naftiko: 1.0.0-alpha2 info: label: Logto API references description: 'API references for Logto services. Note: The documentation is for Logto Cloud. If you are using Logto OSS, please refer to the response of `/api/swagger.json` endpoint on your Logto instance.' tags: - Logto - API created: '2026-05-06' modified: '2026-05-06' capability: consumes: - type: http namespace: logto baseUri: https://[tenant_id].logto.app description: Logto API references HTTP API. authentication: type: bearer token: '{{LOGTO_TOKEN}}' resources: - name: api-applications path: /api/applications operations: - name: listapplications method: GET description: Get applications inputParameters: - name: types in: query type: string description: An array of application types to filter applications. - name: excludeRoleId in: query type: string - name: excludeOrganizationId in: query type: string - name: isThirdParty in: query type: string - name: page in: query type: integer description: Page number (starts from 1). - name: page_size in: query type: integer description: Entries per page. - name: search_params in: query type: object description: Search query parameters. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createapplication method: POST description: Create an application outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-applications-id path: /api/applications/{id} operations: - name: getapplication method: GET description: Get application outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updateapplication method: PATCH description: Update application outputRawFormat: json outputParameters: - name: result type: object value: $. - name: deleteapplication method: DELETE description: Delete application outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-applications-applicationid-custom-data path: /api/applications/{applicationId}/custom-data operations: - name: updateapplicationcustomdata method: PATCH description: Update application custom data outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-applications-applicationid-roles path: /api/applications/{applicationId}/roles operations: - name: listapplicationroles method: GET description: Get application API resource roles inputParameters: - name: page in: query type: integer description: Page number (starts from 1). - name: page_size in: query type: integer description: Entries per page. - name: search_params in: query type: object description: Search query parameters. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: assignapplicationroles method: POST description: Assign API resource roles to application outputRawFormat: json outputParameters: - name: result type: object value: $. - name: replaceapplicationroles method: PUT description: Update API resource roles for application outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-applications-applicationid-roles-roleid path: /api/applications/{applicationId}/roles/{roleId} operations: - name: deleteapplicationrole method: DELETE description: Remove a API resource role from application outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-applications-id-protected-app-metadata-custo path: /api/applications/{id}/protected-app-metadata/custom-domains operations: - name: listapplicationprotectedappmetadatacustomdomains method: GET description: Get application custom domains. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createapplicationprotectedappmetadatacustomdomai method: POST description: Add a custom domain to the application. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-applications-id-protected-app-metadata-custo path: /api/applications/{id}/protected-app-metadata/custom-domains/{domain} operations: - name: deleteapplicationprotectedappmetadatacustomdomai method: DELETE description: Remove custom domain. inputParameters: - name: domain in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-applications-id-organizations path: /api/applications/{id}/organizations operations: - name: listapplicationorganizations method: GET description: Get application organizations inputParameters: - name: page in: query type: integer description: Page number (starts from 1). - name: page_size in: query type: integer description: Entries per page. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-applications-id-legacy-secret path: /api/applications/{id}/legacy-secret operations: - name: deleteapplicationlegacysecret method: DELETE description: Delete application legacy secret outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-applications-id-secrets path: /api/applications/{id}/secrets operations: - name: listapplicationsecrets method: GET description: Get application secrets outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createapplicationsecret method: POST description: Add application secret outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-applications-id-secrets-name path: /api/applications/{id}/secrets/{name} operations: - name: deleteapplicationsecret method: DELETE description: Delete application secret inputParameters: - name: name in: path type: string required: true description: The name of the secret. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updateapplicationsecret method: PATCH description: Update application secret inputParameters: - name: name in: path type: string required: true description: The name of the secret. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-applications-applicationid-user-consent-scop path: /api/applications/{applicationId}/user-consent-scopes operations: - name: createapplicationuserconsentscope method: POST description: Assign user consent scopes to application. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: listapplicationuserconsentscopes method: GET description: List all the user consent scopes of an application. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-applications-applicationid-user-consent-scop path: /api/applications/{applicationId}/user-consent-scopes/{scopeType}/{scopeId} operations: - name: deleteapplicationuserconsentscope method: DELETE description: Remove user consent scope from application. inputParameters: - name: scopeType in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-applications-applicationid-sign-in-experienc path: /api/applications/{applicationId}/sign-in-experience operations: - name: replaceapplicationsigninexperience method: PUT description: Update application level sign-in experience outputRawFormat: json outputParameters: - name: result type: object value: $. - name: getapplicationsigninexperience method: GET description: Get the application level sign-in experience outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-applications-id-users-userid-consent-organiz path: /api/applications/{id}/users/{userId}/consent-organizations operations: - name: listapplicationuserconsentorganizations method: GET description: List all the user consented organizations of a application. inputParameters: - name: page in: query type: integer description: Page number (starts from 1). - name: page_size in: query type: integer description: Entries per page. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: replaceapplicationuserconsentorganizations method: PUT description: Grant a list of organization access of a user for a application. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createapplicationuserconsentorganization method: POST description: Grant a list of organization access of a user for a application. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-applications-id-users-userid-consent-organiz path: /api/applications/{id}/users/{userId}/consent-organizations/{organizationId} operations: - name: deleteapplicationuserconsentorganization method: DELETE description: Revoke a user's access to an organization for a application. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-configs-admin-console path: /api/configs/admin-console operations: - name: getadminconsoleconfig method: GET description: Get admin console config outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updateadminconsoleconfig method: PATCH description: Update admin console config outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-configs-oidc-session path: /api/configs/oidc/session operations: - name: getoidcsessionconfig method: GET description: Get OIDC session config outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updateoidcsessionconfig method: PATCH description: Update OIDC session config outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-configs-oidc-keytype path: /api/configs/oidc/{keyType} operations: - name: getoidckeys method: GET description: Get OIDC keys inputParameters: - name: keyType in: path type: string required: true description: Private keys are used to sign OIDC JWTs. Cookie keys are used to sign OIDC cookies. For clients, they do not need to know private keys to verify OIDC JWTs; they outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-configs-oidc-keytype-keyid path: /api/configs/oidc/{keyType}/{keyId} operations: - name: deleteoidckey method: DELETE description: Delete OIDC key inputParameters: - name: keyType in: path type: string required: true description: Private keys are used to sign OIDC JWTs. Cookie keys are used to sign OIDC cookies. For clients, they do not need to know private keys to verify OIDC JWTs; they outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-configs-oidc-keytype-rotate path: /api/configs/oidc/{keyType}/rotate operations: - name: rotateoidckeys method: POST description: Rotate OIDC keys inputParameters: - name: keyType in: path type: string required: true description: Private keys are used to sign OIDC JWTs. Cookie keys are used to sign OIDC cookies. For clients, they do not need to know private keys to verify OIDC JWTs; they outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-configs-jwt-customizer-tokentypepath path: /api/configs/jwt-customizer/{tokenTypePath} operations: - name: upsertjwtcustomizer method: PUT description: Create or update JWT customizer inputParameters: - name: tokenTypePath in: path type: string required: true description: The token type to create a JWT customizer for. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updatejwtcustomizer method: PATCH description: Update JWT customizer inputParameters: - name: tokenTypePath in: path type: string required: true description: The token type to update a JWT customizer for. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: getjwtcustomizer method: GET description: Get JWT customizer inputParameters: - name: tokenTypePath in: path type: string required: true description: The token type to get the JWT customizer for. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: deletejwtcustomizer method: DELETE description: Delete JWT customizer inputParameters: - name: tokenTypePath in: path type: string required: true description: The token type path to delete the JWT customizer for. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-configs-jwt-customizer path: /api/configs/jwt-customizer operations: - name: listjwtcustomizers method: GET description: Get all JWT customizers outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-configs-jwt-customizer-test path: /api/configs/jwt-customizer/test operations: - name: testjwtcustomizer method: POST description: Test JWT customizer outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-configs-id-token path: /api/configs/id-token operations: - name: getidtokenconfig method: GET description: Get ID token claims configuration outputRawFormat: json outputParameters: - name: result type: object value: $. - name: upsertidtokenconfig method: PUT description: Upsert ID token claims configuration outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-connectors path: /api/connectors operations: - name: createconnector method: POST description: Create connector outputRawFormat: json outputParameters: - name: result type: object value: $. - name: listconnectors method: GET description: Get connectors inputParameters: - name: target in: query type: string description: Filter connectors by target. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-connectors-id path: /api/connectors/{id} operations: - name: getconnector method: GET description: Get connector outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updateconnector method: PATCH description: Update connector outputRawFormat: json outputParameters: - name: result type: object value: $. - name: deleteconnector method: DELETE description: Delete connector outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-connectors-factoryid-test path: /api/connectors/{factoryId}/test operations: - name: createconnectortest method: POST description: Test passwordless connector outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-connectors-connectorid-authorization-uri path: /api/connectors/{connectorId}/authorization-uri operations: - name: createconnectorauthorizationuri method: POST description: Get connector's authorization URI outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-connector-factories path: /api/connector-factories operations: - name: listconnectorfactories method: GET description: Get connector factories outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-connector-factories-id path: /api/connector-factories/{id} operations: - name: getconnectorfactory method: GET description: Get connector factory outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-resources path: /api/resources operations: - name: listresources method: GET description: Get API resources inputParameters: - name: includeScopes in: query type: string description: If it's provided with a truthy value (`true`, `1`, `yes`), the scopes of each resource will be included in the response. - name: page in: query type: integer description: Page number (starts from 1). - name: page_size in: query type: integer description: Entries per page. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createresource method: POST description: Create an API resource outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-resources-id path: /api/resources/{id} operations: - name: getresource method: GET description: Get API resource outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updateresource method: PATCH description: Update API resource outputRawFormat: json outputParameters: - name: result type: object value: $. - name: deleteresource method: DELETE description: Delete API resource outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-resources-id-is-default path: /api/resources/{id}/is-default operations: - name: updateresourceisdefault method: PATCH description: Set API resource as default outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-resources-resourceid-scopes path: /api/resources/{resourceId}/scopes operations: - name: listresourcescopes method: GET description: Get API resource scopes inputParameters: - name: page in: query type: integer description: Page number (starts from 1). - name: page_size in: query type: integer description: Entries per page. - name: search_params in: query type: object description: Search query parameters. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createresourcescope method: POST description: Create API resource scope outputRawFormat: json outputParameters: - name: result type: object value: $. exposes: - type: rest port: 8080 namespace: logto-rest description: REST adapter for Logto API references. resources: - path: /api/applications name: listapplications operations: - method: GET name: listapplications description: Get applications call: logto.listapplications outputParameters: - type: object mapping: $. - path: /api/applications name: createapplication operations: - method: POST name: createapplication description: Create an application call: logto.createapplication outputParameters: - type: object mapping: $. - path: /api/applications/{id} name: getapplication operations: - method: GET name: getapplication description: Get application call: logto.getapplication outputParameters: - type: object mapping: $. - path: /api/applications/{id} name: updateapplication operations: - method: PATCH name: updateapplication description: Update application call: logto.updateapplication outputParameters: - type: object mapping: $. - path: /api/applications/{id} name: deleteapplication operations: - method: DELETE name: deleteapplication description: Delete application call: logto.deleteapplication outputParameters: - type: object mapping: $. - path: /api/applications/{applicationId}/custom-data name: updateapplicationcustomdata operations: - method: PATCH name: updateapplicationcustomdata description: Update application custom data call: logto.updateapplicationcustomdata outputParameters: - type: object mapping: $. - path: /api/applications/{applicationId}/roles name: listapplicationroles operations: - method: GET name: listapplicationroles description: Get application API resource roles call: logto.listapplicationroles outputParameters: - type: object mapping: $. - path: /api/applications/{applicationId}/roles name: assignapplicationroles operations: - method: POST name: assignapplicationroles description: Assign API resource roles to application call: logto.assignapplicationroles outputParameters: - type: object mapping: $. - path: /api/applications/{applicationId}/roles name: replaceapplicationroles operations: - method: PUT name: replaceapplicationroles description: Update API resource roles for application call: logto.replaceapplicationroles outputParameters: - type: object mapping: $. - path: /api/applications/{applicationId}/roles/{roleId} name: deleteapplicationrole operations: - method: DELETE name: deleteapplicationrole description: Remove a API resource role from application call: logto.deleteapplicationrole outputParameters: - type: object mapping: $. - path: /api/applications/{id}/protected-app-metadata/custom-domains name: listapplicationprotectedappmetadatacustomdomains operations: - method: GET name: listapplicationprotectedappmetadatacustomdomains description: Get application custom domains. call: logto.listapplicationprotectedappmetadatacustomdomains outputParameters: - type: object mapping: $. - path: /api/applications/{id}/protected-app-metadata/custom-domains name: createapplicationprotectedappmetadatacustomdomai operations: - method: POST name: createapplicationprotectedappmetadatacustomdomai description: Add a custom domain to the application. call: logto.createapplicationprotectedappmetadatacustomdomai outputParameters: - type: object mapping: $. - path: /api/applications/{id}/protected-app-metadata/custom-domains/{domain} name: deleteapplicationprotectedappmetadatacustomdomai operations: - method: DELETE name: deleteapplicationprotectedappmetadatacustomdomai description: Remove custom domain. call: logto.deleteapplicationprotectedappmetadatacustomdomai with: domain: rest.domain outputParameters: - type: object mapping: $. - path: /api/applications/{id}/organizations name: listapplicationorganizations operations: - method: GET name: listapplicationorganizations description: Get application organizations call: logto.listapplicationorganizations outputParameters: - type: object mapping: $. - path: /api/applications/{id}/legacy-secret name: deleteapplicationlegacysecret operations: - method: DELETE name: deleteapplicationlegacysecret description: Delete application legacy secret call: logto.deleteapplicationlegacysecret outputParameters: - type: object mapping: $. - path: /api/applications/{id}/secrets name: listapplicationsecrets operations: - method: GET name: listapplicationsecrets description: Get application secrets call: logto.listapplicationsecrets outputParameters: - type: object mapping: $. - path: /api/applications/{id}/secrets name: createapplicationsecret operations: - method: POST name: createapplicationsecret description: Add application secret call: logto.createapplicationsecret outputParameters: - type: object mapping: $. - path: /api/applications/{id}/secrets/{name} name: deleteapplicationsecret operations: - method: DELETE name: deleteapplicationsecret description: Delete application secret call: logto.deleteapplicationsecret with: name: rest.name outputParameters: - type: object mapping: $. - path: /api/applications/{id}/secrets/{name} name: updateapplicationsecret operations: - method: PATCH name: updateapplicationsecret description: Update application secret call: logto.updateapplicationsecret with: name: rest.name outputParameters: - type: object mapping: $. - path: /api/applications/{applicationId}/user-consent-scopes name: createapplicationuserconsentscope operations: - method: POST name: createapplicationuserconsentscope description: Assign user consent scopes to application. call: logto.createapplicationuserconsentscope outputParameters: - type: object mapping: $. - path: /api/applications/{applicationId}/user-consent-scopes name: listapplicationuserconsentscopes operations: - method: GET name: listapplicationuserconsentscopes description: List all the user consent scopes of an application. call: logto.listapplicationuserconsentscopes outputParameters: - type: object mapping: $. - path: /api/applications/{applicationId}/user-consent-scopes/{scopeType}/{scopeId} name: deleteapplicationuserconsentscope operations: - method: DELETE name: deleteapplicationuserconsentscope description: Remove user consent scope from application. call: logto.deleteapplicationuserconsentscope with: scopeType: rest.scopeType outputParameters: - type: object mapping: $. - path: /api/applications/{applicationId}/sign-in-experience name: replaceapplicationsigninexperience operations: - method: PUT name: replaceapplicationsigninexperience description: Update application level sign-in experience call: logto.replaceapplicationsigninexperience outputParameters: - type: object mapping: $. - path: /api/applications/{applicationId}/sign-in-experience name: getapplicationsigninexperience operations: - method: GET name: getapplicationsigninexperience description: Get the application level sign-in experience call: logto.getapplicationsigninexperience outputParameters: - type: object mapping: $. - path: /api/applications/{id}/users/{userId}/consent-organizations name: listapplicationuserconsentorganizations operations: - method: GET name: listapplicationuserconsentorganizations description: List all the user consented organizations of a application. call: logto.listapplicationuserconsentorganizations outputParameters: - type: object mapping: $. - path: /api/applications/{id}/users/{userId}/consent-organizations name: replaceapplicationuserconsentorganizations operations: - method: PUT name: replaceapplicationuserconsentorganizations description: Grant a list of organization access of a user for a application. call: logto.replaceapplicationuserconsentorganizations outputParameters: - type: object mapping: $. - path: /api/applications/{id}/users/{userId}/consent-organizations name: createapplicationuserconsentorganization operations: - method: POST name: createapplicationuserconsentorganization description: Grant a list of organization access of a user for a application. call: logto.createapplicationuserconsentorganization outputParameters: - type: object mapping: $. - path: /api/applications/{id}/users/{userId}/consent-organizations/{organizationId} name: deleteapplicationuserconsentorganization operations: - method: DELETE name: deleteapplicationuserconsentorganization description: Revoke a user's access to an organization for a application. call: logto.deleteapplicationuserconsentorganization outputParameters: - type: object mapping: $. - path: /api/configs/admin-console name: getadminconsoleconfig operations: - method: GET name: getadminconsoleconfig description: Get admin console config call: logto.getadminconsoleconfig outputParameters: - type: object mapping: $. - path: /api/configs/admin-console name: updateadminconsoleconfig operations: - method: PATCH name: updateadminconsoleconfig description: Update admin console config call: logto.updateadminconsoleconfig outputParameters: - type: object mapping: $. - path: /api/configs/oidc/session name: getoidcsessionconfig operations: - method: GET name: getoidcsessionconfig description: Get OIDC session config call: logto.getoidcsessionconfig outputParameters: - type: object mapping: $. - path: /api/configs/oidc/session name: updateoidcsessionconfig operations: - method: PATCH name: updateoidcsessionconfig description: Update OIDC session config call: logto.updateoidcsessionconfig outputParameters: - type: object mapping: $. - path: /api/configs/oidc/{keyType} name: getoidckeys operations: - method: GET name: getoidckeys description: Get OIDC keys call: logto.getoidckeys with: keyType: rest.keyType outputParameters: - type: object mapping: $. - path: /api/configs/oidc/{keyType}/{keyId} name: deleteoidckey operations: - method: DELETE name: deleteoidckey description: Delete OIDC key call: logto.deleteoidckey with: keyType: rest.keyType outputParameters: - type: object mapping: $. - path: /api/configs/oidc/{keyType}/rotate name: rotateoidckeys operations: - method: POST name: rotateoidckeys description: Rotate OIDC keys call: logto.rotateoidckeys with: keyType: rest.keyType outputParameters: - type: object mapping: $. - path: /api/configs/jwt-customizer/{tokenTypePath} name: upsertjwtcustomizer operations: - method: PUT name: upsertjwtcustomizer description: Create or update JWT customizer call: logto.upsertjwtcustomizer with: tokenTypePath: rest.tokenTypePath outputParameters: - type: object mapping: $. - path: /api/configs/jwt-customizer/{tokenTypePath} name: updatejwtcustomizer operations: - method: PATCH name: updatejwtcustomizer description: Update JWT customizer call: logto.updatejwtcustomizer with: tokenTypePath: rest.tokenTypePath outputParameters: - type: object mapping: $. - path: /api/configs/jwt-customizer/{tokenTypePath} name: getjwtcustomizer operations: - method: GET name: getjwtcustomizer description: Get JWT customizer call: logto.getjwtcustomizer with: tokenTypePath: rest.tokenTypePath outputParameters: - type: object mapping: $. - path: /api/configs/jwt-customizer/{tokenTypePath} name: deletejwtcustomizer operations: - method: DELETE name: deletejwtcustomizer description: Delete JWT customizer call: logto.deletejwtcustomizer with: tokenTypePath: rest.tokenTypePath outputParameters: - type: object mapping: $. - path: /api/configs/jwt-customizer name: listjwtcustomizers operations: - method: GET name: listjwtcustomizers description: Get all JWT customizers call: logto.listjwtcustomizers outputParameters: - type: object mapping: $. - path: /api/configs/jwt-customizer/test name: testjwtcustomizer operations: - method: POST name: testjwtcustomizer description: Test JWT customizer call: logto.testjwtcustomizer outputParameters: - type: object mapping: $. - path: /api/configs/id-token name: getidtokenconfig operations: - method: GET name: getidtokenconfig description: Get ID token claims configuration call: logto.getidtokenconfig outputParameters: - type: object mapping: $. - path: /api/configs/id-token name: upsertidtokenconfig operations: - method: PUT name: upsertidtokenconfig description: Upsert ID token claims configuration call: logto.upsertidtokenconfig outputParameters: - type: object mapping: $. - path: /api/connectors name: createconnector operations: - method: POST name: createconnector description: Create connector call: logto.createconnector outputParameters: - type: object mapping: $. - path: /api/connectors name: listconnectors operations: - method: GET name: listconnectors description: Get connectors call: logto.listconnectors outputParameters: - type: object mapping: $. - path: /api/connectors/{id} name: getconnector operations: - method: GET name: getconnector description: Get connector call: logto.getconnector outputParameters: - type: object mapping: $. - path: /api/connectors/{id} name: updateconnector operations: - method: PATCH name: updateconnector description: Update connector call: logto.updateconnector outputParameters: - type: object mapping: $. - path: /api/connectors/{id} name: deleteconnector operations: - method: DELETE name: deleteconnector description: Delete connector call: logto.deleteconnector outputParameters: - type: object mapping: $. - path: /api/connectors/{factoryId}/test name: createconnectortest operations: - method: POST name: createconnectortest description: Test passwordless connector call: logto.createconnectortest outputParameters: - type: object mapping: $. - path: /api/connectors/{connectorId}/authorization-uri name: createconnectorauthorizationuri operations: - method: POST name: createconnectorauthorizationuri description: Get connector's authorization URI call: logto.createconnectorauthorizationuri outputParameters: - type: object mapping: $. - path: /api/connector-factories name: listconnectorfactories operations: - method: GET name: listconnectorfactories description: Get connector factories call: logto.listconnectorfactories outputParameters: - type: object mapping: $. - path: /api/connector-factories/{id} name: getconnectorfactory operations: - method: GET name: getconnectorfactory description: Get connector factory call: logto.getconnectorfactory outputParameters: - type: object mapping: $. - path: /api/resources name: listresources operations: - method: GET name: listresources description: Get API resources call: logto.listresources outputParameters: - type: object mapping: $. - path: /api/resources name: createresource operations: - method: POST name: createresource description: Create an API resource call: logto.createresource outputParameters: - type: object mapping: $. - path: /api/resources/{id} name: getresource operations: - method: GET name: getresource description: Get API resource call: logto.getresource outputParameters: - type: object mapping: $. - path: /api/resources/{id} name: updateresource operations: - method: PATCH name: updateresource description: Update API resource call: logto.updateresource outputParameters: - type: object mapping: $. - path: /api/resources/{id} name: deleteresource operations: - method: DELETE name: deleteresource description: Delete API resource call: logto.deleteresource outputParameters: - type: object mapping: $. - path: /api/resources/{id}/is-default name: updateresourceisdefault operations: - method: PATCH name: updateresourceisdefault description: Set API resource as default call: logto.updateresourceisdefault outputParameters: - type: object mapping: $. - path: /api/resources/{resourceId}/scopes name: listresourcescopes operations: - method: GET name: listresourcescopes description: Get API resource scopes call: logto.listresourcescopes outputParameters: - type: object mapping: $. - path: /api/resources/{resourceId}/scopes name: createresourcescope operations: - method: POST name: createresourcescope description: Create API resource scope call: logto.createresourcescope outputParameters: - type: object mapping: $. - type: mcp port: 9090 namespace: logto-mcp transport: http description: MCP adapter for Logto API references for AI agent use. tools: - name: listapplications description: Get applications hints: readOnly: true destructive: false idempotent: true call: logto.listapplications with: types: tools.types excludeRoleId: tools.excludeRoleId excludeOrganizationId: tools.excludeOrganizationId isThirdParty: tools.isThirdParty page: tools.page page_size: tools.page_size search_params: tools.search_params inputParameters: - name: types type: string description: An array of application types to filter applications. - name: excludeRoleId type: string description: excludeRoleId - name: excludeOrganizationId type: string description: excludeOrganizationId - name: isThirdParty type: string description: isThirdParty - name: page type: integer description: Page number (starts from 1). - name: page_size type: integer description: Entries per page. - name: search_params type: object description: Search query parameters. outputParameters: - type: object mapping: $. - name: createapplication description: Create an application hints: readOnly: false destructive: false idempotent: false call: logto.createapplication outputParameters: - type: object mapping: $. - name: getapplication description: Get application hints: readOnly: true destructive: false idempotent: true call: logto.getapplication outputParameters: - type: object mapping: $. - name: updateapplication description: Update application hints: readOnly: false destructive: false idempotent: false call: logto.updateapplication outputParameters: - type: object mapping: $. - name: deleteapplication description: Delete application hints: readOnly: false destructive: true idempotent: true call: logto.deleteapplication outputParameters: - type: object mapping: $. - name: updateapplicationcustomdata description: Update application custom data hints: readOnly: false destructive: false idempotent: false call: logto.updateapplicationcustomdata outputParameters: - type: object mapping: $. - name: listapplicationroles description: Get application API resource roles hints: readOnly: true destructive: false idempotent: true call: logto.listapplicationroles with: page: tools.page page_size: tools.page_size search_params: tools.search_params inputParameters: - name: page type: integer description: Page number (starts from 1). - name: page_size type: integer description: Entries per page. - name: search_params type: object description: Search query parameters. outputParameters: - type: object mapping: $. - name: assignapplicationroles description: Assign API resource roles to application hints: readOnly: false destructive: false idempotent: false call: logto.assignapplicationroles outputParameters: - type: object mapping: $. - name: replaceapplicationroles description: Update API resource roles for application hints: readOnly: false destructive: false idempotent: true call: logto.replaceapplicationroles outputParameters: - type: object mapping: $. - name: deleteapplicationrole description: Remove a API resource role from application hints: readOnly: false destructive: true idempotent: true call: logto.deleteapplicationrole outputParameters: - type: object mapping: $. - name: listapplicationprotectedappmetadatacustomdomains description: Get application custom domains. hints: readOnly: true destructive: false idempotent: true call: logto.listapplicationprotectedappmetadatacustomdomains outputParameters: - type: object mapping: $. - name: createapplicationprotectedappmetadatacustomdomai description: Add a custom domain to the application. hints: readOnly: false destructive: false idempotent: false call: logto.createapplicationprotectedappmetadatacustomdomai outputParameters: - type: object mapping: $. - name: deleteapplicationprotectedappmetadatacustomdomai description: Remove custom domain. hints: readOnly: false destructive: true idempotent: true call: logto.deleteapplicationprotectedappmetadatacustomdomai with: domain: tools.domain inputParameters: - name: domain type: string description: domain required: true outputParameters: - type: object mapping: $. - name: listapplicationorganizations description: Get application organizations hints: readOnly: true destructive: false idempotent: true call: logto.listapplicationorganizations with: page: tools.page page_size: tools.page_size inputParameters: - name: page type: integer description: Page number (starts from 1). - name: page_size type: integer description: Entries per page. outputParameters: - type: object mapping: $. - name: deleteapplicationlegacysecret description: Delete application legacy secret hints: readOnly: false destructive: true idempotent: true call: logto.deleteapplicationlegacysecret outputParameters: - type: object mapping: $. - name: listapplicationsecrets description: Get application secrets hints: readOnly: true destructive: false idempotent: true call: logto.listapplicationsecrets outputParameters: - type: object mapping: $. - name: createapplicationsecret description: Add application secret hints: readOnly: false destructive: false idempotent: false call: logto.createapplicationsecret outputParameters: - type: object mapping: $. - name: deleteapplicationsecret description: Delete application secret hints: readOnly: false destructive: true idempotent: true call: logto.deleteapplicationsecret with: name: tools.name inputParameters: - name: name type: string description: The name of the secret. required: true outputParameters: - type: object mapping: $. - name: updateapplicationsecret description: Update application secret hints: readOnly: false destructive: false idempotent: false call: logto.updateapplicationsecret with: name: tools.name inputParameters: - name: name type: string description: The name of the secret. required: true outputParameters: - type: object mapping: $. - name: createapplicationuserconsentscope description: Assign user consent scopes to application. hints: readOnly: false destructive: false idempotent: false call: logto.createapplicationuserconsentscope outputParameters: - type: object mapping: $. - name: listapplicationuserconsentscopes description: List all the user consent scopes of an application. hints: readOnly: true destructive: false idempotent: true call: logto.listapplicationuserconsentscopes outputParameters: - type: object mapping: $. - name: deleteapplicationuserconsentscope description: Remove user consent scope from application. hints: readOnly: false destructive: true idempotent: true call: logto.deleteapplicationuserconsentscope with: scopeType: tools.scopeType inputParameters: - name: scopeType type: string description: scopeType required: true outputParameters: - type: object mapping: $. - name: replaceapplicationsigninexperience description: Update application level sign-in experience hints: readOnly: false destructive: false idempotent: true call: logto.replaceapplicationsigninexperience outputParameters: - type: object mapping: $. - name: getapplicationsigninexperience description: Get the application level sign-in experience hints: readOnly: true destructive: false idempotent: true call: logto.getapplicationsigninexperience outputParameters: - type: object mapping: $. - name: listapplicationuserconsentorganizations description: List all the user consented organizations of a application. hints: readOnly: true destructive: false idempotent: true call: logto.listapplicationuserconsentorganizations with: page: tools.page page_size: tools.page_size inputParameters: - name: page type: integer description: Page number (starts from 1). - name: page_size type: integer description: Entries per page. outputParameters: - type: object mapping: $. - name: replaceapplicationuserconsentorganizations description: Grant a list of organization access of a user for a application. hints: readOnly: false destructive: false idempotent: true call: logto.replaceapplicationuserconsentorganizations outputParameters: - type: object mapping: $. - name: createapplicationuserconsentorganization description: Grant a list of organization access of a user for a application. hints: readOnly: false destructive: false idempotent: false call: logto.createapplicationuserconsentorganization outputParameters: - type: object mapping: $. - name: deleteapplicationuserconsentorganization description: Revoke a user's access to an organization for a application. hints: readOnly: false destructive: true idempotent: true call: logto.deleteapplicationuserconsentorganization outputParameters: - type: object mapping: $. - name: getadminconsoleconfig description: Get admin console config hints: readOnly: true destructive: false idempotent: true call: logto.getadminconsoleconfig outputParameters: - type: object mapping: $. - name: updateadminconsoleconfig description: Update admin console config hints: readOnly: false destructive: false idempotent: false call: logto.updateadminconsoleconfig outputParameters: - type: object mapping: $. - name: getoidcsessionconfig description: Get OIDC session config hints: readOnly: true destructive: false idempotent: true call: logto.getoidcsessionconfig outputParameters: - type: object mapping: $. - name: updateoidcsessionconfig description: Update OIDC session config hints: readOnly: false destructive: false idempotent: false call: logto.updateoidcsessionconfig outputParameters: - type: object mapping: $. - name: getoidckeys description: Get OIDC keys hints: readOnly: true destructive: false idempotent: true call: logto.getoidckeys with: keyType: tools.keyType inputParameters: - name: keyType type: string description: Private keys are used to sign OIDC JWTs. Cookie keys are used to sign OIDC cookies. For clients, they do not need to know private keys to verify OIDC JWTs; they required: true outputParameters: - type: object mapping: $. - name: deleteoidckey description: Delete OIDC key hints: readOnly: false destructive: true idempotent: true call: logto.deleteoidckey with: keyType: tools.keyType inputParameters: - name: keyType type: string description: Private keys are used to sign OIDC JWTs. Cookie keys are used to sign OIDC cookies. For clients, they do not need to know private keys to verify OIDC JWTs; they required: true outputParameters: - type: object mapping: $. - name: rotateoidckeys description: Rotate OIDC keys hints: readOnly: false destructive: false idempotent: false call: logto.rotateoidckeys with: keyType: tools.keyType inputParameters: - name: keyType type: string description: Private keys are used to sign OIDC JWTs. Cookie keys are used to sign OIDC cookies. For clients, they do not need to know private keys to verify OIDC JWTs; they required: true outputParameters: - type: object mapping: $. - name: upsertjwtcustomizer description: Create or update JWT customizer hints: readOnly: false destructive: false idempotent: true call: logto.upsertjwtcustomizer with: tokenTypePath: tools.tokenTypePath inputParameters: - name: tokenTypePath type: string description: The token type to create a JWT customizer for. required: true outputParameters: - type: object mapping: $. - name: updatejwtcustomizer description: Update JWT customizer hints: readOnly: false destructive: false idempotent: false call: logto.updatejwtcustomizer with: tokenTypePath: tools.tokenTypePath inputParameters: - name: tokenTypePath type: string description: The token type to update a JWT customizer for. required: true outputParameters: - type: object mapping: $. - name: getjwtcustomizer description: Get JWT customizer hints: readOnly: true destructive: false idempotent: true call: logto.getjwtcustomizer with: tokenTypePath: tools.tokenTypePath inputParameters: - name: tokenTypePath type: string description: The token type to get the JWT customizer for. required: true outputParameters: - type: object mapping: $. - name: deletejwtcustomizer description: Delete JWT customizer hints: readOnly: false destructive: true idempotent: true call: logto.deletejwtcustomizer with: tokenTypePath: tools.tokenTypePath inputParameters: - name: tokenTypePath type: string description: The token type path to delete the JWT customizer for. required: true outputParameters: - type: object mapping: $. - name: listjwtcustomizers description: Get all JWT customizers hints: readOnly: true destructive: false idempotent: true call: logto.listjwtcustomizers outputParameters: - type: object mapping: $. - name: testjwtcustomizer description: Test JWT customizer hints: readOnly: false destructive: false idempotent: false call: logto.testjwtcustomizer outputParameters: - type: object mapping: $. - name: getidtokenconfig description: Get ID token claims configuration hints: readOnly: true destructive: false idempotent: true call: logto.getidtokenconfig outputParameters: - type: object mapping: $. - name: upsertidtokenconfig description: Upsert ID token claims configuration hints: readOnly: false destructive: false idempotent: true call: logto.upsertidtokenconfig outputParameters: - type: object mapping: $. - name: createconnector description: Create connector hints: readOnly: false destructive: false idempotent: false call: logto.createconnector outputParameters: - type: object mapping: $. - name: listconnectors description: Get connectors hints: readOnly: true destructive: false idempotent: true call: logto.listconnectors with: target: tools.target inputParameters: - name: target type: string description: Filter connectors by target. outputParameters: - type: object mapping: $. - name: getconnector description: Get connector hints: readOnly: true destructive: false idempotent: true call: logto.getconnector outputParameters: - type: object mapping: $. - name: updateconnector description: Update connector hints: readOnly: false destructive: false idempotent: false call: logto.updateconnector outputParameters: - type: object mapping: $. - name: deleteconnector description: Delete connector hints: readOnly: false destructive: true idempotent: true call: logto.deleteconnector outputParameters: - type: object mapping: $. - name: createconnectortest description: Test passwordless connector hints: readOnly: false destructive: false idempotent: false call: logto.createconnectortest outputParameters: - type: object mapping: $. - name: createconnectorauthorizationuri description: Get connector's authorization URI hints: readOnly: false destructive: false idempotent: false call: logto.createconnectorauthorizationuri outputParameters: - type: object mapping: $. - name: listconnectorfactories description: Get connector factories hints: readOnly: true destructive: false idempotent: true call: logto.listconnectorfactories outputParameters: - type: object mapping: $. - name: getconnectorfactory description: Get connector factory hints: readOnly: true destructive: false idempotent: true call: logto.getconnectorfactory outputParameters: - type: object mapping: $. - name: listresources description: Get API resources hints: readOnly: true destructive: false idempotent: true call: logto.listresources with: includeScopes: tools.includeScopes page: tools.page page_size: tools.page_size inputParameters: - name: includeScopes type: string description: If it's provided with a truthy value (`true`, `1`, `yes`), the scopes of each resource will be included in the response. - name: page type: integer description: Page number (starts from 1). - name: page_size type: integer description: Entries per page. outputParameters: - type: object mapping: $. - name: createresource description: Create an API resource hints: readOnly: false destructive: false idempotent: false call: logto.createresource outputParameters: - type: object mapping: $. - name: getresource description: Get API resource hints: readOnly: true destructive: false idempotent: true call: logto.getresource outputParameters: - type: object mapping: $. - name: updateresource description: Update API resource hints: readOnly: false destructive: false idempotent: false call: logto.updateresource outputParameters: - type: object mapping: $. - name: deleteresource description: Delete API resource hints: readOnly: false destructive: true idempotent: true call: logto.deleteresource outputParameters: - type: object mapping: $. - name: updateresourceisdefault description: Set API resource as default hints: readOnly: false destructive: false idempotent: false call: logto.updateresourceisdefault outputParameters: - type: object mapping: $. - name: listresourcescopes description: Get API resource scopes hints: readOnly: true destructive: false idempotent: true call: logto.listresourcescopes with: page: tools.page page_size: tools.page_size search_params: tools.search_params inputParameters: - name: page type: integer description: Page number (starts from 1). - name: page_size type: integer description: Entries per page. - name: search_params type: object description: Search query parameters. outputParameters: - type: object mapping: $. - name: createresourcescope description: Create API resource scope hints: readOnly: false destructive: false idempotent: false call: logto.createresourcescope outputParameters: - type: object mapping: $. binds: - namespace: env keys: LOGTO_TOKEN: LOGTO_TOKEN