{ "components": { "responses": { "emptyResponse": { "description": "Empty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is\ntypically 201." } }, "schemas": { "AdminUpdateIdentityBody": { "properties": { "credentials": { "$ref": "#/components/schemas/adminIdentityImportCredentials" }, "metadata_admin": { "description": "Store metadata about the user which is only accessible through admin APIs such as `GET /admin/identities/\u003cid\u003e`." }, "metadata_public": { "description": "Store metadata about the identity which the identity itself can see when calling for example the\nsession endpoint. Do not store sensitive information (e.g. credit score) about the identity in this field." }, "schema_id": { "description": "SchemaID is the ID of the JSON Schema to be used for validating the identity's traits. If set\nwill update the Identity's SchemaID.", "type": "string" }, "state": { "$ref": "#/components/schemas/identityState" }, "traits": { "description": "Traits represent an identity's traits. The identity is able to create, modify, and delete traits\nin a self-service manner. The input will always be validated against the JSON Schema defined\nin `schema_id`.", "type": "object" } }, "required": [ "schema_id", "traits", "state" ], "type": "object" }, "CreateSubscriptionPayload": { "properties": { "plan_or_price": { "type": "string" }, "provision_first_project": { "$ref": "#/components/schemas/UUID" }, "return_to": { "type": "string" } }, "required": [ "plan_or_price", "provision_first_project" ], "type": "object" }, "CustomHostnameStatus": { "description": "CustomHostnameStatus is the enumeration of valid state values in the CustomHostnameSSL", "type": "string" }, "Duration": { "description": "A Duration represents the elapsed time between two instants\nas an int64 nanosecond count. The representation limits the\nlargest representable duration to approximately 290 years.", "format": "int64", "type": "integer" }, "ID": { "format": "int64", "type": "integer" }, "InternalRelationTuple": { "properties": { "namespace": { "description": "Namespace of the Relation Tuple", "type": "string" }, "object": { "description": "Object of the Relation Tuple", "type": "string" }, "relation": { "description": "Relation of the Relation Tuple", "type": "string" }, "subject_id": { "description": "SubjectID of the Relation Tuple\n\nEither SubjectSet or SubjectID are required.", "type": "string" }, "subject_set": { "$ref": "#/components/schemas/SubjectSet" } }, "required": [ "namespace", "object", "relation" ], "type": "object" }, "InvitePayload": { "properties": { "invitee_email": { "type": "string" } }, "type": "object" }, "JSONRawMessage": { "title": "JSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger.", "type": "object" }, "KetoNamespace": { "properties": { "id": { "format": "int64", "type": "integer" }, "name": { "type": "string" } }, "type": "object" }, "KetoNamespaces": { "items": { "$ref": "#/components/schemas/KetoNamespace" }, "type": "array" }, "NullBool": { "nullable": true, "type": "boolean" }, "NullInt": { "nullable": true, "type": "integer" }, "NullPlan": { "description": "\nunknown Unknown\nfree Free\nstart_up_monthly StartUpMonthly\nstart_up_yearly StartUpYearly\ncustom Custom", "enum": [ "unknown", "free", "start_up_monthly", "start_up_yearly", "custom" ], "type": "string", "x-go-enum-desc": "unknown Unknown\nfree Free\nstart_up_monthly StartUpMonthly\nstart_up_yearly StartUpYearly\ncustom Custom" }, "NullString": { "nullable": true, "type": "string" }, "NullTime": { "format": "date-time", "nullable": true, "type": "string" }, "NullUUID": { "format": "uuid4", "nullable": true, "type": "string" }, "PatchDelta": { "properties": { "action": { "enum": [ "insert", "delete" ], "type": "string" }, "relation_tuple": { "$ref": "#/components/schemas/InternalRelationTuple" } }, "type": "object" }, "QuotaCustomDomains": { "properties": { "available_domains": { "format": "int64", "type": "integer" }, "can_use": { "type": "boolean" }, "used_domains": { "format": "int64", "type": "integer" } }, "type": "object" }, "QuotaProjectMemberSeats": { "properties": { "project_id": { "$ref": "#/components/schemas/UUID" }, "remaining_seats": { "format": "int64", "type": "integer" }, "total_seats": { "format": "int64", "type": "integer" } }, "type": "object" }, "RecoveryAddress": { "properties": { "created_at": { "description": "CreatedAt is a helper struct field for gobuffalo.pop.", "format": "date-time", "type": "string" }, "id": { "$ref": "#/components/schemas/UUID" }, "updated_at": { "description": "UpdatedAt is a helper struct field for gobuffalo.pop.", "format": "date-time", "type": "string" }, "value": { "type": "string" }, "via": { "$ref": "#/components/schemas/RecoveryAddressType" } }, "required": [ "id", "value", "via" ], "type": "object" }, "RecoveryAddressType": { "type": "string" }, "RelationQuery": { "properties": { "namespace": { "description": "Namespace of the Relation Tuple", "type": "string" }, "object": { "description": "Object of the Relation Tuple", "type": "string" }, "relation": { "description": "Relation of the Relation Tuple", "type": "string" }, "subject_id": { "description": "SubjectID of the Relation Tuple\n\nEither SubjectSet or SubjectID can be provided.", "type": "string" }, "subject_set": { "$ref": "#/components/schemas/SubjectSet" } }, "type": "object" }, "String": { "$ref": "#/components/schemas/NullString" }, "StringSliceJSONFormat": { "items": { "type": "string" }, "title": "StringSliceJSONFormat represents []string{} which is encoded to/from JSON for SQL storage.", "type": "array" }, "SubjectSet": { "properties": { "namespace": { "description": "Namespace of the Subject Set", "type": "string" }, "object": { "description": "Object of the Subject Set", "type": "string" }, "relation": { "description": "Relation of the Subject Set", "type": "string" } }, "required": [ "namespace", "object", "relation" ], "type": "object" }, "SubscriptionStatus": { "description": "For `collection_method=charge_automatically` a subscription moves into `incomplete` if the initial payment attempt fails. A subscription in this state can only have metadata and default_source updated. Once the first invoice is paid, the subscription moves into an `active` state. If the first invoice is not paid within 23 hours, the subscription transitions to `incomplete_expired`. This is a terminal state, the open invoice will be voided and no further invoices will be generated.\n\nA subscription that is currently in a trial period is `trialing` and moves to `active` when the trial period is over.\n\nIf subscription `collection_method=charge_automatically` it becomes `past_due` when payment to renew it fails and `canceled` or `unpaid` (depending on your subscriptions settings) when Stripe has exhausted all payment retry attempts.\n\nIf subscription `collection_method=send_invoice` it becomes `past_due` when its invoice is not paid by the due date, and `canceled` or `unpaid` if it is still not paid by an additional deadline after that. Note that when a subscription has a status of `unpaid`, no subsequent invoices will be attempted (invoices will be created, but then immediately automatically closed). After receiving updated payment information from a customer, you may choose to reopen and pay their closed invoices.", "title": "Possible values are `incomplete`, `incomplete_expired`, `trialing`, `active`, `past_due`, `canceled`, or `unpaid`.", "type": "string" }, "Time": { "format": "date-time", "type": "string" }, "UUID": { "format": "uuid4", "type": "string" }, "UpdateSubscriptionPayload": { "properties": { "plan_or_price": { "type": "string" }, "return_to": { "type": "string" } }, "required": [ "plan_or_price" ], "type": "object" }, "Warning": { "properties": { "code": { "format": "int64", "type": "integer" }, "message": { "type": "string" } }, "type": "object" }, "activeProject": { "description": "The Active Project ID", "properties": { "project_id": { "description": "The Active Project ID\n\nformat: uuid", "type": "string" } }, "type": "object" }, "adminCreateIdentityBody": { "properties": { "credentials": { "$ref": "#/components/schemas/adminIdentityImportCredentials" }, "metadata_admin": { "description": "Store metadata about the user which is only accessible through admin APIs such as `GET /admin/identities/\u003cid\u003e`." }, "metadata_public": { "description": "Store metadata about the identity which the identity itself can see when calling for example the\nsession endpoint. Do not store sensitive information (e.g. credit score) about the identity in this field." }, "recovery_addresses": { "description": "RecoveryAddresses contains all the addresses that can be used to recover an identity.\n\nUse this structure to import recovery addresses for an identity. Please keep in mind\nthat the address needs to be represented in the Identity Schema or this field will be overwritten\non the next identity update.", "items": { "$ref": "#/components/schemas/RecoveryAddress" }, "type": "array" }, "schema_id": { "description": "SchemaID is the ID of the JSON Schema to be used for validating the identity's traits.", "type": "string" }, "state": { "$ref": "#/components/schemas/identityState" }, "traits": { "description": "Traits represent an identity's traits. The identity is able to create, modify, and delete traits\nin a self-service manner. The input will always be validated against the JSON Schema defined\nin `schema_url`.", "type": "object" }, "verifiable_addresses": { "description": "VerifiableAddresses contains all the addresses that can be verified by the user.\n\nUse this structure to import verified addresses for an identity. Please keep in mind\nthat the address needs to be represented in the Identity Schema or this field will be overwritten\non the next identity update.", "items": { "$ref": "#/components/schemas/verifiableIdentityAddress" }, "type": "array" } }, "required": [ "schema_id", "traits" ], "type": "object" }, "adminCreateIdentityImportCredentialsOidc": { "properties": { "config": { "$ref": "#/components/schemas/adminCreateIdentityImportCredentialsOidcConfig" } }, "type": "object" }, "adminCreateIdentityImportCredentialsOidcConfig": { "properties": { "config": { "$ref": "#/components/schemas/adminCreateIdentityImportCredentialsPasswordConfig" }, "providers": { "description": "A list of OpenID Connect Providers", "items": { "$ref": "#/components/schemas/adminCreateIdentityImportCredentialsOidcProvider" }, "type": "array" } }, "type": "object" }, "adminCreateIdentityImportCredentialsOidcProvider": { "properties": { "provider": { "description": "The OpenID Connect provider to link the subject to. Usually something like `google` or `github`.", "type": "string" }, "subject": { "description": "The subject (`sub`) of the OpenID Connect connection. Usually the `sub` field of the ID Token.", "type": "string" } }, "required": [ "subject", "provider" ], "type": "object" }, "adminCreateIdentityImportCredentialsPassword": { "properties": { "config": { "$ref": "#/components/schemas/adminCreateIdentityImportCredentialsPasswordConfig" } }, "type": "object" }, "adminCreateIdentityImportCredentialsPasswordConfig": { "properties": { "hashed_password": { "description": "The hashed password in [PHC format]( https://www.ory.sh/docs/kratos/concepts/credentials/username-email-password#hashed-password-format)", "type": "string" }, "password": { "description": "The password in plain text if no hash is available.", "type": "string" } }, "type": "object" }, "adminCreateSelfServiceRecoveryLinkBody": { "properties": { "expires_in": { "description": "Link Expires In\n\nThe recovery link will expire at that point in time. Defaults to the configuration value of\n`selfservice.flows.recovery.request_lifespan`.", "pattern": "^[0-9]+(ns|us|ms|s|m|h)$", "type": "string" }, "identity_id": { "$ref": "#/components/schemas/UUID" } }, "required": [ "identity_id" ], "type": "object" }, "adminIdentityImportCredentials": { "properties": { "oidc": { "$ref": "#/components/schemas/adminCreateIdentityImportCredentialsOidc" }, "password": { "$ref": "#/components/schemas/adminCreateIdentityImportCredentialsPassword" } }, "type": "object" }, "apiToken": { "properties": { "id": { "$ref": "#/components/schemas/UUID" }, "name": { "description": "The Token's Name\n\nSet this to help you remember, for example, where you use the token.", "type": "string" }, "owner_id": { "$ref": "#/components/schemas/UUID" }, "project_id": { "$ref": "#/components/schemas/UUID" }, "value": { "description": "The token's value", "readOnly": true, "type": "string" } }, "required": [ "id", "name", "owner_id" ], "type": "object" }, "apiTokens": { "items": { "$ref": "#/components/schemas/apiToken" }, "type": "array" }, "authenticatorAssuranceLevel": { "description": "The authenticator assurance level can be one of \"aal1\", \"aal2\", or \"aal3\". A higher number means that it is harder\nfor an attacker to compromise the account.\n\nGenerally, \"aal1\" implies that one authentication factor was used while AAL2 implies that two factors (e.g.\npassword + TOTP) have been used.\n\nTo learn more about these levels please head over to: https://www.ory.sh/kratos/docs/concepts/credentials", "enum": [ "aal0", "aal1", "aal2", "aal3" ], "title": "Authenticator Assurance Level (AAL)", "type": "string" }, "cloudAccount": { "properties": { "email": { "type": "string" }, "id": { "$ref": "#/components/schemas/UUID" }, "name": { "type": "string" } }, "type": "object" }, "cnameSettings": { "properties": { "cookie_domain": { "type": "string" }, "cors_allowed_origins": { "$ref": "#/components/schemas/StringSliceJSONFormat" }, "cors_enabled": { "type": "boolean" }, "created_at": { "format": "date-time", "type": "string" }, "hostname": { "type": "string" }, "id": { "$ref": "#/components/schemas/UUID" }, "updated_at": { "format": "date-time", "type": "string" }, "verification_errors": { "items": { "type": "string" }, "type": "array" }, "verification_status": { "$ref": "#/components/schemas/CustomHostnameStatus" } }, "type": "object" }, "createCustomHostnameBody": { "properties": { "cookie_domain": { "description": "The domain where cookies will be set. Has to be a parent domain of the custom hostname to work.", "type": "string" }, "cors_allowed_origins": { "description": "CORS Allowed origins for the custom hostname.", "items": { "type": "string" }, "type": "array" }, "cors_enabled": { "description": "CORS Enabled for the custom hostname.", "type": "boolean" }, "hostname": { "description": "The custom hostname where the API will be exposed.", "type": "string" } }, "type": "object" }, "createProjectBody": { "properties": { "name": { "description": "The name of the project to be created", "type": "string" } }, "required": [ "name" ], "type": "object" }, "errorAuthenticatorAssuranceLevelNotSatisfied": { "properties": { "code": { "description": "The status code", "example": 404, "format": "int64", "type": "integer" }, "debug": { "description": "Debug information\n\nThis field is often not exposed to protect against leaking\nsensitive information.", "example": "SQL field \"foo\" is not a bool.", "type": "string" }, "details": { "additionalProperties": true, "description": "Further error details", "type": "object" }, "id": { "description": "The error ID\n\nUseful when trying to identify various errors in application logic.", "type": "string" }, "message": { "description": "Error message\n\nThe error's message.", "example": "The resource could not be found", "type": "string" }, "reason": { "description": "A human-readable reason for the error", "example": "User with ID 1234 does not exist.", "type": "string" }, "redirect_browser_to": { "type": "string" }, "request": { "description": "The request ID\n\nThe request ID is often exposed internally in order to trace\nerrors across service architectures. This is often a UUID.", "example": "d7ef54b1-ec15-46e6-bccb-524b82c035e6", "type": "string" }, "status": { "description": "The status description", "example": "Not Found", "type": "string" } }, "required": [ "message" ], "title": "ErrAALNotSatisfied is returned when an active session was found but the requested AAL is not satisfied.", "type": "object" }, "expandTree": { "properties": { "children": { "items": { "$ref": "#/components/schemas/expandTree" }, "type": "array" }, "subject_id": { "type": "string" }, "subject_set": { "$ref": "#/components/schemas/SubjectSet" }, "type": { "enum": [ "union", "exclusion", "intersection", "leaf" ], "type": "string" } }, "required": [ "type" ], "type": "object" }, "genericError": { "description": "Error responses are sent when an error (e.g. unauthorized, bad request, ...) occurred.", "properties": { "code": { "description": "The status code", "example": 404, "format": "int64", "type": "integer" }, "debug": { "description": "Debug information\n\nThis field is often not exposed to protect against leaking\nsensitive information.", "example": "SQL field \"foo\" is not a bool.", "type": "string" }, "details": { "additionalProperties": false, "description": "Further error details", "items": { "additionalProperties": true, "type": "object" }, "type": "object" }, "error": { "$ref": "#/components/schemas/genericErrorContent" }, "id": { "description": "The error ID\n\nUseful when trying to identify various errors in application logic.", "type": "string" }, "message": { "description": "Error message\n\nThe error's message.", "example": "The resource could not be found", "type": "string" }, "reason": { "description": "A human-readable reason for the error", "example": "User with ID 1234 does not exist.", "type": "string" }, "request": { "description": "The request ID\n\nThe request ID is often exposed internally in order to trace\nerrors across service architectures. This is often a UUID.", "example": "d7ef54b1-ec15-46e6-bccb-524b82c035e6", "type": "string" }, "status": { "description": "The status description", "example": "Not Found", "type": "string" } }, "required": [ "message" ], "title": "Error response", "type": "object" }, "genericErrorContent": { "description": "Error response", "properties": { "debug": { "description": "Debug contains debug information. This is usually not available and has to be enabled.", "example": "The database adapter was unable to find the element", "type": "string" }, "error": { "description": "Name is the error name.", "example": "The requested resource could not be found", "type": "string" }, "error_description": { "description": "Description contains further information on the nature of the error.", "example": "Object with ID 12345 does not exist", "type": "string" }, "message": { "description": "Message contains the error message.", "type": "string" }, "status_code": { "description": "Code represents the error status code (404, 403, 401, ...).", "example": 404, "format": "int64", "type": "integer" } }, "type": "object" }, "getCheckResponse": { "description": "The content of the allowed field is mirrored in the HTTP status code.", "properties": { "allowed": { "description": "whether the relation tuple is allowed", "type": "boolean" } }, "required": [ "allowed" ], "title": "RESTResponse represents the response for a check request.", "type": "object" }, "getProjectAccessResponse": { "additionalProperties": { "type": "boolean" }, "type": "object" }, "getRelationTuplesResponse": { "properties": { "next_page_token": { "description": "The opaque token to provide in a subsequent request\nto get the next page. It is the empty string iff this is\nthe last page.", "type": "string" }, "relation_tuples": { "items": { "$ref": "#/components/schemas/InternalRelationTuple" }, "type": "array" } }, "type": "object" }, "healthNotReadyStatus": { "properties": { "errors": { "additionalProperties": { "type": "string" }, "description": "Errors contains a list of errors that caused the not ready status.", "type": "object" } }, "type": "object" }, "healthStatus": { "properties": { "status": { "description": "Status always contains \"ok\".", "type": "string" } }, "type": "object" }, "identity": { "description": "An identity can be a real human, a service, an IoT device - everything that\ncan be described as an \"actor\" in a system.", "properties": { "created_at": { "description": "CreatedAt is a helper struct field for gobuffalo.pop.", "format": "date-time", "type": "string" }, "credentials": { "additionalProperties": { "$ref": "#/components/schemas/identityCredentials" }, "description": "Credentials represents all credentials that can be used for authenticating this identity.", "type": "object" }, "id": { "$ref": "#/components/schemas/UUID" }, "metadata_admin": { "$ref": "#/components/schemas/nullJsonRawMessage" }, "metadata_public": { "$ref": "#/components/schemas/nullJsonRawMessage" }, "recovery_addresses": { "description": "RecoveryAddresses contains all the addresses that can be used to recover an identity.", "items": { "$ref": "#/components/schemas/RecoveryAddress" }, "type": "array", "x-omitempty": true }, "schema_id": { "description": "SchemaID is the ID of the JSON Schema to be used for validating the identity's traits.", "type": "string" }, "schema_url": { "description": "SchemaURL is the URL of the endpoint where the identity's traits schema can be fetched from.\n\nformat: url", "type": "string" }, "state": { "$ref": "#/components/schemas/identityState" }, "state_changed_at": { "$ref": "#/components/schemas/nullTime" }, "traits": { "$ref": "#/components/schemas/identityTraits" }, "updated_at": { "description": "UpdatedAt is a helper struct field for gobuffalo.pop.", "format": "date-time", "type": "string" }, "verifiable_addresses": { "description": "VerifiableAddresses contains all the addresses that can be verified by the user.", "items": { "$ref": "#/components/schemas/verifiableIdentityAddress" }, "type": "array", "x-omitempty": true } }, "required": [ "id", "schema_id", "schema_url", "traits" ], "title": "Identity represents an Ory Kratos identity", "type": "object" }, "identityCredentials": { "description": "Credentials represents a specific credential type", "properties": { "config": { "$ref": "#/components/schemas/JSONRawMessage" }, "created_at": { "description": "CreatedAt is a helper struct field for gobuffalo.pop.", "format": "date-time", "type": "string" }, "identifiers": { "description": "Identifiers represents a list of unique identifiers this credential type matches.", "items": { "type": "string" }, "type": "array" }, "type": { "$ref": "#/components/schemas/identityCredentialsType" }, "updated_at": { "description": "UpdatedAt is a helper struct field for gobuffalo.pop.", "format": "date-time", "type": "string" }, "version": { "description": "Version refers to the version of the credential. Useful when changing the config schema.", "format": "int64", "type": "integer" } }, "type": "object" }, "identityCredentialsOidc": { "properties": { "providers": { "items": { "$ref": "#/components/schemas/identityCredentialsOidcProvider" }, "type": "array" } }, "title": "CredentialsOIDC is contains the configuration for credentials of the type oidc.", "type": "object" }, "identityCredentialsOidcProvider": { "properties": { "initial_access_token": { "type": "string" }, "initial_id_token": { "type": "string" }, "initial_refresh_token": { "type": "string" }, "provider": { "type": "string" }, "subject": { "type": "string" } }, "title": "CredentialsOIDCProvider is contains a specific OpenID COnnect credential for a particular connection (e.g. Google).", "type": "object" }, "identityCredentialsPassword": { "properties": { "hashed_password": { "description": "HashedPassword is a hash-representation of the password.", "type": "string" } }, "title": "CredentialsPassword is contains the configuration for credentials of the type password.", "type": "object" }, "identityCredentialsType": { "description": "and so on.", "enum": [ "password", "totp", "oidc", "webauthn", "lookup_secret" ], "title": "CredentialsType represents several different credential types, like password credentials, passwordless credentials,", "type": "string" }, "identityList": { "items": { "$ref": "#/components/schemas/identity" }, "title": "A list of identities.", "type": "array" }, "identityMetaSchema": { "type": "object" }, "identitySchema": { "description": "Together the name and identity uuid are a unique index constraint.\nThis prevents a user from having schemas with the same name.\nThis also allows schemas to have the same name across the system.", "properties": { "blob_name": { "description": "The gcs file name\n\nThis is a randomly generated name which is used to uniquely identify the file on the blob storage", "type": "string" }, "blob_url": { "description": "The publicly accessible url of the schema", "type": "string" }, "content_hash": { "description": "The Content Hash\n\nContains a hash of the schema's content.", "type": "string" }, "created_at": { "description": "The Schema's Creation Date", "format": "date-time", "readOnly": true, "type": "string" }, "id": { "$ref": "#/components/schemas/UUID" }, "name": { "description": "The schema name\n\nThis is set by the user and is for them to easily recognise their schema", "example": "CustomerIdentity", "type": "string" }, "updated_at": { "description": "Last Time Schema was Updated", "format": "date-time", "readOnly": true, "type": "string" } }, "required": [ "id", "name", "blob_name", "blob_url", "created_at", "updated_at" ], "title": "Schema represents an Ory Kratos Identity Schema", "type": "object" }, "identitySchemaContainer": { "properties": { "id": { "description": "The ID of the Identity JSON Schema", "type": "string" }, "schema": { "$ref": "#/components/schemas/identitySchema" } }, "type": "object" }, "identitySchemaLocation": { "properties": { "location": { "type": "string" } }, "type": "object" }, "identitySchemaPreset": { "properties": { "schema": { "description": "Schema is the Identity JSON Schema", "type": "object" }, "url": { "description": "URL is the preset identifier", "type": "string" } }, "required": [ "url", "schema" ], "type": "object" }, "identitySchemaPresets": { "items": { "$ref": "#/components/schemas/identitySchemaPreset" }, "type": "array" }, "identitySchemaValidationResult": { "properties": { "message": { "type": "string" }, "valid": { "type": "boolean" } }, "type": "object" }, "identitySchemas": { "description": "Raw identity Schema list", "items": { "$ref": "#/components/schemas/identitySchema" }, "type": "array" }, "identityState": { "description": "The state can either be `active` or `inactive`.", "enum": [ "active", "inactive" ], "title": "An Identity's State", "type": "string" }, "identityTraits": { "description": "Traits represent an identity's traits. The identity is able to create, modify, and delete traits\nin a self-service manner. The input will always be validated against the JSON Schema defined\nin `schema_url`." }, "identityVerifiableAddressStatus": { "description": "VerifiableAddressStatus must not exceed 16 characters as that is the limitation in the SQL Schema", "type": "string" }, "identityVerifiableAddressType": { "description": "VerifiableAddressType must not exceed 16 characters as that is the limitation in the SQL Schema", "type": "string" }, "isOwnerForProjectBySlug": { "properties": { "ProjectSlug": { "description": "ProjectSlug is the project's slug.", "type": "string" }, "Subject": { "description": "Subject is the subject from the API Token.", "type": "string" } }, "required": [ "Subject", "ProjectSlug" ], "type": "object" }, "isOwnerForProjectBySlugPayload": { "properties": { "project_scope": { "description": "ProjectScope is the project_id resolved from the\nAPI Token.", "type": "string" }, "project_slug": { "description": "ProjectSlug is the project's slug.", "type": "string" }, "subject": { "description": "Subject is the subject from the API Token.", "type": "string" } }, "required": [ "subject", "project_slug" ], "type": "object" }, "jsonError": { "description": "The standard Ory JSON API error format.", "properties": { "error": { "$ref": "#/components/schemas/genericError" } }, "required": [ "error" ], "title": "JSON API Error Response", "type": "object" }, "jsonPatch": { "description": "JSON Patch allows you to target individual keys in a JSON document for updates.\n\nFor more examples see: https://jsonpatch.com", "properties": { "from": { "description": "This field is used together with operation \"move\" and uses JSON Pointer notation.\n\nLearn more [about JSON Pointers](https://datatracker.ietf.org/doc/html/rfc6901#section-5).", "example": "/name", "type": "string" }, "op": { "description": "The JSON Patch operation", "enum": [ "add", "remove", "replace", "move", "copy", "test" ], "example": "replace", "type": "string" }, "path": { "description": "The JSON Pointer to the target key", "example": "/services/identity/config/smtp/from_name", "type": "string" }, "value": { "description": "The value to be used. Only available for `add` and `replace` operations.", "example": "foobar" } }, "required": [ "op", "path" ], "title": "A JSON Patch", "type": "object" }, "jsonPatchDocument": { "description": "A JSONPatchDocument request", "items": { "$ref": "#/components/schemas/jsonPatch" }, "type": "array" }, "listCustomHostnamesResponse": { "items": { "$ref": "#/components/schemas/cnameSettings" }, "type": "array" }, "needsPrivilegedSessionError": { "properties": { "code": { "description": "The status code", "example": 404, "format": "int64", "type": "integer" }, "debug": { "description": "Debug information\n\nThis field is often not exposed to protect against leaking\nsensitive information.", "example": "SQL field \"foo\" is not a bool.", "type": "string" }, "details": { "additionalProperties": true, "description": "Further error details", "type": "object" }, "id": { "description": "The error ID\n\nUseful when trying to identify various errors in application logic.", "type": "string" }, "message": { "description": "Error message\n\nThe error's message.", "example": "The resource could not be found", "type": "string" }, "reason": { "description": "A human-readable reason for the error", "example": "User with ID 1234 does not exist.", "type": "string" }, "redirect_browser_to": { "description": "Points to where to redirect the user to next.", "type": "string" }, "request": { "description": "The request ID\n\nThe request ID is often exposed internally in order to trace\nerrors across service architectures. This is often a UUID.", "example": "d7ef54b1-ec15-46e6-bccb-524b82c035e6", "type": "string" }, "status": { "description": "The status description", "example": "Not Found", "type": "string" } }, "required": [ "message", "redirect_browser_to" ], "title": "Is sent when a privileged session is required to perform the settings update.", "type": "object" }, "normalizedProject": { "properties": { "created_at": { "description": "The Project's Creation Date", "format": "date-time", "readOnly": true, "type": "string" }, "current_revision": { "$ref": "#/components/schemas/normalizedProjectRevision" }, "hosts": { "$ref": "#/components/schemas/StringSliceJSONFormat" }, "id": { "$ref": "#/components/schemas/UUID" }, "revisions": { "$ref": "#/components/schemas/projectRevisions" }, "slug": { "description": "The project's slug", "readOnly": true, "type": "string" }, "state": { "description": "The state of the project.\nrunning Running\nhalted Halted", "enum": [ "running", "halted" ], "readOnly": true, "type": "string", "x-go-enum-desc": "running Running\nhalted Halted" }, "subscription_id": { "$ref": "#/components/schemas/NullUUID" }, "updated_at": { "description": "Last Time Project was Updated", "format": "date-time", "readOnly": true, "type": "string" } }, "required": [ "id", "hosts", "slug", "current_revision", "revisions", "state", "created_at", "updated_at" ], "type": "object" }, "normalizedProjectRevision": { "properties": { "created_at": { "description": "The Project's Revision Creation Date", "format": "date-time", "readOnly": true, "type": "string" }, "id": { "$ref": "#/components/schemas/UUID" }, "keto_namespaces": { "$ref": "#/components/schemas/KetoNamespaces" }, "keto_read_max_depth": { "$ref": "#/components/schemas/NullInt" }, "kratos_cookies_same_site": { "description": "Configures the Ory Kratos Cookie SameSite Attribute\n\nThis governs the \"cookies.same_site\" setting.", "type": "string" }, "kratos_courier_smtp_connection_uri": { "description": "Configures the Ory Kratos SMTP Connection URI\n\nThis governs the \"courier.smtp.connection_uri\" setting.", "type": "string" }, "kratos_courier_smtp_from_address": { "description": "Configures the Ory Kratos SMTP From Address\n\nThis governs the \"courier.smtp.from_address\" setting.", "type": "string" }, "kratos_courier_smtp_from_name": { "description": "Configures the Ory Kratos SMTP From Name\n\nThis governs the \"courier.smtp.from_name\" setting.", "type": "string" }, "kratos_courier_smtp_headers": { "$ref": "#/components/schemas/nullJsonRawMessage" }, "kratos_courier_templates_recovery_invalid_email_body_html": { "description": "Configures the Ory Kratos Invalid Recovery Email Body HTML Template\n\nThis governs the \"courier.smtp.templates.recovery.invalid.email.body.html\" setting.", "type": "string" }, "kratos_courier_templates_recovery_invalid_email_body_plaintext": { "description": "Configures the Ory Kratos Invalid Recovery Email Body Plaintext Template\n\nThis governs the \"courier.smtp.templates.recovery.invalid.email.body.plaintext\" setting.", "type": "string" }, "kratos_courier_templates_recovery_invalid_email_subject": { "description": "Configures the Ory Kratos Invalid Recovery Email Subject Template\n\nThis governs the \"courier.smtp.templates.recovery.invalid.email.body.html\" setting.", "type": "string" }, "kratos_courier_templates_recovery_valid_email_body_html": { "description": "Configures the Ory Kratos Valid Recovery Email Body HTML Template\n\nThis governs the \"courier.smtp.templates.recovery.valid.email.body.html\" setting.", "type": "string" }, "kratos_courier_templates_recovery_valid_email_body_plaintext": { "description": "Configures the Ory Kratos Valid Recovery Email Body Plaintext Template\n\nThis governs the \"courier.smtp.templates.recovery.valid.email.body.plaintext\" setting.", "type": "string" }, "kratos_courier_templates_recovery_valid_email_subject": { "description": "Configures the Ory Kratos Valid Recovery Email Subject Template\n\nThis governs the \"courier.smtp.templates.recovery.valid.email.subject\" setting.", "type": "string" }, "kratos_courier_templates_verification_invalid_email_body_html": { "description": "Configures the Ory Kratos Invalid Verification Email Body HTML Template\n\nThis governs the \"courier.smtp.templates.verification.invalid.email.body.html\" setting.", "type": "string" }, "kratos_courier_templates_verification_invalid_email_body_plaintext": { "description": "Configures the Ory Kratos Invalid Verification Email Body Plaintext Template\n\nThis governs the \"courier.smtp.templates.recovery.invalid.email.body.plaintext\" setting.", "type": "string" }, "kratos_courier_templates_verification_invalid_email_subject": { "description": "Configures the Ory Kratos Invalid Verification Email Subject Template\n\nThis governs the \"courier.smtp.templates.verification.invalid.email.subject\" setting.", "type": "string" }, "kratos_courier_templates_verification_valid_email_body_html": { "description": "Configures the Ory Kratos Valid Verification Email Body HTML Template\n\nThis governs the \"courier.smtp.templates.verification.valid.email.body.html\" setting.", "type": "string" }, "kratos_courier_templates_verification_valid_email_body_plaintext": { "description": "Configures the Ory Kratos Valid Verification Email Body Plaintext Template\n\nThis governs the \"courier.smtp.templates.recovery.valid.email.body.plaintext\" setting.", "type": "string" }, "kratos_courier_templates_verification_valid_email_subject": { "description": "Configures the Ory Kratos Valid Verification Email Subject Template\n\nThis governs the \"courier.smtp.templates.verification.valid.email.subject\" setting.", "type": "string" }, "kratos_identity_schemas": { "$ref": "#/components/schemas/projectRevisionIdentitySchemas" }, "kratos_secrets_cipher": { "$ref": "#/components/schemas/StringSliceJSONFormat" }, "kratos_secrets_cookie": { "$ref": "#/components/schemas/StringSliceJSONFormat" }, "kratos_secrets_default": { "$ref": "#/components/schemas/StringSliceJSONFormat" }, "kratos_selfservice_allowed_return_urls": { "$ref": "#/components/schemas/StringSliceJSONFormat" }, "kratos_selfservice_default_browser_return_url": { "description": "Configures the Ory Kratos Default Return URL\n\nThis governs the \"selfservice.allowed_return_urls\" setting.", "type": "string" }, "kratos_selfservice_flows_error_ui_url": { "description": "Configures the Ory Kratos Error UI URL\n\nThis governs the \"selfservice.flows.error.ui_url\" setting.", "type": "string" }, "kratos_selfservice_flows_hooks": { "$ref": "#/components/schemas/projectRevisionHooks" }, "kratos_selfservice_flows_login_after_default_browser_return_url": { "description": "Configures the Ory Kratos Login Default Return URL\n\nThis governs the \"selfservice.flows.login.after.default_browser_return_url\" setting.", "type": "string" }, "kratos_selfservice_flows_login_after_oidc_default_browser_return_url": { "description": "Configures the Ory Kratos Login After OIDC Default Return URL\n\nThis governs the \"selfservice.flows.login.after.oidc.default_browser_return_url\" setting.", "type": "string" }, "kratos_selfservice_flows_login_after_password_default_browser_return_url": { "description": "Configures the Ory Kratos Login After Password Default Return URL\n\nThis governs the \"selfservice.flows.login.after.password.default_browser_return_url\" setting.", "type": "string" }, "kratos_selfservice_flows_login_after_webauthn_default_browser_return_url": { "description": "Configures the Ory Kratos Login After WebAuthn Default Return URL\n\nThis governs the \"selfservice.flows.login.after.webauthn.default_browser_return_url\" setting.", "type": "string" }, "kratos_selfservice_flows_login_lifespan": { "description": "Configures the Ory Kratos Login Lifespan\n\nThis governs the \"selfservice.flows.login.lifespan\" setting.", "type": "string" }, "kratos_selfservice_flows_login_ui_url": { "description": "Configures the Ory Kratos Login UI URL\n\nThis governs the \"selfservice.flows.login.ui_url\" setting.", "type": "string" }, "kratos_selfservice_flows_logout_after_default_browser_return_url": { "description": "Configures the Ory Kratos Logout Default Return URL\n\nThis governs the \"selfservice.flows.logout.after.default_browser_return_url\" setting.", "type": "string" }, "kratos_selfservice_flows_recovery_after_default_browser_return_url": { "description": "Configures the Ory Kratos Recovery Default Return URL\n\nThis governs the \"selfservice.flows.recovery.after.default_browser_return_url\" setting.", "type": "string" }, "kratos_selfservice_flows_recovery_enabled": { "description": "Configures the Ory Kratos Recovery Enabled Setting\n\nThis governs the \"selfservice.flows.recovery.enabled\" setting.", "type": "boolean" }, "kratos_selfservice_flows_recovery_lifespan": { "description": "Configures the Ory Kratos Recovery Lifespan\n\nThis governs the \"selfservice.flows.recovery.lifespan\" setting.", "type": "string" }, "kratos_selfservice_flows_recovery_ui_url": { "description": "Configures the Ory Kratos Recovery UI URL\n\nThis governs the \"selfservice.flows.recovery.ui_url\" setting.", "type": "string" }, "kratos_selfservice_flows_registration_after_default_browser_return_url": { "description": "Configures the Ory Kratos Registration Default Return URL\n\nThis governs the \"selfservice.flows.registration.after.default_browser_return_url\" setting.", "type": "string" }, "kratos_selfservice_flows_registration_after_oidc_default_browser_return_url": { "description": "Configures the Ory Kratos Registration After OIDC Default Return URL\n\nThis governs the \"selfservice.flows.registration.after.oidc.default_browser_return_url\" setting.", "type": "string" }, "kratos_selfservice_flows_registration_after_password_default_browser_return_url": { "description": "Configures the Ory Kratos Registration After Password Default Return URL\n\nThis governs the \"selfservice.flows.registration.after.password.default_browser_return_url\" setting.", "type": "string" }, "kratos_selfservice_flows_registration_after_webauthn_default_browser_return_url": { "description": "Configures the Ory Kratos Registration After Password Default Return URL\n\nThis governs the \"selfservice.flows.registration.after.password.default_browser_return_url\" setting.", "type": "string" }, "kratos_selfservice_flows_registration_enabled": { "$ref": "#/components/schemas/nullBool" }, "kratos_selfservice_flows_registration_lifespan": { "description": "Configures the Ory Kratos Registration Lifespan\n\nThis governs the \"selfservice.flows.registration.lifespan\" setting.", "type": "string" }, "kratos_selfservice_flows_registration_ui_url": { "description": "Configures the Ory Kratos Registration UI URL\n\nThis governs the \"selfservice.flows.registration.ui_url\" setting.", "type": "string" }, "kratos_selfservice_flows_settings_after_default_browser_return_url": { "description": "Configures the Ory Kratos Settings Default Return URL\n\nThis governs the \"selfservice.flows.settings.after.default_browser_return_url\" setting.", "type": "string" }, "kratos_selfservice_flows_settings_after_password_default_browser_return_url": { "description": "Configures the Ory Kratos Settings Default Return URL After Updating Passwords\n\nThis governs the \"selfservice.flows.settings.after.password.default_browser_return_url\" setting.", "type": "string" }, "kratos_selfservice_flows_settings_after_profile_default_browser_return_url": { "description": "Configures the Ory Kratos Settings Default Return URL After Updating Profiles\n\nThis governs the \"selfservice.flows.settings.after.profile.default_browser_return_url\" setting.", "type": "string" }, "kratos_selfservice_flows_settings_lifespan": { "description": "Configures the Ory Kratos Settings Lifespan\n\nThis governs the \"selfservice.flows.settings.lifespan\" setting.", "type": "string" }, "kratos_selfservice_flows_settings_privileged_session_max_age": { "description": "Configures the Ory Kratos Settings Privileged Session Max Age\n\nThis governs the \"selfservice.flows.settings.privileged_session_max_age\" setting.", "type": "string" }, "kratos_selfservice_flows_settings_required_aal": { "description": "Configures the Ory Kratos Settings Required AAL\n\nThis governs the \"selfservice.flows.settings.required_aal\" setting.", "type": "string" }, "kratos_selfservice_flows_settings_ui_url": { "description": "Configures the Ory Kratos Settings UI URL\n\nThis governs the \"selfservice.flows.settings.ui_url\" setting.", "type": "string" }, "kratos_selfservice_flows_verification_after_default_browser_return_url": { "description": "Configures the Ory Kratos Verification Default Return URL\n\nThis governs the \"selfservice.flows.verification.after.default_browser_return_url\" setting.", "type": "string" }, "kratos_selfservice_flows_verification_enabled": { "description": "Configures the Ory Kratos Verification Enabled Setting\n\nThis governs the \"selfservice.flows.verification.enabled\" setting.", "type": "boolean" }, "kratos_selfservice_flows_verification_lifespan": { "description": "Configures the Ory Kratos Verification Lifespan\n\nThis governs the \"selfservice.flows.verification.lifespan\" setting.", "type": "string" }, "kratos_selfservice_flows_verification_ui_url": { "description": "Configures the Ory Kratos Verification UI URL\n\nThis governs the \"selfservice.flows.verification.ui_url\" setting.", "type": "string" }, "kratos_selfservice_methods_link_config_base_url": { "description": "Configures the Base URL which Recovery, Verification, and Login Links Point to\n\nIt is recommended to leave this value empty. It will be appropriately configured to the best matching domain\n(e.g. when using custom domains) automatically.\n\nThis governs the \"selfservice.methods.link.config.base_url\" setting.", "type": "string" }, "kratos_selfservice_methods_link_config_lifespan": { "description": "Configures whether Ory Kratos Link Method is enabled\n\nThis governs the \"selfservice.methods.link.config.lifespan\" setting.", "type": "string" }, "kratos_selfservice_methods_link_enabled": { "$ref": "#/components/schemas/nullBool" }, "kratos_selfservice_methods_lookup_secret_enabled": { "$ref": "#/components/schemas/nullBool" }, "kratos_selfservice_methods_oidc_config_base_redirect_uri": { "description": "Configures the Ory Kratos Third Party / OpenID Connect base redirect URI\n\nThis governs the \"selfservice.methods.oidc.config.base_redirect_uri\" setting.", "type": "string" }, "kratos_selfservice_methods_oidc_config_providers": { "$ref": "#/components/schemas/projectRevisionThirdPartyLoginProviders" }, "kratos_selfservice_methods_oidc_enabled": { "description": "Configures whether Ory Kratos Third Party / OpenID Connect Login is enabled\n\nThis governs the \"selfservice.methods.oidc.enabled\" setting.", "type": "boolean" }, "kratos_selfservice_methods_password_config_haveibeenpwned_enabled": { "$ref": "#/components/schemas/nullBool" }, "kratos_selfservice_methods_password_config_identifier_similarity_check_enabled": { "$ref": "#/components/schemas/nullBool" }, "kratos_selfservice_methods_password_config_ignore_network_errors": { "$ref": "#/components/schemas/nullBool" }, "kratos_selfservice_methods_password_config_max_breaches": { "description": "Configures Ory Kratos Password Max Breaches Detection\n\nThis governs the \"selfservice.methods.password.config.max_breaches\" setting.", "format": "int64", "type": "integer" }, "kratos_selfservice_methods_password_config_min_password_length": { "description": "Configures the minimum length of passwords.\n\nThis governs the \"selfservice.methods.password.config.min_password_length\" setting.", "format": "int64", "type": "integer" }, "kratos_selfservice_methods_password_enabled": { "$ref": "#/components/schemas/nullBool" }, "kratos_selfservice_methods_profile_enabled": { "$ref": "#/components/schemas/nullBool" }, "kratos_selfservice_methods_totp_config_issuer": { "description": "Configures Ory Kratos TOTP Issuer\n\nThis governs the \"selfservice.methods.totp.config.issuer\" setting.", "type": "string" }, "kratos_selfservice_methods_totp_enabled": { "$ref": "#/components/schemas/nullBool" }, "kratos_selfservice_methods_webauthn_config_passwordless": { "description": "Configures whether Ory Kratos Webauthn is used for passwordless flows\n\nThis governs the \"selfservice.methods.webauthn.config.passwordless\" setting.", "type": "boolean" }, "kratos_selfservice_methods_webauthn_config_rp_display_name": { "description": "Configures the Ory Kratos Webauthn RP Display Name\n\nThis governs the \"selfservice.methods.webauthn.config.rp.display_name\" setting.", "type": "string" }, "kratos_selfservice_methods_webauthn_config_rp_icon": { "description": "Configures the Ory Kratos Webauthn RP Icon\n\nThis governs the \"selfservice.methods.webauthn.config.rp.icon\" setting.", "type": "string" }, "kratos_selfservice_methods_webauthn_config_rp_id": { "description": "Configures the Ory Kratos Webauthn RP ID\n\nThis governs the \"selfservice.methods.webauthn.config.rp.id\" setting.", "type": "string" }, "kratos_selfservice_methods_webauthn_config_rp_origin": { "description": "Configures the Ory Kratos Webauthn RP Origin\n\nThis governs the \"selfservice.methods.webauthn.config.rp.origin\" setting.", "type": "string" }, "kratos_selfservice_methods_webauthn_enabled": { "$ref": "#/components/schemas/nullBool" }, "kratos_session_cookie_persistent": { "$ref": "#/components/schemas/nullBool" }, "kratos_session_cookie_same_site": { "description": "Configures the Ory Kratos Session Cookie SameSite Attribute\n\nThis governs the \"session.cookie.same_site\" setting.", "type": "string" }, "kratos_session_lifespan": { "description": "Configures the Ory Kratos Session Lifespan\n\nThis governs the \"session.lifespan\" setting.", "type": "string" }, "kratos_session_whoami_required_aal": { "description": "Configures the Ory Kratos Session Whoami AAL requirement\n\nThis governs the \"session.whoami.required_aal\" setting.", "type": "string" }, "name": { "description": "The project's name.", "type": "string" }, "project_id": { "$ref": "#/components/schemas/UUID" }, "updated_at": { "description": "Last Time Project's Revision was Updated", "format": "date-time", "readOnly": true, "type": "string" } }, "required": [ "name" ], "type": "object" }, "normalizedProjectRevisionHook": { "properties": { "config_key": { "description": "The Hooks Config Key", "type": "string" }, "created_at": { "description": "The Project's Revision Creation Date", "format": "date-time", "readOnly": true, "type": "string" }, "hook": { "description": "The Hook Type", "type": "string" }, "id": { "$ref": "#/components/schemas/UUID" }, "project_revision_id": { "$ref": "#/components/schemas/UUID" }, "updated_at": { "description": "Last Time Project's Revision was Updated", "format": "date-time", "readOnly": true, "type": "string" }, "web_hook_config_auth_api_key_in": { "description": "Whether to send the API Key in the HTTP Header or as a HTTP Cookie", "example": "header", "type": "string" }, "web_hook_config_auth_api_key_name": { "description": "The name of the api key", "example": "X-API-Key", "type": "string" }, "web_hook_config_auth_api_key_value": { "description": "The value of the api key", "example": "eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ", "type": "string" }, "web_hook_config_auth_basic_auth_password": { "description": "The password to be sent in the HTTP Basic Auth Header", "type": "string" }, "web_hook_config_auth_basic_auth_user": { "description": "The username to be sent in the HTTP Basic Auth Header", "type": "string" }, "web_hook_config_auth_type": { "description": "HTTP Auth Method to use for the Web-Hook", "type": "string" }, "web_hook_config_body": { "description": "URI pointing to the JsonNet template used for Web-Hook payload generation. Only used for those HTTP methods, which support HTTP body payloads.", "example": "base64://ZnVuY3Rpb24oY3R4KSB7CiAgaWRlbnRpdHlfaWQ6IGlmIGN0eFsiaWRlbnRpdHkiXSAhPSBudWxsIHRoZW4gY3R4LmlkZW50aXR5LmlkLAp9=", "type": "string" }, "web_hook_config_method": { "description": "The HTTP method to use (GET, POST, etc) for the Web-Hook", "example": "POST", "type": "string" }, "web_hook_config_response_ignore": { "description": "Whether to ignore the Web Hook response", "type": "boolean" }, "web_hook_config_url": { "description": "The URL the Web-Hook should call", "example": "https://www.example.org/web-hook-listener", "type": "string" } }, "required": [ "config_key", "hook" ], "type": "object" }, "normalizedProjectRevisionIdentitySchema": { "properties": { "created_at": { "description": "The Project's Revision Creation Date", "format": "date-time", "readOnly": true, "type": "string" }, "id": { "$ref": "#/components/schemas/UUID" }, "identity_schema": { "$ref": "#/components/schemas/identitySchema" }, "identity_schema_id": { "$ref": "#/components/schemas/NullUUID" }, "import_id": { "description": "The imported (named) ID of the Identity Schema referenced in the Ory Kratos config.", "type": "string" }, "import_url": { "description": "The ImportURL can be used to import an Identity Schema from a bse64 encoded string.\nIn the future, this key also support HTTPS and other sources!\n\nIf you import an Ory Kratos configuration, this would be akin to the `identity.schemas.#.url` key.\n\nThe configuration will always return the import URL when you fetch it from the API.", "example": "base64://ey...", "type": "string" }, "is_default": { "description": "If true sets the default schema for identities\n\nOnly one schema can ever be the default schema. If you\ntry to add two schemas with default to true, the\nrequest will fail.", "type": "boolean" }, "preset": { "description": "Use a preset instead of a custom identity schema.", "type": "string" }, "project_revision_id": { "$ref": "#/components/schemas/UUID" }, "updated_at": { "description": "Last Time Project's Revision was Updated", "format": "date-time", "readOnly": true, "type": "string" } }, "type": "object" }, "normalizedProjectRevisionIdentitySchemas": { "items": { "$ref": "#/components/schemas/normalizedProjectRevisionIdentitySchema" }, "type": "array" }, "normalizedProjectRevisionThirdPartyProvider": { "properties": { "apple_private_key": { "$ref": "#/components/schemas/String" }, "apple_private_key_id": { "description": "Apple Private Key Identifier\n\nSign In with Apple Private Key Identifier needed for generating a JWT token for client secret", "example": "UX56C66723", "type": "string" }, "apple_team_id": { "description": "Apple Developer Team ID\n\nApple Developer Team ID needed for generating a JWT token for client secret", "example": "KP76DQS54M", "type": "string" }, "auth_url": { "description": "AuthURL is the authorize url, typically something like: https://example.org/oauth2/auth\nShould only be used when the OAuth2 / OpenID Connect server is not supporting OpenID Connect Discovery and when\n`provider` is set to `generic`.", "example": "https://www.googleapis.com/oauth2/v2/auth", "type": "string" }, "azure_tenant": { "description": "Tenant is the Azure AD Tenant to use for authentication, and must be set when `provider` is set to `microsoft`.\n\nCan be either `common`, `organizations`, `consumers` for a multitenant application or a specific tenant like\n`8eaef023-2b34-4da1-9baa-8bc8c9d6a490` or `contoso.onmicrosoft.com`.", "example": "contoso.onmicrosoft.com", "type": "string" }, "client_id": { "description": "ClientID is the application's Client ID.", "type": "string" }, "client_secret": { "$ref": "#/components/schemas/String" }, "created_at": { "description": "The Project's Revision Creation Date", "format": "date-time", "readOnly": true, "type": "string" }, "id": { "$ref": "#/components/schemas/UUID" }, "issuer_url": { "description": "IssuerURL is the OpenID Connect Server URL. You can leave this empty if `provider` is not set to `generic`.\nIf set, neither `auth_url` nor `token_url` are required.", "example": "https://accounts.google.com", "type": "string" }, "label": { "description": "Label represents an optional label which can be used in the UI generation.", "type": "string" }, "mapper_url": { "description": "Mapper specifies the JSONNet code snippet which uses the OpenID Connect Provider's data (e.g. GitHub or Google\nprofile information) to hydrate the identity's data.\n\nIt can be either a URL (file://, http(s)://, base64://) or an inline JSONNet code snippet.", "type": "string" }, "project_revision_id": { "$ref": "#/components/schemas/UUID" }, "provider": { "description": "Provider is either \"generic\" for a generic OAuth 2.0 / OpenID Connect Provider or one of:\ngeneric\ngoogle\ngithub\ngitlab\nmicrosoft\ndiscord\nslack\nfacebook\nvk\nyandex\napple", "example": "google", "type": "string" }, "provider_id": { "description": "ID is the provider's ID", "type": "string" }, "requested_claims": { "$ref": "#/components/schemas/JSONRawMessage" }, "scope": { "$ref": "#/components/schemas/StringSliceJSONFormat" }, "token_url": { "description": "TokenURL is the token url, typically something like: https://example.org/oauth2/token\n\nShould only be used when the OAuth2 / OpenID Connect server is not supporting OpenID Connect Discovery and when\n`provider` is set to `generic`.", "example": "https://www.googleapis.com/oauth2/v4/token", "type": "string" }, "updated_at": { "description": "Last Time Project's Revision was Updated", "format": "date-time", "readOnly": true, "type": "string" } }, "type": "object" }, "normalizedProjects": { "items": { "$ref": "#/components/schemas/normalizedProject" }, "type": "array" }, "nullBool": { "nullable": true, "type": "boolean" }, "nullJsonRawMessage": { "description": "NullJSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger and is NULLable-", "type": "object" }, "nullTime": { "format": "date-time", "title": "NullTime implements sql.NullTime functionality.", "type": "string" }, "pagination": { "properties": { "page": { "default": 1, "description": "Pagination Page\n\nThis value is currently an integer, but it is not sequential. The value is not the page number, but a\nreference. The next page can be any number and some numbers might return an empty list.\n\nFor example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist.", "format": "int64", "minimum": 1, "type": "integer" }, "per_page": { "default": 250, "description": "Items per Page\n\nThis is the number of items per page.", "format": "int64", "maximum": 1000, "minimum": 1, "type": "integer" } }, "type": "object" }, "project": { "properties": { "id": { "$ref": "#/components/schemas/UUID" }, "name": { "description": "The name of the project.", "type": "string" }, "revision_id": { "$ref": "#/components/schemas/UUID" }, "services": { "$ref": "#/components/schemas/projectServices" }, "slug": { "description": "The project's slug", "readOnly": true, "type": "string" }, "state": { "description": "The state of the project.\nrunning Running\nhalted Halted", "enum": [ "running", "halted" ], "readOnly": true, "type": "string", "x-go-enum-desc": "running Running\nhalted Halted" } }, "required": [ "id", "revision_id", "slug", "services", "state", "name" ], "type": "object" }, "projectHost": { "properties": { "host": { "description": "The project's host.", "type": "string" }, "id": { "$ref": "#/components/schemas/UUID" }, "project_id": { "$ref": "#/components/schemas/UUID" } }, "required": [ "id", "host", "project_id" ], "type": "object" }, "projectInvite": { "properties": { "created_at": { "description": "The Project's Revision Creation Date", "format": "date-time", "readOnly": true, "type": "string" }, "id": { "$ref": "#/components/schemas/UUID" }, "invitee_email": { "description": "The invitee's email", "type": "string" }, "invitee_id": { "$ref": "#/components/schemas/NullUUID" }, "owner_email": { "description": "The invite owner's email\nUsually the project's owner email", "type": "string" }, "owner_id": { "$ref": "#/components/schemas/UUID" }, "project_id": { "$ref": "#/components/schemas/UUID" }, "status": { "description": "The invite's status\nKeeps track of the invites status such as pending, accepted, declined, expired", "type": "string" }, "updated_at": { "description": "Last Time Project's Revision was Updated", "format": "date-time", "readOnly": true, "type": "string" } }, "required": [ "id", "project_id", "owner_id", "owner_email", "invitee_email", "status", "created_at", "updated_at" ], "type": "object" }, "projectInvites": { "items": { "$ref": "#/components/schemas/projectInvite" }, "type": "array" }, "projectMember": { "$ref": "#/components/schemas/cloudAccount" }, "projectMembers": { "items": { "$ref": "#/components/schemas/projectMember" }, "type": "array" }, "projectMetadata": { "properties": { "created_at": { "description": "The Project's Creation Date", "format": "date-time", "type": "string" }, "hosts": { "$ref": "#/components/schemas/StringSliceJSONFormat" }, "id": { "$ref": "#/components/schemas/UUID" }, "name": { "description": "The project's name if set", "type": "string" }, "slug": { "description": "The project's slug", "readOnly": true, "type": "string" }, "state": { "description": "The state of the project.\nrunning Running\nhalted Halted", "enum": [ "running", "halted" ], "type": "string", "x-go-enum-desc": "running Running\nhalted Halted" }, "subscription_id": { "$ref": "#/components/schemas/NullUUID" }, "updated_at": { "description": "Last Time Project was Updated", "format": "date-time", "type": "string" } }, "required": [ "id", "hosts", "state", "created_at", "updated_at", "name" ], "type": "object" }, "projectMetadataList": { "items": { "$ref": "#/components/schemas/projectMetadata" }, "type": "array" }, "projectRevisionHooks": { "items": { "$ref": "#/components/schemas/normalizedProjectRevisionHook" }, "type": "array" }, "projectRevisionIdentitySchemas": { "items": { "$ref": "#/components/schemas/normalizedProjectRevisionIdentitySchema" }, "type": "array" }, "projectRevisionThirdPartyLoginProviders": { "items": { "$ref": "#/components/schemas/normalizedProjectRevisionThirdPartyProvider" }, "type": "array" }, "projectRevisions": { "items": { "$ref": "#/components/schemas/normalizedProjectRevision" }, "type": "array" }, "projectServiceIdentity": { "properties": { "config": { "type": "object" } }, "required": [ "config" ], "type": "object" }, "projectServicePermission": { "properties": { "config": { "type": "object" } }, "required": [ "config" ], "type": "object" }, "projectServices": { "properties": { "identity": { "$ref": "#/components/schemas/projectServiceIdentity" }, "permission": { "$ref": "#/components/schemas/projectServicePermission" } }, "type": "object" }, "projects": { "items": { "$ref": "#/components/schemas/project" }, "type": "array" }, "provisionMockSubscriptionPayload": { "properties": { "identity_id": { "$ref": "#/components/schemas/UUID" }, "plan_or_price": { "type": "string" } }, "required": [ "plan_or_price", "identity_id" ], "type": "object" }, "revokedSessions": { "properties": { "count": { "description": "The number of sessions that were revoked.", "format": "int64", "type": "integer" } }, "type": "object" }, "schemaPatch": { "properties": { "data": { "description": "The json schema", "type": "object" }, "name": { "description": "The user defined schema name", "type": "string" } }, "required": [ "name", "data" ], "type": "object" }, "selfServiceBrowserLocationChangeRequiredError": { "properties": { "code": { "description": "The status code", "example": 404, "format": "int64", "type": "integer" }, "debug": { "description": "Debug information\n\nThis field is often not exposed to protect against leaking\nsensitive information.", "example": "SQL field \"foo\" is not a bool.", "type": "string" }, "details": { "additionalProperties": true, "description": "Further error details", "type": "object" }, "id": { "description": "The error ID\n\nUseful when trying to identify various errors in application logic.", "type": "string" }, "message": { "description": "Error message\n\nThe error's message.", "example": "The resource could not be found", "type": "string" }, "reason": { "description": "A human-readable reason for the error", "example": "User with ID 1234 does not exist.", "type": "string" }, "redirect_browser_to": { "description": "Since when the flow has expired", "type": "string" }, "request": { "description": "The request ID\n\nThe request ID is often exposed internally in order to trace\nerrors across service architectures. This is often a UUID.", "example": "d7ef54b1-ec15-46e6-bccb-524b82c035e6", "type": "string" }, "status": { "description": "The status description", "example": "Not Found", "type": "string" } }, "required": [ "message" ], "title": "Is sent when a flow requires a browser to change its location.", "type": "object" }, "selfServiceError": { "properties": { "created_at": { "description": "CreatedAt is a helper struct field for gobuffalo.pop.", "format": "date-time", "type": "string" }, "error": { "type": "object" }, "id": { "$ref": "#/components/schemas/UUID" }, "updated_at": { "description": "UpdatedAt is a helper struct field for gobuffalo.pop.", "format": "date-time", "type": "string" } }, "required": [ "id" ], "type": "object" }, "selfServiceFlowExpiredError": { "description": "Is sent when a flow is expired", "properties": { "code": { "description": "The status code", "example": 404, "format": "int64", "type": "integer" }, "debug": { "description": "Debug information\n\nThis field is often not exposed to protect against leaking\nsensitive information.", "example": "SQL field \"foo\" is not a bool.", "type": "string" }, "details": { "additionalProperties": true, "description": "Further error details", "type": "object" }, "id": { "description": "The error ID\n\nUseful when trying to identify various errors in application logic.", "type": "string" }, "message": { "description": "Error message\n\nThe error's message.", "example": "The resource could not be found", "type": "string" }, "reason": { "description": "A human-readable reason for the error", "example": "User with ID 1234 does not exist.", "type": "string" }, "request": { "description": "The request ID\n\nThe request ID is often exposed internally in order to trace\nerrors across service architectures. This is often a UUID.", "example": "d7ef54b1-ec15-46e6-bccb-524b82c035e6", "type": "string" }, "since": { "$ref": "#/components/schemas/Duration" }, "status": { "description": "The status description", "example": "Not Found", "type": "string" }, "use_flow_id": { "$ref": "#/components/schemas/UUID" } }, "required": [ "message" ], "type": "object" }, "selfServiceFlowType": { "description": "The flow type can either be `api` or `browser`.", "title": "Type is the flow type.", "type": "string" }, "selfServiceLoginFlow": { "description": "This object represents a login flow. A login flow is initiated at the \"Initiate Login API / Browser Flow\"\nendpoint by a client.\n\nOnce a login flow is completed successfully, a session cookie or session token will be issued.", "properties": { "active": { "$ref": "#/components/schemas/identityCredentialsType" }, "created_at": { "description": "CreatedAt is a helper struct field for gobuffalo.pop.", "format": "date-time", "type": "string" }, "expires_at": { "description": "ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to log in,\na new flow has to be initiated.", "format": "date-time", "type": "string" }, "id": { "$ref": "#/components/schemas/UUID" }, "issued_at": { "description": "IssuedAt is the time (UTC) when the flow started.", "format": "date-time", "type": "string" }, "refresh": { "description": "Refresh stores whether this login flow should enforce re-authentication.", "type": "boolean" }, "request_url": { "description": "RequestURL is the initial URL that was requested from Ory Kratos. It can be used\nto forward information contained in the URL's path or query for example.", "type": "string" }, "requested_aal": { "$ref": "#/components/schemas/authenticatorAssuranceLevel" }, "return_to": { "description": "ReturnTo contains the requested return_to URL.", "type": "string" }, "type": { "$ref": "#/components/schemas/selfServiceFlowType" }, "ui": { "$ref": "#/components/schemas/uiContainer" }, "updated_at": { "description": "UpdatedAt is a helper struct field for gobuffalo.pop.", "format": "date-time", "type": "string" } }, "required": [ "id", "type", "expires_at", "issued_at", "request_url", "ui" ], "title": "Login Flow", "type": "object" }, "selfServiceLogoutUrl": { "properties": { "logout_token": { "description": "LogoutToken can be used to perform logout using AJAX.", "type": "string" }, "logout_url": { "description": "LogoutURL can be opened in a browser to sign the user out.\n\nformat: uri", "type": "string" } }, "required": [ "logout_url", "logout_token" ], "type": "object" }, "selfServiceRecoveryFlow": { "description": "This request is used when an identity wants to recover their account.\n\nWe recommend reading the [Account Recovery Documentation](../self-service/flows/password-reset-account-recovery)", "properties": { "active": { "description": "Active, if set, contains the registration method that is being used. It is initially\nnot set.", "type": "string" }, "expires_at": { "description": "ExpiresAt is the time (UTC) when the request expires. If the user still wishes to update the setting,\na new request has to be initiated.", "format": "date-time", "type": "string" }, "id": { "$ref": "#/components/schemas/UUID" }, "issued_at": { "description": "IssuedAt is the time (UTC) when the request occurred.", "format": "date-time", "type": "string" }, "request_url": { "description": "RequestURL is the initial URL that was requested from Ory Kratos. It can be used\nto forward information contained in the URL's path or query for example.", "type": "string" }, "return_to": { "description": "ReturnTo contains the requested return_to URL.", "type": "string" }, "state": { "$ref": "#/components/schemas/selfServiceRecoveryFlowState" }, "type": { "$ref": "#/components/schemas/selfServiceFlowType" }, "ui": { "$ref": "#/components/schemas/uiContainer" } }, "required": [ "id", "type", "expires_at", "issued_at", "request_url", "ui", "state" ], "title": "A Recovery Flow", "type": "object" }, "selfServiceRecoveryFlowState": { "description": "The state represents the state of the recovery flow.\n\nchoose_method: ask the user to choose a method (e.g. recover account via email)\nsent_email: the email has been sent to the user\npassed_challenge: the request was successful and the recovery challenge was passed.", "enum": [ "choose_method", "sent_email", "passed_challenge" ], "title": "Recovery Flow State", "type": "string" }, "selfServiceRecoveryLink": { "properties": { "expires_at": { "description": "Recovery Link Expires At\n\nThe timestamp when the recovery link expires.", "format": "date-time", "type": "string" }, "recovery_link": { "description": "Recovery Link\n\nThis link can be used to recover the account.", "type": "string" } }, "required": [ "recovery_link" ], "type": "object" }, "selfServiceRegistrationFlow": { "properties": { "active": { "$ref": "#/components/schemas/identityCredentialsType" }, "expires_at": { "description": "ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to log in,\na new flow has to be initiated.", "format": "date-time", "type": "string" }, "id": { "$ref": "#/components/schemas/UUID" }, "issued_at": { "description": "IssuedAt is the time (UTC) when the flow occurred.", "format": "date-time", "type": "string" }, "request_url": { "description": "RequestURL is the initial URL that was requested from Ory Kratos. It can be used\nto forward information contained in the URL's path or query for example.", "type": "string" }, "return_to": { "description": "ReturnTo contains the requested return_to URL.", "type": "string" }, "type": { "$ref": "#/components/schemas/selfServiceFlowType" }, "ui": { "$ref": "#/components/schemas/uiContainer" } }, "required": [ "id", "type", "expires_at", "issued_at", "request_url", "ui" ], "type": "object" }, "selfServiceSettingsFlow": { "description": "This flow is used when an identity wants to update settings\n(e.g. profile data, passwords, ...) in a selfservice manner.\n\nWe recommend reading the [User Settings Documentation](../self-service/flows/user-settings)", "properties": { "active": { "description": "Active, if set, contains the registration method that is being used. It is initially\nnot set.", "type": "string" }, "expires_at": { "description": "ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to update the setting,\na new flow has to be initiated.", "format": "date-time", "type": "string" }, "id": { "$ref": "#/components/schemas/UUID" }, "identity": { "$ref": "#/components/schemas/identity" }, "issued_at": { "description": "IssuedAt is the time (UTC) when the flow occurred.", "format": "date-time", "type": "string" }, "request_url": { "description": "RequestURL is the initial URL that was requested from Ory Kratos. It can be used\nto forward information contained in the URL's path or query for example.", "type": "string" }, "return_to": { "description": "ReturnTo contains the requested return_to URL.", "type": "string" }, "state": { "$ref": "#/components/schemas/selfServiceSettingsFlowState" }, "type": { "$ref": "#/components/schemas/selfServiceFlowType" }, "ui": { "$ref": "#/components/schemas/uiContainer" } }, "required": [ "id", "type", "expires_at", "issued_at", "request_url", "ui", "identity", "state" ], "title": "Flow represents a Settings Flow", "type": "object" }, "selfServiceSettingsFlowState": { "description": "show_form: No user data has been collected, or it is invalid, and thus the form should be shown.\nsuccess: Indicates that the settings flow has been updated successfully with the provided data.\nDone will stay true when repeatedly checking. If set to true, done will revert back to false only\nwhen a flow with invalid (e.g. \"please use a valid phone number\") data was sent.", "enum": [ "show_form", "success" ], "title": "State represents the state of this flow. It knows two states:", "type": "string" }, "selfServiceVerificationFlow": { "description": "Used to verify an out-of-band communication\nchannel such as an email address or a phone number.\n\nFor more information head over to: https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation", "properties": { "active": { "description": "Active, if set, contains the registration method that is being used. It is initially\nnot set.", "type": "string" }, "expires_at": { "description": "ExpiresAt is the time (UTC) when the request expires. If the user still wishes to verify the address,\na new request has to be initiated.", "format": "date-time", "type": "string" }, "id": { "$ref": "#/components/schemas/UUID" }, "issued_at": { "description": "IssuedAt is the time (UTC) when the request occurred.", "format": "date-time", "type": "string" }, "request_url": { "description": "RequestURL is the initial URL that was requested from Ory Kratos. It can be used\nto forward information contained in the URL's path or query for example.", "type": "string" }, "return_to": { "description": "ReturnTo contains the requested return_to URL.", "type": "string" }, "state": { "$ref": "#/components/schemas/selfServiceVerificationFlowState" }, "type": { "$ref": "#/components/schemas/selfServiceFlowType" }, "ui": { "$ref": "#/components/schemas/uiContainer" } }, "required": [ "id", "type", "ui", "state" ], "title": "A Verification Flow", "type": "object" }, "selfServiceVerificationFlowState": { "description": "The state represents the state of the verification flow.\n\nchoose_method: ask the user to choose a method (e.g. recover account via email)\nsent_email: the email has been sent to the user\npassed_challenge: the request was successful and the recovery challenge was passed.", "enum": [ "choose_method", "sent_email", "passed_challenge" ], "title": "Verification Flow State", "type": "string" }, "session": { "description": "A Session", "properties": { "active": { "description": "Active state. If false the session is no longer active.", "type": "boolean" }, "authenticated_at": { "description": "The Session Authentication Timestamp\n\nWhen this session was authenticated at. If multi-factor authentication was used this\nis the time when the last factor was authenticated (e.g. the TOTP code challenge was completed).", "format": "date-time", "type": "string" }, "authentication_methods": { "$ref": "#/components/schemas/sessionAuthenticationMethods" }, "authenticator_assurance_level": { "$ref": "#/components/schemas/authenticatorAssuranceLevel" }, "expires_at": { "description": "The Session Expiry\n\nWhen this session expires at.", "format": "date-time", "type": "string" }, "id": { "$ref": "#/components/schemas/UUID" }, "identity": { "$ref": "#/components/schemas/identity" }, "issued_at": { "description": "The Session Issuance Timestamp\n\nWhen this session was issued at. Usually equal or close to `authenticated_at`.", "format": "date-time", "type": "string" } }, "required": [ "id", "identity" ], "type": "object" }, "sessionAuthenticationMethod": { "description": "A singular authenticator used during authentication / login.", "properties": { "aal": { "$ref": "#/components/schemas/authenticatorAssuranceLevel" }, "completed_at": { "description": "When the authentication challenge was completed.", "format": "date-time", "type": "string" }, "method": { "enum": [ "link_recovery", "password", "totp", "oidc", "webauthn", "lookup_secret", "v0.6_legacy_session" ], "title": "The method used", "type": "string" } }, "title": "AuthenticationMethod identifies an authentication method", "type": "object" }, "sessionAuthenticationMethods": { "description": "A list of authenticators which were used to authenticate the session.", "items": { "$ref": "#/components/schemas/sessionAuthenticationMethod" }, "title": "List of (Used) AuthenticationMethods", "type": "array" }, "sessionDevice": { "properties": { "user_agent": { "description": "UserAgent of this device", "type": "string" } }, "type": "object" }, "sessionList": { "items": { "$ref": "#/components/schemas/session" }, "type": "array" }, "settingsProfileFormConfig": { "properties": { "action": { "description": "Action should be used as the form action URL `\u003cform action=\"{{ .Action }}\" method=\"post\"\u003e`.", "type": "string" }, "messages": { "$ref": "#/components/schemas/uiTexts" }, "method": { "description": "Method is the form method (e.g. POST)", "type": "string" }, "nodes": { "$ref": "#/components/schemas/uiNodes" } }, "required": [ "action", "method", "nodes" ], "type": "object" }, "stripeCustomerResponse": { "properties": { "id": { "type": "string" } }, "type": "object" }, "subject": { "type": "object" }, "submitSelfServiceFlowWithWebAuthnRegistrationMethod": { "properties": { "webauthn_register": { "description": "Register a WebAuthn Security Key\n\nIt is expected that the JSON returned by the WebAuthn registration process\nis included here.", "type": "string" }, "webauthn_register_displayname": { "description": "Name of the WebAuthn Security Key to be Added\n\nA human-readable name for the security key which will be added.", "type": "string" } }, "type": "object" }, "submitSelfServiceLoginFlowBody": { "discriminator": { "mapping": { "lookup_secret": "#/components/schemas/submitSelfServiceLoginFlowWithLookupSecretMethodBody", "oidc": "#/components/schemas/submitSelfServiceLoginFlowWithOidcMethodBody", "password": "#/components/schemas/submitSelfServiceLoginFlowWithPasswordMethodBody", "totp": "#/components/schemas/submitSelfServiceLoginFlowWithTotpMethodBody", "webauthn": "#/components/schemas/submitSelfServiceLoginFlowWithWebAuthnMethodBody" }, "propertyName": "method" }, "oneOf": [ { "$ref": "#/components/schemas/submitSelfServiceLoginFlowWithPasswordMethodBody" }, { "$ref": "#/components/schemas/submitSelfServiceLoginFlowWithOidcMethodBody" }, { "$ref": "#/components/schemas/submitSelfServiceLoginFlowWithTotpMethodBody" }, { "$ref": "#/components/schemas/submitSelfServiceLoginFlowWithWebAuthnMethodBody" }, { "$ref": "#/components/schemas/submitSelfServiceLoginFlowWithLookupSecretMethodBody" } ] }, "submitSelfServiceLoginFlowWithLookupSecretMethodBody": { "properties": { "csrf_token": { "description": "Sending the anti-csrf token is only required for browser login flows.", "type": "string" }, "lookup_secret": { "description": "The lookup secret.", "type": "string" }, "method": { "description": "Method should be set to \"lookup_secret\" when logging in using the lookup_secret strategy.", "type": "string" } }, "required": [ "method", "lookup_secret" ], "title": "submitSelfServiceLoginFlowWithLookupSecretMethodBody is used to decode the login form payload.", "type": "object" }, "submitSelfServiceLoginFlowWithOidcMethodBody": { "description": "SubmitSelfServiceLoginFlowWithOidcMethodBody is used to decode the login form payload\nwhen using the oidc method.", "properties": { "csrf_token": { "description": "The CSRF Token", "type": "string" }, "method": { "description": "Method to use\n\nThis field must be set to `oidc` when using the oidc method.", "type": "string" }, "provider": { "description": "The provider to register with", "type": "string" }, "traits": { "description": "The identity traits. This is a placeholder for the registration flow.", "type": "object" } }, "required": [ "provider", "method" ], "type": "object" }, "submitSelfServiceLoginFlowWithPasswordMethodBody": { "properties": { "csrf_token": { "description": "Sending the anti-csrf token is only required for browser login flows.", "type": "string" }, "identifier": { "description": "Identifier is the email or username of the user trying to log in.", "type": "string" }, "method": { "description": "Method should be set to \"password\" when logging in using the identifier and password strategy.", "type": "string" }, "password": { "description": "The user's password.", "type": "string" }, "password_identifier": { "description": "Identifier is the email or username of the user trying to log in.\nThis field is deprecated!", "type": "string" } }, "required": [ "method", "password", "identifier" ], "title": "submitSelfServiceLoginFlowWithPasswordMethodBody is used to decode the login form payload.", "type": "object" }, "submitSelfServiceLoginFlowWithTotpMethodBody": { "properties": { "csrf_token": { "description": "Sending the anti-csrf token is only required for browser login flows.", "type": "string" }, "method": { "description": "Method should be set to \"totp\" when logging in using the TOTP strategy.", "type": "string" }, "totp_code": { "description": "The TOTP code.", "type": "string" } }, "required": [ "method", "totp_code" ], "title": "submitSelfServiceLoginFlowWithTotpMethodBody is used to decode the login form payload.", "type": "object" }, "submitSelfServiceLoginFlowWithWebAuthnMethodBody": { "properties": { "csrf_token": { "description": "Sending the anti-csrf token is only required for browser login flows.", "type": "string" }, "identifier": { "description": "Identifier is the email or username of the user trying to log in.", "type": "string" }, "method": { "description": "Method should be set to \"webAuthn\" when logging in using the WebAuthn strategy.", "type": "string" }, "webauthn_login": { "description": "Login a WebAuthn Security Key\n\nThis must contain the ID of the WebAuthN connection.", "type": "string" } }, "required": [ "identifier", "method" ], "title": "submitSelfServiceLoginFlowWithWebAuthnMethodBody is used to decode the login form payload.", "type": "object" }, "submitSelfServiceLogoutFlowWithoutBrowserBody": { "description": "nolint:deadcode,unused", "properties": { "session_token": { "description": "The Session Token\n\nInvalidate this session token.", "type": "string" } }, "required": [ "session_token" ], "type": "object" }, "submitSelfServiceRecoveryFlowBody": { "discriminator": { "mapping": { "link": "#/components/schemas/submitSelfServiceRecoveryFlowWithLinkMethodBody" }, "propertyName": "method" }, "oneOf": [ { "$ref": "#/components/schemas/submitSelfServiceRecoveryFlowWithLinkMethodBody" } ] }, "submitSelfServiceRecoveryFlowWithLinkMethodBody": { "properties": { "csrf_token": { "description": "Sending the anti-csrf token is only required for browser login flows.", "type": "string" }, "email": { "description": "Email to Recover\n\nNeeds to be set when initiating the flow. If the email is a registered\nrecovery email, a recovery link will be sent. If the email is not known,\na email with details on what happened will be sent instead.\n\nformat: email", "type": "string" }, "method": { "description": "Method supports `link` only right now.", "type": "string" } }, "required": [ "email", "method" ], "type": "object" }, "submitSelfServiceRegistrationFlowBody": { "discriminator": { "mapping": { "oidc": "#/components/schemas/submitSelfServiceRegistrationFlowWithOidcMethodBody", "password": "#/components/schemas/submitSelfServiceRegistrationFlowWithPasswordMethodBody", "webauthn": "#/components/schemas/submitSelfServiceRegistrationFlowWithWebAuthnMethodBody" }, "propertyName": "method" }, "oneOf": [ { "$ref": "#/components/schemas/submitSelfServiceRegistrationFlowWithPasswordMethodBody" }, { "$ref": "#/components/schemas/submitSelfServiceRegistrationFlowWithOidcMethodBody" }, { "$ref": "#/components/schemas/submitSelfServiceRegistrationFlowWithWebAuthnMethodBody" } ] }, "submitSelfServiceRegistrationFlowWithOidcMethodBody": { "description": "SubmitSelfServiceRegistrationFlowWithOidcMethodBody is used to decode the registration form payload\nwhen using the oidc method.", "properties": { "csrf_token": { "description": "The CSRF Token", "type": "string" }, "method": { "description": "Method to use\n\nThis field must be set to `oidc` when using the oidc method.", "type": "string" }, "provider": { "description": "The provider to register with", "type": "string" }, "traits": { "description": "The identity traits", "type": "object" } }, "required": [ "provider", "method" ], "type": "object" }, "submitSelfServiceRegistrationFlowWithPasswordMethodBody": { "description": "SubmitSelfServiceRegistrationFlowWithPasswordMethodBody is used to decode the registration form payload\nwhen using the password method.", "properties": { "csrf_token": { "description": "The CSRF Token", "type": "string" }, "method": { "description": "Method to use\n\nThis field must be set to `password` when using the password method.", "type": "string" }, "password": { "description": "Password to sign the user up with", "type": "string" }, "traits": { "description": "The identity's traits", "type": "object" } }, "required": [ "password", "traits", "method" ], "type": "object" }, "submitSelfServiceRegistrationFlowWithWebAuthnMethodBody": { "properties": { "csrf_token": { "description": "CSRFToken is the anti-CSRF token", "type": "string" }, "method": { "description": "Method\n\nShould be set to \"webauthn\" when trying to add, update, or remove a webAuthn pairing.", "type": "string" }, "traits": { "description": "The identity's traits", "type": "object" }, "webauthn_register": { "description": "Register a WebAuthn Security Key\n\nIt is expected that the JSON returned by the WebAuthn registration process\nis included here.", "type": "string" }, "webauthn_register_displayname": { "description": "Name of the WebAuthn Security Key to be Added\n\nA human-readable name for the security key which will be added.", "type": "string" } }, "required": [ "traits", "method" ], "type": "object" }, "submitSelfServiceSettingsFlowBody": { "discriminator": { "mapping": { "lookup_secret": "#/components/schemas/submitSelfServiceSettingsFlowWithLookupMethodBody", "oidc": "#/components/schemas/submitSelfServiceSettingsFlowWithOidcMethodBody", "password": "#/components/schemas/submitSelfServiceSettingsFlowWithPasswordMethodBody", "profile": "#/components/schemas/submitSelfServiceSettingsFlowWithProfileMethodBody", "totp": "#/components/schemas/submitSelfServiceSettingsFlowWithTotpMethodBody", "webauthn": "#/components/schemas/submitSelfServiceSettingsFlowWithWebAuthnMethodBody" }, "propertyName": "method" }, "oneOf": [ { "$ref": "#/components/schemas/submitSelfServiceSettingsFlowWithPasswordMethodBody" }, { "$ref": "#/components/schemas/submitSelfServiceSettingsFlowWithProfileMethodBody" }, { "$ref": "#/components/schemas/submitSelfServiceSettingsFlowWithOidcMethodBody" }, { "$ref": "#/components/schemas/submitSelfServiceSettingsFlowWithOidcMethodBody" }, { "$ref": "#/components/schemas/submitSelfServiceSettingsFlowWithTotpMethodBody" }, { "$ref": "#/components/schemas/submitSelfServiceSettingsFlowWithWebAuthnMethodBody" }, { "$ref": "#/components/schemas/submitSelfServiceSettingsFlowWithLookupMethodBody" } ] }, "submitSelfServiceSettingsFlowWithLookupMethodBody": { "properties": { "csrf_token": { "description": "CSRFToken is the anti-CSRF token", "type": "string" }, "lookup_secret_confirm": { "description": "If set to true will save the regenerated lookup secrets", "type": "boolean" }, "lookup_secret_disable": { "description": "Disables this method if true.", "type": "boolean" }, "lookup_secret_regenerate": { "description": "If set to true will regenerate the lookup secrets", "type": "boolean" }, "lookup_secret_reveal": { "description": "If set to true will reveal the lookup secrets", "type": "boolean" }, "method": { "description": "Method\n\nShould be set to \"lookup\" when trying to add, update, or remove a lookup pairing.", "type": "string" } }, "required": [ "method" ], "type": "object" }, "submitSelfServiceSettingsFlowWithOidcMethodBody": { "description": "nolint:deadcode,unused", "properties": { "flow": { "description": "Flow ID is the flow's ID.\n\nin: query", "type": "string" }, "link": { "description": "Link this provider\n\nEither this or `unlink` must be set.\n\ntype: string\nin: body", "type": "string" }, "method": { "description": "Method\n\nShould be set to profile when trying to update a profile.", "type": "string" }, "traits": { "description": "The identity's traits\n\nin: body", "type": "object" }, "unlink": { "description": "Unlink this provider\n\nEither this or `link` must be set.\n\ntype: string\nin: body", "type": "string" } }, "required": [ "method" ], "type": "object" }, "submitSelfServiceSettingsFlowWithPasswordMethodBody": { "properties": { "csrf_token": { "description": "CSRFToken is the anti-CSRF token", "type": "string" }, "method": { "description": "Method\n\nShould be set to password when trying to update a password.", "type": "string" }, "password": { "description": "Password is the updated password", "type": "string" } }, "required": [ "password", "method" ], "type": "object" }, "submitSelfServiceSettingsFlowWithProfileMethodBody": { "description": "nolint:deadcode,unused", "properties": { "csrf_token": { "description": "The Anti-CSRF Token\n\nThis token is only required when performing browser flows.", "type": "string" }, "method": { "description": "Method\n\nShould be set to profile when trying to update a profile.", "type": "string" }, "traits": { "description": "Traits contains all of the identity's traits.", "type": "object" } }, "required": [ "traits", "method" ], "type": "object" }, "submitSelfServiceSettingsFlowWithTotpMethodBody": { "properties": { "csrf_token": { "description": "CSRFToken is the anti-CSRF token", "type": "string" }, "method": { "description": "Method\n\nShould be set to \"totp\" when trying to add, update, or remove a totp pairing.", "type": "string" }, "totp_code": { "description": "ValidationTOTP must contain a valid TOTP based on the", "type": "string" }, "totp_unlink": { "description": "UnlinkTOTP if true will remove the TOTP pairing,\neffectively removing the credential. This can be used\nto set up a new TOTP device.", "type": "boolean" } }, "required": [ "method" ], "type": "object" }, "submitSelfServiceSettingsFlowWithWebAuthnMethodBody": { "properties": { "csrf_token": { "description": "CSRFToken is the anti-CSRF token", "type": "string" }, "method": { "description": "Method\n\nShould be set to \"webauthn\" when trying to add, update, or remove a webAuthn pairing.", "type": "string" }, "webauthn_register": { "description": "Register a WebAuthn Security Key\n\nIt is expected that the JSON returned by the WebAuthn registration process\nis included here.", "type": "string" }, "webauthn_register_displayname": { "description": "Name of the WebAuthn Security Key to be Added\n\nA human-readable name for the security key which will be added.", "type": "string" }, "webauthn_remove": { "description": "Remove a WebAuthn Security Key\n\nThis must contain the ID of the WebAuthN connection.", "type": "string" } }, "required": [ "method" ], "type": "object" }, "submitSelfServiceVerificationFlowBody": { "description": "nolint:deadcode,unused", "discriminator": { "mapping": { "link": "#/components/schemas/submitSelfServiceVerificationFlowWithLinkMethodBody" }, "propertyName": "method" }, "oneOf": [ { "$ref": "#/components/schemas/submitSelfServiceVerificationFlowWithLinkMethodBody" } ] }, "submitSelfServiceVerificationFlowWithLinkMethodBody": { "properties": { "csrf_token": { "description": "Sending the anti-csrf token is only required for browser login flows.", "type": "string" }, "email": { "description": "Email to Verify\n\nNeeds to be set when initiating the flow. If the email is a registered\nverification email, a verification link will be sent. If the email is not known,\na email with details on what happened will be sent instead.\n\nformat: email", "type": "string" }, "method": { "description": "Method supports `link` only right now.", "type": "string" } }, "required": [ "email", "method" ], "type": "object" }, "subscription": { "properties": { "created_at": { "format": "date-time", "readOnly": true, "type": "string" }, "current_plan": { "description": "The currently active plan of the subscription\nunknown Unknown\nfree Free\nstart_up_monthly StartUpMonthly\nstart_up_yearly StartUpYearly\ncustom Custom", "enum": [ "unknown", "free", "start_up_monthly", "start_up_yearly", "custom" ], "readOnly": true, "type": "string", "x-go-enum-desc": "unknown Unknown\nfree Free\nstart_up_monthly StartUpMonthly\nstart_up_yearly StartUpYearly\ncustom Custom" }, "customer_id": { "description": "The ID of the stripe customer", "readOnly": true, "type": "string" }, "id": { "$ref": "#/components/schemas/UUID" }, "ongoing_stripe_checkout_id": { "$ref": "#/components/schemas/String" }, "payed_until": { "description": "Until when the subscription is payed", "format": "date-time", "readOnly": true, "type": "string" }, "plan_changes_at": { "$ref": "#/components/schemas/Time" }, "plan_changes_to": { "$ref": "#/components/schemas/NullPlan" }, "status": { "$ref": "#/components/schemas/SubscriptionStatus" }, "updated_at": { "format": "date-time", "readOnly": true, "type": "string" } }, "required": [ "id", "customer_id", "status", "payed_until", "current_plan", "plan_changes_to", "created_at", "updated_at" ], "type": "object" }, "successfulProjectUpdate": { "properties": { "project": { "$ref": "#/components/schemas/project" }, "warnings": { "description": "Import Warnings\n\nNot all configuration items can be imported to Ory Cloud. For example,\nsetting the port does not make sense because Ory Cloud provides the runtime\nand networking.\n\nThis field contains warnings where configuration keys were found but can not\nbe imported. These keys will be ignored by Ory Cloud. This field will help\nyou understand why certain configuration keys might not be respected!", "items": { "$ref": "#/components/schemas/Warning" }, "type": "array" } }, "required": [ "project", "warnings" ], "type": "object" }, "successfulSelfServiceLoginWithoutBrowser": { "description": "The Response for Login Flows via API", "properties": { "session": { "$ref": "#/components/schemas/session" }, "session_token": { "description": "The Session Token\n\nA session token is equivalent to a session cookie, but it can be sent in the HTTP Authorization\nHeader:\n\nAuthorization: bearer ${session-token}\n\nThe session token is only issued for API flows, not for Browser flows!", "type": "string" } }, "required": [ "session" ], "type": "object" }, "successfulSelfServiceRegistrationWithoutBrowser": { "description": "The Response for Registration Flows via API", "properties": { "identity": { "$ref": "#/components/schemas/identity" }, "session": { "$ref": "#/components/schemas/session" }, "session_token": { "description": "The Session Token\n\nThis field is only set when the session hook is configured as a post-registration hook.\n\nA session token is equivalent to a session cookie, but it can be sent in the HTTP Authorization\nHeader:\n\nAuthorization: bearer ${session-token}\n\nThe session token is only issued for API flows, not for Browser flows!", "type": "string" } }, "required": [ "identity" ], "type": "object" }, "tokenPagination": { "properties": { "page_size": { "default": 250, "description": "Items per page\n\nThis is the number of items per page to return.\nFor details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).", "format": "int64", "maximum": 1000, "minimum": 1, "type": "integer" }, "page_token": { "default": "1", "description": "Next Page Token\n\nThe next page token.\nFor details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).", "minimum": 1, "type": "string" } }, "type": "object" }, "tokenPaginationHeaders": { "properties": { "link": { "description": "The link header contains pagination links.\n\nFor details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).\n\nin: header", "type": "string" }, "x-total-count": { "description": "The total number of clients.\n\nin: header", "type": "string" } }, "type": "object" }, "uiContainer": { "description": "Container represents a HTML Form. The container can work with both HTTP Form and JSON requests", "properties": { "action": { "description": "Action should be used as the form action URL `\u003cform action=\"{{ .Action }}\" method=\"post\"\u003e`.", "type": "string" }, "messages": { "$ref": "#/components/schemas/uiTexts" }, "method": { "description": "Method is the form method (e.g. POST)", "type": "string" }, "nodes": { "$ref": "#/components/schemas/uiNodes" } }, "required": [ "action", "method", "nodes" ], "type": "object" }, "uiNode": { "description": "Nodes are represented as HTML elements or their native UI equivalents. For example,\na node can be an `\u003cimg\u003e` tag, or an `\u003cinput element\u003e` but also `some plain text`.", "properties": { "attributes": { "$ref": "#/components/schemas/uiNodeAttributes" }, "group": { "description": "Group specifies which group (e.g. password authenticator) this node belongs to.", "enum": [ "default", "password", "oidc", "profile", "link", "totp", "lookup_secret", "webauthn" ], "type": "string" }, "messages": { "$ref": "#/components/schemas/uiTexts" }, "meta": { "$ref": "#/components/schemas/uiNodeMeta" }, "type": { "description": "The node's type", "enum": [ "text", "input", "img", "a", "script" ], "type": "string" } }, "required": [ "type", "group", "attributes", "messages", "meta" ], "title": "Node represents a flow's nodes", "type": "object" }, "uiNodeAnchorAttributes": { "properties": { "href": { "description": "The link's href (destination) URL.\n\nformat: uri", "type": "string" }, "id": { "description": "A unique identifier", "type": "string" }, "node_type": { "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"a\".", "type": "string" }, "title": { "$ref": "#/components/schemas/uiText" } }, "required": [ "href", "title", "id", "node_type" ], "title": "AnchorAttributes represents the attributes of an anchor node.", "type": "object" }, "uiNodeAttributes": { "discriminator": { "mapping": { "a": "#/components/schemas/uiNodeAnchorAttributes", "img": "#/components/schemas/uiNodeImageAttributes", "input": "#/components/schemas/uiNodeInputAttributes", "script": "#/components/schemas/uiNodeScriptAttributes", "text": "#/components/schemas/uiNodeTextAttributes" }, "propertyName": "node_type" }, "oneOf": [ { "$ref": "#/components/schemas/uiNodeInputAttributes" }, { "$ref": "#/components/schemas/uiNodeTextAttributes" }, { "$ref": "#/components/schemas/uiNodeImageAttributes" }, { "$ref": "#/components/schemas/uiNodeAnchorAttributes" }, { "$ref": "#/components/schemas/uiNodeScriptAttributes" } ], "title": "Attributes represents a list of attributes (e.g. `href=\"foo\"` for links)." }, "uiNodeImageAttributes": { "properties": { "height": { "description": "Height of the image", "format": "int64", "type": "integer" }, "id": { "description": "A unique identifier", "type": "string" }, "node_type": { "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"img\".", "type": "string" }, "src": { "description": "The image's source URL.\n\nformat: uri", "type": "string" }, "width": { "description": "Width of the image", "format": "int64", "type": "integer" } }, "required": [ "src", "id", "width", "height", "node_type" ], "title": "ImageAttributes represents the attributes of an image node.", "type": "object" }, "uiNodeInputAttributes": { "description": "InputAttributes represents the attributes of an input node", "properties": { "autocomplete": { "description": "The autocomplete attribute for the input.", "enum": [ "email", "tel", "url", "current-password", "new-password", "one-time-code" ], "type": "string" }, "disabled": { "description": "Sets the input's disabled field to true or false.", "type": "boolean" }, "label": { "$ref": "#/components/schemas/uiText" }, "name": { "description": "The input's element name.", "type": "string" }, "node_type": { "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"input\".", "type": "string" }, "onclick": { "description": "OnClick may contain javascript which should be executed on click. This is primarily\nused for WebAuthn.", "type": "string" }, "pattern": { "description": "The input's pattern.", "type": "string" }, "required": { "description": "Mark this input field as required.", "type": "boolean" }, "type": { "description": "The input's element type.", "enum": [ "text", "password", "number", "checkbox", "hidden", "email", "tel", "submit", "button", "datetime-local", "date", "url" ], "type": "string" }, "value": { "description": "The input's value.", "nullable": true } }, "required": [ "name", "type", "disabled", "node_type" ], "type": "object" }, "uiNodeMeta": { "description": "This might include a label and other information that can optionally\nbe used to render UIs.", "properties": { "label": { "$ref": "#/components/schemas/uiText" } }, "title": "A Node's Meta Information", "type": "object" }, "uiNodeScriptAttributes": { "properties": { "async": { "description": "The script async type", "type": "boolean" }, "crossorigin": { "description": "The script cross origin policy", "type": "string" }, "id": { "description": "A unique identifier", "type": "string" }, "integrity": { "description": "The script's integrity hash", "type": "string" }, "node_type": { "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"script\".", "type": "string" }, "nonce": { "description": "Nonce for CSP\n\nA nonce you may want to use to improve your Content Security Policy.\nYou do not have to use this value but if you want to improve your CSP\npolicies you may use it. You can also choose to use your own nonce value!", "type": "string" }, "referrerpolicy": { "description": "The script referrer policy", "type": "string" }, "src": { "description": "The script source", "type": "string" }, "type": { "description": "The script MIME type", "type": "string" } }, "required": [ "src", "async", "referrerpolicy", "crossorigin", "integrity", "type", "id", "nonce", "node_type" ], "title": "ScriptAttributes represent script nodes which load javascript.", "type": "object" }, "uiNodeTextAttributes": { "properties": { "id": { "description": "A unique identifier", "type": "string" }, "node_type": { "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"text\".", "type": "string" }, "text": { "$ref": "#/components/schemas/uiText" } }, "required": [ "text", "id", "node_type" ], "title": "TextAttributes represents the attributes of a text node.", "type": "object" }, "uiNodes": { "items": { "$ref": "#/components/schemas/uiNode" }, "type": "array" }, "uiText": { "properties": { "context": { "description": "The message's context. Useful when customizing messages.", "type": "object" }, "id": { "$ref": "#/components/schemas/ID" }, "text": { "description": "The message text. Written in american english.", "type": "string" }, "type": { "$ref": "#/components/schemas/uiTextType" } }, "required": [ "id", "text", "type" ], "type": "object" }, "uiTextType": { "type": "string" }, "uiTexts": { "items": { "$ref": "#/components/schemas/uiText" }, "type": "array" }, "updateCustomHostnameBody": { "properties": { "cookie_domain": { "description": "The domain where cookies will be set. Has to be a parent domain of the custom hostname to work.", "type": "string" }, "cors_allowed_origins": { "description": "CORS Allowed origins for the custom hostname.", "items": { "type": "string" }, "type": "array" }, "cors_enabled": { "description": "CORS Enabled for the custom hostname.", "type": "boolean" }, "hostname": { "description": "The custom hostname where the API will be exposed.", "type": "string" } }, "type": "object" }, "updateProject": { "properties": { "name": { "description": "The name of the project.", "type": "string" }, "services": { "$ref": "#/components/schemas/projectServices" } }, "required": [ "services", "name" ], "type": "object" }, "verifiableIdentityAddress": { "description": "VerifiableAddress is an identity's verifiable address", "properties": { "created_at": { "description": "When this entry was created", "example": "2014-01-01T23:28:56.782Z", "format": "date-time", "type": "string" }, "id": { "$ref": "#/components/schemas/UUID" }, "status": { "$ref": "#/components/schemas/identityVerifiableAddressStatus" }, "updated_at": { "description": "When this entry was last updated", "example": "2014-01-01T23:28:56.782Z", "format": "date-time", "type": "string" }, "value": { "description": "The address value\n\nexample foo@user.com", "type": "string" }, "verified": { "description": "Indicates if the address has already been verified", "example": true, "type": "boolean" }, "verified_at": { "$ref": "#/components/schemas/nullTime" }, "via": { "$ref": "#/components/schemas/identityVerifiableAddressType" } }, "required": [ "value", "verified", "via", "status" ], "type": "object" }, "version": { "properties": { "version": { "description": "Version is the service's version.", "type": "string" } }, "type": "object" }, "webAuthnJavaScript": { "type": "string" } }, "securitySchemes": { "oryAccessToken": { "scheme": "bearer", "type": "http" } } }, "info": { "contact": { "email": "support@ory.sh", "name": "API Support" }, "description": "Documentation for all public and administrative Ory APIs. Administrative APIs can only be accessed\nwith a valid Personal Access Token. Public APIs are mostly used in browsers.\n", "license": { "name": "Apache 2.0", "url": "https://www.apache.org/licenses/LICENSE-2.0.html" }, "termsOfService": "/ptos", "title": "Ory APIs", "version": "latest" }, "openapi": "3.0.3", "paths": { "/.well-known/ory/webauthn.js": { "get": { "description": "This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration.\n\nIf you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you will need to load this file:\n\n```html\n\u003cscript src=\"https://public-kratos.example.org/.well-known/ory/webauthn.js\" type=\"script\" async /\u003e\n```\n\nMore information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).", "operationId": "getWebAuthnJavaScript", "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/webAuthnJavaScript" } } }, "description": "webAuthnJavaScript" } }, "summary": "Get WebAuthn JavaScript", "tags": [ "v0alpha2" ] } }, "/admin/identities": { "get": { "description": "Lists all identities. Does not support search at the moment.\n\nLearn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).", "operationId": "adminListIdentities", "parameters": [ { "description": "Items per Page\n\nThis is the number of items per page.", "in": "query", "name": "per_page", "schema": { "default": 250, "format": "int64", "maximum": 1000, "minimum": 1, "type": "integer" } }, { "description": "Pagination Page\n\nThis value is currently an integer, but it is not sequential. The value is not the page number, but a\nreference. The next page can be any number and some numbers might return an empty list.\n\nFor example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist.", "in": "query", "name": "page", "schema": { "default": 1, "format": "int64", "minimum": 1, "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/identityList" } } }, "description": "identityList" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "security": [ { "oryAccessToken": [] } ], "summary": "List Identities", "tags": [ "v0alpha2" ] }, "post": { "description": "This endpoint creates an identity. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).", "operationId": "adminCreateIdentity", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/adminCreateIdentityBody" } } }, "x-originalParamName": "Body" }, "responses": { "201": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/identity" } } }, "description": "identity" }, "400": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "409": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "security": [ { "oryAccessToken": [] } ], "summary": "Create an Identity", "tags": [ "v0alpha2" ] } }, "/admin/identities/{id}": { "delete": { "description": "Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone.\nThis endpoint returns 204 when the identity was deleted or when the identity was not found, in which case it is\nassumed that is has been deleted already.\n\nLearn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).", "operationId": "adminDeleteIdentity", "parameters": [ { "description": "ID is the identity's ID.", "in": "path", "name": "id", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "$ref": "#/components/responses/emptyResponse" }, "404": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "security": [ { "oryAccessToken": [] } ], "summary": "Delete an Identity", "tags": [ "v0alpha2" ] }, "get": { "description": "Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).", "operationId": "adminGetIdentity", "parameters": [ { "description": "ID must be set to the ID of identity you want to get", "in": "path", "name": "id", "required": true, "schema": { "type": "string" } }, { "description": "DeclassifyCredentials will declassify one or more identity's credentials\n\nCurrently, only `oidc` is supported. This will return the initial OAuth 2.0 Access,\nRefresh and (optionally) OpenID Connect ID Token.", "in": "query", "name": "include_credential", "schema": { "items": { "type": "string" }, "type": "array" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/identity" } } }, "description": "identity" }, "404": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "security": [ { "oryAccessToken": [] } ], "summary": "Get an Identity", "tags": [ "v0alpha2" ] }, "patch": { "description": "NOTE: The fields `id`, `stateChangedAt` and `credentials` are not updateable.\n\nLearn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).", "operationId": "adminPatchIdentity", "parameters": [ { "description": "ID must be set to the ID of identity you want to update", "in": "path", "name": "id", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonPatchDocument" } } }, "x-originalParamName": "Body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/identity" } } }, "description": "identity" }, "400": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "404": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "409": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "security": [ { "oryAccessToken": [] } ], "summary": "Partially updates an Identity's field using [JSON Patch](https://jsonpatch.com/)", "tags": [ "v0alpha2" ] }, "put": { "description": "This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching.\n\nLearn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).", "operationId": "adminUpdateIdentity", "parameters": [ { "description": "ID must be set to the ID of identity you want to update", "in": "path", "name": "id", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AdminUpdateIdentityBody" } } }, "x-originalParamName": "Body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/identity" } } }, "description": "identity" }, "400": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "404": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "409": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "security": [ { "oryAccessToken": [] } ], "summary": "Update an Identity", "tags": [ "v0alpha2" ] } }, "/admin/identities/{id}/sessions": { "delete": { "description": "This endpoint is useful for:\n\nTo forcefully logout Identity from all devices and sessions", "operationId": "adminDeleteIdentitySessions", "parameters": [ { "description": "ID is the identity's ID.", "in": "path", "name": "id", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "$ref": "#/components/responses/emptyResponse" }, "400": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "401": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "404": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "security": [ { "oryAccessToken": [] } ], "summary": "Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity.", "tags": [ "v0alpha2" ] }, "get": { "description": "This endpoint is useful for:\n\nListing all sessions that belong to an Identity in an administrative context.", "operationId": "adminListIdentitySessions", "parameters": [ { "description": "ID is the identity's ID.", "in": "path", "name": "id", "required": true, "schema": { "type": "string" } }, { "description": "Items per Page\n\nThis is the number of items per page.", "in": "query", "name": "per_page", "schema": { "default": 250, "format": "int64", "maximum": 1000, "minimum": 1, "type": "integer" } }, { "description": "Pagination Page\n\nThis value is currently an integer, but it is not sequential. The value is not the page number, but a\nreference. The next page can be any number and some numbers might return an empty list.\n\nFor example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist.", "in": "query", "name": "page", "schema": { "default": 1, "format": "int64", "minimum": 1, "type": "integer" } }, { "description": "Active is a boolean flag that filters out sessions based on the state. If no value is provided, all sessions are returned.", "in": "query", "name": "active", "schema": { "type": "boolean" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/sessionList" } } }, "description": "sessionList" }, "400": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "401": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "404": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "security": [ { "oryAccessToken": [] } ], "summary": "This endpoint returns all sessions that belong to the given Identity.", "tags": [ "v0alpha2" ] } }, "/admin/recovery/link": { "post": { "description": "This endpoint creates a recovery link which should be given to the user in order for them to recover\n(or activate) their account.", "operationId": "adminCreateSelfServiceRecoveryLink", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/adminCreateSelfServiceRecoveryLinkBody" } } }, "x-originalParamName": "Body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/selfServiceRecoveryLink" } } }, "description": "selfServiceRecoveryLink" }, "400": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "404": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "security": [ { "oryAccessToken": [] } ], "summary": "Create a Recovery Link", "tags": [ "v0alpha2" ] } }, "/admin/relation-tuples": { "delete": { "description": "Use this endpoint to delete relation tuples", "operationId": "deleteRelationTuples", "parameters": [ { "description": "Namespace of the Relation Tuple", "in": "query", "name": "namespace", "schema": { "type": "string" } }, { "description": "Object of the Relation Tuple", "in": "query", "name": "object", "schema": { "type": "string" } }, { "description": "Relation of the Relation Tuple", "in": "query", "name": "relation", "schema": { "type": "string" } }, { "description": "SubjectID of the Relation Tuple", "in": "query", "name": "subject_id", "schema": { "type": "string" } }, { "description": "Namespace of the Subject Set", "in": "query", "name": "subject_set.namespace", "schema": { "type": "string" } }, { "description": "Object of the Subject Set", "in": "query", "name": "subject_set.object", "schema": { "type": "string" } }, { "description": "Relation of the Subject Set", "in": "query", "name": "subject_set.relation", "schema": { "type": "string" } } ], "responses": { "204": { "$ref": "#/components/responses/emptyResponse" }, "400": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" } }, "security": [ { "oryAccessToken": [] } ], "summary": "Delete Relation Tuples", "tags": [ "write" ] }, "patch": { "description": "Use this endpoint to patch one or more relation tuples.", "operationId": "patchRelationTuples", "requestBody": { "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/PatchDelta" }, "type": "array" } } }, "x-originalParamName": "Payload" }, "responses": { "204": { "$ref": "#/components/responses/emptyResponse" }, "400": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" }, "404": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" } }, "security": [ { "oryAccessToken": [] } ], "summary": "Patch Multiple Relation Tuples", "tags": [ "write" ] }, "put": { "description": "Use this endpoint to create a relation tuple.", "operationId": "createRelationTuple", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/RelationQuery" } } }, "x-originalParamName": "Payload" }, "responses": { "201": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/RelationQuery" } } }, "description": "RelationQuery" }, "400": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" } }, "security": [ { "oryAccessToken": [] } ], "summary": "Create a Relation Tuple", "tags": [ "write" ] } }, "/admin/sessions/{id}/extend": { "patch": { "description": "Retrieve the session ID from the `/sessions/whoami` endpoint / `toSession` SDK method.", "operationId": "adminExtendSession", "parameters": [ { "description": "ID is the session's ID.", "in": "path", "name": "id", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/session" } } }, "description": "session" }, "400": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "404": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "security": [ { "oryAccessToken": [] } ], "summary": "Calling this endpoint extends the given session ID. If `session.earliest_possible_extend` is set it\nwill only extend the session after the specified time has passed.", "tags": [ "v0alpha2" ] } }, "/health/alive": { "get": { "description": "This endpoint returns a HTTP 200 status code when Ory Kratos is accepting incoming\nHTTP requests. This status does currently not include checks whether the database connection is working.\n\nIf the service supports TLS Edge Termination, this endpoint does not require the\n`X-Forwarded-Proto` header to be set.\n\nBe aware that if you are running multiple nodes of this service, the health status will never\nrefer to the cluster state, only to a single instance.", "operationId": "isAlive", "responses": { "200": { "content": { "application/json": { "schema": { "properties": { "status": { "description": "Always \"ok\".", "type": "string" } }, "required": [ "status" ], "type": "object" } } }, "description": "Ory Kratos is ready to accept connections." }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" } }, "security": [ { "oryAccessToken": [] } ], "summary": "Check HTTP Server Status", "tags": [ "metadata" ] } }, "/health/ready": { "get": { "description": "This endpoint returns a HTTP 200 status code when Ory Kratos is up running and the environment dependencies (e.g.\nthe database) are responsive as well.\n\nIf the service supports TLS Edge Termination, this endpoint does not require the\n`X-Forwarded-Proto` header to be set.\n\nBe aware that if you are running multiple nodes of Ory Kratos, the health status will never\nrefer to the cluster state, only to a single instance.", "operationId": "isReady", "responses": { "200": { "content": { "application/json": { "schema": { "properties": { "status": { "description": "Always \"ok\".", "type": "string" } }, "required": [ "status" ], "type": "object" } } }, "description": "Ory Kratos is ready to accept requests." }, "503": { "content": { "application/json": { "schema": { "properties": { "errors": { "additionalProperties": { "type": "string" }, "description": "Errors contains a list of errors that caused the not ready status.", "type": "object" } }, "required": [ "errors" ], "type": "object" } } }, "description": "Ory Kratos is not yet ready to accept requests." } }, "security": [ { "oryAccessToken": [] } ], "summary": "Check HTTP Server and Database Status", "tags": [ "metadata" ] } }, "/projects": { "get": { "description": "Lists all projects you have access to.", "operationId": "listProjects", "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/projectMetadataList" } } }, "description": "projectMetadataList" }, "401": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" }, "403": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" }, "404": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" }, "default": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" } }, "security": [ { "oryAccessToken": [] } ], "summary": "List All Projects", "tags": [ "v0alpha2" ] }, "post": { "description": "Creates a new project.", "operationId": "createProject", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/createProjectBody" } } }, "x-originalParamName": "Body" }, "responses": { "201": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/project" } } }, "description": "project" }, "401": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" }, "403": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" }, "404": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" }, "default": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" } }, "security": [ { "oryAccessToken": [] } ], "summary": "Create a Project", "tags": [ "v0alpha2" ] } }, "/projects/{project_id}": { "delete": { "description": "!! Use with extreme caution !!\n\nUsing this API endpoint you can purge (completely delete) a project and its data.\nThis action can not be undone and will delete ALL your data.\n\n!! Use with extreme caution !!", "operationId": "purgeProject", "parameters": [ { "description": "Project ID\n\nThe project's ID.", "in": "path", "name": "project_id", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "$ref": "#/components/responses/emptyResponse" }, "401": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" }, "403": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" }, "404": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" }, "default": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" } }, "security": [ { "oryAccessToken": [] } ], "summary": "Irrecoverably Purge a Project", "tags": [ "v0alpha2" ] }, "get": { "description": "Get a projects you have access to by its ID.", "operationId": "getProject", "parameters": [ { "description": "Project ID\n\nThe project's ID.", "in": "path", "name": "project_id", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/project" } } }, "description": "project" }, "401": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" }, "403": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" }, "404": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" }, "default": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" } }, "security": [ { "oryAccessToken": [] } ], "summary": "Get a Project", "tags": [ "v0alpha2" ] }, "patch": { "description": "Deprecated: Use the `patchProjectWithRevision` endpoint instead to specify the exact revision the patch was generated for.\n\nThis endpoints allows you to patch individual Ory Cloud Project configuration keys for\nOry's services (identity, permission, ...). The configuration format is fully compatible\nwith the open source projects for the respective services (e.g. Ory Kratos for Identity, Ory Keto for Permissions).\n\nThis endpoint expects the `version` key to be set in the payload. If it is unset, it\nwill try to import the config as if it is from the most recent version.\n\nIf you have an older version of a configuration, you should set the version key in the payload!\n\nWhile this endpoint is able to process all configuration items related to features (e.g. password reset),\nit does not support operational configuration items (e.g. port, tracing, logging) otherwise available in the\nopen source.\n\nFor configuration items that can not be translated to Ory Cloud, this endpoint will return a list of warnings\nto help you understand which parts of your config could not be processed.", "operationId": "patchProject", "parameters": [ { "description": "Project ID\n\nThe project's ID.", "in": "path", "name": "project_id", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/jsonPatch" }, "type": "array" } } }, "x-originalParamName": "Body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/successfulProjectUpdate" } } }, "description": "successfulProjectUpdate" }, "400": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" }, "401": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" }, "403": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" }, "404": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" }, "default": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" } }, "security": [ { "oryAccessToken": [] } ], "summary": "Patch an Ory Cloud Project Configuration`", "tags": [ "v0alpha2" ] }, "put": { "description": "This endpoints allows you to update the Ory Cloud Project configuration for\nindividual services (identity, permission, ...). The configuration is fully compatible\nwith the open source projects for the respective services (e.g. Ory Kratos for Identity, Ory Keto for Permissions).\n\nThis endpoint expects the `version` key to be set in the payload. If it is unset, it\nwill try to import the config as if it is from the most recent version.\n\nIf you have an older version of a configuration, you should set the version key in the payload!\n\nWhile this endpoint is able to process all configuration items related to features (e.g. password reset),\nit does not support operational configuration items (e.g. port, tracing, logging) otherwise available in the\nopen source.\n\nFor configuration items that can not be translated to Ory Cloud, this endpoint will return a list of warnings\nto help you understand which parts of your config could not be processed.\n\nBe aware that updating any service's configuration will completely override your current configuration for that\nservice!", "operationId": "updateProject", "parameters": [ { "description": "Project ID\n\nThe project's ID.", "in": "path", "name": "project_id", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/updateProject" } } }, "x-originalParamName": "Body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/successfulProjectUpdate" } } }, "description": "successfulProjectUpdate" }, "400": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" }, "401": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" }, "403": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" }, "404": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" }, "default": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" } }, "security": [ { "oryAccessToken": [] } ], "summary": "Update an Ory Cloud Project Configuration", "tags": [ "v0alpha2" ] } }, "/projects/{project_id}/members": { "get": { "description": "This endpoint requires the user to be a member of the project with the role `OWNER` or `DEVELOPER`.", "operationId": "getProjectMembers", "parameters": [ { "description": "Project ID\n\nThe project's ID.", "in": "path", "name": "project_id", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/projectMembers" } } }, "description": "projectMembers" }, "401": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" }, "406": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" } }, "security": [ { "oryAccessToken": [] } ], "summary": "Get all members associated with this project.", "tags": [ "v0alpha2" ] } }, "/projects/{project_id}/members/{member_id}": { "delete": { "description": "This endpoint requires the user to be a member of the project with the role `OWNER`.", "operationId": "removeProjectMember", "parameters": [ { "description": "Project ID\n\nThe project's ID.", "in": "path", "name": "project_id", "required": true, "schema": { "type": "string" } }, { "description": "Member ID", "in": "path", "name": "member_id", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "$ref": "#/components/responses/emptyResponse" }, "400": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" }, "401": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" }, "406": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" } }, "security": [ { "oryAccessToken": [] } ], "summary": "Remove a member associated with this project. This also sets their invite status to `REMOVED`.", "tags": [ "v0alpha2" ] } }, "/relation-tuples": { "get": { "description": "Get all relation tuples that match the query. Only the namespace field is required.", "operationId": "getRelationTuples", "parameters": [ { "in": "query", "name": "page_token", "schema": { "type": "string" } }, { "in": "query", "name": "page_size", "schema": { "format": "int64", "type": "integer" } }, { "description": "Namespace of the Relation Tuple", "in": "query", "name": "namespace", "schema": { "type": "string" } }, { "description": "Object of the Relation Tuple", "in": "query", "name": "object", "schema": { "type": "string" } }, { "description": "Relation of the Relation Tuple", "in": "query", "name": "relation", "schema": { "type": "string" } }, { "description": "SubjectID of the Relation Tuple", "in": "query", "name": "subject_id", "schema": { "type": "string" } }, { "description": "Namespace of the Subject Set", "in": "query", "name": "subject_set.namespace", "schema": { "type": "string" } }, { "description": "Object of the Subject Set", "in": "query", "name": "subject_set.object", "schema": { "type": "string" } }, { "description": "Relation of the Subject Set", "in": "query", "name": "subject_set.relation", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/getRelationTuplesResponse" } } }, "description": "getRelationTuplesResponse" }, "404": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" } }, "security": [ { "oryAccessToken": [] } ], "summary": "Query relation tuples", "tags": [ "read" ] } }, "/relation-tuples/check": { "get": { "description": "To learn how relation tuples and the check works, head over to [the documentation](../concepts/relation-tuples.mdx).", "operationId": "getCheckMirrorStatus", "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/getCheckResponse" } } }, "description": "getCheckResponse" }, "400": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" }, "403": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/getCheckResponse" } } }, "description": "getCheckResponse" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" } }, "security": [ { "oryAccessToken": [] } ], "summary": "Check a relation tuple", "tags": [ "read" ] }, "post": { "description": "To learn how relation tuples and the check works, head over to [the documentation](../concepts/relation-tuples.mdx).", "operationId": "postCheckMirrorStatus", "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/getCheckResponse" } } }, "description": "getCheckResponse" }, "400": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" }, "403": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/getCheckResponse" } } }, "description": "getCheckResponse" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" } }, "security": [ { "oryAccessToken": [] } ], "summary": "Check a relation tuple", "tags": [ "read" ] } }, "/relation-tuples/check/openapi": { "get": { "description": "To learn how relation tuples and the check works, head over to [the documentation](../concepts/relation-tuples.mdx).", "operationId": "getCheck", "parameters": [ { "description": "Namespace of the Relation Tuple", "in": "query", "name": "namespace", "schema": { "type": "string" } }, { "description": "Object of the Relation Tuple", "in": "query", "name": "object", "schema": { "type": "string" } }, { "description": "Relation of the Relation Tuple", "in": "query", "name": "relation", "schema": { "type": "string" } }, { "description": "SubjectID of the Relation Tuple", "in": "query", "name": "subject_id", "schema": { "type": "string" } }, { "description": "Namespace of the Subject Set", "in": "query", "name": "subject_set.namespace", "schema": { "type": "string" } }, { "description": "Object of the Subject Set", "in": "query", "name": "subject_set.object", "schema": { "type": "string" } }, { "description": "Relation of the Subject Set", "in": "query", "name": "subject_set.relation", "schema": { "type": "string" } }, { "in": "query", "name": "max-depth", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/getCheckResponse" } } }, "description": "getCheckResponse" }, "400": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" } }, "security": [ { "oryAccessToken": [] } ], "summary": "Check a relation tuple", "tags": [ "read" ] }, "post": { "description": "To learn how relation tuples and the check works, head over to [the documentation](../concepts/relation-tuples.mdx).", "operationId": "postCheck", "parameters": [ { "in": "query", "name": "max-depth", "schema": { "format": "int64", "type": "integer" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/RelationQuery" } } }, "x-originalParamName": "Payload" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/getCheckResponse" } } }, "description": "getCheckResponse" }, "400": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" } }, "security": [ { "oryAccessToken": [] } ], "summary": "Check a relation tuple", "tags": [ "read" ] } }, "/relation-tuples/expand": { "get": { "description": "Use this endpoint to expand a relation tuple.", "operationId": "getExpand", "parameters": [ { "description": "Namespace of the Subject Set", "in": "query", "name": "namespace", "required": true, "schema": { "type": "string" } }, { "description": "Object of the Subject Set", "in": "query", "name": "object", "required": true, "schema": { "type": "string" } }, { "description": "Relation of the Subject Set", "in": "query", "name": "relation", "required": true, "schema": { "type": "string" } }, { "in": "query", "name": "max-depth", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/expandTree" } } }, "description": "expandTree" }, "400": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" }, "404": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/genericError" } } }, "description": "genericError" } }, "security": [ { "oryAccessToken": [] } ], "summary": "Expand a Relation Tuple", "tags": [ "read" ] } }, "/schemas": { "get": { "description": "Get all Identity Schemas", "operationId": "listIdentitySchemas", "parameters": [ { "description": "Items per Page\n\nThis is the number of items per page.", "in": "query", "name": "per_page", "schema": { "default": 250, "format": "int64", "maximum": 1000, "minimum": 1, "type": "integer" } }, { "description": "Pagination Page\n\nThis value is currently an integer, but it is not sequential. The value is not the page number, but a\nreference. The next page can be any number and some numbers might return an empty list.\n\nFor example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist.", "in": "query", "name": "page", "schema": { "default": 1, "format": "int64", "minimum": 1, "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/identitySchemas" } } }, "description": "identitySchemas" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "tags": [ "v0alpha2" ] } }, "/schemas/{id}": { "get": { "description": "Get a JSON Schema", "operationId": "getIdentitySchema", "parameters": [ { "description": "ID must be set to the ID of schema you want to get", "in": "path", "name": "id", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/identitySchema" } } }, "description": "identitySchema" }, "404": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "tags": [ "v0alpha2" ] } }, "/self-service/errors": { "get": { "description": "This endpoint returns the error associated with a user-facing self service errors.\n\nThis endpoint supports stub values to help you implement the error UI:\n\n`?id=stub:500` - returns a stub 500 (Internal Server Error) error.\n\nMore information can be found at [Ory Kratos User User Facing Error Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-facing-errors).", "operationId": "getSelfServiceError", "parameters": [ { "description": "Error is the error's ID", "in": "query", "name": "id", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/selfServiceError" } } }, "description": "selfServiceError" }, "403": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "404": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "summary": "Get Self-Service Errors", "tags": [ "v0alpha2" ] } }, "/self-service/login": { "post": { "description": ":::info\n\nThis endpoint is EXPERIMENTAL and subject to potential breaking changes in the future.\n\n:::\n\nUse this endpoint to complete a login flow. This endpoint\nbehaves differently for API and browser flows.\n\nAPI flows expect `application/json` to be sent in the body and responds with\nHTTP 200 and a application/json body with the session token on success;\nHTTP 410 if the original flow expired with the appropriate error messages set and optionally a `use_flow_id` parameter in the body;\nHTTP 400 on form validation errors.\n\nBrowser flows expect a Content-Type of `application/x-www-form-urlencoded` or `application/json` to be sent in the body and respond with\na HTTP 303 redirect to the post/after login URL or the `return_to` value if it was set and if the login succeeded;\na HTTP 303 redirect to the login UI URL with the flow ID containing the validation errors otherwise.\n\nBrowser flows with an accept header of `application/json` will not redirect but instead respond with\nHTTP 200 and a application/json body with the signed in identity and a `Set-Cookie` header on success;\nHTTP 303 redirect to a fresh login flow if the original flow expired with the appropriate error messages set;\nHTTP 400 on form validation errors.\n\nIf this endpoint is called with `Accept: application/json` in the header, the response contains the flow without a redirect. In the\ncase of an error, the `error.id` of the JSON response body can be one of:\n\n`session_already_available`: The user is already signed in.\n`security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred.\n`security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration!\n`browser_location_change_required`: Usually sent when an AJAX request indicates that the browser needs to open a specific URL.\nMost likely used in Social Sign In flows.\n\nMore information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).", "operationId": "submitSelfServiceLoginFlow", "parameters": [ { "description": "The Login Flow ID\n\nThe value for this parameter comes from `flow` URL Query parameter sent to your\napplication (e.g. `/login?flow=abcde`).", "in": "query", "name": "flow", "required": true, "schema": { "type": "string" } }, { "description": "The Session Token of the Identity performing the settings flow.", "in": "header", "name": "X-Session-Token", "schema": { "type": "string" } }, { "description": "HTTP Cookies\n\nWhen using the SDK in a browser app, on the server side you must include the HTTP Cookie Header\nsent by the client to your server here. This ensures that CSRF and session cookies are respected.", "in": "header", "name": "Cookie", "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/submitSelfServiceLoginFlowBody" } }, "application/x-www-form-urlencoded": { "schema": { "$ref": "#/components/schemas/submitSelfServiceLoginFlowBody" } } }, "required": true, "x-originalParamName": "Body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/successfulSelfServiceLoginWithoutBrowser" } } }, "description": "successfulSelfServiceLoginWithoutBrowser" }, "303": { "$ref": "#/components/responses/emptyResponse" }, "400": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/selfServiceLoginFlow" } } }, "description": "selfServiceLoginFlow" }, "410": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "422": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/selfServiceBrowserLocationChangeRequiredError" } } }, "description": "selfServiceBrowserLocationChangeRequiredError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "summary": "Submit a Login Flow", "tags": [ "v0alpha2" ] } }, "/self-service/login/api": { "get": { "description": "This endpoint initiates a login flow for API clients that do not use a browser, such as mobile devices, smart TVs, and so on.\n\nIf a valid provided session cookie or session token is provided, a 400 Bad Request error\nwill be returned unless the URL query parameter `?refresh=true` is set.\n\nTo fetch an existing login flow call `/self-service/login/flows?flow=\u003cflow_id\u003e`.\n\nYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\nPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\nyou vulnerable to a variety of CSRF attacks, including CSRF login attacks.\n\nIn the case of an error, the `error.id` of the JSON response body can be one of:\n\n`session_already_available`: The user is already signed in.\n`session_aal1_required`: Multi-factor auth (e.g. 2fa) was requested but the user has no session yet.\n`security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred.\n\nThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\n\nMore information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).", "operationId": "initializeSelfServiceLoginFlowWithoutBrowser", "parameters": [ { "description": "Refresh a login session\n\nIf set to true, this will refresh an existing login session by\nasking the user to sign in again. This will reset the\nauthenticated_at time of the session.", "in": "query", "name": "refresh", "schema": { "type": "boolean" } }, { "description": "Request a Specific AuthenticationMethod Assurance Level\n\nUse this parameter to upgrade an existing session's authenticator assurance level (AAL). This\nallows you to ask for multi-factor authentication. When an identity sign in using e.g. username+password,\nthe AAL is 1. If you wish to \"upgrade\" the session's security by asking the user to perform TOTP / WebAuth/ ...\nyou would set this to \"aal2\".", "in": "query", "name": "aal", "schema": { "type": "string" } }, { "description": "The Session Token of the Identity performing the settings flow.", "in": "header", "name": "X-Session-Token", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/selfServiceLoginFlow" } } }, "description": "selfServiceLoginFlow" }, "400": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "summary": "Initialize Login Flow for APIs, Services, Apps, ...", "tags": [ "v0alpha2" ] } }, "/self-service/login/browser": { "get": { "description": "This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate\ncookies and anti-CSRF measures required for browser-based flows.\n\nIf this endpoint is opened as a link in the browser, it will be redirected to\n`selfservice.flows.login.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session\nexists already, the browser will be redirected to `urls.default_redirect_url` unless the query parameter\n`?refresh=true` was set.\n\nIf this endpoint is called via an AJAX request, the response contains the flow without a redirect. In the\ncase of an error, the `error.id` of the JSON response body can be one of:\n\n`session_already_available`: The user is already signed in.\n`session_aal1_required`: Multi-factor auth (e.g. 2fa) was requested but the user has no session yet.\n`security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred.\n`security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration!\n\nThis endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.\n\nMore information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).", "operationId": "initializeSelfServiceLoginFlowForBrowsers", "parameters": [ { "description": "Refresh a login session\n\nIf set to true, this will refresh an existing login session by\nasking the user to sign in again. This will reset the\nauthenticated_at time of the session.", "in": "query", "name": "refresh", "schema": { "type": "boolean" } }, { "description": "Request a Specific AuthenticationMethod Assurance Level\n\nUse this parameter to upgrade an existing session's authenticator assurance level (AAL). This\nallows you to ask for multi-factor authentication. When an identity sign in using e.g. username+password,\nthe AAL is 1. If you wish to \"upgrade\" the session's security by asking the user to perform TOTP / WebAuth/ ...\nyou would set this to \"aal2\".", "in": "query", "name": "aal", "schema": { "type": "string" } }, { "description": "The URL to return the browser to after the flow was completed.", "in": "query", "name": "return_to", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/selfServiceLoginFlow" } } }, "description": "selfServiceLoginFlow" }, "303": { "$ref": "#/components/responses/emptyResponse" }, "400": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "summary": "Initialize Login Flow for Browsers", "tags": [ "v0alpha2" ] } }, "/self-service/login/flows": { "get": { "description": "This endpoint returns a login flow's context with, for example, error details and other information.\n\nBrowser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.\nFor AJAX requests you must ensure that cookies are included in the request or requests will fail.\n\nIf you use the browser-flow for server-side apps, the services need to run on a common top-level-domain\nand you need to forward the incoming HTTP Cookie header to this endpoint:\n\n```js\npseudo-code example\nrouter.get('/login', async function (req, res) {\nconst flow = await client.getSelfServiceLoginFlow(req.header('cookie'), req.query['flow'])\n\nres.render('login', flow)\n})\n```\n\nThis request may fail due to several reasons. The `error.id` can be one of:\n\n`session_already_available`: The user is already signed in.\n`self_service_flow_expired`: The flow is expired and you should request a new one.\n\nMore information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).", "operationId": "getSelfServiceLoginFlow", "parameters": [ { "description": "The Login Flow ID\n\nThe value for this parameter comes from `flow` URL Query parameter sent to your\napplication (e.g. `/login?flow=abcde`).", "in": "query", "name": "id", "required": true, "schema": { "type": "string" } }, { "description": "HTTP Cookies\n\nWhen using the SDK in a browser app, on the server side you must include the HTTP Cookie Header\nsent by the client to your server here. This ensures that CSRF and session cookies are respected.", "in": "header", "name": "Cookie", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/selfServiceLoginFlow" } } }, "description": "selfServiceLoginFlow" }, "403": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "404": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "410": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "summary": "Get Login Flow", "tags": [ "v0alpha2" ] } }, "/self-service/logout": { "get": { "description": "This endpoint logs out an identity in a self-service manner.\n\nIf the `Accept` HTTP header is not set to `application/json`, the browser will be redirected (HTTP 303 See Other)\nto the `return_to` parameter of the initial request or fall back to `urls.default_return_to`.\n\nIf the `Accept` HTTP header is set to `application/json`, a 204 No Content response\nwill be sent on successful logout instead.\n\nThis endpoint is NOT INTENDED for API clients and only works\nwith browsers (Chrome, Firefox, ...). For API clients you can\ncall the `/self-service/logout/api` URL directly with the Ory Session Token.\n\nMore information can be found at [Ory Kratos User Logout Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-logout).", "operationId": "submitSelfServiceLogoutFlow", "parameters": [ { "description": "A Valid Logout Token\n\nIf you do not have a logout token because you only have a session cookie,\ncall `/self-service/logout/browser` to generate a URL for this endpoint.", "in": "query", "name": "token", "schema": { "type": "string" } }, { "description": "The URL to return to after the logout was completed.", "in": "query", "name": "return_to", "schema": { "type": "string" } } ], "responses": { "204": { "$ref": "#/components/responses/emptyResponse" }, "303": { "$ref": "#/components/responses/emptyResponse" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "summary": "Complete Self-Service Logout", "tags": [ "v0alpha2" ] } }, "/self-service/logout/api": { "delete": { "description": "Use this endpoint to log out an identity using an Ory Session Token. If the Ory Session Token was successfully\nrevoked, the server returns a 204 No Content response. A 204 No Content response is also sent when\nthe Ory Session Token has been revoked already before.\n\nIf the Ory Session Token is malformed or does not exist a 403 Forbidden response will be returned.\n\nThis endpoint does not remove any HTTP\nCookies - use the Browser-Based Self-Service Logout Flow instead.", "operationId": "submitSelfServiceLogoutFlowWithoutBrowser", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/submitSelfServiceLogoutFlowWithoutBrowserBody" } } }, "required": true, "x-originalParamName": "Body" }, "responses": { "204": { "$ref": "#/components/responses/emptyResponse" }, "400": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "summary": "Perform Logout for APIs, Services, Apps, ...", "tags": [ "v0alpha2" ] } }, "/self-service/logout/browser": { "get": { "description": "This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user.\n\nThis endpoint is NOT INTENDED for API clients and only works\nwith browsers (Chrome, Firefox, ...). For API clients you can\ncall the `/self-service/logout/api` URL directly with the Ory Session Token.\n\nThe URL is only valid for the currently signed in user. If no user is signed in, this endpoint returns\na 401 error.\n\nWhen calling this endpoint from a backend, please ensure to properly forward the HTTP cookies.", "operationId": "createSelfServiceLogoutFlowUrlForBrowsers", "parameters": [ { "description": "HTTP Cookies\n\nIf you call this endpoint from a backend, please include the\noriginal Cookie header in the request.", "in": "header", "name": "cookie", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/selfServiceLogoutUrl" } } }, "description": "selfServiceLogoutUrl" }, "401": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "summary": "Create a Logout URL for Browsers", "tags": [ "v0alpha2" ] } }, "/self-service/recovery": { "post": { "description": "Use this endpoint to complete a recovery flow. This endpoint\nbehaves differently for API and browser flows and has several states:\n\n`choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent\nand works with API- and Browser-initiated flows.\nFor API clients and Browser clients with HTTP Header `Accept: application/json` it either returns a HTTP 200 OK when the form is valid and HTTP 400 OK when the form is invalid.\nand a HTTP 303 See Other redirect with a fresh recovery flow if the flow was otherwise invalid (e.g. expired).\nFor Browser clients without HTTP Header `Accept` or with `Accept: text/*` it returns a HTTP 303 See Other redirect to the Recovery UI URL with the Recovery Flow ID appended.\n`sent_email` is the success state after `choose_method` for the `link` method and allows the user to request another recovery email. It\nworks for both API and Browser-initiated flows and returns the same responses as the flow in `choose_method` state.\n`passed_challenge` expects a `token` to be sent in the URL query and given the nature of the flow (\"sending a recovery link\")\ndoes not have any API capabilities. The server responds with a HTTP 303 See Other redirect either to the Settings UI URL\n(if the link was valid) and instructs the user to update their password, or a redirect to the Recover UI URL with\na new Recovery Flow ID which contains an error message that the recovery link was invalid.\n\nMore information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).", "operationId": "submitSelfServiceRecoveryFlow", "parameters": [ { "description": "The Recovery Flow ID\n\nThe value for this parameter comes from `flow` URL Query parameter sent to your\napplication (e.g. `/recovery?flow=abcde`).", "in": "query", "name": "flow", "required": true, "schema": { "type": "string" } }, { "description": "Recovery Token\n\nThe recovery token which completes the recovery request. If the token\nis invalid (e.g. expired) an error will be shown to the end-user.\n\nThis parameter is usually set in a link and not used by any direct API call.", "in": "query", "name": "token", "schema": { "type": "string" } }, { "description": "HTTP Cookies\n\nWhen using the SDK in a browser app, on the server side you must include the HTTP Cookie Header\nsent by the client to your server here. This ensures that CSRF and session cookies are respected.", "in": "header", "name": "Cookie", "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/submitSelfServiceRecoveryFlowBody" } }, "application/x-www-form-urlencoded": { "schema": { "$ref": "#/components/schemas/submitSelfServiceRecoveryFlowBody" } } }, "required": true, "x-originalParamName": "Body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/selfServiceRecoveryFlow" } } }, "description": "selfServiceRecoveryFlow" }, "303": { "$ref": "#/components/responses/emptyResponse" }, "400": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/selfServiceRecoveryFlow" } } }, "description": "selfServiceRecoveryFlow" }, "410": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "summary": "Complete Recovery Flow", "tags": [ "v0alpha2" ] } }, "/self-service/recovery/api": { "get": { "description": "This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on.\n\nIf a valid provided session cookie or session token is provided, a 400 Bad Request error.\n\nTo fetch an existing recovery flow call `/self-service/recovery/flows?flow=\u003cflow_id\u003e`.\n\nYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\nPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\nyou vulnerable to a variety of CSRF attacks.\n\nThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\n\n\nMore information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).", "operationId": "initializeSelfServiceRecoveryFlowWithoutBrowser", "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/selfServiceRecoveryFlow" } } }, "description": "selfServiceRecoveryFlow" }, "400": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "summary": "Initialize Recovery Flow for APIs, Services, Apps, ...", "tags": [ "v0alpha2" ] } }, "/self-service/recovery/browser": { "get": { "description": "This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to\n`selfservice.flows.recovery.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session\nexists, the browser is returned to the configured return URL.\n\nIf this endpoint is called via an AJAX request, the response contains the recovery flow without any redirects\nor a 400 bad request error if the user is already authenticated.\n\nThis endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.\n\nMore information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).", "operationId": "initializeSelfServiceRecoveryFlowForBrowsers", "parameters": [ { "description": "The URL to return the browser to after the flow was completed.", "in": "query", "name": "return_to", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/selfServiceRecoveryFlow" } } }, "description": "selfServiceRecoveryFlow" }, "303": { "$ref": "#/components/responses/emptyResponse" }, "400": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "summary": "Initialize Recovery Flow for Browsers", "tags": [ "v0alpha2" ] } }, "/self-service/recovery/flows": { "get": { "description": "This endpoint returns a recovery flow's context with, for example, error details and other information.\n\nBrowser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.\nFor AJAX requests you must ensure that cookies are included in the request or requests will fail.\n\nIf you use the browser-flow for server-side apps, the services need to run on a common top-level-domain\nand you need to forward the incoming HTTP Cookie header to this endpoint:\n\n```js\npseudo-code example\nrouter.get('/recovery', async function (req, res) {\nconst flow = await client.getSelfServiceRecoveryFlow(req.header('Cookie'), req.query['flow'])\n\nres.render('recovery', flow)\n})\n```\n\nMore information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).", "operationId": "getSelfServiceRecoveryFlow", "parameters": [ { "description": "The Flow ID\n\nThe value for this parameter comes from `request` URL Query parameter sent to your\napplication (e.g. `/recovery?flow=abcde`).", "in": "query", "name": "id", "required": true, "schema": { "type": "string" } }, { "description": "HTTP Cookies\n\nWhen using the SDK in a browser app, on the server side you must include the HTTP Cookie Header\nsent by the client to your server here. This ensures that CSRF and session cookies are respected.", "in": "header", "name": "Cookie", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/selfServiceRecoveryFlow" } } }, "description": "selfServiceRecoveryFlow" }, "404": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "410": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "summary": "Get Recovery Flow", "tags": [ "v0alpha2" ] } }, "/self-service/registration": { "post": { "description": "Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint\nbehaves differently for API and browser flows.\n\nAPI flows expect `application/json` to be sent in the body and respond with\nHTTP 200 and a application/json body with the created identity success - if the session hook is configured the\n`session` and `session_token` will also be included;\nHTTP 410 if the original flow expired with the appropriate error messages set and optionally a `use_flow_id` parameter in the body;\nHTTP 400 on form validation errors.\n\nBrowser flows expect a Content-Type of `application/x-www-form-urlencoded` or `application/json` to be sent in the body and respond with\na HTTP 303 redirect to the post/after registration URL or the `return_to` value if it was set and if the registration succeeded;\na HTTP 303 redirect to the registration UI URL with the flow ID containing the validation errors otherwise.\n\nBrowser flows with an accept header of `application/json` will not redirect but instead respond with\nHTTP 200 and a application/json body with the signed in identity and a `Set-Cookie` header on success;\nHTTP 303 redirect to a fresh login flow if the original flow expired with the appropriate error messages set;\nHTTP 400 on form validation errors.\n\nIf this endpoint is called with `Accept: application/json` in the header, the response contains the flow without a redirect. In the\ncase of an error, the `error.id` of the JSON response body can be one of:\n\n`session_already_available`: The user is already signed in.\n`security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred.\n`security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration!\n`browser_location_change_required`: Usually sent when an AJAX request indicates that the browser needs to open a specific URL.\nMost likely used in Social Sign In flows.\n\nMore information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).", "operationId": "submitSelfServiceRegistrationFlow", "parameters": [ { "description": "The Registration Flow ID\n\nThe value for this parameter comes from `flow` URL Query parameter sent to your\napplication (e.g. `/registration?flow=abcde`).", "in": "query", "name": "flow", "required": true, "schema": { "type": "string" } }, { "description": "HTTP Cookies\n\nWhen using the SDK in a browser app, on the server side you must include the HTTP Cookie Header\nsent by the client to your server here. This ensures that CSRF and session cookies are respected.", "in": "header", "name": "Cookie", "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/submitSelfServiceRegistrationFlowBody" } }, "application/x-www-form-urlencoded": { "schema": { "$ref": "#/components/schemas/submitSelfServiceRegistrationFlowBody" } } }, "required": true, "x-originalParamName": "Body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/successfulSelfServiceRegistrationWithoutBrowser" } } }, "description": "successfulSelfServiceRegistrationWithoutBrowser" }, "303": { "$ref": "#/components/responses/emptyResponse" }, "400": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/selfServiceRegistrationFlow" } } }, "description": "selfServiceRegistrationFlow" }, "410": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "422": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/selfServiceBrowserLocationChangeRequiredError" } } }, "description": "selfServiceBrowserLocationChangeRequiredError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "summary": "Submit a Registration Flow", "tags": [ "v0alpha2" ] } }, "/self-service/registration/api": { "get": { "description": "This endpoint initiates a registration flow for API clients such as mobile devices, smart TVs, and so on.\n\nIf a valid provided session cookie or session token is provided, a 400 Bad Request error\nwill be returned unless the URL query parameter `?refresh=true` is set.\n\nTo fetch an existing registration flow call `/self-service/registration/flows?flow=\u003cflow_id\u003e`.\n\nYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\nPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\nyou vulnerable to a variety of CSRF attacks.\n\nIn the case of an error, the `error.id` of the JSON response body can be one of:\n\n`session_already_available`: The user is already signed in.\n`security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred.\n\nThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\n\nMore information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).", "operationId": "initializeSelfServiceRegistrationFlowWithoutBrowser", "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/selfServiceRegistrationFlow" } } }, "description": "selfServiceRegistrationFlow" }, "400": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "summary": "Initialize Registration Flow for APIs, Services, Apps, ...", "tags": [ "v0alpha2" ] } }, "/self-service/registration/browser": { "get": { "description": "This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate\ncookies and anti-CSRF measures required for browser-based flows.\n\n:::info\n\nThis endpoint is EXPERIMENTAL and subject to potential breaking changes in the future.\n\n:::\n\nIf this endpoint is opened as a link in the browser, it will be redirected to\n`selfservice.flows.registration.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session\nexists already, the browser will be redirected to `urls.default_redirect_url`.\n\nIf this endpoint is called via an AJAX request, the response contains the flow without a redirect. In the\ncase of an error, the `error.id` of the JSON response body can be one of:\n\n`session_already_available`: The user is already signed in.\n`security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred.\n`security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration!\n\nIf this endpoint is called via an AJAX request, the response contains the registration flow without a redirect.\n\nThis endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.\n\nMore information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).", "operationId": "initializeSelfServiceRegistrationFlowForBrowsers", "parameters": [ { "description": "The URL to return the browser to after the flow was completed.", "in": "query", "name": "return_to", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/selfServiceRegistrationFlow" } } }, "description": "selfServiceRegistrationFlow" }, "303": { "$ref": "#/components/responses/emptyResponse" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "summary": "Initialize Registration Flow for Browsers", "tags": [ "v0alpha2" ] } }, "/self-service/registration/flows": { "get": { "description": "This endpoint returns a registration flow's context with, for example, error details and other information.\n\nBrowser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.\nFor AJAX requests you must ensure that cookies are included in the request or requests will fail.\n\nIf you use the browser-flow for server-side apps, the services need to run on a common top-level-domain\nand you need to forward the incoming HTTP Cookie header to this endpoint:\n\n```js\npseudo-code example\nrouter.get('/registration', async function (req, res) {\nconst flow = await client.getSelfServiceRegistrationFlow(req.header('cookie'), req.query['flow'])\n\nres.render('registration', flow)\n})\n```\n\nThis request may fail due to several reasons. The `error.id` can be one of:\n\n`session_already_available`: The user is already signed in.\n`self_service_flow_expired`: The flow is expired and you should request a new one.\n\nMore information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).", "operationId": "getSelfServiceRegistrationFlow", "parameters": [ { "description": "The Registration Flow ID\n\nThe value for this parameter comes from `flow` URL Query parameter sent to your\napplication (e.g. `/registration?flow=abcde`).", "in": "query", "name": "id", "required": true, "schema": { "type": "string" } }, { "description": "HTTP Cookies\n\nWhen using the SDK in a browser app, on the server side you must include the HTTP Cookie Header\nsent by the client to your server here. This ensures that CSRF and session cookies are respected.", "in": "header", "name": "Cookie", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/selfServiceRegistrationFlow" } } }, "description": "selfServiceRegistrationFlow" }, "403": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "404": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "410": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "summary": "Get Registration Flow", "tags": [ "v0alpha2" ] } }, "/self-service/settings": { "post": { "description": "Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint\nbehaves differently for API and browser flows.\n\nAPI-initiated flows expect `application/json` to be sent in the body and respond with\nHTTP 200 and an application/json body with the session token on success;\nHTTP 303 redirect to a fresh settings flow if the original flow expired with the appropriate error messages set;\nHTTP 400 on form validation errors.\nHTTP 401 when the endpoint is called without a valid session token.\nHTTP 403 when `selfservice.flows.settings.privileged_session_max_age` was reached or the session's AAL is too low.\nImplies that the user needs to re-authenticate.\n\nBrowser flows without HTTP Header `Accept` or with `Accept: text/*` respond with\na HTTP 303 redirect to the post/after settings URL or the `return_to` value if it was set and if the flow succeeded;\na HTTP 303 redirect to the Settings UI URL with the flow ID containing the validation errors otherwise.\na HTTP 303 redirect to the login endpoint when `selfservice.flows.settings.privileged_session_max_age` was reached or the session's AAL is too low.\n\nBrowser flows with HTTP Header `Accept: application/json` respond with\nHTTP 200 and a application/json body with the signed in identity and a `Set-Cookie` header on success;\nHTTP 303 redirect to a fresh login flow if the original flow expired with the appropriate error messages set;\nHTTP 401 when the endpoint is called without a valid session cookie.\nHTTP 403 when the page is accessed without a session cookie or the session's AAL is too low.\nHTTP 400 on form validation errors.\n\nDepending on your configuration this endpoint might return a 403 error if the session has a lower Authenticator\nAssurance Level (AAL) than is possible for the identity. This can happen if the identity has password + webauthn\ncredentials (which would result in AAL2) but the session has only AAL1. If this error occurs, ask the user\nto sign in with the second factor (happens automatically for server-side browser flows) or change the configuration.\n\nIf this endpoint is called with a `Accept: application/json` HTTP header, the response contains the flow without a redirect. In the\ncase of an error, the `error.id` of the JSON response body can be one of:\n\n`session_refresh_required`: The identity requested to change something that needs a privileged session. Redirect\nthe identity to the login init endpoint with query parameters `?refresh=true\u0026return_to=\u003cthe-current-browser-url\u003e`,\nor initiate a refresh login flow otherwise.\n`security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred.\n`session_inactive`: No Ory Session was found - sign in a user first.\n`security_identity_mismatch`: The flow was interrupted with `session_refresh_required` but apparently some other\nidentity logged in instead.\n`security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration!\n`browser_location_change_required`: Usually sent when an AJAX request indicates that the browser needs to open a specific URL.\nMost likely used in Social Sign In flows.\n\nMore information can be found at [Ory Kratos User Settings \u0026 Profile Management Documentation](../self-service/flows/user-settings).", "operationId": "submitSelfServiceSettingsFlow", "parameters": [ { "description": "The Settings Flow ID\n\nThe value for this parameter comes from `flow` URL Query parameter sent to your\napplication (e.g. `/settings?flow=abcde`).", "in": "query", "name": "flow", "required": true, "schema": { "type": "string" } }, { "description": "The Session Token of the Identity performing the settings flow.", "in": "header", "name": "X-Session-Token", "schema": { "type": "string" } }, { "description": "HTTP Cookies\n\nWhen using the SDK in a browser app, on the server side you must include the HTTP Cookie Header\nsent by the client to your server here. This ensures that CSRF and session cookies are respected.", "in": "header", "name": "Cookie", "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/submitSelfServiceSettingsFlowBody" } }, "application/x-www-form-urlencoded": { "schema": { "$ref": "#/components/schemas/submitSelfServiceSettingsFlowBody" } } }, "required": true, "x-originalParamName": "Body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/selfServiceSettingsFlow" } } }, "description": "selfServiceSettingsFlow" }, "303": { "$ref": "#/components/responses/emptyResponse" }, "400": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/selfServiceSettingsFlow" } } }, "description": "selfServiceSettingsFlow" }, "401": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "403": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "410": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "422": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/selfServiceBrowserLocationChangeRequiredError" } } }, "description": "selfServiceBrowserLocationChangeRequiredError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "security": [ { "sessionToken": [] } ], "summary": "Complete Settings Flow", "tags": [ "v0alpha2" ] } }, "/self-service/settings/api": { "get": { "description": "This endpoint initiates a settings flow for API clients such as mobile devices, smart TVs, and so on.\nYou must provide a valid Ory Kratos Session Token for this endpoint to respond with HTTP 200 OK.\n\nTo fetch an existing settings flow call `/self-service/settings/flows?flow=\u003cflow_id\u003e`.\n\nYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\nPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\nyou vulnerable to a variety of CSRF attacks.\n\nDepending on your configuration this endpoint might return a 403 error if the session has a lower Authenticator\nAssurance Level (AAL) than is possible for the identity. This can happen if the identity has password + webauthn\ncredentials (which would result in AAL2) but the session has only AAL1. If this error occurs, ask the user\nto sign in with the second factor or change the configuration.\n\nIn the case of an error, the `error.id` of the JSON response body can be one of:\n\n`security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred.\n`session_inactive`: No Ory Session was found - sign in a user first.\n\nThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\n\nMore information can be found at [Ory Kratos User Settings \u0026 Profile Management Documentation](../self-service/flows/user-settings).", "operationId": "initializeSelfServiceSettingsFlowWithoutBrowser", "parameters": [ { "description": "The Session Token of the Identity performing the settings flow.", "in": "header", "name": "X-Session-Token", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/selfServiceSettingsFlow" } } }, "description": "selfServiceSettingsFlow" }, "400": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "summary": "Initialize Settings Flow for APIs, Services, Apps, ...", "tags": [ "v0alpha2" ] } }, "/self-service/settings/browser": { "get": { "description": "This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to\n`selfservice.flows.settings.ui_url` with the flow ID set as the query parameter `?flow=`. If no valid\nOry Kratos Session Cookie is included in the request, a login flow will be initialized.\n\nIf this endpoint is opened as a link in the browser, it will be redirected to\n`selfservice.flows.settings.ui_url` with the flow ID set as the query parameter `?flow=`. If no valid user session\nwas set, the browser will be redirected to the login endpoint.\n\nIf this endpoint is called via an AJAX request, the response contains the settings flow without any redirects\nor a 401 forbidden error if no valid session was set.\n\nDepending on your configuration this endpoint might return a 403 error if the session has a lower Authenticator\nAssurance Level (AAL) than is possible for the identity. This can happen if the identity has password + webauthn\ncredentials (which would result in AAL2) but the session has only AAL1. If this error occurs, ask the user\nto sign in with the second factor (happens automatically for server-side browser flows) or change the configuration.\n\nIf this endpoint is called via an AJAX request, the response contains the flow without a redirect. In the\ncase of an error, the `error.id` of the JSON response body can be one of:\n\n`security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred.\n`session_inactive`: No Ory Session was found - sign in a user first.\n`security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration!\n\nThis endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.\n\nMore information can be found at [Ory Kratos User Settings \u0026 Profile Management Documentation](../self-service/flows/user-settings).", "operationId": "initializeSelfServiceSettingsFlowForBrowsers", "parameters": [ { "description": "The URL to return the browser to after the flow was completed.", "in": "query", "name": "return_to", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/selfServiceSettingsFlow" } } }, "description": "selfServiceSettingsFlow" }, "303": { "$ref": "#/components/responses/emptyResponse" }, "400": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "401": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "403": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "summary": "Initialize Settings Flow for Browsers", "tags": [ "v0alpha2" ] } }, "/self-service/settings/flows": { "get": { "description": "When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie\nor the Ory Kratos Session Token are set.\n\nDepending on your configuration this endpoint might return a 403 error if the session has a lower Authenticator\nAssurance Level (AAL) than is possible for the identity. This can happen if the identity has password + webauthn\ncredentials (which would result in AAL2) but the session has only AAL1. If this error occurs, ask the user\nto sign in with the second factor or change the configuration.\n\nYou can access this endpoint without credentials when using Ory Kratos' Admin API.\n\nIf this endpoint is called via an AJAX request, the response contains the flow without a redirect. In the\ncase of an error, the `error.id` of the JSON response body can be one of:\n\n`security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred.\n`session_inactive`: No Ory Session was found - sign in a user first.\n`security_identity_mismatch`: The flow was interrupted with `session_refresh_required` but apparently some other\nidentity logged in instead.\n\nMore information can be found at [Ory Kratos User Settings \u0026 Profile Management Documentation](../self-service/flows/user-settings).", "operationId": "getSelfServiceSettingsFlow", "parameters": [ { "description": "ID is the Settings Flow ID\n\nThe value for this parameter comes from `flow` URL Query parameter sent to your\napplication (e.g. `/settings?flow=abcde`).", "in": "query", "name": "id", "required": true, "schema": { "type": "string" } }, { "description": "The Session Token\n\nWhen using the SDK in an app without a browser, please include the\nsession token here.", "in": "header", "name": "X-Session-Token", "schema": { "type": "string" } }, { "description": "HTTP Cookies\n\nWhen using the SDK in a browser app, on the server side you must include the HTTP Cookie Header\nsent by the client to your server here. This ensures that CSRF and session cookies are respected.", "in": "header", "name": "Cookie", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/selfServiceSettingsFlow" } } }, "description": "selfServiceSettingsFlow" }, "401": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "403": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "404": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "410": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "summary": "Get Settings Flow", "tags": [ "v0alpha2" ] } }, "/self-service/verification": { "post": { "description": "Use this endpoint to complete a verification flow. This endpoint\nbehaves differently for API and browser flows and has several states:\n\n`choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent\nand works with API- and Browser-initiated flows.\nFor API clients and Browser clients with HTTP Header `Accept: application/json` it either returns a HTTP 200 OK when the form is valid and HTTP 400 OK when the form is invalid\nand a HTTP 303 See Other redirect with a fresh verification flow if the flow was otherwise invalid (e.g. expired).\nFor Browser clients without HTTP Header `Accept` or with `Accept: text/*` it returns a HTTP 303 See Other redirect to the Verification UI URL with the Verification Flow ID appended.\n`sent_email` is the success state after `choose_method` when using the `link` method and allows the user to request another verification email. It\nworks for both API and Browser-initiated flows and returns the same responses as the flow in `choose_method` state.\n`passed_challenge` expects a `token` to be sent in the URL query and given the nature of the flow (\"sending a verification link\")\ndoes not have any API capabilities. The server responds with a HTTP 303 See Other redirect either to the Settings UI URL\n(if the link was valid) and instructs the user to update their password, or a redirect to the Verification UI URL with\na new Verification Flow ID which contains an error message that the verification link was invalid.\n\nMore information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).", "operationId": "submitSelfServiceVerificationFlow", "parameters": [ { "description": "The Verification Flow ID\n\nThe value for this parameter comes from `flow` URL Query parameter sent to your\napplication (e.g. `/verification?flow=abcde`).", "in": "query", "name": "flow", "required": true, "schema": { "type": "string" } }, { "description": "Verification Token\n\nThe verification token which completes the verification request. If the token\nis invalid (e.g. expired) an error will be shown to the end-user.\n\nThis parameter is usually set in a link and not used by any direct API call.", "in": "query", "name": "token", "schema": { "type": "string" } }, { "description": "HTTP Cookies\n\nWhen using the SDK in a browser app, on the server side you must include the HTTP Cookie Header\nsent by the client to your server here. This ensures that CSRF and session cookies are respected.", "in": "header", "name": "Cookie", "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/submitSelfServiceVerificationFlowBody" } }, "application/x-www-form-urlencoded": { "schema": { "$ref": "#/components/schemas/submitSelfServiceVerificationFlowBody" } } }, "required": true, "x-originalParamName": "Body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/selfServiceVerificationFlow" } } }, "description": "selfServiceVerificationFlow" }, "303": { "$ref": "#/components/responses/emptyResponse" }, "400": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/selfServiceVerificationFlow" } } }, "description": "selfServiceVerificationFlow" }, "410": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "summary": "Complete Verification Flow", "tags": [ "v0alpha2" ] } }, "/self-service/verification/api": { "get": { "description": "This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on.\n\nTo fetch an existing verification flow call `/self-service/verification/flows?flow=\u003cflow_id\u003e`.\n\nYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\nPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\nyou vulnerable to a variety of CSRF attacks.\n\nThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\n\nMore information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation).", "operationId": "initializeSelfServiceVerificationFlowWithoutBrowser", "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/selfServiceVerificationFlow" } } }, "description": "selfServiceVerificationFlow" }, "400": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "summary": "Initialize Verification Flow for APIs, Services, Apps, ...", "tags": [ "v0alpha2" ] } }, "/self-service/verification/browser": { "get": { "description": "This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to\n`selfservice.flows.verification.ui_url` with the flow ID set as the query parameter `?flow=`.\n\nIf this endpoint is called via an AJAX request, the response contains the recovery flow without any redirects.\n\nThis endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...).\n\nMore information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).", "operationId": "initializeSelfServiceVerificationFlowForBrowsers", "parameters": [ { "description": "The URL to return the browser to after the flow was completed.", "in": "query", "name": "return_to", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/selfServiceVerificationFlow" } } }, "description": "selfServiceVerificationFlow" }, "303": { "$ref": "#/components/responses/emptyResponse" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "summary": "Initialize Verification Flow for Browser Clients", "tags": [ "v0alpha2" ] } }, "/self-service/verification/flows": { "get": { "description": "This endpoint returns a verification flow's context with, for example, error details and other information.\n\nBrowser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.\nFor AJAX requests you must ensure that cookies are included in the request or requests will fail.\n\nIf you use the browser-flow for server-side apps, the services need to run on a common top-level-domain\nand you need to forward the incoming HTTP Cookie header to this endpoint:\n\n```js\npseudo-code example\nrouter.get('/recovery', async function (req, res) {\nconst flow = await client.getSelfServiceVerificationFlow(req.header('cookie'), req.query['flow'])\n\nres.render('verification', flow)\n})\n\nMore information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).", "operationId": "getSelfServiceVerificationFlow", "parameters": [ { "description": "The Flow ID\n\nThe value for this parameter comes from `request` URL Query parameter sent to your\napplication (e.g. `/verification?flow=abcde`).", "in": "query", "name": "id", "required": true, "schema": { "type": "string" } }, { "description": "HTTP Cookies\n\nWhen using the SDK on the server side you must include the HTTP Cookie Header\noriginally sent to your HTTP handler here.", "in": "header", "name": "cookie", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/selfServiceVerificationFlow" } } }, "description": "selfServiceVerificationFlow" }, "403": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "404": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "summary": "Get Verification Flow", "tags": [ "v0alpha2" ] } }, "/sessions": { "delete": { "description": "This endpoint is useful for:\n\nTo forcefully logout the current user from all other devices and sessions", "operationId": "revokeSessions", "parameters": [ { "description": "Set the Session Token when calling from non-browser clients. A session token has a format of `MP2YWEMeM8MxjkGKpH4dqOQ4Q4DlSPaj`.", "in": "header", "name": "X-Session-Token", "schema": { "type": "string" } }, { "description": "Set the Cookie Header. This is especially useful when calling this endpoint from a server-side application. In that\nscenario you must include the HTTP Cookie Header which originally was included in the request to your server.\nAn example of a session in the HTTP Cookie Header is: `ory_kratos_session=a19iOVAbdzdgl70Rq1QZmrKmcjDtdsviCTZx7m9a9yHIUS8Wa9T7hvqyGTsLHi6Qifn2WUfpAKx9DWp0SJGleIn9vh2YF4A16id93kXFTgIgmwIOvbVAScyrx7yVl6bPZnCx27ec4WQDtaTewC1CpgudeDV2jQQnSaCP6ny3xa8qLH-QUgYqdQuoA_LF1phxgRCUfIrCLQOkolX5nv3ze_f==`.\n\nIt is ok if more than one cookie are included here as all other cookies will be ignored.", "in": "header", "name": "Cookie", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/revokedSessions" } } }, "description": "revokedSessions" }, "400": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "401": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "404": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "summary": "Calling this endpoint invalidates all except the current session that belong to the logged-in user.\nSession data are not deleted.", "tags": [ "v0alpha2" ] }, "get": { "description": "This endpoint is useful for:\n\nDisplaying all other sessions that belong to the logged-in user", "operationId": "listSessions", "parameters": [ { "description": "Set the Session Token when calling from non-browser clients. A session token has a format of `MP2YWEMeM8MxjkGKpH4dqOQ4Q4DlSPaj`.", "in": "header", "name": "X-Session-Token", "schema": { "type": "string" } }, { "description": "Set the Cookie Header. This is especially useful when calling this endpoint from a server-side application. In that\nscenario you must include the HTTP Cookie Header which originally was included in the request to your server.\nAn example of a session in the HTTP Cookie Header is: `ory_kratos_session=a19iOVAbdzdgl70Rq1QZmrKmcjDtdsviCTZx7m9a9yHIUS8Wa9T7hvqyGTsLHi6Qifn2WUfpAKx9DWp0SJGleIn9vh2YF4A16id93kXFTgIgmwIOvbVAScyrx7yVl6bPZnCx27ec4WQDtaTewC1CpgudeDV2jQQnSaCP6ny3xa8qLH-QUgYqdQuoA_LF1phxgRCUfIrCLQOkolX5nv3ze_f==`.\n\nIt is ok if more than one cookie are included here as all other cookies will be ignored.", "in": "header", "name": "Cookie", "schema": { "type": "string" } }, { "description": "Items per Page\n\nThis is the number of items per page.", "in": "query", "name": "per_page", "schema": { "default": 250, "format": "int64", "maximum": 1000, "minimum": 1, "type": "integer" } }, { "description": "Pagination Page\n\nThis value is currently an integer, but it is not sequential. The value is not the page number, but a\nreference. The next page can be any number and some numbers might return an empty list.\n\nFor example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist.", "in": "query", "name": "page", "schema": { "default": 1, "format": "int64", "minimum": 1, "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/sessionList" } } }, "description": "sessionList" }, "400": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "401": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "404": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "summary": "This endpoints returns all other active sessions that belong to the logged-in user.\nThe current session can be retrieved by calling the `/sessions/whoami` endpoint.", "tags": [ "v0alpha2" ] } }, "/sessions/whoami": { "get": { "description": "Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated.\nReturns a session object in the body or 401 if the credentials are invalid or no credentials were sent.\nAdditionally when the request it successful it adds the user ID to the 'X-Kratos-Authenticated-Identity-Id' header\nin the response.\n\nIf you call this endpoint from a server-side application, you must forward the HTTP Cookie Header to this endpoint:\n\n```js\npseudo-code example\nrouter.get('/protected-endpoint', async function (req, res) {\nconst session = await client.toSession(undefined, req.header('cookie'))\n\nconsole.log(session)\n})\n```\n\nWhen calling this endpoint from a non-browser application (e.g. mobile app) you must include the session token:\n\n```js\npseudo-code example\n...\nconst session = await client.toSession(\"the-session-token\")\n\nconsole.log(session)\n```\n\nDepending on your configuration this endpoint might return a 403 status code if the session has a lower Authenticator\nAssurance Level (AAL) than is possible for the identity. This can happen if the identity has password + webauthn\ncredentials (which would result in AAL2) but the session has only AAL1. If this error occurs, ask the user\nto sign in with the second factor or change the configuration.\n\nThis endpoint is useful for:\n\nAJAX calls. Remember to send credentials and set up CORS correctly!\nReverse proxies and API Gateways\nServer-side calls - use the `X-Session-Token` header!\n\nThis endpoint authenticates users by checking\n\nif the `Cookie` HTTP header was set containing an Ory Kratos Session Cookie;\nif the `Authorization: bearer \u003cory-session-token\u003e` HTTP header was set with a valid Ory Kratos Session Token;\nif the `X-Session-Token` HTTP header was set with a valid Ory Kratos Session Token.\n\nIf none of these headers are set or the cooke or token are invalid, the endpoint returns a HTTP 401 status code.\n\nAs explained above, this request may fail due to several reasons. The `error.id` can be one of:\n\n`session_inactive`: No active session was found in the request (e.g. no Ory Session Cookie / Ory Session Token).\n`session_aal2_required`: An active session was found but it does not fulfil the Authenticator Assurance Level, implying that the session must (e.g.) authenticate the second factor.", "operationId": "toSession", "parameters": [ { "description": "Set the Session Token when calling from non-browser clients. A session token has a format of `MP2YWEMeM8MxjkGKpH4dqOQ4Q4DlSPaj`.", "example": "MP2YWEMeM8MxjkGKpH4dqOQ4Q4DlSPaj", "in": "header", "name": "X-Session-Token", "schema": { "type": "string" } }, { "description": "Set the Cookie Header. This is especially useful when calling this endpoint from a server-side application. In that\nscenario you must include the HTTP Cookie Header which originally was included in the request to your server.\nAn example of a session in the HTTP Cookie Header is: `ory_kratos_session=a19iOVAbdzdgl70Rq1QZmrKmcjDtdsviCTZx7m9a9yHIUS8Wa9T7hvqyGTsLHi6Qifn2WUfpAKx9DWp0SJGleIn9vh2YF4A16id93kXFTgIgmwIOvbVAScyrx7yVl6bPZnCx27ec4WQDtaTewC1CpgudeDV2jQQnSaCP6ny3xa8qLH-QUgYqdQuoA_LF1phxgRCUfIrCLQOkolX5nv3ze_f==`.\n\nIt is ok if more than one cookie are included here as all other cookies will be ignored.", "example": "ory_kratos_session=a19iOVAbdzdgl70Rq1QZmrKmcjDtdsviCTZx7m9a9yHIUS8Wa9T7hvqyGTsLHi6Qifn2WUfpAKx9DWp0SJGleIn9vh2YF4A16id93kXFTgIgmwIOvbVAScyrx7yVl6bPZnCx27ec4WQDtaTewC1CpgudeDV2jQQnSaCP6ny3xa8qLH-QUgYqdQuoA_LF1phxgRCUfIrCLQOkolX5nv3ze_f==", "in": "header", "name": "Cookie", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/session" } } }, "description": "session" }, "401": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "403": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "summary": "Check Who the Current HTTP Session Belongs To", "tags": [ "v0alpha2" ] } }, "/sessions/{id}": { "delete": { "description": "This endpoint is useful for:\n\nTo forcefully logout the current user from another device or session", "operationId": "revokeSession", "parameters": [ { "description": "ID is the session's ID.", "in": "path", "name": "id", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "$ref": "#/components/responses/emptyResponse" }, "400": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "401": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" }, "500": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/jsonError" } } }, "description": "jsonError" } }, "summary": "Calling this endpoint invalidates the specified session. The current session cannot be revoked.\nSession data are not deleted.", "tags": [ "v0alpha2" ] } }, "/version": { "get": { "description": "This endpoint returns the version of Ory Kratos.\n\nIf the service supports TLS Edge Termination, this endpoint does not require the\n`X-Forwarded-Proto` header to be set.\n\nBe aware that if you are running multiple nodes of this service, the version will never\nrefer to the cluster state, only to a single instance.", "operationId": "getVersion", "responses": { "200": { "content": { "application/json": { "schema": { "properties": { "version": { "description": "The version of Ory Kratos.", "type": "string" } }, "required": [ "version" ], "type": "object" } } }, "description": "Returns the Ory Kratos version." } }, "security": [ { "oryAccessToken": [] } ], "summary": "Return Running Software Version.", "tags": [ "metadata" ] } } }, "servers": [ { "url": "https://{project}.projects.oryapis.com/", "variables": { "project": { "default": "playground", "description": "Project slug as provided by the Ory Console." } } } ], "x-forwarded-proto": "string", "x-request-id": "string" }