openapi: 3.0.0 info: version: '1' title: Kinde Management API description: | Provides endpoints to manage your Kinde Businesses. ## Intro ## How to use 1. [Set up and authorize a machine-to-machine (M2M) application](https://docs.kinde.com/developer-tools/kinde-api/connect-to-kinde-api/). 2. [Generate a test access token](https://docs.kinde.com/developer-tools/kinde-api/access-token-for-api/) 3. Test request any endpoint using the test token termsOfService: https://docs.kinde.com/trust-center/agreements/terms-of-service/ contact: name: Kinde Support Team email: support@kinde.com url: https://docs.kinde.com servers: - url: https://{subdomain}.kinde.com variables: subdomain: default: your_kinde_subdomain description: The subdomain generated for your business on Kinde. tags: - name: API Keys x-displayName: API Keys - name: APIs x-displayName: APIs - name: Applications x-displayName: Applications - name: Billing Entitlements x-displayName: Billing Entitlements - name: Billing Agreements x-displayName: Billing Agreements - name: Billing Meter Usage x-displayName: Billing Meter Usage - name: Business x-displayName: Business - name: Industries x-displayName: Industries - name: Timezones x-displayName: Timezones - name: Callbacks x-displayName: Callbacks - name: Connected Apps x-displayName: Connected Apps - name: Connections x-displayName: Connections - name: Directories x-displayName: Directories - name: Environments x-displayName: Environments - name: Environment variables x-displayName: Environment variables - name: Feature Flags x-displayName: Feature Flags - name: Identities x-displayName: Identities - name: Organizations x-displayName: Organizations - name: MFA x-displayName: MFA - name: Permissions x-displayName: Permissions - name: Properties x-displayName: Properties - name: Property Categories x-displayName: Property Categories - name: Roles x-displayName: Roles - name: Search x-displayName: Search - name: Subscribers x-displayName: Subscribers - name: Users x-displayName: Users - name: Webhooks x-displayName: Webhooks paths: /api/v1/api_keys: servers: [] get: tags: - API Keys operationId: getApiKeys x-scope: read:api_keys summary: Get API keys description: | Returns a list of API keys.

read:api_keys

parameters: - name: page_size in: query description: Number of results per page. Defaults to 50 if parameter not sent. schema: type: integer nullable: true - name: starting_after in: query description: The ID of the API key to start after. schema: type: string nullable: true - name: key_type in: query description: Filter by API key type (organization or user). schema: type: string enum: - organization - user nullable: true - name: status in: query description: Filter by API key status (active, inactive, revoked). schema: type: string enum: - active - inactive - revoked nullable: true - name: user_id in: query description: Filter by user ID to get API keys associated with a specific user. schema: type: string nullable: true - name: org_code in: query description: Filter by organization code to get API keys associated with a specific organization. schema: type: string nullable: true responses: '200': description: API keys successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/get_api_keys_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] post: tags: - API Keys operationId: createApiKey x-scope: create:api_keys summary: Create API key description: | Create a new API key.

create:api_keys

requestBody: description: API key details. required: true content: application/json: schema: type: object properties: name: description: The name of the API key. type: string nullable: false type: description: The entity type that will use this API key. type: string enum: - user - organization - environment nullable: false api_id: description: The ID of the API this key is associated with. type: string nullable: false scope_ids: description: Array of scope IDs to associate with this API key. type: array items: type: string nullable: true user_id: description: The ID of the user to associate with this API key (for user-level keys). type: string nullable: true org_code: description: The organization code to associate with this API key (for organization-level keys). type: string nullable: true required: - name - api_id - type responses: '201': description: API key successfully created. content: application/json: schema: $ref: '#/components/schemas/create_api_key_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/api_keys/{key_id}: servers: [] get: tags: - API Keys operationId: getApiKey x-scope: read:api_keys summary: Get API key description: | Retrieve API key details by ID.

read:api_keys

parameters: - name: key_id in: path description: The ID of the API key. required: true schema: type: string responses: '200': description: API key successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/get_api_key_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '404': $ref: '#/components/responses/not_found' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] delete: tags: - API Keys operationId: deleteApiKey x-scope: delete:api_keys summary: Delete API key description: | Delete an API key.

delete:api_keys

parameters: - name: key_id in: path description: The ID of the API key. required: true schema: type: string responses: '200': description: API key successfully deleted. content: application/json: schema: $ref: '#/components/schemas/success_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '404': $ref: '#/components/responses/not_found' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] put: tags: - API Keys operationId: rotateApiKey x-scope: update:api_keys summary: Rotate API key description: | Rotate an API key to generate a new key while maintaining the same permissions and associations.

update:api_keys

parameters: - name: key_id in: path description: The ID of the API key to rotate. required: true schema: type: string responses: '201': description: API key successfully rotated. content: application/json: schema: $ref: '#/components/schemas/rotate_api_key_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '404': $ref: '#/components/responses/not_found' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/api_keys/verify: servers: [] post: tags: - API Keys operationId: verifyApiKey summary: Verify API key description: | Verify an API key (public endpoint, no authentication required). requestBody: description: API key verification details. required: true content: application/json: schema: type: object properties: api_key: description: The API key to verify. type: string nullable: false required: - api_key responses: '200': description: API key verification result. content: application/json: schema: $ref: '#/components/schemas/verify_api_key_response' '400': $ref: '#/components/responses/bad_request' '401': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/apis: servers: [] get: tags: - APIs operationId: getAPIs x-scope: read:apis summary: Get APIs description: | Returns a list of your APIs. The APIs are returned sorted by name.

read:apis

parameters: - name: expand in: query description: 'Additional data to include in the response. Allowed value: "scopes".' required: false schema: type: string nullable: true enum: - scopes responses: '200': description: A list of APIs. content: application/json: schema: $ref: '#/components/schemas/get_apis_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] post: tags: - APIs operationId: addAPIs x-scope: create:apis summary: Create API description: | Register a new API. For more information read [Register and manage APIs](https://docs.kinde.com/developer-tools/your-apis/register-manage-apis/).

create:apis

externalDocs: url: https://docs.kinde.com/developer-tools/your-apis/register-manage-apis description: Register and manage APIs requestBody: required: true content: application/json: schema: type: object properties: name: type: string description: The name of the API. (1-64 characters). example: Example API audience: type: string description: A unique identifier for the API - commonly the URL. This value will be used as the `audience` parameter in authorization claims. (1-64 characters) example: https://api.example.com required: - name - audience responses: '200': description: APIs successfully updated content: application/json: schema: $ref: '#/components/schemas/create_apis_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/apis/{api_id}: servers: [] parameters: - $ref: '#/components/parameters/api_id' get: tags: - APIs operationId: getAPI x-scope: read:apis summary: Get API description: | Retrieve API details by ID.

read:apis

responses: '200': description: API successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/get_api_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] delete: tags: - APIs operationId: deleteAPI x-scope: delete:apis summary: Delete API description: | Delete an API you previously created.

delete:apis

responses: '200': description: API successfully deleted. content: application/json: schema: $ref: '#/components/schemas/delete_api_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/apis/{api_id}/scopes: servers: [] get: tags: - APIs operationId: getAPIScopes x-scope: read:api_scopes summary: Get API scopes parameters: - name: api_id in: path description: API ID required: true schema: type: string nullable: false example: 838f208d006a482dbd8cdb79a9889f68 description: | Retrieve API scopes by API ID.

read:api_scopes

responses: '200': description: API scopes successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/get_api_scopes_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] post: tags: - APIs operationId: addAPIScope x-scope: create:api_scopes summary: Create API scope parameters: - name: api_id in: path description: API ID required: true schema: type: string nullable: false example: 838f208d006a482dbd8cdb79a9889f68 description: | Create a new API scope.

create:api_scopes

requestBody: required: true content: application/json: schema: type: object properties: key: type: string description: The key reference for the scope (1-64 characters, no white space). example: read:logs description: type: string description: Description of the api scope purpose. example: Scope for reading logs. required: - key responses: '200': description: API scopes successfully created content: application/json: schema: $ref: '#/components/schemas/create_api_scopes_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/apis/{api_id}/scopes/{scope_id}: servers: [] get: tags: - APIs operationId: getAPIScope summary: Get API scope parameters: - name: api_id in: path description: API ID required: true schema: type: string nullable: false example: 838f208d006a482dbd8cdb79a9889f68 - name: scope_id in: path description: Scope ID required: true schema: type: string nullable: false example: api_scope_019391daf58d87d8a7213419c016ac95 description: | Retrieve API scope by API ID.

read:api_scopes

responses: '200': description: API scope successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/get_api_scope_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] patch: tags: - APIs operationId: updateAPIScope summary: Update API scope parameters: - name: api_id in: path description: API ID required: true schema: type: string nullable: false example: 838f208d006a482dbd8cdb79a9889f68 - name: scope_id in: path description: Scope ID required: true schema: type: string nullable: false example: api_scope_019391daf58d87d8a7213419c016ac95 description: | Update an API scope.

update:api_scopes

requestBody: required: true content: application/json: schema: type: object properties: description: type: string description: Description of the api scope purpose. example: Scope for reading logs. responses: '200': description: API scope successfully updated '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] delete: tags: - APIs operationId: deleteAPIScope summary: Delete API scope parameters: - name: api_id in: path description: API ID required: true schema: type: string nullable: false example: 838f208d006a482dbd8cdb79a9889f68 - name: scope_id in: path description: Scope ID required: true schema: type: string nullable: false example: api_scope_019391daf58d87d8a7213419c016ac95 description: | Delete an API scope you previously created.

delete:apis_scopes

responses: '200': description: API scope successfully deleted. '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/apis/{api_id}/applications: servers: [] parameters: - $ref: '#/components/parameters/api_id' patch: tags: - APIs operationId: updateAPIApplications summary: Authorize API applications description: | Authorize applications to be allowed to request access tokens for an API

update:apis

requestBody: description: The applications you want to authorize. required: true content: application/json: schema: type: object required: - applications properties: applications: type: array items: type: object required: - id properties: id: description: The application's Client ID. type: string example: d2db282d6214242b3b145c123f0c123 operation: description: Optional operation, set to 'delete' to revoke authorization for the application. If not set, the application will be authorized. type: string example: delete responses: '200': description: Authorized applications updated. content: application/json: schema: $ref: '#/components/schemas/authorize_app_api_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/apis/{api_id}/applications/{application_id}/scopes/{scope_id}: servers: [] post: tags: - APIs operationId: addAPIApplicationScope summary: Add scope to API application parameters: - name: api_id in: path description: API ID required: true schema: type: string nullable: false example: 838f208d006a482dbd8cdb79a9889f68 - name: application_id in: path description: Application ID required: true schema: type: string nullable: false example: 7643b487c97545aab79257fd13a1085a - name: scope_id in: path description: Scope ID required: true schema: type: string nullable: false example: api_scope_019391daf58d87d8a7213419c016ac95 description: | Add a scope to an API application.

create:api_application_scopes

responses: '200': description: API scope successfully added to API application '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] delete: tags: - APIs operationId: deleteAPIApplicationScope summary: Delete API application scope parameters: - name: api_id in: path description: API ID required: true schema: type: string nullable: false example: 838f208d006a482dbd8cdb79a9889f68 - name: application_id in: path description: Application ID required: true schema: type: string nullable: false example: 7643b487c97545aab79257fd13a1085a - name: scope_id in: path description: Scope ID required: true schema: type: string nullable: false example: api_scope_019391daf58d87d8a7213419c016ac95 description: | Delete an API application scope you previously created.

delete:apis_application_scopes

responses: '200': description: API scope successfully deleted. '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/applications: servers: [] get: tags: - Applications operationId: getApplications x-scope: read:applications summary: Get applications description: | Get a list of applications / clients.

read:applications

parameters: - name: sort in: query description: Field and order to sort the result by. schema: type: string nullable: true enum: - name_asc - name_desc - name: page_size in: query description: Number of results per page. Defaults to 10 if parameter not sent. schema: type: integer nullable: true - name: next_token in: query description: A string to get the next page of results if there are more results. schema: type: string nullable: true responses: '200': description: A successful response with a list of applications or an empty list. content: application/json: schema: $ref: '#/components/schemas/get_applications_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] post: tags: - Applications operationId: createApplication x-scope: create:applications summary: Create application description: | Create a new client.

create:applications

requestBody: required: true content: application/json: schema: type: object properties: name: description: The application's name. type: string example: React Native app type: description: The application's type. Use `reg` for regular server rendered applications, `spa` for single-page applications, `m2m` for machine-to-machine applications, and `device` for devices and IoT. type: string enum: - reg - spa - m2m - device org_code: description: Scope an M2M application to an org (Plus plan required). type: string example: org_1234567890abcdef nullable: true required: - name - type responses: '201': description: Application successfully created. content: application/json: schema: $ref: '#/components/schemas/create_application_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/applications/{application_id}: servers: [] get: tags: - Applications operationId: getApplication summary: Get application description: | Gets an application given the application's ID.

read:applications

parameters: - name: application_id in: path description: The identifier for the application. required: true schema: type: string nullable: false example: 20bbffaa4c5e492a962273039d4ae18b responses: '200': description: Application successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/get_application_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] patch: tags: - Applications operationId: updateApplication summary: Update Application description: | Updates a client's settings. For more information, read [Applications in Kinde](https://docs.kinde.com/build/applications/about-applications)

update:applications

parameters: - name: application_id in: path description: The identifier for the application. required: true schema: type: string example: 20bbffaa4c5e492a962273039d4ae18b requestBody: description: Application details. required: false content: application/json: schema: type: object properties: name: description: The application's name. type: string language_key: description: The application's language key. type: string logout_uris: description: The application's logout uris. type: array items: type: string redirect_uris: description: The application's redirect uris. type: array items: type: string login_uri: description: The default login route for resolving session issues. type: string homepage_uri: description: The homepage link to your application. type: string responses: '200': description: Application successfully updated. '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] delete: tags: - Applications operationId: deleteApplication summary: Delete application description: | Delete a client / application.

delete:applications

parameters: - name: application_id in: path description: The identifier for the application. required: true schema: type: string example: 20bbffaa4c5e492a962273039d4ae18b responses: '200': description: Application successfully deleted. content: application/json: schema: $ref: '#/components/schemas/success_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/applications/{application_id}/connections: servers: [] get: tags: - Applications operationId: GetApplicationConnections description: | Gets all connections for an application.

read:application_connections

summary: Get connections parameters: - name: application_id in: path description: The identifier/client ID for the application. required: true schema: type: string nullable: false example: 20bbffaa4c5e492a962273039d4ae18b responses: '200': description: Application connections successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/get_connections_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/applications/{application_id}/connections/{connection_id}: servers: [] post: tags: - Applications operationId: EnableConnection summary: Enable connection description: | Enable an auth connection for an application.

create:application_connections

parameters: - name: application_id in: path description: The identifier/client ID for the application. required: true schema: type: string example: 20bbffaa4c5e492a962273039d4ae18b - name: connection_id in: path description: The identifier for the connection. required: true schema: type: string example: conn_0192c16abb53b44277e597d31877ba5b responses: '200': description: Connection successfully enabled. '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] delete: tags: - Applications operationId: RemoveConnection summary: Remove connection description: | Turn off an auth connection for an application

delete:application_connections

parameters: - name: application_id in: path description: The identifier/client ID for the application. required: true schema: type: string example: 20bbffaa4c5e492a962273039d4ae18b - name: connection_id in: path description: The identifier for the connection. required: true schema: type: string example: conn_0192c16abb53b44277e597d31877ba5b responses: '200': description: Connection successfully removed. content: application/json: schema: $ref: '#/components/schemas/success_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/applications/{application_id}/properties: servers: [] parameters: - $ref: '#/components/parameters/application_id' get: tags: - Applications operationId: getApplicationPropertyValues summary: Get property values description: | Gets properties for an application by client ID.

read:application_properties

responses: '200': description: Properties successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/get_property_values_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/applications/{application_id}/properties/{property_key}: servers: [] parameters: - $ref: '#/components/parameters/application_id' - $ref: '#/components/parameters/property_key' put: tags: - Applications operationId: updateApplicationsProperty summary: Update property description: | Update application property value.

update:application_properties

requestBody: required: true content: application/json: schema: type: object properties: value: oneOf: - type: string - type: boolean description: The new value for the property example: Some new value required: - value responses: '200': description: Property successfully updated content: application/json: schema: $ref: '#/components/schemas/success_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/applications/{application_id}/tokens: servers: [] patch: tags: - Applications operationId: updateApplicationTokens summary: Update application tokens description: | Configure tokens for an application.

update:application_tokens

parameters: - name: application_id in: path description: The identifier/client ID for the application. required: true schema: type: string example: 20bbffaa4c5e492a962273039d4ae18b requestBody: description: Application tokens. required: true content: application/json: schema: type: object properties: access_token_lifetime: description: The lifetime of an access token in seconds. type: integer example: 3600 refresh_token_lifetime: description: The lifetime of a refresh token in seconds. type: integer example: 86400 id_token_lifetime: description: The lifetime of an ID token in seconds. type: integer example: 3600 authenticated_session_lifetime: description: The lifetime of an authenticated session in seconds. type: integer example: 86400 is_hasura_mapping_enabled: description: Enable or disable Hasura mapping. type: boolean example: true responses: '200': description: Application tokens successfully updated. content: application/json: schema: $ref: '#/components/schemas/success_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/billing/entitlements: servers: [] get: tags: - Billing Entitlements operationId: getBillingEntitlements x-scope: read:billing_entitlements description: | Returns all the entitlements a billing customer currently has access to

read:billing_entitlements

summary: Get billing entitlements parameters: - name: page_size in: query required: false description: Number of results per page. Defaults to 10 if parameter not sent. schema: type: integer nullable: true - name: starting_after in: query required: false description: The ID of the billing entitlement to start after. schema: type: string nullable: true - name: ending_before in: query required: false description: The ID of the billing entitlement to end before. schema: type: string nullable: true - name: customer_id in: query description: The ID of the billing customer to retrieve entitlements for required: true schema: type: string nullable: false - name: max_value in: query description: When the maximum limit of an entitlement is null, this value is returned as the maximum limit schema: type: string nullable: true - name: expand in: query description: 'Additional plan data to include in the response. Allowed value: "plans".' required: false schema: type: string nullable: true enum: - plans responses: '200': description: Billing entitlements successfully retrieved. content: application/json; charset=utf-8: schema: $ref: '#/components/schemas/get_billing_entitlements_response' application/json: schema: $ref: '#/components/schemas/get_billing_entitlements_response' '400': description: Invalid request. content: application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' application/json: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. content: application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' application/json: schema: $ref: '#/components/schemas/error_response' '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/billing/agreements: servers: [] get: tags: - Billing Agreements operationId: getBillingAgreements description: | Returns all the agreements a billing customer currently has access to

read:billing_agreements

summary: Get billing agreements parameters: - name: page_size in: query required: false description: Number of results per page. Defaults to 10 if parameter not sent. schema: type: integer nullable: true - name: starting_after in: query required: false description: The ID of the billing agreement to start after. schema: type: string nullable: true - name: ending_before in: query required: false description: The ID of the billing agreement to end before. schema: type: string nullable: true - name: customer_id in: query description: The ID of the billing customer to retrieve agreements for required: true schema: type: string nullable: false example: customer_0195ac80a14c2ca2cec97d026d864de0 - name: feature_code in: query required: false description: The feature code to filter by agreements only containing that feature schema: type: string nullable: true responses: '200': description: Billing agreements successfully retrieved. content: application/json; charset=utf-8: schema: $ref: '#/components/schemas/get_billing_agreements_response' application/json: schema: $ref: '#/components/schemas/get_billing_agreements_response' '400': description: Invalid request. content: application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' application/json: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. content: application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' application/json: schema: $ref: '#/components/schemas/error_response' '429': description: Request was throttled. security: - kindeBearerAuth: [] post: tags: - Billing Agreements operationId: createBillingAgreement description: | Creates a new billing agreement based on the plan code passed, and cancels the customer's existing agreements

create:billing_agreements

summary: Create billing agreement requestBody: description: New agreement request values required: true content: application/json: schema: type: object required: - customer_id - plan_code properties: customer_id: description: The ID of the billing customer to create a new agreement for type: string example: customer_0195ac80a14c2ca2cec97d026d864de0 plan_code: description: The code of the billing plan the new agreement will be based on type: string example: pro is_invoice_now: type: boolean description: Generate a final invoice for any un-invoiced metered usage. example: true is_prorate: type: boolean description: Generate a proration invoice item that credits remaining unused features. example: true responses: '200': description: Billing agreement successfully changed content: application/json: schema: $ref: '#/components/schemas/success_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/billing/meter_usage: servers: [] post: tags: - Billing Meter Usage operationId: createMeterUsageRecord summary: Create meter usage record description: | Create a new meter usage record

create:meter_usage

requestBody: description: Meter usage record required: true content: application/json: schema: type: object required: - customer_agreement_id - billing_feature_code - meter_value properties: customer_agreement_id: description: The billing agreement against which to record usage type: string example: agreement_0195ac80a14c2ca2cec97d026d864de0 billing_feature_code: description: The code of the feature within the agreement against which to record usage type: string example: pro_gym meter_value: description: The value of usage to record type: string example: pro_gym meter_usage_timestamp: type: string format: date-time description: The date and time the usage needs to be recorded for (defaults to current date/time) example: '2024-11-18T13:32:03+11' meter_type_code: type: string enum: - absolute - delta description: Absolutes overrides the current usage responses: '200': description: Meter usage record successfully created. content: application/json: schema: $ref: '#/components/schemas/create_meter_usage_record_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/business: servers: [] get: tags: - Business operationId: getBusiness x-scope: read:businesses summary: Get business description: | Get your business details.

read:businesses

responses: '200': description: Your business details. content: application/json: schema: $ref: '#/components/schemas/get_business_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] patch: tags: - Business operationId: updateBusiness x-scope: update:businesses summary: Update business description: | Update your business details.

update:businesses

requestBody: description: The business details to update. required: true content: application/json: schema: type: object properties: business_name: type: string description: The name of the business. example: Tailsforce Ltd nullable: true email: type: string description: The email address of the business. example: sally@example.com nullable: true industry_key: type: string description: The key of the industry of your business. Can be retrieved from the /industries endpoint. example: construction nullable: true is_click_wrap: description: Whether the business is using clickwrap agreements. type: boolean example: false nullable: true is_show_kinde_branding: description: Whether the business is showing Kinde branding. Requires a paid plan. type: boolean example: true nullable: true kinde_perk_code: description: The Kinde perk code for the business. type: string nullable: true phone: description: The phone number of the business. type: string example: 123-456-7890 nullable: true privacy_url: description: The URL to the business's privacy policy. type: string example: https://example.com/privacy nullable: true terms_url: description: The URL to the business's terms of service. type: string example: https://example.com/terms nullable: true timezone_key: description: The key of the timezone of your business. Can be retrieved from the /timezones endpoint. type: string example: los_angeles_pacific_standard_time nullable: true responses: '200': description: Business successfully updated. content: application/json: schema: $ref: '#/components/schemas/success_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/industries: servers: [] get: tags: - Industries operationId: getIndustries summary: Get industries description: | Get a list of industries and associated industry keys.

read:industries

responses: '200': description: A list of industries. content: application/json: schema: $ref: '#/components/schemas/get_industries_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/timezones: servers: [] get: tags: - Timezones operationId: getTimezones summary: Get timezones description: | Get a list of timezones and associated timezone keys.

read:timezones

responses: '200': description: A list of timezones. content: application/json: schema: $ref: '#/components/schemas/get_timezones_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/applications/{app_id}/auth_redirect_urls: servers: [] get: tags: - Callbacks operationId: getCallbackURLs x-scope: read:applications_redirect_uris description: | Returns an application's redirect callback URLs.

read:applications_redirect_uris

summary: List Callback URLs parameters: - name: app_id in: path description: The identifier for the application. required: true schema: type: string responses: '200': description: Callback URLs successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/redirect_callback_urls' application/json; charset=utf-8: schema: $ref: '#/components/schemas/redirect_callback_urls' '400': description: Invalid request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] post: tags: - Callbacks operationId: addRedirectCallbackURLs x-scope: create:applications_redirect_uris description: | Add additional redirect callback URLs.

create:applications_redirect_uris

summary: Add Redirect Callback URLs parameters: - name: app_id in: path description: The identifier for the application. required: true schema: type: string requestBody: description: Callback details. required: true content: application/json: schema: type: object properties: urls: type: array items: type: string description: Array of callback urls. responses: '200': description: Callbacks successfully updated content: application/json: schema: $ref: '#/components/schemas/success_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/success_response' '400': description: Invalid request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '429': description: Request was throttled. security: - kindeBearerAuth: [] put: tags: - Callbacks operationId: replaceRedirectCallbackURLs description: | Replace all redirect callback URLs.

update:applications_redirect_uris

summary: Replace Redirect Callback URLs parameters: - name: app_id in: path description: The identifier for the application. required: true schema: type: string requestBody: description: Callback details. required: true content: application/json: schema: type: object properties: urls: type: array items: type: string description: Array of callback urls. responses: '200': description: Callbacks successfully updated content: application/json: schema: $ref: '#/components/schemas/success_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/success_response' '400': description: Invalid request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] delete: tags: - Callbacks operationId: deleteCallbackURLs description: | Delete callback URLs.

delete:applications_redirect_uris

summary: Delete Callback URLs parameters: - name: app_id in: path description: The identifier for the application. required: true schema: type: string - name: urls in: query description: Urls to delete, comma separated and url encoded. required: true schema: type: string responses: '200': description: Callback URLs successfully deleted. content: application/json: schema: $ref: '#/components/schemas/success_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/success_response' '400': description: Invalid request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/applications/{app_id}/auth_logout_urls: servers: [] get: tags: - Callbacks operationId: getLogoutURLs description: | Returns an application's logout redirect URLs.

read:application_logout_uris

summary: List logout URLs parameters: - name: app_id in: path description: The identifier for the application. required: true schema: type: string responses: '200': description: Logout URLs successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/logout_redirect_urls' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] post: tags: - Callbacks operationId: addLogoutRedirectURLs description: | Add additional logout redirect URLs.

create:application_logout_uris

summary: Add logout redirect URLs parameters: - name: app_id in: path description: The identifier for the application. required: true schema: type: string requestBody: description: Callback details. required: true content: application/json: schema: type: object properties: urls: type: array items: type: string description: Array of logout urls. responses: '200': description: Logout URLs successfully updated. content: application/json: schema: $ref: '#/components/schemas/success_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] put: tags: - Callbacks operationId: replaceLogoutRedirectURLs description: | Replace all logout redirect URLs.

update:application_logout_uris

summary: Replace logout redirect URls parameters: - name: app_id in: path description: The identifier for the application. required: true schema: type: string requestBody: description: Callback details. required: true content: application/json: schema: type: object properties: urls: type: array items: type: string description: Array of logout urls. responses: '200': description: Logout URLs successfully updated. content: application/json: schema: $ref: '#/components/schemas/success_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] delete: tags: - Callbacks operationId: deleteLogoutURLs description: | Delete logout URLs.

delete:application_logout_uris

summary: Delete Logout URLs parameters: - name: app_id in: path description: The identifier for the application. required: true schema: type: string - name: urls in: query description: Urls to delete, comma separated and url encoded. required: true schema: type: string responses: '200': description: Logout URLs successfully deleted. content: application/json: schema: $ref: '#/components/schemas/success_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/connected_apps/auth_url: servers: [] get: tags: - Connected Apps operationId: GetConnectedAppAuthUrl x-scope: read:connected_apps description: | Get a URL that authenticates and authorizes a user to a third-party connected app.

read:connected_apps

summary: Get Connected App URL parameters: - name: key_code_ref in: query description: The unique key code reference of the connected app to authenticate against. schema: type: string nullable: false required: true - name: user_id in: query description: The id of the user that needs to authenticate to the third-party connected app. schema: type: string nullable: false required: false - name: org_code in: query description: The code of the Kinde organization that needs to authenticate to the third-party connected app. schema: type: string nullable: false required: false - name: override_callback_url in: query description: A URL that overrides the default callback URL setup in your connected app configuration schema: type: string nullable: false required: false responses: '200': description: A URL that can be used to authenticate and a session id to identify this authentication session. content: application/json: schema: $ref: '#/components/schemas/connected_apps_auth_url' application/json; charset=utf-8: schema: $ref: '#/components/schemas/connected_apps_auth_url' '400': description: Error retrieving connected app auth url. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '404': description: Error retrieving connected app auth url. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/connected_apps/token: servers: [] get: tags: - Connected Apps operationId: GetConnectedAppToken x-scope: read:connected_apps description: | Get an access token that can be used to call the third-party provider linked to the connected app.

read:connected_apps

summary: Get Connected App Token parameters: - name: session_id in: query description: The unique sesssion id representing the login session of a user. schema: type: string nullable: false required: true responses: '200': description: An access token that can be used to query a third-party provider, as well as the token's expiry time. content: application/json: schema: $ref: '#/components/schemas/connected_apps_access_token' application/json; charset=utf-8: schema: $ref: '#/components/schemas/connected_apps_access_token' '400': description: The session id provided points to an invalid session. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/connected_apps/revoke: servers: [] post: tags: - Connected Apps operationId: RevokeConnectedAppToken description: | Revoke the tokens linked to the connected app session.

create:connected_apps

summary: Revoke Connected App Token parameters: - name: session_id in: query description: The unique sesssion id representing the login session of a user. schema: type: string nullable: false required: true responses: '200': description: An access token that can be used to query a third-party provider, as well as the token's expiry time. content: application/json: schema: $ref: '#/components/schemas/success_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/success_response' '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '405': description: Invalid HTTP method used. '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/connections: servers: [] get: tags: - Connections operationId: GetConnections x-scope: read:connections description: | Returns a list of authentication connections. Optionally you can filter this by a home realm domain.

read:connections

summary: Get connections parameters: - name: page_size in: query description: Number of results per page. Defaults to 10 if parameter not sent. schema: type: integer nullable: true - name: home_realm_domain in: query description: Filter the results by the home realm domain. schema: example: myapp.com type: string nullable: true - name: starting_after in: query description: The ID of the connection to start after. schema: type: string nullable: true - name: ending_before in: query description: The ID of the connection to end before. schema: type: string nullable: true responses: '200': description: Connections successfully retrieved. content: application/json; charset=utf-8: schema: $ref: '#/components/schemas/get_connections_response' application/json: schema: $ref: '#/components/schemas/get_connections_response' '400': description: Invalid request. content: application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' application/json: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. content: application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' application/json: schema: $ref: '#/components/schemas/error_response' '429': description: Request was throttled. security: - kindeBearerAuth: [] post: tags: - Connections operationId: CreateConnection x-scope: create:connections description: | Create Connection.

create:connections

summary: Create Connection requestBody: description: Connection details. required: true content: application/json: schema: type: object properties: name: description: The internal name of the connection. type: string nullable: false display_name: description: The public facing name of the connection. type: string nullable: false strategy: description: The identity provider identifier for the connection. type: string enum: - oauth2:apple - oauth2:azure_ad - oauth2:bitbucket - oauth2:discord - oauth2:facebook - oauth2:github - oauth2:gitlab - oauth2:google - oauth2:linkedin - oauth2:microsoft - oauth2:patreon - oauth2:slack - oauth2:stripe - oauth2:twitch - oauth2:twitter - oauth2:xero - saml:custom - saml:cloudflare - saml:okta - saml:microsoft - saml:google - wsfed:azure_ad nullable: false enabled_applications: description: Client IDs of applications in which this connection is to be enabled. type: array items: type: string organization_code: description: Enterprise connections only - the code for organization that manages this connection. type: string nullable: true example: org_80581732fbe options: oneOf: - type: object description: Social connection options (e.g., Google SSO). properties: client_id: type: string description: OAuth client ID. example: hji7db2146af332akfldfded22 client_secret: type: string description: OAuth client secret. example: 19fkjdalg521l23fassf3039d4ae18b is_use_custom_domain: type: boolean description: Use custom domain callback URL. example: true is_trusted: type: boolean description: Trust this connection for account merging. example: true - type: object description: Azure AD connection options. properties: client_id: type: string description: Client ID. example: hji7db2146af332akfldfded22 client_secret: type: string description: Client secret. example: 19fkjdalg521l23fassf3039d4ae18b home_realm_domains: type: array items: type: string description: List of domains to limit authentication. example: - '@kinde.com' - '@kinde.io' entra_id_domain: type: string description: Domain for Entra ID. example: kinde.com is_use_common_endpoint: type: boolean description: Use https://login.windows.net/common instead of a default endpoint. example: true is_sync_user_profile_on_login: type: boolean description: Sync user profile data with IDP. example: true is_retrieve_provider_user_groups: type: boolean description: Include user group info from MS Entra ID. example: true is_extended_attributes_required: type: boolean description: Include additional user profile information. example: true is_auto_join_organization_enabled: type: boolean description: Users automatically join organization when using this connection. example: true is_create_missing_user: type: boolean description: Create a user record in Kinde if the user signing in does not exist. example: true is_force_show_sso_button: type: boolean description: Force showing the SSO button for this connection. example: false upstream_params: type: object description: Additional upstream parameters to pass to the identity provider. additionalProperties: true example: prompt: value: select_account is_use_custom_domain: type: boolean description: Use custom domain callback URL. example: true is_trusted: type: boolean description: Trust this connection for account merging. example: true - type: object description: SAML connection options (e.g., Cloudflare SAML). properties: home_realm_domains: type: array items: type: string description: List of domains to restrict authentication. example: - '@kinde.com' - '@kinde.io' saml_entity_id: type: string description: SAML Entity ID. example: https://kinde.com saml_idp_metadata_url: type: string description: URL for the IdP metadata. example: https://kinde.com/saml/metadata saml_sign_in_url: type: string description: Override the default SSO endpoint with a URL your IdP recognizes. example: https://kinde.com/saml/signin sign_request_algorithm: type: string description: Algorithm used to sign SAML requests. enum: - RSA-SHA256 - RSA-SHA1 example: RSA-SHA256 protocol_binding: type: string description: Protocol binding used to send SAML requests. enum: - HTTP-REDIRECT - HTTP-POST example: HTTP-REDIRECT name_id_format: type: string description: Format for the Name ID used to identify users in SAML responses. enum: - Persistent - Transient - Email address - Unspecified example: Persistent saml_email_key_attr: type: string description: Attribute key for the user's email. example: email saml_user_id_key_attr: type: string description: Attribute key for the user's ID. example: user_id saml_first_name_key_attr: type: string description: Attribute key for the user's first name. example: given_name saml_last_name_key_attr: type: string description: Attribute key for the user's last name. example: family_name is_create_missing_user: type: boolean description: Create user if they don't exist. example: true is_force_show_sso_button: type: boolean description: Force showing the SSO button for this connection. example: false upstream_params: type: object description: Additional upstream parameters to pass to the identity provider. additionalProperties: true example: prompt: value: select_account saml_signing_certificate: type: string description: Certificate for signing SAML requests. example: |- -----BEGIN CERTIFICATE----- MIIDdTCCAl2gAwIBAgIEUjZoyDANBgkqhkiG9w0BAQsFADBzMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExEjAQBgNVBAcMCVNhbiBGcmFuYzEXMBUGA1UECgwOQ2xv -----END CERTIFICATE----- saml_signing_private_key: type: string description: Private key associated with the signing certificate. example: |- -----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCy5+KLjTzF6tvl -----END PRIVATE KEY----- is_auto_join_organization_enabled: type: boolean description: Users automatically join organization when using this connection. example: true is_use_custom_domain: type: boolean description: Use custom domain callback URL. example: true is_trusted: type: boolean description: Trust this connection for account merging. example: true responses: '201': description: Connection successfully created. content: application/json: schema: $ref: '#/components/schemas/create_connection_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/connections/{connection_id}: servers: [] get: tags: - Connections operationId: GetConnection description: | Get Connection.

read:connections

summary: Get Connection parameters: - name: connection_id in: path description: The unique identifier for the connection. required: true schema: type: string responses: '200': description: Connection successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/connection' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] patch: tags: - Connections operationId: UpdateConnection description: | Update Connection.

update:connections

summary: Update Connection parameters: - name: connection_id in: path description: The unique identifier for the connection. required: true schema: type: string requestBody: description: The fields of the connection to update. required: true content: application/json: schema: type: object properties: name: description: The internal name of the connection. type: string nullable: false example: ConnectionA display_name: description: The public facing name of the connection. type: string nullable: false example: Connection enabled_applications: description: Client IDs of applications in which this connection is to be enabled. type: array example: - c647dbe20f5944e28af97c9184fded22 - 20bbffaa4c5e492a962273039d4ae18b items: type: string options: oneOf: - type: object description: Social connection options (e.g., Google SSO). properties: client_id: type: string description: OAuth client ID. example: hji7db2146af332akfldfded22 client_secret: type: string description: OAuth client secret. example: 19fkjdalg521l23fassf3039d4ae18b is_use_custom_domain: type: boolean description: Use custom domain callback URL. example: true is_trusted: type: boolean description: Trust this connection for account merging. example: true - type: object description: Azure AD connection options. properties: client_id: type: string description: Client ID. example: hji7db2146af332akfldfded22 client_secret: type: string description: Client secret. example: 19fkjdalg521l23fassf3039d4ae18b home_realm_domains: type: array items: type: string description: List of domains to limit authentication. example: - '@kinde.com' - '@kinde.io' entra_id_domain: type: string description: Domain for Entra ID. example: kinde.com is_use_common_endpoint: type: boolean description: Use https://login.windows.net/common instead of a default endpoint. example: true is_sync_user_profile_on_login: type: boolean description: Sync user profile data with IDP. example: true is_retrieve_provider_user_groups: type: boolean description: Include user group info from MS Entra ID. example: true is_extended_attributes_required: type: boolean description: Include additional user profile information. example: true is_create_missing_user: type: boolean description: Create users if they don't exist in the system. example: true is_force_show_sso_button: type: boolean description: Force showing the SSO button for this connection. example: false upstream_params: type: object description: Additional upstream parameters to pass to the identity provider. additionalProperties: true example: prompt: value: select_account is_use_custom_domain: type: boolean description: Use custom domain callback URL. example: true is_trusted: type: boolean description: Trust this connection for account merging. example: true - type: object description: SAML connection options (e.g., Cloudflare SAML). properties: home_realm_domains: type: array items: type: string description: List of domains to restrict authentication. example: - '@kinde.com' - '@kinde.io' saml_entity_id: type: string description: SAML Entity ID. example: https://kinde.com saml_idp_metadata_url: type: string description: URL for the IdP metadata. example: https://kinde.com/saml/metadata saml_sign_in_url: type: string description: Override the default SSO endpoint with a URL your IdP recognizes. example: https://kinde.com/saml/signin sign_request_algorithm: type: string description: Algorithm used to sign SAML requests. enum: - RSA-SHA256 - RSA-SHA1 example: RSA-SHA256 protocol_binding: type: string description: Protocol binding used to send SAML requests. enum: - HTTP-REDIRECT - HTTP-POST example: HTTP-REDIRECT name_id_format: type: string description: Format for the Name ID used to identify users in SAML responses. enum: - Persistent - Transient - Email address - Unspecified example: Persistent saml_email_key_attr: type: string description: Attribute key for the user's email. example: email saml_user_id_key_attr: type: string description: Attribute key for the user's ID. example: user_id saml_first_name_key_attr: type: string description: Attribute key for the user's first name. example: given_name saml_last_name_key_attr: type: string description: Attribute key for the user's last name. example: family_name is_create_missing_user: type: boolean description: Create user if they don't exist. example: true is_force_show_sso_button: type: boolean description: Force showing the SSO button for this connection. example: false upstream_params: type: object description: Additional upstream parameters to pass to the identity provider. additionalProperties: true example: prompt: value: select_account saml_signing_certificate: type: string description: Certificate for signing SAML requests. example: |- -----BEGIN CERTIFICATE----- MIIDdTCCAl2gAwIBAgIEUjZoyDANBgkqhkiG9w0BAQsFADBzMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExEjAQBgNVBAcMCVNhbiBGcmFuYzEXMBUGA1UECgwOQ2xv -----END CERTIFICATE----- saml_signing_private_key: type: string description: Private key associated with the signing certificate. example: |- -----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCy5+KLjTzF6tvl -----END PRIVATE KEY----- is_use_custom_domain: type: boolean description: Use custom domain callback URL. example: true is_trusted: type: boolean description: Trust this connection for account merging. example: true responses: '200': description: Connection successfully updated. content: application/json: schema: $ref: '#/components/schemas/success_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '404': $ref: '#/components/responses/not_found' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] put: tags: - Connections operationId: ReplaceConnection description: | Replace Connection Config.

update:connections

summary: Replace Connection parameters: - name: connection_id in: path description: The unique identifier for the connection. required: true schema: type: string requestBody: description: The complete connection configuration to replace the existing one. required: true content: application/json: schema: type: object properties: name: description: The internal name of the connection. type: string example: ConnectionA nullable: false display_name: description: The public-facing name of the connection. type: string example: Connection nullable: false enabled_applications: description: Client IDs of applications in which this connection is to be enabled. type: array items: type: string example: - c647dbe20f5944e28af97c9184fded22 - 20bbffaa4c5e492a962273039d4ae18b options: oneOf: - type: object description: Social connection options (e.g., Google SSO). properties: client_id: type: string description: OAuth client ID. example: hji7db2146af332akfldfded22 client_secret: type: string description: OAuth client secret. example: 19fkjdalg521l23fassf3039d4ae18b is_use_custom_domain: type: boolean description: Use custom domain callback URL. example: true is_trusted: type: boolean description: Trust this connection for account merging. example: true - type: object description: Azure AD connection options. properties: client_id: type: string description: Client ID. example: hji7db2146af332akfldfded22 client_secret: type: string description: Client secret. example: 19fkjdalg521l23fassf3039d4ae18b home_realm_domains: type: array items: type: string description: List of domains to limit authentication. example: - '@kinde.com' - '@kinde.io' entra_id_domain: type: string description: Domain for Entra ID. example: kinde.com is_use_common_endpoint: type: boolean description: Use https://login.windows.net/common instead of a default endpoint. example: true is_sync_user_profile_on_login: type: boolean description: Sync user profile data with IDP. example: true is_retrieve_provider_user_groups: type: boolean description: Include user group info from MS Entra ID. example: true is_extended_attributes_required: type: boolean description: Include additional user profile information. example: true is_create_missing_user: type: boolean description: Create a user record in Kinde if the user signing in does not exist. example: true is_force_show_sso_button: type: boolean description: Force showing the SSO button for this connection. example: false upstream_params: type: object description: Additional upstream parameters to pass to the identity provider. additionalProperties: true example: prompt: value: select_account is_use_custom_domain: type: boolean description: Use custom domain callback URL. example: true is_trusted: type: boolean description: Trust this connection for account merging. example: true - type: object description: SAML connection options (e.g., Cloudflare SAML). properties: home_realm_domains: type: array items: type: string description: List of domains to restrict authentication. example: - '@kinde.com' - '@kinde.io' saml_entity_id: type: string description: SAML Entity ID. example: https://kinde.com saml_idp_metadata_url: type: string description: URL for the IdP metadata. example: https://kinde.com/saml/metadata sign_request_algorithm: type: string description: Algorithm used to sign SAML requests. enum: - RSA-SHA256 - RSA-SHA1 example: RSA-SHA256 protocol_binding: type: string description: Protocol binding used to send SAML requests. enum: - HTTP-REDIRECT - HTTP-POST example: HTTP-REDIRECT name_id_format: type: string description: Format for the Name ID used to identify users in SAML responses. enum: - Persistent - Transient - Email address - Unspecified example: Persistent saml_email_key_attr: type: string description: Attribute key for the user's email. example: email saml_user_id_key_attr: type: string description: Attribute key for the user's ID. example: user_id saml_first_name_key_attr: type: string description: Attribute key for the user's first name. example: given_name saml_last_name_key_attr: type: string description: Attribute key for the user's last name. example: family_name is_create_missing_user: type: boolean description: Create user if they don't exist. example: true is_force_show_sso_button: type: boolean description: Force showing the SSO button for this connection. example: false upstream_params: type: object description: Additional upstream parameters to pass to the identity provider. additionalProperties: true example: prompt: value: select_account saml_signing_certificate: type: string description: Certificate for signing SAML requests. example: |- -----BEGIN CERTIFICATE----- MIIDdTCCAl2gAwIBAgIEUjZoyDANBgkqhkiG9w0BAQsFADBzMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExEjAQBgNVBAcMCVNhbiBGcmFuYzEXMBUGA1UECgwOQ2xv -----END CERTIFICATE----- saml_signing_private_key: type: string description: Private key associated with the signing certificate. example: |- -----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCy5+KLjTzF6tvl -----END PRIVATE KEY----- is_use_custom_domain: type: boolean description: Use custom domain callback URL. example: true is_trusted: type: boolean description: Trust this connection for account merging. example: true responses: '200': description: Connection successfully updated content: application/json: schema: $ref: '#/components/schemas/success_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '404': $ref: '#/components/responses/not_found' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] delete: tags: - Connections operationId: deleteConnection description: | Delete connection.

delete:connections

summary: Delete Connection parameters: - name: connection_id in: path description: The identifier for the connection. required: true schema: type: string responses: '200': description: Connection successfully deleted. content: application/json: schema: $ref: '#/components/schemas/success_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '404': $ref: '#/components/responses/not_found' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/directories: servers: [] get: tags: - Directories operationId: getDirectories summary: Get SCIM directories description: | Returns a list of SCIM directories for your organization.

read:scim_directories

create:scim_directories

externalDocs: url: https://docs.kinde.com/developer-tools/scim-provisioning/ description: SCIM Provisioning requestBody: required: true content: application/json: schema: type: object properties: org_code: type: string description: The organization code to create the SCIM directory for. example: org_1ccfb819462 directory_name: type: string description: A descriptive name for the SCIM directory. example: Production Directory provider_code: type: string description: The SCIM provider code to use for this directory. enum: - entra_id_azure_ad - okta - google_workspace - custom_scim_v2 - cyberark - jumpcloud - onelogin - pingfederate - rippling example: entra_id_azure_ad required: - org_code - directory_name - provider_code responses: '201': description: SCIM directory successfully created. content: application/json: schema: $ref: '#/components/schemas/create_directory_response' '400': description: Invalid request. content: application/json: schema: $ref: '#/components/schemas/error_response' examples: organization_required: summary: Organization code required value: errors: - code: ORGANIZATION_REQUIRED message: Organization code is required field: org_code directory_name_required: summary: Directory name required value: errors: - code: DIRECTORY_NAME_REQUIRED message: Directory name is required field: directory_name provider_code_required: summary: Provider code required value: errors: - code: PROVIDER_CODE_REQUIRED message: Provider code is required field: provider_code invalid_provider: summary: Invalid provider code value: errors: - code: INVALID_PROVIDER message: Invalid or disabled provider code field: provider_code organization_not_found: summary: Organization not found value: errors: - code: ORGANIZATION_NOT_FOUND message: Organization not found field: org_code '403': $ref: '#/components/responses/forbidden' '409': description: Conflict - Directory already exists. content: application/json: schema: $ref: '#/components/schemas/error_response' examples: directory_exists: summary: Directory already exists value: errors: - code: DIRECTORY_EXISTS message: A SCIM directory already exists for this organization field: org_code '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/directories/{directory_id}: servers: [] parameters: - name: directory_id in: path description: The directory's ID. required: true schema: type: string example: directory_0192b1941f125645fa15bf28a662a0b3 get: tags: - Directories operationId: getDirectory summary: Get SCIM directory description: | Retrieve SCIM directory details by ID.

read:scim_directories

responses: '200': description: SCIM directory successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/get_directory_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '404': $ref: '#/components/responses/not_found' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] patch: tags: - Directories operationId: updateDirectory summary: Update SCIM directory description: | Update SCIM directory configuration. requestBody: required: true content: application/json: schema: type: object properties: directory_name: type: string description: A descriptive name for the SCIM directory. example: Updated Production Directory required: - directory_name responses: '200': description: SCIM directory successfully updated. content: application/json: schema: $ref: '#/components/schemas/update_directory_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '404': $ref: '#/components/responses/not_found' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] delete: tags: - Directories operationId: deleteDirectory summary: Delete SCIM directory description: | Delete a SCIM directory and all associated data.

delete:scim_directories

responses: '200': description: SCIM directory successfully deleted. content: application/json: schema: $ref: '#/components/schemas/delete_directory_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '404': $ref: '#/components/responses/not_found' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/environment: servers: [] get: tags: - Environments operationId: getEnvironment x-scope: read:environments summary: Get environment description: | Gets the current environment.

read:environments

responses: '200': description: Environment successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/get_environment_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/environment/feature_flags: servers: [] delete: tags: - Environments operationId: DeleteEnvironementFeatureFlagOverrides x-scope: delete:environment_feature_flags description: | Delete all environment feature flag overrides.

delete:environment_feature_flags

summary: Delete Environment Feature Flag Overrides responses: '200': description: Feature flag overrides deleted successfully. content: application/json: schema: $ref: '#/components/schemas/success_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/success_response' '400': description: Invalid request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] get: tags: - Environments operationId: GetEnvironementFeatureFlags x-scope: read:environment_feature_flags description: | Get environment feature flags.

read:environment_feature_flags

summary: List Environment Feature Flags responses: '200': description: Feature flags retrieved successfully. content: application/json: schema: $ref: '#/components/schemas/get_environment_feature_flags_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/get_environment_feature_flags_response' '400': description: Invalid request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/environment/feature_flags/{feature_flag_key}: servers: [] delete: tags: - Environments operationId: DeleteEnvironementFeatureFlagOverride description: | Delete environment feature flag override.

delete:environment_feature_flags

summary: Delete Environment Feature Flag Override parameters: - name: feature_flag_key in: path description: The identifier for the feature flag. required: true schema: type: string responses: '200': description: Feature flag deleted successfully. content: application/json: schema: $ref: '#/components/schemas/success_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/success_response' '400': description: Invalid request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] patch: tags: - Environments operationId: UpdateEnvironementFeatureFlagOverride description: | Update environment feature flag override.

update:environment_feature_flags

summary: Update Environment Feature Flag Override parameters: - name: feature_flag_key in: path description: The identifier for the feature flag. required: true schema: type: string requestBody: description: Flag details. required: true content: application/json: schema: type: object properties: value: description: The flag override value. type: string nullable: false required: - value responses: '200': description: Feature flag override successful content: application/json: schema: $ref: '#/components/schemas/success_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/success_response' '400': description: Invalid request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/environment/logos: servers: [] get: tags: - Environments operationId: ReadLogo description: | Read environment logo details

read:environments

summary: Read logo details responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/read_env_logo_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/environment/logos/{type}: servers: [] put: tags: - Environments operationId: AddLogo description: | Add environment logo

update:environments

summary: Add logo parameters: - name: type in: path description: The type of logo to add. required: true schema: type: string example: dark enum: - dark - light requestBody: description: Logo details. required: true content: multipart/form-data: schema: type: object required: - logo properties: logo: type: string format: binary description: The logo file to upload. responses: '200': description: Logo successfully updated content: application/json: schema: $ref: '#/components/schemas/success_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] delete: tags: - Environments operationId: DeleteLogo description: | Delete environment logo

update:environments

summary: Delete logo parameters: - name: type in: path description: The type of logo to delete. required: true schema: type: string example: dark enum: - dark - light responses: '200': description: Logo successfully deleted content: application/json: schema: $ref: '#/components/schemas/success_response' '204': description: No logo found to delete '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/environment_variables: servers: [] get: tags: - Environment variables operationId: getEnvironmentVariables x-scope: read:environment_variables summary: Get environment variables description: | Get environment variables. This feature is in beta and admin UI is not yet available.

read:environment_variables

responses: '200': description: A successful response with a list of environment variables or an empty list. content: application/json: schema: $ref: '#/components/schemas/get_environment_variables_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] post: tags: - Environment variables operationId: createEnvironmentVariable x-scope: create:environment_variables summary: Create environment variable description: | Create a new environment variable. This feature is in beta and admin UI is not yet available.

create:environment_variables

requestBody: description: The environment variable details. required: true content: application/json: schema: type: object properties: key: type: string description: The name of the environment variable (max 128 characters). example: MY_API_KEY value: type: string description: The value of the new environment variable (max 2048 characters). example: some-secret-value is_secret: type: boolean description: Whether the environment variable is sensitive. Secrets are not-readable by you or your team after creation. example: false required: - key - value responses: '201': description: Environment variable successfully created. content: application/json: schema: $ref: '#/components/schemas/create_environment_variable_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/environment_variables/{variable_id}: servers: [] parameters: - $ref: '#/components/parameters/variable_id' get: tags: - Environment variables operationId: getEnvironmentVariable x-scope: read:environment_variables summary: Get environment variable description: | Retrieve environment variable details by ID. This feature is in beta and admin UI is not yet available.

read:environment_variables

responses: '200': description: Environment variable successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/get_environment_variable_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] patch: tags: - Environment variables operationId: updateEnvironmentVariable x-scope: update:environment_variables summary: Update environment variable description: | Update an environment variable you previously created. This feature is in beta and admin UI is not yet available.

update:environment_variables

requestBody: description: The new details for the environment variable required: true content: application/json: schema: type: object properties: key: type: string description: The key to update. example: MY_API_KEY value: type: string description: The new value for the environment variable. example: new-secret-value is_secret: type: boolean description: Whether the environment variable is sensitive. Secret variables are not-readable by you or your team after creation. responses: '200': description: Environment variable successfully updated. content: application/json: schema: $ref: '#/components/schemas/update_environment_variable_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] delete: tags: - Environment variables operationId: deleteEnvironmentVariable x-scope: delete:environment_variables summary: Delete environment variable description: | Delete an environment variable you previously created. This feature is in beta and admin UI is not yet available.

delete:environment_variables

responses: '200': description: Environment variable successfully deleted. content: application/json: schema: $ref: '#/components/schemas/delete_environment_variable_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/feature_flags: servers: [] post: tags: - Feature Flags operationId: CreateFeatureFlag x-scope: create:feature_flags description: | Create feature flag.

create:feature_flags

summary: Create Feature Flag requestBody: description: Flag details. required: true content: application/json: schema: type: object properties: name: description: The name of the flag. type: string nullable: false description: description: Description of the flag purpose. type: string nullable: false key: description: The flag identifier to use in code. type: string nullable: false type: description: The variable type. type: string enum: - str - int - bool nullable: false allow_override_level: description: Allow the flag to be overridden at a different level. type: string enum: - env - org - usr nullable: false default_value: description: Default value for the flag used by environments and organizations. type: string nullable: false required: - name - key - type - default_value responses: '201': description: Feature flag successfully created content: application/json: schema: $ref: '#/components/schemas/success_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/success_response' '400': description: Invalid request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/feature_flags/{feature_flag_key}: servers: [] delete: tags: - Feature Flags operationId: DeleteFeatureFlag x-scope: delete:feature_flags description: | Delete feature flag

delete:feature_flags

summary: Delete Feature Flag parameters: - name: feature_flag_key in: path description: The identifier for the feature flag. required: true schema: type: string responses: '200': description: Feature flag successfully updated. content: application/json: schema: $ref: '#/components/schemas/success_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/success_response' '400': description: Invalid request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] put: tags: - Feature Flags operationId: UpdateFeatureFlag x-scope: update:feature_flags description: | Update feature flag.

update:feature_flags

summary: Replace Feature Flag parameters: - name: feature_flag_key in: path description: The key identifier for the feature flag. required: true schema: type: string - name: name in: query description: The name of the flag. schema: type: string nullable: false required: true - name: description in: query description: Description of the flag purpose. schema: type: string nullable: false required: true - name: type in: query description: The variable type schema: type: string enum: - str - int - bool nullable: false required: true - name: allow_override_level in: query description: Allow the flag to be overridden at a different level. schema: type: string enum: - env - org nullable: false required: true - name: default_value in: query description: Default value for the flag used by environments and organizations. schema: type: string nullable: false required: true responses: '200': description: Feature flag successfully updated. content: application/json: schema: $ref: '#/components/schemas/success_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/success_response' '400': description: Invalid request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/identities/{identity_id}: servers: [] get: tags: - Identities operationId: GetIdentity x-scope: read:identities description: | Returns an identity by ID

read:identities

summary: Get identity parameters: - name: identity_id in: path description: The unique identifier for the identity. required: true schema: type: string responses: '200': description: Identity successfully retrieved. content: application/json; charset=utf-8: schema: $ref: '#/components/schemas/identity' application/json: schema: $ref: '#/components/schemas/identity' '400': description: Invalid request. content: application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' application/json: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. content: application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' application/json: schema: $ref: '#/components/schemas/error_response' '429': description: Request was throttled. security: - kindeBearerAuth: [] patch: tags: - Identities operationId: UpdateIdentity x-scope: update:identities description: | Update identity by ID.

update:identities

summary: Update identity parameters: - name: identity_id in: path description: The unique identifier for the identity. required: true schema: type: string requestBody: description: The fields of the identity to update. required: true content: application/json: schema: type: object properties: is_primary: description: Whether the identity is the primary for it's type type: boolean nullable: false responses: '200': description: Identity successfully updated. content: application/json: schema: $ref: '#/components/schemas/success_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/success_response' '400': description: Invalid request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] delete: tags: - Identities operationId: DeleteIdentity x-scope: delete:identities description: | Delete identity by ID.

delete:identities

summary: Delete identity parameters: - name: identity_id in: path description: The unique identifier for the identity. required: true schema: type: string responses: '200': description: Identity successfully deleted. content: application/json: schema: $ref: '#/components/schemas/success_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/success_response' '400': description: Invalid request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/organization/{org_code}/invites: servers: [] get: tags: - Organizations operationId: getOrganizationInvites x-scope: read:organization_invites summary: Get organization invites description: | Get a list of invitations for an organization. By default, only pending (non-revoked, non-accepted) invitations are returned.

read:organization_invites

parameters: - name: org_code in: path description: The organization's code. required: true schema: type: string example: org_1ccfb819462 - name: sort in: query description: Field and order to sort the result by. schema: type: string nullable: true enum: - created_on_asc - created_on_desc - email_asc - email_desc - name_asc - name_desc example: created_on_desc - name: page_size in: query description: Number of results per page. Defaults to 10 if parameter not sent. schema: type: integer nullable: true example: 10 - name: next_token in: query description: A string to get the next page of results if there are more results. schema: type: string nullable: true - name: include_revoked in: query description: Include revoked invitations in the results. schema: type: boolean nullable: true default: false - name: include_accepted in: query description: Include accepted invitations in the results. schema: type: boolean nullable: true default: false responses: '200': description: Invitations successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/get_organization_invites_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] post: tags: - Organizations operationId: createOrganizationInvite x-scope: create:organization_invites summary: Create organization invite description: | Create a new invitation for an organization. An invitation email will be sent to the provided email address if `send_email` is set to `true`. Invitations cannot be created for organizations that are managed by directory sync; user and role changes for those organizations must be made in the upstream identity provider. Roles that require an explicit assignment permission cannot be granted to an invitee unless the caller (or the user the token represents) holds that permission. On Kinde-hosted plans, roles outside `owner`/`admin` additionally require the `extended_roles` entitlement. Per-organization rate limits apply: a maximum number of invitations may be created per rolling 24 hour window, and a maximum number of active (non-accepted, non-revoked) invitations may exist at any time. Requests that exceed either limit are rejected.

create:organization_invites

parameters: - name: org_code in: path description: The organization's code. required: true schema: type: string example: org_1ccfb819462 requestBody: description: Invitation details. `email` is capped at 254 characters (RFC 5321). `first_name` and `last_name` are capped at 64 characters each. Inputs over these limits are rejected with `EMAIL_TOO_LONG`, `FIRST_NAME_TOO_LONG`, or `LAST_NAME_TOO_LONG`. required: true content: application/json: schema: type: object required: - email - roles properties: email: description: The email address of the user to invite. Maximum 254 characters. type: string maxLength: 254 example: user@example.com first_name: description: The first name of the user to invite. Maximum 64 characters. type: string maxLength: 64 nullable: true example: John last_name: description: The last name of the user to invite. Maximum 64 characters. type: string maxLength: 64 nullable: true example: Doe roles: description: Array of role keys to assign to the user. type: array items: type: string example: - admin - manager send_email: description: Whether to send an invitation email to the user. Defaults to false. type: boolean default: false responses: '201': description: Invitation successfully created. content: application/json: schema: $ref: '#/components/schemas/create_organization_invite_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/organization/{org_code}/invites/{invite_code}: servers: [] get: tags: - Organizations operationId: getOrganizationInvite x-scope: read:organization_invites summary: Get organization invite description: | Get details of a specific invitation by its code.

read:organization_invites

parameters: - name: org_code in: path description: The organization's code. required: true schema: type: string example: org_1ccfb819462 - name: invite_code in: path description: The invitation's code. required: true schema: type: string example: inv_abc123def456 responses: '200': description: Invitation successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/get_organization_invite_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '404': $ref: '#/components/responses/not_found' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] delete: tags: - Organizations operationId: deleteOrganizationInvite x-scope: delete:organization_invites summary: Delete organization invite description: | Revoke (delete) an invitation. This will mark the invitation as revoked and prevent it from being accepted.

delete:organization_invites

parameters: - name: org_code in: path description: The organization's code. required: true schema: type: string example: org_1ccfb819462 - name: invite_code in: path description: The invitation's code. required: true schema: type: string example: inv_abc123def456 responses: '200': description: Invitation successfully revoked. content: application/json: schema: $ref: '#/components/schemas/success_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '404': $ref: '#/components/responses/not_found' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/mfa: servers: [] put: tags: - MFA operationId: ReplaceMFA x-scope: update:mfa description: | Replace MFA Configuration.

update:mfa

summary: Replace MFA Configuration requestBody: description: MFA details. required: true content: application/json: schema: type: object properties: policy: description: Specifies whether MFA is required, optional, or not enforced. type: string enum: - required - 'off' - optional nullable: false enabled_factors: description: The MFA methods to enable. type: array nullable: false items: type: string enum: - mfa:email - mfa:sms - mfa:authenticator_app is_recovery_codes_enabled: description: Determines whether recovery codes are shown to users during MFA setup for the environment. type: boolean default: true required: - policy - enabled_factors responses: '200': description: MFA Configuration updated successfully. content: application/json: schema: $ref: '#/components/schemas/success_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/organization: servers: [] get: tags: - Organizations operationId: getOrganization x-scope: read:organizations summary: Get organization description: | Retrieve organization details by code.

read:organizations

parameters: - in: query name: code description: The organization's code. schema: type: string example: org_1ccfb819462 - in: query name: expand description: 'Additional data to include in the response. Allowed value: "billing".' schema: type: string example: billing responses: '200': description: Organization successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/get_organization_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] post: tags: - Organizations operationId: createOrganization x-scope: create:organizations summary: Create organization description: | Create a new organization. To learn more read about [multi tenancy using organizations](https://docs.kinde.com/build/organizations/multi-tenancy-using-organizations/)

create:organizations

requestBody: description: Organization details. required: true content: application/json: schema: type: object required: - name properties: name: description: The organization's name. type: string example: Acme Corp feature_flags: type: object description: The organization's feature flag settings. additionalProperties: type: string enum: - str - int - bool description: Value of the feature flag. external_id: description: The organization's external identifier - commonly used when migrating from or mapping to other systems. type: string example: some1234 background_color: description: The organization's brand settings - background color. type: string button_color: description: The organization's brand settings - button color. type: string button_text_color: description: The organization's brand settings - button text color. type: string link_color: description: The organization's brand settings - link color. type: string background_color_dark: description: The organization's brand settings - dark mode background color. type: string button_color_dark: description: The organization's brand settings - dark mode button color. type: string button_text_color_dark: description: The organization's brand settings - dark mode button text color. type: string link_color_dark: description: The organization's brand settings - dark mode link color. type: string theme_code: description: The organization's brand settings - theme/mode 'light' | 'dark' | 'user_preference'. type: string handle: description: A unique handle for the organization - can be used for dynamic callback urls. type: string example: acme_corp is_allow_registrations: deprecated: true description: Deprecated - Use 'is_auto_membership_enabled' instead. type: boolean example: true is_auto_membership_enabled: description: If users become members of this organization when the org code is supplied during authentication. type: boolean example: true sender_name: nullable: true type: string example: Acme Corp description: The name of the organization that will be used in emails sender_email: nullable: true type: string example: hello@acmecorp.com description: The email address that will be used in emails. Requires custom SMTP to be set up. is_create_billing_customer: type: boolean example: false description: If a billing customer is also created for this organization billing_email: type: string example: billing@acmecorp.com description: The email address used for billing purposes for the organization billing_plan_code: type: string example: pro description: The billing plan to put the customer on. If not specified, the default plan is used responses: '200': description: Organization successfully created. content: application/json: schema: $ref: '#/components/schemas/create_organization_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/organizations: servers: [] get: tags: - Organizations operationId: getOrganizations x-scope: read:organizations summary: Get organizations description: | Get a list of organizations.

read:organizations

parameters: - name: sort in: query description: Field and order to sort the result by. schema: type: string nullable: true enum: - name_asc - name_desc - email_asc - email_desc - name: page_size in: query description: Number of results per page. Defaults to 10 if parameter not sent. schema: type: integer nullable: true - name: next_token in: query description: A string to get the next page of results if there are more results. schema: type: string nullable: true responses: '200': description: Organizations successfully retreived. content: application/json: schema: $ref: '#/components/schemas/get_organizations_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/organization/{org_code}: servers: [] patch: tags: - Organizations operationId: updateOrganization description: | Update an organization.

update:organizations

summary: Update Organization parameters: - name: org_code in: path description: The identifier for the organization. required: true schema: type: string example: org_1ccfb819462 - name: expand in: query description: 'Additional data to include in the response. Allowed value: "billing".' required: false schema: type: string nullable: true enum: - billing requestBody: description: Organization details. required: false content: application/json: schema: type: object properties: name: description: The organization's name. type: string example: Acme Corp external_id: description: The organization's ID. type: string example: some1234 background_color: description: The organization's brand settings - background color. type: string example: '#fff' button_color: description: The organization's brand settings - button color. type: string example: '#fff' button_text_color: description: The organization's brand settings - button text color. type: string example: '#fff' link_color: description: The organization's brand settings - link color. type: string example: '#fff' background_color_dark: description: The organization's brand settings - dark mode background color. type: string example: '#000' button_color_dark: description: The organization's brand settings - dark mode button color. type: string example: '#000' button_text_color_dark: description: The organization's brand settings - dark mode button text color. type: string example: '#000' link_color_dark: description: The organization's brand settings - dark mode link color. type: string example: '#000' theme_code: description: The organization's brand settings - theme/mode. type: string enum: - light - dark - user_preference example: light handle: description: The organization's handle. type: string example: acme_corp is_allow_registrations: deprecated: true description: Deprecated - Use 'is_auto_membership_enabled' instead. type: boolean is_auto_membership_enabled: description: If users become members of this organization when the org code is supplied during authentication. type: boolean example: true is_auto_join_domain_list: description: Users can sign up to this organization. type: boolean example: true allowed_domains: description: Domains allowed for self-sign up to this environment. type: array example: - https://acme.kinde.com - https://acme.com items: type: string is_enable_advanced_orgs: description: Activate advanced organization features. type: boolean example: true is_enforce_mfa: description: Enforce MFA for all users in this organization. type: boolean example: true sender_name: nullable: true type: string example: Acme Corp description: The name of the organization that will be used in emails sender_email: nullable: true type: string example: hello@acmecorp.com description: The email address that will be used in emails. Requires custom SMTP to be set up. is_suspended: type: boolean description: Whether to suspend or unsuspend the organization. Setting to true suspends the organization; setting to false unsuspends it. The default organization cannot be suspended. example: false responses: '200': description: Organization successfully updated. content: application/json: schema: $ref: '#/components/schemas/success_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] delete: tags: - Organizations operationId: deleteOrganization description: | Delete an organization.

delete:organizations

summary: Delete Organization parameters: - name: org_code in: path description: The identifier for the organization. required: true schema: type: string responses: '200': description: Organization successfully deleted. content: application/json: schema: $ref: '#/components/schemas/success_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '404': $ref: '#/components/responses/not_found' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/organizations/{org_code}/users: servers: [] get: tags: - Organizations operationId: GetOrganizationUsers x-scope: read:organization_users summary: Get organization users description: | Get user details for all members of an organization.

read:organization_users

parameters: - name: sort in: query description: Field and order to sort the result by. schema: example: email_asc type: string nullable: true enum: - name_asc - name_desc - email_asc - email_desc - id_asc - id_desc - name: page_size in: query description: Number of results per page. Defaults to 10 if parameter not sent. schema: example: 10 type: integer nullable: true - name: next_token in: query description: A string to get the next page of results if there are more results. schema: example: MTo6OmlkX2FzYw== type: string nullable: true - name: org_code in: path description: The organization's code. required: true schema: example: org_1ccfb819462 type: string nullable: false - name: permissions in: query description: Filter by user permissions comma separated (where all match) schema: example: admin type: string - name: roles in: query description: Filter by user roles comma separated (where all match) schema: example: manager type: string responses: '200': description: A successful response with a list of organization users or an empty list. content: application/json: schema: $ref: '#/components/schemas/get_organization_users_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] post: tags: - Organizations operationId: AddOrganizationUsers description: | Add existing users to an organization.

create:organization_users

summary: Add Organization Users parameters: - name: org_code in: path description: The organization's code. required: true schema: type: string nullable: false requestBody: required: false content: application/json: schema: type: object properties: users: description: Users to be added to the organization. type: array items: type: object properties: id: description: The users id. type: string example: kp_057ee6debc624c70947b6ba512908c35 roles: description: Role keys to assign to the user. type: array items: type: string example: manager permissions: description: Permission keys to assign to the user. type: array items: type: string example: admin responses: '200': description: Add organization users request successfully processed. content: application/json: schema: $ref: '#/components/schemas/add_organization_users_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] patch: tags: - Organizations operationId: UpdateOrganizationUsers description: | Update users that belong to an organization.

update:organization_users

summary: Update Organization Users parameters: - name: org_code in: path description: The organization's code. required: true schema: type: string nullable: false requestBody: required: false content: application/json: schema: type: object properties: users: description: Users to add, update or remove from the organization. type: array items: type: object properties: id: description: The users id. type: string example: kp_057ee6debc624c70947b6ba512908c35 operation: description: Optional operation, set to 'delete' to remove the user from the organization. type: string example: delete roles: description: Role keys to assign to the user. type: array items: type: string example: manager permissions: description: Permission keys to assign to the user. type: array items: type: string example: admin responses: '200': description: Users successfully removed. content: application/json: schema: $ref: '#/components/schemas/update_organization_users_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/organizations/{org_code}/users/{user_id}/roles: servers: [] get: tags: - Organizations operationId: GetOrganizationUserRoles x-scope: read:organization_user_roles description: | Get roles for an organization user.

read:organization_user_roles

summary: List Organization User Roles parameters: - name: org_code in: path description: The organization's code. required: true schema: type: string nullable: false - name: user_id in: path description: The user's id. required: true schema: type: string nullable: false responses: '200': description: A successful response with a list of user roles. content: application/json: schema: $ref: '#/components/schemas/get_organizations_user_roles_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/get_organizations_user_roles_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] post: tags: - Organizations operationId: CreateOrganizationUserRole description: | Add role to an organization user.

create:organization_user_roles

summary: Add Organization User Role parameters: - name: org_code in: path description: The organization's code. required: true schema: type: string nullable: false - name: user_id in: path description: The user's id. required: true schema: type: string nullable: false requestBody: description: Role details. required: true content: application/json: schema: type: object properties: role_id: description: The role id. type: string responses: '200': description: Role successfully added. content: application/json: schema: $ref: '#/components/schemas/success_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/success_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/organizations/{org_code}/users/{user_id}/roles/{role_id}: servers: [] delete: tags: - Organizations operationId: DeleteOrganizationUserRole description: | Delete role for an organization user.

delete:organization_user_roles

summary: Delete Organization User Role parameters: - name: org_code in: path description: The organization's code. required: true schema: type: string nullable: false - name: user_id in: path description: The user's id. required: true schema: type: string nullable: false - name: role_id in: path description: The role id. required: true schema: type: string nullable: false responses: '200': description: User successfully removed. content: application/json: schema: $ref: '#/components/schemas/success_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/success_response' '400': description: Error creating user. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/organizations/{org_code}/users/{user_id}/permissions: servers: [] get: tags: - Organizations operationId: GetOrganizationUserPermissions x-scope: read:organization_user_permissions description: | Get permissions for an organization user.

read:organization_user_permissions

summary: List Organization User Permissions parameters: - name: org_code in: path description: The organization's code. required: true schema: type: string nullable: false - name: user_id in: path description: The user's id. required: true schema: type: string nullable: false - name: expand in: query description: 'Additional data to include in the response. Allowed value: "roles".' required: false schema: type: string nullable: true responses: '200': description: A successful response with a list of user permissions. content: application/json: schema: $ref: '#/components/schemas/get_organizations_user_permissions_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/get_organizations_user_permissions_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] post: tags: - Organizations operationId: CreateOrganizationUserPermission description: | Add permission to an organization user.

create:organization_user_permissions

summary: Add Organization User Permission parameters: - name: org_code in: path description: The organization's code. required: true schema: type: string nullable: false - name: user_id in: path description: The user's id. required: true schema: type: string nullable: false requestBody: description: Permission details. required: true content: application/json: schema: type: object properties: permission_id: description: The permission id. type: string responses: '200': description: User permission successfully updated. content: application/json: schema: $ref: '#/components/schemas/success_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/success_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/organizations/{org_code}/users/{user_id}/permissions/{permission_id}: servers: [] delete: tags: - Organizations operationId: DeleteOrganizationUserPermission description: | Delete permission for an organization user.

delete:organization_user_permissions

summary: Delete Organization User Permission parameters: - name: org_code in: path description: The organization's code. required: true schema: type: string nullable: false - name: user_id in: path description: The user's id. required: true schema: type: string nullable: false - name: permission_id in: path description: The permission id. required: true schema: type: string nullable: false responses: '200': description: User successfully removed. content: application/json: schema: $ref: '#/components/schemas/success_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/success_response' '400': description: Error creating user. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/organizations/{org_code}/users/{user_id}: servers: [] delete: tags: - Organizations operationId: RemoveOrganizationUser description: | Remove user from an organization.

delete:organization_users

summary: Remove Organization User parameters: - name: org_code in: path description: The organization's code. required: true schema: type: string nullable: false - name: user_id in: path description: The user's id. required: true schema: type: string nullable: false responses: '200': description: User successfully removed from organization content: application/json: schema: $ref: '#/components/schemas/success_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/success_response' '400': description: Error removing user content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/organizations/{org_code}/users/{user_id}/apis/{api_id}/scopes/{scope_id}: servers: [] post: tags: - Organizations operationId: addOrganizationUserAPIScope summary: Add scope to organization user api parameters: - name: org_code in: path description: The identifier for the organization. required: true schema: type: string - name: user_id in: path description: User ID required: true schema: type: string nullable: false example: kp_5ce676e5d6a24bc9aac2fba35a46e958 - name: api_id in: path description: API ID required: true schema: type: string nullable: false example: 838f208d006a482dbd8cdb79a9889f68 - name: scope_id in: path description: Scope ID required: true schema: type: string nullable: false example: api_scope_019391daf58d87d8a7213419c016ac95 description: | Add a scope to an organization user api.

create:organization_user_api_scopes

responses: '200': description: API scope successfully added to organization user api '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] delete: tags: - Organizations operationId: deleteOrganizationUserAPIScope summary: Delete scope from organization user API parameters: - name: org_code in: path description: The identifier for the organization. required: true schema: type: string - name: user_id in: path description: User ID required: true schema: type: string nullable: false example: kp_5ce676e5d6a24bc9aac2fba35a46e958 - name: api_id in: path description: API ID required: true schema: type: string nullable: false example: 838f208d006a482dbd8cdb79a9889f68 - name: scope_id in: path description: Scope ID required: true schema: type: string nullable: false example: api_scope_019391daf58d87d8a7213419c016ac95 description: | Delete a scope from an organization user api you previously created.

delete:organization_user_api_scopes

responses: '200': description: Organization user API scope successfully deleted. '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/organizations/{org_code}/users/{user_id}/mfa: servers: [] get: tags: - Organizations operationId: GetOrgUserMFA description: | Get an organization user’s MFA configuration.

read:organization_user_mfa

summary: Get an organization user's MFA configuration parameters: - name: org_code in: path description: The identifier for the organization. required: true schema: type: string example: org_1ccfb819462 - name: user_id in: path description: The identifier for the user required: true schema: type: string example: kp_c3143a4b50ad43c88e541d9077681782 responses: '200': description: Successfully retrieve user's MFA configuration. content: application/json: schema: $ref: '#/components/schemas/get_user_mfa_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '404': $ref: '#/components/responses/not_found' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] delete: tags: - Organizations operationId: ResetOrgUserMFAAll description: | Reset all organization MFA factors for a user.

delete:organization_user_mfa

summary: Reset all organization MFA for a user parameters: - name: org_code in: path description: The identifier for the organization. required: true schema: type: string example: org_1ccfb819462 - name: user_id in: path description: The identifier for the user required: true schema: type: string example: kp_c3143a4b50ad43c88e541d9077681782 responses: '200': description: User's MFA successfully reset. content: application/json: schema: $ref: '#/components/schemas/success_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '404': $ref: '#/components/responses/not_found' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/organizations/{org_code}/users/{user_id}/mfa/{factor_id}: servers: [] delete: tags: - Organizations operationId: ResetOrgUserMFA description: | Reset a specific organization MFA factor for a user.

delete:organization_user_mfa

summary: Reset specific organization MFA for a user parameters: - name: org_code in: path description: The identifier for the organization. required: true schema: type: string example: org_1ccfb819462 - name: user_id in: path description: The identifier for the user required: true schema: type: string example: kp_c3143a4b50ad43c88e541d9077681782 - name: factor_id in: path description: The identifier for the MFA factor required: true schema: type: string example: mfa_0193278a00ac29b3f6d4e4d462d55c47 responses: '200': description: User's MFA successfully reset. content: application/json: schema: $ref: '#/components/schemas/success_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '404': $ref: '#/components/responses/not_found' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/organizations/{org_code}/feature_flags: servers: [] get: tags: - Organizations operationId: GetOrganizationFeatureFlags x-scope: read:organization_feature_flags description: | Get all organization feature flags.

read:organization_feature_flags

summary: List Organization Feature Flags parameters: - name: org_code in: path description: The identifier for the organization. required: true schema: type: string responses: '200': description: Feature flag overrides successfully returned. content: application/json: schema: $ref: '#/components/schemas/get_organization_feature_flags_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/get_organization_feature_flags_response' '400': description: Invalid request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] delete: tags: - Organizations operationId: DeleteOrganizationFeatureFlagOverrides description: | Delete all organization feature flag overrides.

delete:organization_feature_flags

summary: Delete Organization Feature Flag Overrides parameters: - name: org_code in: path description: The identifier for the organization. required: true schema: type: string responses: '200': description: Feature flag overrides successfully deleted. content: application/json: schema: $ref: '#/components/schemas/success_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/success_response' '400': description: Invalid request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/organizations/{org_code}/feature_flags/{feature_flag_key}: servers: [] delete: tags: - Organizations operationId: DeleteOrganizationFeatureFlagOverride description: | Delete organization feature flag override.

delete:organization_feature_flags

summary: Delete Organization Feature Flag Override parameters: - name: org_code in: path description: The identifier for the organization. required: true schema: type: string - name: feature_flag_key in: path description: The identifier for the feature flag. required: true schema: type: string responses: '200': description: Feature flag override successfully deleted. content: application/json: schema: $ref: '#/components/schemas/success_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/success_response' '400': description: Invalid request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] patch: tags: - Organizations operationId: UpdateOrganizationFeatureFlagOverride description: | Update organization feature flag override.

update:organization_feature_flags

summary: Update Organization Feature Flag Override parameters: - name: org_code in: path description: The identifier for the organization required: true schema: type: string - name: feature_flag_key in: path description: The identifier for the feature flag required: true schema: type: string - name: value in: query description: Override value required: true schema: type: string responses: '200': description: Feature flag override successfully updated. content: application/json: schema: $ref: '#/components/schemas/success_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/success_response' '400': description: Invalid request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/organizations/{org_code}/properties/{property_key}: servers: [] put: tags: - Organizations operationId: UpdateOrganizationProperty description: | Update organization property value.

update:organization_properties

summary: Update Organization Property value parameters: - name: org_code in: path description: The identifier for the organization required: true schema: type: string - name: property_key in: path description: The identifier for the property required: true schema: type: string - name: value in: query description: The new property value required: true schema: type: string responses: '200': description: Property successfully updated. content: application/json: schema: $ref: '#/components/schemas/success_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/success_response' '400': description: Invalid request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/organizations/{org_code}/properties: servers: [] get: tags: - Organizations operationId: GetOrganizationPropertyValues description: | Gets properties for an organization by org code.

read:organization_properties

summary: Get Organization Property Values parameters: - name: org_code in: path description: The organization's code. required: true schema: type: string nullable: false responses: '200': description: Properties successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/get_property_values_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/get_property_values_response' '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] patch: tags: - Organizations operationId: UpdateOrganizationProperties description: | Update organization property values.

update:organization_properties

summary: Update Organization Property values parameters: - name: org_code in: path description: The identifier for the organization required: true schema: type: string requestBody: description: Properties to update. required: true content: application/json: schema: type: object properties: properties: description: Property keys and values type: object nullable: false required: - properties responses: '200': description: Properties successfully updated. content: application/json: schema: $ref: '#/components/schemas/success_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/success_response' '400': description: Invalid request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/organizations/{org_code}/mfa: servers: [] put: tags: - Organizations operationId: ReplaceOrganizationMFA description: | Replace Organization MFA Configuration.

update:organization_mfa

summary: Replace Organization MFA Configuration parameters: - name: org_code in: path description: The identifier for the organization required: true schema: type: string requestBody: description: MFA details. required: true content: application/json: schema: type: object properties: enabled_factors: description: The MFA methods to enable. type: array nullable: false items: type: string enum: - mfa:email - mfa:sms - mfa:authenticator_app is_recovery_codes_enabled: description: Determines whether recovery codes are shown to users during MFA setup for this specific organization. This overrides the environment-level setting. type: boolean default: true required: - enabled_factors responses: '200': description: MFA Configuration updated successfully. content: application/json: schema: $ref: '#/components/schemas/success_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/organization/{org_code}/handle: servers: [] delete: tags: - Organizations operationId: DeleteOrganizationHandle description: | Delete organization handle

delete:organization_handles

summary: Delete organization handle parameters: - name: org_code in: path description: The organization's code. required: true schema: type: string nullable: false responses: '200': description: Handle successfully deleted. content: application/json: schema: $ref: '#/components/schemas/success_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/success_response' '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/organizations/{org_code}/logos: servers: [] get: tags: - Organizations operationId: ReadOrganizationLogo description: | Read organization logo details

read:organizations

summary: Read organization logo details parameters: - name: org_code in: path description: The organization's code. required: true schema: type: string nullable: false example: org_1ccfb819462 responses: '200': description: Successfully retrieved organization logo details content: application/json: schema: $ref: '#/components/schemas/read_logo_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/organizations/{org_code}/logos/{type}: servers: [] post: tags: - Organizations operationId: AddOrganizationLogo description: | Add organization logo

update:organizations

summary: Add organization logo parameters: - name: org_code in: path description: The organization's code. required: true schema: type: string nullable: false example: org_1ccfb819462 - name: type in: path description: The type of logo to add. required: true schema: type: string example: dark enum: - dark - light requestBody: description: Organization logo details. required: true content: multipart/form-data: schema: type: object required: - logo properties: logo: type: string format: binary description: The logo file to upload. responses: '200': description: Organization logo successfully updated content: application/json: schema: $ref: '#/components/schemas/success_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] delete: tags: - Organizations operationId: DeleteOrganizationLogo description: | Delete organization logo

update:organizations

summary: Delete organization logo parameters: - name: org_code in: path description: The organization's code. required: true schema: type: string nullable: false example: org_1ccfb819462 - name: type in: path description: The type of logo to delete. required: true schema: type: string example: dark enum: - dark - light responses: '200': description: Organization logo successfully deleted content: application/json: schema: $ref: '#/components/schemas/success_response' '204': description: No logo found to delete '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/organizations/{organization_code}/connections: servers: [] get: tags: - Organizations operationId: GetOrganizationConnections description: | Gets all connections for an organization.

read:organization_connections

summary: Get connections parameters: - name: organization_code in: path description: The organization code. required: true schema: type: string nullable: false example: org_7d45b01ef13 responses: '200': description: Organization connections successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/get_connections_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/organizations/{organization_code}/connections/{connection_id}: servers: [] post: tags: - Organizations operationId: EnableOrgConnection summary: Enable connection description: | Enable an auth connection for an organization.

create:organization_connections

parameters: - name: organization_code in: path description: The unique code for the organization. required: true schema: type: string example: org_7d45b01ef13 - name: connection_id in: path description: The identifier for the connection. required: true schema: type: string example: conn_0192c16abb53b44277e597d31877ba5b responses: '200': description: Connection successfully enabled. '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] delete: tags: - Organizations operationId: RemoveOrgConnection summary: Remove connection description: | Turn off an auth connection for an organization

delete:organization_connections

parameters: - name: organization_code in: path description: The unique code for the organization. required: true schema: type: string example: org_7d45b01ef13 - name: connection_id in: path description: The identifier for the connection. required: true schema: type: string example: conn_0192c16abb53b44277e597d31877ba5b responses: '200': description: Connection successfully removed. content: application/json: schema: $ref: '#/components/schemas/success_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/organizations/{org_code}/sessions: servers: [] patch: tags: - Organizations operationId: UpdateOrganizationSessions description: | Update the organization's session configuration.

update:organizations

summary: Update organization session configuration parameters: - name: org_code in: path description: The organization's code. required: true schema: type: string nullable: false example: org_1ccfb819462 requestBody: description: Organization session configuration. required: true content: application/json: schema: type: object properties: is_use_org_sso_session_policy: type: boolean description: Whether to use the organization's SSO session policy override. sso_session_persistence_mode: type: string enum: - persistent - non_persistent description: Determines if the session should be persistent or not. is_use_org_authenticated_session_lifetime: type: boolean description: Whether to apply the organization's authenticated session lifetime override. authenticated_session_lifetime: type: integer description: Authenticated session lifetime in seconds. example: 86400 responses: '200': description: Organization sessions successfully updated content: application/json: schema: $ref: '#/components/schemas/success_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/permissions: servers: [] get: tags: - Permissions operationId: GetPermissions x-scope: read:permissions description: | The returned list can be sorted by permission name or permission ID in ascending or descending order. The number of records to return at a time can also be controlled using the `page_size` query string parameter.

read:permissions

summary: List Permissions parameters: - name: sort in: query description: Field and order to sort the result by. schema: type: string nullable: true enum: - name_asc - name_desc - id_asc - id_desc - name: page_size in: query description: Number of results per page. Defaults to 10 if parameter not sent. schema: type: integer nullable: true - name: next_token in: query description: A string to get the next page of results if there are more results. schema: type: string nullable: true responses: '200': description: Permissions successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/get_permissions_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/get_permissions_response' '403': description: Invalid credentials. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '429': description: Request was throttled. security: - kindeBearerAuth: [] post: tags: - Permissions operationId: CreatePermission x-scope: create:permissions description: | Create a new permission.

create:permissions

summary: Create Permission requestBody: description: Permission details. required: false content: application/json: schema: type: object properties: name: description: The permission's name. type: string description: description: The permission's description. type: string key: description: The permission identifier to use in code. type: string responses: '201': description: Permission successfully created content: application/json: schema: $ref: '#/components/schemas/success_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/success_response' '400': description: Invalid request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/permissions/{permission_id}: servers: [] patch: tags: - Permissions operationId: UpdatePermissions x-scope: update:permissions description: | Update permission

update:permissions

summary: Update Permission parameters: - name: permission_id in: path description: The identifier for the permission. required: true schema: type: string nullable: false requestBody: description: Permission details. required: false content: application/json: schema: type: object properties: name: description: The permission's name. type: string description: description: The permission's description. type: string key: description: The permission identifier to use in code. type: string responses: '200': description: Permission successfully updated content: application/json: schema: $ref: '#/components/schemas/success_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/success_response' '400': description: Invalid request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '429': description: Request was throttled. security: - kindeBearerAuth: [] delete: tags: - Permissions operationId: DeletePermission x-scope: delete:permissions description: | Delete permission

delete:permissions

summary: Delete Permission parameters: - name: permission_id in: path description: The identifier for the permission. required: true schema: type: string responses: '200': description: permission successfully updated. content: application/json: schema: $ref: '#/components/schemas/success_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/success_response' '400': description: Invalid request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/properties: servers: [] get: tags: - Properties operationId: GetProperties x-scope: read:properties description: | Returns a list of properties

read:properties

summary: List properties parameters: - name: page_size in: query description: Number of results per page. Defaults to 10 if parameter not sent. schema: type: integer nullable: true - name: starting_after in: query description: The ID of the property to start after. schema: type: string nullable: true - name: ending_before in: query description: The ID of the property to end before. schema: type: string nullable: true - name: context in: query description: Filter results by user, organization or application context schema: type: string nullable: true enum: - usr - org - app responses: '200': description: Properties successfully retrieved. content: application/json; charset=utf-8: schema: $ref: '#/components/schemas/get_properties_response' application/json: schema: $ref: '#/components/schemas/get_properties_response' '400': description: Invalid request. content: application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' application/json: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. content: application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' application/json: schema: $ref: '#/components/schemas/error_response' '429': description: Request was throttled. security: - kindeBearerAuth: [] post: tags: - Properties operationId: CreateProperty x-scope: create:properties description: | Create property.

create:properties

summary: Create Property requestBody: description: Property details. required: true content: application/json: schema: type: object properties: name: description: The name of the property. type: string nullable: false description: description: Description of the property purpose. type: string nullable: false key: description: The property identifier to use in code. type: string nullable: false type: description: The property type. type: string enum: - single_line_text - multi_line_text nullable: false context: description: The context that the property applies to. type: string enum: - org - usr - app nullable: false is_private: description: Whether the property can be included in id and access tokens. type: boolean nullable: false category_id: description: Which category the property belongs to. type: string nullable: false required: - name - key - type - context - is_private - category_id responses: '201': description: Property successfully created content: application/json: schema: $ref: '#/components/schemas/create_property_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/create_property_response' '400': description: Invalid request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/properties/{property_id}: servers: [] put: tags: - Properties operationId: UpdateProperty x-scope: update:properties description: | Update property.

update:properties

summary: Update Property parameters: - name: property_id in: path description: The unique identifier for the property. required: true schema: type: string requestBody: description: The fields of the property to update. required: true content: application/json: schema: type: object properties: name: description: The name of the property. type: string nullable: false description: type: string description: Description of the property purpose. is_private: type: boolean description: Whether the property can be included in id and access tokens. category_id: description: Which category the property belongs to. type: string nullable: false required: - name - is_private - category_id responses: '200': description: Property successfully updated. content: application/json: schema: $ref: '#/components/schemas/success_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/success_response' '400': description: Invalid request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] delete: tags: - Properties operationId: DeleteProperty x-scope: delete:properties description: | Delete property.

delete:properties

summary: Delete Property parameters: - name: property_id in: path description: The unique identifier for the property. required: true schema: type: string responses: '200': description: Property successfully deleted. content: application/json: schema: $ref: '#/components/schemas/success_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/success_response' '400': description: Invalid request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/property_categories: servers: [] get: tags: - Property Categories operationId: GetCategories x-scope: read:property_categories description: | Returns a list of categories.

read:property_categories

summary: List categories parameters: - name: page_size in: query description: Number of results per page. Defaults to 10 if parameter not sent. schema: type: integer nullable: true - name: starting_after in: query description: The ID of the category to start after. schema: type: string nullable: true - name: ending_before in: query description: The ID of the category to end before. schema: type: string nullable: true - name: context in: query description: Filter the results by User or Organization context schema: type: string nullable: true enum: - usr - org responses: '200': description: Categories successfully retrieved. content: application/json; charset=utf-8: schema: $ref: '#/components/schemas/get_categories_response' application/json: schema: $ref: '#/components/schemas/get_categories_response' '400': description: Invalid request. content: application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' application/json: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. content: application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' application/json: schema: $ref: '#/components/schemas/error_response' '429': description: Request was throttled. security: - kindeBearerAuth: [] post: tags: - Property Categories operationId: CreateCategory x-scope: create:property_categories description: | Create category.

create:property_categories

summary: Create Category requestBody: description: Category details. required: true content: application/json: schema: type: object properties: name: description: The name of the category. type: string nullable: false context: description: The context that the category applies to. type: string enum: - org - usr - app nullable: false required: - name - context responses: '201': description: Category successfully created content: application/json: schema: $ref: '#/components/schemas/create_category_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/create_category_response' '400': description: Invalid request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/property_categories/{category_id}: servers: [] put: tags: - Property Categories operationId: UpdateCategory description: | Update category.

update:property_categories

summary: Update Category parameters: - name: category_id in: path description: The unique identifier for the category. required: true schema: type: string requestBody: description: The fields of the category to update. required: true content: application/json: schema: type: object properties: name: description: The name of the category. type: string nullable: false responses: '200': description: category successfully updated. content: application/json: schema: $ref: '#/components/schemas/success_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/success_response' '400': description: Invalid request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/roles: servers: [] get: tags: - Roles operationId: GetRoles x-scope: read:roles description: | The returned list can be sorted by role name or role ID in ascending or descending order. The number of records to return at a time can also be controlled using the `page_size` query string parameter.

read:roles

summary: List roles parameters: - name: sort in: query description: Field and order to sort the result by. schema: type: string nullable: true enum: - name_asc - name_desc - id_asc - id_desc - name: page_size in: query description: Number of results per page. Defaults to 10 if parameter not sent. schema: type: integer nullable: true - name: next_token in: query description: A string to get the next page of results if there are more results. schema: type: string nullable: true responses: '200': description: Roles successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/get_roles_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] post: tags: - Roles operationId: CreateRole x-scope: create:roles description: | Create role.

create:roles

summary: Create role requestBody: description: Role details. required: false content: application/json: schema: type: object properties: name: description: The role's name. type: string description: description: The role's description. type: string key: description: The role identifier to use in code. type: string is_default_role: description: Set role as default for new users. type: boolean assignment_permission_id: description: The public ID of the permission required to assign this role to users. If null, no permission is required. type: string format: uuid nullable: true responses: '201': description: Role successfully created content: application/json: schema: $ref: '#/components/schemas/create_roles_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/roles/{role_id}: servers: [] get: tags: - Roles operationId: GetRole x-scope: read:roles description: | Get a role

read:roles

summary: Get role parameters: - name: role_id in: path description: The identifier for the role. schema: type: string required: true responses: '200': description: Role successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/get_role_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] patch: tags: - Roles operationId: UpdateRoles x-scope: update:roles description: | Update a role

update:roles

summary: Update role parameters: - name: role_id in: path description: The identifier for the role. schema: type: string required: true requestBody: description: Role details. required: false content: application/json: schema: type: object properties: name: description: The role's name. type: string description: description: The role's description. type: string key: description: The role identifier to use in code. type: string is_default_role: description: Set role as default for new users. type: boolean assignment_permission_id: description: The public ID of the permission required to assign this role to users. If null, no change to the assignment permission is made. If set to 'NO_PERMISSION_REQUIRED', no permission is required. type: string format: uuid nullable: true required: - name - key responses: '201': description: Role successfully updated content: application/json: schema: $ref: '#/components/schemas/success_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] delete: tags: - Roles operationId: DeleteRole x-scope: delete:roles description: | Delete role

delete:roles

summary: Delete role parameters: - name: role_id in: path description: The identifier for the role. required: true schema: type: string responses: '200': description: Role successfully deleted. content: application/json: schema: $ref: '#/components/schemas/success_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/roles/{role_id}/scopes: servers: [] get: tags: - Roles operationId: GetRoleScopes x-scope: read:role_scopes description: | Get scopes for a role.

read:role_scopes

summary: Get role scopes parameters: - name: role_id in: path description: The role id. required: true schema: type: string nullable: false responses: '200': description: A list of scopes for a role content: application/json: schema: $ref: '#/components/schemas/role_scopes_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/role_scopes_response' '400': description: Error removing user content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] post: tags: - Roles operationId: AddRoleScope x-scope: create:role_scopes description: | Add scope to role.

create:role_scopes

summary: Add role scope parameters: - name: role_id in: path description: The role id. required: true schema: type: string nullable: false requestBody: description: Add scope to role. required: true content: application/json: schema: type: object properties: scope_id: description: The scope identifier. type: string required: - scope_id responses: '201': description: Role scope successfully added. content: application/json: schema: $ref: '#/components/schemas/add_role_scope_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/roles/{role_id}/scopes/{scope_id}: servers: [] delete: tags: - Roles operationId: DeleteRoleScope x-scope: delete:role_scopes description: | Delete scope from role.

delete:role_scopes

summary: Delete role scope parameters: - name: role_id in: path description: The role id. required: true schema: type: string nullable: false - name: scope_id in: path description: The scope id. required: true schema: type: string nullable: false responses: '200': description: Role scope successfully deleted. content: application/json: schema: $ref: '#/components/schemas/delete_role_scope_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/roles/{role_id}/permissions: servers: [] get: tags: - Roles operationId: GetRolePermissions x-scope: read:role_permissions description: | Get permissions for a role.

read:role_permissions

summary: Get role permissions parameters: - name: role_id in: path description: The role's public id. required: true schema: type: string nullable: false - name: sort in: query description: Field and order to sort the result by. schema: type: string nullable: true enum: - name_asc - name_desc - id_asc - id_desc - name: page_size in: query description: Number of results per page. Defaults to 10 if parameter not sent. schema: type: integer nullable: true - name: next_token in: query description: A string to get the next page of results if there are more results. schema: type: string nullable: true responses: '200': description: A list of permissions for a role content: application/json: schema: $ref: '#/components/schemas/role_permissions_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/role_permissions_response' '400': description: Error removing user content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] patch: tags: - Roles operationId: UpdateRolePermissions x-scope: update:role_permissions description: | Update role permissions.

update:role_permissions

summary: Update role permissions parameters: - name: role_id in: path description: The identifier for the role. required: true schema: type: string nullable: false requestBody: required: true content: application/json: schema: type: object properties: permissions: description: Permissions to add or remove from the role. type: array items: type: object properties: id: description: The permission id. type: string operation: description: Optional operation, set to 'delete' to remove the permission from the role. type: string responses: '200': description: Permissions successfully updated. content: application/json: schema: $ref: '#/components/schemas/update_role_permissions_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/update_role_permissions_response' '403': description: Invalid credentials. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/roles/{role_id}/permissions/{permission_id}: servers: [] delete: tags: - Roles operationId: RemoveRolePermission x-scope: delete:role_permissions description: | Remove a permission from a role.

delete:role_permissions

summary: Remove role permission parameters: - name: role_id in: path description: The role's public id. required: true schema: type: string nullable: false - name: permission_id in: path description: The permission's public id. required: true schema: type: string nullable: false responses: '200': description: Permission successfully removed from role content: application/json: schema: $ref: '#/components/schemas/success_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/success_response' '400': description: Error removing user content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/search/users: servers: [] get: tags: - Search operationId: searchUsers x-scope: read:users description: | Search for users based on the provided query string. Set query to '*' to filter by other parameters only. The number of records to return at a time can be controlled using the `page_size` query string parameter.

read:users

summary: Search users parameters: - name: page_size in: query description: Number of results per page. Defaults to 10 if parameter not sent. schema: type: integer nullable: true - name: query in: query description: Search the users by email or name. Use '*' to search all. schema: type: string nullable: true - name: api_scopes in: query description: Search the users by api scopes. schema: type: string nullable: true - name: properties in: query required: false style: deepObject explode: true schema: type: object additionalProperties: type: array items: type: string - name: starting_after in: query description: The ID of the user to start after. schema: type: string nullable: true - name: ending_before in: query description: The ID of the user to end before. schema: type: string nullable: true - name: expand in: query description: 'Additional data to include in the response. One or more of (comma-separated): "organizations", "identities", "properties".' required: false schema: type: string nullable: true responses: '200': description: Users successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/search_users_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/subscribers: servers: [] get: tags: - Subscribers operationId: GetSubscribers x-scope: read:subscribers description: | The returned list can be sorted by full name or email address in ascending or descending order. The number of records to return at a time can also be controlled using the `page_size` query string parameter.

read:subscribers

summary: List Subscribers parameters: - name: sort in: query description: Field and order to sort the result by. schema: type: string nullable: true enum: - name_asc - name_desc - email_asc - email_desc - name: page_size in: query description: Number of results per page. Defaults to 10 if parameter not sent. schema: type: integer nullable: true - name: next_token in: query description: A string to get the next page of results if there are more results. schema: type: string nullable: true responses: '200': description: Subscriber successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/get_subscribers_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/get_subscribers_response' '403': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '429': description: Request was throttled. security: - kindeBearerAuth: [] post: tags: - Subscribers operationId: CreateSubscriber x-scope: create:subscribers description: | Create subscriber.

create:subscribers

summary: Create Subscriber parameters: - name: first_name in: query description: Subscriber's first name. required: true schema: type: string nullable: false - name: last_name in: query description: Subscriber's last name. required: true schema: type: string nullable: true - name: email in: query description: The email address of the subscriber. required: true schema: type: string nullable: true responses: '201': description: Subscriber successfully created content: application/json: schema: $ref: '#/components/schemas/create_subscriber_success_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/create_subscriber_success_response' '400': description: Invalid request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/subscribers/{subscriber_id}: servers: [] get: tags: - Subscribers operationId: GetSubscriber x-scope: read:subscribers description: | Retrieve a subscriber record.

read:subscribers

summary: Get Subscriber parameters: - name: subscriber_id in: path description: The subscriber's id. required: true schema: type: string nullable: false responses: '200': description: Subscriber successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/get_subscriber_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/get_subscriber_response' '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/users: servers: [] get: tags: - Users operationId: getUsers x-scope: read:users description: | The returned list can be sorted by full name or email address in ascending or descending order. The number of records to return at a time can also be controlled using the `page_size` query string parameter.

read:users

summary: Get users parameters: - name: page_size in: query description: Number of results per page. Defaults to 10 if parameter not sent. schema: type: integer nullable: true - name: user_id in: query description: Filter the results by User ID. The query string should be comma separated and url encoded. schema: type: string nullable: true - name: next_token in: query description: A string to get the next page of results if there are more results. schema: type: string nullable: true - name: email in: query description: Filter the results by email address. The query string should be comma separated and url encoded. schema: type: string nullable: true - name: username in: query description: Filter the results by username. The query string should be comma separated and url encoded. schema: type: string nullable: true - name: phone in: query description: Filter the results by phone. The query string should be comma separated and url encoded. schema: type: string nullable: true - name: expand in: query description: 'Additional data to include in the response. One or more of (comma-separated): "organizations", "identities", "billing".' required: false schema: type: string nullable: true - name: has_organization in: query description: Filter the results by if the user has at least one organization assigned. required: false schema: type: boolean nullable: true - name: active_since in: query description: Filter the results to only include users who have been active since this date. Date should be in ISO 8601 format. required: false schema: type: string format: date-time nullable: true responses: '200': description: Users successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/users_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/users/{user_id}/refresh_claims: servers: [] post: tags: - Users operationId: refreshUserClaims x-scope: update:user_refresh_claims description: | Refreshes the user's claims and invalidates the current cache.

update:user_refresh_claims

summary: Refresh User Claims and Invalidate Cache parameters: - in: path name: user_id schema: type: string required: true description: The id of the user whose claims needs to be updated. responses: '200': description: Claims successfully refreshed. content: application/json; charset=utf-8: schema: $ref: '#/components/schemas/success_response' application/json: schema: $ref: '#/components/schemas/success_response' '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Bad request. content: application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' application/json: schema: $ref: '#/components/schemas/error_response' '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/user: servers: [] get: tags: - Users operationId: getUserData x-scope: read:users description: | Retrieve a user record.

read:users

summary: Get user parameters: - name: id in: query description: The user's id. required: true schema: type: string nullable: false - name: expand in: query description: 'Additional data to include in the response. One or more of (comma-separated): "organizations", "identities", "billing".' required: false schema: type: string nullable: true responses: '200': description: User successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/user' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] post: tags: - Users operationId: createUser description: | Creates a user record and optionally zero or more identities for the user. An example identity could be the email address of the user.

create:users

summary: Create user requestBody: description: The details of the user to create. required: false content: application/json: schema: type: object properties: profile: description: Basic information required to create a user. type: object properties: given_name: type: string description: User's first name. family_name: type: string description: User's last name. picture: type: string description: The user's profile picture. organization_code: description: The unique code associated with the organization you want the user to join. type: string provided_id: description: An external id to reference the user. type: string identities: type: array description: Array of identities to assign to the created user items: type: object description: The result of the user creation operation. properties: type: type: string description: The type of identity to create, e.g. email, username, or phone. enum: - email - phone - username is_verified: type: boolean description: Set whether an email or phone identity is verified or not. example: true details: type: object description: Additional details required to create the user. properties: email: type: string description: The email address of the user. example: email@email.com phone: type: string description: The phone number of the user. example: '+61426148233' phone_country_id: type: string description: The country code for the phone number. example: au username: type: string description: The username of the user. example: myusername example: - type: email is_verified: true details: email: email@email.com - type: phone is_verified: false details: phone: '+61426148233' phone_country_id: au - type: username details: username: myusername responses: '200': description: User successfully created. content: application/json: schema: $ref: '#/components/schemas/create_user_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] patch: tags: - Users operationId: updateUser description: | Update a user record.

update:users

summary: Update user parameters: - name: id in: query description: The user's id. required: true schema: type: string nullable: false requestBody: description: The user to update. required: true content: application/json: schema: type: object properties: given_name: type: string description: User's first name. family_name: type: string description: User's last name. picture: type: string description: The user's profile picture. is_suspended: type: boolean description: Whether the user is currently suspended or not. is_password_reset_requested: type: boolean description: Prompt the user to change their password on next sign in. provided_id: description: An external id to reference the user. type: string responses: '200': description: User successfully updated. content: application/json: schema: $ref: '#/components/schemas/update_user_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] delete: tags: - Users operationId: deleteUser description: | Delete a user record.

delete:users

summary: Delete user parameters: - name: id in: query description: The user's id. required: true schema: type: string nullable: false example: kp_c3143a4b50ad43c88e541d9077681782 - name: is_delete_profile in: query description: Delete all data and remove the user's profile from all of Kinde, including the subscriber list schema: type: boolean nullable: false example: true responses: '200': description: User successfully deleted. content: application/json: schema: $ref: '#/components/schemas/success_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/users/{user_id}/feature_flags/{feature_flag_key}: servers: [] patch: tags: - Users operationId: UpdateUserFeatureFlagOverride description: | Update user feature flag override.

update:user_feature_flags

summary: Update User Feature Flag Override parameters: - name: user_id in: path description: The identifier for the user required: true schema: type: string - name: feature_flag_key in: path description: The identifier for the feature flag required: true schema: type: string - name: value in: query description: Override value required: true schema: type: string responses: '200': description: Feature flag override successfully updated. content: application/json: schema: $ref: '#/components/schemas/success_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/success_response' '400': description: Invalid request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/users/{user_id}/properties/{property_key}: servers: [] put: tags: - Users operationId: UpdateUserProperty description: | Update property value.

update:user_properties

summary: Update Property value parameters: - name: user_id in: path description: The identifier for the user required: true schema: type: string - name: property_key in: path description: The identifier for the property required: true schema: type: string - name: value in: query description: The new property value required: true schema: type: string responses: '200': description: Property successfully updated. content: application/json: schema: $ref: '#/components/schemas/success_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/success_response' '400': description: Invalid request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/users/{user_id}/properties: servers: [] get: tags: - Users operationId: GetUserPropertyValues description: | Gets properties for an user by ID.

read:user_properties

summary: Get property values parameters: - name: user_id in: path description: The user's ID. required: true schema: type: string nullable: false responses: '200': description: Properties successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/get_property_values_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/get_property_values_response' '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] patch: tags: - Users operationId: UpdateUserProperties description: | Update property values.

update:user_properties

summary: Update Property values parameters: - name: user_id in: path description: The identifier for the user required: true schema: type: string requestBody: description: Properties to update. required: true content: application/json: schema: type: object properties: properties: description: Property keys and values type: object nullable: false required: - properties responses: '200': description: Properties successfully updated. content: application/json: schema: $ref: '#/components/schemas/success_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/success_response' '400': description: Invalid request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/users/{user_id}/password: servers: [] put: tags: - Users operationId: SetUserPassword description: | Set user password.

update:user_passwords

summary: Set User password parameters: - name: user_id in: path description: The identifier for the user required: true schema: type: string requestBody: description: Password details. required: true content: application/json: schema: type: object properties: hashed_password: description: The hashed password. type: string hashing_method: description: The hashing method or algorithm used to encrypt the user’s password. Default is bcrypt. type: string enum: - bcrypt - crypt - md5 - wordpress salt: type: string description: Extra characters added to passwords to make them stronger. Not required for bcrypt. salt_position: type: string description: Position of salt in password string. Not required for bcrypt. enum: - prefix - suffix is_temporary_password: type: boolean description: The user will be prompted to set a new password after entering this one. required: - hashed_password responses: '200': description: User successfully created. content: application/json: schema: $ref: '#/components/schemas/success_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/success_response' '400': description: Error creating user. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/users/{user_id}/identities: servers: [] get: tags: - Users operationId: GetUserIdentities x-scope: read:user_identities description: | Gets a list of identities for an user by ID.

read:user_identities

summary: Get identities parameters: - name: user_id in: path description: The user's ID. required: true schema: type: string nullable: false - name: starting_after in: query description: The ID of the identity to start after. schema: type: string nullable: true - name: ending_before in: query description: The ID of the identity to end before. schema: type: string nullable: true responses: '200': description: Identities successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/get_identities_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/get_identities_response' '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] post: tags: - Users operationId: CreateUserIdentity description: | Creates an identity for a user.

create:user_identities

summary: Create identity parameters: - name: user_id in: path description: The user's ID. required: true schema: type: string nullable: false requestBody: description: The identity details. required: false content: application/json: schema: type: object properties: value: type: string description: The email address, social identity, or username of the user. example: sally@example.com type: type: string description: The identity type enum: - email - username - phone - enterprise - social example: email phone_country_id: type: string description: The country code for the phone number, only required when identity type is 'phone'. example: au connection_id: type: string description: The social or enterprise connection ID, only required when identity type is 'social' or 'enterprise'. example: conn_019289347f1193da6c0e4d49b97b4bd2 responses: '201': description: Identity successfully created. content: application/json: schema: $ref: '#/components/schemas/create_identity_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/create_identity_response' '400': description: Error creating identity. content: application/json: schema: $ref: '#/components/schemas/error_response' application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/users/{user_id}/sessions: servers: [] get: tags: - Users operationId: GetUserSessions description: | Retrieve the list of active sessions for a specific user.

read:user_sessions

summary: Get user sessions parameters: - name: user_id in: path description: The identifier for the user required: true schema: type: string example: kp_c3143a4b50ad43c88e541d9077681782 responses: '200': description: Successfully retrieved user sessions. content: application/json: schema: $ref: '#/components/schemas/get_user_sessions_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '404': $ref: '#/components/responses/not_found' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] delete: tags: - Users operationId: DeleteUserSessions description: | Invalidate user sessions.

delete:user_sessions

summary: Delete user sessions parameters: - name: user_id in: path description: The identifier for the user required: true schema: type: string example: kp_c3143a4b50ad43c88e541d9077681782 responses: '200': description: User sessions successfully invalidated. content: application/json: schema: $ref: '#/components/schemas/success_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '404': $ref: '#/components/responses/not_found' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/users/{user_id}/mfa: servers: [] get: tags: - Users operationId: GetUsersMFA description: | Get a user’s MFA configuration.

read:user_mfa

summary: Get user's MFA configuration parameters: - name: user_id in: path description: The identifier for the user required: true schema: type: string example: kp_c3143a4b50ad43c88e541d9077681782 responses: '200': description: Successfully retrieve user's MFA configuration. content: application/json: schema: $ref: '#/components/schemas/get_user_mfa_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '404': $ref: '#/components/responses/not_found' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] delete: tags: - Users operationId: ResetUsersMFAAll description: | Reset all environment MFA factors for a user.

delete:user_mfa

summary: Reset all environment MFA for a user parameters: - name: user_id in: path description: The identifier for the user required: true schema: type: string example: kp_c3143a4b50ad43c88e541d9077681782 responses: '200': description: User's MFA successfully reset. content: application/json: schema: $ref: '#/components/schemas/success_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '404': $ref: '#/components/responses/not_found' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/users/{user_id}/mfa/{factor_id}: servers: [] delete: tags: - Users operationId: ResetUsersMFA description: | Reset a specific environment MFA factor for a user.

delete:user_mfa

summary: Reset specific environment MFA for a user parameters: - name: user_id in: path description: The identifier for the user required: true schema: type: string example: kp_c3143a4b50ad43c88e541d9077681782 - name: factor_id in: path description: The identifier for the MFA factor required: true schema: type: string example: mfa_0193278a00ac29b3f6d4e4d462d55c47 responses: '200': description: User's MFA successfully reset. content: application/json: schema: $ref: '#/components/schemas/success_response' '400': $ref: '#/components/responses/bad_request' '403': $ref: '#/components/responses/forbidden' '404': $ref: '#/components/responses/not_found' '429': $ref: '#/components/responses/too_many_requests' security: - kindeBearerAuth: [] /api/v1/events/{event_id}: servers: [] get: tags: - Webhooks operationId: GetEvent x-scope: read:events description: | Returns an event

read:events

summary: Get Event parameters: - name: event_id in: path description: The event id. required: true schema: type: string nullable: false responses: '200': description: Event successfully retrieved. content: application/json; charset=utf-8: schema: $ref: '#/components/schemas/get_event_response' application/json: schema: $ref: '#/components/schemas/get_event_response' '400': description: Invalid request. content: application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' application/json: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. content: application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' application/json: schema: $ref: '#/components/schemas/error_response' '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/event_types: servers: [] get: tags: - Webhooks operationId: GetEventTypes x-scope: read:event_types description: | Returns a list event type definitions

read:event_types

summary: List Event Types responses: '200': description: Event types successfully retrieved. content: application/json; charset=utf-8: schema: $ref: '#/components/schemas/get_event_types_response' application/json: schema: $ref: '#/components/schemas/get_event_types_response' '400': description: Invalid request. content: application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' application/json: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. content: application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' application/json: schema: $ref: '#/components/schemas/error_response' '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/webhooks/{webhook_id}: servers: [] delete: tags: - Webhooks operationId: DeleteWebHook description: | Delete webhook

delete:webhooks

summary: Delete Webhook parameters: - name: webhook_id in: path description: The webhook id. required: true schema: type: string nullable: false responses: '200': description: Webhook successfully deleted. content: application/json; charset=utf-8: schema: $ref: '#/components/schemas/delete_webhook_response' application/json: schema: $ref: '#/components/schemas/delete_webhook_response' '400': description: Invalid request. content: application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' application/json: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. content: application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' application/json: schema: $ref: '#/components/schemas/error_response' '429': description: Request was throttled. security: - kindeBearerAuth: [] patch: tags: - Webhooks operationId: UpdateWebHook description: | Update a webhook

update:webhooks

summary: Update a Webhook parameters: - name: webhook_id in: path description: The webhook id. required: true schema: type: string nullable: false requestBody: description: Update webhook request specification. required: true content: application/json: schema: type: object properties: event_types: description: Array of event type keys type: array items: type: string nullable: false name: description: The webhook name type: string nullable: false description: description: The webhook description type: string nullable: true responses: '200': description: Webhook successfully updated. content: application/json; charset=utf-8: schema: $ref: '#/components/schemas/update_webhook_response' application/json: schema: $ref: '#/components/schemas/update_webhook_response' '400': description: Invalid request. content: application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' application/json: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. content: application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' application/json: schema: $ref: '#/components/schemas/error_response' '429': description: Request was throttled. security: - kindeBearerAuth: [] /api/v1/webhooks: servers: [] get: tags: - Webhooks operationId: GetWebHooks description: | List webhooks

read:webhooks

summary: List Webhooks responses: '200': description: Webhook list successfully returned. content: application/json; charset=utf-8: schema: $ref: '#/components/schemas/get_webhooks_response' application/json: schema: $ref: '#/components/schemas/get_webhooks_response' '400': description: Invalid request. content: application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' application/json: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. content: application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' application/json: schema: $ref: '#/components/schemas/error_response' '429': description: Request was throttled. security: - kindeBearerAuth: [] post: tags: - Webhooks operationId: CreateWebHook description: | Create a webhook

create:webhooks

summary: Create a Webhook requestBody: description: Webhook request specification. required: true content: application/json: schema: type: object properties: endpoint: description: The webhook endpoint url type: string nullable: false event_types: description: Array of event type keys type: array items: type: string nullable: false name: description: The webhook name type: string nullable: false description: description: The webhook description type: string nullable: true required: - endpoint - event_types - name responses: '200': description: Webhook successfully created. content: application/json; charset=utf-8: schema: $ref: '#/components/schemas/create_webhook_response' application/json: schema: $ref: '#/components/schemas/create_webhook_response' '400': description: Invalid request. content: application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' application/json: schema: $ref: '#/components/schemas/error_response' '403': description: Invalid credentials. content: application/json; charset=utf-8: schema: $ref: '#/components/schemas/error_response' application/json: schema: $ref: '#/components/schemas/error_response' '429': description: Request was throttled. security: - kindeBearerAuth: [] components: parameters: api_id: in: path name: api_id description: The API's ID. required: true schema: type: string example: 7ccd126599aa422a771abcb341596881 application_id: in: path name: application_id description: The application's ID / client ID. required: true schema: type: string example: 3b0b5c6c8fcc464fab397f4969b5f482 property_key: in: path name: property_key description: The property's key. required: true schema: type: string example: kp_some_key variable_id: in: path name: variable_id description: The environment variable's ID. required: true schema: type: string example: env_var_0192b1941f125645fa15bf28a662a0b3 responses: bad_request: description: Invalid request. content: application/json: schema: $ref: '#/components/schemas/error_response' not_found: description: The specified resource was not found content: application/json: schema: $ref: '#/components/schemas/not_found_response' forbidden: description: Unauthorized - invalid credentials. content: application/json: schema: $ref: '#/components/schemas/error_response' too_many_requests: description: Too many requests. Request was throttled. content: application/json: schema: $ref: '#/components/schemas/error_response' schemas: success_response: type: object properties: message: type: string example: Success code: type: string example: OK error: type: object properties: code: type: string description: Error code. message: type: string description: Error message. error_response: type: object properties: errors: type: array items: $ref: '#/components/schemas/error' not_found_response: type: object properties: errors: type: object properties: code: type: string example: ROUTE_NOT_FOUND message: type: string example: The requested API route does not exist get_apis_response: type: object properties: code: type: string description: Response code. example: OK message: type: string description: Response message. example: Success next_token: type: string description: Pagination token. example: Njo5Om1hvWVfYXNj apis: type: array items: type: object properties: id: description: The unique ID for the API. type: string example: 7ccd126599aa422a771abcb341596881 name: type: string description: The API's name. example: Example API audience: type: string description: A unique identifier for the API - commonly the URL. This value will be used as the `audience` parameter in authorization claims. example: https://api.example.com is_management_api: type: boolean description: Whether or not it is the Kinde management API. example: false scopes: type: array items: type: object properties: id: type: string example: api_scope_01939128c3d7193ae87c4755213c07c6 key: type: string example: create:apis create_apis_response: type: object properties: message: type: string description: A Kinde generated message. example: Success code: type: string description: A Kinde generated status code. example: OK api: type: object properties: id: description: The unique ID for the API. type: string example: 7ccd126599aa422a771abcb341596881 create_api_scopes_response: type: object properties: message: type: string description: A Kinde generated message. example: Success code: type: string description: A Kinde generated status code. example: OK scope: type: object properties: id: description: The unique ID for the API scope. type: string example: api_scope_0193ab57965aef77b2b687d0ef673713 get_environment_variables_response: type: object properties: code: type: string description: Response code. example: OK message: type: string description: Response message. example: Success has_more: description: Whether more records exist. type: boolean environment_variables: type: array items: $ref: '#/components/schemas/environment_variable' get_environment_variable_response: type: object properties: code: type: string description: Response code. example: OK message: type: string description: Response message. example: Success environment_variable: $ref: '#/components/schemas/environment_variable' create_environment_variable_response: type: object properties: message: type: string description: A Kinde generated message. example: Environment variable created code: type: string description: A Kinde generated status code. example: VARIABLE_CREATED environment_variable: type: object properties: id: description: The unique ID for the environment variable. type: string example: env_var_0192b194f6156fb7452fe38cfb144958 update_environment_variable_response: type: object properties: message: type: string description: A Kinde generated message. example: Environment variable updated code: type: string description: A Kinde generated status code. example: ENVIRONMENT_VARIABLE_UPDATED delete_environment_variable_response: type: object properties: message: type: string description: A Kinde generated message. example: Environment variable deleted code: type: string description: A Kinde generated status code. example: ENVIRONMENT_VARIABLE_DELETED get_business_response: type: object properties: code: type: string description: Response code. example: OK message: type: string description: Response message. example: Success business: type: object properties: code: type: string description: The unique ID for the business. example: bus_c69fb73b091 name: type: string description: Your business's name. example: Tailsforce Ltd phone: type: string description: Phone number associated with business. example: 555-555-5555 nullable: true email: type: string description: Email address associated with business. example: sally@example.com nullable: true industry: type: string description: The industry your business is in. example: Healthcare & Medical nullable: true timezone: type: string description: The timezone your business is in. example: Los Angeles (Pacific Standard Time) nullable: true privacy_url: type: string description: Your Privacy policy URL. example: https://example.com/privacy nullable: true terms_url: type: string description: Your Terms and Conditions URL. example: https://example.com/terms nullable: true has_clickwrap: type: boolean description: Whether your business uses clickwrap agreements. example: false has_kinde_branding: type: boolean description: Whether your business shows Kinde branding. example: true created_on: type: string description: Date of business creation in ISO 8601 format. example: '2021-01-01T00:00:00Z' get_industries_response: type: object properties: code: type: string description: Response code. example: OK message: type: string description: Response message. example: Success industries: type: array items: type: object properties: key: description: The unique key for the industry. type: string example: administration_office_support name: type: string description: The display name for the industry. example: Administration & Office Support get_timezones_response: type: object properties: code: type: string description: Response code. example: OK message: type: string description: Response message. example: Success timezones: type: array items: type: object properties: key: description: The unique key for the timezone. type: string example: london_greenwich_mean_time name: type: string description: The display name for the timezone. example: London (Greenwich Mean Time) [+01:00] get_api_response: type: object properties: code: type: string description: Response code. example: OK message: type: string description: Response message. example: success_response api: type: object properties: id: type: string description: Unique ID of the API. example: 7ccd126599aa422a771abcb341596881 name: type: string description: The API's name. example: Example API audience: type: string description: A unique identifier for the API - commonly the URL. This value will be used as the `audience` parameter in authorization claims. example: https://api.example.com is_management_api: type: boolean description: Whether or not it is the Kinde management API. example: false scopes: type: array items: type: object properties: id: type: string description: The ID of the scope. example: api_scope_01939222ef24200668b9f5829af001ce key: type: string description: The reference key for the scope. example: read:logs applications: type: array items: type: object properties: id: type: string description: The Client ID of the application. example: 3b0b5c6c8fcc464fab397f4969b5f482 name: type: string description: The application's name. example: My M2M app type: type: string description: The application's type. enum: - Machine to machine (M2M) - Back-end web - Front-end and mobile - Device and IoT example: Machine to machine (M2M) is_active: type: boolean description: Whether or not the application is authorized to access the API example: true nullable: true get_api_scopes_response: type: object properties: code: type: string description: Response code. example: OK message: type: string description: Response message. example: success_response scopes: type: array items: type: object properties: id: type: string description: Unique ID of the API scope. example: api_scope_01939128c3d7193ae87c4755213c07c6 key: type: string description: The scope's reference key. example: read:logs description: type: string description: Explanation of the scope purpose. example: Read logs scope get_api_scope_response: type: object properties: code: type: string description: Response code. example: OK message: type: string description: Response message. example: success_response scope: type: object properties: id: type: string description: Unique ID of the API scope. example: api_scope_01939128c3d7193ae87c4755213c07c6 key: type: string description: The scope's reference key. example: read:logs description: type: string description: Explanation of the scope purpose. example: Read logs scope authorize_app_api_response: type: object properties: message: type: string example: API applications updated code: type: string example: API_APPLICATIONS_UPDATED applications_disconnected: type: array items: type: string applications_connected: type: array items: type: string example: d2db282d6214242b3b145c123f0c123 delete_api_response: type: object properties: message: type: string example: API successfully deleted code: type: string example: API_DELETED user: type: object properties: id: type: string description: Unique ID of the user in Kinde. provided_id: type: string description: External ID for user. preferred_email: type: string description: Default email address of the user in Kinde. phone: type: string description: User's primary phone number. username: type: string description: Primary username of the user in Kinde. last_name: type: string description: User's last name. first_name: type: string description: User's first name. is_suspended: type: boolean description: Whether the user is currently suspended or not. picture: type: string description: User's profile picture URL. total_sign_ins: type: integer description: Total number of user sign ins. nullable: true failed_sign_ins: type: integer description: Number of consecutive failed user sign ins. nullable: true last_signed_in: type: string description: Last sign in date in ISO 8601 format. nullable: true created_on: type: string description: Date of user creation in ISO 8601 format. nullable: true organizations: type: array description: Array of organizations a user belongs to. items: type: string identities: type: array description: Array of identities belonging to the user. items: type: object properties: type: type: string identity: type: string billing: type: object properties: customer_id: type: string update_user_response: type: object properties: id: type: string description: Unique ID of the user in Kinde. given_name: type: string description: User's first name. family_name: type: string description: User's last name. email: type: string description: User's preferred email. is_suspended: type: boolean description: Whether the user is currently suspended or not. is_password_reset_requested: type: boolean description: Whether a password reset has been requested. picture: type: string description: User's profile picture URL. nullable: true users: type: array description: Array of users. items: $ref: '#/components/schemas/user' users_response: type: object properties: code: type: string description: Response code. message: type: string description: Response message. users: type: array items: type: object properties: id: type: string description: Unique ID of the user in Kinde. provided_id: type: string description: External ID for user. email: type: string description: Default email address of the user in Kinde. phone: type: string description: User's primary phone number. username: type: string description: Primary username of the user in Kinde. last_name: type: string description: User's last name. first_name: type: string description: User's first name. is_suspended: type: boolean description: Whether the user is currently suspended or not. picture: type: string description: User's profile picture URL. total_sign_ins: type: integer description: Total number of user sign ins. nullable: true failed_sign_ins: type: integer description: Number of consecutive failed user sign ins. nullable: true last_signed_in: type: string description: Last sign in date in ISO 8601 format. nullable: true created_on: type: string description: Date of user creation in ISO 8601 format. nullable: true last_organization_sign_ins: type: array description: Array of organization sign-in information for the user. nullable: true items: type: object properties: org_code: type: string description: The organization code. example: org_d2d85014942 last_signed_in: type: string format: date-time description: The date and time the user last signed in to this organization in ISO 8601 format. example: '2026-01-28T14:26:02.448856+00:00' organizations: type: array description: Array of organizations a user belongs to. items: type: string identities: type: array description: Array of identities belonging to the user. items: type: object properties: type: type: string identity: type: string billing: type: object properties: customer_id: type: string description: The billing customer id. example: customer_1245adbc6789 next_token: type: string description: Pagination token. search_users_response: type: object properties: code: type: string description: Response code. message: type: string description: Response message. results: type: array items: type: object properties: id: type: string description: Unique ID of the user in Kinde. example: kp_0ba7c433e5d648cf992621ce99d42817 provided_id: type: string description: External ID for user. nullable: true example: U123456 email: type: string description: Default email address of the user in Kinde. nullable: true example: user@domain.com username: type: string description: Primary username of the user in Kinde. nullable: true example: john.snow last_name: type: string description: User's last name. example: Snow first_name: type: string description: User's first name. example: John is_suspended: type: boolean description: Whether the user is currently suspended or not. example: true picture: type: string description: User's profile picture URL. example: https://example.com/john_snow.jpg nullable: true total_sign_ins: type: integer description: Total number of user sign ins. nullable: true example: 1 failed_sign_ins: type: integer description: Number of consecutive failed user sign ins. nullable: true example: 0 last_signed_in: type: string description: Last sign in date in ISO 8601 format. nullable: true example: '2025-02-12T18:02:23.614638+00:00' created_on: type: string description: Date of user creation in ISO 8601 format. nullable: true example: '2025-02-12T18:02:23.614638+00:00' organizations: type: array description: Array of organizations a user belongs to. items: type: string identities: type: array description: Array of identities belonging to the user. items: type: object properties: type: type: string identity: type: string properties: type: object description: The user properties. additionalProperties: type: string api_scopes: type: array description: Array of api scopes belonging to the user. items: type: object properties: org_code: type: string scope: type: string api_id: type: string create_user_response: type: object properties: id: description: Unique ID of the user in Kinde. type: string created: description: True if the user was successfully created. type: boolean identities: type: array items: $ref: '#/components/schemas/user_identity' create_organization_response: type: object properties: message: type: string description: Response message. example: Success code: type: string description: Response code. example: OK organization: type: object properties: code: description: The organization's unique code. type: string example: org_1ccfb819462 billing_customer_id: description: The billing customer id if the organization was created with the is_create_billing_customer as true type: string example: customer_1245adbc6789 user_identity: type: object properties: type: type: string description: The type of identity object created. result: type: object description: The result of the user creation operation. properties: created: type: boolean description: True if the user identity was successfully created. create_property_response: type: object properties: message: type: string code: type: string property: type: object properties: id: description: The property's ID. type: string create_identity_response: type: object properties: message: type: string code: type: string identity: type: object properties: id: description: The identity's ID. type: string get_identities_response: type: object properties: code: type: string description: Response code. message: type: string description: Response message. identities: type: array items: $ref: '#/components/schemas/identity' has_more: description: Whether more records exist. type: boolean get_user_sessions_response: type: object properties: code: type: string example: OK message: type: string example: Success has_more: type: boolean example: false sessions: type: array items: type: object properties: user_id: description: The unique identifier of the user associated with the session. type: string example: kp_5fc30d0547734f30aca617450202169f org_code: description: The organization code associated with the session, if applicable. type: string nullable: true example: org_1ccfb819462 client_id: description: The client ID used to initiate the session. type: string example: 3b0b5c6c8fcc464fab397f4969b5f482 expires_on: description: The timestamp indicating when the session will expire. type: string format: date-time example: '2025-04-02T13:04:20.315701+11:00' session_id: description: The unique identifier of the session. type: string example: session_0xc75ec12fe8434ffc9d527794f00692e5 started_on: description: The timestamp when the session was initiated. type: string format: date-time example: '2025-04-01T13:04:20.315701+11:00' updated_on: description: The timestamp of the last update to the session. type: string format: date-time example: '2025-04-01T13:04:20+11' connection_id: description: The identifier of the connection through which the session was established. type: string example: conn_75ab8ec0faae4f73bae9fc64daf120c9 last_ip_address: description: The last known IP address of the user during this session. type: string example: 192.168.65.1 last_user_agent: description: The last known user agent (browser or app) used during this session. type: string example: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 initial_ip_address: description: The IP address from which the session was initially started. type: string example: 192.168.65.1 initial_user_agent: description: The user agent (browser or app) used when the session was first created. type: string example: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 get_user_mfa_response: type: object properties: message: type: string code: type: string mfa: type: object properties: id: description: The MFA's identifier. type: string example: mfa_01933d1ca1f093e7fad48ebcdb65a871 type: description: The type of MFA (e.g. email, SMS, authenticator app). type: string example: email created_on: description: The timestamp when the MFA was created. type: string format: date-time example: '2024-11-18T13:31:46.795085+11:00' name: description: The identifier used for MFA (e.g. email address, phone number). type: string example: sally@gmail.com is_verified: description: Whether the MFA is verified or not. type: boolean example: true usage_count: description: The number of times MFA has been used. type: integer example: 2 last_used_on: description: The timestamp when the MFA was last used. type: string format: date-time example: '2024-11-18T13:32:07.22538+11:00' get_properties_response: type: object properties: code: type: string description: Response code. message: type: string description: Response message. properties: type: array items: $ref: '#/components/schemas/property' has_more: description: Whether more records exist. type: boolean get_property_values_response: type: object properties: code: type: string description: Response code. message: type: string description: Response message. properties: type: array items: $ref: '#/components/schemas/property_value' next_token: description: Pagination token. type: string create_category_response: type: object properties: message: type: string code: type: string category: type: object properties: id: description: The category's ID. type: string get_categories_response: type: object properties: code: type: string description: Response code. message: type: string description: Response message. categories: type: array items: $ref: '#/components/schemas/category' has_more: description: Whether more records exist. type: boolean get_event_response: type: object properties: code: type: string description: Response code. message: type: string description: Response message. event: type: object properties: type: type: string source: type: string event_id: type: string timestamp: type: integer description: Timestamp in ISO 8601 format. data: type: object description: Event specific data object. get_event_types_response: type: object properties: code: type: string description: Response code. message: type: string description: Response message. event_types: type: array items: $ref: '#/components/schemas/event_type' get_webhooks_response: type: object properties: code: type: string description: Response code. message: type: string description: Response message. webhooks: type: array items: $ref: '#/components/schemas/webhook' webhook: type: object properties: id: type: string name: type: string endpoint: type: string description: type: string event_types: type: array items: type: string created_on: type: string description: Created on date in ISO 8601 format. create_webhook_response: type: object properties: code: type: string description: Response code. message: type: string description: Response message. webhook: type: object properties: id: type: string endpoint: type: string update_webhook_response: type: object properties: message: type: string code: type: string webhook: type: object properties: id: type: string create_connection_response: type: object properties: message: type: string code: type: string connection: type: object properties: id: description: The connection's ID. type: string get_connections_response: type: object properties: code: type: string description: Response code. message: type: string description: Response message. connections: type: array items: $ref: '#/components/schemas/connection' has_more: description: Whether more records exist. type: boolean delete_webhook_response: type: object properties: code: type: string description: Response code. message: type: string description: Response message. event_type: type: object properties: id: type: string code: type: string name: type: string origin: type: string schema: type: object organization_item_schema: type: object properties: code: type: string description: The unique identifier for the organization. example: org_1ccfb819462 name: type: string description: The organization's name. example: Acme Corp handle: type: string description: A unique handle for the organization - can be used for dynamic callback urls. example: acme_corp nullable: true is_default: type: boolean description: Whether the organization is the default organization. example: false external_id: type: string description: The organization's external identifier - commonly used when migrating from or mapping to other systems. example: some1234 nullable: true is_auto_membership_enabled: type: boolean example: true description: If users become members of this organization when the org code is supplied during authentication. get_environment_response: type: object properties: code: type: string description: Response code. example: OK message: type: string description: Response message. example: success_response environment: type: object properties: code: type: string description: The unique identifier for the environment. example: production name: type: string description: The environment's name. example: Production hotjar_site_id: type: string description: Your HotJar site ID. example: 404009 nullable: true google_analytics_tag: type: string description: Your Google Analytics tag. example: G-1234567 nullable: true contentsquare_tag_id: type: string description: Your Contentsquare Tag ID. example: 769238b6e1309 nullable: true is_default: type: boolean description: Whether the environment is the default. Typically this is your production environment. example: true is_live: type: boolean description: Whether the environment is live. example: true kinde_domain: type: string description: Your domain on Kinde example: example.kinde.com custom_domain: type: string description: Your custom domain for the environment nullable: true example: app.example.com logo: type: string nullable: true description: The organization's logo URL. example: https://yoursubdomain.kinde.com/logo?org_code=org_1ccfb819462&cache=311308b8ad3544bf8e572979f0e5748d logo_dark: type: string nullable: true description: The organization's logo URL to be used for dark themes. example: https://yoursubdomain.kinde.com/logo_dark?org_code=org_1ccfb819462&cache=311308b8ad3544bf8e572979f0e5748d favicon_svg: type: string nullable: true description: The organization's SVG favicon URL. Optimal format for most browsers example: https://yoursubdomain.kinde.com/favicon_svg?org_code=org_1ccfb819462&cache=311308b8ad3544bf8e572979f0e5748d favicon_fallback: type: string nullable: true description: The favicon URL to be used as a fallback in browsers that don't support SVG, add a PNG example: https://yoursubdomain.kinde.com/favicon_fallback?org_code=org_1ccfb819462&cache=311308b8ad3544bf8e572979f0e5748d link_color: type: object nullable: true properties: raw: type: string example: '#0056F1' hex: type: string example: '#0056F1' hsl: type: string example: hsl(220, 100%, 50%) background_color: nullable: true type: object properties: raw: type: string example: '#ffffff' hex: type: string example: '#ffffff' hsl: type: string example: hsl(0, 0%, 100%) button_color: nullable: true type: object properties: raw: type: string example: '#0056F1' hex: type: string example: '#0056F1' hsl: type: string example: hsl(220, 100%, 50%) button_text_color: nullable: true type: object properties: raw: type: string example: '#ffffff' hex: type: string example: '#ffffff' hsl: type: string example: hsl(0, 0%, 100%) link_color_dark: type: object nullable: true properties: raw: type: string example: '#0056F1' hex: type: string example: '#0056F1' hsl: type: string example: hsl(220, 100%, 50%) background_color_dark: type: object nullable: true properties: raw: type: string example: '#0056F1' hex: type: string example: '#0056F1' hsl: type: string example: hsl(220, 100%, 50%) button_text_color_dark: type: object nullable: true properties: raw: type: string example: '#0056F1' hex: type: string example: '#0056F1' hsl: type: string example: hsl(220, 100%, 50%) button_color_dark: type: object nullable: true properties: raw: type: string example: '#0056F1' hex: type: string example: '#0056F1' hsl: type: string example: hsl(220, 100%, 50%) button_border_radius: type: integer nullable: true description: The border radius for buttons. Value is px, Kinde transforms to rem for rendering example: 8 card_border_radius: type: integer nullable: true description: The border radius for cards. Value is px, Kinde transforms to rem for rendering example: 16 input_border_radius: type: integer nullable: true description: The border radius for inputs. Value is px, Kinde transforms to rem for rendering example: 4 theme_code: type: string description: Whether the environment is forced into light mode, dark mode or user preference enum: - light - dark - user_preference color_scheme: type: string description: The color scheme for the environment used for meta tags based on the theme code enum: - light - dark - light dark created_on: type: string description: Date of environment creation in ISO 8601 format. example: '2021-01-01T00:00:00Z' get_organization_response: type: object properties: code: type: string description: The unique identifier for the organization. example: org_1ccfb819462 name: type: string description: The organization's name. example: Acme Corp handle: type: string description: A unique handle for the organization - can be used for dynamic callback urls. example: acme_corp nullable: true is_default: type: boolean description: Whether the organization is the default organization. example: false external_id: type: string description: The organization's external identifier - commonly used when migrating from or mapping to other systems. example: some1234 nullable: true is_auto_membership_enabled: type: boolean example: true description: If users become members of this organization when the org code is supplied during authentication. logo: type: string nullable: true description: The organization's logo URL. example: https://yoursubdomain.kinde.com/logo?org_code=org_1ccfb819462&cache=311308b8ad3544bf8e572979f0e5748d logo_dark: type: string nullable: true description: The organization's logo URL to be used for dark themes. example: https://yoursubdomain.kinde.com/logo_dark?org_code=org_1ccfb819462&cache=311308b8ad3544bf8e572979f0e5748d favicon_svg: type: string nullable: true description: The organization's SVG favicon URL. Optimal format for most browsers example: https://yoursubdomain.kinde.com/favicon_svg?org_code=org_1ccfb819462&cache=311308b8ad3544bf8e572979f0e5748d favicon_fallback: type: string nullable: true description: The favicon URL to be used as a fallback in browsers that don't support SVG, add a PNG example: https://yoursubdomain.kinde.com/favicon_fallback?org_code=org_1ccfb819462&cache=311308b8ad3544bf8e572979f0e5748d allowed_domains: type: array description: Domains allowed for self-sign up to this environment. Empty array means no restrictions. example: - https://acme.kinde.com - https://acme.com items: type: string link_color: type: object nullable: true properties: raw: type: string example: '#0056F1' hex: type: string example: '#0056F1' hsl: type: string example: hsl(220, 100%, 50%) background_color: nullable: true type: object properties: raw: type: string example: '#ffffff' hex: type: string example: '#ffffff' hsl: type: string example: hsl(0, 0%, 100%) button_color: nullable: true type: object properties: raw: type: string example: '#0056F1' hex: type: string example: '#0056F1' hsl: type: string example: hsl(220, 100%, 50%) button_text_color: nullable: true type: object properties: raw: type: string example: '#ffffff' hex: type: string example: '#ffffff' hsl: type: string example: hsl(0, 0%, 100%) link_color_dark: type: object nullable: true properties: raw: type: string example: '#0056F1' hex: type: string example: '#0056F1' hsl: type: string example: hsl(220, 100%, 50%) background_color_dark: type: object nullable: true properties: raw: type: string example: '#0056F1' hex: type: string example: '#0056F1' hsl: type: string example: hsl(220, 100%, 50%) button_text_color_dark: type: object nullable: true properties: raw: type: string example: '#0056F1' hex: type: string example: '#0056F1' hsl: type: string example: hsl(220, 100%, 50%) button_color_dark: type: object nullable: true properties: raw: type: string example: '#0056F1' hex: type: string example: '#0056F1' hsl: type: string example: hsl(220, 100%, 50%) button_border_radius: type: integer nullable: true description: The border radius for buttons. Value is px, Kinde transforms to rem for rendering example: 8 card_border_radius: type: integer nullable: true description: The border radius for cards. Value is px, Kinde transforms to rem for rendering example: 16 input_border_radius: type: integer nullable: true description: The border radius for inputs. Value is px, Kinde transforms to rem for rendering example: 4 theme_code: type: string description: Whether the environment is forced into light mode, dark mode or user preference enum: - light - dark - user_preference color_scheme: type: string description: The color scheme for the environment used for meta tags based on the theme code enum: - light - dark - light dark created_on: type: string description: Date of organization creation in ISO 8601 format. example: '2021-01-01T00:00:00Z' is_allow_registrations: nullable: true type: boolean example: true deprecated: true description: Deprecated - Use 'is_auto_membership_enabled' instead sender_name: nullable: true type: string example: Acme Corp description: The name of the organization that will be used in emails sender_email: nullable: true type: string example: hello@acmecorp.com description: The email address that will be used in emails. Requires custom SMTP to be set up. is_suspended: type: boolean description: Whether the organization is currently suspended or not. example: false suspended_on: type: string description: The date the organization was suspended in ISO 8601 format. Null if not suspended. nullable: true example: '2021-01-01T00:00:00Z' billing: type: object description: The billing information if the organization is a billing customer. properties: billing_customer_id: type: string agreements: type: array description: The billing agreements the billing customer is currently subscribed to items: type: object properties: plan_code: type: string example: pro description: The code of the plan from which this agreement is taken from agreement_id: type: string example: agreement_a1234b description: The id of the billing agreement in Kinde organization_user: type: object properties: id: type: string example: kp:97c2ba24217d48e3b96a799b76cf2c74 description: The unique ID for the user. nullable: true email: type: string example: john.snow@example.com description: The user's email address. nullable: true full_name: type: string example: John Snow description: The user's full name. last_name: type: string example: Snow description: The user's last name. nullable: true first_name: type: string example: John description: The user's first name. nullable: true picture: type: string example: https://example.com/john_snow.jpg description: The user's profile picture URL. nullable: true joined_on: type: string example: '2021-01-01T00:00:00Z' description: The date the user joined the organization. last_accessed_on: type: string example: '2022-01-01T00:00:00Z' description: The date the user last accessed the organization. nullable: true is_suspended: type: boolean description: Whether the user is currently suspended or not. example: false roles: type: array description: The roles the user has in the organization. items: type: string example: admin description: The role's key. category: type: object properties: id: type: string name: type: string connection: type: object properties: code: type: string description: Response code. message: type: string description: Response message. connection: type: object properties: id: type: string name: type: string display_name: type: string strategy: type: string environment_variable: type: object properties: id: description: The unique ID for the environment variable. type: string example: env_var_0192b1941f125645fa15bf28a662a0b3 key: type: string description: The name of the environment variable. example: MY_API_KEY value: type: string description: The value of the environment variable. example: some-secret nullable: true is_secret: type: boolean description: Whether the environment variable is sensitive. example: false created_on: type: string description: The date the environment variable was created. example: '2021-01-01T00:00:00Z' identity: type: object properties: id: type: string description: The unique ID for the identity example: identity_019617f0cd72460a42192cf37b41084f type: type: string description: The type of identity example: email is_confirmed: type: boolean description: Whether the identity is confirmed example: true created_on: type: string description: Date of user creation in ISO 8601 format example: '2025-01-01T00:00:00Z' last_login_on: type: string description: Date of last login in ISO 8601 format example: '2025-01-05T00:00:00Z' total_logins: type: integer example: 20 name: type: string description: The value of the identity example: sally@example.com email: type: string description: The associated email of the identity example: sally@example.com is_primary: type: boolean description: Whether the identity is the primary identity for the user nullable: true example: true property: type: object properties: id: type: string key: type: string name: type: string is_private: type: boolean description: type: string is_kinde_property: type: boolean property_value: type: object properties: id: type: string example: prop_0192b7e8b4f8ca08110d2b22059662a8 name: type: string example: Town description: type: string example: Where the entity is located nullable: true key: type: string example: kp_town value: type: string example: West-side Staines massive nullable: true role: type: object properties: id: type: string key: type: string name: type: string description: type: string subscribers_subscriber: type: object properties: id: type: string email: type: string full_name: type: string first_name: type: string last_name: type: string subscriber: type: object properties: id: type: string preferred_email: type: string first_name: type: string last_name: type: string organization_user_role: type: object properties: id: type: string key: type: string name: type: string organization_user_role_permissions: type: object properties: id: type: string role: type: string permissions: type: object properties: key: type: string organization_user_permission: type: object properties: id: type: string key: type: string name: type: string description: type: string roles: type: array items: type: object properties: id: type: string key: type: string organization_users: type: array items: $ref: '#/components/schemas/organization_user' get_subscriber_response: type: object properties: code: type: string description: Response code. message: type: string description: Response message. subscribers: type: array items: $ref: '#/components/schemas/subscriber' get_subscribers_response: type: object properties: code: type: string description: Response code. message: type: string description: Response message. subscribers: type: array items: $ref: '#/components/schemas/subscribers_subscriber' next_token: description: Pagination token. type: string get_roles_response: type: object properties: code: type: string description: Response code. message: type: string description: Response message. roles: type: array items: $ref: '#/components/schemas/roles' next_token: description: Pagination token. type: string get_role_response: type: object properties: code: type: string description: Response code. message: type: string description: Response message. role: type: object properties: id: type: string description: The role's ID. example: 01929904-316d-bb2c-069f-99dfea4ac394 key: type: string description: The role identifier to use in code. example: admin name: type: string description: The role's name. example: Administrator description: type: string description: The role's description. example: Full access to all resources. is_default_role: type: boolean description: Whether the role is the default role. example: false create_roles_response: type: object properties: code: type: string description: Response code. message: type: string description: Response message. role: type: object properties: id: type: string description: The role's ID. add_role_scope_response: type: object properties: code: type: string description: Response code. example: ROLE_SCOPE_ADDED message: type: string description: Response message. example: Scope added to role delete_role_scope_response: type: object properties: code: type: string description: Response code. example: SCOPE_DELETED message: type: string description: Response message. example: Scope deleted from role get_organizations_response: type: object properties: code: type: string description: Response code. example: OK message: type: string description: Response message. example: Success organizations: type: array items: $ref: '#/components/schemas/organization_item_schema' next_token: description: Pagination token. type: string example: Mjo5Om1hbWVfYZNj get_organization_users_response: type: object properties: code: type: string description: Response code. example: OK message: type: string description: Response message. example: Success organization_users: type: array items: $ref: '#/components/schemas/organization_user' next_token: type: string description: Pagination token. get_organizations_user_roles_response: type: object properties: code: type: string description: Response code. message: type: string description: Response message. roles: type: array items: $ref: '#/components/schemas/organization_user_role' next_token: type: string description: Pagination token. get_organizations_user_permissions_response: type: object properties: code: type: string description: Response code. message: type: string description: Response message. permissions: type: array items: $ref: '#/components/schemas/organization_user_permission' get_organization_invites_response: type: object properties: code: type: string description: Response code. example: OK message: type: string description: Response message. example: Success invites: type: array items: $ref: '#/components/schemas/organization_invite' next_token: type: string description: Pagination token. nullable: true get_organization_invite_response: type: object properties: message: type: string description: Response message. example: Success id: type: string description: The invitation's unique identifier. example: inv_abc123def456 code: type: string description: The invitation's code. example: inv_abc123def456 email: type: string description: The email address of the invited user. example: user@example.com first_name: type: string description: The first name of the invited user. nullable: true example: John last_name: type: string description: The last name of the invited user. nullable: true example: Doe full_name: type: string description: The full name of the invited user. example: John Doe created_on: type: string format: date-time description: When the invitation was created. example: '2024-11-18T13:32:03+11' is_sent: type: boolean description: Whether the invitation email was sent. example: true accepted_on: type: string format: date-time description: When the invitation was accepted. nullable: true example: '2024-11-19T10:15:30+11' roles: type: array description: The roles assigned to the invitation. items: type: object properties: key: type: string description: The role's key. example: admin name: type: string description: The role's name. example: Administrator example: - key: admin name: Administrator - key: manager name: Manager is_revoked: type: boolean description: Whether the invitation has been revoked. example: false invite_link: type: string description: URL to share with the invitee to accept the invitation. example: https://example.kinde.com/team_invitation?code=inv_abc123def456 create_organization_invite_response: type: object properties: code: type: string description: Response code. example: INVITATION_CREATED message: type: string description: Response message. example: Invitation created invite: type: object properties: id: type: string description: The invitation's unique identifier. example: inv_abc123def456 code: type: string description: The invitation's code. example: inv_abc123def456 email: type: string description: The email address of the invited user. example: user@example.com first_name: type: string description: The first name of the invited user. nullable: true example: John last_name: type: string description: The last name of the invited user. nullable: true example: Doe full_name: type: string description: The full name of the invited user. example: John Doe created_on: type: string format: date-time description: When the invitation was created. example: '2024-11-18T13:32:03+11' is_sent: type: boolean description: Whether the invitation email was sent. example: true accepted_on: type: string format: date-time description: When the invitation was accepted. Always null for a freshly created invitation. nullable: true example: null roles: type: array description: The roles assigned to the invitation. items: type: object properties: key: type: string description: The role's key. example: admin name: type: string description: The role's name. example: Administrator example: - key: admin name: Administrator - key: manager name: Manager is_revoked: type: boolean description: Whether the invitation has been revoked. Always false for a freshly created invitation. example: false invite_link: type: string description: URL to share with the invitee to accept the invitation. example: https://example.kinde.com/team_invitation?code=inv_abc123def456 organization_invite: type: object properties: id: type: string description: The invitation's unique identifier. example: inv_abc123def456 code: type: string description: The invitation's code. example: inv_abc123def456 email: type: string description: The email address of the invited user. example: user@example.com first_name: type: string description: The first name of the invited user. nullable: true example: John last_name: type: string description: The last name of the invited user. nullable: true example: Doe full_name: type: string description: The full name of the invited user. example: John Doe created_on: type: string format: date-time description: When the invitation was created. example: '2024-11-18T13:32:03+11' is_sent: type: boolean description: Whether the invitation email was sent. example: true accepted_on: type: string format: date-time description: When the invitation was accepted. nullable: true example: '2024-11-19T10:15:30+11' roles: type: array description: The roles assigned to the invitation. items: type: object properties: key: type: string description: The role's key. example: admin name: type: string description: The role's name. example: Administrator example: - key: admin name: Administrator - key: manager name: Manager is_revoked: type: boolean description: Whether the invitation has been revoked. example: false invite_link: type: string description: URL to share with the invitee to accept the invitation. example: https://example.kinde.com/team_invitation?code=inv_abc123def456 get_organization_feature_flags_response: type: object properties: code: type: string description: Response code. message: type: string description: Response message. feature_flags: type: object description: The environment's feature flag settings. additionalProperties: type: object properties: type: type: string enum: - str - int - bool value: type: string get_environment_feature_flags_response: type: object properties: code: type: string description: Response code. message: type: string description: Response message. feature_flags: type: object description: The environment's feature flag settings. additionalProperties: type: object properties: type: type: string enum: - str - int - bool value: type: string next_token: type: string description: Pagination token. add_organization_users_response: type: object properties: code: type: string description: Response code. message: type: string description: Response message. users_added: type: array items: type: string update_role_permissions_response: type: object properties: code: type: string message: type: string permissions_added: type: array items: type: string permissions_removed: type: array items: type: string update_organization_users_response: type: object properties: message: type: string example: Success code: type: string example: OK users_added: type: array items: type: string example: kp_057ee6debc624c70947b6ba512908c35 users_updated: type: array items: type: string example: kp_057ee6debc624c70947b6ba512908c35 users_removed: type: array items: type: string example: kp_057ee6debc624c70947b6ba512908c35 connected_apps_auth_url: type: object properties: url: type: string description: A URL that is used to authenticate an end-user against a connected app. session_id: type: string description: A unique identifier for the login session. create_subscriber_success_response: type: object properties: subscriber: type: object properties: subscriber_id: type: string description: A unique identifier for the subscriber. connected_apps_access_token: type: object properties: access_token: type: string description: The access token to access a third-party provider. access_token_expiry: type: string description: The date and time that the access token expires. api_result: type: object properties: result: type: string description: The result of the api operation. create_application_response: type: object properties: code: type: string description: Response code. message: type: string description: Response message. application: type: object properties: id: description: The application's identifier. type: string example: 3b0b5c6c8fcc464fab397f4969b5f482 client_id: description: The application's client ID. type: string example: 3b0b5c6c8fcc464fab397f4969b5f482 client_secret: description: The application's client secret. type: string example: sUJSHI3ZQEVTJkx6hOxdOSHaLsZkCBRFLzTNOI791rX8mDjgt7LC get_application_response: type: object properties: code: type: string description: Response code. message: type: string description: Response message. application: type: object properties: id: description: The application's identifier. type: string example: 3b0b5c6c8fcc464fab397f4969b5f482 name: description: The application's name. type: string example: My React app type: description: The application's type. type: string enum: - m2m - reg - spa client_id: description: The application's client ID. type: string example: 3b0b5c6c8fcc464fab397f4969b5f482 client_secret: description: The application's client secret. type: string example: sUJSHI3ZQEVTJkx6hOxdOSHaLsZkCBRFLzTNOI791rX8mDjgt7LC login_uri: description: The default login route for resolving session issues. type: string example: https://yourapp.com/api/auth/login homepage_uri: description: The homepage link to your application. type: string example: https://yourapp.com has_cancel_button: description: Whether the application has a cancel button to allow users to exit the auth flow [Beta]. type: boolean example: false applications: type: object properties: id: type: string name: type: string type: type: string get_applications_response: type: object properties: code: type: string description: Response code. message: type: string description: Response message. applications: type: array items: $ref: '#/components/schemas/applications' next_token: description: Pagination token. type: string redirect_callback_urls: type: object properties: redirect_urls: type: array description: An application's redirect URLs. items: type: string get_redirect_callback_urls_response: type: object properties: redirect_urls: description: An application's redirect callback URLs. type: array items: $ref: '#/components/schemas/redirect_callback_urls' logout_redirect_urls: type: object properties: logout_urls: type: array description: An application's logout URLs. items: type: string code: type: string description: Response code. example: OK message: type: string description: Response message. example: Success get_permissions_response: type: object properties: code: type: string description: Response code. message: type: string description: Response message. permissions: type: array items: $ref: '#/components/schemas/permissions' next_token: type: string description: Pagination token. permissions: type: object properties: id: type: string description: The permission's ID. key: type: string description: The permission identifier to use in code. name: type: string description: The permission's name. description: type: string description: The permission's description. scopes: type: object properties: id: type: string description: Scope ID. example: api_scope_019541f3fa0c874fc47b3ae73585b21c key: type: string description: Scope key. example: create:users description: type: string description: Description of scope. example: Create users api_id: type: string description: API ID. example: 3635b4431f174de6b789c67481bd0c7a roles: type: object properties: id: type: string description: The role's ID. key: type: string description: The role identifier to use in code. name: type: string description: The role's name. description: type: string description: The role's description. nullable: true is_default_role: type: boolean description: Whether the role is the default role. role_permissions_response: type: object properties: code: type: string description: Response code. message: type: string description: Response message. permissions: type: array items: $ref: '#/components/schemas/permissions' next_token: type: string description: Pagination token. role_scopes_response: type: object properties: code: type: string description: Response code. example: OK message: type: string description: Response message. example: Success scopes: type: array items: $ref: '#/components/schemas/scopes' read_logo_response: type: object properties: code: type: string description: Response code. example: OK logos: type: array description: A list of logos. items: type: object properties: type: type: string description: The type of logo (light or dark). example: light file_name: type: string description: The name of the logo file. example: kinde_light.jpeg path: type: string description: The relative path to the logo file. example: /logo?p_org_code=org_1767f11ce62 message: type: string description: Response message. example: Success read_env_logo_response: type: object properties: code: type: string description: Response code. example: OK logos: type: array description: A list of logos. items: type: object properties: type: type: string description: The type of logo (light or dark). example: light file_name: type: string description: The name of the logo file. example: kinde_light.jpeg message: type: string description: Response message. example: Success get_billing_entitlements_response: type: object properties: code: type: string description: Response code. example: OK message: type: string description: Response message. example: Success has_more: description: Whether more records exist. type: boolean entitlements: type: array description: A list of entitlements items: type: object properties: id: type: string description: The friendly id of an entitlement example: entitlement_0195ac80a14e8d71f42b98e75d3c61ad fixed_charge: type: integer description: The price charged if this is an entitlement for a fixed charged example: 35 price_name: type: string description: The name of the price associated with the entitlement example: Pro gym unit_amount: type: integer description: The price charged for this entitlement in cents feature_code: type: string description: The feature code of the feature corresponding to this entitlement example: CcdkvEXpbg6UY feature_name: type: string description: The feature name of the feature corresponding to this entitlement example: Pro Gym entitlement_limit_max: type: integer description: The maximum number of units of the feature the customer is entitled to entitlement_limit_min: type: integer description: The minimum number of units of the feature the customer is entitled to plans: type: array description: A list of plans. items: type: object properties: code: type: string description: The plan code the billing customer is subscribed to subscribed_on: type: string format: date-time example: '2024-11-18T13:32:03+11' get_billing_agreements_response: type: object properties: code: type: string description: Response code. example: OK message: type: string description: Response message. example: Success has_more: description: Whether more records exist. type: boolean agreements: type: array description: A list of billing agreements items: type: object properties: id: type: string description: The friendly id of an agreement example: agreement_0195ac80a14c2ca2cec97d026d864de0 plan_code: type: string description: The plan code the billing customer is subscribed to expires_on: type: string format: date-time description: The date the agreement expired (and was no longer active) example: '2024-11-18T13:32:03+11' billing_group_id: type: string description: The friendly id of the billing group this agreement's plan is part of example: sbg_0195abf6773fdae18d5da72281a3fde2 entitlements: type: array description: A list of billing entitlements that is part of this agreement items: type: object properties: feature_code: type: string description: The feature code of the feature corresponding to this entitlement example: CcdkvEXpbg6UY entitlement_id: type: string description: The friendly id of an entitlement example: entitlement_0195ac80a14e8d71f42b98e75d3c61ad create_meter_usage_record_response: type: object properties: message: type: string description: Response message. example: Success code: type: string description: Response code. example: OK get_api_keys_response: type: object properties: code: type: string description: Response code. example: OK message: type: string description: Response message. example: Success has_more: description: Whether more records exist. type: boolean api_keys: type: array items: type: object properties: id: description: The unique ID for the API key. type: string example: api_key_0195ac80a14e8d71f42b98e75d3c61ad name: type: string description: The API key's name. example: My API Key type: type: string description: The type of API key. example: organization status: type: string description: The status of the API key. example: active key_prefix: type: string description: The first 6 characters of the API key for identification. example: kinde_ key_suffix: type: string description: The last 4 characters of the API key for identification. example: abcd nullable: true created_on: type: string format: date-time description: When the API key was created. example: '2024-11-18T13:32:03+11' last_verified_on: type: string format: date-time description: When the API key was last verified. example: '2024-11-18T13:32:03+11' nullable: true last_verified_ip: type: string description: The IP address from which the API key was last verified. example: 192.168.1.1 nullable: true created_by: type: string description: The name of the user who created the API key. example: John Doe nullable: true api_ids: type: array description: Array of API IDs associated with this key. items: type: string example: - api_123 - api_456 scopes: type: array description: Array of scopes associated with this key. items: type: string example: - read:users - write:users rotate_api_key_response: type: object properties: code: type: string description: Response code. example: API_KEY_ROTATED message: type: string description: Response message. example: API key rotated successfully api_key: type: object properties: id: type: string description: The unique ID for the API key. example: api_key_0195ac80a14e8d71f42b98e75d3c61ad key: type: string description: The new API key value (only shown once). example: k_live_1234567890abcdef1234567890abcdef create_api_key_response: type: object properties: message: type: string description: A Kinde generated message. example: API key created code: type: string description: A Kinde generated status code. example: API_KEY_CREATED api_key: type: object properties: id: description: The unique ID for the API key. type: string example: api_key_0195ac80a14e8d71f42b98e75d3c61ad key: description: The API key value (only shown once on creation). type: string example: k_live_1234567890abcdef verify_api_key_response: type: object properties: code: type: string description: Response code. example: API_KEY_VERIFIED message: type: string description: Response message. example: API key verified is_valid: type: boolean description: Whether the API key is valid. example: true key_id: type: string description: The unique ID for the API key. example: api_key_0195ac80a14e8d71f42b98e75d3c61ad status: type: string description: The status of the API key. example: active scopes: type: array description: Array of scopes associated with this key. items: type: string example: - read:users - write:users org_code: type: string description: The organization code associated with this key. example: org_123 nullable: true user_id: type: string description: The user ID associated with this key. example: user_456 nullable: true last_verified_on: type: string format: date-time description: When the API key was last verified. example: '2024-11-18T13:32:03+11' nullable: true verification_count: type: integer description: Number of times this API key has been verified. example: 42 get_api_key_response: type: object properties: code: type: string description: Response code. example: OK message: type: string description: Response message. example: Success api_key: type: object properties: id: description: The unique ID for the API key. type: string example: api_key_0195ac80a14e8d71f42b98e75d3c61ad name: type: string description: The API key's name. example: My API Key type: type: string description: The type of API key. example: organization status: type: string description: The status of the API key. example: active key_prefix: type: string description: The first 6 characters of the API key for identification. example: k_live key_suffix: type: string description: The last 4 characters of the API key for identification. example: abcd nullable: true created_on: type: string format: date-time description: When the API key was created. example: '2024-11-18T13:32:03+11' last_verified_on: type: string format: date-time description: When the API key was last verified. example: '2024-11-18T13:32:03+11' nullable: true last_verified_ip: type: string description: The IP address from which the API key was last verified. example: 192.168.1.1 nullable: true created_by: type: string description: The name of the user who created the API key. example: John Doe nullable: true api_ids: type: array description: Array of API IDs associated with this key. items: type: string example: - api_123 - api_456 scopes: type: array description: Array of scopes associated with this key. items: type: string example: - read:users - write:users verification_count: type: integer description: Number of times this API key has been verified. example: 42 nullable: true organization_id: type: string description: The organization code associated with this key. example: org_123 nullable: true user_id: type: string description: The user ID associated with this key. example: user_456 nullable: true get_directories_response: type: object properties: code: type: string description: Response code. example: OK message: type: string description: Response message. example: Success has_more: description: Whether more records exist. type: boolean directories: type: array items: $ref: '#/components/schemas/directory' get_directory_response: type: object properties: code: type: string description: Response code. example: OK message: type: string description: Response message. example: Success directory: $ref: '#/components/schemas/directory' create_directory_response: type: object properties: code: type: string description: Response code. example: DIRECTORY_CREATED message: type: string description: Response message. example: SCIM directory created successfully directory: $ref: '#/components/schemas/directory' update_directory_response: type: object properties: code: type: string description: Response code. example: DIRECTORY_UPDATED message: type: string description: Response message. example: SCIM directory updated successfully directory: $ref: '#/components/schemas/directory' delete_directory_response: type: object properties: code: type: string description: Response code. example: DIRECTORY_DELETED message: type: string description: Response message. example: SCIM directory deleted successfully directory: type: object properties: id: type: string description: The unique ID for the SCIM directory. example: directory_0192b1941f125645fa15bf28a662a0b3 directory_name: type: string description: The name of the SCIM directory. example: Production Directory directory_endpoint_id: type: string description: The endpoint ID for the SCIM directory. example: ksde_0192b1941f125645fa15bf28a662a0b3 secret_token: type: string description: The secret token for SCIM authentication. example: kstkn_0192b1941f125645fa15bf28a662a0b3 status: type: string description: The current status of the SCIM directory. enum: - Pending - Validating - Active - Inactive - Error example: Pending organization_code: type: string description: The organization code this directory belongs to. example: org_1ccfb819462 last_sync_started_at: type: string format: date-time description: When the last sync started. example: '2024-11-18T13:32:03+11' nullable: true last_sync_completed_at: type: string format: date-time description: When the last sync completed. example: '2024-11-18T13:32:03+11' nullable: true last_sync_error: type: string description: The last sync error message. example: Connection timeout nullable: true created_on: type: string format: date-time description: When the directory was created. example: '2024-11-18T13:32:03+11' securitySchemes: kindeBearerAuth: description: | Requires an access token obtained using the client_credentials flow. type: http scheme: bearer bearerFormat: JWT