum: - CUSTOM FormFieldTypeDateConst: type: string enum: - DATE FormFieldTypeDropdownConst: type: string enum: - DROPDOWN FormFieldTypeEmailConst: type: string enum: - EMAIL FormFieldTypeFileConst: type: string enum: - FILE FormFieldTypeLegalConst: type: string enum: - LEGAL FormFieldTypeNumberConst: type: string enum: - NUMBER FormFieldTypePasswordConst: type: string enum: - PASSWORD FormFieldTypePaymentConst: type: string enum: - PAYMENT FormFieldTypeSocialConst: type: string enum: - SOCIAL FormFieldTypeTelConst: type: string enum: - TEL FormFieldTypeTextConst: type: string enum: - TEXT FormFieldTypeUrlConst: type: string enum: - URL FormFieldUrl: type: object additionalProperties: false required: - id - category - type properties: id: type: string format: forms-custom-identifier category: $ref: '#/components/schemas/FormComponentCategoryFieldConst' type: $ref: '#/components/schemas/FormFieldTypeUrlConst' config: $ref: '#/components/schemas/FormFieldUrlConfig' label: type: string minLength: 1 hint: type: string minLength: 1 maxLength: 500 required: type: boolean sensitive: type: boolean FormFieldUrlConfig: type: object additionalProperties: false properties: default_value: type: string minLength: 1 placeholder: type: string minLength: 1 maxLength: 500 FormFlow: type: object additionalProperties: false required: - id - type - config properties: id: type: string format: forms-custom-identifier type: $ref: '#/components/schemas/FormNodeTypeFlowConst' coordinates: $ref: '#/components/schemas/FormNodeCoordinates' alias: type: string minLength: 1 maxLength: 150 config: $ref: '#/components/schemas/FormFlowConfig' FormFlowConfig: type: object additionalProperties: false required: - flow_id properties: flow_id: type: string maxLength: 30 format: flow-id next_node: $ref: '#/components/schemas/FormNodePointer' FormHiddenField: type: object additionalProperties: false required: - key properties: key: type: string format: forms-custom-identifier value: type: string minLength: 1 maxLength: 500 FormLanguages: type: object additionalProperties: false properties: primary: type: string minLength: 1 maxLength: 55 default: type: string minLength: 1 maxLength: 55 FormLanguagesNullable: oneOf: - $ref: '#/components/schemas/FormLanguages' - type: 'null' FormMessages: type: object additionalProperties: false properties: errors: $ref: '#/components/schemas/FormMessagesError' custom: $ref: '#/components/schemas/FormMessagesCustom' FormMessagesCustom: type: object additionalProperties: type: string minLength: 1 maxLength: 255 FormMessagesError: type: object additionalProperties: type: string minLength: 1 maxLength: 255 FormMessagesNullable: oneOf: - $ref: '#/components/schemas/FormMessages' - type: 'null' FormNode: type: object oneOf: - $ref: '#/components/schemas/FormFlow' - $ref: '#/components/schemas/FormRouter' - $ref: '#/components/schemas/FormStep' FormNodeCoordinates: type: object additionalProperties: false required: - x - y properties: x: type: integer minimum: -999999 maximum: 999999 y: type: integer minimum: -999999 maximum: 999999 FormNodeList: type: array minItems: 0 items: $ref: '#/components/schemas/FormNode' FormNodeListNullable: oneOf: - $ref: '#/components/schemas/FormNodeList' - type: 'null' FormNodePointer: oneOf: - type: string format: forms-custom-identifier - $ref: '#/components/schemas/FormEndingNodeId' FormNodeTypeFlowConst: type: string enum: - FLOW FormNodeTypeRouterConst: type: string enum: - ROUTER FormNodeTypeStepConst: type: string enum: - STEP FormRouter: type: object additionalProperties: false required: - id - type properties: id: type: string format: forms-custom-identifier type: $ref: '#/components/schemas/FormNodeTypeRouterConst' coordinates: $ref: '#/components/schemas/FormNodeCoordinates' alias: type: string minLength: 1 maxLength: 150 config: $ref: '#/components/schemas/FormRouterConfig' FormRouterConfig: type: object additionalProperties: false properties: rules: type: array minItems: 0 items: $ref: '#/components/schemas/FormRouterRule' fallback: $ref: '#/components/schemas/FormNodePointer' FormRouterRule: type: object additionalProperties: false required: - id - condition properties: id: type: string format: forms-custom-identifier alias: type: string minLength: 1 maxLength: 150 condition: {} next_node: $ref: '#/components/schemas/FormNodePointer' FormStartNode: type: object additionalProperties: false properties: hidden_fields: type: array items: $ref: '#/components/schemas/FormHiddenField' next_node: $ref: '#/components/schemas/FormNodePointer' coordinates: $ref: '#/components/schemas/FormNodeCoordinates' FormStartNodeNullable: oneOf: - $ref: '#/components/schemas/FormStartNode' - type: 'null' FormStep: type: object additionalProperties: false required: - id - type properties: id: type: string format: forms-custom-identifier type: $ref: '#/components/schemas/FormNodeTypeStepConst' coordinates: $ref: '#/components/schemas/FormNodeCoordinates' alias: type: string minLength: 1 maxLength: 150 config: $ref: '#/components/schemas/FormStepConfig' FormStepComponentList: type: array items: $ref: '#/components/schemas/FormComponent' FormStepConfig: type: object additionalProperties: false properties: components: $ref: '#/components/schemas/FormStepComponentList' next_node: $ref: '#/components/schemas/FormNodePointer' FormStyle: type: object additionalProperties: false properties: css: type: string minLength: 1 maxLength: 5000 FormStyleNullable: oneOf: - $ref: '#/components/schemas/FormStyle' - type: 'null' FormSummary: type: object additionalProperties: false required: - id - name - created_at - updated_at properties: id: type: string maxLength: 30 format: form-id name: type: string minLength: 1 maxLength: 150 created_at: type: string format: date-time updated_at: type: string format: date-time embedded_at: type: string format: date submitted_at: type: string format: date FormTranslations: type: object additionalProperties: type: object additionalProperties: true FormTranslationsNullable: oneOf: - $ref: '#/components/schemas/FormTranslations' - type: 'null' FormWidget: type: object oneOf: - $ref: '#/components/schemas/FormWidgetAuth0VerifiableCredentials' - $ref: '#/components/schemas/FormWidgetGMapsAddress' - $ref: '#/components/schemas/FormWidgetRecaptcha' FormWidgetAuth0VerifiableCredentials: type: object additionalProperties: false required: - id - category - type - config properties: id: type: string format: forms-custom-identifier category: $ref: '#/components/schemas/FormComponentCategoryWidgetConst' type: $ref: '#/components/schemas/FormWidgetTypeAuth0VerifiableCredentialsConst' config: $ref: '#/components/schemas/FormWidgetAuth0VerifiableCredentialsConfig' label: type: string minLength: 1 hint: type: string minLength: 1 maxLength: 500 required: type: boolean sensitive: type: boolean FormWidgetAuth0VerifiableCredentialsConfig: type: object additionalProperties: false required: - url - alternate_text - access_token - verification_id properties: url: type: string maxLength: 2000 size: type: number minimum: 1 maximum: 500 alternate_text: type: string minLength: 1 maxLength: 255 access_token: type: string minLength: 1 maxLength: 5000 verification_id: type: string minLength: 1 maxLength: 255 max_wait: type: number minimum: 60 maximum: 600 FormWidgetGMapsAddress: type: object additionalProperties: false required: - id - category - type - config properties: id: type: string format: forms-custom-identifier category: $ref: '#/components/schemas/FormComponentCategoryWidgetConst' type: $ref: '#/components/schemas/FormWidgetTypeGMapsAddressConst' config: $ref: '#/components/schemas/FormWidgetGMapsAddressConfig' label: type: string minLength: 1 hint: type: string minLength: 1 maxLength: 500 required: type: boolean sensitive: type: boolean FormWidgetGMapsAddressConfig: type: object additionalProperties: false required: - api_key properties: api_key: type: string minLength: 1 FormWidgetRecaptcha: type: object additionalProperties: false required: - id - category - type - config properties: id: type: string format: forms-custom-identifier category: $ref: '#/components/schemas/FormComponentCategoryWidgetConst' type: $ref: '#/components/schemas/FormWidgetTypeRecaptchaConst' config: $ref: '#/components/schemas/FormWidgetRecaptchaConfig' label: type: string minLength: 1 hint: type: string minLength: 1 maxLength: 500 required: type: boolean sensitive: type: boolean FormWidgetRecaptchaConfig: type: object additionalProperties: false required: - site_key - secret_key properties: site_key: type: string minLength: 1 secret_key: type: string minLength: 1 FormWidgetTypeAuth0VerifiableCredentialsConst: type: string enum: - AUTH0_VERIFIABLE_CREDENTIALS FormWidgetTypeGMapsAddressConst: type: string enum: - GMAPS_ADDRESS FormWidgetTypeRecaptchaConst: type: string enum: - RECAPTCHA FormsRequestParametersHydrateEnum: type: string maxLength: 50 enum: - flow_count - links GetActionExecutionResponseContent: type: object description: The result of a specific execution of a trigger. additionalProperties: false properties: id: type: string description: ID identifies this specific execution simulation. These IDs would resemble real executions in production. default: c5b35bb1-c67d-40bb-9b0d-700b6fe33dd9 trigger_id: $ref: '#/components/schemas/ActionTriggerTypeEnum' status: $ref: '#/components/schemas/ActionExecutionStatusEnum' results: type: array items: $ref: '#/components/schemas/ActionExecutionResult' created_at: type: string description: The time that the execution was started. default: '2021-01-01T00:00:00.000Z' format: date-time updated_at: type: string description: The time that the exeution finished executing. default: '2021-01-01T00:00:00.000Z' format: date-time GetActionModuleActionsResponseContent: type: object additionalProperties: false properties: actions: type: array description: A list of action references. items: $ref: '#/components/schemas/ActionModuleAction' total: type: integer description: The total number of actions using this module. page: type: integer description: The page index of the returned results. per_page: type: integer description: The number of results requested per page. GetActionModuleResponseContent: type: object additionalProperties: false properties: id: type: string description: The unique ID of the module. name: type: string description: The name of the module. code: type: string description: The source code from the module's draft version. dependencies: type: array description: The npm dependencies from the module's draft version. items: $ref: '#/components/schemas/ActionModuleDependency' secrets: type: array description: The secrets from the module's draft version (names and timestamps only, values never returned). items: $ref: '#/components/schemas/ActionModuleSecret' actions_using_module_total: type: integer description: The number of deployed actions using this module. all_changes_published: type: boolean description: Whether all draft changes have been published as a version. latest_version_number: type: integer description: The version number of the latest published version. Omitted if no versions have been published. created_at: type: string description: Timestamp when the module was created. format: date-time updated_at: type: string description: Timestamp when the module was last updated. format: date-time latest_version: $ref: '#/components/schemas/ActionModuleVersionReference' GetActionModuleVersionResponseContent: type: object additionalProperties: false properties: id: type: string description: The unique ID for this version. module_id: type: string description: The ID of the parent module. version_number: type: integer description: The sequential version number. code: type: string description: The exact source code that was published with this version. secrets: type: array description: Secrets available to this version (name and updated_at only, values never returned). items: $ref: '#/components/schemas/ActionModuleSecret' dependencies: type: array description: Dependencies locked to this version. items: $ref: '#/components/schemas/ActionModuleDependency' created_at: type: string description: The timestamp when this version was created. format: date-time GetActionModuleVersionsResponseContent: type: object additionalProperties: false properties: versions: type: array description: A list of ActionsModuleVersion objects. items: $ref: '#/components/schemas/ActionModuleVersion' total: type: integer description: The total number of versions for this module. page: type: integer description: The page index of the returned results. per_page: type: integer description: The number of results requested per page. GetActionModulesResponseContent: type: object additionalProperties: false properties: modules: type: array description: A list of ActionsModule objects. items: $ref: '#/components/schemas/ActionModuleListItem' total: type: integer description: The total number of modules in the tenant. page: type: integer description: The page index of the returned results. per_page: type: integer description: The number of results requested per page. GetActionResponseContent: type: object additionalProperties: false properties: id: type: string description: The unique ID of the action. default: 910b1053-577f-4d81-a8c8-020e7319a38a name: type: string description: The name of an action. default: my-action supported_triggers: type: array description: The list of triggers that this action supports. At this time, an action can only target a single trigger at a time. minItems: 1 items: $ref: '#/components/schemas/ActionTrigger' x-release-lifecycle: GA all_changes_deployed: type: boolean description: True if all of an Action's contents have been deployed. default: false created_at: type: string description: The time when this action was created. default: '2021-01-01T00:00:00.000Z' format: date-time updated_at: type: string description: The time when this action was updated. default: '2021-01-01T00:00:00.000Z' format: date-time code: type: string description: The source code of the action. default: module.exports = () => {} dependencies: type: array description: The list of third party npm modules, and their versions, that this action depends on. items: $ref: '#/components/schemas/ActionVersionDependency' runtime: type: string description: 'The Node runtime. For example: `node22`, defaults to `node22`' default: node22 secrets: type: array description: The list of secrets that are included in an action or a version of an action. items: $ref: '#/components/schemas/ActionSecretResponse' deployed_version: $ref: '#/components/schemas/ActionDeployedVersion' installed_integration_id: type: string description: installed_integration_id is the fk reference to the InstalledIntegration entity. default: 7d2bc0c9-c0c2-433a-9f4e-86ef80270aad integration: $ref: '#/components/schemas/Integration' status: $ref: '#/components/schemas/ActionBuildStatusEnum' built_at: type: string description: The time when this action was built successfully. default: '2021-01-01T00:00:00.000Z' format: date-time deploy: type: boolean description: True if the action should be deployed after creation. default: false modules: type: array description: The list of action modules and their versions used by this action. items: $ref: '#/components/schemas/ActionModuleReference' GetActionVersionResponseContent: type: object additionalProperties: false properties: id: type: string description: The unique id of an action version. default: 12a3b9e6-06e6-4a29-96bf-90c82fe79a0d action_id: type: string description: The id of the action to which this version belongs. default: 910b1053-577f-4d81-a8c8-020e7319a38a code: type: string description: The source code of this specific version of the action. default: module.exports = () => {} dependencies: type: array description: 'The list of third party npm modules, and their versions, that this specific version depends on. ' items: $ref: '#/components/schemas/ActionVersionDependency' deployed: type: boolean description: Indicates if this specific version is the currently one deployed. default: true runtime: type: string description: 'The Node runtime. For example: `node22`' default: node22 secrets: type: array description: The list of secrets that are included in an action or a version of an action. items: $ref: '#/components/schemas/ActionSecretResponse' status: $ref: '#/components/schemas/ActionVersionBuildStatusEnum' number: type: number description: The index of this version in list of versions for the action. default: 1 errors: type: array description: Any errors that occurred while the version was being built. items: $ref: '#/components/schemas/ActionError' action: $ref: '#/components/schemas/ActionBase' built_at: type: string description: The time when this version was built successfully. default: '2021-01-01T00:00:00.000Z' format: date-time created_at: type: string description: The time when this version was created. default: '2021-01-01T00:00:00.000Z' format: date-time updated_at: type: string description: The time when a version was updated. Versions are never updated externally. Only Auth0 will update an action version as it is being built. default: '2021-01-01T00:00:00.000Z' format: date-time supported_triggers: type: array description: The list of triggers that this version supports. At this time, a version can only target a single trigger at a time. minItems: 1 items: $ref: '#/components/schemas/ActionTrigger' x-release-lifecycle: GA modules: type: array description: The list of action modules and their versions used by this action version. items: $ref: '#/components/schemas/ActionModuleReference' GetActiveUsersCountStatsResponseContent: type: number description: Number of active users in the last 30 days. default: 100 GetAculResponseContent: type: object additionalProperties: true properties: tenant: type: string description: Tenant ID prompt: type: string description: Name of the prompt screen: type: string description: Name of the screen rendering_mode: $ref: '#/components/schemas/AculRenderingModeEnum' description: Rendering mode context_configuration: $ref: '#/components/schemas/AculContextConfiguration' default_head_tags_disabled: type: - boolean - 'null' description: Override Universal Login default head tags default: false use_page_template: type: - boolean - 'null' description: Use page template with ACUL default: false head_tags: type: - array - 'null' description: An array of head tags items: $ref: '#/components/schemas/AculHeadTag' filters: $ref: '#/components/schemas/AculFilters' GetAttackProtectionCaptchaResponseContent: type: object additionalProperties: true properties: active_provider_id: type: string arkose: $ref: '#/components/schemas/AttackProtectionCaptchaArkoseResponseContent' auth_challenge: $ref: '#/components/schemas/AttackProtectionCaptchaAuthChallengeResponseContent' hcaptcha: $ref: '#/components/schemas/AttackProtectionCaptchaHcaptchaResponseContent' friendly_captcha: $ref: '#/components/schemas/AttackProtectionCaptchaFriendlyCaptchaResponseContent' recaptcha_enterprise: $ref: '#/components/schemas/AttackProtectionCaptchaRecaptchaEnterpriseResponseContent' recaptcha_v2: $ref: '#/components/schemas/AttackProtectionCaptchaRecaptchaV2ResponseContent' simple_captcha: $ref: '#/components/schemas/AttackProtectionCaptchaSimpleCaptchaResponseContent' GetBotDetectionSettingsResponseContent: type: object additionalProperties: false required: - bot_detection_level - challenge_password_policy - challenge_passwordless_policy - challenge_password_reset_policy - allowlist - monitoring_mode_enabled properties: bot_detection_level: $ref: '#/components/schemas/BotDetectionLevelEnum' challenge_password_policy: $ref: '#/components/schemas/BotDetectionChallengePolicyPasswordFlowEnum' challenge_passwordless_policy: $ref: '#/components/schemas/BotDetectionChallengePolicyPasswordlessFlowEnum' challenge_password_reset_policy: $ref: '#/components/schemas/BotDetectionChallengePolicyPasswordResetFlowEnum' allowlist: $ref: '#/components/schemas/BotDetectionAllowlist' monitoring_mode_enabled: $ref: '#/components/schemas/BotDetectionMonitoringModeEnabled' GetBrandingDefaultThemeResponseContent: type: object additionalProperties: false required: - borders - colors - displayName - fonts - page_background - themeId - widget properties: borders: $ref: '#/components/schemas/BrandingThemeBorders' colors: $ref: '#/components/schemas/BrandingThemeColors' displayName: type: string description: Display Name maxLength: 2048 pattern: ^[^<>]*$ fonts: $ref: '#/components/schemas/BrandingThemeFonts' page_background: $ref: '#/components/schemas/BrandingThemePageBackground' themeId: type: string description: Theme Id maxLength: 32 pattern: ^[a-zA-Z0-9]{32}$ widget: $ref: '#/components/schemas/BrandingThemeWidget' GetBrandingPhoneProviderResponseContent: type: object description: Phone provider configuration schema additionalProperties: false required: - name - credentials properties: id: type: string minLength: 1 maxLength: 255 tenant: type: string description: The name of the tenant minLength: 1 maxLength: 255 name: $ref: '#/components/schemas/PhoneProviderNameEnum' channel: $ref: '#/components/schemas/PhoneProviderChannelEnum' disabled: type: boolean description: Whether the provider is enabled (false) or disabled (true). configuration: $ref: '#/components/schemas/PhoneProviderConfiguration' created_at: type: string description: The provider's creation date and time in ISO 8601 format maxLength: 27 format: date-time updated_at: type: string description: The date and time of the last update to the provider in ISO 8601 format maxLength: 27 format: date-time GetBrandingResponseContent: type: object additionalProperties: true properties: colors: $ref: '#/components/schemas/BrandingColors' favicon_url: type: string description: URL for the favicon. Must use HTTPS. format: strict-https-uri logo_url: type: string description: URL for the logo. Must use HTTPS. format: strict-https-uri identifiers: $ref: '#/components/schemas/BrandingIdentifiers' font: $ref: '#/components/schemas/BrandingFont' GetBrandingThemeResponseContent: type: object additionalProperties: false required: - borders - colors - displayName - fonts - page_background - themeId - widget properties: borders: $ref: '#/components/schemas/BrandingThemeBorders' colors: $ref: '#/components/schemas/BrandingThemeColors' displayName: type: string description: Display Name maxLength: 2048 pattern: ^[^<>]*$ fonts: $ref: '#/components/schemas/BrandingThemeFonts' page_background: $ref: '#/components/schemas/BrandingThemePageBackground' themeId: type: string description: Theme Id maxLength: 32 pattern: ^[a-zA-Z0-9]{32}$ widget: $ref: '#/components/schemas/BrandingThemeWidget' GetBreachedPasswordDetectionSettingsResponseContent: type: object additionalProperties: false properties: enabled: type: boolean description: Whether or not breached password detection is active. default: true shields: type: array description: "Action to take when a breached password is detected during a login.\n Possible values: block, user_notification,\ \ admin_notification." items: $ref: '#/components/schemas/BreachedPasswordDetectionShieldsEnum' admin_notification_frequency: type: array description: "When \"admin_notification\" is enabled, determines how often email notifications are sent.\n Possible values: immediately,\ \ daily, weekly, monthly." items: $ref: '#/components/schemas/BreachedPasswordDetectionAdminNotificationFrequencyEnum' method: $ref: '#/components/schemas/BreachedPasswordDetectionMethodEnum' stage: $ref: '#/components/schemas/BreachedPasswordDetectionStage' GetBruteForceSettingsResponseContent: type: object additionalProperties: false properties: enabled: type: boolean description: Whether or not brute force attack protections are active. shields: type: array description: "Action to take when a brute force protection threshold is violated.\n Possible values: block, user_notification." items: $ref: '#/components/schemas/BruteForceProtectionShieldsEnum' allowlist: type: array description: List of trusted IP addresses that will not have attack protection enforced against them. items: type: string anyOf: - type: string format: ipv4 - type: string format: cidr - type: string format: ipv6 - type: string format: ipv6_cidr mode: $ref: '#/components/schemas/BruteForceProtectionModeEnum' max_attempts: type: integer description: Maximum number of unsuccessful attempts. default: 10 minimum: 1 maximum: 100 GetClientCredentialResponseContent: type: object additionalProperties: true properties: id: type: string description: ID of the credential. Generated on creation. default: cred_1m7sfABoNTTKYwTQ8qt6tX name: type: string description: The name given to the credential by the user. default: '' kid: type: string description: The key identifier of the credential, generated on creation. default: IZSSTECp... alg: $ref: '#/components/schemas/ClientCredentialAlgorithmEnum' credential_type: $ref: '#/components/schemas/ClientCredentialTypeEnum' subject_dn: type: string description: The X509 certificate's Subject Distinguished Name thumbprint_sha256: type: string description: The X509 certificate's SHA256 thumbprint created_at: type: string description: The ISO 8601 formatted date the credential was created. format: date-time updated_at: type: string description: The ISO 8601 formatted date the credential was updated. format: date-time expires_at: type: string description: The ISO 8601 formatted date representing the expiration of the credential. format: date-time GetClientGrantResponseContent: type: object additionalProperties: false properties: id: type: string description: ID of the client grant. client_id: type: string description: ID of the client. audience: type: string description: The audience (API identifier) of this client grant. minLength: 1 scope: type: array description: Scopes allowed for this client grant. items: type: string minLength: 1 organization_usage: $ref: '#/components/schemas/ClientGrantOrganizationUsageEnum' allow_any_organization: type: boolean description: If enabled, any organization can be used with this grant. If disabled (default), the grant must be explicitly assigned to the desired organizations. default_for: $ref: '#/components/schemas/ClientGrantDefaultForEnum' x-release-lifecycle: GA is_system: type: boolean description: If enabled, this grant is a special grant created by Auth0. It cannot be modified or deleted directly. subject_type: $ref: '#/components/schemas/ClientGrantSubjectTypeEnum' authorization_details_types: type: array description: Types of authorization_details allowed for this client grant. items: type: string minLength: 1 maxLength: 255 allow_all_scopes: type: boolean description: If enabled, all scopes configured on the resource server are allowed for this grant. GetClientResponseContent: type: object additionalProperties: true properties: client_id: type: string description: ID of this client. default: AaiyAPdpYdesoKnqjj8HJqRn4T5titww tenant: type: string description: Name of the tenant this client belongs to. default: '' name: type: string description: 'Name of this client (min length: 1 character, does not allow `<` or `>`).' default: My application description: type: string description: 'Free text description of this client (max length: 140 characters).' default: '' global: type: boolean description: Whether this is your global 'All Applications' client representing legacy tenant settings (true) or a regular client (false). default: false client_secret: type: string description: Client secret (which you must not make public). default: MG_TNT2ver-SylNat-_VeMmd-4m0Waba0jr1troztBniSChEw0glxEmgEi2Kw40H app_type: $ref: '#/components/schemas/ClientAppTypeEnum' logo_uri: type: string description: URL of the logo to display for this client. Recommended size is 150x150 pixels. is_first_party: type: boolean description: Whether this client a first party client (true) or not (false). default: false oidc_conformant: type: boolean description: Whether this client conforms to strict OIDC specifications (true) or uses legacy features (false). default: false callbacks: type: array description: Comma-separated list of URLs whitelisted for Auth0 to use as a callback to the client after authentication. items: type: string allowed_origins: type: array description: Comma-separated list of URLs allowed to make requests from JavaScript to Auth0 API (typically used with CORS). By default, all your callback URLs will be allowed. This field allows you to enter other origins if necessary. You can also use wildcards at the subdomain level (e.g., https://*.contoso.com). Query strings and hash information are not taken into account when validating these URLs. items: type: string web_origins: type: array description: Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode. items: type: string client_aliases: type: array description: List of audiences/realms for SAML protocol. Used by the wsfed addon. items: type: string allowed_clients: type: array description: List of allow clients and API ids that are allowed to make delegation requests. Empty means all all your clients are allowed. items: type: string allowed_logout_urls: type: array description: Comma-separated list of URLs that are valid to redirect to after logout from Auth0. Wildcards are allowed for subdomains. items: type: string session_transfer: $ref: '#/components/schemas/ClientSessionTransferConfiguration' oidc_logout: $ref: '#/components/schemas/ClientOIDCBackchannelLogoutSettings' grant_types: type: array description: List of grant types supported for this application. Can include `authorization_code`, `implicit`, `refresh_token`, `client_credentials`, `password`, `http://auth0.com/oauth/grant-type/password-realm`, `http://auth0.com/oauth/grant-type/mfa-oob`, `http://auth0.com/oauth/grant-type/mfa-otp`, `http://auth0.com/oauth/grant-type/mfa-recovery-code`, `urn:openid:params:grant-type:ciba`, `urn:ietf:params:oauth:grant-type:device_code`, and `urn:auth0:params:oauth:grant-type:token-exchange:federated-connection-access-token`. items: type: string jwt_configuration: $ref: '#/components/schemas/ClientJwtConfiguration' signing_keys: $ref: '#/components/schemas/ClientSigningKeys' encryption_key: $ref: '#/components/schemas/ClientEncryptionKey' sso: type: boolean description: Applies only to SSO clients and determines whether Auth0 will handle Single Sign On (true) or whether the Identity Provider will (false). default: false sso_disabled: type: boolean description: Whether Single Sign On is disabled (true) or enabled (true). Defaults to true. default: false cross_origin_authentication: type: boolean description: Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false). cross_origin_loc: type: string description: URL of the location in your site where the cross origin verification takes place for the cross-origin auth flow when performing Auth in your own domain instead of Auth0 hosted login page. format: url custom_login_page_on: type: boolean description: Whether a custom login page is to be used (true) or the default provided login page (false). default: true custom_login_page: type: string description: The content (HTML, CSS, JS) of the custom login page. default: '' custom_login_page_preview: type: string description: The content (HTML, CSS, JS) of the custom login page. (Used on Previews) default: '' form_template: type: string description: HTML form template to be used for WS-Federation. default: '' addons: $ref: '#/components/schemas/ClientAddons' token_endpoint_auth_method: $ref: '#/components/schemas/ClientTokenEndpointAuthMethodEnum' is_token_endpoint_ip_header_trusted: type: boolean description: If true, trust that the IP specified in the `auth0-forwarded-for` header is the end-user's IP for brute-force-protection on token endpoint. default: false client_metadata: $ref: '#/components/schemas/ClientMetadata' mobile: $ref: '#/components/schemas/ClientMobile' initiate_login_uri: type: string description: Initiate login uri, must be https format: absolute-https-uri-with-placeholders-or-empty native_social_login: {} refresh_token: $ref: '#/components/schemas/ClientRefreshTokenConfiguration' default_organization: $ref: '#/components/schemas/ClientDefaultOrganization' organization_usage: $ref: '#/components/schemas/ClientOrganizationUsageEnum' organization_require_behavior: $ref: '#/components/schemas/ClientOrganizationRequireBehaviorEnum' organization_discovery_methods: type: array description: Defines the available methods for organization discovery during the `pre_login_prompt`. Users can discover their organization either by `email`, `organization_name` or both. minItems: 1 x-release-lifecycle: EA items: $ref: '#/components/schemas/ClientOrganizationDiscoveryEnum' client_authentication_methods: $ref: '#/components/schemas/ClientAuthenticationMethod' require_pushed_authorization_requests: type: boolean description: Makes the use of Pushed Authorization Requests mandatory for this client default: false require_proof_of_possession: type: boolean description: Makes the use of Proof-of-Possession mandatory for this client default: false signed_request_object: $ref: '#/components/schemas/ClientSignedRequestObjectWithCredentialId' compliance_level: $ref: '#/components/schemas/ClientComplianceLevelEnum' skip_non_verifiable_callback_uri_confirmation_prompt: type: boolean description: 'Controls whether a confirmation prompt is shown during login flows when the redirect URI uses non-verifiable callback URIs (for example, a custom URI schema such as `myapp://`, or `localhost`). If set to true, a confirmation prompt will not be shown. We recommend that this is set to false for improved protection from malicious apps. See https://auth0.com/docs/secure/security-guidance/measures-against-app-impersonation for more information.' token_exchange: $ref: '#/components/schemas/ClientTokenExchangeConfiguration' x-release-lifecycle: GA par_request_expiry: type: - integer - 'null' description: Specifies how long, in seconds, a Pushed Authorization Request URI remains valid minimum: 10 maximum: 600 token_quota: $ref: '#/components/schemas/TokenQuota' x-release-lifecycle: EA express_configuration: $ref: '#/components/schemas/ExpressConfiguration' my_organization_configuration: $ref: '#/components/schemas/ClientMyOrganizationResponseConfiguration' x-release-lifecycle: EA third_party_security_mode: $ref: '#/components/schemas/ClientThirdPartySecurityModeEnum' x-release-lifecycle: GA redirection_policy: $ref: '#/components/schemas/ClientRedirectionPolicyEnum' x-release-lifecycle: GA resource_server_identifier: type: string description: The identifier of the resource server that this client is linked to. async_approval_notification_channels: $ref: '#/components/schemas/ClientAsyncApprovalNotificationsChannelsAPIPostConfiguration' external_metadata_type: $ref: '#/components/schemas/ClientExternalMetadataTypeEnum' external_metadata_created_by: $ref: '#/components/schemas/ClientExternalMetadataCreatedByEnum' external_client_id: type: string description: An alternate client identifier to be used during authorization flows. Only supports CIMD-based client identifiers. format: absolute-https-uri-or-empty jwks_uri: type: string description: URL for the JSON Web Key Set (JWKS) containing the public keys used for private_key_jwt authentication. Only present for CIMD clients using private_key_jwt authentication. format: absolute-https-uri-or-empty GetConnectionEnabledClientsResponseContent: type: object additionalProperties: true required: - clients properties: clients: type: array description: Clients for which the connection is enabled items: $ref: '#/components/schemas/ConnectionEnabledClient' next: type: string description: Encoded next token GetConnectionProfileResponseContent: type: object additionalProperties: false properties: id: $ref: '#/components/schemas/ConnectionProfileId' name: $ref: '#/components/schemas/ConnectionProfileName' organization: $ref: '#/components/schemas/ConnectionProfileOrganization' connection_name_prefix_template: $ref: '#/components/schemas/ConnectionNamePrefixTemplate' enabled_features: $ref: '#/components/schemas/ConnectionProfileEnabledFeatures' connection_config: $ref: '#/components/schemas/ConnectionProfileConfig' strategy_overrides: $ref: '#/components/schemas/ConnectionProfileStrategyOverrides' GetConnectionProfileTemplateResponseContent: type: object additionalProperties: false properties: id: type: string description: The id of the template. display_name: type: string description: The user-friendly name of the template displayed in the UI. template: $ref: '#/components/schemas/ConnectionProfileTemplate' GetConnectionResponseContent: type: object additionalProperties: false properties: name: type: string description: The name of the connection default: My connection display_name: type: string description: Connection name used in login screen options: $ref: '#/components/schemas/ConnectionOptions' id: type: string description: The connection's identifier default: con_0000000000000001 strategy: type: string description: The type of the connection, related to the identity provider default: auth0 realms: type: array description: 'Defines the realms for which the connection will be used (ie: email domains). If the array is empty or the property is not specified, the connection name will be added as realm.' items: type: string description: The realm where this connection belongs format: connection-realm enabled_clients: type: array description: DEPRECATED property. Use the GET /connections/:id/clients endpoint to get the ids of the clients for which the connection is enabled x-release-lifecycle: deprecated items: type: string description: The client id is_domain_connection: type: boolean description: True if the connection is domain level show_as_button: type: boolean description: Enables showing a button for the connection in the login page (new experience only). If false, it will be usable only by HRD. metadata: $ref: '#/components/schemas/ConnectionsMetadata' authentication: $ref: '#/components/schemas/ConnectionAuthenticationPurpose' x-release-lifecycle: GA connected_accounts: $ref: '#/components/schemas/ConnectionConnectedAccountsPurpose' x-release-lifecycle: GA GetCustomDomainResponseContent: type: object additionalProperties: false required: - custom_domain_id - domain - primary - status - type properties: custom_domain_id: type: string description: ID of the custom domain. default: cd_0000000000000001 domain: type: string description: Domain name. default: login.mycompany.com primary: type: boolean description: Whether this is a primary domain (true) or not (false). default: false is_default: type: boolean description: Whether this is the default custom domain (true) or not (false). default: false status: $ref: '#/components/schemas/CustomDomainStatusFilterEnum' type: $ref: '#/components/schemas/CustomDomainTypeEnum' origin_domain_name: type: string description: Intermediate address. default: mycompany_cd_0000000000000001.edge.tenants.auth0.com verification: $ref: '#/components/schemas/DomainVerification' custom_client_ip_header: type: - string - 'null' description: The HTTP header to fetch the client's IP address tls_policy: type: string description: The TLS version policy default: recommended domain_metadata: $ref: '#/components/schemas/DomainMetadata' certificate: $ref: '#/components/schemas/DomainCertificate' relying_party_identifier: type: string description: Relying Party ID (rpId) to be used for Passkeys on this custom domain. If not present, the full domain will be used. format: hostname GetCustomSigningKeysResponseContent: type: object description: JWKS representing an array of custom public signing keys. additionalProperties: false properties: keys: type: array description: An array of custom public signing keys. items: $ref: '#/components/schemas/CustomSigningKeyJWK' GetCustomTextsByLanguageResponseContent: type: object description: An object containing custom dictionaries for a group of screens. additionalProperties: true GetDefaultCanonicalDomainResponseContent: type: object additionalProperties: false required: - domain properties: domain: type: string description: Domain name. default: login.mycompany.com GetDefaultCustomDomainResponseContent: type: object additionalProperties: false required: - custom_domain_id - domain - primary - status - type properties: custom_domain_id: type: string description: ID of the custom domain. default: cd_0000000000000001 domain: type: string description: Domain name. default: login.mycompany.com primary: type: boolean description: Whether this is a primary domain (true) or not (false). default: false is_default: type: boolean description: Whether this is the default custom domain (true) or not (false). default: false status: $ref: '#/components/schemas/CustomDomainStatusFilterEnum' type: $ref: '#/components/schemas/CustomDomainTypeEnum' origin_domain_name: type: string description: Intermediate address. default: mycompany_cd_0000000000000001.edge.tenants.auth0.com verification: $ref: '#/components/schemas/DomainVerification' custom_client_ip_header: type: - string - 'null' description: The HTTP header to fetch the client's IP address tls_policy: type: string description: The TLS version policy default: recommended domain_metadata: $ref: '#/components/schemas/DomainMetadata' certificate: $ref: '#/components/schemas/DomainCertificate' relying_party_identifier: type: string description: Relying Party ID (rpId) to be used for Passkeys on this custom domain. If not present, the full domain will be used. format: hostname GetDefaultDomainResponseContent: oneOf: - $ref: '#/components/schemas/GetDefaultCustomDomainResponseContent' - $ref: '#/components/schemas/GetDefaultCanonicalDomainResponseContent' GetDirectoryProvisioningDefaultMappingResponseContent: type: object additionalProperties: false properties: mapping: type: array description: The mapping between Auth0 and IDP user attributes minItems: 1 items: $ref: '#/components/schemas/DirectoryProvisioningMappingItem' GetDirectoryProvisioningResponseContent: type: object additionalProperties: false required: - connection_id - connection_name - strategy - mapping - synchronize_automatically - created_at - updated_at properties: connection_id: type: string description: The connection's identifier connection_name: type: string description: The connection's name strategy: type: string description: The connection's strategy mapping: type: array description: The mapping between Auth0 and IDP user attributes minItems: 1 items: $ref: '#/components/schemas/DirectoryProvisioningMappingItem' synchronize_automatically: type: boolean description: Whether periodic automatic synchronization is enabled synchronize_groups: $ref: '#/components/schemas/SynchronizeGroupsEnum' x-release-lifecycle: EA created_at: type: string description: The timestamp at which the directory provisioning configuration was created format: date-time updated_at: type: string description: The timestamp at which the directory provisioning configuration was last updated format: date-time last_synchronization_at: type: string description: The timestamp at which the connection was last synchronized format: date-time last_synchronization_status: type: string description: The status of the last synchronization last_synchronization_error: type: string description: The error message of the last synchronization, if any GetEmailProviderResponseContent: type: object additionalProperties: false properties: name: type: string description: Name of the email provider. Can be `mailgun`, `mandrill`, `sendgrid`, `resend`, `ses`, `sparkpost`, `smtp`, `azure_cs`, `ms365`, or `custom`. default: sendgrid enabled: type: boolean description: Whether the provider is enabled (true) or disabled (false). default: true default_from_address: type: string description: Email address to use as "from" when no other address specified. credentials: $ref: '#/components/schemas/EmailProviderCredentials' settings: $ref: '#/components/schemas/EmailProviderSettings' GetEmailTemplateResponseContent: type: object additionalProperties: false properties: template: $ref: '#/components/schemas/EmailTemplateNameEnum' body: type: - string - 'null' description: Body of the email template. from: type: - string - 'null' description: Senders `from` email address. default: sender@auth0.com resultUrl: type: - string - 'null' description: URL to redirect the user to after a successful action. subject: type: - string - 'null' description: Subject line of the email. syntax: type: - string - 'null' description: Syntax of the template body. default: liquid urlLifetimeInSeconds: type: - number - 'null' description: Lifetime in seconds that the link within the email will be valid for. minimum: 0 includeEmailInRedirect: type: boolean description: Whether the `reset_email` and `verify_email` templates should include the user's email address as the `email` parameter in the returnUrl (true) or whether no email address should be included in the redirect (false). Defaults to true. enabled: type: - boolean - 'null' description: Whether the template is enabled (true) or disabled (false). GetEncryptionKeyResponseContent: type: object description: Encryption key additionalProperties: false required: - kid - type - state - created_at - updated_at properties: kid: type: string description: Key ID type: $ref: '#/components/schemas/EncryptionKeyType' state: $ref: '#/components/schemas/EncryptionKeyState' created_at: type: string description: Key creation timestamp format: date-time updated_at: type: string description: Key update timestamp format: date-time parent_kid: type: - string - 'null' description: ID of parent wrapping key public_key: type: - string - 'null' description: Public key in PEM format GetEventStreamDeliveryHistoryResponseContent: type: object description: Metadata about a specific attempt to deliver an event additionalProperties: false required: - id - event_stream_id - status - event_type - attempts properties: id: type: string description: Unique identifier for the delivery event_stream_id: type: string description: Unique identifier for the event stream. minLength: 26 maxLength: 26 format: event-stream-id status: $ref: '#/components/schemas/EventStreamDeliveryStatusEnum' event_type: $ref: '#/components/schemas/EventStreamDeliveryEventTypeEnum' attempts: type: array description: Results of delivery attempts items: $ref: '#/components/schemas/EventStreamDeliveryAttempt' event: $ref: '#/components/schemas/EventStreamCloudEvent' GetEventStreamResponseContent: oneOf: - $ref: '#/components/schemas/EventStreamWebhookResponseContent' - $ref: '#/components/schemas/EventStreamEventBridgeResponseContent' - $ref: '#/components/schemas/EventStreamActionResponseContent' GetFlowExecutionRequestParametersHydrateEnum: type: string maxLength: 5 enum: - debug GetFlowExecutionResponseContent: type: object additionalProperties: false required: - id - trace_id - status - created_at - updated_at properties: id: type: string description: Flow execution identifier maxLength: 30 format: flow-execution-id trace_id: type: string description: Trace id minLength: 1 maxLength: 50 journey_id: type: string description: Journey id minLength: 1 maxLength: 50 status: type: string description: Execution status minLength: 1 maxLength: 50 debug: $ref: '#/components/schemas/FlowExecutionDebug' created_at: type: string description: The ISO 8601 formatted date when this flow execution was created. format: date-time updated_at: type: string description: The ISO 8601 formatted date when this flow execution was updated. format: date-time started_at: type: string description: The ISO 8601 formatted date when this flow execution started. format: date-time ended_at: type: string description: The ISO 8601 formatted date when this flow execution ended. format: date-time GetFlowRequestParametersHydrateEnum: type: string maxLength: 50 enum: - form_count - forms GetFlowResponseContent: type: object additionalProperties: false required: - id - name - created_at - updated_at x-release-lifecycle: GA properties: id: type: string maxLength: 30 format: flow-id name: type: string minLength: 1 maxLength: 150 actions: type: array minItems: 0 items: $ref: '#/components/schemas/FlowAction' created_at: type: string format: date-time updated_at: type: string format: date-time executed_at: type: string format: date GetFlowsExecutionsResponseContent: oneOf: - $ref: '#/components/schemas/ListFlowExecutionsResponseContent' - $ref: '#/components/schemas/ListFlowExecutionsOffsetPaginatedResponseContent' - $ref: '#/components/schemas/ListFlowExecutionsPaginatedResponseContent' GetFlowsVaultConnectionResponseContent: type: object additionalProperties: false required: - id - app_id - name - ready - created_at - updated_at - fingerprint properties: id: type: string description: Flows Vault Connection identifier. maxLength: 30 format: flows-vault-connections-id app_id: type: string description: Flows Vault Connection app identifier. minLength: 1 maxLength: 55 environment: type: string description: Flows Vault Connection environment. minLength: 1 maxLength: 55 name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 account_name: type: string description: Flows Vault Connection custom account name. minLength: 1 maxLength: 150 ready: type: boolean description: Whether the Flows Vault Connection is configured. created_at: type: string description: The ISO 8601 formatted date when this Flows Vault Connection was created. format: date-time updated_at: type: string description: The ISO 8601 formatted date when this Flows Vault Connection was updated. format: date-time refreshed_at: type: string description: The ISO 8601 formatted date when this Flows Vault Connection was refreshed. format: date-time fingerprint: type: string minLength: 1 GetFormResponseContent: type: object additionalProperties: false required: - id - name - created_at - updated_at properties: id: type: string maxLength: 30 format: form-id name: type: string minLength: 1 maxLength: 150 messages: $ref: '#/components/schemas/FormMessages' languages: $ref: '#/components/schemas/FormLanguages' translations: $ref: '#/components/schemas/FormTranslations' nodes: $ref: '#/components/schemas/FormNodeList' start: $ref: '#/components/schemas/FormStartNode' ending: $ref: '#/components/schemas/FormEndingNode' style: $ref: '#/components/schemas/FormStyle' created_at: type: string format: date-time updated_at: type: string format: date-time embedded_at: type: string format: date submitted_at: type: string format: date GetGroupMembersResponseContent: type: object additionalProperties: false required: - members properties: members: type: array items: $ref: '#/components/schemas/GroupMember' next: type: string description: A cursor to be used as the "from" query parameter for the next page of results. GetGroupResponseContent: type: object description: Represents the metadata of a group. Member lists are retrieved via a separate endpoint. additionalProperties: true required: - id - name - created_at - updated_at - tenant_name properties: id: type: string description: Unique identifier for the group (service-generated). minLength: 18 maxLength: 26 pattern: ^grp_[1-9a-km-zA-HJ-NP-Z]{14,22}$ name: type: string description: Name of the group. Must be unique within its connection. Must contain between 1 and 128 printable ASCII characters. minLength: 1 maxLength: 128 pattern: ^[\x20-\x7E]+$ external_id: type: string description: External identifier for the group, often used for SCIM synchronization. Max length of 256 characters. maxLength: 256 connection_id: type: string description: Identifier for the connection this group belongs to (if a connection group). format: connection-id tenant_name: type: string description: Identifier for the tenant this group belongs to. minLength: 3 pattern: ^[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?$ created_at: type: string description: Timestamp of when the group was created. format: date-time updated_at: type: string description: Timestamp of when the group was last updated. format: date-time GetGuardianEnrollmentResponseContent: type: object additionalProperties: false required: - id properties: id: type: string description: ID for this enrollment. default: dev_0000000000000001 status: $ref: '#/components/schemas/GuardianEnrollmentStatus' name: type: string description: Device name (only for push notification). default: iPhone 7 minLength: 1 maxLength: 20 pattern: ^\+[0-9]{8, 20} identifier: type: string description: Device identifier. This is usually the phone identifier. default: 76dc-a90c-a88c-a90c-a88c-a88c-a90c phone_number: type: string description: Phone number. default: +1 999999999999 enrolled_at: $ref: '#/components/schemas/GuardianEnrollmentDate' last_auth: $ref: '#/components/schemas/GuardianEnrollmentDate' GetGuardianFactorDuoSettingsResponseContent: type: object additionalProperties: false properties: ikey: type: string maxLength: 10000 skey: type: string maxLength: 10000 format: non-empty-string host: type: string maxLength: 10000 GetGuardianFactorPhoneMessageTypesResponseContent: type: object additionalProperties: false properties: message_types: type: array description: The list of phone factors to enable on the tenant. Can include `sms` and `voice`. items: $ref: '#/components/schemas/GuardianFactorPhoneFactorMessageTypeEnum' GetGuardianFactorPhoneTemplatesResponseContent: type: object additionalProperties: false required: - enrollment_message - verification_message properties: enrollment_message: type: string description: Message sent to the user when they are invited to enroll with a phone number. default: '{{code}} is your verification code for {{tenant.friendly_name}}. Please enter this code to verify your enrollment.' verification_message: type: string description: Message sent to the user when they are prompted to verify their account. default: '{{code}} is your verification code for {{tenant.friendly_name}}' GetGuardianFactorSmsTemplatesResponseContent: type: object additionalProperties: false required: - enrollment_message - verification_message properties: enrollment_message: type: string description: Message sent to the user when they are invited to enroll with a phone number. default: '{{code}} is your verification code for {{tenant.friendly_name}}. Please enter this code to verify your enrollment.' verification_message: type: string description: Message sent to the user when they are prompted to verify their account. default: '{{code}} is your verification code for {{tenant.friendly_name}}' GetGuardianFactorsProviderApnsResponseContent: type: object additionalProperties: false properties: bundle_id: type: - string - 'null' minLength: 1 maxLength: 20 sandbox: type: boolean enabled: type: boolean GetGuardianFactorsProviderPhoneResponseContent: type: object additionalProperties: false properties: provider: $ref: '#/components/schemas/GuardianFactorsProviderSmsProviderEnum' GetGuardianFactorsProviderPhoneTwilioResponseContent: type: object additionalProperties: false properties: from: type: - string - 'null' description: From number default: '+1223323' minLength: 0 maxLength: 64 messaging_service_sid: type: - string - 'null' description: Copilot SID default: 5dEkAiHLPCuQ1uJj4qNXcAnERFAL6cpq minLength: 1 maxLength: 1000 auth_token: type: - string - 'null' description: Twilio Authentication token default: zw5Ku6z2sxhd0ZVXto5SDHX6KPDByJPU minLength: 1 maxLength: 1000 sid: type: - string - 'null' description: Twilio SID default: wywA2BH4VqTpfywiDuyDAYZL3xQjoO40 minLength: 1 maxLength: 1000 GetGuardianFactorsProviderPushNotificationResponseContent: type: object additionalProperties: false properties: provider: $ref: '#/components/schemas/GuardianFactorsProviderPushNotificationProviderDataEnum' GetGuardianFactorsProviderSmsResponseContent: type: object additionalProperties: false properties: provider: $ref: '#/components/schemas/GuardianFactorsProviderSmsProviderEnum' GetGuardianFactorsProviderSmsTwilioResponseContent: type: object additionalProperties: false properties: from: type: - string - 'null' description: From number default: '+1223323' minLength: 0 maxLength: 64 messaging_service_sid: type: - string - 'null' description: Copilot SID default: 5dEkAiHLPCuQ1uJj4qNXcAnERFAL6cpq minLength: 1 maxLength: 1000 auth_token: type: - string - 'null' description: Twilio Authentication token default: zw5Ku6z2sxhd0ZVXto5SDHX6KPDByJPU minLength: 1 maxLength: 1000 sid: type: - string - 'null' description: Twilio SID default: wywA2BH4VqTpfywiDuyDAYZL3xQjoO40 minLength: 1 maxLength: 1000 GetGuardianFactorsProviderSnsResponseContent: type: object additionalProperties: false properties: aws_access_key_id: type: - string - 'null' default: wywA2BH4VqTpfywiDuyDAYZL3xQjoO40 minLength: 1 maxLength: 1000 aws_secret_access_key: type: - string - 'null' default: B1ER5JHDGJL3C4sVAKK7SBsq806R3IpL minLength: 1 maxLength: 1000 aws_region: type: - string - 'null' default: us-west-1 minLength: 1 maxLength: 1000 pattern: ^(?:us-east-[0-9]{1,2}|us-west-[0-9]{1,2}|ap-southeast-[0-9]{1,2}|ap-northeast-[0-9]{1,2}|ap-central-[0-9]{1,2}|eu-west-[0-9]{1,2}|eu-central-[0-9]{1,2})$ sns_apns_platform_application_arn: type: - string - 'null' minLength: 1 maxLength: 1000 sns_gcm_platform_application_arn: type: - string - 'null' default: urn://yRMeBxgcCXh8MeTXPBAxhQnm6gP6f5nP minLength: 1 maxLength: 1000 GetHookResponseContent: type: object additionalProperties: false properties: triggerId: type: string description: Trigger ID id: type: string description: ID of this hook. default: '00001' name: type: string description: Name of this hook. default: hook enabled: type: boolean description: Whether this hook will be executed (true) or ignored (false). default: true script: type: string description: Code to be executed when this hook runs. default: module.exports = function(client, scope, audience, context, cb) cb(null, access_token); }; dependencies: $ref: '#/components/schemas/HookDependencies' GetHookSecretResponseContent: type: object description: Hashmap of key-value pairs where the value must be a string. additionalProperties: type: string minProperties: 1 maxProperties: 20 GetJobErrorResponseContent: type: object additionalProperties: false properties: user: $ref: '#/components/schemas/GetJobUserError' errors: type: array description: Errors importing the user. items: $ref: '#/components/schemas/GetJobImportUserError' GetJobGenericErrorResponseContent: type: object additionalProperties: true required: - id - type - status properties: status: type: string description: Status of this job. default: pending type: type: string description: Type of job this is. default: users_import created_at: type: string description: When this job was created. id: type: string description: ID of this job. default: job_0000000000000001 connection_id: type: string description: connection_id of the connection this job uses. default: con_0000000000000001 status_details: type: string description: Status details. GetJobImportUserError: type: object additionalProperties: true properties: code: type: string description: Error code. message: type: string description: Error message. path: type: string description: Error field. GetJobResponseContent: type: object additionalProperties: true required: - id - type - status properties: status: type: string description: Status of this job. default: pending type: type: string description: Type of job this is. default: users_import created_at: type: string description: When this job was created. id: type: string description: ID of this job. default: job_0000000000000001 connection_id: type: string description: connection_id of the connection this job uses. default: con_0000000000000001 location: type: string description: URL to download the result of this job. percentage_done: type: integer description: Completion percentage of this job. time_left_seconds: type: integer description: Estimated time remaining before job completes. format: $ref: '#/components/schemas/JobFileFormatEnum' status_details: type: string description: Status details. summary: $ref: '#/components/schemas/GetJobSummary' GetJobSummary: type: object description: Job execution summary. additionalProperties: true properties: failed: type: integer description: Number of failed operations. default: 0 updated: type: integer description: Number of updated records. default: 0 inserted: type: integer description: Number of inserted records. default: 0 total: type: integer description: Total number of operations. default: 0 GetJobUserError: type: object description: User, as provided in the import file additionalProperties: true GetLogResponseContent: type: object additionalProperties: true properties: date: $ref: '#/components/schemas/LogDate' type: type: string description: Type of event. default: sapi description: type: - string - 'null' description: Description of this event. connection: type: string description: Name of the connection the event relates to. connection_id: type: string description: ID of the connection the event relates to. client_id: type: string description: ID of the client (application). default: AaiyAPdpYdesoKnqjj8HJqRn4T5titww client_name: type: string description: Name of the client (application). default: My application Name ip: type: string description: IP address of the log event source. default: 190.257.209.19 hostname: type: string description: Hostname the event applies to. default: 190.257.209.19 user_id: type: string description: ID of the user involved in the event. default: auth0|56c75c4e42b6359e98374bc2 user_name: type: string description: Name of the user involved in the event. audience: type: string description: API audience the event applies to. scope: type: string description: Scope permissions applied to the event. default: '' strategy: type: string description: Name of the strategy involved in the event. strategy_type: type: string description: Type of strategy involved in the event. log_id: type: string description: Unique ID of the event. isMobile: type: boolean description: Whether the client was a mobile device (true) or desktop/laptop/server (false). details: $ref: '#/components/schemas/LogDetails' user_agent: type: string description: User agent string from the client device that caused the event. security_context: $ref: '#/components/schemas/LogSecurityContext' location_info: $ref: '#/components/schemas/LogLocationInfo' GetLogStreamResponseContent: oneOf: - $ref: '#/components/schemas/LogStreamHttpResponseSchema' - $ref: '#/components/schemas/LogStreamEventBridgeResponseSchema' - $ref: '#/components/schemas/LogStreamEventGridResponseSchema' - $ref: '#/components/schemas/LogStreamDatadogResponseSchema' - $ref: '#/components/schemas/LogStreamSplunkResponseSchema' - $ref: '#/components/schemas/LogStreamSumoResponseSchema' - $ref: '#/components/schemas/LogStreamSegmentResponseSchema' - $ref: '#/components/schemas/LogStreamMixpanelResponseSchema' GetNetworkAclsResponseContent: type: object additionalProperties: true properties: id: type: string description: type: string active: type: boolean priority: type: number minimum: 1 maximum: 100 rule: $ref: '#/components/schemas/NetworkAclRule' created_at: type: string description: The timestamp when the Network ACL Configuration was created updated_at: type: string description: The timestamp when the Network ACL Configuration was last updated GetOrganizationAllConnectionResponseContent: type: object additionalProperties: false required: - connection_id properties: organization_connection_name: type: string description: Name of the connection in the scope of this organization. minLength: 1 maxLength: 50 pattern: "^[^\0]*$" assign_membership_on_login: type: boolean description: When true, all users that log in with this connection will be automatically granted membership in the organization. When false, users must be granted membership in the organization before logging in with this connection. show_as_button: type: boolean description: 'Determines whether a connection should be displayed on this organization’s login prompt. Only applicable for enterprise connections. Default: true.' is_signup_enabled: type: boolean description: 'Determines whether organization signup should be enabled for this organization connection. Only applicable for database connections. Default: false.' organization_access_level: $ref: '#/components/schemas/OrganizationAccessLevelEnum' is_enabled: type: boolean description: Whether the connection is enabled for the organization. connection_id: type: string description: Connection identifier. minLength: 1 maxLength: 50 format: connection-id connection: $ref: '#/components/schemas/OrganizationConnectionInformation' GetOrganizationByNameResponseContent: type: object additionalProperties: true properties: id: type: string description: Organization identifier. maxLength: 50 format: organization-id name: type: string description: The name of this organization. default: organization-1 minLength: 1 maxLength: 50 format: organization-name display_name: type: string description: Friendly name of this organization. default: Acme Users minLength: 1 maxLength: 255 branding: $ref: '#/components/schemas/OrganizationBranding' metadata: $ref: '#/components/schemas/OrganizationMetadata' token_quota: $ref: '#/components/schemas/TokenQuota' x-release-lifecycle: EA GetOrganizationConnectionResponseContent: type: object additionalProperties: false properties: connection_id: type: string description: ID of the connection. assign_membership_on_login: type: boolean description: When true, all users that log in with this connection will be automatically granted membership in the organization. When false, users must be granted membership in the organization before logging in with this connection. show_as_button: type: boolean description: 'Determines whether a connection should be displayed on this organization’s login prompt. Only applicable for enterprise connections. Default: true.' is_signup_enabled: type: boolean description: 'Determines whether organization signup should be enabled for this organization connection. Only applicable for database connections. Default: false.' connection: $ref: '#/components/schemas/OrganizationConnectionInformation' GetOrganizationDiscoveryDomainByNameResponseContent: type: object additionalProperties: false required: - id - domain - status - verification_txt - verification_host properties: id: type: string description: Organization discovery domain identifier. format: organization-discovery-domain-id domain: type: string description: The domain name to associate with the organization e.g. acme.com. minLength: 3 maxLength: 255 pattern: ^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9-]*[A-Za-z0-9])$ status: $ref: '#/components/schemas/OrganizationDiscoveryDomainStatus' use_for_organization_discovery: type: boolean description: Indicates whether this domain should be used for organization discovery. verification_txt: type: string description: A unique token generated for the discovery domain. This must be placed in a DNS TXT record at the location specified by the verification_host field to prove domain ownership. verification_host: type: string description: The full domain where the TXT record should be added. GetOrganizationDiscoveryDomainResponseContent: type: object additionalProperties: false required: - id - domain - status - verification_txt - verification_host properties: id: type: string description: Organization discovery domain identifier. format: organization-discovery-domain-id domain: type: string description: The domain name to associate with the organization e.g. acme.com. minLength: 3 maxLength: 255 pattern: ^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9-]*[A-Za-z0-9])$ status: $ref: '#/components/schemas/OrganizationDiscoveryDomainStatus' use_for_organization_discovery: type: boolean description: Indicates whether this domain should be used for organization discovery. verification_txt: type: string description: A unique token generated for the discovery domain. This must be placed in a DNS TXT record at the location specified by the verification_host field to prove domain ownership. verification_host: type: string description: The full domain where the TXT record should be added. GetOrganizationInvitationResponseContent: type: object additionalProperties: false properties: id: type: string description: The id of the user invitation. default: uinv_0000000000000001 format: user-invitation-id organization_id: type: string description: Organization identifier. maxLength: 50 format: organization-id inviter: $ref: '#/components/schemas/OrganizationInvitationInviter' invitee: $ref: '#/components/schemas/OrganizationInvitationInvitee' invitation_url: type: string description: The invitation url to be send to the invitee. default: https://mycompany.org/login?invitation=f81dWWYW6gzGGicxT8Ha0txBkGNcAcYr&organization=org_0000000000000001&organization_name=acme format: strict-https-uri created_at: type: string description: The ISO 8601 formatted timestamp representing the creation time of the invitation. default: '2020-08-20T19:10:06.299Z' format: date-time expires_at: type: string description: The ISO 8601 formatted timestamp representing the expiration time of the invitation. default: '2020-08-27T19:10:06.299Z' format: date-time client_id: type: string description: Auth0 client ID. Used to resolve the application's login initiation endpoint. default: AaiyAPdpYdesoKnqjj8HJqRn4T5titww format: client-id connection_id: type: string description: The id of the connection to force invitee to authenticate with. default: con_0000000000000001 format: connection-id app_metadata: $ref: '#/components/schemas/AppMetadata' user_metadata: $ref: '#/components/schemas/UserMetadata' roles: type: array description: List of roles IDs to associated with the user. minItems: 1 items: type: string format: role-id ticket_id: type: string description: The id of the invitation ticket format: ticket-id GetOrganizationResponseContent: type: object additionalProperties: true properties: id: type: string description: Organization identifier. maxLength: 50 format: organization-id name: type: string description: The name of this organization. default: organization-1 minLength: 1 maxLength: 50 format: organization-name display_name: type: string description: Friendly name of this organization. default: Acme Users minLength: 1 maxLength: 255 branding: $ref: '#/components/schemas/OrganizationBranding' metadata: $ref: '#/components/schemas/OrganizationMetadata' token_quota: $ref: '#/components/schemas/TokenQuota' x-release-lifecycle: EA GetPartialsResponseContent: type: object description: An object containing template partials for a group of screens. additionalProperties: true GetPhoneTemplateResponseContent: type: object additionalProperties: false required: - content - disabled - id - type properties: id: type: string minLength: 1 maxLength: 255 channel: type: string customizable: type: boolean tenant: type: string minLength: 1 maxLength: 255 content: $ref: '#/components/schemas/PhoneTemplateContent' type: $ref: '#/components/schemas/PhoneTemplateNotificationTypeEnum' disabled: type: boolean description: Whether the template is enabled (false) or disabled (true). default: false GetRefreshTokenResponseContent: type: object additionalProperties: true properties: id: type: string description: The ID of the refresh token user_id: type: string description: ID of the user which can be used when interacting with other APIs. default: auth0|507f1f77bcf86cd799439020 created_at: $ref: '#/components/schemas/RefreshTokenDate' idle_expires_at: $ref: '#/components/schemas/RefreshTokenDate' expires_at: $ref: '#/components/schemas/RefreshTokenDate' device: $ref: '#/components/schemas/RefreshTokenDevice' client_id: type: string description: ID of the client application granted with this refresh token session_id: $ref: '#/components/schemas/RefreshTokenSessionId' rotating: type: boolean description: True if the token is a rotating refresh token resource_servers: type: array description: A list of the resource server IDs associated to this refresh-token and their granted scopes items: $ref: '#/components/schemas/RefreshTokenResourceServer' refresh_token_metadata: $ref: '#/components/schemas/RefreshTokenMetadata' last_exchanged_at: $ref: '#/components/schemas/RefreshTokenDate' GetRefreshTokensPaginatedResponseContent: type: object additionalProperties: true properties: refresh_tokens: type: array items: $ref: '#/components/schemas/RefreshTokenResponseContent' next: type: string description: A cursor to be used as the "from" query parameter for the next page of results. GetResourceServerResponseContent: type: object additionalProperties: false properties: id: type: string description: ID of the API (resource server). name: type: string description: Friendly name for this resource server. Can not contain `<` or `>` characters. is_system: type: boolean description: Whether this is an Auth0 system API (true) or a custom API (false). identifier: type: string description: Unique identifier for the API used as the audience parameter on authorization calls. Can not be changed once set. scopes: type: array description: List of permissions (scopes) that this API uses. items: $ref: '#/components/schemas/ResourceServerScope' signing_alg: $ref: '#/components/schemas/SigningAlgorithmEnum' signing_secret: type: string description: Secret used to sign tokens when using symmetric algorithms (HS256). minLength: 16 allow_offline_access: type: boolean description: Whether refresh tokens can be issued for this API (true) or not (false). allow_online_access: type: boolean description: Whether Online Refresh Tokens can be issued for this API (true) or not (false). skip_consent_for_verifiable_first_party_clients: type: boolean description: Whether to skip user consent for applications flagged as first party (true) or not (false). token_lifetime: type: integer description: Expiration value (in seconds) for access tokens issued for this API from the token endpoint. token_lifetime_for_web: type: integer description: Expiration value (in seconds) for access tokens issued for this API via Implicit or Hybrid Flows. Cannot be greater than the `token_lifetime` value. enforce_policies: type: boolean description: Whether authorization polices are enforced (true) or unenforced (false). token_dialect: $ref: '#/components/schemas/ResourceServerTokenDialectResponseEnum' token_encryption: $ref: '#/components/schemas/ResourceServerTokenEncryption' consent_policy: $ref: '#/components/schemas/ResourceServerConsentPolicyEnum' authorization_details: type: - array - 'null' items: {} proof_of_possession: $ref: '#/components/schemas/ResourceServerProofOfPossession' subject_type_authorization: $ref: '#/components/schemas/ResourceServerSubjectTypeAuthorization' authorization_policy: $ref: '#/components/schemas/ResourceServerAuthorizationPolicy' x-release-lifecycle: EA client_id: type: string description: The client ID of the client that this resource server is linked to format: client-id GetRiskAssessmentsSettingsNewDeviceResponseContent: type: object additionalProperties: false required: - remember_for properties: remember_for: type: integer description: Length of time to remember devices for, in days. minimum: 1 maximum: 365 GetRiskAssessmentsSettingsResponseContent: type: object additionalProperties: false required: - enabled properties: enabled: type: boolean description: Whether or not risk assessment is enabled. GetRoleResponseContent: type: object additionalProperties: false properties: id: type: string description: ID for this role. name: type: string description: Name of this role. description: type: string description: Description of this role. GetRuleResponseContent: type: object additionalProperties: false properties: name: type: string description: Name of this rule. default: rule_1 id: type: string description: ID of this rule. default: con_0000000000000001 enabled: type: boolean description: Whether the rule is enabled (true), or disabled (false). default: true script: type: string description: Code to be executed when this rule runs. default: "function (user, context, callback) {\n callback(null, user, context);\n}" order: type: number description: Order that this rule should execute in relative to other rules. Lower-valued rules execute first. default: 1 stage: type: string description: Execution stage of this rule. Can be `login_success`, `login_failure`, or `pre_authorize`. default: login_success GetScimConfigurationDefaultMappingResponseContent: type: object additionalProperties: false properties: mapping: type: array description: The mapping between auth0 and SCIM items: $ref: '#/components/schemas/ScimMappingItem' GetScimConfigurationResponseContent: type: object additionalProperties: false required: - tenant_name - connection_id - connection_name - strategy - created_at - updated_on - mapping - user_id_attribute properties: connection_id: type: string description: The connection's identifier connection_name: type: string description: The connection's name strategy: type: string description: The connection's strategy tenant_name: type: string description: The tenant's name user_id_attribute: type: string description: User ID attribute for generating unique user ids mapping: type: array description: The mapping between auth0 and SCIM items: $ref: '#/components/schemas/ScimMappingItem' created_at: type: string description: The ISO 8601 date and time the SCIM configuration was created at format: date-time updated_on: type: string description: The ISO 8601 date and time the SCIM configuration was last updated on format: date-time GetScimTokensResponseContent: type: array description: The list of scim tokens for scim clients items: $ref: '#/components/schemas/ScimTokenItem' GetSelfServiceProfileResponseContent: type: object additionalProperties: false properties: id: type: string description: The unique ID of the self-service Profile. default: ssp_n7SNCL8seoyV1TuSTCnAeo name: type: string description: The name of the self-service Profile. description: type: string description: The description of the self-service Profile. user_attributes: type: array description: List of attributes to be mapped that will be shown to the user during the Self-Service Enterprise Configuration flow. items: $ref: '#/components/schemas/SelfServiceProfileUserAttribute' created_at: type: string description: The time when this self-service Profile was created. default: '2021-01-01T00:00:00.000Z' format: date-time updated_at: type: string description: The time when this self-service Profile was updated. default: '2021-01-01T00:00:00.000Z' format: date-time branding: $ref: '#/components/schemas/SelfServiceProfileBrandingProperties' allowed_strategies: type: array description: 'List of IdP strategies that will be shown to users during the Self-Service Enterprise Configuration flow. Possible values: [`oidc`, `samlp`, `waad`, `google-apps`, `adfs`, `okta`, `auth0-samlp`, `okta-samlp`, `keycloak-samlp`, `pingfederate`]' minItems: 1 items: $ref: '#/components/schemas/SelfServiceProfileAllowedStrategyEnum' user_attribute_profile_id: type: string description: ID of the user-attribute-profile to associate with this self-service profile. format: user-attribute-profile-id x-release-lifecycle: EA GetSessionResponseContent: type: object additionalProperties: true properties: id: type: string description: The ID of the session user_id: type: string description: ID of the user which can be used when interacting with other APIs. created_at: $ref: '#/components/schemas/SessionDate' updated_at: $ref: '#/components/schemas/SessionDate' authenticated_at: $ref: '#/components/schemas/SessionDate' idle_expires_at: $ref: '#/components/schemas/SessionDate' expires_at: $ref: '#/components/schemas/SessionDate' last_interacted_at: $ref: '#/components/schemas/SessionDate' device: $ref: '#/components/schemas/SessionDeviceMetadata' clients: type: array description: List of client details for the session items: $ref: '#/components/schemas/SessionClientMetadata' authentication: $ref: '#/components/schemas/SessionAuthenticationSignals' cookie: $ref: '#/components/schemas/SessionCookieMetadata' session_metadata: $ref: '#/components/schemas/SessionMetadata' GetSettingsResponseContent: type: object additionalProperties: true properties: universal_login_experience: $ref: '#/components/schemas/UniversalLoginExperienceEnum' identifier_first: type: boolean description: Whether identifier first is enabled or not webauthn_platform_first_factor: type: boolean description: Use WebAuthn with Device Biometrics as the first authentication factor GetSigningKeysResponseContent: type: object additionalProperties: false required: - cert - kid - fingerprint - thumbprint properties: kid: type: string description: The key id of the signing key default: 21hi274Rp02112mgkUGma cert: type: string description: The public certificate of the signing key default: "-----BEGIN CERTIFICATE-----\r\nMIIDDTCCA...YiA0TQhAt8=\r\n-----END CERTIFICATE-----" pkcs7: type: string description: The public certificate of the signing key in pkcs7 format default: "-----BEGIN PKCS7-----\r\nMIIDPA....t8xAA==\r\n-----END PKCS7-----" current: type: boolean description: True if the key is the the current key default: true next: type: boolean description: True if the key is the the next key previous: type: boolean description: True if the key is the the previous key current_since: $ref: '#/components/schemas/SigningKeysDate' current_until: $ref: '#/components/schemas/SigningKeysDate' fingerprint: type: string description: The cert fingerprint default: CC:FB:DD:D8:9A:B5:DE:1B:F0:CC:36:D2:99:59:21:12:03:DD:A8:25 thumbprint: type: string description: The cert thumbprint default: CCFBDDD89AB5DE1BF0CC36D29959211203DDA825 revoked: type: boolean description: True if the key is revoked revoked_at: $ref: '#/components/schemas/SigningKeysDate' GetSupplementalSignalsResponseContent: type: object additionalProperties: true properties: akamai_enabled: type: boolean description: Indicates if incoming Akamai Headers should be processed GetSuspiciousIPThrottlingSettingsResponseContent: type: object additionalProperties: false properties: enabled: type: boolean description: Whether or not suspicious IP throttling attack protections are active. shields: type: array description: "Action to take when a suspicious IP throttling threshold is violated.\n Possible values: block, admin_notification." items: $ref: '#/components/schemas/SuspiciousIPThrottlingShieldsEnum' allowlist: $ref: '#/components/schemas/SuspiciousIPThrottlingAllowlist' stage: $ref: '#/components/schemas/SuspiciousIPThrottlingStage' GetTenantSettingsResponseContent: type: object additionalProperties: false properties: change_password: $ref: '#/components/schemas/TenantSettingsPasswordPage' guardian_mfa_page: $ref: '#/components/schemas/TenantSettingsGuardianPage' default_audience: type: string description: Default audience for API authorization. default: '' default_directory: type: string description: 'Name of connection used for password grants at the `/token`endpoint. The following connection types are supported: LDAP, AD, Database Connections, Passwordless, Windows Azure Active Directory, ADFS.' default: '' error_page: $ref: '#/components/schemas/TenantSettingsErrorPage' device_flow: $ref: '#/components/schemas/TenantSettingsDeviceFlow' default_token_quota: $ref: '#/components/schemas/DefaultTokenQuota' x-release-lifecycle: EA flags: $ref: '#/components/schemas/TenantSettingsFlags' friendly_name: type: string description: Friendly name for this tenant. default: My Company picture_url: type: string description: 'URL of logo to be shown for this tenant (recommended size: 150x150)' default: https://mycompany.org/logo.png format: absolute-uri-or-empty support_email: type: string description: End-user support email address. default: support@mycompany.org format: email-or-empty support_url: type: string description: End-user support URL. default: https://mycompany.org/support format: absolute-uri-or-empty allowed_logout_urls: type: array description: URLs that are valid to redirect to after logout from Auth0. items: type: string format: url session_lifetime: type: number description: Number of hours a session will stay valid. default: 168 idle_session_lifetime: type: number description: Number of hours for which a session can be inactive before the user must log in again. default: 72 ephemeral_session_lifetime: type: number description: Number of hours an ephemeral (non-persistent) session will stay valid. default: 72 minimum: 1 idle_ephemeral_session_lifetime: type: number description: Number of hours for which an ephemeral (non-persistent) session can be inactive before the user must log in again. default: 24 minimum: 1 sandbox_version: type: string description: Selected sandbox version for the extensibility environment. default: '22' legacy_sandbox_version: type: string description: Selected sandbox version for rules and hooks extensibility. default: '' sandbox_versions_available: type: array description: Available sandbox versions for the extensibility environment. items: type: string default_redirection_uri: type: string description: The default absolute redirection uri, must be https enabled_locales: type: array description: Supported locales for the user interface. items: $ref: '#/components/schemas/SupportedLocales' session_cookie: $ref: '#/components/schemas/SessionCookieSchema' sessions: $ref: '#/components/schemas/TenantSettingsSessions' oidc_logout: $ref: '#/components/schemas/TenantOIDCLogoutSettings' allow_organization_name_in_authentication_api: type: boolean description: Whether to accept an organization name instead of an ID on auth endpoints default: false customize_mfa_in_postlogin_action: type: boolean description: Whether to enable flexible factors for MFA in the PostLogin action default: false acr_values_supported: type: - array - 'null' description: Supported ACR values minItems: 0 items: type: string format: acr mtls: $ref: '#/components/schemas/TenantSettingsMTLS' pushed_authorization_requests_supported: type: boolean description: Enables the use of Pushed Authorization Requests default: false authorization_response_iss_parameter_supported: type: - boolean - 'null' description: Supports iss parameter in authorization responses default: false skip_non_verifiable_callback_uri_confirmation_prompt: type: - boolean - 'null' description: 'Controls whether a confirmation prompt is shown during login flows when the redirect URI uses non-verifiable callback URIs (for example, a custom URI schema such as `myapp://`, or `localhost`). If set to true, a confirmation prompt will not be shown. We recommend that this is set to false for improved protection from malicious apps. See https://auth0.com/docs/secure/security-guidance/measures-against-app-impersonation for more information.' resource_parameter_profile: $ref: '#/components/schemas/TenantSettingsResourceParameterProfile' x-release-lifecycle: GA client_id_metadata_document_supported: type: boolean description: Whether the authorization server supports retrieving client metadata from a client_id URL. default: false x-release-lifecycle: EA phone_consolidated_experience: type: boolean description: Whether Phone Consolidated Experience is enabled for this tenant. enable_ai_guide: type: boolean description: Whether Auth0 Guide (AI-powered assistance) is enabled for this tenant. dynamic_client_registration_security_mode: $ref: '#/components/schemas/TenantSettingsDynamicClientRegistrationSecurityMode' x-release-lifecycle: GA GetTokenExchangeProfileResponseContent: type: object additionalProperties: true properties: id: type: string description: The unique ID of the token exchange profile. format: token-exchange-profile-id name: type: string description: Friendly name of this profile. default: Token Exchange Profile 1 minLength: 3 maxLength: 50 subject_token_type: type: string description: Subject token type for this profile. When receiving a token exchange request on the Authentication API, the corresponding token exchange profile with a matching subject_token_type will be executed. This must be a URI. minLength: 8 maxLength: 100 format: url action_id: type: string description: The ID of the Custom Token Exchange action to execute for this profile, in order to validate the subject_token. The action must use the custom-token-exchange trigger. minLength: 1 maxLength: 36 type: $ref: '#/components/schemas/TokenExchangeProfileTypeEnum' created_at: type: string description: The time when this profile was created. default: '2024-01-01T00:00:00.000Z' format: date-time updated_at: type: string description: The time when this profile was updated. default: '2024-01-01T00:00:00.000Z' format: date-time GetUniversalLoginTemplate: type: object additionalProperties: false properties: body: type: string description: The custom page template for the New Universal Login Experience GetUniversalLoginTemplateResponseContent: type: object oneOf: - $ref: '#/components/schemas/GetUniversalLoginTemplate' - type: string description: The custom page template for the New Universal Login Experience GetUserAttributeProfileResponseContent: type: object additionalProperties: false properties: id: $ref: '#/components/schemas/UserAttributeProfileId' name: $ref: '#/components/schemas/UserAttributeProfileName' user_id: $ref: '#/components/schemas/UserAttributeProfileUserId' user_attributes: $ref: '#/components/schemas/UserAttributeProfileUserAttributes' GetUserAttributeProfileTemplateResponseContent: type: object additionalProperties: false properties: id: type: string description: The id of the template. display_name: type: string description: The user-friendly name of the template displayed in the UI. template: $ref: '#/components/schemas/UserAttributeProfileTemplate' GetUserAuthenticationMethodResponseContent: type: object additionalProperties: false required: - id - type - created_at properties: id: type: string description: The ID of the authentication method (auto generated) type: $ref: '#/components/schemas/AuthenticationMethodTypeEnum' confirmed: type: boolean description: The authentication method status name: type: string description: A human-readable label to identify the authentication method maxLength: 20 authentication_methods: type: array items: $ref: '#/components/schemas/UserAuthenticationMethodProperties' preferred_authentication_method: $ref: '#/components/schemas/PreferredAuthenticationMethodEnum' link_id: type: string description: The ID of a linked authentication method. Linked authentication methods will be deleted together. phone_number: type: string description: Applies to phone authentication methods only. The destination phone number used to send verification codes via text and voice. email: type: string description: Applies to email and email-verification authentication methods only. The email address used to send verification messages. key_id: type: string description: Applies to webauthn authentication methods only. The ID of the generated credential. public_key: type: string description: Applies to webauthn authentication methods only. The public key. created_at: type: string description: Authenticator creation date format: date-time enrolled_at: type: string description: Enrollment date format: date-time last_auth_at: type: string description: Last authentication format: date-time credential_device_type: type: string description: Applies to passkeys only. The kind of device the credential is stored on as defined by backup eligibility. "single_device" credentials cannot be backed up and synced to another device, "multi_device" credentials can be backed up if enabled by the end-user. credential_backed_up: type: boolean description: Applies to passkeys only. Whether the credential was backed up. identity_user_id: type: string description: Applies to passkeys only. The ID of the user identity linked with the authentication method. user_agent: type: string description: Applies to passkeys only. The user-agent of the browser used to create the passkey. aaguid: type: string description: Applies to passkey authentication methods only. Authenticator Attestation Globally Unique Identifier. relying_party_identifier: type: string description: Applies to webauthn/passkey authentication methods only. The credential's relying party identifier. GetUserGroupsPaginatedResponseContent: type: object additionalProperties: false required: - groups properties: groups: type: array items: $ref: '#/components/schemas/UserGroupsResponseSchema' next: type: string description: A cursor to be used as the "from" query parameter for the next page of results. start: type: number limit: type: number total: type: number GetUserGroupsResponseContent: oneOf: - type: array items: $ref: '#/components/schemas/UserGroupsResponseSchema' - $ref: '#/components/schemas/GetUserGroupsPaginatedResponseContent' GetUserResponseContent: type: object additionalProperties: true properties: user_id: type: string description: ID of the user which can be used when interacting with other APIs. default: auth0|507f1f77bcf86cd799439020 email: type: string description: Email address of this user. default: john.doe@gmail.com format: email email_verified: type: boolean description: Whether this email address is verified (true) or unverified (false). default: false username: type: string description: Username of this user. default: johndoe phone_number: type: string description: Phone number for this user. Follows the E.164 recommendation. default: '+199999999999999' phone_verified: type: boolean description: Whether this phone number has been verified (true) or not (false). default: false created_at: $ref: '#/components/schemas/UserDateSchema' updated_at: $ref: '#/components/schemas/UserDateSchema' identities: type: array description: Array of user identity objects when accounts are linked. items: $ref: '#/components/schemas/UserIdentitySchema' app_metadata: $ref: '#/components/schemas/UserAppMetadataSchema' user_metadata: $ref: '#/components/schemas/UserMetadataSchema' picture: type: string description: URL to picture, photo, or avatar of this user. name: type: string description: Name of this user. nickname: type: string description: Preferred nickname or alias of this user. multifactor: type: array description: List of multi-factor authentication providers with which this user has enrolled. items: type: string last_ip: type: string description: Last IP address from which this user logged in. last_login: $ref: '#/components/schemas/UserDateSchema' logins_count: type: integer description: Total number of logins this user has performed. blocked: type: boolean description: Whether this user was blocked by an administrator (true) or is not (false). given_name: type: string description: Given name/first name/forename of this user. family_name: type: string description: Family name/last name/surname of this user. GetVerifiableCredentialTemplateResponseContent: type: object additionalProperties: true properties: id: type: string description: The id of the template. default: vct_0000000000000001 name: type: string description: The name of the template. type: type: string description: The type of the template. default: mdl dialect: type: string description: The dialect of the template. default: simplified/1.0 maxLength: 255 presentation: $ref: '#/components/schemas/MdlPresentationRequest' custom_certificate_authority: type: - string - 'null' description: The custom certificate authority. minLength: 1 maxLength: 4096 well_known_trusted_issuers: type: - string - 'null' description: The well-known trusted issuers, comma separated. minLength: 1 maxLength: 255 created_at: type: string description: The date and time the template was created. default: '2021-01-01T00:00:00Z' format: date-time updated_at: type: string description: The date and time the template was created. default: '2021-01-01T00:00:00Z' format: date-time Group: type: object description: Represents the metadata of a group. Member lists are retrieved via a separate endpoint. additionalProperties: true properties: id: type: string description: Unique identifier for the group (service-generated). minLength: 18 maxLength: 26 pattern: ^grp_[1-9a-km-zA-HJ-NP-Z]{14,22}$ name: type: string description: Name of the group. Must be unique within its connection. Must contain between 1 and 128 printable ASCII characters. minLength: 1 maxLength: 128 pattern: ^[\x20-\x7E]+$ external_id: type: string description: External identifier for the group, often used for SCIM synchronization. Max length of 256 characters. maxLength: 256 connection_id: type: string description: Identifier for the connection this group belongs to (if a connection group). format: connection-id tenant_name: type: string description: Identifier for the tenant this group belongs to. minLength: 3 pattern: ^[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?$ created_at: type: string description: Timestamp of when the group was created. format: date-time updated_at: type: string description: Timestamp of when the group was last updated. format: date-time GroupMember: type: object description: Represents the metadata of a group membership. additionalProperties: true properties: id: type: string description: Unique identifier for the member. member_type: $ref: '#/components/schemas/GroupMemberTypeEnum' type: $ref: '#/components/schemas/GroupTypeEnum' connection_id: type: string description: Identifier for the connection this group belongs to (if a connection group). format: connection-id created_at: type: string description: Timestamp of when the membership was created. format: date-time GroupMemberTypeEnum: type: string description: Type of the member. enum: - user - group GroupTypeEnum: type: string description: Type of the group. enum: - connection - organization - tenant GuardianEnrollmentDate: type: string default: '2016-07-12T17:56:26.804Z' description: Enrollment date and time. GuardianEnrollmentFactorEnum: type: string description: 'Optional. Specifies which factor the user must enroll with.
Note: Parameter can only be used with Universal Login; it cannot be used with Classic Login or custom MFA pages.' enum: - push-notification - phone - email - otp - webauthn-roaming - webauthn-platform GuardianEnrollmentStatus: type: string description: Status of this enrollment. Can be `pending` or `confirmed`. default: pending enum: - pending - confirmed GuardianFactor: type: object additionalProperties: false required: - enabled properties: enabled: type: boolean description: Whether this factor is enabled (true) or disabled (false). default: true trial_expired: type: boolean description: Whether trial limits have been exceeded. default: true name: $ref: '#/components/schemas/GuardianFactorNameEnum' GuardianFactorNameEnum: type: string description: Factor name. Can be `sms`, `push-notification`, `email`, `duo` `otp` `webauthn-roaming`, `webauthn-platform`, or `recovery-code`. default: sms minLength: 1 enum: - push-notification - sms - email - duo - otp - webauthn-roaming - webauthn-platform - recovery-code GuardianFactorPhoneFactorMessageTypeEnum: type: string enum: - sms - voice GuardianFactorsProviderPushNotificationProviderDataEnum: type: string enum: - guardian - sns - direct GuardianFactorsProviderSmsProviderEnum: type: string enum: - auth0 - twilio - phone-message-hook Hook: type: object additionalProperties: false properties: triggerId: type: string description: Trigger ID id: type: string description: ID of this hook. default: '00001' name: type: string description: Name of this hook. default: hook enabled: type: boolean description: Whether this hook will be executed (true) or ignored (false). default: true script: type: string description: Code to be executed when this hook runs. default: module.exports = function(client, scope, audience, context, cb) cb(null, access_token); }; dependencies: $ref: '#/components/schemas/HookDependencies' HookDependencies: type: object description: Dependencies of this hook used by webtask server. additionalProperties: type: string HookTriggerIdEnum: type: string enum: - credentials-exchange - pre-user-registration - post-user-registration - post-change-password - send-phone-message description: Retrieves hooks that match the trigger HttpCustomHeader: type: object additionalProperties: true properties: header: type: string description: HTTP header name value: type: string description: HTTP header value Identity: type: object description: This must be provided to verify primary social, enterprise and passwordless email identities. Also, is needed to verify secondary identities. additionalProperties: false required: - user_id - provider properties: user_id: type: string description: user_id of the identity to be verified. default: 5457edea1b8f22891a000004 provider: $ref: '#/components/schemas/IdentityProviderEnum' connection_id: type: string description: connection_id of the identity. pattern: ^con_[A-Za-z0-9]{16}$ IdentityProviderEnum: type: string description: Identity provider name of the identity (e.g. `google-oauth2`). default: google-oauth2 enum: - ad - adfs - amazon - apple - dropbox - bitbucket - auth0-oidc - auth0 - baidu - bitly - box - custom - daccount - dwolla - email - evernote-sandbox - evernote - exact - facebook - fitbit - github - google-apps - google-oauth2 - instagram - ip - line - linkedin - oauth1 - oauth2 - office365 - oidc - okta - paypal - paypal-sandbox - pingfederate - planningcenter - salesforce-community - salesforce-sandbox - salesforce - samlp - sharepoint - shopify - shop - sms - soundcloud - thirtysevensignals - twitter - untappd - vkontakte - waad - weibo - windowslive - wordpress - yahoo - yandex IdentityProviderOnlyAuth0Enum: type: string description: Identity provider name of the identity. Only `auth0` is supported default: auth0 enum: - auth0 ImportEncryptionKeyRequestContent: type: object additionalProperties: true required: - wrapped_key properties: wrapped_key: type: string description: Base64 encoded ciphertext of key material wrapped by public wrapping key. ImportEncryptionKeyResponseContent: type: object description: Encryption key additionalProperties: false required: - kid - type - state - created_at - updated_at properties: kid: type: string description: Key ID type: $ref: '#/components/schemas/EncryptionKeyType' state: $ref: '#/components/schemas/EncryptionKeyState' created_at: type: string description: Key creation timestamp format: date-time updated_at: type: string description: Key update timestamp format: date-time parent_kid: type: - string - 'null' description: ID of parent wrapping key public_key: type: - string - 'null' description: Public key in PEM format Integration: type: object description: 'Integration defines a self contained functioning unit which partners publish. A partner may create one or many of these integrations.' additionalProperties: false properties: id: type: string description: 'id is a system generated GUID. This same ID is designed to be federated in all the applicable localities.' default: 8e9fe2d0-a2fc-4c8c-9e35-dae5afadb70b catalog_id: type: string description: catalog_id refers to the ID in the marketplace catalog default: awesome-auth0-integration url_slug: type: string description: url_slug refers to the url_slug in the marketplace catalog default: awesome-auth0-integration-slug partner_id: type: string description: 'partner_id is the foreign key reference to the partner account this integration belongs to.' default: b8575c12-8d9d-4b5c-b28e-671fe9d39029 name: type: string description: 'name is the integration name, which will be used for display purposes in the marketplace. To start we''re going to make sure the display name is at least 3 characters. Can adjust this easily later.' default: Example Auth0 integration description: type: string description: 'description adds more text for the integration name -- also relevant for the marketplace listing.' default: An awesome Auth0 integration short_description: type: string description: short_description is the brief description of the integration, which is used for display purposes in cards default: Awesome Auth0 integration logo: type: string feature_type: $ref: '#/components/schemas/IntegrationFeatureTypeEnum' terms_of_use_url: type: string privacy_policy_url: type: string public_support_link: type: string current_release: $ref: '#/components/schemas/IntegrationRelease' created_at: type: string default: '2021-06-21T15:47:29.072Z' format: date-time updated_at: type: string default: '2021-06-21T15:47:29.072Z' format: date-time IntegrationFeatureTypeEnum: type: string description: feature_type is the type of the integration. default: action enum: - unspecified - action - social_connection - log_stream - sso_integration - sms_provider IntegrationRelease: type: object additionalProperties: true properties: id: type: string description: The id of the associated IntegrationRelease trigger: $ref: '#/components/schemas/ActionTrigger' x-release-lifecycle: GA semver: $ref: '#/components/schemas/IntegrationSemVer' required_secrets: type: array description: 'required_secrets declares all the necessary secrets for an integration to work.' items: $ref: '#/components/schemas/IntegrationRequiredParam' required_configuration: type: array description: required_configuration declares all the necessary configuration fields for an integration to work. items: $ref: '#/components/schemas/IntegrationRequiredParam' IntegrationRequiredParam: type: object description: 'Param are form input values, primarily utilized when specifying secrets and configuration values for actions. These are especially important for partner integrations -- but can be exposed to tenant admins as well if they want to parameterize their custom actions.' additionalProperties: false properties: type: $ref: '#/components/schemas/IntegrationRequiredParamTypeEnum' name: type: string description: The name of the parameter. required: type: boolean description: The flag for if this parameter is required. optional: type: boolean description: The temp flag for if this parameter is required (experimental; for Labs use only). label: type: string description: The short label for this parameter. description: type: string description: The lengthier description for this parameter. default_value: type: string description: The default value for this parameter. placeholder: type: string description: Placeholder text for this parameter. options: type: array description: The allowable options for this param. items: $ref: '#/components/schemas/IntegrationRequiredParamOption' IntegrationRequiredParamOption: type: object additionalProperties: false properties: value: type: string description: The value of an option that will be used within the application. label: type: string description: The display value of an option suitable for displaying in a UI. IntegrationRequiredParamTypeEnum: type: string enum: - UNSPECIFIED - STRING IntegrationSemVer: type: object description: Semver denotes the major.minor version of an integration release additionalProperties: false properties: major: type: integer description: Major is the major number of a semver default: 1 minor: type: integer description: Minior is the minior number of a semver default: 1 JobFileFormatEnum: type: string description: Format of the file. Must be `json` or `csv`. enum: - json - csv LinkUserIdentityRequestContent: type: object additionalProperties: false minProperties: 1 properties: provider: $ref: '#/components/schemas/UserIdentityProviderEnum' description: Identity provider of the secondary user account being linked. connection_id: type: string description: connection_id of the secondary user account being linked when more than one `auth0` database provider exists. pattern: ^con_[A-Za-z0-9]{16}$ user_id: $ref: '#/components/schemas/UserId' link_with: type: string description: JWT for the secondary account being linked. If sending this parameter, `provider`, `user_id`, and `connection_id` must not be sent. default: '{SECONDARY_ACCOUNT_JWT}' LinkedClientConfiguration: type: object description: Configuration for linked clients in the OIN Express Configuration feature. additionalProperties: false required: - client_id properties: client_id: type: string description: The ID of the linked client. format: client-id ListActionBindingsPaginatedResponseContent: type: object additionalProperties: false properties: total: type: number description: The total result count. default: 1 page: type: number description: Page index of the results being returned. First page is 0. default: 0 per_page: type: number description: Number of results per page. default: 20 bindings: type: array description: The list of actions that are bound to this trigger in the order in which they will be executed. items: $ref: '#/components/schemas/ActionBinding' ListActionTriggersResponseContent: type: object additionalProperties: false properties: triggers: type: array items: $ref: '#/components/schemas/ActionTrigger' x-release-lifecycle: GA ListActionVersionsPaginatedResponseContent: type: object additionalProperties: false properties: total: type: number description: The total result count. default: 1 page: type: number description: Page index of the results being returned. First page is 0. default: 0 per_page: type: number description: Number of results per page. default: 20 versions: type: array items: $ref: '#/components/schemas/ActionVersion' ListActionsPaginatedResponseContent: type: object additionalProperties: false properties: total: type: number description: The total result count. default: 1 page: type: number description: Page index of the results being returned. First page is 0. default: 0 per_page: type: number description: Number of results per page. default: 20 actions: type: array description: The list of actions. items: $ref: '#/components/schemas/Action' ListAculsOffsetPaginatedResponseContent: type: object additionalProperties: false properties: configs: type: array items: $ref: '#/components/schemas/ListAculsResponseContentItem' start: type: number description: the index of the first configuration in the response (before filtering) limit: type: number description: the maximum number of configurations shown per page (before filtering) total: type: number description: the total number of configurations on this tenant ListAculsResponseContent: oneOf: - type: array items: $ref: '#/components/schemas/ListAculsResponseContentItem' - $ref: '#/components/schemas/ListAculsOffsetPaginatedResponseContent' ListAculsResponseContentItem: type: object additionalProperties: true properties: tenant: type: string description: Tenant ID prompt: type: string description: Name of the prompt screen: type: string description: Name of the screen rendering_mode: $ref: '#/components/schemas/AculRenderingModeEnum' description: Rendering mode context_configuration: $ref: '#/components/schemas/AculContextConfiguration' default_head_tags_disabled: type: - boolean - 'null' description: Override Universal Login default head tags default: false use_page_template: type: - boolean - 'null' description: Use page template with ACUL default: false head_tags: type: - array - 'null' description: An array of head tags items: $ref: '#/components/schemas/AculHeadTag' filters: $ref: '#/components/schemas/AculFilters' ListBrandingPhoneProvidersResponseContent: type: object additionalProperties: false properties: providers: type: array items: $ref: '#/components/schemas/PhoneProviderSchemaMasked' ListClientConnectionsResponseContent: type: object additionalProperties: true required: - connections properties: connections: type: array items: $ref: '#/components/schemas/ConnectionForList' next: type: string description: Encoded next token ListClientGrantOffsetPaginatedResponseContent: type: object additionalProperties: false properties: start: type: number limit: type: number total: type: number client_grants: type: array items: $ref: '#/components/schemas/ClientGrantResponseContent' ListClientGrantOrganizationsOffsetPaginatedResponseContent: type: object additionalProperties: false properties: start: type: number limit: type: number total: type: number organizations: type: array items: $ref: '#/components/schemas/Organization' ListClientGrantOrganizationsPaginatedResponseContent: type: object additionalProperties: false properties: next: type: string description: Opaque identifier for use with the from query parameter for the next page of results.
This identifier is valid for 24 hours. organizations: type: array items: $ref: '#/components/schemas/Organization' ListClientGrantOrganizationsResponseContent: oneOf: - type: array items: $ref: '#/components/schemas/Organization' - $ref: '#/components/schemas/ListClientGrantOrganizationsOffsetPaginatedResponseContent' - $ref: '#/components/schemas/ListClientGrantOrganizationsPaginatedResponseContent' ListClientGrantPaginatedResponseContent: type: object additionalProperties: false properties: next: type: string description: Opaque identifier for use with the from query parameter for the next page of results.
This identifier is valid for 24 hours. client_grants: type: array items: $ref: '#/components/schemas/ClientGrantResponseContent' ListClientGrantResponseContent: oneOf: - type: array items: $ref: '#/components/schemas/ClientGrantResponseContent' - $ref: '#/components/schemas/ListClientGrantOffsetPaginatedResponseContent' - $ref: '#/components/schemas/ListClientGrantPaginatedResponseContent' ListClientsOffsetPaginatedResponseContent: type: object additionalProperties: false properties: start: type: number limit: type: number total: type: number clients: type: array items: $ref: '#/components/schemas/Client' ListClientsPaginatedResponseContent: type: object additionalProperties: false properties: next: type: string description: Opaque identifier for use with the from query parameter for the next page of results.
This identifier is valid for 24 hours. clients: type: array items: $ref: '#/components/schemas/Client' ListConnectionProfileTemplateResponseContent: type: object additionalProperties: false properties: connection_profile_templates: type: array items: $ref: '#/components/schemas/ConnectionProfileTemplateItem' ListConnectionProfilesPaginatedResponseContent: type: object additionalProperties: false properties: next: type: string description: A cursor to be used as the "from" query parameter for the next page of results. connection_profiles: type: array items: $ref: '#/components/schemas/ConnectionProfile' ListConnectionsCheckpointPaginatedResponseContent: type: object additionalProperties: false properties: next: type: string description: Opaque identifier for use with the from query parameter for the next page of results. connections: type: array items: $ref: '#/components/schemas/ConnectionForList' ListConnectionsOffsetPaginatedResponseContent: type: object additionalProperties: false properties: start: type: number limit: type: number total: type: number connections: type: array items: $ref: '#/components/schemas/ConnectionForList' ListConnectionsResponseContent: oneOf: - type: array items: $ref: '#/components/schemas/ConnectionForList' - $ref: '#/components/schemas/ListConnectionsOffsetPaginatedResponseContent' - $ref: '#/components/schemas/ListConnectionsCheckpointPaginatedResponseContent' ListCustomDomainsPaginatedResponseContent: type: object additionalProperties: false required: - custom_domains properties: custom_domains: type: array items: $ref: '#/components/schemas/CustomDomain' next: type: string description: A cursor to be used as the "from" query parameter for the next page of results. ListCustomDomainsResponseContent: oneOf: - type: array items: $ref: '#/components/schemas/CustomDomain' - $ref: '#/components/schemas/ListCustomDomainsPaginatedResponseContent' ListDeviceCredentialsOffsetPaginatedResponseContent: type: object additionalProperties: false properties: start: type: number limit: type: number total: type: number device_credentials: type: array items: $ref: '#/components/schemas/DeviceCredential' ListDeviceCredentialsResponseContent: oneOf: - type: array items: $ref: '#/components/schemas/DeviceCredential' - $ref: '#/components/schemas/ListDeviceCredentialsOffsetPaginatedResponseContent' ListDirectoryProvisioningsResponseContent: type: object additionalProperties: false required: - directory_provisionings properties: directory_provisionings: type: array description: List of directory provisioning configurations items: $ref: '#/components/schemas/DirectoryProvisioning' next: type: string description: The cursor to be used as the "from" query parameter for the next page of results. ListEncryptionKeyOffsetPaginatedResponseContent: type: object additionalProperties: false properties: start: type: integer description: Page index of the results to return. First page is 0. limit: type: integer description: Number of results per page. total: type: integer description: Total amount of encryption keys. keys: type: array description: Encryption keys. items: $ref: '#/components/schemas/EncryptionKey' ListEncryptionKeysResponseContent: oneOf: - type: array description: Encryption keys. items: $ref: '#/components/schemas/EncryptionKey' - $ref: '#/components/schemas/ListEncryptionKeyOffsetPaginatedResponseContent' ListEventStreamsResponseContent: type: object additionalProperties: true properties: eventStreams: type: array items: $ref: '#/components/schemas/EventStreamResponseContent' next: type: string description: Opaque identifier for use with the from query parameter for the next page of results. ListFlowExecutionsOffsetPaginatedResponseContent: type: object additionalProperties: false properties: start: type: number limit: type: number total: type: number executions: type: array items: $ref: '#/components/schemas/FlowExecutionSummary' ListFlowExecutionsPaginatedResponseContent: type: object additionalProperties: false properties: next: type: string description: Opaque identifier for use with the from query parameter for the next page of results.
This identifier is valid for 24 hours. executions: type: array items: $ref: '#/components/schemas/FlowExecutionSummary' ListFlowExecutionsResponseContent: type: array items: $ref: '#/components/schemas/FlowExecutionSummary' ListFlowsOffsetPaginatedResponseContent: type: object additionalProperties: false properties: start: type: number limit: type: number total: type: number flows: type: array items: $ref: '#/components/schemas/FlowSummary' ListFlowsRequestParametersHydrateEnum: type: string maxLength: 50 enum: - form_count ListFlowsResponseContent: oneOf: - type: array items: $ref: '#/components/schemas/FlowSummary' - $ref: '#/components/schemas/ListFlowsOffsetPaginatedResponseContent' ListFlowsVaultConnectionsOffsetPaginatedResponseContent: type: object additionalProperties: false properties: start: type: number limit: type: number total: type: number connections: type: array items: $ref: '#/components/schemas/FlowsVaultConnectionSummary' ListFlowsVaultConnectionsResponseContent: oneOf: - type: array items: $ref: '#/components/schemas/FlowsVaultConnectionSummary' - $ref: '#/components/schemas/ListFlowsVaultConnectionsOffsetPaginatedResponseContent' ListFormsOffsetPaginatedResponseContent: type: object additionalProperties: false properties: start: type: number limit: type: number total: type: number forms: type: array items: $ref: '#/components/schemas/FormSummary' ListFormsResponseContent: oneOf: - type: array items: $ref: '#/components/schemas/FormSummary' - $ref: '#/components/schemas/ListFormsOffsetPaginatedResponseContent' ListGroupsPaginatedResponseContent: type: object additionalProperties: false required: - groups properties: groups: type: array items: $ref: '#/components/schemas/Group' next: type: string description: A cursor to be used as the "from" query parameter for the next page of results. start: type: number limit: type: number total: type: number ListGroupsResponseContent: oneOf: - type: array items: $ref: '#/components/schemas/Group' - $ref: '#/components/schemas/ListGroupsPaginatedResponseContent' ListGuardianPoliciesResponseContent: type: array items: $ref: '#/components/schemas/MFAPolicyEnum' ListHooksOffsetPaginatedResponseContent: type: object additionalProperties: false properties: start: type: number limit: type: number total: type: number hooks: type: array items: $ref: '#/components/schemas/Hook' ListHooksResponseContent: oneOf: - type: array items: $ref: '#/components/schemas/Hook' - $ref: '#/components/schemas/ListHooksOffsetPaginatedResponseContent' ListLogOffsetPaginatedResponseContent: type: object additionalProperties: false properties: start: type: number limit: type: number length: type: number total: type: number logs: type: array items: $ref: '#/components/schemas/Log' ListLogResponseContent: oneOf: - type: array items: $ref: '#/components/schemas/Log' - $ref: '#/components/schemas/ListLogOffsetPaginatedResponseContent' ListNetworkAclsOffsetPaginatedResponseContent: type: object additionalProperties: false properties: network_acls: type: array items: $ref: '#/components/schemas/NetworkAclsResponseContent' start: type: number limit: type: number total: type: number ListNetworkAclsResponseContent: oneOf: - $ref: '#/components/schemas/ListNetworkAclsOffsetPaginatedResponseContent' - type: array items: $ref: '#/components/schemas/NetworkAclsResponseContent' ListOrganizationAllConnectionsOffsetPaginatedResponseContent: type: object additionalProperties: false properties: start: type: number limit: type: number total: type: number connections: type: array items: $ref: '#/components/schemas/OrganizationAllConnectionPost' ListOrganizationAllConnectionsResponseContent: oneOf: - type: array items: $ref: '#/components/schemas/OrganizationAllConnectionPost' - $ref: '#/components/schemas/ListOrganizationAllConnectionsOffsetPaginatedResponseContent' ListOrganizationClientGrantsOffsetPaginatedResponseContent: type: object additionalProperties: false properties: start: type: number limit: type: number total: type: number client_grants: type: array items: $ref: '#/components/schemas/OrganizationClientGrant' ListOrganizationClientGrantsResponseContent: oneOf: - type: array items: $ref: '#/components/schemas/OrganizationClientGrant' - $ref: '#/components/schemas/ListOrganizationClientGrantsOffsetPaginatedResponseContent' ListOrganizationConnectionsOffsetPaginatedResponseContent: type: object additionalProperties: false properties: start: type: number limit: type: number total: type: number enabled_connections: type: array items: $ref: '#/components/schemas/OrganizationConnection' ListOrganizationConnectionsResponseContent: oneOf: - type: array items: $ref: '#/components/schemas/OrganizationConnection' - $ref: '#/components/schemas/ListOrganizationConnectionsOffsetPaginatedResponseContent' ListOrganizationDiscoveryDomainsResponseContent: type: object additionalProperties: false required: - domains properties: next: type: string domains: type: array items: $ref: '#/components/schemas/OrganizationDiscoveryDomain' ListOrganizationInvitationsOffsetPaginatedResponseContent: type: object additionalProperties: false properties: start: type: number limit: type: number invitations: type: array items: $ref: '#/components/schemas/OrganizationInvitation' ListOrganizationInvitationsResponseContent: oneOf: - type: array items: $ref: '#/components/schemas/OrganizationInvitation' - $ref: '#/components/schemas/ListOrganizationInvitationsOffsetPaginatedResponseContent' ListOrganizationMemberRolesOffsetPaginatedResponseContent: type: object additionalProperties: false properties: start: type: number limit: type: number total: type: number roles: type: array items: $ref: '#/components/schemas/Role' ListOrganizationMemberRolesResponseContent: oneOf: - type: array items: $ref: '#/components/schemas/Role' - $ref: '#/components/schemas/ListOrganizationMemberRolesOffsetPaginatedResponseContent' ListOrganizationMembersOffsetPaginatedResponseContent: type: object additionalProperties: false properties: start: type: number limit: type: number total: type: number members: type: array items: $ref: '#/components/schemas/OrganizationMember' ListOrganizationMembersPaginatedResponseContent: type: object additionalProperties: true properties: next: type: string members: type: array items: $ref: '#/components/schemas/OrganizationMember' ListOrganizationMembersResponseContent: oneOf: - type: array items: $ref: '#/components/schemas/OrganizationMember' - $ref: '#/components/schemas/ListOrganizationMembersOffsetPaginatedResponseContent' - $ref: '#/components/schemas/ListOrganizationMembersPaginatedResponseContent' ListOrganizationsOffsetPaginatedResponseContent: type: object additionalProperties: false properties: start: type: number limit: type: number total: type: number organizations: type: array items: $ref: '#/components/schemas/Organization' ListOrganizationsPaginatedResponseContent: type: object additionalProperties: false properties: next: type: string organizations: type: array items: $ref: '#/components/schemas/Organization' ListOrganizationsResponseContent: oneOf: - type: array items: $ref: '#/components/schemas/Organization' - $ref: '#/components/schemas/ListOrganizationsOffsetPaginatedResponseContent' - $ref: '#/components/schemas/ListOrganizationsPaginatedResponseContent' ListPhoneTemplatesResponseContent: type: object additionalProperties: false properties: templates: type: array items: $ref: '#/components/schemas/PhoneTemplate' ListRefreshTokensPaginatedResponseContent: type: object additionalProperties: true properties: tokens: type: array items: $ref: '#/components/schemas/RefreshTokenResponseContent' next: type: string description: A cursor to be used as the "from" query parameter for the next page of results. ListResourceServerOffsetPaginatedResponseContent: type: object additionalProperties: false properties: start: type: number limit: type: number total: type: number resource_servers: type: array items: $ref: '#/components/schemas/ResourceServer' ListResourceServerResponseContent: oneOf: - type: array items: $ref: '#/components/schemas/ResourceServer' - $ref: '#/components/schemas/ListResourceServerOffsetPaginatedResponseContent' ListRolePermissionsOffsetPaginatedResponseContent: type: object additionalProperties: false properties: start: type: number limit: type: number total: type: number permissions: type: array items: $ref: '#/components/schemas/PermissionsResponsePayload' ListRolePermissionsResponseContent: oneOf: - type: array items: $ref: '#/components/schemas/PermissionsResponsePayload' - $ref: '#/components/schemas/ListRolePermissionsOffsetPaginatedResponseContent' ListRoleUsersOffsetPaginatedResponseContent: type: object additionalProperties: false properties: start: type: number limit: type: number total: type: number users: type: array items: $ref: '#/components/schemas/RoleUser' ListRoleUsersPaginatedResponseContent: type: object additionalProperties: false properties: next: type: string users: type: array items: $ref: '#/components/schemas/RoleUser' ListRoleUsersResponseContent: oneOf: - type: array items: $ref: '#/components/schemas/RoleUser' - $ref: '#/components/schemas/ListRoleUsersOffsetPaginatedResponseContent' - $ref: '#/components/schemas/ListRoleUsersPaginatedResponseContent' ListRolesOffsetPaginatedResponseContent: type: object additionalProperties: false properties: start: type: number limit: type: number total: type: number roles: type: array items: $ref: '#/components/schemas/Role' ListRolesResponseContent: oneOf: - type: array items: $ref: '#/components/schemas/Role' - $ref: '#/components/schemas/ListRolesOffsetPaginatedResponseContent' ListRulesOffsetPaginatedResponseContent: type: object additionalProperties: false properties: start: type: number limit: type: number total: type: number rules: type: array items: $ref: '#/components/schemas/Rule' ListRulesResponseContent: oneOf: - type: array items: $ref: '#/components/schemas/Rule' - $ref: '#/components/schemas/ListRulesOffsetPaginatedResponseContent' ListSCIMConfigurationsResponseContent: type: object additionalProperties: false required: - scim_configurations properties: scim_configurations: type: array description: List of SCIM configurations items: $ref: '#/components/schemas/ScimConfiguration' next: type: string description: The cursor to be used as the "from" query parameter for the next page of results. ListSelfServiceProfileCustomTextResponseContent: type: object description: The list of custom text keys and values. additionalProperties: type: string ListSelfServiceProfilesPaginatedResponseContent: type: object additionalProperties: false properties: start: type: number limit: type: number total: type: number self_service_profiles: type: array items: $ref: '#/components/schemas/SelfServiceProfile' ListSelfServiceProfilesResponseContent: oneOf: - type: array items: $ref: '#/components/schemas/SelfServiceProfile' - $ref: '#/components/schemas/ListSelfServiceProfilesPaginatedResponseContent' ListSynchronizedGroupsResponseContent: type: object additionalProperties: false required: - groups properties: groups: type: array description: Array of Google Workspace group ids configured for synchronization. items: $ref: '#/components/schemas/SynchronizedGroupPayload' next: type: string description: The cursor to be used as the "from" query parameter for the next page of results. ListTokenExchangeProfileResponseContent: type: object additionalProperties: false properties: next: type: string description: Opaque identifier for use with the from query parameter for the next page of results.
This identifier is valid for 24 hours. token_exchange_profiles: type: array items: $ref: '#/components/schemas/TokenExchangeProfileResponseContent' ListUserAttributeProfileTemplateResponseContent: type: object additionalProperties: false properties: user_attribute_profile_templates: type: array items: $ref: '#/components/schemas/UserAttributeProfileTemplateItem' ListUserAttributeProfilesPaginatedResponseContent: type: object additionalProperties: false properties: next: type: string description: A cursor to be used as the "from" query parameter for the next page of results. user_attribute_profiles: type: array items: $ref: '#/components/schemas/UserAttributeProfile' ListUserAuthenticationMethodsOffsetPaginatedResponseContent: type: object additionalProperties: false properties: start: type: number description: Index of the starting record. Derived from the page and per_page parameters. limit: type: number description: Maximum amount of records to return. total: type: number description: Total number of pageable records. authenticators: type: array description: The paginated authentication methods. Returned in this structure when include_totals is true. items: $ref: '#/components/schemas/UserAuthenticationMethod' ListUserAuthenticationMethodsResponseContent: oneOf: - type: array description: The paginated authentication methods. Returned in this structure when include_totals is false. items: $ref: '#/components/schemas/UserAuthenticationMethod' - $ref: '#/components/schemas/ListUserAuthenticationMethodsOffsetPaginatedResponseContent' ListUserBlocksByIdentifierResponseContent: type: object additionalProperties: false properties: blocked_for: type: array description: Array of identifier + IP address pairs. IP address is optional, and may be omitted in certain circumstances (such as Account Lockout mode). items: $ref: '#/components/schemas/UserBlockIdentifier' ListUserBlocksResponseContent: type: object additionalProperties: false properties: blocked_for: type: array description: Array of identifier + IP address pairs. IP address is optional, and may be omitted in certain circumstances (such as Account Lockout mode). items: $ref: '#/components/schemas/UserBlockIdentifier' ListUserConnectedAccountsResponseContent: type: object additionalProperties: false required: - connected_accounts properties: connected_accounts: type: array items: $ref: '#/components/schemas/ConnectedAccount' next: type: string description: The token to retrieve the next page of connected accounts (if there is one) ListUserGrantsOffsetPaginatedResponseContent: type: object additionalProperties: false properties: start: type: number limit: type: number total: type: number grants: type: array items: $ref: '#/components/schemas/UserGrant' ListUserGrantsResponseContent: oneOf: - type: array items: $ref: '#/components/schemas/UserGrant' - $ref: '#/components/schemas/ListUserGrantsOffsetPaginatedResponseContent' ListUserOrganizationsOffsetPaginatedResponseContent: type: object additionalProperties: false properties: start: type: number limit: type: number total: type: number organizations: type: array items: $ref: '#/components/schemas/Organization' ListUserOrganizationsResponseContent: oneOf: - type: array items: $ref: '#/components/schemas/Organization' - $ref: '#/components/schemas/ListUserOrganizationsOffsetPaginatedResponseContent' ListUserPermissionsOffsetPaginatedResponseContent: type: object additionalProperties: false properties: start: type: number limit: type: number total: type: number permissions: type: array items: $ref: '#/components/schemas/UserPermissionSchema' ListUserPermissionsResponseContent: oneOf: - type: array items: $ref: '#/components/schemas/UserPermissionSchema' - $ref: '#/components/schemas/ListUserPermissionsOffsetPaginatedResponseContent' ListUserRolesOffsetPaginatedResponseContent: type: object additionalProperties: false properties: start: type: number limit: type: number total: type: number roles: type: array items: $ref: '#/components/schemas/Role' ListUserRolesResponseContent: oneOf: - type: array items: $ref: '#/components/schemas/Role' - $ref: '#/components/schemas/ListUserRolesOffsetPaginatedResponseContent' ListUserSessionsPaginatedResponseContent: type: object additionalProperties: true properties: sessions: type: array items: $ref: '#/components/schemas/SessionResponseContent' next: type: string description: A cursor to be used as the "from" query parameter for the next page of results. ListUsersOffsetPaginatedResponseContent: type: object additionalProperties: false properties: start: type: number limit: type: number length: type: number total: type: number users: type: array items: $ref: '#/components/schemas/UserResponseSchema' ListUsersResponseContent: oneOf: - type: array items: $ref: '#/components/schemas/UserResponseSchema' - $ref: '#/components/schemas/ListUsersOffsetPaginatedResponseContent' ListVerifiableCredentialTemplatesPaginatedResponseContent: type: object additionalProperties: false properties: next: type: - string - 'null' description: Opaque identifier for use with the from query parameter for the next page of results.
This identifier is valid for 24 hours. templates: type: array items: $ref: '#/components/schemas/VerifiableCredentialTemplateResponse' Log: type: object additionalProperties: true properties: date: $ref: '#/components/schemas/LogDate' type: type: string description: Type of event. default: sapi description: type: - string - 'null' description: Description of this event. connection: type: string description: Name of the connection the event relates to. connection_id: type: string description: ID of the connection the event relates to. client_id: type: string description: ID of the client (application). default: AaiyAPdpYdesoKnqjj8HJqRn4T5titww client_name: type: string description: Name of the client (application). default: My application Name ip: type: string description: IP address of the log event source. default: 190.257.209.19 hostname: type: string description: Hostname the event applies to. default: 190.257.209.19 user_id: type: string description: ID of the user involved in the event. default: auth0|56c75c4e42b6359e98374bc2 user_name: type: string description: Name of the user involved in the event. audience: type: string description: API audience the event applies to. scope: type: string description: Scope permissions applied to the event. default: '' strategy: type: string description: Name of the strategy involved in the event. strategy_type: type: string description: Type of strategy involved in the event. log_id: type: string description: Unique ID of the event. isMobile: type: boolean description: Whether the client was a mobile device (true) or desktop/laptop/server (false). details: $ref: '#/components/schemas/LogDetails' user_agent: type: string description: User agent string from the client device that caused the event. security_context: $ref: '#/components/schemas/LogSecurityContext' location_info: $ref: '#/components/schemas/LogLocationInfo' LogDate: oneOf: - type: string description: Date when the event occurred in ISO 8601 format. default: '2016-02-23T19:57:29.532Z' - $ref: '#/components/schemas/LogDateObject' LogDateObject: type: object description: Date when the event occurred in ISO 8601 format. additionalProperties: true LogDetails: type: object description: Additional useful details about this event (structure is dependent upon event type). additionalProperties: true LogLocationInfo: type: object description: Information about the location that triggered this event based on the `ip`. additionalProperties: true properties: country_code: type: string description: Two-letter Alpha-2 ISO 3166-1 country code. minLength: 2 maxLength: 2 country_code3: type: string description: Three-letter Alpha-3 ISO 3166-1 country code. minLength: 3 maxLength: 3 country_name: type: string description: Full country name in English. city_name: type: string description: Full city name in English. latitude: type: number description: Global latitude (horizontal) position. longitude: type: number description: Global longitude (vertical) position. time_zone: type: string description: Time zone name as found in the tz database. continent_code: type: string description: Continent the country is located within. Can be `AF` (Africa), `AN` (Antarctica), `AS` (Asia), `EU` (Europe), `NA` (North America), `OC` (Oceania) or `SA` (South America). LogSecurityContext: type: object description: Information about security-related signals. additionalProperties: true properties: ja3: type: string description: JA3 fingerprint value. ja4: type: string description: JA4 fingerprint value. LogStreamDatadogEnum: type: string enum: - datadog LogStreamDatadogRegionEnum: type: string description: Datadog region enum: - us - eu - us3 - us5 LogStreamDatadogResponseSchema: type: object additionalProperties: true properties: id: type: string description: The id of the log stream format: log-stream-id name: type: string description: log stream name status: $ref: '#/components/schemas/LogStreamStatusEnum' type: $ref: '#/components/schemas/LogStreamDatadogEnum' isPriority: type: boolean description: True for priority log streams, false for non-priority filters: type: array description: Only logs events matching these filters will be delivered by the stream. If omitted or empty, all events will be delivered. items: $ref: '#/components/schemas/LogStreamFilter' pii_config: $ref: '#/components/schemas/LogStreamPiiConfig' sink: $ref: '#/components/schemas/LogStreamDatadogSink' LogStreamDatadogSink: type: object additionalProperties: false required: - datadogApiKey - datadogRegion properties: datadogApiKey: type: string description: Datadog API Key datadogRegion: $ref: '#/components/schemas/LogStreamDatadogRegionEnum' LogStreamEventBridgeEnum: type: string enum: - eventbridge LogStreamEventBridgeResponseSchema: type: object additionalProperties: true properties: id: type: string description: The id of the log stream format: log-stream-id name: type: string description: log stream name status: $ref: '#/components/schemas/LogStreamStatusEnum' type: $ref: '#/components/schemas/LogStreamEventBridgeEnum' isPriority: type: boolean description: True for priority log streams, false for non-priority filters: type: array description: Only logs events matching these filters will be delivered by the stream. If omitted or empty, all events will be delivered. items: $ref: '#/components/schemas/LogStreamFilter' pii_config: $ref: '#/components/schemas/LogStreamPiiConfig' sink: $ref: '#/components/schemas/LogStreamEventBridgeSink' LogStreamEventBridgeSink: type: object additionalProperties: false required: - awsAccountId - awsRegion properties: awsAccountId: type: string description: AWS account ID pattern: ^\d{12}$ awsRegion: $ref: '#/components/schemas/LogStreamEventBridgeSinkRegionEnum' awsPartnerEventSource: type: string description: AWS EventBridge partner event source LogStreamEventBridgeSinkRegionEnum: type: string description: The region in which the EventBridge event source will be created enum: - af-south-1 - ap-east-1 - ap-east-2 - ap-northeast-1 - ap-northeast-2 - ap-northeast-3 - ap-south-1 - ap-south-2 - ap-southeast-1 - ap-southeast-2 - ap-southeast-3 - ap-southeast-4 - ap-southeast-5 - ap-southeast-6 - ap-southeast-7 - ca-central-1 - ca-west-1 - eu-central-1 - eu-central-2 - eu-north-1 - eu-south-1 - eu-south-2 - eu-west-1 - eu-west-2 - eu-west-3 - il-central-1 - me-central-1 - me-south-1 - mx-central-1 - sa-east-1 - us-gov-east-1 - us-gov-west-1 - us-east-1 - us-east-2 - us-west-1 - us-west-2 LogStreamEventGridEnum: type: string enum: - eventgrid LogStreamEventGridRegionEnum: type: string description: Azure Region Name enum: - australiacentral - australiaeast - australiasoutheast - brazilsouth - canadacentral - canadaeast - centralindia - centralus - eastasia - eastus - eastus2 - francecentral - germanywestcentral - japaneast - japanwest - koreacentral - koreasouth - northcentralus - northeurope - norwayeast - southafricanorth - southcentralus - southeastasia - southindia - swedencentral - switzerlandnorth - uaenorth - uksouth - ukwest - westcentralus - westeurope - westindia - westus - westus2 LogStreamEventGridResponseSchema: type: object additionalProperties: true properties: id: type: string description: The id of the log stream format: log-stream-id name: type: string description: log stream name status: $ref: '#/components/schemas/LogStreamStatusEnum' type: $ref: '#/components/schemas/LogStreamEventGridEnum' isPriority: type: boolean description: True for priority log streams, false for non-priority filters: type: array description: Only logs events matching these filters will be delivered by the stream. If omitted or empty, all events will be delivered. items: $ref: '#/components/schemas/LogStreamFilter' pii_config: $ref: '#/components/schemas/LogStreamPiiConfig' sink: $ref: '#/components/schemas/LogStreamEventGridSink' LogStreamEventGridSink: type: object additionalProperties: false required: - azureSubscriptionId - azureRegion - azureResourceGroup properties: azureSubscriptionId: type: string description: Subscription ID pattern: ^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$ azureRegion: $ref: '#/components/schemas/LogStreamEventGridRegionEnum' azureResourceGroup: type: string description: Resource Group azurePartnerTopic: type: string description: Partner Topic LogStreamFilter: type: object additionalProperties: true properties: type: $ref: '#/components/schemas/LogStreamFilterTypeEnum' name: $ref: '#/components/schemas/LogStreamFilterGroupNameEnum' LogStreamFilterGroupNameEnum: type: string description: Category group name enum: - auth.login.fail - auth.login.notification - auth.login.success - auth.logout.fail - auth.logout.success - auth.signup.fail - auth.signup.success - auth.silent_auth.fail - auth.silent_auth.success - auth.token_exchange.fail - auth.token_exchange.success - management.fail - management.success - scim.event - system.notification - user.fail - user.notification - user.success - actions - other LogStreamFilterTypeEnum: type: string description: Filter type. Currently `category` is the only valid type. enum: - category LogStreamHttpContentFormatEnum: type: string description: HTTP JSON format enum: - JSONARRAY - JSONLINES - JSONOBJECT LogStreamHttpEnum: type: string enum: - http LogStreamHttpResponseSchema: type: object additionalProperties: true properties: id: type: string description: The id of the log stream format: log-stream-id name: type: string description: log stream name status: $ref: '#/components/schemas/LogStreamStatusEnum' type: $ref: '#/components/schemas/LogStreamHttpEnum' isPriority: type: boolean description: True for priority log streams, false for non-priority filters: type: array description: Only logs events matching these filters will be delivered by the stream. If omitted or empty, all events will be delivered. items: $ref: '#/components/schemas/LogStreamFilter' pii_config: $ref: '#/components/schemas/LogStreamPiiConfig' sink: $ref: '#/components/schemas/LogStreamHttpSink' LogStreamHttpSink: type: object additionalProperties: false required: - httpEndpoint properties: httpAuthorization: type: string description: HTTP Authorization header httpContentFormat: $ref: '#/components/schemas/LogStreamHttpContentFormatEnum' httpContentType: type: string description: HTTP Content-Type header httpEndpoint: type: string description: HTTP endpoint pattern: ^https://.* httpCustomHeaders: type: array description: custom HTTP headers items: $ref: '#/components/schemas/HttpCustomHeader' LogStreamMixpanelEnum: type: string enum: - mixpanel LogStreamMixpanelRegionEnum: type: string description: Mixpanel Region enum: - us - eu LogStreamMixpanelResponseSchema: type: object additionalProperties: true properties: id: type: string description: The id of the log stream format: log-stream-id name: type: string description: log stream name status: $ref: '#/components/schemas/LogStreamStatusEnum' type: $ref: '#/components/schemas/LogStreamMixpanelEnum' isPriority: type: boolean description: True for priority log streams, false for non-priority filters: type: array description: Only logs events matching these filters will be delivered by the stream. If omitted or empty, all events will be delivered. items: $ref: '#/components/schemas/LogStreamFilter' pii_config: $ref: '#/components/schemas/LogStreamPiiConfig' sink: $ref: '#/components/schemas/LogStreamMixpanelSink' LogStreamMixpanelSink: type: object additionalProperties: false required: - mixpanelRegion - mixpanelProjectId - mixpanelServiceAccountUsername - mixpanelServiceAccountPassword properties: mixpanelRegion: $ref: '#/components/schemas/LogStreamMixpanelRegionEnum' mixpanelProjectId: type: string description: Mixpanel Project Id pattern: ^\d+$ mixpanelServiceAccountUsername: type: string description: Mixpanel Service Account Username pattern: ^[^:]+$ mixpanelServiceAccountPassword: type: string description: Mixpanel Service Account Password pattern: ^[^:]+$ LogStreamMixpanelSinkPatch: type: object additionalProperties: false required: - mixpanelRegion - mixpanelProjectId - mixpanelServiceAccountUsername properties: mixpanelRegion: $ref: '#/components/schemas/LogStreamMixpanelRegionEnum' mixpanelProjectId: type: string description: Mixpanel Project Id pattern: ^\d+$ mixpanelServiceAccountUsername: type: string description: Mixpanel Service Account Username pattern: ^[^:]+$ mixpanelServiceAccountPassword: type: string description: Mixpanel Service Account Password pattern: ^[^:]+$ LogStreamPiiAlgorithmEnum: type: string enum: - xxhash LogStreamPiiConfig: type: object additionalProperties: false required: - log_fields properties: log_fields: type: array minItems: 1 items: $ref: '#/components/schemas/LogStreamPiiLogFieldsEnum' method: $ref: '#/components/schemas/LogStreamPiiMethodEnum' algorithm: $ref: '#/components/schemas/LogStreamPiiAlgorithmEnum' LogStreamPiiLogFieldsEnum: type: string enum: - first_name - last_name - username - email - phone - address LogStreamPiiMethodEnum: type: string enum: - mask - hash LogStreamResponseSchema: oneOf: - $ref: '#/components/schemas/LogStreamHttpResponseSchema' - $ref: '#/components/schemas/LogStreamEventBridgeResponseSchema' - $ref: '#/components/schemas/LogStreamEventGridResponseSchema' - $ref: '#/components/schemas/LogStreamDatadogResponseSchema' - $ref: '#/components/schemas/LogStreamSplunkResponseSchema' - $ref: '#/components/schemas/LogStreamSumoResponseSchema' - $ref: '#/components/schemas/LogStreamSegmentResponseSchema' - $ref: '#/components/schemas/LogStreamMixpanelResponseSchema' LogStreamSegmentEnum: type: string enum: - segment LogStreamSegmentResponseSchema: type: object additionalProperties: true properties: id: type: string description: The id of the log stream format: log-stream-id name: type: string description: log stream name status: $ref: '#/components/schemas/LogStreamStatusEnum' type: $ref: '#/components/schemas/LogStreamSegmentEnum' isPriority: type: boolean description: True for priority log streams, false for non-priority filters: type: array description: Only logs events matching these filters will be delivered by the stream. If omitted or empty, all events will be delivered. items: $ref: '#/components/schemas/LogStreamFilter' pii_config: $ref: '#/components/schemas/LogStreamPiiConfig' sink: $ref: '#/components/schemas/LogStreamSegmentSinkWriteKey' LogStreamSegmentSink: type: object additionalProperties: false properties: segmentWriteKey: type: string description: Segment write key LogStreamSegmentSinkWriteKey: type: object additionalProperties: false required: - segmentWriteKey properties: segmentWriteKey: type: string description: Segment write key LogStreamSinkPatch: oneOf: - $ref: '#/components/schemas/LogStreamHttpSink' - $ref: '#/components/schemas/LogStreamDatadogSink' - $ref: '#/components/schemas/LogStreamSplunkSink' - $ref: '#/components/schemas/LogStreamSumoSink' - $ref: '#/components/schemas/LogStreamSegmentSink' - $ref: '#/components/schemas/LogStreamMixpanelSinkPatch' LogStreamSplunkEnum: type: string enum: - splunk LogStreamSplunkResponseSchema: type: object additionalProperties: true properties: id: type: string description: The id of the log stream format: log-stream-id name: type: string description: log stream name status: $ref: '#/components/schemas/LogStreamStatusEnum' type: $ref: '#/components/schemas/LogStreamSplunkEnum' isPriority: type: boolean description: True for priority log streams, false for non-priority filters: type: array description: Only logs events matching these filters will be delivered by the stream. If omitted or empty, all events will be delivered. items: $ref: '#/components/schemas/LogStreamFilter' pii_config: $ref: '#/components/schemas/LogStreamPiiConfig' sink: $ref: '#/components/schemas/LogStreamSplunkSink' LogStreamSplunkSink: type: object additionalProperties: false required: - splunkDomain - splunkToken - splunkPort - splunkSecure properties: splunkDomain: type: string description: Splunk URL Endpoint splunkPort: type: string description: Port pattern: ^[0-9]*$ splunkToken: type: string description: Splunk token splunkSecure: type: boolean description: Verify TLS certificate LogStreamStatusEnum: type: string description: 'The status of the log stream. Possible values: `active`, `paused`, `suspended`' enum: - active - paused - suspended LogStreamSumoEnum: type: string enum: - sumo LogStreamSumoResponseSchema: type: object additionalProperties: true properties: id: type: string description: The id of the log stream format: log-stream-id name: type: string description: log stream name status: $ref: '#/components/schemas/LogStreamStatusEnum' type: $ref: '#/components/schemas/LogStreamSumoEnum' isPriority: type: boolean description: True for priority log streams, false for non-priority filters: type: array description: Only logs events matching these filters will be delivered by the stream. If omitted or empty, all events will be delivered. items: $ref: '#/components/schemas/LogStreamFilter' pii_config: $ref: '#/components/schemas/LogStreamPiiConfig' sink: $ref: '#/components/schemas/LogStreamSumoSink' LogStreamSumoSink: type: object additionalProperties: false required: - sumoSourceAddress properties: sumoSourceAddress: type: string description: HTTP Source Address MFAPolicyEnum: type: string description: The MFA policy enum: - all-applications - confidence-score MdlPresentationProperties: type: object additionalProperties: true minProperties: 1 properties: family_name: type: boolean description: Family Name given_name: type: boolean description: Given Name birth_date: type: boolean description: Birth Date issue_date: type: boolean description: Issue Date expiry_date: type: boolean description: Expiry Date issuing_country: type: boolean description: Issuing Country issuing_authority: type: boolean description: Issuing Authority portrait: type: boolean description: Portrait driving_privileges: type: boolean description: Driving Privileges resident_address: type: boolean description: Resident Address portrait_capture_date: type: boolean description: Portrait Capture Date age_in_years: type: boolean description: Age in Years age_birth_year: type: boolean description: Age Birth Year issuing_jurisdiction: type: boolean description: Issuing Jurisdiction nationality: type: boolean description: Nationality resident_city: type: boolean description: Resident City resident_state: type: boolean description: Resident State resident_postal_code: type: boolean description: Resident Postal Code resident_country: type: boolean description: Resident Country family_name_national_character: type: boolean description: Family Name National Character given_name_national_character: type: boolean description: Given Name National Character MdlPresentationRequest: type: object description: A simplified presentation request additionalProperties: false required: - org.iso.18013.5.1.mDL properties: org.iso.18013.5.1.mDL: $ref: '#/components/schemas/MdlPresentationRequestProperties' MdlPresentationRequestProperties: type: object additionalProperties: false required: - org.iso.18013.5.1 properties: org.iso.18013.5.1: $ref: '#/components/schemas/MdlPresentationProperties' NativeSocialLogin: type: object description: Configure native social settings additionalProperties: false minProperties: 1 properties: apple: $ref: '#/components/schemas/NativeSocialLoginApple' facebook: $ref: '#/components/schemas/NativeSocialLoginFacebook' google: $ref: '#/components/schemas/NativeSocialLoginGoogle' NativeSocialLoginApple: type: object description: Native Social Login support for the Apple connection additionalProperties: false minProperties: 1 properties: enabled: type: boolean description: Determine whether or not to allow signing in natively using an Apple authorization code default: false NativeSocialLoginFacebook: type: object description: Native Social Login support for the Facebook connection additionalProperties: false minProperties: 1 properties: enabled: type: boolean description: Determine whether or not to allow signing in natively using Facebook default: false NativeSocialLoginGoogle: type: object description: Native Social Login support for the google-oauth2 connection additionalProperties: false minProperties: 1 properties: enabled: type: boolean description: Determine whether or not to allow signing in natively using a Google ID token default: false NetworkACLMatchConnectingIpv4Cidr: type: string oneOf: - type: string format: ipv4 - type: string format: cidr NetworkACLMatchConnectingIpv6Cidr: type: string oneOf: - type: string format: ipv6 - type: string format: ipv6_cidr NetworkACLMatchIpv4Cidr: type: string oneOf: - type: string format: ipv4 - type: string format: cidr NetworkACLMatchIpv6Cidr: type: string oneOf: - type: string format: ipv6 - type: string format: ipv6_cidr NetworkAclAction: type: object additionalProperties: false properties: block: $ref: '#/components/schemas/NetworkAclActionBlockEnum' allow: $ref: '#/components/schemas/NetworkAclActionAllowEnum' log: $ref: '#/components/schemas/NetworkAclActionLogEnum' redirect: $ref: '#/components/schemas/NetworkAclActionRedirectEnum' redirect_uri: type: string description: The URI to which the match or not_match requests will be routed minLength: 1 maxLength: 2000 NetworkAclActionAllowEnum: type: boolean description: Indicates the rule will allow requests that either match or not_match specific criteria enum: - true NetworkAclActionBlockEnum: type: boolean description: Indicates the rule will block requests that either match or not_match specific criteria enum: - true NetworkAclActionLogEnum: type: boolean description: Indicates the rule will log requests that either match or not_match specific criteria enum: - true NetworkAclActionRedirectEnum: type: boolean description: Indicates the rule will redirect requests that either match or not_match specific criteria enum: - true NetworkAclMatch: type: object additionalProperties: false properties: asns: type: array minItems: 1 items: type: integer geo_country_codes: type: array minItems: 1 items: type: string geo_subdivision_codes: type: array minItems: 1 items: type: string ipv4_cidrs: type: array minItems: 1 items: $ref: '#/components/schemas/NetworkACLMatchIpv4Cidr' ipv6_cidrs: type: array minItems: 1 items: $ref: '#/components/schemas/NetworkACLMatchIpv6Cidr' ja3_fingerprints: type: array minItems: 1 items: type: string ja4_fingerprints: type: array minItems: 1 items: type: string user_agents: type: array minItems: 1 items: type: string hostnames: type: array minItems: 1 items: type: string format: hostname connecting_ipv4_cidrs: type: array minItems: 1 items: $ref: '#/components/schemas/NetworkACLMatchConnectingIpv4Cidr' connecting_ipv6_cidrs: type: array minItems: 1 items: $ref: '#/components/schemas/NetworkACLMatchConnectingIpv6Cidr' NetworkAclRule: type: object additionalProperties: false required: - action - scope properties: action: $ref: '#/components/schemas/NetworkAclAction' match: $ref: '#/components/schemas/NetworkAclMatch' not_match: $ref: '#/components/schemas/NetworkAclMatch' scope: $ref: '#/components/schemas/NetworkAclRuleScopeEnum' NetworkAclRuleScopeEnum: type: string description: Identifies the origin of the request as the Management API (management), Authentication API (authentication), Dynamic Client Registration API (dynamic_client_registration), or any (tenant) enum: - management - authentication - tenant - dynamic_client_registration NetworkAclsResponseContent: type: object additionalProperties: true properties: id: type: string description: type: string active: type: boolean priority: type: number minimum: 1 maximum: 100 rule: $ref: '#/components/schemas/NetworkAclRule' created_at: type: string description: The timestamp when the Network ACL Configuration was created updated_at: type: string description: The timestamp when the Network ACL Configuration was last updated Organization: type: object additionalProperties: true properties: id: type: string description: Organization identifier. maxLength: 50 format: organization-id name: type: string description: The name of this organization. default: organization-1 minLength: 1 maxLength: 50 format: organization-name display_name: type: string description: Friendly name of this organization. default: Acme Users minLength: 1 maxLength: 255 branding: $ref: '#/components/schemas/OrganizationBranding' metadata: $ref: '#/components/schemas/OrganizationMetadata' token_quota: $ref: '#/components/schemas/TokenQuota' x-release-lifecycle: EA OrganizationAccessLevelEnum: type: string description: Access level for the organization (e.g., "none", "full"). enum: - none - readonly - limited - full OrganizationAccessLevelEnumWithNull: type: - string - 'null' description: Access level for the organization (e.g., "none", "full"). enum: - none - readonly - limited - full - null OrganizationAllConnectionPost: type: object additionalProperties: false required: - connection_id properties: organization_connection_name: type: string description: Name of the connection in the scope of this organization. minLength: 1 maxLength: 50 pattern: "^[^\0]*$" assign_membership_on_login: type: boolean description: When true, all users that log in with this connection will be automatically granted membership in the organization. When false, users must be granted membership in the organization before logging in with this connection. show_as_button: type: boolean description: 'Determines whether a connection should be displayed on this organization’s login prompt. Only applicable for enterprise connections. Default: true.' is_signup_enabled: type: boolean description: 'Determines whether organization signup should be enabled for this organization connection. Only applicable for database connections. Default: false.' organization_access_level: $ref: '#/components/schemas/OrganizationAccessLevelEnum' is_enabled: type: boolean description: Whether the connection is enabled for the organization. connection_id: type: string description: Connection identifier. minLength: 1 maxLength: 50 format: connection-id connection: $ref: '#/components/schemas/OrganizationConnectionInformation' OrganizationBranding: type: object description: Theme defines how to style the login pages. additionalProperties: false properties: logo_url: type: string description: URL of logo to display on login page. format: strict-https-uri-or-null colors: $ref: '#/components/schemas/OrganizationBrandingColors' OrganizationBrandingColors: type: object description: Color scheme used to customize the login pages. additionalProperties: false required: - primary - page_background properties: primary: type: string description: HEX Color for primary elements. format: html-color page_background: type: string description: HEX Color for background. format: html-color OrganizationClientGrant: type: object additionalProperties: false properties: id: type: string description: ID of the client grant. client_id: type: string description: ID of the client. audience: type: string description: The audience (API identifier) of this client grant minLength: 1 scope: type: array description: Scopes allowed for this client grant. items: type: string minLength: 1 organization_usage: $ref: '#/components/schemas/OrganizationUsageEnum' allow_any_organization: type: boolean description: If enabled, any organization can be used with this grant. If disabled (default), the grant must be explicitly assigned to the desired organizations. OrganizationConnection: type: object additionalProperties: false properties: connection_id: type: string description: ID of the connection. assign_membership_on_login: type: boolean description: When true, all users that log in with this connection will be automatically granted membership in the organization. When false, users must be granted membership in the organization before logging in with this connection. show_as_button: type: boolean description: 'Determines whether a connection should be displayed on this organization’s login prompt. Only applicable for enterprise connections. Default: true.' is_signup_enabled: type: boolean description: 'Determines whether organization signup should be enabled for this organization connection. Only applicable for database connections. Default: false.' connection: $ref: '#/components/schemas/OrganizationConnectionInformation' OrganizationConnectionInformation: type: object additionalProperties: true properties: name: type: string description: The name of the enabled connection. strategy: type: string description: The strategy of the enabled connection. OrganizationDiscoveryDomain: type: object additionalProperties: false required: - id - domain - status - verification_txt - verification_host properties: id: type: string description: Organization discovery domain identifier. format: organization-discovery-domain-id domain: type: string description: The domain name to associate with the organization e.g. acme.com. minLength: 3 maxLength: 255 pattern: ^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9-]*[A-Za-z0-9])$ status: $ref: '#/components/schemas/OrganizationDiscoveryDomainStatus' use_for_organization_discovery: type: boolean description: Indicates whether this domain should be used for organization discovery. verification_txt: type: string description: A unique token generated for the discovery domain. This must be placed in a DNS TXT record at the location specified by the verification_host field to prove domain ownership. verification_host: type: string description: The full domain where the TXT record should be added. OrganizationDiscoveryDomainStatus: type: string description: The verification status of the discovery domain. enum: - pending - verified OrganizationEnabledConnection: type: object additionalProperties: true properties: connection_id: type: string description: ID of the connection. assign_membership_on_login: type: boolean description: When true, all users that log in with this connection will be automatically granted membership in the organization. When false, users must be granted membership in the organization before logging in with this connection. show_as_button: type: boolean description: 'Determines whether a connection should be displayed on this organization’s login prompt. Only applicable for enterprise connections. Default: true.' is_signup_enabled: type: boolean description: 'Determines whether organization signup should be enabled for this organization connection. Only applicable for database connections. Default: false.' connection: $ref: '#/components/schemas/OrganizationConnectionInformation' OrganizationInvitation: type: object additionalProperties: false properties: id: type: string description: The id of the user invitation. default: uinv_0000000000000001 format: user-invitation-id organization_id: type: string description: Organization identifier. maxLength: 50 format: organization-id inviter: $ref: '#/components/schemas/OrganizationInvitationInviter' invitee: $ref: '#/components/schemas/OrganizationInvitationInvitee' invitation_url: type: string description: The invitation url to be send to the invitee. default: https://mycompany.org/login?invitation=f81dWWYW6gzGGicxT8Ha0txBkGNcAcYr&organization=org_0000000000000001&organization_name=acme format: strict-https-uri created_at: type: string description: The ISO 8601 formatted timestamp representing the creation time of the invitation. default: '2020-08-20T19:10:06.299Z' format: date-time expires_at: type: string description: The ISO 8601 formatted timestamp representing the expiration time of the invitation. default: '2020-08-27T19:10:06.299Z' format: date-time client_id: type: string description: Auth0 client ID. Used to resolve the application's login initiation endpoint. default: AaiyAPdpYdesoKnqjj8HJqRn4T5titww format: client-id connection_id: type: string description: The id of the connection to force invitee to authenticate with. default: con_0000000000000001 format: connection-id app_metadata: $ref: '#/components/schemas/AppMetadata' user_metadata: $ref: '#/components/schemas/UserMetadata' roles: type: array description: List of roles IDs to associated with the user. minItems: 1 items: type: string format: role-id ticket_id: type: string description: The id of the invitation ticket format: ticket-id OrganizationInvitationInvitee: type: object additionalProperties: false required: - email properties: email: type: string description: The invitee's email. default: john.doe@gmail.com format: email OrganizationInvitationInviter: type: object additionalProperties: false required: - name properties: name: type: string description: The inviter's name. default: Jane Doe minLength: 1 maxLength: 300 OrganizationMember: type: object additionalProperties: false properties: user_id: type: string description: ID of this user. picture: type: string description: URL to a picture for this user. name: type: string description: Name of this user. email: type: string description: Email address of this user. default: john.doe@gmail.com format: email roles: type: array items: $ref: '#/components/schemas/OrganizationMemberRole' OrganizationMemberRole: type: object additionalProperties: false properties: id: type: string description: ID for this role. name: type: string description: Name of this role. OrganizationMetadata: type: object description: Metadata associated with the organization, in the form of an object with string values (max 255 chars). Maximum of 25 metadata properties allowed. additionalProperties: type: - string - 'null' maxLength: 255 maxProperties: 25 OrganizationUsageEnum: type: string description: Defines whether organizations can be used with client credentials exchanges for this grant. enum: - deny - allow - require PartialGroupsEnum: type: string enum: - login - login-id - login-password - login-passwordless - signup - signup-id - signup-password - customized-consent - passkeys description: Name of the prompt. PartialPhoneTemplateContent: type: object additionalProperties: false minProperties: 1 properties: from: type: string description: Default phone number to be used as 'from' when sending a phone notification minLength: 1 maxLength: 16 body: $ref: '#/components/schemas/PhoneTemplateBody' PasswordCharacterTypeEnum: type: string enum: - uppercase - lowercase - number - special PasswordCharacterTypeRulePolicyEnum: type: string description: When enabled, passwords must contain at least 3 out of 4 character types. Can only be enabled when all 4 character types are specified enum: - all - three_of_four PasswordDefaultDictionariesEnum: type: string description: 'Default dictionary to use for password validation. Options: "en_10k" (10,000 common words) or "en_100k" (100,000 common words)' enum: - en_10k - en_100k PasswordIdenticalCharactersPolicyEnum: type: string description: Controls whether identical consecutive characters are allowed in passwords enum: - allow - block PasswordMaxLengthExceededPolicyEnum: type: string description: Controls whether passwords that exceed the maximum length are truncated or rejected enum: - truncate - error PasswordSequentialCharactersPolicyEnum: type: string description: Controls whether sequential characters are allowed in passwords enum: - allow - block PatchClientCredentialRequestContent: type: object additionalProperties: false minProperties: 1 properties: expires_at: type: - string - 'null' description: The ISO 8601 formatted date representing the expiration of the credential. format: date-time PatchClientCredentialResponseContent: type: object additionalProperties: true properties: id: type: string description: ID of the credential. Generated on creation. default: cred_1m7sfABoNTTKYwTQ8qt6tX name: type: string description: The name given to the credential by the user. default: '' kid: type: string description: The key identifier of the credential, generated on creation. default: IZSSTECp... alg: $ref: '#/components/schemas/ClientCredentialAlgorithmEnum' credential_type: $ref: '#/components/schemas/ClientCredentialTypeEnum' subject_dn: type: string description: The X509 certificate's Subject Distinguished Name thumbprint_sha256: type: string description: The X509 certificate's SHA256 thumbprint created_at: type: string description: The ISO 8601 formatted date the credential was created. format: date-time updated_at: type: string description: The ISO 8601 formatted date the credential was updated. format: date-time expires_at: type: string description: The ISO 8601 formatted date representing the expiration of the credential. format: date-time PatchSupplementalSignalsResponseContent: type: object additionalProperties: true properties: akamai_enabled: type: boolean description: Indicates if incoming Akamai Headers should be processed PermissionRequestPayload: type: object additionalProperties: false required: - resource_server_identifier - permission_name properties: resource_server_identifier: type: string description: Resource server (API) identifier that this permission is for. permission_name: type: string description: Name of this permission. PermissionsResponsePayload: type: object additionalProperties: false properties: resource_server_identifier: type: string description: Resource server (API) identifier that this permission is for. permission_name: type: string description: Name of this permission. resource_server_name: type: string description: Resource server (API) name this permission is for. description: type: string description: Description of this permission. PhoneAttribute: type: object description: Configuration for the phone number attribute for users. additionalProperties: false properties: identifier: $ref: '#/components/schemas/ConnectionAttributeIdentifier' profile_required: type: boolean description: Determines if property should be required for users signup: $ref: '#/components/schemas/SignupVerified' PhoneProviderChannelEnum: type: string description: This depicts the type of notifications this provider can receive. maxLength: 100 enum: - phone PhoneProviderConfiguration: type: object anyOf: - $ref: '#/components/schemas/TwilioProviderConfiguration' - $ref: '#/components/schemas/CustomProviderConfiguration' PhoneProviderCredentials: description: Provider credentials required to use authenticate to the provider. anyOf: - $ref: '#/components/schemas/TwilioProviderCredentials' - $ref: '#/components/schemas/CustomProviderCredentials' PhoneProviderDeliveryMethodEnum: type: string description: The delivery method for the notification minLength: 1 maxLength: 10 enum: - text - voice PhoneProviderNameEnum: type: string description: Name of the phone notification provider minLength: 1 maxLength: 100 enum: - twilio - custom PhoneProviderSchemaMasked: type: object description: Phone provider configuration schema additionalProperties: false required: - name - credentials properties: id: type: string minLength: 1 maxLength: 255 tenant: type: string description: The name of the tenant minLength: 1 maxLength: 255 name: $ref: '#/components/schemas/PhoneProviderNameEnum' channel: $ref: '#/components/schemas/PhoneProviderChannelEnum' disabled: type: boolean description: Whether the provider is enabled (false) or disabled (true). configuration: $ref: '#/components/schemas/PhoneProviderConfiguration' created_at: type: string description: The provider's creation date and time in ISO 8601 format maxLength: 27 format: date-time updated_at: type: string description: The date and time of the last update to the provider in ISO 8601 format maxLength: 27 format: date-time PhoneTemplate: type: object additionalProperties: false required: - content - disabled - id - type properties: id: type: string minLength: 1 maxLength: 255 channel: type: string customizable: type: boolean tenant: type: string minLength: 1 maxLength: 255 content: $ref: '#/components/schemas/PhoneTemplateContent' type: $ref: '#/components/schemas/PhoneTemplateNotificationTypeEnum' disabled: type: boolean description: Whether the template is enabled (false) or disabled (true). default: false PhoneTemplateBody: type: object additionalProperties: false minProperties: 1 properties: text: type: string description: Content of the phone template for text notifications minLength: 1 maxLength: 20000 voice: type: string description: Content of the phone template for voice notifications minLength: 1 maxLength: 20000 PhoneTemplateContent: type: object additionalProperties: false minProperties: 1 properties: syntax: type: string from: type: string description: Default phone number to be used as 'from' when sending a phone notification minLength: 1 maxLength: 16 body: $ref: '#/components/schemas/PhoneTemplateBody' PhoneTemplateNotificationTypeEnum: type: string maxLength: 255 enum: - otp_verify - otp_enroll - change_password - blocked_account - password_breach PostClientCredentialRequestContent: type: object additionalProperties: false required: - credential_type properties: credential_type: $ref: '#/components/schemas/ClientCredentialTypeEnum' name: type: string description: Friendly name for a credential. default: '' maxLength: 128 subject_dn: type: string description: Subject Distinguished Name. Mutually exclusive with `pem` property. Applies to `cert_subject_dn` credential type. minLength: 1 maxLength: 256 pem: type: string description: PEM-formatted public key (SPKI and PKCS1) or X509 certificate. Must be JSON escaped. default: "-----BEGIN PUBLIC KEY-----\r\nMIIBIjANBg...\r\n-----END PUBLIC KEY-----\r\n" alg: $ref: '#/components/schemas/PublicKeyCredentialAlgorithmEnum' parse_expiry_from_cert: type: boolean description: Parse expiry from x509 certificate. If true, attempts to parse the expiry date from the provided PEM. Applies to `public_key` credential type. default: false expires_at: type: string description: The ISO 8601 formatted date representing the expiration of the credential. If not specified (not recommended), the credential never expires. Applies to `public_key` credential type. default: '2023-02-07T12:40:17.807Z' format: date-time kid: type: string description: Optional kid (Key ID), used to uniquely identify the credential. If not specified, a kid value will be auto-generated. The kid header parameter in JWTs sent by your client should match this value. Valid format is [0-9a-zA-Z-_]{10,64} minLength: 10 maxLength: 64 pattern: ^([0-9a-zA-Z-_]{10,64})$ PostClientCredentialResponseContent: type: object additionalProperties: true properties: id: type: string description: ID of the credential. Generated on creation. default: cred_1m7sfABoNTTKYwTQ8qt6tX name: type: string description: The name given to the credential by the user. default: '' kid: type: string description: The key identifier of the credential, generated on creation. default: IZSSTECp... alg: $ref: '#/components/schemas/ClientCredentialAlgorithmEnum' credential_type: $ref: '#/components/schemas/ClientCredentialTypeEnum' subject_dn: type: string description: The X509 certificate's Subject Distinguished Name thumbprint_sha256: type: string description: The X509 certificate's SHA256 thumbprint created_at: type: string description: The ISO 8601 formatted date the credential was created. format: date-time updated_at: type: string description: The ISO 8601 formatted date the credential was updated. format: date-time expires_at: type: string description: The ISO 8601 formatted date representing the expiration of the credential. format: date-time PostConnectionKeysAlgEnum: type: string description: Selected Signing Algorithm enum: - RS256 - RS384 - RS512 - PS256 - PS384 - ES256 - ES384 PostConnectionKeysRequestContent: type: - object - 'null' additionalProperties: false properties: signing_alg: $ref: '#/components/schemas/PostConnectionKeysAlgEnum' PostConnectionsKeysResponseContent: type: array items: type: object additionalProperties: true required: - cert - kid - fingerprint - thumbprint properties: kid: type: string description: The key id of the signing key maxLength: 255 cert: type: string description: The public certificate of the signing key default: "-----BEGIN CERTIFICATE-----\r\nMIIDDTCCA...YiA0TQhAt8=\r\n-----END CERTIFICATE-----" maxLength: 4096 pkcs: type: string description: The public certificate of the signing key in pkcs7 format default: "-----BEGIN PKCS7-----\r\nMIIDPA....t8xAA==\r\n-----END PKCS7-----" maxLength: 4096 current: type: boolean description: True if the key is the current key default: true next: type: boolean description: True if the key is the next key current_since: type: string description: The date and time when the key became the current key fingerprint: type: string description: The cert fingerprint default: CC:FB:DD:D8:9A:B5:DE:1B:F0:CC:36:D2:99:59:21:12:03:DD:A8:25 thumbprint: type: string description: The cert thumbprint default: CCFBDDD89AB5DE1BF0CC36D29959211203DDA825 maxLength: 255 algorithm: type: string description: Signing key algorithm key_use: $ref: '#/components/schemas/ConnectionKeyUseEnum' subject_dn: type: string maxLength: 132 PreferredAuthenticationMethodEnum: type: string description: Applies to phone authentication methods only. The preferred communication method. enum: - voice - sms PreviewCimdMetadataRequestContent: type: object additionalProperties: false required: - external_client_id properties: external_client_id: type: string description: URL to the Client ID Metadata Document minLength: 1 maxLength: 120 format: absolute-https-uri-or-empty PreviewCimdMetadataResponseContent: type: object additionalProperties: true properties: client_id: type: string description: The client_id of an existing client registered with this external_client_id, if one exists. errors: type: array description: Array of retrieval errors (populated when the metadata document could not be fetched). When present, validation is omitted. items: type: string validation: $ref: '#/components/schemas/CimdValidationResult' mapped_fields: $ref: '#/components/schemas/CimdMappedClientFields' PromptGroupNameEnum: type: string description: Name of the prompt enum: - login - login-id - login-password - login-passwordless - login-email-verification - signup - signup-id - signup-password - phone-identifier-enrollment - phone-identifier-challenge - email-identifier-challenge - reset-password - custom-form - consent - customized-consent - logout - mfa-push - mfa-otp - mfa-voice - mfa-phone - mfa-webauthn - mfa-sms - mfa-email - mfa-recovery-code - mfa - status - device-flow - email-verification - email-otp-challenge - organizations - invitation - common - passkeys - captcha - brute-force-protection - async-approval-flow PromptLanguageEnum: type: string enum: - am - ar - ar-EG - ar-SA - az - bg - bn - bs - ca-ES - cnr - cs - cy - da - de - el - en - en-CA - es - es-419 - es-AR - es-MX - et - eu-ES - fa - fi - fr - fr-CA - fr-FR - gl-ES - gu - he - hi - hr - hu - hy - id - is - it - ja - ka - kk - kn - ko - lt - lv - mk - ml - mn - mr - ms - my - nb - nl - nn - 'no' - pa - pl - pt - pt-BR - pt-PT - ro - ru - sk - sl - so - sq - sr - sv - sw - ta - te - th - tl - tr - uk - ur - vi - zgh - zh-CN - zh-HK - zh-MO - zh-TW description: Language to update. PublicKeyCredential: type: object additionalProperties: false required: - credential_type - pem properties: credential_type: $ref: '#/components/schemas/PublicKeyCredentialTypeEnum' name: type: string description: Friendly name for a credential. default: '' maxLength: 128 pem: type: string description: PEM-formatted public key (SPKI and PKCS1) or X509 certificate. Must be JSON escaped. default: "-----BEGIN PUBLIC KEY-----\r\nMIIBIjANBg...\r\n-----END PUBLIC KEY-----\r\n" alg: $ref: '#/components/schemas/PublicKeyCredentialAlgorithmEnum' parse_expiry_from_cert: type: boolean description: Parse expiry from x509 certificate. If true, attempts to parse the expiry date from the provided PEM. Applies to `public_key` credential type. default: false expires_at: type: string description: The ISO 8601 formatted date representing the expiration of the credential. If not specified (not recommended), the credential never expires. Applies to `public_key` credential type. default: '2023-02-07T12:40:17.807Z' format: date-time kid: type: string description: Optional kid (Key ID), used to uniquely identify the credential. If not specified, a kid value will be auto-generated. The kid header parameter in JWTs sent by your client should match this value. Valid format is [0-9a-zA-Z-_]{10,64} minLength: 10 maxLength: 64 pattern: ^([0-9a-zA-Z-_]{10,64})$ PublicKeyCredentialAlgorithmEnum: type: string description: Algorithm which will be used with the credential. Can be one of RS256, RS384, PS256. If not specified, RS256 will be used. Applies to `public_key` credential type. default: RS256 enum: - RS256 - RS384 - PS256 PublicKeyCredentialTypeEnum: type: string description: 'Credential type. Supported types: public_key.' default: public_key enum: - public_key RefreshTokenDate: oneOf: - type: string description: The date and time when the refresh token was created format: date-time - $ref: '#/components/schemas/RefreshTokenDateObject' - type: 'null' RefreshTokenDateObject: type: object description: The date and time when the refresh token was created additionalProperties: true RefreshTokenDevice: type: object description: Device used while issuing/exchanging the refresh token additionalProperties: true properties: initial_ip: type: string description: First IP address associated with the refresh token initial_asn: type: string description: First autonomous system number associated with the refresh token initial_user_agent: type: string description: First user agent associated with the refresh token last_ip: type: string description: Last IP address associated with the refresh token last_asn: type: string description: Last autonomous system number associated with the refresh token last_user_agent: type: string description: Last user agent associated with the refresh token RefreshTokenExpirationTypeEnum: type: string description: 'Refresh token expiration types, one of: expiring, non-expiring' default: non-expiring enum: - expiring - non-expiring RefreshTokenMetadata: type: - object - 'null' description: Metadata associated with the refresh token, in the form of an object with string values (max 255 chars). Maximum of 25 metadata properties allowed. additionalProperties: true maxProperties: 25 RefreshTokenResourceServer: type: object additionalProperties: true properties: audience: type: string description: Resource server ID scopes: type: string description: List of scopes for the refresh token RefreshTokenResponseContent: type: object additionalProperties: true properties: id: type: string description: The ID of the refresh token user_id: type: string description: ID of the user which can be used when interacting with other APIs. default: auth0|507f1f77bcf86cd799439020 created_at: $ref: '#/components/schemas/RefreshTokenDate' idle_expires_at: $ref: '#/components/schemas/RefreshTokenDate' expires_at: $ref: '#/components/schemas/RefreshTokenDate' device: $ref: '#/components/schemas/RefreshTokenDevice' client_id: type: string description: ID of the client application granted with this refresh token session_id: $ref: '#/components/schemas/RefreshTokenSessionId' rotating: type: boolean description: True if the token is a rotating refresh token resource_servers: type: array description: A list of the resource server IDs associated to this refresh-token and their granted scopes items: $ref: '#/components/schemas/RefreshTokenResourceServer' refresh_token_metadata: $ref: '#/components/schemas/RefreshTokenMetadata' last_exchanged_at: $ref: '#/components/schemas/RefreshTokenDate' RefreshTokenRotationTypeEnum: type: string description: 'Refresh token rotation types, one of: rotating, non-rotating' default: non-rotating enum: - rotating - non-rotating RefreshTokenSessionId: type: - string - 'null' description: ID of the authenticated session used to obtain this refresh-token RegenerateUsersRecoveryCodeResponseContent: type: object additionalProperties: true properties: recovery_code: type: string description: New account recovery code. RegisterCimdClientRequestContent: type: object additionalProperties: false required: - external_client_id properties: external_client_id: type: string description: URL to the Client ID Metadata Document. Acts as the unique identifier for upsert operations. minLength: 1 maxLength: 120 format: absolute-https-uri-or-empty RegisterCimdClientResponseContent: type: object description: Response after successfully registering or updating a CIMD client additionalProperties: true required: - client_id - mapped_fields - validation properties: client_id: type: string description: The Auth0 client_id of the created or updated client mapped_fields: $ref: '#/components/schemas/CimdMappedClientFields' validation: $ref: '#/components/schemas/CimdValidationResult' ReplaceSynchronizedGroupsRequestContent: type: object additionalProperties: false required: - groups properties: groups: type: array description: Array of Google Workspace Directory group objects to synchronize. items: $ref: '#/components/schemas/SynchronizedGroupPayload' ResetPhoneTemplateRequestContent: {} ResetPhoneTemplateResponseContent: type: object additionalProperties: false required: - content - disabled - id - type properties: id: type: string minLength: 1 maxLength: 255 channel: type: string customizable: type: boolean tenant: type: string minLength: 1 maxLength: 255 content: $ref: '#/components/schemas/PhoneTemplateContent' type: $ref: '#/components/schemas/PhoneTemplateNotificationTypeEnum' disabled: type: boolean description: Whether the template is enabled (false) or disabled (true). default: false ResourceServer: type: object additionalProperties: false properties: id: type: string description: ID of the API (resource server). name: type: string description: Friendly name for this resource server. Can not contain `<` or `>` characters. is_system: type: boolean description: Whether this is an Auth0 system API (true) or a custom API (false). identifier: type: string description: Unique identifier for the API used as the audience parameter on authorization calls. Can not be changed once set. scopes: type: array description: List of permissions (scopes) that this API uses. items: $ref: '#/components/schemas/ResourceServerScope' signing_alg: $ref: '#/components/schemas/SigningAlgorithmEnum' signing_secret: type: string description: Secret used to sign tokens when using symmetric algorithms (HS256). minLength: 16 allow_offline_access: type: boolean description: Whether refresh tokens can be issued for this API (true) or not (false). allow_online_access: type: boolean description: Whether Online Refresh Tokens can be issued for this API (true) or not (false). skip_consent_for_verifiable_first_party_clients: type: boolean description: Whether to skip user consent for applications flagged as first party (true) or not (false). token_lifetime: type: integer description: Expiration value (in seconds) for access tokens issued for this API from the token endpoint. token_lifetime_for_web: type: integer description: Expiration value (in seconds) for access tokens issued for this API via Implicit or Hybrid Flows. Cannot be greater than the `token_lifetime` value. enforce_policies: type: boolean description: Whether authorization polices are enforced (true) or unenforced (false). token_dialect: $ref: '#/components/schemas/ResourceServerTokenDialectResponseEnum' token_encryption: $ref: '#/components/schemas/ResourceServerTokenEncryption' consent_policy: $ref: '#/components/schemas/ResourceServerConsentPolicyEnum' authorization_details: type: - array - 'null' items: {} proof_of_possession: $ref: '#/components/schemas/ResourceServerProofOfPossession' subject_type_authorization: $ref: '#/components/schemas/ResourceServerSubjectTypeAuthorization' authorization_policy: $ref: '#/components/schemas/ResourceServerAuthorizationPolicy' x-release-lifecycle: EA client_id: type: string description: The client ID of the client that this resource server is linked to format: client-id ResourceServerAuthorizationPolicy: type: - object - 'null' description: Authorization policy for the resource server. additionalProperties: false required: - policy_id x-release-lifecycle: EA properties: policy_id: type: string description: The ID of the authorization policy to apply. minLength: 1 maxLength: 1024 ResourceServerConsentPolicyEnum: type: - string - 'null' enum: - transactional-authorization-with-mfa - null ResourceServerProofOfPossession: type: - object - 'null' description: Proof-of-Possession configuration for access tokens additionalProperties: false required: - mechanism - required properties: mechanism: $ref: '#/components/schemas/ResourceServerProofOfPossessionMechanismEnum' required: type: boolean description: Whether the use of Proof-of-Possession is required for the resource server required_for: $ref: '#/components/schemas/ResourceServerProofOfPossessionRequiredForEnum' ResourceServerProofOfPossessionMechanismEnum: type: string description: Intended mechanism for Proof-of-Possession enum: - mtls - dpop ResourceServerProofOfPossessionRequiredForEnum: type: string description: Specifies which client types require Proof-of-Possession enum: - public_clients - all_clients ResourceServerScope: type: object additionalProperties: false required: - value properties: value: type: string description: Value of this scope. minLength: 1 maxLength: 280 description: type: string description: User-friendly description of this scope. maxLength: 500 ResourceServerSubjectTypeAuthorization: type: object description: Defines application access permission for a resource server additionalProperties: false properties: user: $ref: '#/components/schemas/ResourceServerSubjectTypeAuthorizationUser' client: $ref: '#/components/schemas/ResourceServerSubjectTypeAuthorizationClient' ResourceServerSubjectTypeAuthorizationClient: type: object description: Access Permissions for client flows additionalProperties: true properties: policy: $ref: '#/components/schemas/ResourceServerSubjectTypeAuthorizationClientPolicyEnum' ResourceServerSubjectTypeAuthorizationClientPolicyEnum: type: string description: Defines the client flows policy for the resource server enum: - deny_all - require_client_grant ResourceServerSubjectTypeAuthorizationUser: type: object description: Access Permissions for user flows additionalProperties: true properties: policy: $ref: '#/components/schemas/ResourceServerSubjectTypeAuthorizationUserPolicyEnum' ResourceServerSubjectTypeAuthorizationUserPolicyEnum: type: string description: Defines the user flows policy for the resource server enum: - allow_all - deny_all - require_client_grant ResourceServerTokenDialectResponseEnum: type: string description: Dialect of access tokens that should be issued. `access_token` is a JWT containing standard Auth0 claims; `rfc9068_profile` is a JWT conforming to the IETF JWT Access Token Profile. `access_token_authz` and `rfc9068_profile_authz` additionally include RBAC permissions claims. enum: - access_token - access_token_authz - rfc9068_profile - rfc9068_profile_authz ResourceServerTokenDialectSchemaEnum: type: string description: Dialect of issued access token. `access_token` is a JWT containing standard Auth0 claims; `rfc9068_profile` is a JWT conforming to the IETF JWT Access Token Profile. `access_token_authz` and `rfc9068_profile_authz` additionally include RBAC permissions claims. enum: - access_token - access_token_authz - rfc9068_profile - rfc9068_profile_authz ResourceServerTokenEncryption: type: - object - 'null' additionalProperties: false required: - format - encryption_key properties: format: $ref: '#/components/schemas/ResourceServerTokenEncryptionFormatEnum' encryption_key: $ref: '#/components/schemas/ResourceServerTokenEncryptionKey' ResourceServerTokenEncryptionAlgorithmEnum: type: string description: Algorithm used to encrypt the token. enum: - RSA-OAEP-256 - RSA-OAEP-384 - RSA-OAEP-512 ResourceServerTokenEncryptionFormatEnum: description: Format of the encrypted JWT payload. enum: - compact-nested-jwe ResourceServerTokenEncryptionKey: type: object additionalProperties: false required: - alg - pem properties: name: type: string description: Name of the encryption key. minLength: 1 maxLength: 128 alg: $ref: '#/components/schemas/ResourceServerTokenEncryptionAlgorithmEnum' kid: type: string description: Key ID. minLength: 1 maxLength: 128 pem: type: string description: PEM-formatted public key. Must be JSON escaped. default: "-----BEGIN PUBLIC KEY-----\r\nMIIBIjANBg...\r\n-----END PUBLIC KEY-----\r\n" minLength: 1 maxLength: 4096 ResourceServerVerificationKeyPemCertificate: type: string description: PEM-encoded certificate allOf: - type: string pattern: "^-----BEGIN[^\r\n]*-----(?:\r\n?|\n)" - type: string pattern: "(?:\r\n?|\n)-----END[^\r\n]*-----(?:\r\n?|\n)$" RevokeRefreshTokensRequestContent: type: object description: 'Exactly one of the following combinations must be provided: `ids` (up to 100 token IDs); `user_id`; `user_id` + `client_id`; or `client_id` alone. `ids` cannot be combined with `user_id` or `client_id`.' additionalProperties: false properties: ids: type: array description: Array of refresh token IDs to revoke. Limited to 100 at a time. minItems: 1 items: type: string minLength: 1 maxLength: 30 user_id: type: string description: Revoke all refresh tokens for this user. minLength: 1 maxLength: 300 format: user-id client_id: type: string description: Revoke all refresh tokens for this client. minLength: 1 maxLength: 64 format: client-id RevokeUserAccessRequestContent: type: object additionalProperties: false properties: session_id: type: string description: ID of the session to revoke. maxLength: 50 format: session-id preserve_refresh_tokens: type: boolean description: Whether to preserve the refresh tokens associated with the session. default: false RevokedSigningKeysResponseContent: type: object additionalProperties: true required: - cert - kid properties: cert: type: string description: Revoked key certificate default: "-----BEGIN CERTIFICATE-----\r\nMIIDDTCCA...YiA0TQhAt8=\r\n-----END CERTIFICATE-----" kid: type: string description: Revoked key id default: 21hi274Rp02112mgkUGma Role: type: object additionalProperties: false properties: id: type: string description: ID for this role. name: type: string description: Name of this role. description: type: string description: Description of this role. RoleUser: type: object additionalProperties: false properties: user_id: type: string description: ID of this user. picture: type: string description: URL to a picture for this user. name: type: string description: Name of this user. email: type: string description: Email address of this user. default: john.doe@gmail.com format: email RollbackActionModuleRequestContent: type: object additionalProperties: false required: - module_version_id properties: module_version_id: type: string description: The unique ID of the module version to roll back to. RollbackActionModuleResponseContent: type: object additionalProperties: false properties: id: type: string description: The unique ID of the module. name: type: string description: The name of the module. code: type: string description: The source code from the module's draft version. dependencies: type: array description: The npm dependencies from the module's draft version. items: $ref: '#/components/schemas/ActionModuleDependency' secrets: type: array description: The secrets from the module's draft version (names and timestamps only, values never returned). items: $ref: '#/components/schemas/ActionModuleSecret' actions_using_module_total: type: integer description: The number of deployed actions using this module. all_changes_published: type: boolean description: Whether all draft changes have been published as a version. latest_version_number: type: integer description: The version number of the latest published version. Omitted if no versions have been published. created_at: type: string description: Timestamp when the module was created. format: date-time updated_at: type: string description: Timestamp when the module was last updated. format: date-time latest_version: $ref: '#/components/schemas/ActionModuleVersionReference' RotateClientSecretResponseContent: type: object additionalProperties: true properties: client_id: type: string description: ID of this client. default: AaiyAPdpYdesoKnqjj8HJqRn4T5titww tenant: type: string description: Name of the tenant this client belongs to. default: '' name: type: string description: 'Name of this client (min length: 1 character, does not allow `<` or `>`).' default: My application description: type: string description: 'Free text description of this client (max length: 140 characters).' default: '' global: type: boolean description: Whether this is your global 'All Applications' client representing legacy tenant settings (true) or a regular client (false). default: false client_secret: type: string description: Client secret (which you must not make public). default: MG_TNT2ver-SylNat-_VeMmd-4m0Waba0jr1troztBniSChEw0glxEmgEi2Kw40H app_type: $ref: '#/components/schemas/ClientAppTypeEnum' logo_uri: type: string description: URL of the logo to display for this client. Recommended size is 150x150 pixels. is_first_party: type: boolean description: Whether this client a first party client (true) or not (false). default: false oidc_conformant: type: boolean description: Whether this client conforms to strict OIDC specifications (true) or uses legacy features (false). default: false callbacks: type: array description: Comma-separated list of URLs whitelisted for Auth0 to use as a callback to the client after authentication. items: type: string allowed_origins: type: array description: Comma-separated list of URLs allowed to make requests from JavaScript to Auth0 API (typically used with CORS). By default, all your callback URLs will be allowed. This field allows you to enter other origins if necessary. You can also use wildcards at the subdomain level (e.g., https://*.contoso.com). Query strings and hash information are not taken into account when validating these URLs. items: type: string web_origins: type: array description: Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode. items: type: string client_aliases: type: array description: List of audiences/realms for SAML protocol. Used by the wsfed addon. items: type: string allowed_clients: type: array description: List of allow clients and API ids that are allowed to make delegation requests. Empty means all all your clients are allowed. items: type: string allowed_logout_urls: type: array description: Comma-separated list of URLs that are valid to redirect to after logout from Auth0. Wildcards are allowed for subdomains. items: type: string session_transfer: $ref: '#/components/schemas/ClientSessionTransferConfiguration' oidc_logout: $ref: '#/components/schemas/ClientOIDCBackchannelLogoutSettings' grant_types: type: array description: List of grant types supported for this application. Can include `authorization_code`, `implicit`, `refresh_token`, `client_credentials`, `password`, `http://auth0.com/oauth/grant-type/password-realm`, `http://auth0.com/oauth/grant-type/mfa-oob`, `http://auth0.com/oauth/grant-type/mfa-otp`, `http://auth0.com/oauth/grant-type/mfa-recovery-code`, `urn:openid:params:grant-type:ciba`, `urn:ietf:params:oauth:grant-type:device_code`, and `urn:auth0:params:oauth:grant-type:token-exchange:federated-connection-access-token`. items: type: string jwt_configuration: $ref: '#/components/schemas/ClientJwtConfiguration' signing_keys: $ref: '#/components/schemas/ClientSigningKeys' encryption_key: $ref: '#/components/schemas/ClientEncryptionKey' sso: type: boolean description: Applies only to SSO clients and determines whether Auth0 will handle Single Sign On (true) or whether the Identity Provider will (false). default: false sso_disabled: type: boolean description: Whether Single Sign On is disabled (true) or enabled (true). Defaults to true. default: false cross_origin_authentication: type: boolean description: Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false). cross_origin_loc: type: string description: URL of the location in your site where the cross origin verification takes place for the cross-origin auth flow when performing Auth in your own domain instead of Auth0 hosted login page. format: url custom_login_page_on: type: boolean description: Whether a custom login page is to be used (true) or the default provided login page (false). default: true custom_login_page: type: string description: The content (HTML, CSS, JS) of the custom login page. default: '' custom_login_page_preview: type: string description: The content (HTML, CSS, JS) of the custom login page. (Used on Previews) default: '' form_template: type: string description: HTML form template to be used for WS-Federation. default: '' addons: $ref: '#/components/schemas/ClientAddons' token_endpoint_auth_method: $ref: '#/components/schemas/ClientTokenEndpointAuthMethodEnum' is_token_endpoint_ip_header_trusted: type: boolean description: If true, trust that the IP specified in the `auth0-forwarded-for` header is the end-user's IP for brute-force-protection on token endpoint. default: false client_metadata: $ref: '#/components/schemas/ClientMetadata' mobile: $ref: '#/components/schemas/ClientMobile' initiate_login_uri: type: string description: Initiate login uri, must be https format: absolute-https-uri-with-placeholders-or-empty native_social_login: {} refresh_token: $ref: '#/components/schemas/ClientRefreshTokenConfiguration' default_organization: $ref: '#/components/schemas/ClientDefaultOrganization' organization_usage: $ref: '#/components/schemas/ClientOrganizationUsageEnum' organization_require_behavior: $ref: '#/components/schemas/ClientOrganizationRequireBehaviorEnum' organization_discovery_methods: type: array description: Defines the available methods for organization discovery during the `pre_login_prompt`. Users can discover their organization either by `email`, `organization_name` or both. minItems: 1 x-release-lifecycle: EA items: $ref: '#/components/schemas/ClientOrganizationDiscoveryEnum' client_authentication_methods: $ref: '#/components/schemas/ClientAuthenticationMethod' require_pushed_authorization_requests: type: boolean description: Makes the use of Pushed Authorization Requests mandatory for this client default: false require_proof_of_possession: type: boolean description: Makes the use of Proof-of-Possession mandatory for this client default: false signed_request_object: $ref: '#/components/schemas/ClientSignedRequestObjectWithCredentialId' compliance_level: $ref: '#/components/schemas/ClientComplianceLevelEnum' skip_non_verifiable_callback_uri_confirmation_prompt: type: boolean description: 'Controls whether a confirmation prompt is shown during login flows when the redirect URI uses non-verifiable callback URIs (for example, a custom URI schema such as `myapp://`, or `localhost`). If set to true, a confirmation prompt will not be shown. We recommend that this is set to false for improved protection from malicious apps. See https://auth0.com/docs/secure/security-guidance/measures-against-app-impersonation for more information.' token_exchange: $ref: '#/components/schemas/ClientTokenExchangeConfiguration' x-release-lifecycle: GA par_request_expiry: type: - integer - 'null' description: Specifies how long, in seconds, a Pushed Authorization Request URI remains valid minimum: 10 maximum: 600 token_quota: $ref: '#/components/schemas/TokenQuota' x-release-lifecycle: EA express_configuration: $ref: '#/components/schemas/ExpressConfiguration' my_organization_configuration: $ref: '#/components/schemas/ClientMyOrganizationResponseConfiguration' x-release-lifecycle: EA third_party_security_mode: $ref: '#/components/schemas/ClientThirdPartySecurityModeEnum' x-release-lifecycle: GA redirection_policy: $ref: '#/components/schemas/ClientRedirectionPolicyEnum' x-release-lifecycle: GA resource_server_identifier: type: string description: The identifier of the resource server that this client is linked to. async_approval_notification_channels: $ref: '#/components/schemas/ClientAsyncApprovalNotificationsChannelsAPIPostConfiguration' external_metadata_type: $ref: '#/components/schemas/ClientExternalMetadataTypeEnum' external_metadata_created_by: $ref: '#/components/schemas/ClientExternalMetadataCreatedByEnum' external_client_id: type: string description: An alternate client identifier to be used during authorization flows. Only supports CIMD-based client identifiers. format: absolute-https-uri-or-empty jwks_uri: type: string description: URL for the JSON Web Key Set (JWKS) containing the public keys used for private_key_jwt authentication. Only present for CIMD clients using private_key_jwt authentication. format: absolute-https-uri-or-empty RotateConnectionKeysRequestContent: type: - object - 'null' additionalProperties: false properties: signing_alg: $ref: '#/components/schemas/RotateConnectionKeysSigningAlgEnum' RotateConnectionKeysSigningAlgEnum: type: string description: Selected Signing Algorithm enum: - RS256 - RS384 - RS512 - PS256 - PS384 - ES256 - ES384 RotateConnectionsKeysResponseContent: type: object additionalProperties: true required: - cert - kid - fingerprint - thumbprint properties: kid: type: string description: The key id of the signing key maxLength: 255 cert: type: string description: The public certificate of the signing key default: "-----BEGIN CERTIFICATE-----\r\nMIIDDTCCA...YiA0TQhAt8=\r\n-----END CERTIFICATE-----" maxLength: 4096 pkcs: type: string description: The public certificate of the signing key in pkcs7 format default: "-----BEGIN PKCS7-----\r\nMIIDPA....t8xAA==\r\n-----END PKCS7-----" maxLength: 4096 next: type: boolean description: True if the key is the the next key fingerprint: type: string description: The cert fingerprint default: CC:FB:DD:D8:9A:B5:DE:1B:F0:CC:36:D2:99:59:21:12:03:DD:A8:25 thumbprint: type: string description: The cert thumbprint default: CCFBDDD89AB5DE1BF0CC36D29959211203DDA825 maxLength: 255 algorithm: type: string description: Signing key algorithm key_use: $ref: '#/components/schemas/ConnectionKeyUseEnum' subject_dn: type: string maxLength: 132 RotateSigningKeysResponseContent: type: object additionalProperties: true required: - cert - kid properties: cert: type: string description: Next key certificate default: "-----BEGIN CERTIFICATE-----\r\nMIIDDTCCA...YiA0TQhAt8=\r\n-----END CERTIFICATE-----" kid: type: string description: Next key id default: 21hi274Rp02112mgkUGma Rule: type: object additionalProperties: false properties: name: type: string description: Name of this rule. default: rule_1 id: type: string description: ID of this rule. default: con_0000000000000001 enabled: type: boolean description: Whether the rule is enabled (true), or disabled (false). default: true script: type: string description: Code to be executed when this rule runs. default: "function (user, context, callback) {\n callback(null, user, context);\n}" order: type: number description: Order that this rule should execute in relative to other rules. Lower-valued rules execute first. default: 1 stage: type: string description: Execution stage of this rule. Can be `login_success`, `login_failure`, or `pre_authorize`. default: login_success RulesConfig: type: object additionalProperties: true properties: key: type: string description: Key for a rules config variable. default: MY_RULES_CONFIG_KEY minLength: 1 maxLength: 127 pattern: ^[A-Za-z0-9_\-@*+:]*$ ScimConfiguration: type: object additionalProperties: false required: - tenant_name - connection_id - connection_name - strategy - created_at - updated_on - mapping - user_id_attribute properties: connection_id: type: string description: The connection's identifier connection_name: type: string description: The connection's name strategy: type: string description: The connection's strategy tenant_name: type: string description: The tenant's name user_id_attribute: type: string description: User ID attribute for generating unique user ids mapping: type: array description: The mapping between auth0 and SCIM items: $ref: '#/components/schemas/ScimMappingItem' created_at: type: string description: The ISO 8601 date and time the SCIM configuration was created at format: date-time updated_on: type: string description: The ISO 8601 date and time the SCIM configuration was last updated on format: date-time ScimMappingItem: type: object additionalProperties: true properties: auth0: type: string description: The field location in the auth0 schema scim: type: string description: The field location in the SCIM schema ScimTokenItem: type: object additionalProperties: true properties: token_id: type: string description: The token's identifier scopes: type: array description: The scopes of the scim token items: type: string description: The token's scope created_at: type: string description: The token's created at timestamp valid_until: type: string description: The token's valid until timestamp last_used_at: type: string description: The token's last used at timestamp ScreenGroupNameEnum: type: string description: Name of the screen enum: - login - login-id - login-password - login-passwordless-email-code - login-passwordless-email-link - login-passwordless-sms-otp - login-email-verification - signup - signup-id - signup-password - phone-identifier-enrollment - phone-identifier-challenge - email-identifier-challenge - reset-password-request - reset-password-email - reset-password - reset-password-success - reset-password-error - reset-password-mfa-email-challenge - reset-password-mfa-otp-challenge - reset-password-mfa-phone-challenge - reset-password-mfa-push-challenge-push - reset-password-mfa-recovery-code-challenge - reset-password-mfa-sms-challenge - reset-password-mfa-voice-challenge - reset-password-mfa-webauthn-platform-challenge - reset-password-mfa-webauthn-roaming-challenge - custom-form - consent - customized-consent - logout - logout-complete - logout-aborted - mfa-push-welcome - mfa-push-enrollment-qr - mfa-push-enrollment-code - mfa-push-success - mfa-push-challenge-push - mfa-push-list - mfa-otp-enrollment-qr - mfa-otp-enrollment-code - mfa-otp-challenge - mfa-voice-enrollment - mfa-voice-challenge - mfa-phone-challenge - mfa-phone-enrollment - mfa-webauthn-platform-enrollment - mfa-webauthn-roaming-enrollment - mfa-webauthn-platform-challenge - mfa-webauthn-roaming-challenge - mfa-webauthn-change-key-nickname - mfa-webauthn-enrollment-success - mfa-webauthn-error - mfa-webauthn-not-available-error - mfa-country-codes - mfa-sms-enrollment - mfa-sms-challenge - mfa-sms-list - mfa-email-challenge - mfa-email-list - mfa-recovery-code-enrollment - mfa-recovery-code-challenge-new-code - mfa-recovery-code-challenge - mfa-detect-browser-capabilities - mfa-enroll-result - mfa-login-options - mfa-begin-enroll-options - status - device-code-activation - device-code-activation-allowed - device-code-activation-denied - device-code-confirmation - email-verification-result - email-otp-challenge - organization-selection - organization-picker - pre-login-organization-picker - accept-invitation - redeem-ticket - passkey-enrollment - passkey-enrollment-local - interstitial-captcha - brute-force-protection-unblock - brute-force-protection-unblock-success - brute-force-protection-unblock-failure - async-approval-error - async-approval-accepted - async-approval-denied - async-approval-wrong-user SearchEngineVersionsEnum: type: string enum: - v1 - v2 - v3 description: The version of the search engine SelfServiceProfile: type: object additionalProperties: false properties: id: type: string description: The unique ID of the self-service Profile. default: ssp_n7SNCL8seoyV1TuSTCnAeo name: type: string description: The name of the self-service Profile. description: type: string description: The description of the self-service Profile. user_attributes: type: array description: List of attributes to be mapped that will be shown to the user during the Self-Service Enterprise Configuration flow. items: $ref: '#/components/schemas/SelfServiceProfileUserAttribute' created_at: type: string description: The time when this self-service Profile was created. default: '2021-01-01T00:00:00.000Z' format: date-time updated_at: type: string description: The time when this self-service Profile was updated. default: '2021-01-01T00:00:00.000Z' format: date-time branding: $ref: '#/components/schemas/SelfServiceProfileBrandingProperties' allowed_strategies: type: array description: 'List of IdP strategies that will be shown to users during the Self-Service Enterprise Configuration flow. Possible values: [`oidc`, `samlp`, `waad`, `google-apps`, `adfs`, `okta`, `auth0-samlp`, `okta-samlp`, `keycloak-samlp`, `pingfederate`]' minItems: 1 items: $ref: '#/components/schemas/SelfServiceProfileAllowedStrategyEnum' user_attribute_profile_id: type: string description: ID of the user-attribute-profile to associate with this self-service profile. format: user-attribute-profile-id x-release-lifecycle: EA SelfServiceProfileAllowedStrategyEnum: type: string enum: - oidc - samlp - waad - google-apps - adfs - okta - auth0-samlp - okta-samlp - keycloak-samlp - pingfederate SelfServiceProfileBranding: oneOf: - $ref: '#/components/schemas/SelfServiceProfileBrandingProperties' - type: 'null' SelfServiceProfileBrandingColors: type: object additionalProperties: true required: - primary properties: primary: type: string pattern: ^#([\dA-Fa-f]{6}|[\dA-Fa-f]{3})$ SelfServiceProfileBrandingProperties: type: object additionalProperties: true properties: logo_url: type: string maxLength: 1024 format: uri pattern: ^https:// colors: $ref: '#/components/schemas/SelfServiceProfileBrandingColors' SelfServiceProfileCustomTextLanguageEnum: type: string enum: - en description: The language of the custom text. SelfServiceProfileCustomTextPageEnum: type: string enum: - get-started description: The page where the custom text is shown. SelfServiceProfileDescription: type: - string - 'null' description: The description of the self-service Profile. minLength: 1 maxLength: 140 SelfServiceProfileSsoTicketConnectionConfig: type: object description: If provided, this will create a new connection for the Self-Service Enterprise Configuration flow with the given configuration additionalProperties: false required: - name properties: name: type: string description: The name of the connection that will be created as a part of the Self-Service Enterprise Configuration flow. default: sso-generated-SAML-customer-12 minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$ display_name: type: string description: Connection name used in the new universal login experience maxLength: 128 is_domain_connection: type: boolean description: true promotes to a domain-level connection so that third-party applications can use it. false does not promote the connection, so only first-party applications with the connection enabled can use it. (Defaults to false.) show_as_button: type: boolean description: Enables showing a button for the connection in the login page (new experience only). If false, it will be usable only by HRD. (Defaults to false.) metadata: $ref: '#/components/schemas/ConnectionsMetadata' options: $ref: '#/components/schemas/SelfServiceProfileSsoTicketConnectionOptions' SelfServiceProfileSsoTicketConnectionOptions: type: - object - 'null' description: The connection's options (depend on the connection strategy) additionalProperties: false properties: icon_url: type: - string - 'null' description: URL for the icon. Must use HTTPS. format: strict-https-uri-or-null domain_aliases: type: - array - 'null' description: List of domain_aliases that can be authenticated in the Identity Provider items: type: string minLength: 1 maxLength: 255 idpinitiated: $ref: '#/components/schemas/SelfServiceProfileSsoTicketIdpInitiatedOptions' SelfServiceProfileSsoTicketDomainAliasesConfig: type: object description: Configuration for the setup of the connection’s domain_aliases in the Self-Service Enterprise Configuration flow. additionalProperties: false required: - domain_verification properties: domain_verification: $ref: '#/components/schemas/SelfServiceProfileSsoTicketDomainVerificationEnum' pending_domains: type: array description: List of domains that will be submitted for verification during the Self-Service Enterprise Configuration flow. x-release-lifecycle: GA items: type: string minLength: 1 maxLength: 255 SelfServiceProfileSsoTicketDomainVerificationEnum: type: string description: Whether the end user should complete the domain verification step. Possible values are 'none' (the step is not shown to the user), 'optional' (the user may add a domain alias in the domain verification step) or 'required' (the user must add a domain alias in order to enable the connection). Defaults to 'none'. enum: - none - optional - required SelfServiceProfileSsoTicketEnabledFeatures: type: object description: Specifies which features are enabled for an "edit connection" ticket. Only applicable when connection ID is provided. additionalProperties: false x-release-lifecycle: GA properties: sso: type: boolean description: Whether SSO configuration is enabled in this ticket. domain_verification: type: boolean description: Whether domain verification is enabled in this ticket. provisioning: type: boolean description: Whether provisioning configuration is enabled in this ticket. SelfServiceProfileSsoTicketEnabledOrganization: type: object additionalProperties: false required: - organization_id properties: organization_id: type: string description: Organization identifier. maxLength: 50 format: organization-id assign_membership_on_login: type: boolean description: When true, all users that log in with this connection will be automatically granted membership in the organization. When false, users must be granted membership in the organization before logging in with this connection. show_as_button: type: boolean description: 'Determines whether a connection should be displayed on this organization’s login prompt. Only applicable for enterprise connections. Default: true.' SelfServiceProfileSsoTicketGoogleWorkspaceConfig: type: object description: Configuration for Google Workspace Directory Sync during the self-service flow. additionalProperties: false required: - sync_users x-release-lifecycle: GA properties: sync_users: type: boolean description: Whether to enable Google Workspace Directory Sync for users during the self-service flow. SelfServiceProfileSsoTicketIdpInitiatedClientProtocolEnum: type: string description: The protocol used to connect to the the default application enum: - samlp - wsfed - oauth2 SelfServiceProfileSsoTicketIdpInitiatedOptions: type: - object - 'null' description: Allows IdP-initiated login additionalProperties: false properties: enabled: type: boolean description: Enables IdP-initiated login for this connection client_id: type: string description: Default application client_id user is redirected to after validated SAML response format: client-id client_protocol: $ref: '#/components/schemas/SelfServiceProfileSsoTicketIdpInitiatedClientProtocolEnum' client_authorizequery: type: string description: 'Query string options to customize the behaviour for OpenID Connect when idpinitiated.client_protocol is oauth2. Allowed parameters: redirect_uri, scope, response_type. For example, redirect_uri=https://jwt.io&scope=openid email&response_type=token' maxLength: 256 SelfServiceProfileSsoTicketProvisioningConfig: type: object description: Configuration for the setup of Provisioning in the self-service flow. additionalProperties: false x-release-lifecycle: GA properties: scopes: type: array description: The scopes of the SCIM tokens generated during the self-service flow. minItems: 1 items: $ref: '#/components/schemas/SelfServiceProfileSsoTicketProvisioningScopeEnum' google_workspace: $ref: '#/components/schemas/SelfServiceProfileSsoTicketGoogleWorkspaceConfig' x-release-lifecycle: GA token_lifetime: description: Lifetime of the tokens in seconds. Must be greater than 900. If not provided, the tokens don't expire. type: - integer - 'null' minimum: 900 SelfServiceProfileSsoTicketProvisioningScopeEnum: type: string enum: - get:users - post:users - put:users - patch:users - delete:users - get:groups - post:groups - put:groups - patch:groups - delete:groups SelfServiceProfileUserAttribute: type: object additionalProperties: false required: - name - description - is_optional properties: name: type: string description: Identifier of this attribute. maxLength: 250 description: type: string description: Description of this attribute. is_optional: type: boolean description: Determines if this attribute is required SelfServiceProfileUserAttributes: type: - array - 'null' description: List of attributes to be mapped that will be shown to the user during the Self-Service Enterprise Configuration flow. items: $ref: '#/components/schemas/SelfServiceProfileUserAttribute' SessionAuthenticationSignal: type: object description: Authentication signal details additionalProperties: true properties: name: type: string description: 'One of: "federated", "passkey", "pwd", "sms", "email", "mfa", "mock" or a custom method denoted by a URL' timestamp: $ref: '#/components/schemas/SessionDate' type: type: string description: A specific MFA factor. Only present when "name" is set to "mfa" SessionAuthenticationSignals: type: object description: Details about authentication signals obtained during the login flow additionalProperties: true properties: methods: type: array description: Contains the authentication methods a user has completed during their session items: $ref: '#/components/schemas/SessionAuthenticationSignal' SessionClientMetadata: type: object description: Client details additionalProperties: true properties: client_id: type: string description: ID of client for the session SessionCookieMetadata: type: object description: '[Private Early Access] Session cookie configuration.' additionalProperties: true properties: mode: $ref: '#/components/schemas/SessionCookieMetadataModeEnum' SessionCookieMetadataModeEnum: type: string description: '[Private Early Access] The persistence mode of the session cookie. When set to "non-persistent" (ephemeral), the cookie will be deleted when the browser is closed. When set to "persistent", the cookie will be stored until it expires or is deleted by the user.' enum: - non-persistent - persistent SessionCookieModeEnum: type: string description: Behavior of the session cookie default: persistent enum: - persistent - non-persistent SessionCookieSchema: type: - object - 'null' description: Session cookie configuration additionalProperties: false required: - mode properties: mode: $ref: '#/components/schemas/SessionCookieModeEnum' SessionDate: oneOf: - type: string description: The date and time when the session was created format: date-time - type: object description: The date and time when the session was created additionalProperties: true - type: 'null' SessionDeviceMetadata: type: object description: Metadata related to the device used in the session additionalProperties: true properties: initial_user_agent: type: string description: First user agent of the device from which this user logged in initial_ip: $ref: '#/components/schemas/SessionIp' initial_asn: type: string description: First autonomous system number associated with this session last_user_agent: type: string description: Last user agent of the device from which this user logged in last_ip: $ref: '#/components/schemas/SessionIp' last_asn: type: string description: Last autonomous system number from which this user logged in SessionIp: type: - string - 'null' description: First IP address associated with this session SessionMetadata: type: - object - 'null' description: Metadata associated with the session, in the form of an object with string values (max 255 chars). Maximum of 25 metadata properties allowed. additionalProperties: true maxProperties: 25 SessionResponseContent: type: object additionalProperties: true properties: id: type: string description: The ID of the session user_id: type: string description: ID of the user which can be used when interacting with other APIs. created_at: $ref: '#/components/schemas/SessionDate' updated_at: $ref: '#/components/schemas/SessionDate' authenticated_at: $ref: '#/components/schemas/SessionDate' idle_expires_at: $ref: '#/components/schemas/SessionDate' expires_at: $ref: '#/components/schemas/SessionDate' last_interacted_at: $ref: '#/components/schemas/SessionDate' device: $ref: '#/components/schemas/SessionDeviceMetadata' clients: type: array description: List of client details for the session items: $ref: '#/components/schemas/SessionClientMetadata' authentication: $ref: '#/components/schemas/SessionAuthenticationSignals' cookie: $ref: '#/components/schemas/SessionCookieMetadata' session_metadata: $ref: '#/components/schemas/SessionMetadata' SetCustomSigningKeysRequestContent: type: object description: JWKS representing an array of custom public signing keys. additionalProperties: false required: - keys properties: keys: type: array description: An array of custom public signing keys. minItems: 1 items: $ref: '#/components/schemas/CustomSigningKeyJWK' SetCustomSigningKeysResponseContent: type: object description: JWKS representing an array of custom public signing keys. additionalProperties: false properties: keys: type: array description: An array of custom public signing keys. items: $ref: '#/components/schemas/CustomSigningKeyJWK' SetDefaultCustomDomainRequestContent: type: object additionalProperties: false required: - domain properties: domain: type: string description: The domain to set as the default custom domain. Must be a verified custom domain or the canonical domain. minLength: 3 maxLength: 255 SetEmailTemplateRequestContent: type: object additionalProperties: false required: - template - body - from - subject - syntax - enabled properties: template: $ref: '#/components/schemas/EmailTemplateNameEnum' body: type: - string - 'null' description: Body of the email template. from: type: - string - 'null' description: Senders `from` email address. default: sender@auth0.com resultUrl: type: - string - 'null' description: URL to redirect the user to after a successful action. subject: type: - string - 'null' description: Subject line of the email. syntax: type: - string - 'null' description: Syntax of the template body. default: liquid urlLifetimeInSeconds: type: - number - 'null' description: Lifetime in seconds that the link within the email will be valid for. minimum: 0 includeEmailInRedirect: type: boolean description: Whether the `reset_email` and `verify_email` templates should include the user's email address as the `email` parameter in the returnUrl (true) or whether no email address should be included in the redirect (false). Defaults to true. enabled: type: - boolean - 'null' description: Whether the template is enabled (true) or disabled (false). SetEmailTemplateResponseContent: type: object additionalProperties: false required: - template - body - from - subject - syntax - enabled properties: template: $ref: '#/components/schemas/EmailTemplateNameEnum' body: type: - string - 'null' description: Body of the email template. from: type: - string - 'null' description: Senders `from` email address. default: sender@auth0.com resultUrl: type: - string - 'null' description: URL to redirect the user to after a successful action. subject: type: - string - 'null' description: Subject line of the email. syntax: type: - string - 'null' description: Syntax of the template body. default: liquid urlLifetimeInSeconds: type: - number - 'null' description: Lifetime in seconds that the link within the email will be valid for. minimum: 0 includeEmailInRedirect: type: boolean description: Whether the `reset_email` and `verify_email` templates should include the user's email address as the `email` parameter in the returnUrl (true) or whether no email address should be included in the redirect (false). Defaults to true. enabled: type: - boolean - 'null' description: Whether the template is enabled (true) or disabled (false). SetGuardianFactorDuoSettingsRequestContent: type: object additionalProperties: false properties: ikey: type: string maxLength: 10000 skey: type: string maxLength: 10000 format: non-empty-string host: type: string maxLength: 10000 SetGuardianFactorDuoSettingsResponseContent: type: object additionalProperties: false properties: ikey: type: string maxLength: 10000 skey: type: string maxLength: 10000 format: non-empty-string host: type: string maxLength: 10000 SetGuardianFactorPhoneMessageTypesRequestContent: type: object additionalProperties: false required: - message_types properties: message_types: type: array description: The list of phone factors to enable on the tenant. Can include `sms` and `voice`. items: $ref: '#/components/schemas/GuardianFactorPhoneFactorMessageTypeEnum' SetGuardianFactorPhoneMessageTypesResponseContent: type: object additionalProperties: false properties: message_types: type: array description: The list of phone factors to enable on the tenant. Can include `sms` and `voice`. items: $ref: '#/components/schemas/GuardianFactorPhoneFactorMessageTypeEnum' SetGuardianFactorPhoneTemplatesRequestContent: type: object additionalProperties: false required: - enrollment_message - verification_message properties: enrollment_message: type: string description: Message sent to the user when they are invited to enroll with a phone number. default: '{{code}} is your verification code for {{tenant.friendly_name}}. Please enter this code to verify your enrollment.' verification_message: type: string description: Message sent to the user when they are prompted to verify their account. default: '{{code}} is your verification code for {{tenant.friendly_name}}' SetGuardianFactorPhoneTemplatesResponseContent: type: object additionalProperties: false required: - enrollment_message - verification_message properties: enrollment_message: type: string description: Message sent to the user when they are invited to enroll with a phone number. default: '{{code}} is your verification code for {{tenant.friendly_name}}. Please enter this code to verify your enrollment.' verification_message: type: string description: Message sent to the user when they are prompted to verify their account. default: '{{code}} is your verification code for {{tenant.friendly_name}}' SetGuardianFactorRequestContent: type: object additionalProperties: false required: - enabled properties: enabled: type: boolean description: Whether this factor is enabled (true) or disabled (false). SetGuardianFactorResponseContent: type: object additionalProperties: false required: - enabled properties: enabled: type: boolean description: Whether this factor is enabled (true) or disabled (false). SetGuardianFactorSmsTemplatesRequestContent: type: object additionalProperties: false required: - enrollment_message - verification_message properties: enrollment_message: type: string description: Message sent to the user when they are invited to enroll with a phone number. default: '{{code}} is your verification code for {{tenant.friendly_name}}. Please enter this code to verify your enrollment.' verification_message: type: string description: Message sent to the user when they are prompted to verify their account. default: '{{code}} is your verification code for {{tenant.friendly_name}}' SetGuardianFactorSmsTemplatesResponseContent: type: object additionalProperties: false required: - enrollment_message - verification_message properties: enrollment_message: type: string description: Message sent to the user when they are invited to enroll with a phone number. default: '{{code}} is your verification code for {{tenant.friendly_name}}. Please enter this code to verify your enrollment.' verification_message: type: string description: Message sent to the user when they are prompted to verify their account. default: '{{code}} is your verification code for {{tenant.friendly_name}}' SetGuardianFactorsProviderPhoneRequestContent: type: object additionalProperties: false required: - provider properties: provider: $ref: '#/components/schemas/GuardianFactorsProviderSmsProviderEnum' SetGuardianFactorsProviderPhoneResponseContent: type: object additionalProperties: false properties: provider: $ref: '#/components/schemas/GuardianFactorsProviderSmsProviderEnum' SetGuardianFactorsProviderPhoneTwilioRequestContent: type: object additionalProperties: false properties: from: type: - string - 'null' description: From number default: '+1223323' minLength: 0 maxLength: 64 messaging_service_sid: type: - string - 'null' description: Copilot SID default: 5dEkAiHLPCuQ1uJj4qNXcAnERFAL6cpq minLength: 1 maxLength: 1000 auth_token: type: - string - 'null' description: Twilio Authentication token default: zw5Ku6z2sxhd0ZVXto5SDHX6KPDByJPU minLength: 1 maxLength: 1000 sid: type: - string - 'null' description: Twilio SID default: wywA2BH4VqTpfywiDuyDAYZL3xQjoO40 minLength: 1 maxLength: 1000 SetGuardianFactorsProviderPhoneTwilioResponseContent: type: object additionalProperties: false properties: from: type: - string - 'null' description: From number default: '+1223323' minLength: 0 maxLength: 64 messaging_service_sid: type: - string - 'null' description: Copilot SID default: 5dEkAiHLPCuQ1uJj4qNXcAnERFAL6cpq minLength: 1 maxLength: 1000 auth_token: type: - string - 'null' description: Twilio Authentication token default: zw5Ku6z2sxhd0ZVXto5SDHX6KPDByJPU minLength: 1 maxLength: 1000 sid: type: - string - 'null' description: Twilio SID default: wywA2BH4VqTpfywiDuyDAYZL3xQjoO40 minLength: 1 maxLength: 1000 SetGuardianFactorsProviderPushNotificationApnsRequestContent: type: object additionalProperties: false properties: sandbox: type: boolean bundle_id: type: - string - 'null' minLength: 1 maxLength: 1000 p12: type: - string - 'null' minLength: 1 maxLength: 10000 SetGuardianFactorsProviderPushNotificationApnsResponseContent: type: object additionalProperties: false properties: sandbox: type: boolean bundle_id: type: - string - 'null' minLength: 1 maxLength: 1000 SetGuardianFactorsProviderPushNotificationFcmRequestContent: type: object additionalProperties: false properties: server_key: type: - string - 'null' minLength: 1 maxLength: 152 SetGuardianFactorsProviderPushNotificationFcmResponseContent: type: object additionalProperties: true minProperties: 0 maxProperties: 0 SetGuardianFactorsProviderPushNotificationFcmv1RequestContent: type: object additionalProperties: false properties: server_credentials: type: - string - 'null' minLength: 1 maxLength: 10000 SetGuardianFactorsProviderPushNotificationFcmv1ResponseContent: type: object additionalProperties: true minProperties: 0 maxProperties: 0 SetGuardianFactorsProviderPushNotificationRequestContent: type: object additionalProperties: false required: - provider properties: provider: $ref: '#/components/schemas/GuardianFactorsProviderPushNotificationProviderDataEnum' SetGuardianFactorsProviderPushNotificationResponseContent: type: object additionalProperties: false properties: provider: $ref: '#/components/schemas/GuardianFactorsProviderPushNotificationProviderDataEnum' SetGuardianFactorsProviderPushNotificationSnsRequestContent: type: object additionalProperties: false properties: aws_access_key_id: type: - string - 'null' default: wywA2BH4VqTpfywiDuyDAYZL3xQjoO40 minLength: 1 maxLength: 1000 aws_secret_access_key: type: - string - 'null' default: B1ER5JHDGJL3C4sVAKK7SBsq806R3IpL minLength: 1 maxLength: 1000 aws_region: type: - string - 'null' default: us-west-1 minLength: 1 maxLength: 1000 pattern: ^(?:us-east-[0-9]{1,2}|us-west-[0-9]{1,2}|ap-southeast-[0-9]{1,2}|ap-northeast-[0-9]{1,2}|ap-central-[0-9]{1,2}|eu-west-[0-9]{1,2}|eu-central-[0-9]{1,2})$ sns_apns_platform_application_arn: type: - string - 'null' minLength: 1 maxLength: 1000 sns_gcm_platform_application_arn: type: - string - 'null' default: urn://yRMeBxgcCXh8MeTXPBAxhQnm6gP6f5nP minLength: 1 maxLength: 1000 SetGuardianFactorsProviderPushNotificationSnsResponseContent: type: object additionalProperties: false properties: aws_access_key_id: type: - string - 'null' default: wywA2BH4VqTpfywiDuyDAYZL3xQjoO40 minLength: 1 maxLength: 1000 aws_secret_access_key: type: - string - 'null' default: B1ER5JHDGJL3C4sVAKK7SBsq806R3IpL minLength: 1 maxLength: 1000 aws_region: type: - string - 'null' default: us-west-1 minLength: 1 maxLength: 1000 pattern: ^(?:us-east-[0-9]{1,2}|us-west-[0-9]{1,2}|ap-southeast-[0-9]{1,2}|ap-northeast-[0-9]{1,2}|ap-central-[0-9]{1,2}|eu-west-[0-9]{1,2}|eu-central-[0-9]{1,2})$ sns_apns_platform_application_arn: type: - string - 'null' minLength: 1 maxLength: 1000 sns_gcm_platform_application_arn: type: - string - 'null' default: urn://yRMeBxgcCXh8MeTXPBAxhQnm6gP6f5nP minLength: 1 maxLength: 1000 SetGuardianFactorsProviderSmsRequestContent: type: object additionalProperties: false required: - provider properties: provider: $ref: '#/components/schemas/GuardianFactorsProviderSmsProviderEnum' SetGuardianFactorsProviderSmsResponseContent: type: object additionalProperties: false properties: provider: $ref: '#/components/schemas/GuardianFactorsProviderSmsProviderEnum' SetGuardianFactorsProviderSmsTwilioRequestContent: type: object additionalProperties: false properties: from: type: - string - 'null' description: From number default: '+1223323' minLength: 0 maxLength: 64 messaging_service_sid: type: - string - 'null' description: Copilot SID default: 5dEkAiHLPCuQ1uJj4qNXcAnERFAL6cpq minLength: 1 maxLength: 1000 auth_token: type: - string - 'null' description: Twilio Authentication token default: zw5Ku6z2sxhd0ZVXto5SDHX6KPDByJPU minLength: 1 maxLength: 1000 sid: type: - string - 'null' description: Twilio SID default: wywA2BH4VqTpfywiDuyDAYZL3xQjoO40 minLength: 1 maxLength: 1000 SetGuardianFactorsProviderSmsTwilioResponseContent: type: object additionalProperties: false properties: from: type: - string - 'null' description: From number default: '+1223323' minLength: 0 maxLength: 64 messaging_service_sid: type: - string - 'null' description: Copilot SID default: 5dEkAiHLPCuQ1uJj4qNXcAnERFAL6cpq minLength: 1 maxLength: 1000 auth_token: type: - string - 'null' description: Twilio Authentication token default: zw5Ku6z2sxhd0ZVXto5SDHX6KPDByJPU minLength: 1 maxLength: 1000 sid: type: - string - 'null' description: Twilio SID default: wywA2BH4VqTpfywiDuyDAYZL3xQjoO40 minLength: 1 maxLength: 1000 SetGuardianPoliciesRequestContent: type: array items: $ref: '#/components/schemas/MFAPolicyEnum' SetGuardianPoliciesResponseContent: type: array items: $ref: '#/components/schemas/MFAPolicyEnum' SetNetworkAclRequestContent: type: object additionalProperties: false required: - description - active - rule properties: description: type: string maxLength: 255 active: type: boolean description: Indicates whether or not this access control list is actively being used priority: type: number description: Indicates the order in which the ACL will be evaluated relative to other ACL rules. default: 50 minimum: 1 maximum: 100 rule: $ref: '#/components/schemas/NetworkAclRule' SetNetworkAclsResponseContent: type: object additionalProperties: true properties: id: type: string description: type: string active: type: boolean priority: type: number minimum: 1 maximum: 100 rule: $ref: '#/components/schemas/NetworkAclRule' created_at: type: string description: The timestamp when the Network ACL Configuration was created updated_at: type: string description: The timestamp when the Network ACL Configuration was last updated SetPartialsRequestContent: type: object description: An object containing template partials for a group of screens. additionalProperties: true SetRulesConfigRequestContent: type: object additionalProperties: false required: - value properties: value: type: string description: Value for a rules config variable. default: MY_RULES_CONFIG_VALUE SetRulesConfigResponseContent: type: object additionalProperties: true required: - key - value properties: key: type: string description: Key for a rules config variable. default: MY_RULES_CONFIG_KEY minLength: 1 maxLength: 127 pattern: ^[A-Za-z0-9_\-@*+:]*$ value: type: string description: Value for a rules config variable. default: MY_RULES_CONFIG_VALUE SetSelfServiceProfileCustomTextRequestContent: type: object description: The list of text keys and values to customize the Self-Service Enterprise Configuration flow page. Values can be plain text or rich HTML content limited to basic styling tags and hyperlinks. additionalProperties: type: string maxLength: 2000 SetSelfServiceProfileCustomTextResponseContent: type: object description: The resulting list of custom text keys and values. additionalProperties: type: string SetUserAuthenticationMethodResponseContent: type: object description: The successfully created authentication method. additionalProperties: false required: - type properties: id: type: string description: The ID of the newly created authentication method (automatically generated by the application) format: authenticator-id type: $ref: '#/components/schemas/CreatedAuthenticationMethodTypeEnum' name: type: string description: A human-readable label to identify the authentication method. totp_secret: type: string description: Base32 encoded secret for TOTP generation phone_number: type: string description: Applies to phone authentication methods only. The destination phone number used to send verification codes via text and voice. minLength: 2 maxLength: 30 email: type: string description: Applies to email authentication methods only. The email address used to send verification messages. authentication_methods: type: array items: $ref: '#/components/schemas/UserAuthenticationMethodProperties' preferred_authentication_method: $ref: '#/components/schemas/PreferredAuthenticationMethodEnum' description: Preferred phone authentication method key_id: type: string description: Applies to webauthn authenticators only. The id of the credential. public_key: type: string description: Applies to webauthn authenticators only. The public key. aaguid: type: string description: Applies to passkeys only. Authenticator Attestation Globally Unique Identifier. relying_party_identifier: type: string description: Applies to webauthn authenticators only. The relying party identifier. created_at: type: string description: Authentication method creation date format: date-time SetUserAuthenticationMethods: type: object additionalProperties: false required: - type properties: type: $ref: '#/components/schemas/AuthenticationTypeEnum' preferred_authentication_method: $ref: '#/components/schemas/PreferredAuthenticationMethodEnum' name: type: string description: AA human-readable label to identify the authentication method. minLength: 1 maxLength: 20 phone_number: type: string description: Applies to phone authentication methods only. The destination phone number used to send verification codes via text and voice. minLength: 2 maxLength: 30 email: type: string description: Applies to email authentication methods only. The email address used to send verification messages. minLength: 1 totp_secret: type: string description: Applies to totp authentication methods only. The base32 encoded secret for TOTP generation. minLength: 1 SetUserAuthenticationMethodsRequestContent: type: array items: $ref: '#/components/schemas/SetUserAuthenticationMethods' SetsCustomTextsByLanguageRequestContent: type: object description: An object containing custom dictionaries for a group of screens. additionalProperties: true SigningAlgorithmEnum: type: string description: Algorithm used to sign JWTs. Can be `HS256` (default) or `RS256`. `PS256` available via addon. default: HS256 enum: - HS256 - RS256 - RS512 - PS256 SigningKeys: type: object additionalProperties: false required: - cert - kid - fingerprint - thumbprint properties: kid: type: string description: The key id of the signing key default: 21hi274Rp02112mgkUGma cert: type: string description: The public certificate of the signing key default: "-----BEGIN CERTIFICATE-----\r\nMIIDDTCCA...YiA0TQhAt8=\r\n-----END CERTIFICATE-----" pkcs7: type: string description: The public certificate of the signing key in pkcs7 format default: "-----BEGIN PKCS7-----\r\nMIIDPA....t8xAA==\r\n-----END PKCS7-----" current: type: boolean description: True if the key is the the current key default: true next: type: boolean description: True if the key is the the next key previous: type: boolean description: True if the key is the the previous key current_since: $ref: '#/components/schemas/SigningKeysDate' current_until: $ref: '#/components/schemas/SigningKeysDate' fingerprint: type: string description: The cert fingerprint default: CC:FB:DD:D8:9A:B5:DE:1B:F0:CC:36:D2:99:59:21:12:03:DD:A8:25 thumbprint: type: string description: The cert thumbprint default: CCFBDDD89AB5DE1BF0CC36D29959211203DDA825 revoked: type: boolean description: True if the key is revoked revoked_at: $ref: '#/components/schemas/SigningKeysDate' SigningKeysDate: oneOf: - type: string description: The date and time when the key became the current key - type: object description: The date and time when the key became the current key additionalProperties: true SignupSchema: type: object additionalProperties: false properties: status: $ref: '#/components/schemas/SignupStatusEnum' SignupStatusEnum: type: string enum: - required - optional - inactive SignupVerification: type: object additionalProperties: false properties: active: type: boolean SignupVerified: type: object additionalProperties: false properties: status: $ref: '#/components/schemas/SignupStatusEnum' verification: $ref: '#/components/schemas/SignupVerification' SupportedLocales: type: string enum: - am - ar - ar-EG - ar-SA - az - bg - bn - bs - ca-ES - cnr - cs - cy - da - de - el - en - en-CA - es - es-419 - es-AR - es-MX - et - eu-ES - fa - fi - fr - fr-CA - fr-FR - gl-ES - gu - he - hi - hr - hu - hy - id - is - it - ja - ka - kk - kn - ko - lt - lv - mk - ml - mn - mr - ms - my - nb - nl - nn - 'no' - pa - pl - pt - pt-BR - pt-PT - ro - ru - sk - sl - so - sq - sr - sv - sw - ta - te - th - tl - tr - uk - ur - vi - zgh - zh-CN - zh-HK - zh-MO - zh-TW SuspiciousIPThrottlingAllowlist: type: array description: List of trusted IP addresses that will not have attack protection enforced against them. items: $ref: '#/components/schemas/SuspiciousIPThrottlingAllowlistItem' SuspiciousIPThrottlingAllowlistItem: type: string anyOf: - type: string format: ipv4 - type: string format: cidr - type: string format: ipv6 - type: string format: ipv6_cidr SuspiciousIPThrottlingPreLoginStage: type: object description: Configuration options that apply before every login attempt. additionalProperties: false properties: max_attempts: type: integer description: Total number of attempts allowed per day. default: 100 minimum: 1 maximum: 2500 rate: type: integer description: Interval of time, given in milliseconds, at which new attempts are granted. default: 864000 minimum: 34560 maximum: 86400000 SuspiciousIPThrottlingPreUserRegistrationStage: type: object description: Configuration options that apply before every user registration attempt. additionalProperties: false properties: max_attempts: type: integer description: Total number of attempts allowed. default: 50 minimum: 1 maximum: 72000 rate: type: integer description: Interval of time, given in milliseconds, at which new attempts are granted. default: 1728000 minimum: 1200 maximum: 86400000 SuspiciousIPThrottlingShieldsEnum: type: string enum: - block - admin_notification SuspiciousIPThrottlingStage: type: object description: Holds per-stage configuration options (max_attempts and rate). additionalProperties: false properties: pre-login: $ref: '#/components/schemas/SuspiciousIPThrottlingPreLoginStage' pre-user-registration: $ref: '#/components/schemas/SuspiciousIPThrottlingPreUserRegistrationStage' SynchronizeGroupsEnum: type: string description: Group synchronization configuration enum: - all - 'off' - selected x-release-lifecycle: EA SynchronizedGroupPayload: type: object additionalProperties: false required: - id properties: id: type: string description: Google Workspace Directory group ID. minLength: 1 maxLength: 32 pattern: ^[A-Za-z0-9]+$ TenantOIDCLogoutSettings: type: object description: Settings related to OIDC RP-initiated Logout additionalProperties: false properties: rp_logout_end_session_endpoint_discovery: type: boolean description: Enable the end_session_endpoint URL in the .well-known discovery configuration default: true TenantSettingsDeviceFlow: type: - object - 'null' description: Device Flow configuration additionalProperties: false properties: charset: $ref: '#/components/schemas/TenantSettingsDeviceFlowCharset' mask: type: string description: Mask used to format a generated User Code into a friendly, readable format. default: '****-****' maxLength: 20 TenantSettingsDeviceFlowCharset: type: string description: Character set used to generate a User Code. Can be `base20` or `digits`. default: base20 enum: - base20 - digits TenantSettingsDynamicClientRegistrationSecurityMode: type: string description: Sets the `third_party_security_mode` assigned to clients created via Dynamic Client Registration. `strict` applies enhanced security controls. `permissive` preserves pre-existing behavior and is only available to tenants with prior third-party client usage. enum: - strict - permissive x-release-lifecycle: GA TenantSettingsErrorPage: type: - object - 'null' description: Error page customization. additionalProperties: false properties: html: type: string description: Custom Error HTML (Liquid syntax is supported). default: '' show_log_link: type: boolean description: Whether to show the link to log as part of the default error page (true, default) or not to show the link (false). default: false url: type: string description: URL to redirect to when an error occurs instead of showing the default error page. default: https://mycompany.org/error format: absolute-uri-or-empty TenantSettingsFlags: type: object description: Flags used to change the behavior of this tenant. additionalProperties: false properties: change_pwd_flow_v1: type: boolean description: Whether to use the older v1 change password flow (true, not recommended except for backward compatibility) or the newer safer flow (false, recommended). default: false enable_apis_section: type: boolean description: Whether the APIs section is enabled (true) or disabled (false). default: false disable_impersonation: type: boolean description: Whether the impersonation functionality has been disabled (true) or not (false). Read-only. default: false enable_client_connections: type: boolean description: Whether all current connections should be enabled when a new client (application) is created (true, default) or not (false). default: true enable_pipeline2: type: boolean description: Whether advanced API Authorization scenarios are enabled (true) or disabled (false). default: true allow_legacy_delegation_grant_types: type: boolean description: If enabled, clients are able to add legacy delegation grants. allow_legacy_ro_grant_types: type: boolean description: If enabled, clients are able to add legacy RO grants. allow_legacy_tokeninfo_endpoint: type: boolean description: Whether the legacy `/tokeninfo` endpoint is enabled for your account (true) or unavailable (false). enable_legacy_profile: type: boolean description: Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false). enable_idtoken_api2: type: boolean description: Whether ID tokens can be used to authorize some types of requests to API v2 (true) not not (false). enable_public_signup_user_exists_error: type: boolean description: Whether the public sign up process shows a user_exists error (true) or a generic error (false) if the user already exists. enable_sso: type: boolean description: Whether users are prompted to confirm log in before SSO redirection (false) or are not prompted (true). allow_changing_enable_sso: type: boolean description: Whether the `enable_sso` setting can be changed (true) or not (false). disable_clickjack_protection_headers: type: boolean description: Whether classic Universal Login prompts include additional security headers to prevent clickjacking (true) or no safeguard (false). no_disclose_enterprise_connections: type: boolean description: Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file. enforce_client_authentication_on_passwordless_start: type: boolean description: Enforce client authentication for passwordless start. enable_adfs_waad_email_verification: type: boolean description: Enables the email verification flow during login for Azure AD and ADFS connections revoke_refresh_token_grant: type: boolean description: Delete underlying grant when a Refresh Token is revoked via the Authentication API. dashboard_log_streams_next: type: boolean description: Enables beta access to log streaming changes dashboard_insights_view: type: boolean description: Enables new insights activity page view disable_fields_map_fix: type: boolean description: Disables SAML fields map fix for bad mappings with repeated attributes mfa_show_factor_list_on_enrollment: type: boolean description: Used to allow users to pick what factor to enroll of the available MFA factors. remove_alg_from_jwks: type: boolean description: Removes alg property from jwks .well-known endpoint improved_signup_bot_detection_in_classic: type: boolean description: Improves bot detection during signup in classic universal login genai_trial: type: boolean description: This tenant signed up for the Auth4GenAI trail enable_dynamic_client_registration: type: boolean description: Whether third-party developers can dynamically register applications for your APIs (true) or not (false). This flag enables dynamic client registration. default: false disable_management_api_sms_obfuscation: type: boolean description: If true, SMS phone numbers will not be obfuscated in Management API GET calls. default: true trust_azure_adfs_email_verified_connection_property: type: boolean description: Changes email_verified behavior for Azure AD/ADFS connections when enabled. Sets email_verified to false otherwise. default: false custom_domains_provisioning: type: boolean description: If true, custom domains feature will be enabled for tenant. default: false TenantSettingsGuardianPage: type: - object - 'null' description: Guardian page customization. additionalProperties: false properties: enabled: type: boolean description: Whether to use the custom Guardian HTML (true) or the default Auth0 page (false, default) default: false html: type: string description: ' Custom Guardian HTML (Liquid syntax is supported).' default: '' TenantSettingsMTLS: type: - object - 'null' description: mTLS configuration. additionalProperties: false properties: enable_endpoint_aliases: type: boolean description: If true, enables mTLS endpoint aliases default: false TenantSettingsPasswordPage: type: - object - 'null' description: Change Password page customization. additionalProperties: false properties: enabled: type: boolean description: Whether to use the custom change password HTML (true) or the default Auth0 page (false). Default is to use the Auth0 page. default: false html: type: string description: Custom change password HTML (Liquid syntax supported). default: '' TenantSettingsResourceParameterProfile: type: string description: Profile that determines how the identity of the protected resource (i.e., API) can be specified in the OAuth endpoints when access is being requested. When set to audience (default), the audience parameter is used to specify the resource server. When set to compatibility, the audience parameter is still checked first, but if it not provided, then the resource parameter can be used to specify the resource server. default: audience enum: - audience - compatibility x-release-lifecycle: GA TenantSettingsSessions: type: - object - 'null' description: Sessions related settings for tenant additionalProperties: false properties: oidc_logout_prompt_enabled: type: boolean description: Whether to bypass prompting logic (false) when performing OIDC Logout default: true TenantSettingsSupportedLocalesEnum: type: string enum: - am - ar - ar-EG - ar-SA - az - bg - bn - bs - ca-ES - cnr - cs - cy - da - de - el - en - en-CA - es - es-419 - es-AR - es-MX - et - eu-ES - fa - fi - fr - fr-CA - fr-FR - gl-ES - gu - he - hi - hr - hu - hy - id - is - it - ja - ka - kk - kn - ko - lt - lv - mk - ml - mn - mr - ms - my - nb - nl - nn - 'no' - pa - pl - pt - pt-BR - pt-PT - ro - ru - sk - sl - so - sq - sr - sv - sw - ta - te - th - tl - tr - uk - ur - vi - zgh - zh-CN - zh-HK - zh-MO - zh-TW TestActionPayload: type: object description: The payload for the action. additionalProperties: true TestActionRequestContent: type: object additionalProperties: false required: - payload properties: payload: $ref: '#/components/schemas/TestActionPayload' TestActionResponseContent: type: object additionalProperties: false properties: payload: $ref: '#/components/schemas/TestActionResultPayload' TestActionResultPayload: type: object description: The resulting payload after an action was executed. additionalProperties: true TestCustomDomainResponseContent: type: object additionalProperties: false required: - success properties: success: type: boolean description: Result of the operation. message: type: string description: Message describing the operation status. TestEventDataContent: type: object description: The raw payload of the test event. additionalProperties: true TokenExchangeProfileResponseContent: type: object additionalProperties: true properties: id: type: string description: The unique ID of the token exchange profile. format: token-exchange-profile-id name: type: string description: Friendly name of this profile. default: Token Exchange Profile 1 minLength: 3 maxLength: 50 subject_token_type: type: string description: Subject token type for this profile. When receiving a token exchange request on the Authentication API, the corresponding token exchange profile with a matching subject_token_type will be executed. This must be a URI. minLength: 8 maxLength: 100 format: url action_id: type: string description: The ID of the Custom Token Exchange action to execute for this profile, in order to validate the subject_token. The action must use the custom-token-exchange trigger. minLength: 1 maxLength: 36 type: $ref: '#/components/schemas/TokenExchangeProfileTypeEnum' created_at: type: string description: The time when this profile was created. default: '2024-01-01T00:00:00.000Z' format: date-time updated_at: type: string description: The time when this profile was updated. default: '2024-01-01T00:00:00.000Z' format: date-time TokenExchangeProfileTypeEnum: type: string description: The type of the profile, which controls how the profile will be executed when receiving a token exchange request. minLength: 1 maxLength: 21 enum: - custom_authentication TokenQuota: type: object additionalProperties: false required: - client_credentials x-release-lifecycle: EA properties: client_credentials: $ref: '#/components/schemas/TokenQuotaClientCredentials' TokenQuotaClientCredentials: type: object description: The token quota configuration additionalProperties: false minProperties: 1 properties: enforce: type: boolean description: If enabled, the quota will be enforced and requests in excess of the quota will fail. If disabled, the quota will not be enforced, but notifications for requests exceeding the quota will be available in logs. per_day: type: integer description: Maximum number of issued tokens per day minimum: 1 maximum: 2147483647 per_hour: type: integer description: Maximum number of issued tokens per hour minimum: 1 maximum: 2147483647 TokenQuotaConfiguration: type: object additionalProperties: true required: - client_credentials properties: client_credentials: $ref: '#/components/schemas/TokenQuotaClientCredentials' TwilioProviderConfiguration: type: object additionalProperties: false required: - sid - delivery_methods properties: default_from: type: string mssid: type: string sid: type: string delivery_methods: type: array minItems: 1 items: $ref: '#/components/schemas/TwilioProviderDeliveryMethodEnum' TwilioProviderCredentials: type: object additionalProperties: false required: - auth_token properties: auth_token: type: string minLength: 1 maxLength: 255 TwilioProviderDeliveryMethodEnum: type: string enum: - text - voice UniversalLoginExperienceEnum: type: string description: Which login experience to use. Can be `new` or `classic`. enum: - new - classic UpdateActionBindingItem: oneOf: - $ref: '#/components/schemas/ActionBindingWithRef' UpdateActionBindingsRequestContent: type: object additionalProperties: false properties: bindings: type: array description: The actions that will be bound to this trigger. The order in which they are included will be the order in which they are executed. items: $ref: '#/components/schemas/UpdateActionBindingItem' UpdateActionBindingsResponseContent: type: object additionalProperties: false properties: bindings: type: array items: $ref: '#/components/schemas/ActionBinding' UpdateActionModuleRequestContent: type: object additionalProperties: false properties: code: type: string description: The source code of the action module. maxLength: 65536 pattern: "^[^\0]*$" secrets: type: array description: The secrets to associate with the action module. items: $ref: '#/components/schemas/ActionModuleSecretRequest' dependencies: type: array description: The npm dependencies of the action module. items: $ref: '#/components/schemas/ActionModuleDependencyRequest' UpdateActionModuleResponseContent: type: object additionalProperties: false properties: id: type: string description: The unique ID of the module. name: type: string description: The name of the module. code: type: string description: The source code from the module's draft version. dependencies: type: array description: The npm dependencies from the module's draft version. items: $ref: '#/components/schemas/ActionModuleDependency' secrets: type: array description: The secrets from the module's draft version (names and timestamps only, values never returned). items: $ref: '#/components/schemas/ActionModuleSecret' actions_using_module_total: type: integer description: The number of deployed actions using this module. all_changes_published: type: boolean description: Whether all draft changes have been published as a version. latest_version_number: type: integer description: The version number of the latest published version. Omitted if no versions have been published. created_at: type: string description: Timestamp when the module was created. format: date-time updated_at: type: string description: Timestamp when the module was last updated. format: date-time latest_version: $ref: '#/components/schemas/ActionModuleVersionReference' UpdateActionRequestContent: type: object additionalProperties: false properties: name: type: string description: The name of an action. default: my-action supported_triggers: type: array description: The list of triggers that this action supports. At this time, an action can only target a single trigger at a time. minItems: 1 items: $ref: '#/components/schemas/ActionTrigger' x-release-lifecycle: GA code: type: string description: The source code of the action. default: module.exports = () => {} dependencies: type: array description: The list of third party npm modules, and their versions, that this action depends on. items: $ref: '#/components/schemas/ActionVersionDependency' runtime: type: string description: 'The Node runtime. For example: `node22`, defaults to `node22`' default: node22 secrets: type: array description: The list of secrets that are included in an action or a version of an action. items: $ref: '#/components/schemas/ActionSecretRequest' modules: type: array description: The list of action modules and their versions used by this action. items: $ref: '#/components/schemas/ActionModuleReference' UpdateActionResponseContent: type: object additionalProperties: false properties: id: type: string description: The unique ID of the action. default: 910b1053-577f-4d81-a8c8-020e7319a38a name: type: string description: The name of an action. default: my-action supported_triggers: type: array description: The list of triggers that this action supports. At this time, an action can only target a single trigger at a time. minItems: 1 items: $ref: '#/components/schemas/ActionTrigger' x-release-lifecycle: GA all_changes_deployed: type: boolean description: True if all of an Action's contents have been deployed. default: false created_at: type: string description: The time when this action was created. default: '2021-01-01T00:00:00.000Z' format: date-time updated_at: type: string description: The time when this action was updated. default: '2021-01-01T00:00:00.000Z' format: date-time code: type: string description: The source code of the action. default: module.exports = () => {} dependencies: type: array description: The list of third party npm modules, and their versions, that this action depends on. items: $ref: '#/components/schemas/ActionVersionDependency' runtime: type: string description: 'The Node runtime. For example: `node22`, defaults to `node22`' default: node22 secrets: type: array description: The list of secrets that are included in an action or a version of an action. items: $ref: '#/components/schemas/ActionSecretResponse' deployed_version: $ref: '#/components/schemas/ActionDeployedVersion' installed_integration_id: type: string description: installed_integration_id is the fk reference to the InstalledIntegration entity. default: 7d2bc0c9-c0c2-433a-9f4e-86ef80270aad integration: $ref: '#/components/schemas/Integration' status: $ref: '#/components/schemas/ActionBuildStatusEnum' built_at: type: string description: The time when this action was built successfully. default: '2021-01-01T00:00:00.000Z' format: date-time deploy: type: boolean description: True if the action should be deployed after creation. default: false modules: type: array description: The list of action modules and their versions used by this action. items: $ref: '#/components/schemas/ActionModuleReference' UpdateAculRequestContent: type: object description: Render settings for the given screen additionalProperties: false properties: rendering_mode: $ref: '#/components/schemas/AculRenderingModeEnum' description: Rendering mode context_configuration: $ref: '#/components/schemas/AculContextConfiguration' default_head_tags_disabled: type: - boolean - 'null' description: Override Universal Login default head tags default: false use_page_template: type: - boolean - 'null' description: Use page template with ACUL default: false head_tags: type: - array - 'null' description: An array of head tags items: $ref: '#/components/schemas/AculHeadTag' filters: $ref: '#/components/schemas/AculFilters' UpdateAculResponseContent: type: object additionalProperties: true properties: rendering_mode: $ref: '#/components/schemas/AculRenderingModeEnum' description: Rendering mode context_configuration: $ref: '#/components/schemas/AculContextConfiguration' default_head_tags_disabled: type: - boolean - 'null' description: Override Universal Login default head tags default: false use_page_template: type: - boolean - 'null' description: Use page template with ACUL default: false head_tags: type: - array - 'null' description: An array of head tags items: $ref: '#/components/schemas/AculHeadTag' filters: $ref: '#/components/schemas/AculFilters' UpdateAttackProtectionCaptchaRequestContent: type: object additionalProperties: false properties: active_provider_id: $ref: '#/components/schemas/AttackProtectionCaptchaProviderId' arkose: $ref: '#/components/schemas/AttackProtectionUpdateCaptchaArkose' auth_challenge: $ref: '#/components/schemas/AttackProtectionCaptchaAuthChallengeRequest' hcaptcha: $ref: '#/components/schemas/AttackProtectionUpdateCaptchaHcaptcha' friendly_captcha: $ref: '#/components/schemas/AttackProtectionUpdateCaptchaFriendlyCaptcha' recaptcha_enterprise: $ref: '#/components/schemas/AttackProtectionUpdateCaptchaRecaptchaEnterprise' recaptcha_v2: $ref: '#/components/schemas/AttackProtectionUpdateCaptchaRecaptchaV2' simple_captcha: $ref: '#/components/schemas/AttackProtectionCaptchaSimpleCaptchaResponseContent' UpdateAttackProtectionCaptchaResponseContent: type: object additionalProperties: true properties: active_provider_id: type: string arkose: $ref: '#/components/schemas/AttackProtectionCaptchaArkoseResponseContent' auth_challenge: $ref: '#/components/schemas/AttackProtectionCaptchaAuthChallengeResponseContent' hcaptcha: $ref: '#/components/schemas/AttackProtectionCaptchaHcaptchaResponseContent' friendly_captcha: $ref: '#/components/schemas/AttackProtectionCaptchaFriendlyCaptchaResponseContent' recaptcha_enterprise: $ref: '#/components/schemas/AttackProtectionCaptchaRecaptchaEnterpriseResponseContent' recaptcha_v2: $ref: '#/components/schemas/AttackProtectionCaptchaRecaptchaV2ResponseContent' simple_captcha: $ref: '#/components/schemas/AttackProtectionCaptchaSimpleCaptchaResponseContent' UpdateBotDetectionSettingsRequestContent: type: object additionalProperties: false properties: bot_detection_level: $ref: '#/components/schemas/BotDetectionLevelEnum' challenge_password_policy: $ref: '#/components/schemas/BotDetectionChallengePolicyPasswordFlowEnum' challenge_passwordless_policy: $ref: '#/components/schemas/BotDetectionChallengePolicyPasswordlessFlowEnum' challenge_password_reset_policy: $ref: '#/components/schemas/BotDetectionChallengePolicyPasswordResetFlowEnum' allowlist: $ref: '#/components/schemas/BotDetectionAllowlist' monitoring_mode_enabled: $ref: '#/components/schemas/BotDetectionMonitoringModeEnabled' UpdateBotDetectionSettingsResponseContent: type: object additionalProperties: false properties: bot_detection_level: $ref: '#/components/schemas/BotDetectionLevelEnum' challenge_password_policy: $ref: '#/components/schemas/BotDetectionChallengePolicyPasswordFlowEnum' challenge_passwordless_policy: $ref: '#/components/schemas/BotDetectionChallengePolicyPasswordlessFlowEnum' challenge_password_reset_policy: $ref: '#/components/schemas/BotDetectionChallengePolicyPasswordResetFlowEnum' allowlist: $ref: '#/components/schemas/BotDetectionAllowlist' monitoring_mode_enabled: $ref: '#/components/schemas/BotDetectionMonitoringModeEnabled' UpdateBrandingColors: type: - object - 'null' description: Custom color settings. additionalProperties: false minProperties: 1 properties: primary: type: - string - 'null' description: Accent color. format: html-color-or-null page_background: $ref: '#/components/schemas/UpdateBrandingPageBackground' UpdateBrandingFont: type: - object - 'null' description: Custom font settings. additionalProperties: false minProperties: 1 properties: url: type: - string - 'null' description: URL for the custom font. The URL must point to a font file and not a stylesheet. Must use HTTPS. format: strict-https-uri-or-null UpdateBrandingIdentifiers: type: - object - 'null' description: Identifier input display settings. additionalProperties: false minProperties: 1 properties: login_display: $ref: '#/components/schemas/UpdateBrandingLoginDisplayEnum' otp_autocomplete: type: boolean description: Whether OTP autocomplete (autocomplete="one-time-code") is enabled. default: true phone_display: $ref: '#/components/schemas/UpdateBrandingPhoneDisplay' UpdateBrandingLoginDisplayEnum: type: string description: Controls identifier input presentation on the login flow. Defaults to "unified" for legacy tenants, "separate" for tenants created post-GA of this feature. default: unified enum: - unified - separate UpdateBrandingPageBackground: description: "Page Background Color or Gradient.\nProperty contains either null to unset, a solid color as a string value #FFFFFF,\ \ or a gradient as an object.\n\n
\n{\n  type: 'linear-gradient',\n  start: '#FFFFFF',\n  end: '#000000',\n  angle_deg: 35\n}\n
\n" oneOf: - type: - string - 'null' - type: - object - 'null' additionalProperties: true UpdateBrandingPhoneDisplay: type: - object - 'null' description: Phone number display settings. additionalProperties: false required: - masking - formatting minProperties: 1 properties: masking: $ref: '#/components/schemas/UpdateBrandingPhoneMaskingEnum' formatting: $ref: '#/components/schemas/UpdateBrandingPhoneFormattingEnum' UpdateBrandingPhoneFormattingEnum: type: string description: Controls the format used when displaying phone numbers. default: international enum: - regional - international UpdateBrandingPhoneMaskingEnum: type: string description: Controls how phone numbers are masked when displayed back to users. default: mask_digits enum: - show_all - hide_country_code - mask_digits UpdateBrandingPhoneProviderRequestContent: type: object additionalProperties: false minProperties: 1 properties: name: $ref: '#/components/schemas/PhoneProviderNameEnum' disabled: type: boolean description: Whether the provider is enabled (false) or disabled (true). credentials: $ref: '#/components/schemas/PhoneProviderCredentials' configuration: $ref: '#/components/schemas/PhoneProviderConfiguration' UpdateBrandingPhoneProviderResponseContent: type: object description: Phone provider configuration schema additionalProperties: false required: - name - credentials properties: id: type: string minLength: 1 maxLength: 255 tenant: type: string description: The name of the tenant minLength: 1 maxLength: 255 name: $ref: '#/components/schemas/PhoneProviderNameEnum' channel: $ref: '#/components/schemas/PhoneProviderChannelEnum' disabled: type: boolean description: Whether the provider is enabled (false) or disabled (true). configuration: $ref: '#/components/schemas/PhoneProviderConfiguration' created_at: type: string description: The provider's creation date and time in ISO 8601 format maxLength: 27 format: date-time updated_at: type: string description: The date and time of the last update to the provider in ISO 8601 format maxLength: 27 format: date-time UpdateBrandingRequestContent: type: object description: Branding settings additionalProperties: false minProperties: 1 properties: colors: $ref: '#/components/schemas/UpdateBrandingColors' favicon_url: type: - string - 'null' description: URL for the favicon. Must use HTTPS. format: strict-https-uri-or-null logo_url: type: - string - 'null' description: URL for the logo. Must use HTTPS. format: strict-https-uri-or-null identifiers: $ref: '#/components/schemas/UpdateBrandingIdentifiers' font: $ref: '#/components/schemas/UpdateBrandingFont' UpdateBrandingResponseContent: type: object additionalProperties: true properties: colors: $ref: '#/components/schemas/BrandingColors' favicon_url: type: string description: URL for the favicon. Must use HTTPS. format: strict-https-uri logo_url: type: string description: URL for the logo. Must use HTTPS. format: strict-https-uri identifiers: $ref: '#/components/schemas/BrandingIdentifiers' font: $ref: '#/components/schemas/BrandingFont' UpdateBrandingThemeRequestContent: type: object description: Branding theme additionalProperties: false required: - borders - colors - fonts - page_background - widget minProperties: 1 properties: borders: $ref: '#/components/schemas/BrandingThemeBorders' colors: $ref: '#/components/schemas/BrandingThemeColors' displayName: type: string description: Display Name maxLength: 2048 pattern: ^[^<>]*$ fonts: $ref: '#/components/schemas/BrandingThemeFonts' page_background: $ref: '#/components/schemas/BrandingThemePageBackground' widget: $ref: '#/components/schemas/BrandingThemeWidget' UpdateBrandingThemeResponseContent: type: object additionalProperties: false required: - borders - colors - displayName - fonts - page_background - themeId - widget properties: borders: $ref: '#/components/schemas/BrandingThemeBorders' colors: $ref: '#/components/schemas/BrandingThemeColors' displayName: type: string description: Display Name maxLength: 2048 pattern: ^[^<>]*$ fonts: $ref: '#/components/schemas/BrandingThemeFonts' page_background: $ref: '#/components/schemas/BrandingThemePageBackground' themeId: type: string description: Theme Id maxLength: 32 pattern: ^[a-zA-Z0-9]{32}$ widget: $ref: '#/components/schemas/BrandingThemeWidget' UpdateBreachedPasswordDetectionSettingsRequestContent: type: object additionalProperties: false properties: enabled: type: boolean description: Whether or not breached password detection is active. default: true shields: type: array description: "Action to take when a breached password is detected during a login.\n Possible values: block, user_notification,\ \ admin_notification." items: $ref: '#/components/schemas/BreachedPasswordDetectionShieldsEnum' admin_notification_frequency: type: array description: "When \"admin_notification\" is enabled, determines how often email notifications are sent.\n Possible values: immediately,\ \ daily, weekly, monthly." items: $ref: '#/components/schemas/BreachedPasswordDetectionAdminNotificationFrequencyEnum' method: $ref: '#/components/schemas/BreachedPasswordDetectionMethodEnum' stage: $ref: '#/components/schemas/BreachedPasswordDetectionStage' UpdateBreachedPasswordDetectionSettingsResponseContent: type: object additionalProperties: false properties: enabled: type: boolean description: Whether or not breached password detection is active. default: true shields: type: array description: "Action to take when a breached password is detected during a login.\n Possible values: block, user_notification,\ \ admin_notification." items: $ref: '#/components/schemas/BreachedPasswordDetectionShieldsEnum' admin_notification_frequency: type: array description: "When \"admin_notification\" is enabled, determines how often email notifications are sent.\n Possible values: immediately,\ \ daily, weekly, monthly." items: $ref: '#/components/schemas/BreachedPasswordDetectionAdminNotificationFrequencyEnum' method: $ref: '#/components/schemas/BreachedPasswordDetectionMethodEnum' stage: $ref: '#/components/schemas/BreachedPasswordDetectionStage' UpdateBruteForceSettingsRequestContent: type: object additionalProperties: false properties: enabled: type: boolean description: Whether or not brute force attack protections are active. shields: type: array description: "Action to take when a brute force protection threshold is violated.\n Possible values: block, user_notification." items: $ref: '#/components/schemas/BruteForceProtectionShieldsEnum' allowlist: type: array description: List of trusted IP addresses that will not have attack protection enforced against them. items: type: string anyOf: - type: string format: ipv4 - type: string format: cidr - type: string format: ipv6 - type: string format: ipv6_cidr mode: $ref: '#/components/schemas/BruteForceProtectionModeEnum' max_attempts: type: integer description: Maximum number of unsuccessful attempts. default: 10 minimum: 1 maximum: 100 UpdateBruteForceSettingsResponseContent: type: object additionalProperties: false properties: enabled: type: boolean description: Whether or not brute force attack protections are active. shields: type: array description: "Action to take when a brute force protection threshold is violated.\n Possible values: block, user_notification." items: $ref: '#/components/schemas/BruteForceProtectionShieldsEnum' allowlist: type: array description: List of trusted IP addresses that will not have attack protection enforced against them. items: type: string anyOf: - type: string format: ipv4 - type: string format: cidr - type: string format: ipv6 - type: string format: ipv6_cidr mode: $ref: '#/components/schemas/BruteForceProtectionModeEnum' max_attempts: type: integer description: Maximum number of unsuccessful attempts. default: 10 minimum: 1 maximum: 100 UpdateClientGrantRequestContent: type: object additionalProperties: false minProperties: 1 properties: scope: type: - array - 'null' description: Scopes allowed for this client grant. items: type: string minLength: 1 maxLength: 280 organization_usage: $ref: '#/components/schemas/ClientGrantOrganizationNullableUsageEnum' allow_any_organization: type: - boolean - 'null' description: Controls allowing any organization to be used with this grant authorization_details_types: type: array description: Types of authorization_details allowed for this client grant. items: type: string minLength: 1 maxLength: 255 allow_all_scopes: type: - boolean - 'null' description: If enabled, all scopes configured on the resource server are allowed for this grant. UpdateClientGrantResponseContent: type: object additionalProperties: false properties: id: type: string description: ID of the client grant. client_id: type: string description: ID of the client. audience: type: string description: The audience (API identifier) of this client grant. minLength: 1 scope: type: array description: Scopes allowed for this client grant. items: type: string minLength: 1 organization_usage: $ref: '#/components/schemas/ClientGrantOrganizationUsageEnum' allow_any_organization: type: boolean description: If enabled, any organization can be used with this grant. If disabled (default), the grant must be explicitly assigned to the desired organizations. default_for: $ref: '#/components/schemas/ClientGrantDefaultForEnum' x-release-lifecycle: GA is_system: type: boolean description: If enabled, this grant is a special grant created by Auth0. It cannot be modified or deleted directly. subject_type: $ref: '#/components/schemas/ClientGrantSubjectTypeEnum' authorization_details_types: type: array description: Types of authorization_details allowed for this client grant. items: type: string minLength: 1 maxLength: 255 allow_all_scopes: type: boolean description: If enabled, all scopes configured on the resource server are allowed for this grant. UpdateClientRequestContent: type: object additionalProperties: false minProperties: 1 properties: name: type: string description: The name of the client. Must contain at least one character. Does not allow '<' or '>'. pattern: ^[^<>]+$ description: type: string description: 'Free text description of the purpose of the Client. (Max character length: 140)' maxLength: 140 client_secret: type: string description: The secret used to sign tokens for the client minLength: 1 logo_uri: type: string description: 'The URL of the client logo (recommended size: 150x150)' format: absolute-uri-or-empty callbacks: type: array description: A set of URLs that are valid to call back from Auth0 when authenticating users items: type: string format: callback-url oidc_logout: $ref: '#/components/schemas/ClientOIDCBackchannelLogoutSettings' oidc_backchannel_logout: $ref: '#/components/schemas/ClientOIDCBackchannelLogoutSettings' x-release-lifecycle: deprecated description: Configuration for OIDC backchannel logout (deprecated, in favor of oidc_logout) session_transfer: $ref: '#/components/schemas/ClientSessionTransferConfiguration' allowed_origins: type: array description: A set of URLs that represents valid origins for CORS items: type: string format: url-with-placeholders web_origins: type: array description: A set of URLs that represents valid web origins for use with web message response mode items: type: string format: url-with-placeholders grant_types: type: array description: A set of grant types that the client is authorized to use. Can include `authorization_code`, `implicit`, `refresh_token`, `client_credentials`, `password`, `http://auth0.com/oauth/grant-type/password-realm`, `http://auth0.com/oauth/grant-type/mfa-oob`, `http://auth0.com/oauth/grant-type/mfa-otp`, `http://auth0.com/oauth/grant-type/mfa-recovery-code`, `urn:openid:params:grant-type:ciba`, `urn:ietf:params:oauth:grant-type:device_code`, and `urn:auth0:params:oauth:grant-type:token-exchange:federated-connection-access-token`. items: type: string minLength: 1 client_aliases: type: array description: List of audiences for SAML protocol items: type: string minLength: 1 allowed_clients: type: array description: Ids of clients that will be allowed to perform delegation requests. Clients that will be allowed to make delegation request. By default, all your clients will be allowed. This field allows you to specify specific clients items: type: string minLength: 1 allowed_logout_urls: type: array description: URLs that are valid to redirect to after logout from Auth0 items: type: string format: url-with-placeholders jwt_configuration: $ref: '#/components/schemas/ClientJwtConfiguration' description: An object that holds settings related to how JWTs are created encryption_key: $ref: '#/components/schemas/ClientEncryptionKey' description: The client's encryption key sso: type: boolean description: 'true to use Auth0 instead of the IdP to do Single Sign On, false otherwise (default: false)' cross_origin_authentication: type: boolean description: true if this client can be used to make cross-origin authentication requests, false otherwise if cross origin is disabled cross_origin_loc: type: - string - 'null' description: URL for the location in your site where the cross origin verification takes place for the cross-origin auth flow when performing Auth in your own domain instead of Auth0 hosted login page. format: url-or-null sso_disabled: type: boolean description: 'true to disable Single Sign On, false otherwise (default: false)' custom_login_page_on: type: boolean description: true if the custom login page is to be used, false otherwise. token_endpoint_auth_method: $ref: '#/components/schemas/ClientTokenEndpointAuthMethodOrNullEnum' is_token_endpoint_ip_header_trusted: type: boolean description: If true, trust that the IP specified in the `auth0-forwarded-for` header is the end-user's IP for brute-force-protection on token endpoint. default: false app_type: $ref: '#/components/schemas/ClientAppTypeEnum' is_first_party: type: boolean description: Whether this client a first party client or not default: true oidc_conformant: type: boolean description: Whether this client will conform to strict OIDC specifications default: false custom_login_page: type: string description: The content (HTML, CSS, JS) of the custom login page custom_login_page_preview: type: string token_quota: $ref: '#/components/schemas/UpdateTokenQuota' x-release-lifecycle: EA form_template: type: string description: Form template for WS-Federation protocol addons: $ref: '#/components/schemas/ClientAddons' client_metadata: $ref: '#/components/schemas/ClientMetadata' mobile: $ref: '#/components/schemas/ClientMobile' description: Configuration related to native mobile apps initiate_login_uri: type: string description: Initiate login uri, must be https format: absolute-https-uri-with-placeholders-or-empty native_social_login: $ref: '#/components/schemas/NativeSocialLogin' refresh_token: $ref: '#/components/schemas/ClientRefreshTokenConfiguration' default_organization: $ref: '#/components/schemas/ClientDefaultOrganization' organization_usage: $ref: '#/components/schemas/ClientOrganizationUsagePatchEnum' organization_require_behavior: $ref: '#/components/schemas/ClientOrganizationRequireBehaviorPatchEnum' organization_discovery_methods: type: - array - 'null' description: Defines the available methods for organization discovery during the `pre_login_prompt`. Users can discover their organization either by `email`, `organization_name` or both. minItems: 1 x-release-lifecycle: EA items: $ref: '#/components/schemas/ClientOrganizationDiscoveryEnum' client_authentication_methods: $ref: '#/components/schemas/ClientAuthenticationMethod' require_pushed_authorization_requests: type: boolean description: Makes the use of Pushed Authorization Requests mandatory for this client default: false require_proof_of_possession: type: boolean description: Makes the use of Proof-of-Possession mandatory for this client default: false signed_request_object: $ref: '#/components/schemas/ClientSignedRequestObjectWithCredentialId' compliance_level: $ref: '#/components/schemas/ClientComplianceLevelEnum' skip_non_verifiable_callback_uri_confirmation_prompt: type: - boolean - 'null' description: 'Controls whether a confirmation prompt is shown during login flows when the redirect URI uses non-verifiable callback URIs (for example, a custom URI schema such as `myapp://`, or `localhost`). If set to true, a confirmation prompt will not be shown. We recommend that this is set to false for improved protection from malicious apps. See https://auth0.com/docs/secure/security-guidance/measures-against-app-impersonation for more information.' token_exchange: $ref: '#/components/schemas/ClientTokenExchangeConfigurationOrNull' x-release-lifecycle: GA par_request_expiry: type: - integer - 'null' description: Specifies how long, in seconds, a Pushed Authorization Request URI remains valid minimum: 10 maximum: 600 express_configuration: $ref: '#/components/schemas/ExpressConfigurationOrNull' my_organization_configuration: $ref: '#/components/schemas/ClientMyOrganizationPatchConfiguration' x-release-lifecycle: EA async_approval_notification_channels: $ref: '#/components/schemas/ClientAsyncApprovalNotificationsChannelsAPIPatchConfiguration' third_party_security_mode: $ref: '#/components/schemas/ClientThirdPartySecurityModeEnum' x-release-lifecycle: GA redirection_policy: $ref: '#/components/schemas/ClientRedirectionPolicyEnum' x-release-lifecycle: GA UpdateClientResponseContent: type: object additionalProperties: true properties: client_id: type: string description: ID of this client. default: AaiyAPdpYdesoKnqjj8HJqRn4T5titww tenant: type: string description: Name of the tenant this client belongs to. default: '' name: type: string description: 'Name of this client (min length: 1 character, does not allow `<` or `>`).' default: My application description: type: string description: 'Free text description of this client (max length: 140 characters).' default: '' global: type: boolean description: Whether this is your global 'All Applications' client representing legacy tenant settings (true) or a regular client (false). default: false client_secret: type: string description: Client secret (which you must not make public). default: MG_TNT2ver-SylNat-_VeMmd-4m0Waba0jr1troztBniSChEw0glxEmgEi2Kw40H app_type: $ref: '#/components/schemas/ClientAppTypeEnum' logo_uri: type: string description: URL of the logo to display for this client. Recommended size is 150x150 pixels. is_first_party: type: boolean description: Whether this client a first party client (true) or not (false). default: false oidc_conformant: type: boolean description: Whether this client conforms to strict OIDC specifications (true) or uses legacy features (false). default: false callbacks: type: array description: Comma-separated list of URLs whitelisted for Auth0 to use as a callback to the client after authentication. items: type: string allowed_origins: type: array description: Comma-separated list of URLs allowed to make requests from JavaScript to Auth0 API (typically used with CORS). By default, all your callback URLs will be allowed. This field allows you to enter other origins if necessary. You can also use wildcards at the subdomain level (e.g., https://*.contoso.com). Query strings and hash information are not taken into account when validating these URLs. items: type: string web_origins: type: array description: Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode. items: type: string client_aliases: type: array description: List of audiences/realms for SAML protocol. Used by the wsfed addon. items: type: string allowed_clients: type: array description: List of allow clients and API ids that are allowed to make delegation requests. Empty means all all your clients are allowed. items: type: string allowed_logout_urls: type: array description: Comma-separated list of URLs that are valid to redirect to after logout from Auth0. Wildcards are allowed for subdomains. items: type: string session_transfer: $ref: '#/components/schemas/ClientSessionTransferConfiguration' oidc_logout: $ref: '#/components/schemas/ClientOIDCBackchannelLogoutSettings' grant_types: type: array description: List of grant types supported for this application. Can include `authorization_code`, `implicit`, `refresh_token`, `client_credentials`, `password`, `http://auth0.com/oauth/grant-type/password-realm`, `http://auth0.com/oauth/grant-type/mfa-oob`, `http://auth0.com/oauth/grant-type/mfa-otp`, `http://auth0.com/oauth/grant-type/mfa-recovery-code`, `urn:openid:params:grant-type:ciba`, `urn:ietf:params:oauth:grant-type:device_code`, and `urn:auth0:params:oauth:grant-type:token-exchange:federated-connection-access-token`. items: type: string jwt_configuration: $ref: '#/components/schemas/ClientJwtConfiguration' signing_keys: $ref: '#/components/schemas/ClientSigningKeys' encryption_key: $ref: '#/components/schemas/ClientEncryptionKey' sso: type: boolean description: Applies only to SSO clients and determines whether Auth0 will handle Single Sign On (true) or whether the Identity Provider will (false). default: false sso_disabled: type: boolean description: Whether Single Sign On is disabled (true) or enabled (true). Defaults to true. default: false cross_origin_authentication: type: boolean description: Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false). cross_origin_loc: type: string description: URL of the location in your site where the cross origin verification takes place for the cross-origin auth flow when performing Auth in your own domain instead of Auth0 hosted login page. format: url custom_login_page_on: type: boolean description: Whether a custom login page is to be used (true) or the default provided login page (false). default: true custom_login_page: type: string description: The content (HTML, CSS, JS) of the custom login page. default: '' custom_login_page_preview: type: string description: The content (HTML, CSS, JS) of the custom login page. (Used on Previews) default: '' form_template: type: string description: HTML form template to be used for WS-Federation. default: '' addons: $ref: '#/components/schemas/ClientAddons' token_endpoint_auth_method: $ref: '#/components/schemas/ClientTokenEndpointAuthMethodEnum' is_token_endpoint_ip_header_trusted: type: boolean description: If true, trust that the IP specified in the `auth0-forwarded-for` header is the end-user's IP for brute-force-protection on token endpoint. default: false client_metadata: $ref: '#/components/schemas/ClientMetadata' mobile: $ref: '#/components/schemas/ClientMobile' initiate_login_uri: type: string description: Initiate login uri, must be https format: absolute-https-uri-with-placeholders-or-empty native_social_login: {} refresh_token: $ref: '#/components/schemas/ClientRefreshTokenConfiguration' default_organization: $ref: '#/components/schemas/ClientDefaultOrganization' organization_usage: $ref: '#/components/schemas/ClientOrganizationUsageEnum' organization_require_behavior: $ref: '#/components/schemas/ClientOrganizationRequireBehaviorEnum' organization_discovery_methods: type: array description: Defines the available methods for organization discovery during the `pre_login_prompt`. Users can discover their organization either by `email`, `organization_name` or both. minItems: 1 x-release-lifecycle: EA items: $ref: '#/components/schemas/ClientOrganizationDiscoveryEnum' client_authentication_methods: $ref: '#/components/schemas/ClientAuthenticationMethod' require_pushed_authorization_requests: type: boolean description: Makes the use of Pushed Authorization Requests mandatory for this client default: false require_proof_of_possession: type: boolean description: Makes the use of Proof-of-Possession mandatory for this client default: false signed_request_object: $ref: '#/components/schemas/ClientSignedRequestObjectWithCredentialId' compliance_level: $ref: '#/components/schemas/ClientComplianceLevelEnum' skip_non_verifiable_callback_uri_confirmation_prompt: type: boolean description: 'Controls whether a confirmation prompt is shown during login flows when the redirect URI uses non-verifiable callback URIs (for example, a custom URI schema such as `myapp://`, or `localhost`). If set to true, a confirmation prompt will not be shown. We recommend that this is set to false for improved protection from malicious apps. See https://auth0.com/docs/secure/security-guidance/measures-against-app-impersonation for more information.' token_exchange: $ref: '#/components/schemas/ClientTokenExchangeConfiguration' x-release-lifecycle: GA par_request_expiry: type: - integer - 'null' description: Specifies how long, in seconds, a Pushed Authorization Request URI remains valid minimum: 10 maximum: 600 token_quota: $ref: '#/components/schemas/TokenQuota' x-release-lifecycle: EA express_configuration: $ref: '#/components/schemas/ExpressConfiguration' my_organization_configuration: $ref: '#/components/schemas/ClientMyOrganizationResponseConfiguration' x-release-lifecycle: EA third_party_security_mode: $ref: '#/components/schemas/ClientThirdPartySecurityModeEnum' x-release-lifecycle: GA redirection_policy: $ref: '#/components/schemas/ClientRedirectionPolicyEnum' x-release-lifecycle: GA resource_server_identifier: type: string description: The identifier of the resource server that this client is linked to. async_approval_notification_channels: $ref: '#/components/schemas/ClientAsyncApprovalNotificationsChannelsAPIPostConfiguration' external_metadata_type: $ref: '#/components/schemas/ClientExternalMetadataTypeEnum' external_metadata_created_by: $ref: '#/components/schemas/ClientExternalMetadataCreatedByEnum' external_client_id: type: string description: An alternate client identifier to be used during authorization flows. Only supports CIMD-based client identifiers. format: absolute-https-uri-or-empty jwks_uri: type: string description: URL for the JSON Web Key Set (JWKS) containing the public keys used for private_key_jwt authentication. Only present for CIMD clients using private_key_jwt authentication. format: absolute-https-uri-or-empty UpdateConnectionOptions: type: - object - 'null' description: The connection's options (depend on the connection strategy). To update these options, the `update:connections_options` scope must be present. To verify your changes, also include the `read:connections_options` scope. If this scope is not specified, you will not be able to review the updated object. additionalProperties: true properties: validation: $ref: '#/components/schemas/ConnectionValidationOptions' non_persistent_attrs: type: - array - 'null' description: An array of user fields that should not be stored in the Auth0 database (https://auth0.com/docs/security/data-security/denylist) items: type: string precedence: type: array description: Order of precedence for attribute types. If the property is not specified, the default precedence of attributes will be used. minItems: 3 items: $ref: '#/components/schemas/ConnectionIdentifierPrecedenceEnum' attributes: $ref: '#/components/schemas/ConnectionAttributes' enable_script_context: type: boolean description: 'Set to true to inject context into custom DB scripts (warning: cannot be disabled once enabled)' enabledDatabaseCustomization: type: boolean description: Set to true to use a legacy user store import_mode: type: boolean description: Enable this if you have a legacy user store and you want to gradually migrate those users to the Auth0 user store configuration: type: - object - 'null' description: Stores encrypted string only configurations for connections additionalProperties: type: - string - 'null' customScripts: $ref: '#/components/schemas/ConnectionCustomScripts' authentication_methods: $ref: '#/components/schemas/ConnectionAuthenticationMethods' passkey_options: $ref: '#/components/schemas/ConnectionPasskeyOptions' passwordPolicy: $ref: '#/components/schemas/ConnectionPasswordPolicyEnum' password_complexity_options: $ref: '#/components/schemas/ConnectionPasswordComplexityOptions' password_history: $ref: '#/components/schemas/ConnectionPasswordHistoryOptions' password_no_personal_info: $ref: '#/components/schemas/ConnectionPasswordNoPersonalInfoOptions' password_dictionary: $ref: '#/components/schemas/ConnectionPasswordDictionaryOptions' api_enable_users: type: boolean api_enable_groups: type: boolean x-release-lifecycle: EA basic_profile: type: boolean ext_admin: type: boolean ext_is_suspended: type: boolean ext_agreed_terms: type: boolean ext_groups: type: boolean ext_assigned_plans: type: boolean ext_profile: type: boolean disable_self_service_change_password: type: boolean upstream_params: $ref: '#/components/schemas/ConnectionUpstreamParams' set_user_root_attributes: $ref: '#/components/schemas/ConnectionSetUserRootAttributesEnum' gateway_authentication: $ref: '#/components/schemas/ConnectionGatewayAuthentication' federated_connections_access_tokens: $ref: '#/components/schemas/ConnectionFederatedConnectionsAccessTokens' password_options: $ref: '#/components/schemas/ConnectionPasswordOptions' x-release-lifecycle: EA assertion_decryption_settings: $ref: '#/components/schemas/ConnectionAssertionDecryptionSettings' id_token_signed_response_algs: $ref: '#/components/schemas/ConnectionIdTokenSignedResponseAlgs' token_endpoint_auth_method: $ref: '#/components/schemas/ConnectionTokenEndpointAuthMethodEnum' token_endpoint_auth_signing_alg: $ref: '#/components/schemas/ConnectionTokenEndpointAuthSigningAlgEnum' token_endpoint_jwtca_aud_format: $ref: '#/components/schemas/ConnectionTokenEndpointJwtcaAudFormatEnumOIDC' UpdateConnectionProfileRequestContent: type: object additionalProperties: false properties: name: $ref: '#/components/schemas/ConnectionProfileName' organization: $ref: '#/components/schemas/ConnectionProfileOrganization' connection_name_prefix_template: $ref: '#/components/schemas/ConnectionNamePrefixTemplate' enabled_features: $ref: '#/components/schemas/ConnectionProfileEnabledFeatures' connection_config: $ref: '#/components/schemas/ConnectionProfileConfig' strategy_overrides: $ref: '#/components/schemas/ConnectionProfileStrategyOverrides' UpdateConnectionProfileResponseContent: type: object additionalProperties: false properties: id: $ref: '#/components/schemas/ConnectionProfileId' name: $ref: '#/components/schemas/ConnectionProfileName' organization: $ref: '#/components/schemas/ConnectionProfileOrganization' connection_name_prefix_template: $ref: '#/components/schemas/ConnectionNamePrefixTemplate' enabled_features: $ref: '#/components/schemas/ConnectionProfileEnabledFeatures' connection_config: $ref: '#/components/schemas/ConnectionProfileConfig' strategy_overrides: $ref: '#/components/schemas/ConnectionProfileStrategyOverrides' UpdateConnectionRequestContent: type: object additionalProperties: false minProperties: 1 properties: display_name: type: string description: The connection name used in the new universal login experience. If display_name is not included in the request, the field will be overwritten with the name value. maxLength: 128 options: $ref: '#/components/schemas/UpdateConnectionOptions' enabled_clients: type: - array - 'null' description: DEPRECATED property. Use the PATCH /v2/connections/{id}/clients endpoint to enable or disable the connection for any clients. x-release-lifecycle: deprecated items: type: string description: The client_id of the client to for which the connection is to be enabled format: client-id is_domain_connection: type: boolean description: true promotes to a domain-level connection so that third-party applications can use it. false does not promote the connection, so only first-party applications with the connection enabled can use it. (Defaults to false.) show_as_button: type: boolean description: Enables showing a button for the connection in the login page (new experience only). If false, it will be usable only by HRD. (Defaults to false.) realms: type: array description: 'Defines the realms for which the connection will be used (ie: email domains). If the array is empty or the property is not specified, the connection name will be added as realm.' items: type: string description: The realm where this connection belongs format: connection-realm metadata: $ref: '#/components/schemas/ConnectionsMetadata' authentication: $ref: '#/components/schemas/ConnectionAuthenticationPurpose' x-release-lifecycle: GA connected_accounts: $ref: '#/components/schemas/ConnectionConnectedAccountsPurpose' x-release-lifecycle: GA UpdateConnectionRequestContentAD: description: Update a connection with strategy=ad allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsAD' UpdateConnectionRequestContentADFS: description: Update a connection with strategy=adfs allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsADFS' show_as_button: $ref: '#/components/schemas/ConnectionShowAsButton' UpdateConnectionRequestContentAmazon: description: Update a connection with strategy=amazon allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsAmazon' UpdateConnectionRequestContentApple: description: Update a connection with strategy=apple allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsApple' UpdateConnectionRequestContentAuth0: description: Update a connection with strategy=auth0 allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsAuth0' realms: $ref: '#/components/schemas/ConnectionRealms' UpdateConnectionRequestContentAuth0OIDC: description: Update a connection with strategy=auth0-oidc allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsAuth0OIDC' UpdateConnectionRequestContentAzureAD: description: Update a connection with strategy=waad allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsAzureAD' show_as_button: $ref: '#/components/schemas/ConnectionShowAsButton' UpdateConnectionRequestContentBaidu: description: Update a connection with strategy=baidu allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsBaidu' UpdateConnectionRequestContentBitbucket: description: Update a connection with strategy=bitbucket allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsBitbucket' UpdateConnectionRequestContentBitly: description: Update a connection with strategy=bitly allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsBitly' UpdateConnectionRequestContentBox: description: Update a connection with strategy=box allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsBox' - $ref: '#/components/schemas/ConnectionPurposes' UpdateConnectionRequestContentCustom: description: Update a connection with strategy=custom allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsCustom' UpdateConnectionRequestContentDaccount: description: Update a connection with strategy=daccount allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsDaccount' UpdateConnectionRequestContentDropbox: description: Update a connection with strategy=dropbox allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsDropbox' UpdateConnectionRequestContentDwolla: description: Update a connection with strategy=dwolla allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsDwolla' UpdateConnectionRequestContentEmail: description: Update a connection with strategy=email allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsEmail' UpdateConnectionRequestContentEvernote: description: Update a connection with strategy=evernote allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsEvernote' UpdateConnectionRequestContentEvernoteSandbox: description: Update a connection with strategy=evernote-sandbox allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsEvernote' UpdateConnectionRequestContentExact: description: Update a connection with strategy=exact allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsExact' UpdateConnectionRequestContentFacebook: description: Update a connection with strategy=facebook allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsFacebook' UpdateConnectionRequestContentFitbit: description: Update a connection with strategy=fitbit allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsFitbit' UpdateConnectionRequestContentGitHub: description: Update a connection with strategy=github allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsGitHub' - $ref: '#/components/schemas/ConnectionPurposes' UpdateConnectionRequestContentGoogleApps: description: Update a connection with strategy=google-apps allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsGoogleApps' show_as_button: $ref: '#/components/schemas/ConnectionShowAsButton' UpdateConnectionRequestContentGoogleOAuth2: description: Update a connection with strategy=google-oauth2 allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsGoogleOAuth2' - $ref: '#/components/schemas/ConnectionPurposes' UpdateConnectionRequestContentIP: description: Update a connection with strategy=ip allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsIP' show_as_button: $ref: '#/components/schemas/ConnectionShowAsButton' UpdateConnectionRequestContentInstagram: description: Update a connection with strategy=instagram allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsInstagram' UpdateConnectionRequestContentLine: description: Update a connection with strategy=line allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsLine' UpdateConnectionRequestContentLinkedin: description: Update a connection with strategy=linkedin allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsLinkedin' UpdateConnectionRequestContentOAuth1: description: Update a connection with strategy=oauth1 allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsOAuth1' UpdateConnectionRequestContentOAuth2: description: Update a connection with strategy=oauth2 allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsOAuth2' - $ref: '#/components/schemas/ConnectionPurposes' UpdateConnectionRequestContentOIDC: description: Update a connection with strategy=oidc allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsOIDC' authentication: $ref: '#/components/schemas/ConnectionAuthenticationPurpose' connected_accounts: $ref: '#/components/schemas/ConnectionConnectedAccountsPurposeXAA' show_as_button: $ref: '#/components/schemas/ConnectionShowAsButton' UpdateConnectionRequestContentOffice365: description: Update a connection with strategy=office365 allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsOffice365' show_as_button: $ref: '#/components/schemas/ConnectionShowAsButton' UpdateConnectionRequestContentOkta: description: Update a connection with strategy=okta allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsOkta' show_as_button: $ref: '#/components/schemas/ConnectionShowAsButton' UpdateConnectionRequestContentPaypal: description: Update a connection with strategy=paypal allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsPaypal' UpdateConnectionRequestContentPaypalSandbox: description: Update a connection with strategy=paypal-sandbox allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsPaypal' UpdateConnectionRequestContentPingFederate: description: Update a connection with strategy=pingfederate allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsPingFederate' show_as_button: $ref: '#/components/schemas/ConnectionShowAsButton' UpdateConnectionRequestContentPlanningCenter: description: Update a connection with strategy=planningcenter allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsPlanningCenter' UpdateConnectionRequestContentSAML: description: Update a connection with strategy=samlp allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsSAML' show_as_button: $ref: '#/components/schemas/ConnectionShowAsButton' UpdateConnectionRequestContentSMS: description: Update a connection with strategy=sms allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsSMS' UpdateConnectionRequestContentSalesforce: description: Update a connection with strategy=salesforce allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsSalesforce' UpdateConnectionRequestContentSalesforceCommunity: description: Update a connection with strategy=salesforce-community allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsSalesforceCommunity' UpdateConnectionRequestContentSalesforceSandbox: description: Update a connection with strategy=salesforce-sandbox allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsSalesforce' UpdateConnectionRequestContentSharepoint: description: Update a connection with strategy=sharepoint allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsSharepoint' show_as_button: $ref: '#/components/schemas/ConnectionShowAsButton' UpdateConnectionRequestContentShop: description: Update a connection with strategy=shop allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsShop' UpdateConnectionRequestContentShopify: description: Update a connection with strategy=shopify allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsShopify' UpdateConnectionRequestContentSoundcloud: description: Update a connection with strategy=soundcloud allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsSoundcloud' UpdateConnectionRequestContentThirtySevenSignals: description: Update a connection with strategy=thirtysevensignals allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsThirtySevenSignals' UpdateConnectionRequestContentTwitter: description: Update a connection with strategy=twitter allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsTwitter' UpdateConnectionRequestContentUntappd: description: Update a connection with strategy=untappd allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsUntappd' UpdateConnectionRequestContentVkontakte: description: Update a connection with strategy=vkontakte allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsVkontakte' UpdateConnectionRequestContentWeibo: description: Update a connection with strategy=weibo allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsWeibo' UpdateConnectionRequestContentWindowsLive: description: Update a connection with strategy=windowslive allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsWindowsLive' - $ref: '#/components/schemas/ConnectionPurposes' UpdateConnectionRequestContentWordpress: description: Update a connection with strategy=wordpress allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsWordpress' UpdateConnectionRequestContentYahoo: description: Update a connection with strategy=yahoo allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsYahoo' UpdateConnectionRequestContentYandex: description: Update a connection with strategy=yandex allOf: - $ref: '#/components/schemas/ConnectionCommon' - type: object properties: options: $ref: '#/components/schemas/ConnectionOptionsYandex' UpdateConnectionResponseContent: type: object additionalProperties: false properties: name: type: string description: The name of the connection default: My connection display_name: type: string description: Connection name used in login screen options: $ref: '#/components/schemas/ConnectionOptions' id: type: string description: The connection's identifier default: con_0000000000000001 strategy: type: string description: The type of the connection, related to the identity provider default: auth0 realms: type: array description: 'Defines the realms for which the connection will be used (ie: email domains). If the array is empty or the property is not specified, the connection name will be added as realm.' items: type: string description: The realm where this connection belongs format: connection-realm enabled_clients: type: array description: DEPRECATED property. Use the GET /connections/:id/clients endpoint to get the ids of the clients for which the connection is enabled x-release-lifecycle: deprecated items: type: string description: The client id is_domain_connection: type: boolean description: True if the connection is domain level show_as_button: type: boolean description: Enables showing a button for the connection in the login page (new experience only). If false, it will be usable only by HRD. metadata: $ref: '#/components/schemas/ConnectionsMetadata' authentication: $ref: '#/components/schemas/ConnectionAuthenticationPurpose' x-release-lifecycle: GA connected_accounts: $ref: '#/components/schemas/ConnectionConnectedAccountsPurpose' x-release-lifecycle: GA UpdateCustomDomainRequestContent: type: object additionalProperties: false properties: tls_policy: $ref: '#/components/schemas/CustomDomainTlsPolicyEnum' description: recommended includes TLS 1.2 custom_client_ip_header: $ref: '#/components/schemas/CustomDomainCustomClientIpHeader' domain_metadata: $ref: '#/components/schemas/DomainMetadata' relying_party_identifier: type: - string - 'null' description: Relying Party ID (rpId) to be used for Passkeys on this custom domain. Set to null to remove the rpId and fall back to using the full domain. maxLength: 255 format: hostname UpdateCustomDomainResponseContent: type: object additionalProperties: false required: - custom_domain_id - domain - primary - status - type - verification properties: custom_domain_id: type: string description: ID of the custom domain. default: cd_0000000000000001 domain: type: string description: Domain name. default: login.mycompany.com primary: type: boolean description: Whether this is a primary domain (true) or not (false). default: false is_default: type: boolean description: Whether this is the default custom domain (true) or not (false). default: false status: $ref: '#/components/schemas/CustomDomainStatusFilterEnum' type: $ref: '#/components/schemas/CustomDomainTypeEnum' verification: $ref: '#/components/schemas/DomainVerification' custom_client_ip_header: type: - string - 'null' description: The HTTP header to fetch the client's IP address tls_policy: type: string description: The TLS version policy default: recommended domain_metadata: $ref: '#/components/schemas/DomainMetadata' certificate: $ref: '#/components/schemas/DomainCertificate' relying_party_identifier: type: string description: Relying Party ID (rpId) to be used for Passkeys on this custom domain. If not present, the full domain will be used. format: hostname UpdateDefaultCanonicalDomainResponseContent: type: object additionalProperties: false required: - domain properties: domain: type: string description: Domain name. default: login.mycompany.com UpdateDefaultCustomDomainResponseContent: type: object additionalProperties: false required: - custom_domain_id - domain - primary - status - type properties: custom_domain_id: type: string description: ID of the custom domain. default: cd_0000000000000001 domain: type: string description: Domain name. default: login.mycompany.com primary: type: boolean description: Whether this is a primary domain (true) or not (false). default: false is_default: type: boolean description: Whether this is the default custom domain (true) or not (false). default: false status: $ref: '#/components/schemas/CustomDomainStatusFilterEnum' type: $ref: '#/components/schemas/CustomDomainTypeEnum' origin_domain_name: type: string description: Intermediate address. default: mycompany_cd_0000000000000001.edge.tenants.auth0.com verification: $ref: '#/components/schemas/DomainVerification' custom_client_ip_header: type: - string - 'null' description: The HTTP header to fetch the client's IP address tls_policy: type: string description: The TLS version policy default: recommended domain_metadata: $ref: '#/components/schemas/DomainMetadata' certificate: $ref: '#/components/schemas/DomainCertificate' relying_party_identifier: type: string description: Relying Party ID (rpId) to be used for Passkeys on this custom domain. If not present, the full domain will be used. format: hostname UpdateDefaultDomainResponseContent: oneOf: - $ref: '#/components/schemas/UpdateDefaultCustomDomainResponseContent' - $ref: '#/components/schemas/UpdateDefaultCanonicalDomainResponseContent' UpdateDirectoryProvisioningRequestContent: type: - object - 'null' additionalProperties: false properties: mapping: type: array description: The mapping between Auth0 and IDP user attributes minItems: 1 items: $ref: '#/components/schemas/DirectoryProvisioningMappingItem' synchronize_automatically: type: boolean description: Whether periodic automatic synchronization is enabled synchronize_groups: $ref: '#/components/schemas/SynchronizeGroupsEnum' x-release-lifecycle: EA UpdateDirectoryProvisioningResponseContent: type: object additionalProperties: false required: - connection_id - connection_name - strategy - mapping - synchronize_automatically - created_at - updated_at properties: connection_id: type: string description: The connection's identifier connection_name: type: string description: The connection's name strategy: type: string description: The connection's strategy mapping: type: array description: The mapping between Auth0 and IDP user attributes minItems: 1 items: $ref: '#/components/schemas/DirectoryProvisioningMappingItem' synchronize_automatically: type: boolean description: Whether periodic automatic synchronization is enabled synchronize_groups: $ref: '#/components/schemas/SynchronizeGroupsEnum' x-release-lifecycle: EA created_at: type: string description: The timestamp at which the directory provisioning configuration was created format: date-time updated_at: type: string description: The timestamp at which the directory provisioning configuration was last updated format: date-time last_synchronization_at: type: string description: The timestamp at which the connection was last synchronized format: date-time last_synchronization_status: type: string description: The status of the last synchronization last_synchronization_error: type: string description: The error message of the last synchronization, if any UpdateEmailProviderRequestContent: type: object additionalProperties: false minProperties: 1 properties: name: $ref: '#/components/schemas/EmailProviderNameEnum' enabled: type: boolean description: Whether the provider is enabled (true) or disabled (false). default_from_address: type: string description: Email address to use as "from" when no other address specified. credentials: $ref: '#/components/schemas/EmailProviderCredentialsSchema' settings: $ref: '#/components/schemas/EmailSpecificProviderSettingsWithAdditionalProperties' UpdateEmailProviderResponseContent: type: object additionalProperties: false properties: name: type: string description: Name of the email provider. Can be `mailgun`, `mandrill`, `sendgrid`, `resend`, `ses`, `sparkpost`, `smtp`, `azure_cs`, `ms365`, or `custom`. default: sendgrid enabled: type: boolean description: Whether the provider is enabled (true) or disabled (false). default: true default_from_address: type: string description: Email address to use as "from" when no other address specified. credentials: $ref: '#/components/schemas/EmailProviderCredentials' settings: $ref: '#/components/schemas/EmailProviderSettings' UpdateEmailTemplateRequestContent: type: object additionalProperties: false properties: template: $ref: '#/components/schemas/EmailTemplateNameEnum' body: type: - string - 'null' description: Body of the email template. from: type: - string - 'null' description: Senders `from` email address. default: sender@auth0.com resultUrl: type: - string - 'null' description: URL to redirect the user to after a successful action. subject: type: - string - 'null' description: Subject line of the email. syntax: type: - string - 'null' description: Syntax of the template body. default: liquid urlLifetimeInSeconds: type: - number - 'null' description: Lifetime in seconds that the link within the email will be valid for. minimum: 0 includeEmailInRedirect: type: boolean description: Whether the `reset_email` and `verify_email` templates should include the user's email address as the `email` parameter in the returnUrl (true) or whether no email address should be included in the redirect (false). Defaults to true. enabled: type: - boolean - 'null' description: Whether the template is enabled (true) or disabled (false). UpdateEmailTemplateResponseContent: type: object additionalProperties: false properties: template: $ref: '#/components/schemas/EmailTemplateNameEnum' body: type: - string - 'null' description: Body of the email template. from: type: - string - 'null' description: Senders `from` email address. default: sender@auth0.com resultUrl: type: - string - 'null' description: URL to redirect the user to after a successful action. subject: type: - string - 'null' description: Subject line of the email. syntax: type: - string - 'null' description: Syntax of the template body. default: liquid urlLifetimeInSeconds: type: - number - 'null' description: Lifetime in seconds that the link within the email will be valid for. minimum: 0 includeEmailInRedirect: type: boolean description: Whether the `reset_email` and `verify_email` templates should include the user's email address as the `email` parameter in the returnUrl (true) or whether no email address should be included in the redirect (false). Defaults to true. enabled: type: - boolean - 'null' description: Whether the template is enabled (true) or disabled (false). UpdateEnabledClientConnectionsRequestContent: type: array minItems: 1 items: type: object additionalProperties: false required: - client_id - status properties: client_id: type: string description: The client_id of the client whose status will be changed. Note that the limit per PATCH request is 50 clients. format: client-id status: type: boolean description: Whether the connection is enabled or not for this client_id UpdateEventStreamRequestContent: type: object additionalProperties: false properties: name: type: string description: Name of the event stream. minLength: 1 maxLength: 128 subscriptions: type: array description: List of event types subscribed to in this stream. items: $ref: '#/components/schemas/EventStreamSubscription' destination: $ref: '#/components/schemas/EventStreamDestinationPatch' status: $ref: '#/components/schemas/EventStreamStatusEnum' UpdateEventStreamResponseContent: oneOf: - $ref: '#/components/schemas/EventStreamWebhookResponseContent' - $ref: '#/components/schemas/EventStreamEventBridgeResponseContent' - $ref: '#/components/schemas/EventStreamActionResponseContent' UpdateFlowRequestContent: type: object additionalProperties: false x-release-lifecycle: GA properties: name: type: string minLength: 1 maxLength: 150 actions: type: - array - 'null' minItems: 0 items: $ref: '#/components/schemas/FlowAction' UpdateFlowResponseContent: type: object additionalProperties: false required: - id - name - created_at - updated_at x-release-lifecycle: GA properties: id: type: string maxLength: 30 format: flow-id name: type: string minLength: 1 maxLength: 150 actions: type: array minItems: 0 items: $ref: '#/components/schemas/FlowAction' created_at: type: string format: date-time updated_at: type: string format: date-time executed_at: type: string format: date UpdateFlowsVaultConnectionRequestContent: type: object additionalProperties: false properties: name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 setup: $ref: '#/components/schemas/UpdateFlowsVaultConnectionSetup' UpdateFlowsVaultConnectionResponseContent: type: object additionalProperties: false required: - id - app_id - name - ready - created_at - updated_at - fingerprint properties: id: type: string description: Flows Vault Connection identifier. maxLength: 30 format: flows-vault-connections-id app_id: type: string description: Flows Vault Connection app identifier. minLength: 1 maxLength: 55 environment: type: string description: Flows Vault Connection environment. minLength: 1 maxLength: 55 name: type: string description: Flows Vault Connection name. minLength: 1 maxLength: 150 account_name: type: string description: Flows Vault Connection custom account name. minLength: 1 maxLength: 150 ready: type: boolean description: Whether the Flows Vault Connection is configured. created_at: type: string description: The ISO 8601 formatted date when this Flows Vault Connection was created. format: date-time updated_at: type: string description: The ISO 8601 formatted date when this Flows Vault Connection was updated. format: date-time refreshed_at: type: string description: The ISO 8601 formatted date when this Flows Vault Connection was refreshed. format: date-time fingerprint: type: string minLength: 1 UpdateFlowsVaultConnectionSetup: type: object description: Flows Vault Connection configuration. oneOf: - $ref: '#/components/schemas/FlowsVaultConnectioSetupApiKeyWithBaseUrl' - $ref: '#/components/schemas/FlowsVaultConnectioSetupApiKey' - $ref: '#/components/schemas/FlowsVaultConnectioSetupOauthApp' - $ref: '#/components/schemas/FlowsVaultConnectioSetupBigqueryOauthJwt' - $ref: '#/components/schemas/FlowsVaultConnectioSetupSecretApiKey' - $ref: '#/components/schemas/FlowsVaultConnectioSetupOauthCode' - $ref: '#/components/schemas/FlowsVaultConnectioSetupHttpBearer' - $ref: '#/components/schemas/FlowsVaultConnectionHttpBasicAuthSetup' - $ref: '#/components/schemas/FlowsVaultConnectionHttpApiKeySetup' - $ref: '#/components/schemas/FlowsVaultConnectionHttpOauthClientCredentialsSetup' - $ref: '#/components/schemas/FlowsVaultConnectioSetupJwt' - $ref: '#/components/schemas/FlowsVaultConnectioSetupMailjetApiKey' - $ref: '#/components/schemas/FlowsVaultConnectioSetupToken' - $ref: '#/components/schemas/FlowsVaultConnectioSetupWebhook' - $ref: '#/components/schemas/FlowsVaultConnectioSetupStripeKeyPair' - $ref: '#/components/schemas/FlowsVaultConnectioSetupOauthCode' - $ref: '#/components/schemas/FlowsVaultConnectioSetupTwilioApiKey' UpdateFormRequestContent: type: object additionalProperties: false properties: name: type: string minLength: 1 maxLength: 150 messages: $ref: '#/components/schemas/FormMessagesNullable' languages: $ref: '#/components/schemas/FormLanguagesNullable' translations: $ref: '#/components/schemas/FormTranslationsNullable' nodes: $ref: '#/components/schemas/FormNodeListNullable' start: $ref: '#/components/schemas/FormStartNodeNullable' ending: $ref: '#/components/schemas/FormEndingNodeNullable' style: $ref: '#/components/schemas/FormStyleNullable' UpdateFormResponseContent: type: object additionalProperties: false required: - id - name - created_at - updated_at properties: id: type: string maxLength: 30 format: form-id name: type: string minLength: 1 maxLength: 150 messages: $ref: '#/components/schemas/FormMessages' languages: $ref: '#/components/schemas/FormLanguages' translations: $ref: '#/components/schemas/FormTranslations' nodes: $ref: '#/components/schemas/FormNodeList' start: $ref: '#/components/schemas/FormStartNode' ending: $ref: '#/components/schemas/FormEndingNode' style: $ref: '#/components/schemas/FormStyle' created_at: type: string format: date-time updated_at: type: string format: date-time embedded_at: type: string format: date submitted_at: type: string format: date UpdateGuardianFactorDuoSettingsRequestContent: type: object additionalProperties: false properties: ikey: type: string maxLength: 10000 skey: type: string maxLength: 10000 format: non-empty-string host: type: string maxLength: 10000 UpdateGuardianFactorDuoSettingsResponseContent: type: object additionalProperties: false properties: ikey: type: string maxLength: 10000 skey: type: string maxLength: 10000 format: non-empty-string host: type: string maxLength: 10000 UpdateGuardianFactorsProviderPushNotificationApnsRequestContent: type: object additionalProperties: false properties: sandbox: type: boolean bundle_id: type: - string - 'null' minLength: 1 maxLength: 1000 p12: type: - string - 'null' minLength: 1 maxLength: 10000 UpdateGuardianFactorsProviderPushNotificationApnsResponseContent: type: object additionalProperties: false properties: sandbox: type: boolean bundle_id: type: - string - 'null' minLength: 1 maxLength: 1000 UpdateGuardianFactorsProviderPushNotificationFcmRequestContent: type: object additionalProperties: false properties: server_key: type: - string - 'null' minLength: 1 maxLength: 152 UpdateGuardianFactorsProviderPushNotificationFcmResponseContent: type: object additionalProperties: true minProperties: 0 maxProperties: 0 UpdateGuardianFactorsProviderPushNotificationFcmv1RequestContent: type: object additionalProperties: false properties: server_credentials: type: - string - 'null' minLength: 1 maxLength: 10000 UpdateGuardianFactorsProviderPushNotificationFcmv1ResponseContent: type: object additionalProperties: true minProperties: 0 maxProperties: 0 UpdateGuardianFactorsProviderPushNotificationSnsRequestContent: type: object additionalProperties: false properties: aws_access_key_id: type: - string - 'null' default: wywA2BH4VqTpfywiDuyDAYZL3xQjoO40 minLength: 1 maxLength: 1000 aws_secret_access_key: type: - string - 'null' default: B1ER5JHDGJL3C4sVAKK7SBsq806R3IpL minLength: 1 maxLength: 1000 aws_region: type: - string - 'null' default: us-west-1 minLength: 1 maxLength: 1000 pattern: ^(?:us-east-[0-9]{1,2}|us-west-[0-9]{1,2}|ap-southeast-[0-9]{1,2}|ap-northeast-[0-9]{1,2}|ap-central-[0-9]{1,2}|eu-west-[0-9]{1,2}|eu-central-[0-9]{1,2})$ sns_apns_platform_application_arn: type: - string - 'null' minLength: 1 maxLength: 1000 sns_gcm_platform_application_arn: type: - string - 'null' default: urn://yRMeBxgcCXh8MeTXPBAxhQnm6gP6f5nP minLength: 1 maxLength: 1000 UpdateGuardianFactorsProviderPushNotificationSnsResponseContent: type: object additionalProperties: false properties: aws_access_key_id: type: - string - 'null' default: wywA2BH4VqTpfywiDuyDAYZL3xQjoO40 minLength: 1 maxLength: 1000 aws_secret_access_key: type: - string - 'null' default: B1ER5JHDGJL3C4sVAKK7SBsq806R3IpL minLength: 1 maxLength: 1000 aws_region: type: - string - 'null' default: us-west-1 minLength: 1 maxLength: 1000 pattern: ^(?:us-east-[0-9]{1,2}|us-west-[0-9]{1,2}|ap-southeast-[0-9]{1,2}|ap-northeast-[0-9]{1,2}|ap-central-[0-9]{1,2}|eu-west-[0-9]{1,2}|eu-central-[0-9]{1,2})$ sns_apns_platform_application_arn: type: - string - 'null' minLength: 1 maxLength: 1000 sns_gcm_platform_application_arn: type: - string - 'null' default: urn://yRMeBxgcCXh8MeTXPBAxhQnm6gP6f5nP minLength: 1 maxLength: 1000 UpdateHookRequestContent: type: object additionalProperties: false minProperties: 1 properties: name: type: string description: Name of this hook. default: my-hook pattern: ^[a-zA-Z0-9]([ \-a-zA-Z0-9]*[a-zA-Z0-9])?$ script: type: string description: Code to be executed when this hook runs. default: module.exports = function(client, scope, audience, context, cb) cb(null, access_token); }; minLength: 1 enabled: type: boolean description: Whether this hook will be executed (true) or ignored (false). default: false dependencies: $ref: '#/components/schemas/HookDependencies' UpdateHookResponseContent: type: object additionalProperties: false properties: triggerId: type: string description: Trigger ID id: type: string description: ID of this hook. default: '00001' name: type: string description: Name of this hook. default: hook enabled: type: boolean description: Whether this hook will be executed (true) or ignored (false). default: true script: type: string description: Code to be executed when this hook runs. default: module.exports = function(client, scope, audience, context, cb) cb(null, access_token); }; dependencies: $ref: '#/components/schemas/HookDependencies' UpdateHookSecretRequestContent: type: object description: Hashmap of key-value pairs where the value must be a string. additionalProperties: type: string minProperties: 1 maxProperties: 20 UpdateLogStreamRequestContent: type: object additionalProperties: false properties: name: type: string description: log stream name status: $ref: '#/components/schemas/LogStreamStatusEnum' isPriority: type: boolean description: True for priority log streams, false for non-priority filters: type: array description: Only logs events matching these filters will be delivered by the stream. If omitted or empty, all events will be delivered. items: $ref: '#/components/schemas/LogStreamFilter' pii_config: $ref: '#/components/schemas/LogStreamPiiConfig' sink: $ref: '#/components/schemas/LogStreamSinkPatch' UpdateLogStreamResponseContent: oneOf: - $ref: '#/components/schemas/LogStreamHttpResponseSchema' - $ref: '#/components/schemas/LogStreamEventBridgeResponseSchema' - $ref: '#/components/schemas/LogStreamEventGridResponseSchema' - $ref: '#/components/schemas/LogStreamDatadogResponseSchema' - $ref: '#/components/schemas/LogStreamSplunkResponseSchema' - $ref: '#/components/schemas/LogStreamSumoResponseSchema' - $ref: '#/components/schemas/LogStreamSegmentResponseSchema' - $ref: '#/components/schemas/LogStreamMixpanelResponseSchema' UpdateNetworkAclRequestContent: type: object additionalProperties: false properties: description: type: string maxLength: 255 active: type: boolean description: Indicates whether or not this access control list is actively being used priority: type: number description: Indicates the order in which the ACL will be evaluated relative to other ACL rules. minimum: 1 maximum: 100 rule: $ref: '#/components/schemas/NetworkAclRule' UpdateNetworkAclResponseContent: type: object additionalProperties: true properties: id: type: string description: type: string active: type: boolean priority: type: number minimum: 1 maximum: 100 rule: $ref: '#/components/schemas/NetworkAclRule' created_at: type: string description: The timestamp when the Network ACL Configuration was created updated_at: type: string description: The timestamp when the Network ACL Configuration was last updated UpdateOrganizationAllConnectionRequestContent: type: object additionalProperties: false properties: organization_connection_name: type: - string - 'null' description: Name of the connection in the scope of this organization. minLength: 1 maxLength: 50 pattern: "^[^\0]*$" assign_membership_on_login: type: boolean description: When true, all users that log in with this connection will be automatically granted membership in the organization. When false, users must be granted membership in the organization before logging in with this connection. show_as_button: type: boolean description: 'Determines whether a connection should be displayed on this organization’s login prompt. Only applicable for enterprise connections. Default: true.' is_signup_enabled: type: boolean description: 'Determines whether organization signup should be enabled for this organization connection. Only applicable for database connections. Default: false.' organization_access_level: $ref: '#/components/schemas/OrganizationAccessLevelEnumWithNull' is_enabled: type: - boolean - 'null' description: Whether the connection is enabled for the organization. UpdateOrganizationAllConnectionResponseContent: type: object additionalProperties: false required: - connection_id properties: organization_connection_name: type: string description: Name of the connection in the scope of this organization. minLength: 1 maxLength: 50 pattern: "^[^\0]*$" assign_membership_on_login: type: boolean description: When true, all users that log in with this connection will be automatically granted membership in the organization. When false, users must be granted membership in the organization before logging in with this connection. show_as_button: type: boolean description: 'Determines whether a connection should be displayed on this organization’s login prompt. Only applicable for enterprise connections. Default: true.' is_signup_enabled: type: boolean description: 'Determines whether organization signup should be enabled for this organization connection. Only applicable for database connections. Default: false.' organization_access_level: $ref: '#/components/schemas/OrganizationAccessLevelEnum' is_enabled: type: boolean description: Whether the connection is enabled for the organization. connection_id: type: string description: Connection identifier. minLength: 1 maxLength: 50 format: connection-id connection: $ref: '#/components/schemas/OrganizationConnectionInformation' UpdateOrganizationConnectionRequestContent: type: object additionalProperties: false properties: assign_membership_on_login: type: boolean description: When true, all users that log in with this connection will be automatically granted membership in the organization. When false, users must be granted membership in the organization before logging in with this connection. is_signup_enabled: type: boolean description: 'Determines whether organization signup should be enabled for this organization connection. Only applicable for database connections. Default: false.' show_as_button: type: boolean description: 'Determines whether a connection should be displayed on this organization’s login prompt. Only applicable for enterprise connections. Default: true.' UpdateOrganizationConnectionResponseContent: type: object additionalProperties: false properties: connection_id: type: string description: ID of the connection. assign_membership_on_login: type: boolean description: When true, all users that log in with this connection will be automatically granted membership in the organization. When false, users must be granted membership in the organization before logging in with this connection. show_as_button: type: boolean description: 'Determines whether a connection should be displayed on this organization’s login prompt. Only applicable for enterprise connections. Default: true.' is_signup_enabled: type: boolean description: 'Determines whether organization signup should be enabled for this organization connection. Only applicable for database connections. Default: false.' connection: $ref: '#/components/schemas/OrganizationConnectionInformation' UpdateOrganizationDiscoveryDomainRequestContent: type: object additionalProperties: false properties: status: $ref: '#/components/schemas/OrganizationDiscoveryDomainStatus' use_for_organization_discovery: type: boolean description: Indicates whether this domain should be used for organization discovery. UpdateOrganizationDiscoveryDomainResponseContent: type: object additionalProperties: false required: - id - domain - status - verification_host - verification_txt properties: id: type: string description: Organization discovery domain identifier. format: organization-discovery-domain-id domain: type: string description: The domain name to associate with the organization e.g. acme.com. minLength: 3 maxLength: 255 pattern: ^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9-]*[A-Za-z0-9])$ status: $ref: '#/components/schemas/OrganizationDiscoveryDomainStatus' use_for_organization_discovery: type: boolean description: Indicates whether this domain should be used for organization discovery. verification_txt: type: string description: A unique token generated for the discovery domain. This must be placed in a DNS TXT record at the location specified by the verification_host field to prove domain ownership. verification_host: type: string description: The full domain where the TXT record should be added. UpdateOrganizationRequestContent: type: object additionalProperties: false properties: display_name: type: string description: Friendly name of this organization. default: Acme Users minLength: 1 maxLength: 255 name: type: string description: The name of this organization. default: organization-1 minLength: 1 maxLength: 50 format: organization-name branding: $ref: '#/components/schemas/OrganizationBranding' metadata: $ref: '#/components/schemas/OrganizationMetadata' token_quota: $ref: '#/components/schemas/UpdateTokenQuota' x-release-lifecycle: EA UpdateOrganizationResponseContent: type: object additionalProperties: true properties: id: type: string description: Organization identifier. maxLength: 50 format: organization-id name: type: string description: The name of this organization. default: organization-1 minLength: 1 maxLength: 50 format: organization-name display_name: type: string description: Friendly name of this organization. default: Acme Users minLength: 1 maxLength: 255 branding: $ref: '#/components/schemas/OrganizationBranding' metadata: $ref: '#/components/schemas/OrganizationMetadata' token_quota: $ref: '#/components/schemas/TokenQuota' x-release-lifecycle: EA UpdatePhoneTemplateRequestContent: type: object additionalProperties: false properties: content: $ref: '#/components/schemas/PartialPhoneTemplateContent' disabled: type: boolean description: Whether the template is enabled (false) or disabled (true). default: false UpdatePhoneTemplateResponseContent: type: object additionalProperties: false required: - content - disabled - id - type properties: id: type: string minLength: 1 maxLength: 255 channel: type: string customizable: type: boolean tenant: type: string minLength: 1 maxLength: 255 content: $ref: '#/components/schemas/PhoneTemplateContent' type: $ref: '#/components/schemas/PhoneTemplateNotificationTypeEnum' disabled: type: boolean description: Whether the template is enabled (false) or disabled (true). default: false UpdateRefreshTokenRequestContent: type: object additionalProperties: false minProperties: 1 properties: refresh_token_metadata: $ref: '#/components/schemas/RefreshTokenMetadata' description: Metadata associated with the refresh token. Pass null or {} to remove all metadata. UpdateRefreshTokenResponseContent: type: object additionalProperties: true properties: id: type: string description: The ID of the refresh token user_id: type: string description: ID of the user which can be used when interacting with other APIs. default: auth0|507f1f77bcf86cd799439020 created_at: $ref: '#/components/schemas/RefreshTokenDate' idle_expires_at: $ref: '#/components/schemas/RefreshTokenDate' expires_at: $ref: '#/components/schemas/RefreshTokenDate' device: $ref: '#/components/schemas/RefreshTokenDevice' client_id: type: string description: ID of the client application granted with this refresh token session_id: $ref: '#/components/schemas/RefreshTokenSessionId' rotating: type: boolean description: True if the token is a rotating refresh token resource_servers: type: array description: A list of the resource server IDs associated to this refresh-token and their granted scopes items: $ref: '#/components/schemas/RefreshTokenResourceServer' refresh_token_metadata: $ref: '#/components/schemas/RefreshTokenMetadata' last_exchanged_at: $ref: '#/components/schemas/RefreshTokenDate' UpdateResourceServerRequestContent: type: object additionalProperties: false properties: name: type: string description: Friendly name for this resource server. Can not contain `<` or `>` characters. maxLength: 200 pattern: ^[^<>]+$ scopes: type: array description: List of permissions (scopes) that this API uses. items: $ref: '#/components/schemas/ResourceServerScope' signing_alg: $ref: '#/components/schemas/SigningAlgorithmEnum' signing_secret: type: string description: Secret used to sign tokens when using symmetric algorithms (HS256). minLength: 16 skip_consent_for_verifiable_first_party_clients: type: boolean description: Whether to skip user consent for applications flagged as first party (true) or not (false). allow_offline_access: type: boolean description: Whether refresh tokens can be issued for this API (true) or not (false). allow_online_access: type: boolean description: Whether Online Refresh Tokens can be issued for this API (true) or not (false). token_lifetime: type: integer description: Expiration value (in seconds) for access tokens issued for this API from the token endpoint. minimum: 0 maximum: 2592000 token_dialect: $ref: '#/components/schemas/ResourceServerTokenDialectSchemaEnum' enforce_policies: type: boolean description: Whether authorization policies are enforced (true) or not enforced (false). token_encryption: $ref: '#/components/schemas/ResourceServerTokenEncryption' consent_policy: $ref: '#/components/schemas/ResourceServerConsentPolicyEnum' authorization_details: type: - array - 'null' items: {} proof_of_possession: $ref: '#/components/schemas/ResourceServerProofOfPossession' subject_type_authorization: $ref: '#/components/schemas/ResourceServerSubjectTypeAuthorization' authorization_policy: $ref: '#/components/schemas/ResourceServerAuthorizationPolicy' x-release-lifecycle: EA UpdateResourceServerResponseContent: type: object additionalProperties: false properties: id: type: string description: ID of the API (resource server). name: type: string description: Friendly name for this resource server. Can not contain `<` or `>` characters. is_system: type: boolean description: Whether this is an Auth0 system API (true) or a custom API (false). identifier: type: string description: Unique identifier for the API used as the audience parameter on authorization calls. Can not be changed once set. scopes: type: array description: List of permissions (scopes) that this API uses. items: $ref: '#/components/schemas/ResourceServerScope' signing_alg: $ref: '#/components/schemas/SigningAlgorithmEnum' signing_secret: type: string description: Secret used to sign tokens when using symmetric algorithms (HS256). minLength: 16 allow_offline_access: type: boolean description: Whether refresh tokens can be issued for this API (true) or not (false). allow_online_access: type: boolean description: Whether Online Refresh Tokens can be issued for this API (true) or not (false). skip_consent_for_verifiable_first_party_clients: type: boolean description: Whether to skip user consent for applications flagged as first party (true) or not (false). token_lifetime: type: integer description: Expiration value (in seconds) for access tokens issued for this API from the token endpoint. token_lifetime_for_web: type: integer description: Expiration value (in seconds) for access tokens issued for this API via Implicit or Hybrid Flows. Cannot be greater than the `token_lifetime` value. enforce_policies: type: boolean description: Whether authorization polices are enforced (true) or unenforced (false). token_dialect: $ref: '#/components/schemas/ResourceServerTokenDialectResponseEnum' token_encryption: $ref: '#/components/schemas/ResourceServerTokenEncryption' consent_policy: $ref: '#/components/schemas/ResourceServerConsentPolicyEnum' authorization_details: type: - array - 'null' items: {} proof_of_possession: $ref: '#/components/schemas/ResourceServerProofOfPossession' subject_type_authorization: $ref: '#/components/schemas/ResourceServerSubjectTypeAuthorization' authorization_policy: $ref: '#/components/schemas/ResourceServerAuthorizationPolicy' x-release-lifecycle: EA client_id: type: string description: The client ID of the client that this resource server is linked to format: client-id UpdateRiskAssessmentsSettingsNewDeviceRequestContent: type: object additionalProperties: false required: - remember_for properties: remember_for: type: integer description: Length of time to remember devices for, in days. minimum: 1 maximum: 365 UpdateRiskAssessmentsSettingsNewDeviceResponseContent: type: object additionalProperties: false required: - remember_for properties: remember_for: type: integer description: Length of time to remember devices for, in days. minimum: 1 maximum: 365 UpdateRiskAssessmentsSettingsRequestContent: type: object additionalProperties: false required: - enabled properties: enabled: type: boolean description: Whether or not risk assessment is enabled. UpdateRiskAssessmentsSettingsResponseContent: type: object additionalProperties: false required: - enabled properties: enabled: type: boolean description: Whether or not risk assessment is enabled. UpdateRoleRequestContent: type: object additionalProperties: false properties: name: type: string description: Name of this role. description: type: string description: Description of this role. UpdateRoleResponseContent: type: object additionalProperties: false properties: id: type: string description: ID for this role. name: type: string description: Name of this role. description: type: string description: Description of this role. UpdateRuleRequestContent: type: object additionalProperties: false minProperties: 1 properties: script: type: string description: Code to be executed when this rule runs. default: "function (user, context, callback) {\n callback(null, user, context);\n}" minLength: 1 name: type: string description: Name of this rule. default: my-rule pattern: ^[a-zA-Z0-9]([ \-a-zA-Z0-9]*[a-zA-Z0-9])?$ order: type: number description: Order that this rule should execute in relative to other rules. Lower-valued rules execute first. default: 2 minimum: 0 enabled: type: boolean description: Whether the rule is enabled (true), or disabled (false). default: true UpdateRuleResponseContent: type: object additionalProperties: false properties: name: type: string description: Name of this rule. default: rule_1 id: type: string description: ID of this rule. default: con_0000000000000001 enabled: type: boolean description: Whether the rule is enabled (true), or disabled (false). default: true script: type: string description: Code to be executed when this rule runs. default: "function (user, context, callback) {\n callback(null, user, context);\n}" order: type: number description: Order that this rule should execute in relative to other rules. Lower-valued rules execute first. default: 1 stage: type: string description: Execution stage of this rule. Can be `login_success`, `login_failure`, or `pre_authorize`. default: login_success UpdateScimConfigurationRequestContent: type: object additionalProperties: false required: - user_id_attribute - mapping properties: user_id_attribute: type: string description: User ID attribute for generating unique user ids mapping: type: array description: The mapping between auth0 and SCIM items: $ref: '#/components/schemas/ScimMappingItem' UpdateScimConfigurationResponseContent: type: object additionalProperties: false required: - tenant_name - connection_id - connection_name - strategy - created_at - updated_on - mapping - user_id_attribute properties: connection_id: type: string description: The connection's identifier connection_name: type: string description: The connection's name strategy: type: string description: The connection's strategy tenant_name: type: string description: The tenant's name user_id_attribute: type: string description: User ID attribute for generating unique user ids mapping: type: array description: The mapping between auth0 and SCIM items: $ref: '#/components/schemas/ScimMappingItem' created_at: type: string description: The ISO 8601 date and time the SCIM configuration was created at format: date-time updated_on: type: string description: The ISO 8601 date and time the SCIM configuration was last updated on format: date-time UpdateSelfServiceProfileRequestContent: type: object additionalProperties: false minProperties: 0 properties: name: type: string description: The name of the self-service Profile. minLength: 1 maxLength: 100 description: $ref: '#/components/schemas/SelfServiceProfileDescription' branding: $ref: '#/components/schemas/SelfServiceProfileBranding' allowed_strategies: type: array description: 'List of IdP strategies that will be shown to users during the Self-Service Enterprise Configuration flow. Possible values: [`oidc`, `samlp`, `waad`, `google-apps`, `adfs`, `okta`, `auth0-samlp`, `okta-samlp`, `keycloak-samlp`, `pingfederate`]' minItems: 1 items: $ref: '#/components/schemas/SelfServiceProfileAllowedStrategyEnum' user_attributes: $ref: '#/components/schemas/SelfServiceProfileUserAttributes' user_attribute_profile_id: type: - string - 'null' description: ID of the user-attribute-profile to associate with this self-service profile. format: user-attribute-profile-id x-release-lifecycle: EA UpdateSelfServiceProfileResponseContent: type: object additionalProperties: false properties: id: type: string description: The unique ID of the self-service Profile. default: ssp_n7SNCL8seoyV1TuSTCnAeo name: type: string description: The name of the self-service Profile. description: type: string description: The description of the self-service Profile. user_attributes: type: array description: List of attributes to be mapped that will be shown to the user during the Self-Service Enterprise Configuration flow. items: $ref: '#/components/schemas/SelfServiceProfileUserAttribute' created_at: type: string description: The time when this self-service Profile was created. default: '2021-01-01T00:00:00.000Z' format: date-time updated_at: type: string description: The time when this self-service Profile was updated. default: '2021-01-01T00:00:00.000Z' format: date-time branding: $ref: '#/components/schemas/SelfServiceProfileBrandingProperties' allowed_strategies: type: array description: 'List of IdP strategies that will be shown to users during the Self-Service Enterprise Configuration flow. Possible values: [`oidc`, `samlp`, `waad`, `google-apps`, `adfs`, `okta`, `auth0-samlp`, `okta-samlp`, `keycloak-samlp`, `pingfederate`]' minItems: 1 items: $ref: '#/components/schemas/SelfServiceProfileAllowedStrategyEnum' user_attribute_profile_id: type: string description: ID of the user-attribute-profile to associate with this self-service profile. format: user-attribute-profile-id x-release-lifecycle: EA UpdateSessionRequestContent: type: object additionalProperties: false minProperties: 1 properties: session_metadata: $ref: '#/components/schemas/SessionMetadata' description: Metadata associated with the session. Pass null or {} to remove all session_metadata. UpdateSessionResponseContent: type: object additionalProperties: true properties: id: type: string description: The ID of the session user_id: type: string description: ID of the user which can be used when interacting with other APIs. created_at: $ref: '#/components/schemas/SessionDate' updated_at: $ref: '#/components/schemas/SessionDate' authenticated_at: $ref: '#/components/schemas/SessionDate' idle_expires_at: $ref: '#/components/schemas/SessionDate' expires_at: $ref: '#/components/schemas/SessionDate' last_interacted_at: $ref: '#/components/schemas/SessionDate' device: $ref: '#/components/schemas/SessionDeviceMetadata' clients: type: array description: List of client details for the session items: $ref: '#/components/schemas/SessionClientMetadata' authentication: $ref: '#/components/schemas/SessionAuthenticationSignals' cookie: $ref: '#/components/schemas/SessionCookieMetadata' session_metadata: $ref: '#/components/schemas/SessionMetadata' UpdateSettingsRequestContent: type: object description: Prompts settings additionalProperties: false minProperties: 1 properties: universal_login_experience: $ref: '#/components/schemas/UniversalLoginExperienceEnum' identifier_first: type: - boolean - 'null' description: Whether identifier first is enabled or not webauthn_platform_first_factor: type: - boolean - 'null' description: Use WebAuthn with Device Biometrics as the first authentication factor UpdateSettingsResponseContent: type: object additionalProperties: true properties: universal_login_experience: $ref: '#/components/schemas/UniversalLoginExperienceEnum' identifier_first: type: boolean description: Whether identifier first is enabled or not webauthn_platform_first_factor: type: boolean description: Use WebAuthn with Device Biometrics as the first authentication factor UpdateSupplementalSignalsRequestContent: type: object additionalProperties: false required: - akamai_enabled properties: akamai_enabled: type: boolean description: Indicates if incoming Akamai Headers should be processed UpdateSuspiciousIPThrottlingSettingsRequestContent: type: object additionalProperties: false properties: enabled: type: boolean description: Whether or not suspicious IP throttling attack protections are active. shields: type: array description: "Action to take when a suspicious IP throttling threshold is violated.\n Possible values: block, admin_notification." items: $ref: '#/components/schemas/SuspiciousIPThrottlingShieldsEnum' allowlist: $ref: '#/components/schemas/SuspiciousIPThrottlingAllowlist' stage: $ref: '#/components/schemas/SuspiciousIPThrottlingStage' UpdateSuspiciousIPThrottlingSettingsResponseContent: type: object additionalProperties: false properties: enabled: type: boolean description: Whether or not suspicious IP throttling attack protections are active. shields: type: array description: "Action to take when a suspicious IP throttling threshold is violated.\n Possible values: block, admin_notification." items: $ref: '#/components/schemas/SuspiciousIPThrottlingShieldsEnum' allowlist: $ref: '#/components/schemas/SuspiciousIPThrottlingAllowlist' stage: $ref: '#/components/schemas/SuspiciousIPThrottlingStage' UpdateTenantSettingsRequestContent: type: object additionalProperties: false minProperties: 1 properties: change_password: $ref: '#/components/schemas/TenantSettingsPasswordPage' device_flow: $ref: '#/components/schemas/TenantSettingsDeviceFlow' description: Device Flow configuration. guardian_mfa_page: $ref: '#/components/schemas/TenantSettingsGuardianPage' default_audience: type: string description: Default audience for API Authorization. default: '' default_directory: type: string description: 'Name of connection used for password grants at the `/token` endpoint. The following connection types are supported: LDAP, AD, Database Connections, Passwordless, Windows Azure Active Directory, ADFS.' default: '' error_page: $ref: '#/components/schemas/TenantSettingsErrorPage' default_token_quota: $ref: '#/components/schemas/DefaultTokenQuota' x-release-lifecycle: EA flags: $ref: '#/components/schemas/TenantSettingsFlags' friendly_name: type: string description: Friendly name for this tenant. default: My Company picture_url: type: string description: 'URL of logo to be shown for this tenant (recommended size: 150x150)' default: https://mycompany.org/logo.png format: absolute-uri-or-empty support_email: type: string description: End-user support email. default: support@mycompany.org format: email-or-empty support_url: type: string description: End-user support url. default: https://mycompany.org/support format: absolute-uri-or-empty allowed_logout_urls: type: array description: URLs that are valid to redirect to after logout from Auth0. items: type: string format: url-with-placeholders session_lifetime: type: integer description: Number of hours a session will stay valid. default: 168 minimum: 1 idle_session_lifetime: type: integer description: Number of hours for which a session can be inactive before the user must log in again. default: 72 minimum: 1 ephemeral_session_lifetime: type: integer description: Number of hours an ephemeral (non-persistent) session will stay valid. default: 72 minimum: 1 idle_ephemeral_session_lifetime: type: integer description: Number of hours for which an ephemeral (non-persistent) session can be inactive before the user must log in again. default: 24 minimum: 1 sandbox_version: type: string description: Selected sandbox version for the extensibility environment default: '22' maxLength: 8 legacy_sandbox_version: type: string description: Selected legacy sandbox version for the extensibility environment maxLength: 8 default_redirection_uri: type: string description: The default absolute redirection uri, must be https format: absolute-https-uri-or-empty enabled_locales: type: array description: Supported locales for the user interface minItems: 1 items: $ref: '#/components/schemas/TenantSettingsSupportedLocalesEnum' session_cookie: $ref: '#/components/schemas/SessionCookieSchema' sessions: $ref: '#/components/schemas/TenantSettingsSessions' oidc_logout: $ref: '#/components/schemas/TenantOIDCLogoutSettings' customize_mfa_in_postlogin_action: type: - boolean - 'null' description: Whether to enable flexible factors for MFA in the PostLogin action default: false allow_organization_name_in_authentication_api: type: - boolean - 'null' description: Whether to accept an organization name instead of an ID on auth endpoints default: false acr_values_supported: type: - array - 'null' description: Supported ACR values minItems: 0 items: type: string format: acr mtls: $ref: '#/components/schemas/TenantSettingsMTLS' pushed_authorization_requests_supported: type: - boolean - 'null' description: Enables the use of Pushed Authorization Requests default: false authorization_response_iss_parameter_supported: type: - boolean - 'null' description: Supports iss parameter in authorization responses default: false skip_non_verifiable_callback_uri_confirmation_prompt: type: - boolean - 'null' description: 'Controls whether a confirmation prompt is shown during login flows when the redirect URI uses non-verifiable callback URIs (for example, a custom URI schema such as `myapp://`, or `localhost`). If set to true, a confirmation prompt will not be shown. We recommend that this is set to false for improved protection from malicious apps. See https://auth0.com/docs/secure/security-guidance/measures-against-app-impersonation for more information.' resource_parameter_profile: $ref: '#/components/schemas/TenantSettingsResourceParameterProfile' x-release-lifecycle: GA client_id_metadata_document_supported: type: boolean description: Whether the authorization server supports retrieving client metadata from a client_id URL. default: false x-release-lifecycle: EA enable_ai_guide: type: boolean description: Whether Auth0 Guide (AI-powered assistance) is enabled for this tenant. phone_consolidated_experience: type: boolean description: Whether Phone Consolidated Experience is enabled for this tenant. dynamic_client_registration_security_mode: $ref: '#/components/schemas/TenantSettingsDynamicClientRegistrationSecurityMode' x-release-lifecycle: GA UpdateTenantSettingsResponseContent: type: object additionalProperties: false properties: change_password: $ref: '#/components/schemas/TenantSettingsPasswordPage' guardian_mfa_page: $ref: '#/components/schemas/TenantSettingsGuardianPage' default_audience: type: string description: Default audience for API authorization. default: '' default_directory: type: string description: 'Name of connection used for password grants at the `/token`endpoint. The following connection types are supported: LDAP, AD, Database Connections, Passwordless, Windows Azure Active Directory, ADFS.' default: '' error_page: $ref: '#/components/schemas/TenantSettingsErrorPage' device_flow: $ref: '#/components/schemas/TenantSettingsDeviceFlow' default_token_quota: $ref: '#/components/schemas/DefaultTokenQuota' x-release-lifecycle: EA flags: $ref: '#/components/schemas/TenantSettingsFlags' friendly_name: type: string description: Friendly name for this tenant. default: My Company picture_url: type: string description: 'URL of logo to be shown for this tenant (recommended size: 150x150)' default: https://mycompany.org/logo.png format: absolute-uri-or-empty support_email: type: string description: End-user support email address. default: support@mycompany.org format: email-or-empty support_url: type: string description: End-user support URL. default: https://mycompany.org/support format: absolute-uri-or-empty allowed_logout_urls: type: array description: URLs that are valid to redirect to after logout from Auth0. items: type: string format: url session_lifetime: type: number description: Number of hours a session will stay valid. default: 168 idle_session_lifetime: type: number description: Number of hours for which a session can be inactive before the user must log in again. default: 72 ephemeral_session_lifetime: type: number description: Number of hours an ephemeral (non-persistent) session will stay valid. default: 72 minimum: 1 idle_ephemeral_session_lifetime: type: number description: Number of hours for which an ephemeral (non-persistent) session can be inactive before the user must log in again. default: 24 minimum: 1 sandbox_version: type: string description: Selected sandbox version for the extensibility environment. default: '22' legacy_sandbox_version: type: string description: Selected sandbox version for rules and hooks extensibility. default: '' sandbox_versions_available: type: array description: Available sandbox versions for the extensibility environment. items: type: string default_redirection_uri: type: string description: The default absolute redirection uri, must be https enabled_locales: type: array description: Supported locales for the user interface. items: $ref: '#/components/schemas/SupportedLocales' session_cookie: $ref: '#/components/schemas/SessionCookieSchema' sessions: $ref: '#/components/schemas/TenantSettingsSessions' oidc_logout: $ref: '#/components/schemas/TenantOIDCLogoutSettings' allow_organization_name_in_authentication_api: type: boolean description: Whether to accept an organization name instead of an ID on auth endpoints default: false customize_mfa_in_postlogin_action: type: boolean description: Whether to enable flexible factors for MFA in the PostLogin action default: false acr_values_supported: type: - array - 'null' description: Supported ACR values minItems: 0 items: type: string format: acr mtls: $ref: '#/components/schemas/TenantSettingsMTLS' pushed_authorization_requests_supported: type: boolean description: Enables the use of Pushed Authorization Requests default: false authorization_response_iss_parameter_supported: type: - boolean - 'null' description: Supports iss parameter in authorization responses default: false skip_non_verifiable_callback_uri_confirmation_prompt: type: - boolean - 'null' description: 'Controls whether a confirmation prompt is shown during login flows when the redirect URI uses non-verifiable callback URIs (for example, a custom URI schema such as `myapp://`, or `localhost`). If set to true, a confirmation prompt will not be shown. We recommend that this is set to false for improved protection from malicious apps. See https://auth0.com/docs/secure/security-guidance/measures-against-app-impersonation for more information.' resource_parameter_profile: $ref: '#/components/schemas/TenantSettingsResourceParameterProfile' x-release-lifecycle: GA client_id_metadata_document_supported: type: boolean description: Whether the authorization server supports retrieving client metadata from a client_id URL. default: false x-release-lifecycle: EA phone_consolidated_experience: type: boolean description: Whether Phone Consolidated Experience is enabled for this tenant. enable_ai_guide: type: boolean description: Whether Auth0 Guide (AI-powered assistance) is enabled for this tenant. dynamic_client_registration_security_mode: $ref: '#/components/schemas/TenantSettingsDynamicClientRegistrationSecurityMode' x-release-lifecycle: GA UpdateTokenExchangeProfileRequestContent: type: object additionalProperties: false minProperties: 1 properties: name: type: string description: Friendly name of this profile. default: Token Exchange Profile 1 minLength: 3 maxLength: 50 subject_token_type: type: string description: Subject token type for this profile. When receiving a token exchange request on the Authentication API, the corresponding token exchange profile with a matching subject_token_type will be executed. This must be a URI. minLength: 8 maxLength: 100 format: url UpdateTokenQuota: type: - object - 'null' additionalProperties: false required: - client_credentials x-release-lifecycle: EA properties: client_credentials: $ref: '#/components/schemas/TokenQuotaClientCredentials' UpdateUniversalLoginTemplateRequestContent: oneOf: - type: string maxLength: 102400 - type: object additionalProperties: false required: - template properties: template: type: string maxLength: 102400 UpdateUserAttributeProfileRequestContent: type: object additionalProperties: false properties: name: $ref: '#/components/schemas/UserAttributeProfileName' user_id: $ref: '#/components/schemas/UserAttributeProfilePatchUserId' user_attributes: $ref: '#/components/schemas/UserAttributeProfileUserAttributes' UpdateUserAttributeProfileResponseContent: type: object additionalProperties: false properties: id: $ref: '#/components/schemas/UserAttributeProfileId' name: $ref: '#/components/schemas/UserAttributeProfileName' user_id: $ref: '#/components/schemas/UserAttributeProfileUserId' user_attributes: $ref: '#/components/schemas/UserAttributeProfileUserAttributes' UpdateUserAuthenticationMethodRequestContent: type: object additionalProperties: false properties: name: type: string description: A human-readable label to identify the authentication method. preferred_authentication_method: $ref: '#/components/schemas/PreferredAuthenticationMethodEnum' description: Preferred phone authentication method UpdateUserAuthenticationMethodResponseContent: type: object description: The successfully created authentication method. additionalProperties: false required: - type properties: id: type: string description: The ID of the newly created authentication method (automatically generated by the application) format: authenticator-id type: $ref: '#/components/schemas/CreatedAuthenticationMethodTypeEnum' name: type: string description: A human-readable label to identify the authentication method. totp_secret: type: string description: Base32 encoded secret for TOTP generation phone_number: type: string description: Applies to phone authentication methods only. The destination phone number used to send verification codes via text and voice. minLength: 2 maxLength: 30 email: type: string description: Applies to email authentication methods only. The email address used to send verification messages. authentication_methods: type: array items: $ref: '#/components/schemas/UserAuthenticationMethodProperties' preferred_authentication_method: $ref: '#/components/schemas/PreferredAuthenticationMethodEnum' key_id: type: string description: Applies to webauthn authentication methods only. The id of the credential. public_key: type: string description: Applies to webauthn authentication methods only. The public key. aaguid: type: string description: Applies to passkey authentication methods only. Authenticator Attestation Globally Unique Identifier. relying_party_identifier: type: string description: Applies to webauthn authentication methods only. The relying party identifier. confirmed: type: boolean description: Whether the authentication method has been confirmed. created_at: type: string description: Authentication method creation date format: date-time UpdateUserRequestContent: type: object additionalProperties: true properties: blocked: type: boolean description: Whether this user was blocked by an administrator (true) or not (false). default: false email_verified: type: boolean description: Whether this email address is verified (true) or unverified (false). If set to false the user will not receive a verification email unless `verify_email` is set to true. default: false email: type: - string - 'null' description: Email address of this user. default: john.doe@gmail.com format: email phone_number: type: - string - 'null' description: The user's phone number (following the E.164 recommendation). default: '+199999999999999' pattern: ^\+[0-9]{1,15}$ phone_verified: type: boolean description: Whether this phone number has been verified (true) or not (false). default: false user_metadata: $ref: '#/components/schemas/UserMetadata' description: User metadata to which this user has read/write access. app_metadata: $ref: '#/components/schemas/AppMetadata' description: User metadata to which this user has read-only access. given_name: type: - string - 'null' description: Given name/first name/forename of this user. default: John minLength: 1 maxLength: 150 family_name: type: - string - 'null' description: Family name/last name/surname of this user. default: Doe minLength: 1 maxLength: 150 name: type: - string - 'null' description: Name of this user. default: John Doe minLength: 1 maxLength: 300 nickname: type: - string - 'null' description: Preferred nickname or alias of this user. default: Johnny minLength: 1 maxLength: 300 picture: type: - string - 'null' description: URL to picture, photo, or avatar of this user. default: https://secure.gravatar.com/avatar/15626c5e0c749cb912f9d1ad48dba440?s=480&r=pg&d=https%3A%2F%2Fssl.gstatic.com%2Fs2%2Fprofiles%2Fimages%2Fsilhouette80.png format: strict-uri verify_email: type: boolean description: Whether this user will receive a verification email after creation (true) or no email (false). Overrides behavior of `email_verified` parameter. default: false verify_phone_number: type: boolean description: Whether this user will receive a text after changing the phone number (true) or no text (false). Only valid when changing phone number for SMS connections. default: false password: type: - string - 'null' description: New password for this user. Only valid for database connections. default: secret minLength: 1 connection: type: string description: Name of the connection to target for this user update. default: Initial-Connection minLength: 1 client_id: type: string description: Auth0 client ID. Only valid when updating email address. default: DaM8bokEXBWrTUFCiJjWn50jei6ardyX minLength: 1 username: type: - string - 'null' description: The user's username. Only valid if the connection requires a username. default: johndoe minLength: 1 maxLength: 128 UpdateUserResponseContent: type: object additionalProperties: true properties: user_id: type: string description: ID of the user which can be used when interacting with other APIs. default: auth0|507f1f77bcf86cd799439020 email: type: string description: Email address of this user. default: john.doe@gmail.com format: email email_verified: type: boolean description: Whether this email address is verified (true) or unverified (false). default: false username: type: string description: Username of this user. default: johndoe phone_number: type: string description: Phone number for this user. Follows the E.164 recommendation. default: '+199999999999999' phone_verified: type: boolean description: Whether this phone number has been verified (true) or not (false). default: false created_at: $ref: '#/components/schemas/UserDateSchema' updated_at: $ref: '#/components/schemas/UserDateSchema' identities: type: array description: Array of user identity objects when accounts are linked. items: $ref: '#/components/schemas/UserIdentitySchema' app_metadata: $ref: '#/components/schemas/UserAppMetadataSchema' user_metadata: $ref: '#/components/schemas/UserMetadataSchema' picture: type: string description: URL to picture, photo, or avatar of this user. name: type: string description: Name of this user. nickname: type: string description: Preferred nickname or alias of this user. multifactor: type: array description: List of multi-factor authentication providers with which this user has enrolled. items: type: string last_ip: type: string description: Last IP address from which this user logged in. last_login: $ref: '#/components/schemas/UserDateSchema' logins_count: type: integer description: Total number of logins this user has performed. blocked: type: boolean description: Whether this user was blocked by an administrator (true) or is not (false). given_name: type: string description: Given name/first name/forename of this user. family_name: type: string description: Family name/last name/surname of this user. UpdateVerifiableCredentialTemplateRequestContent: type: object additionalProperties: false properties: name: type: - string - 'null' minLength: 1 maxLength: 255 type: type: - string - 'null' minLength: 1 maxLength: 255 dialect: type: - string - 'null' maxLength: 255 pattern: ^simplified/1.0$ presentation: $ref: '#/components/schemas/MdlPresentationRequest' well_known_trusted_issuers: type: - string - 'null' minLength: 1 maxLength: 255 pattern: ^aamva$ version: type: - number - 'null' UpdateVerifiableCredentialTemplateResponseContent: type: object additionalProperties: true properties: id: type: string description: The id of the template. default: vct_0000000000000001 name: type: string description: The name of the template. type: type: string description: The type of the template. default: mdl dialect: type: string description: The dialect of the template. default: simplified/1.0 maxLength: 255 presentation: $ref: '#/components/schemas/MdlPresentationRequest' custom_certificate_authority: type: - string - 'null' description: The custom certificate authority. minLength: 1 maxLength: 4096 well_known_trusted_issuers: type: - string - 'null' description: The well-known trusted issuers, comma separated. minLength: 1 maxLength: 255 created_at: type: string description: The date and time the template was created. default: '2021-01-01T00:00:00Z' format: date-time updated_at: type: string description: The date and time the template was created. default: '2021-01-01T00:00:00Z' format: date-time UserAppMetadataSchema: type: object description: User metadata to which this user has read-only access. additionalProperties: true properties: {} UserAttributeProfile: type: object additionalProperties: false properties: id: $ref: '#/components/schemas/UserAttributeProfileId' name: $ref: '#/components/schemas/UserAttributeProfileName' user_id: $ref: '#/components/schemas/UserAttributeProfileUserId' user_attributes: $ref: '#/components/schemas/UserAttributeProfileUserAttributes' UserAttributeProfileId: type: string description: User Attribute Profile identifier. format: user-attribute-profile-id UserAttributeProfileName: type: string description: The name of the user attribute profile. minLength: 1 maxLength: 128 UserAttributeProfileOidcMapping: type: object description: OIDC mapping for this attribute additionalProperties: false required: - mapping properties: mapping: type: string description: OIDC mapping field minLength: 1 maxLength: 50 display_name: type: string description: Display name for the OIDC mapping minLength: 1 maxLength: 50 UserAttributeProfilePatchUserId: oneOf: - $ref: '#/components/schemas/UserAttributeProfileUserId' - type: 'null' UserAttributeProfileSamlMapping: type: array description: SAML mapping override for this strategy minItems: 1 items: type: string description: SAML mapping field minLength: 1 maxLength: 128 UserAttributeProfileStrategyOverrides: type: object description: Strategy-specific overrides for this attribute additionalProperties: false properties: pingfederate: $ref: '#/components/schemas/UserAttributeProfileStrategyOverridesMapping' ad: $ref: '#/components/schemas/UserAttributeProfileStrategyOverridesMapping' adfs: $ref: '#/components/schemas/UserAttributeProfileStrategyOverridesMapping' waad: $ref: '#/components/schemas/UserAttributeProfileStrategyOverridesMapping' google-apps: $ref: '#/components/schemas/UserAttributeProfileStrategyOverridesMapping' okta: $ref: '#/components/schemas/UserAttributeProfileStrategyOverridesMapping' oidc: $ref: '#/components/schemas/UserAttributeProfileStrategyOverridesMapping' samlp: $ref: '#/components/schemas/UserAttributeProfileStrategyOverridesMapping' UserAttributeProfileStrategyOverridesMapping: type: object additionalProperties: false properties: oidc_mapping: $ref: '#/components/schemas/UserAttributeProfileOidcMapping' description: OIDC mapping override for this strategy saml_mapping: $ref: '#/components/schemas/UserAttributeProfileSamlMapping' scim_mapping: type: string description: SCIM mapping override for this strategy minLength: 1 maxLength: 128 UserAttributeProfileStrategyOverridesUserId: type: object description: Strategy-specific overrides for user ID additionalProperties: false properties: pingfederate: $ref: '#/components/schemas/UserAttributeProfileStrategyOverridesUserIdMapping' ad: $ref: '#/components/schemas/UserAttributeProfileStrategyOverridesUserIdMapping' adfs: $ref: '#/components/schemas/UserAttributeProfileStrategyOverridesUserIdMapping' waad: $ref: '#/components/schemas/UserAttributeProfileStrategyOverridesUserIdMapping' google-apps: $ref: '#/components/schemas/UserAttributeProfileStrategyOverridesUserIdMapping' okta: $ref: '#/components/schemas/UserAttributeProfileStrategyOverridesUserIdMapping' oidc: $ref: '#/components/schemas/UserAttributeProfileStrategyOverridesUserIdMapping' samlp: $ref: '#/components/schemas/UserAttributeProfileStrategyOverridesUserIdMapping' UserAttributeProfileStrategyOverridesUserIdMapping: type: object additionalProperties: false properties: oidc_mapping: $ref: '#/components/schemas/UserAttributeProfileUserIdOidcStrategyOverrideMapping' saml_mapping: $ref: '#/components/schemas/UserAttributeProfileSamlMapping' scim_mapping: type: string description: SCIM mapping override for this strategy minLength: 1 maxLength: 128 UserAttributeProfileTemplate: type: object description: The structure of the template, which can be used as the payload for creating or updating a User Attribute Profile. additionalProperties: false properties: name: $ref: '#/components/schemas/UserAttributeProfileName' user_id: $ref: '#/components/schemas/UserAttributeProfileUserId' user_attributes: $ref: '#/components/schemas/UserAttributeProfileUserAttributes' UserAttributeProfileTemplateItem: type: object additionalProperties: false properties: id: type: string description: The id of the template. display_name: type: string description: The user-friendly name of the template displayed in the UI. template: $ref: '#/components/schemas/UserAttributeProfileTemplate' UserAttributeProfileUserAttributeAdditionalProperties: type: object additionalProperties: false required: - description - label - profile_required - auth0_mapping properties: description: type: string description: Description of this attribute minLength: 1 maxLength: 128 label: type: string description: Display label for this attribute minLength: 1 maxLength: 128 profile_required: type: boolean description: Whether this attribute is required in the profile auth0_mapping: type: string description: Auth0 mapping for this attribute minLength: 1 maxLength: 50 oidc_mapping: $ref: '#/components/schemas/UserAttributeProfileOidcMapping' saml_mapping: $ref: '#/components/schemas/UserAttributeProfileSamlMapping' description: SAML mapping for this attribute scim_mapping: type: string description: SCIM mapping for this attribute minLength: 1 maxLength: 128 strategy_overrides: $ref: '#/components/schemas/UserAttributeProfileStrategyOverrides' UserAttributeProfileUserAttributes: type: object description: User attributes configuration map. Keys are attribute names, values are the mapping configuration for each attribute. additionalProperties: $ref: '#/components/schemas/UserAttributeProfileUserAttributeAdditionalProperties' minProperties: 1 maxProperties: 64 UserAttributeProfileUserId: type: object description: User ID mapping configuration additionalProperties: false properties: oidc_mapping: $ref: '#/components/schemas/UserAttributeProfileUserIdOidcMappingEnum' saml_mapping: $ref: '#/components/schemas/UserAttributeProfileUserIdSamlMapping' scim_mapping: type: string description: SCIM mapping for user ID minLength: 1 maxLength: 128 strategy_overrides: $ref: '#/components/schemas/UserAttributeProfileStrategyOverridesUserId' UserAttributeProfileUserIdOidcMappingEnum: type: string description: OIDC mapping for user ID minLength: 1 maxLength: 50 enum: - sub UserAttributeProfileUserIdOidcStrategyOverrideMapping: type: string description: OIDC mapping override for this strategy minLength: 1 maxLength: 50 enum: - sub - oid - email UserAttributeProfileUserIdSamlMapping: type: array description: SAML mapping for user ID minItems: 1 items: type: string description: SAML mapping field minLength: 1 maxLength: 128 UserAuthenticationMethod: type: object additionalProperties: false required: - id - type - created_at properties: id: type: string description: The ID of the authentication method (auto generated) type: $ref: '#/components/schemas/AuthenticationMethodTypeEnum' confirmed: type: boolean description: The authentication method status name: type: string description: A human-readable label to identify the authentication method maxLength: 20 authentication_methods: type: array items: $ref: '#/components/schemas/UserAuthenticationMethodProperties' preferred_authentication_method: $ref: '#/components/schemas/PreferredAuthenticationMethodEnum' link_id: type: string description: The ID of a linked authentication method. Linked authentication methods will be deleted together. phone_number: type: string description: Applies to phone authentication methods only. The destination phone number used to send verification codes via text and voice. email: type: string description: Applies to email and email-verification authentication methods only. The email address used to send verification messages. key_id: type: string description: Applies to webauthn authentication methods only. The ID of the generated credential. public_key: type: string description: Applies to webauthn authentication methods only. The public key. created_at: type: string description: Authenticator creation date format: date-time enrolled_at: type: string description: Enrollment date format: date-time last_auth_at: type: string description: Last authentication format: date-time credential_device_type: type: string description: Applies to passkeys only. The kind of device the credential is stored on as defined by backup eligibility. "single_device" credentials cannot be backed up and synced to another device, "multi_device" credentials can be backed up if enabled by the end-user. credential_backed_up: type: boolean description: Applies to passkeys only. Whether the credential was backed up. identity_user_id: type: string description: Applies to passkeys only. The ID of the user identity linked with the authentication method. user_agent: type: string description: Applies to passkeys only. The user-agent of the browser used to create the passkey. aaguid: type: string description: Applies to passkey authentication methods only. Authenticator Attestation Globally Unique Identifier. relying_party_identifier: type: string description: Applies to webauthn/passkey authentication methods only. The credential's relying party identifier. UserAuthenticationMethodProperties: type: object additionalProperties: true properties: type: $ref: '#/components/schemas/UserAuthenticationMethodPropertiesEnum' id: type: string format: authenticator-id UserAuthenticationMethodPropertiesEnum: type: string enum: - totp - push - sms - voice UserBlockIdentifier: type: object additionalProperties: true properties: identifier: type: string description: Identifier (should be any of an `email`, `username`, or `phone_number`) default: john.doe@gmail.com ip: type: string description: IP Address default: 10.0.0.1 connection: type: string description: Connection identifier UserDateSchema: oneOf: - type: string description: Date and time when this user was created (ISO_8601 format). - type: object description: Date and time when this user was created (ISO_8601 format). additionalProperties: true UserEnrollmentAuthMethodEnum: type: string description: Authentication method for this enrollment. Can be `authenticator`, `guardian`, `sms`, `webauthn-roaming`, or `webauthn-platform`. enum: - authenticator - guardian - sms - webauthn-platform - webauthn-roaming UserEnrollmentStatusEnum: type: string description: Status of this enrollment. Can be `pending` or `confirmed`. enum: - pending - confirmed UserGrant: type: object additionalProperties: false properties: id: type: string description: ID of the grant. clientID: type: string description: ID of the client. user_id: type: string description: ID of the user. audience: type: string description: Audience of the grant. scope: type: array description: Scopes included in this grant. items: type: string minLength: 1 UserGroupsResponseSchema: allOf: - $ref: '#/components/schemas/Group' - type: object additionalProperties: true properties: membership_created_at: type: string description: Timestamp of when the group membership was added. format: date-time UserId: description: user_id of the secondary user account being linked. oneOf: - type: string default: abc minLength: 1 - type: integer default: 191919191 UserIdentity: type: object additionalProperties: false required: - provider - user_id - connection properties: connection: type: string description: Connection name of this identity. default: twitter user_id: $ref: '#/components/schemas/UserId' description: user_id of this identity. provider: type: string description: Type of identity provider. default: twitter profileData: $ref: '#/components/schemas/UserProfileData' isSocial: type: boolean description: Whether the identity provider is a social provider (true) or not (false). access_token: type: string description: IDP access token returned if scope `read:user_idp_tokens` is defined. access_token_secret: type: string description: IDP access token secret returned only if `scope read:user_idp_tokens` is defined. refresh_token: type: string description: IDP refresh token returned only if scope `read:user_idp_tokens` is defined. UserIdentityProviderEnum: type: string description: The type of identity provider enum: - ad - adfs - amazon - apple - dropbox - bitbucket - auth0-oidc - auth0 - baidu - bitly - box - custom - daccount - dwolla - email - evernote-sandbox - evernote - exact - facebook - fitbit - github - google-apps - google-oauth2 - instagram - ip - line - linkedin - oauth1 - oauth2 - office365 - oidc - okta - paypal - paypal-sandbox - pingfederate - planningcenter - salesforce-community - salesforce-sandbox - salesforce - samlp - sharepoint - shopify - shop - sms - soundcloud - thirtysevensignals - twitter - untappd - vkontakte - waad - weibo - windowslive - wordpress - yahoo - yandex UserIdentitySchema: type: object additionalProperties: false properties: connection: type: string description: Name of the connection containing this identity. user_id: type: string description: Unique identifier of the user user for this identity. provider: $ref: '#/components/schemas/UserIdentityProviderEnum' isSocial: type: boolean description: Whether this identity is from a social provider (true) or not (false). access_token: type: string description: IDP access token returned only if scope read:user_idp_tokens is defined. access_token_secret: type: string description: IDP access token secret returned only if scope read:user_idp_tokens is defined. refresh_token: type: string description: IDP refresh token returned only if scope read:user_idp_tokens is defined. profileData: $ref: '#/components/schemas/UserProfileData' UserListLogOffsetPaginatedResponseContent: type: object additionalProperties: false properties: start: type: number limit: type: number length: type: number total: type: number logs: type: array items: $ref: '#/components/schemas/Log' UserListLogResponseContent: oneOf: - type: array items: $ref: '#/components/schemas/Log' - $ref: '#/components/schemas/UserListLogOffsetPaginatedResponseContent' UserMetadata: type: object description: Data related to the user that does not affect the application's core functionality. additionalProperties: true UserMetadataSchema: type: object description: User metadata to which this user has read/write access. additionalProperties: true UserMultifactorProviderEnum: type: string enum: - duo - google-authenticator description: The multi-factor provider. Supported values 'duo' or 'google-authenticator' UserPermissionSchema: type: object additionalProperties: false properties: sources: {} resource_server_identifier: type: string description: Resource server (API) identifier that this permission is for. permission_name: type: string description: Name of this permission. resource_server_name: type: string description: Resource server (API) name this permission is for. description: type: string description: Description of this permission. UserProfileData: type: object additionalProperties: true properties: email: type: string description: Email address of this user. email_verified: type: boolean description: Whether this email address is verified (true) or unverified (false). name: type: string description: Name of this user. username: type: string description: Username of this user. default: johndoe given_name: type: string description: Given name/first name/forename of this user. phone_number: type: string description: Phone number for this user. phone_verified: type: boolean description: Whether this phone number is verified (true) or unverified (false). family_name: type: string description: Family name/last name/surname of this user. UserResponseSchema: type: object additionalProperties: true properties: user_id: type: string description: ID of the user which can be used when interacting with other APIs. default: auth0|507f1f77bcf86cd799439020 email: type: string description: Email address of this user. default: john.doe@gmail.com format: email email_verified: type: boolean description: Whether this email address is verified (true) or unverified (false). default: false username: type: string description: Username of this user. default: johndoe phone_number: type: string description: Phone number for this user. Follows the E.164 recommendation. default: '+199999999999999' phone_verified: type: boolean description: Whether this phone number has been verified (true) or not (false). default: false created_at: $ref: '#/components/schemas/UserDateSchema' updated_at: $ref: '#/components/schemas/UserDateSchema' identities: type: array description: Array of user identity objects when accounts are linked. items: $ref: '#/components/schemas/UserIdentitySchema' app_metadata: $ref: '#/components/schemas/UserAppMetadataSchema' user_metadata: $ref: '#/components/schemas/UserMetadataSchema' picture: type: string description: URL to picture, photo, or avatar of this user. name: type: string description: Name of this user. nickname: type: string description: Preferred nickname or alias of this user. multifactor: type: array description: List of multi-factor authentication providers with which this user has enrolled. items: type: string last_ip: type: string description: Last IP address from which this user logged in. last_login: $ref: '#/components/schemas/UserDateSchema' logins_count: type: integer description: Total number of logins this user has performed. blocked: type: boolean description: Whether this user was blocked by an administrator (true) or is not (false). given_name: type: string description: Given name/first name/forename of this user. family_name: type: string description: Family name/last name/surname of this user. UsernameAllowedTypes: type: object additionalProperties: false properties: email: type: boolean phone_number: type: boolean UsernameAttribute: type: object description: Configuration for the username attribute for users. additionalProperties: false properties: identifier: $ref: '#/components/schemas/ConnectionAttributeIdentifier' profile_required: type: boolean description: Determines if property should be required for users signup: $ref: '#/components/schemas/SignupSchema' validation: $ref: '#/components/schemas/UsernameValidation' UsernameValidation: type: object additionalProperties: false properties: min_length: type: number description: Minimum allowed length minimum: 1 maximum: 128 max_length: type: number description: Maximum allowed length minimum: 1 maximum: 128 allowed_types: $ref: '#/components/schemas/UsernameAllowedTypes' UsersEnrollment: type: object additionalProperties: true properties: id: type: string description: ID of this enrollment. status: $ref: '#/components/schemas/UserEnrollmentStatusEnum' type: type: string description: Type of enrollment. name: type: string description: Name of enrollment (usually phone number). maxLength: 20 identifier: type: string description: Device identifier (usually phone identifier) of this enrollment. phone_number: type: string description: Phone number for this enrollment. auth_method: $ref: '#/components/schemas/UserEnrollmentAuthMethodEnum' enrolled_at: type: string description: Start date and time of this enrollment. format: date-time last_auth: type: string description: Last authentication date and time of this enrollment. format: date-time VerifiableCredentialTemplateResponse: type: object additionalProperties: true properties: id: type: string description: The id of the template. default: vct_0000000000000001 name: type: string description: The name of the template. type: type: string description: The type of the template. default: mdl dialect: type: string description: The dialect of the template. default: simplified/1.0 maxLength: 255 presentation: $ref: '#/components/schemas/MdlPresentationRequest' custom_certificate_authority: type: - string - 'null' description: The custom certificate authority. minLength: 1 maxLength: 4096 well_known_trusted_issuers: type: - string - 'null' description: The well-known trusted issuers, comma separated. minLength: 1 maxLength: 255 created_at: type: string description: The date and time the template was created. default: '2021-01-01T00:00:00Z' format: date-time updated_at: type: string description: The date and time the template was created. default: '2021-01-01T00:00:00Z' format: date-time VerificationMethodEnum: type: string enum: - link - otp VerifyCustomDomainResponseContent: type: object additionalProperties: false required: - custom_domain_id - domain - primary - status - type properties: custom_domain_id: type: string description: ID of the custom domain. default: cd_0000000000000001 domain: type: string description: Domain name. default: login.mycompany.com primary: type: boolean description: Whether this is a primary domain (true) or not (false). default: false status: $ref: '#/components/schemas/CustomDomainStatusFilterEnum' type: $ref: '#/components/schemas/CustomDomainTypeEnum' cname_api_key: type: string description: CNAME API key header. default: d4feca... origin_domain_name: type: string description: Intermediate address. default: mycompany_cd_0000000000000001.edge.tenants.auth0.com verification: $ref: '#/components/schemas/DomainVerification' custom_client_ip_header: type: - string - 'null' description: The HTTP header to fetch the client's IP address tls_policy: type: string description: The TLS version policy default: recommended domain_metadata: $ref: '#/components/schemas/DomainMetadata' certificate: $ref: '#/components/schemas/DomainCertificate' VerifyEmailTicketRequestContent: type: object additionalProperties: false required: - user_id properties: result_url: type: string description: URL the user will be redirected to in the classic Universal Login experience once the ticket is used. Cannot be specified when using client_id or organization_id. default: http://myapp.com/callback format: url user_id: type: string description: user_id of for whom the ticket should be created. format: user-id client_id: type: string description: ID of the client (application). If provided for tenants using the New Universal Login experience, the email template and UI displays application details, and the user is prompted to redirect to the application's default login route after the ticket is used. client_id is required to use the Password Reset Post Challenge trigger. default: DaM8bokEXBWrTUFCiJjWn50jei6ardyX format: client-id organization_id: type: string description: (Optional) Organization ID – the ID of the Organization. If provided, organization parameters will be made available to the email template and organization branding will be applied to the prompt. In addition, the redirect link in the prompt will include organization_id and organization_name query string parameters. default: org_2eondWoxcMIpaLQc format: organization-id ttl_sec: type: integer description: Number of seconds for which the ticket is valid before expiration. If unspecified or set to 0, this value defaults to 432000 seconds (5 days). minimum: 0 includeEmailInRedirect: type: boolean description: Whether to include the email address as part of the returnUrl in the reset_email (true), or not (false). identity: $ref: '#/components/schemas/Identity' VerifyEmailTicketResponseContent: type: object additionalProperties: true required: - ticket properties: ticket: type: string description: URL representing the ticket. default: https://login.auth0.com/lo/verify_email?client_id=nsaPS2p3cargoFy82WT7betaOPOt3qSh&tenant=mdocs&bewit=bmNlR01CcDNOUE1GeXVzODJXVDdyY1RUT1BPdDNxU2hcMTQzMDY2MjE4MVxuRTcxM0RSeUNlbEpzUUJmaFVaS3A1NEdJbWFzSUZMYzRTdEFtY2NMMXhZPVx7ImVtYWloojoiZGFtaWtww2NoQGhvdG1haWwuY29tIiwidGVuYW50IjoiZHNjaGVua2tjwWFuIiwiY2xpZW50X2lkIjoibmNlR01CcDNOUE1GeXVzODJXVDdyY1RUT1BPiiqxU2giLCJjb25uZWN0aW9uIjoiRGFtaWmsdiwicmVzdWx0VXJsIjoiIn0 format: url X509CertificateCredential: type: object additionalProperties: false required: - credential_type - pem properties: credential_type: $ref: '#/components/schemas/X509CertificateCredentialTypeEnum' name: type: string description: Friendly name for a credential. default: '' maxLength: 128 pem: type: string description: PEM-formatted X509 certificate. Must be JSON escaped. default: "-----BEGIN CERTIFICATE-----\r\nMIIBIjANBg...\r\n-----END CERTIFICATE-----\r\n" minLength: 1 maxLength: 4096 X509CertificateCredentialTypeEnum: type: string enum: - x509_cert securitySchemes: bearerAuth: type: http scheme: bearer bearerFormat: jwt oAuth2ClientCredentials: type: oauth2 flows: clientCredentials: tokenUrl: /oauth/token/ x-form-parameters: audience: /api/v2/ scopes: create:actions: Create Actions read:actions: Read Actions update:actions: Update Actions delete:actions: Delete Actions read:anomaly_blocks: Read Anomaly Blocks delete:anomaly_blocks: Delete Anomaly Blocks read:attack_protection: Read Attack Protection update:attack_protection: Update Attack Protection create:authentication_methods: Create Authentication Methods read:authentication_methods: Read Authentication Methods update:authentication_methods: Update Authentication Methods delete:authentication_methods: Delete Authentication Methods read:branding: Read Branding update:branding: Update Branding delete:branding: Delete Branding create:client_credentials: Create Client Credentials read:client_credentials: Read Client Credentials update:client_credentials: Update Client Credentials delete:client_credentials: Delete Client Credentials create:client_grants: Create Client Grants read:client_grants: Read Client Grants update:client_grants: Update Client Grants delete:client_grants: Delete Client Grants read:client_keys: Read Client Keys update:client_keys: Update Client Keys read:client_summary: Read Client Summary update:client_token_vault_privileged_access: Update Client Token Vault Privileged Access create:clients: Create Clients read:clients: Read Clients update:clients: Update Clients delete:clients: Delete Clients create:connection_profiles: Create Connection Profiles read:connection_profiles: Read Connection Profiles update:connection_profiles: Update Connection Profiles delete:connection_profiles: Delete Connection Profiles create:connections: Create Connections read:connections: Read Connections update:connections: Update Connections delete:connections: Delete Connections create:connections_keys: Create Connections Keys read:connections_keys: Read Connections Keys update:connections_keys: Update Connections Keys read:current_user: Read Current User delete:current_user: Delete Current User create:current_user_device_credentials: Create Current User Device Credentials delete:current_user_device_credentials: Delete Current User Device Credentials update:current_user_identities: Update Current User Identities update:current_user_metadata: Update Current User Metadata create:custom_domains: Create Custom Domains read:custom_domains: Read Custom Domains update:custom_domains: Update Custom Domains delete:custom_domains: Delete Custom Domains create:custom_signing_keys: Create Custom Signing Keys read:custom_signing_keys: Read Custom Signing Keys update:custom_signing_keys: Update Custom Signing Keys delete:custom_signing_keys: Delete Custom Signing Keys read:device_credentials: Read Device Credentials delete:device_credentials: Delete Device Credentials create:directory_provisionings: Create Directory Provisionings read:directory_provisionings: Read Directory Provisionings update:directory_provisionings: Update Directory Provisionings delete:directory_provisionings: Delete Directory Provisionings create:email_provider: Create Email Provider read:email_provider: Read Email Provider update:email_provider: Update Email Provider delete:email_provider: Delete Email Provider create:email_templates: Create Email Templates read:email_templates: Read Email Templates update:email_templates: Update Email Templates create:encryption_keys: Create Encryption Keys read:encryption_keys: Read Encryption Keys update:encryption_keys: Update Encryption Keys delete:encryption_keys: Delete Encryption Keys read:event_deliveries: Read Event Deliveries update:event_deliveries: Update Event Deliveries create:event_streams: Create Event Streams read:event_streams: Read Event Streams update:event_streams: Update Event Streams delete:event_streams: Delete Event Streams read:events: Read Events read:federated_connections_tokens: Read Federated Connections Tokens delete:federated_connections_tokens: Delete Federated Connections Tokens create:flows: Create Flows read:flows: Read Flows update:flows: Update Flows delete:flows: Delete Flows read:flows_executions: Read Flows Executions delete:flows_executions: Delete Flows Executions create:flows_vault_connections: Create Flows Vault Connections read:flows_vault_connections: Read Flows Vault Connections update:flows_vault_connections: Update Flows Vault Connections delete:flows_vault_connections: Delete Flows Vault Connections create:forms: Create Forms read:forms: Read Forms update:forms: Update Forms delete:forms: Delete Forms read:grants: Read Grants delete:grants: Delete Grants read:group_members: Read Group Members read:groups: Read Groups delete:groups: Delete Groups create:guardian_enrollment_tickets: Create Guardian Enrollment Tickets read:guardian_enrollments: Read Guardian Enrollments delete:guardian_enrollments: Delete Guardian Enrollments read:guardian_factors: Read Guardian Factors update:guardian_factors: Update Guardian Factors create:hooks: Create Hooks read:hooks: Read Hooks update:hooks: Update Hooks delete:hooks: Delete Hooks create:log_streams: Create Log Streams read:log_streams: Read Log Streams update:log_streams: Update Log Streams delete:log_streams: Delete Log Streams read:logs: Read Logs read:logs_users: Read Logs Users read:mfa_policies: Read Mfa Policies update:mfa_policies: Update Mfa Policies create:network_acls: Create Network Acls read:network_acls: Read Network Acls update:network_acls: Update Network Acls delete:network_acls: Delete Network Acls create:organization_client_grants: Create Organization Client Grants read:organization_client_grants: Read Organization Client Grants delete:organization_client_grants: Delete Organization Client Grants create:organization_connections: Create Organization Connections read:organization_connections: Read Organization Connections update:organization_connections: Update Organization Connections delete:organization_connections: Delete Organization Connections create:organization_discovery_domains: Create Organization Discovery Domains read:organization_discovery_domains: Read Organization Discovery Domains update:organization_discovery_domains: Update Organization Discovery Domains delete:organization_discovery_domains: Delete Organization Discovery Domains create:organization_invitations: Create Organization Invitations read:organization_invitations: Read Organization Invitations delete:organization_invitations: Delete Organization Invitations create:organization_member_roles: Create Organization Member Roles read:organization_member_roles: Read Organization Member Roles delete:organization_member_roles: Delete Organization Member Roles create:organization_members: Create Organization Members read:organization_members: Read Organization Members delete:organization_members: Delete Organization Members create:organizations: Create Organizations read:organizations: Read Organizations update:organizations: Update Organizations delete:organizations: Delete Organizations read:organizations_summary: Read Organizations Summary create:phone_providers: Create Phone Providers read:phone_providers: Read Phone Providers update:phone_providers: Update Phone Providers delete:phone_providers: Delete Phone Providers create:phone_templates: Create Phone Templates read:phone_templates: Read Phone Templates update:phone_templates: Update Phone Templates delete:phone_templates: Delete Phone Templates read:prompts: Read Prompts update:prompts: Update Prompts read:refresh_tokens: Read Refresh Tokens update:refresh_tokens: Update Refresh Tokens delete:refresh_tokens: Delete Refresh Tokens create:resource_servers: Create Resource Servers read:resource_servers: Read Resource Servers update:resource_servers: Update Resource Servers delete:resource_servers: Delete Resource Servers create:role_members: Create Role Members read:role_members: Read Role Members delete:role_members: Delete Role Members create:roles: Create Roles read:roles: Read Roles update:roles: Update Roles delete:roles: Delete Roles create:rules: Create Rules read:rules: Read Rules update:rules: Update Rules delete:rules: Delete Rules read:rules_configs: Read Rules Configs update:rules_configs: Update Rules Configs delete:rules_configs: Delete Rules Configs create:scim_config: Create Scim Config read:scim_config: Read Scim Config update:scim_config: Update Scim Config delete:scim_config: Delete Scim Config create:scim_token: Create Scim Token read:scim_token: Read Scim Token delete:scim_token: Delete Scim Token read:self_service_profile_custom_texts: Read Self Service Profile Custom Texts update:self_service_profile_custom_texts: Update Self Service Profile Custom Texts create:self_service_profiles: Create Self Service Profiles read:self_service_profiles: Read Self Service Profiles update:self_service_profiles: Update Self Service Profiles delete:self_service_profiles: Delete Self Service Profiles read:sessions: Read Sessions update:sessions: Update Sessions delete:sessions: Delete Sessions create:signing_keys: Create Signing Keys read:signing_keys: Read Signing Keys update:signing_keys: Update Signing Keys create:sso_access_tickets: Create Sso Access Tickets delete:sso_access_tickets: Delete Sso Access Tickets read:stats: Read Stats read:tenant_settings: Read Tenant Settings update:tenant_settings: Update Tenant Settings create:token_exchange_profiles: Create Token Exchange Profiles read:token_exchange_profiles: Read Token Exchange Profiles update:token_exchange_profiles: Update Token Exchange Profiles delete:token_exchange_profiles: Delete Token Exchange Profiles create:user_attribute_profiles: Create User Attribute Profiles read:user_attribute_profiles: Read User Attribute Profiles update:user_attribute_profiles: Update User Attribute Profiles delete:user_attribute_profiles: Delete User Attribute Profiles read:user_idp_tokens: Read User Idp Tokens create:user_tickets: Create User Tickets create:users: Create Users read:users: Read Users update:users: Update Users delete:users: Delete Users update:users_app_metadata: Update Users App Metadata create:vdcs_templates: Create Vdcs Templates read:vdcs_templates: Read Vdcs Templates update:vdcs_templates: Update Vdcs Templates delete:vdcs_templates: Delete Vdcs Templates