credentials object requires different properties depending on the phone provider (which is specified using the name property).\n",
"tags": [
"branding"
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateBrandingPhoneProviderRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/CreateBrandingPhoneProviderRequestContent"
}
}
}
},
"responses": {
"201": {
"description": "Phone notification provider successfully created.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateBrandingPhoneProviderResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: create:phone_provider."
},
"409": {
"description": "Custom phone provider conflict."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "create_phone_provider",
"x-release-lifecycle": "GA",
"x-operation-name": "create",
"x-operation-group": [
"branding",
"phone",
"providers"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:phone_providers"
]
}
]
}
},
"/branding/phone/providers/{id}": {
"get": {
"summary": "Get a phone provider",
"description": "Retrieve phone provider details. A list of fields to include or exclude may also be specified.\n",
"tags": [
"branding"
],
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"schema": {
"type": "string",
"minLength": 1,
"maxLength": 255
}
}
],
"responses": {
"200": {
"description": "Phone provider successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetBrandingPhoneProviderResponseContent"
}
}
}
},
"400": {
"description": "Invalid id for provider."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: read:phone_provider."
},
"404": {
"description": "Phone provider has not been configured."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_phone_provider",
"x-release-lifecycle": "GA",
"x-operation-name": "get",
"x-operation-group": [
"branding",
"phone",
"providers"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:phone_providers"
]
}
]
},
"delete": {
"summary": "Deletes a Phone Provider",
"description": "Delete the configured phone provider.\n",
"tags": [
"branding"
],
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"schema": {
"type": "string",
"minLength": 1,
"maxLength": 255
}
}
],
"responses": {
"204": {
"description": "Phone provider successfully deleted."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: delete:phone_provider."
},
"404": {
"description": "Phone provider has not been configured."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "delete_phone_provider",
"x-release-lifecycle": "GA",
"x-operation-name": "delete",
"x-operation-group": [
"branding",
"phone",
"providers"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"delete:phone_providers"
]
}
]
},
"patch": {
"summary": "Update the phone provider",
"description": "Update a phone provider.\nThe credentials object requires different properties depending on the phone provider (which is specified using the name property).\n",
"tags": [
"branding"
],
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"schema": {
"type": "string",
"minLength": 1,
"maxLength": 255
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateBrandingPhoneProviderRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/UpdateBrandingPhoneProviderRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "Phone provider successfully updated.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateBrandingPhoneProviderResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: update:phone_provider."
},
"404": {
"description": "Phone provider has not been configured."
},
"409": {
"description": "Custom phone provider conflict."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "update_phone_provider",
"x-release-lifecycle": "GA",
"x-operation-name": "update",
"x-operation-group": [
"branding",
"phone",
"providers"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:phone_providers"
]
}
]
}
},
"/branding/phone/providers/{id}/try": {
"post": {
"summary": "Send a test phone notification for the configured provider",
"tags": [
"branding"
],
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"schema": {
"type": "string",
"minLength": 1,
"maxLength": 255
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreatePhoneProviderSendTestRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/CreatePhoneProviderSendTestRequestContent"
}
}
}
},
"responses": {
"202": {
"description": "Phone notification sent.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreatePhoneProviderSendTestResponseContent"
}
}
}
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause.",
"x-description-1": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope, expected: create:phone_provider."
},
"404": {
"description": "Phone provider has not been configured."
},
"409": {
"description": "Custom phone provider conflict."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "try_phone_provider",
"x-release-lifecycle": "GA",
"x-operation-name": "test",
"x-operation-group": [
"branding",
"phone",
"providers"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:phone_providers"
]
}
]
}
},
"/branding/phone/templates": {
"get": {
"summary": "Get a list of phone notification templates",
"tags": [
"branding"
],
"parameters": [
{
"name": "disabled",
"in": "query",
"description": "Whether the template is enabled (false) or disabled (true).",
"schema": {
"type": "boolean"
}
}
],
"responses": {
"200": {
"description": "The phone notification templates were retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ListPhoneTemplatesResponseContent"
}
}
}
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation"
},
"403": {
"description": "Insufficient scope, expected any of: read:phone_templates"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_phone_templates",
"x-release-lifecycle": "GA",
"x-operation-name": "list",
"x-operation-request-parameters-name": "ListPhoneTemplatesRequestParameters",
"x-operation-group": [
"branding",
"phone",
"templates"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:phone_templates"
]
}
]
},
"post": {
"summary": "Create a phone notification template",
"tags": [
"branding"
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreatePhoneTemplateRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/CreatePhoneTemplateRequestContent"
}
}
}
},
"responses": {
"201": {
"description": "The phone notification template was created.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreatePhoneTemplateResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation"
},
"403": {
"description": "Insufficient scope, expected any of: create:phone_templates"
},
"409": {
"description": "Phone template already configured for tenant"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "create_phone_template",
"x-release-lifecycle": "GA",
"x-operation-name": "create",
"x-operation-group": [
"branding",
"phone",
"templates"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:phone_templates"
]
}
]
}
},
"/branding/phone/templates/{id}": {
"get": {
"summary": "Get a phone notification template",
"tags": [
"branding"
],
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"schema": {
"type": "string",
"minLength": 1,
"maxLength": 255
}
}
],
"responses": {
"200": {
"description": "The phone notification template were retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetPhoneTemplateResponseContent"
}
}
}
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation"
},
"403": {
"description": "Insufficient scope, expected any of: read:phone_templates"
},
"404": {
"description": "Phone template does not exist"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_phone_template",
"x-release-lifecycle": "GA",
"x-operation-name": "get",
"x-operation-group": [
"branding",
"phone",
"templates"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:phone_templates"
]
}
]
},
"delete": {
"summary": "Delete a phone notification template",
"tags": [
"branding"
],
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"schema": {
"type": "string",
"minLength": 1,
"maxLength": 255
}
}
],
"responses": {
"204": {
"description": "The phone notification template was deleted."
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation"
},
"403": {
"description": "Insufficient scope, expected any of: delete:phone_templates"
},
"404": {
"description": "Phone template does not exist"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "delete_phone_template",
"x-release-lifecycle": "GA",
"x-operation-name": "delete",
"x-operation-group": [
"branding",
"phone",
"templates"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"delete:phone_templates"
]
}
]
},
"patch": {
"summary": "Update a phone notification template",
"tags": [
"branding"
],
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"schema": {
"type": "string",
"minLength": 1,
"maxLength": 255
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdatePhoneTemplateRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/UpdatePhoneTemplateRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "The phone notification template was updated.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdatePhoneTemplateResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation"
},
"403": {
"description": "Insufficient scope, expected any of: update:phone_templates"
},
"404": {
"description": "Phone template does not exist"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "update_phone_template",
"x-release-lifecycle": "GA",
"x-operation-name": "update",
"x-operation-group": [
"branding",
"phone",
"templates"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:phone_templates"
]
}
]
}
},
"/branding/phone/templates/{id}/reset": {
"patch": {
"summary": "Resets a phone notification template values",
"tags": [
"branding"
],
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"schema": {
"type": "string",
"minLength": 1,
"maxLength": 255
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ResetPhoneTemplateRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/ResetPhoneTemplateRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "The phone notification template was reset.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ResetPhoneTemplateResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation"
},
"403": {
"description": "Insufficient scope, expected any of: create:phone_templates"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "reset_phone_template",
"x-release-lifecycle": "GA",
"x-operation-name": "reset",
"x-operation-group": [
"branding",
"phone",
"templates"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:phone_templates"
]
}
]
}
},
"/branding/phone/templates/{id}/try": {
"post": {
"summary": "Send a test phone notification for the configured template",
"tags": [
"branding"
],
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"schema": {
"type": "string",
"minLength": 1,
"maxLength": 255
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreatePhoneTemplateTestNotificationRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/CreatePhoneTemplateTestNotificationRequestContent"
}
}
}
},
"responses": {
"202": {
"description": "The phone testing notification for the template was sent",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreatePhoneTemplateTestNotificationResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation"
},
"403": {
"description": "Insufficient scope, expected any of: create:phone_templates"
},
"404": {
"description": "Phone template does not exist"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "try_phone_template",
"x-release-lifecycle": "GA",
"x-operation-name": "test",
"x-operation-group": [
"branding",
"phone",
"templates"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:phone_templates"
]
}
]
}
},
"/branding/templates/universal-login": {
"get": {
"summary": "Get template for New Universal Login Experience",
"tags": [
"branding"
],
"responses": {
"200": {
"description": "Template successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetUniversalLoginTemplateResponseContent"
}
}
}
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"402": {
"description": "A paid subscription is required for this feature."
},
"403": {
"description": "Insufficient scope; expected: read:branding"
},
"404": {
"description": "Template does not exist."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_universal-login",
"x-release-lifecycle": "GA",
"x-operation-name": "getUniversalLogin",
"x-operation-group": [
"branding",
"templates"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:branding"
]
}
]
},
"delete": {
"summary": "Delete template for New Universal Login Experience",
"tags": [
"branding"
],
"responses": {
"204": {
"description": "Template successfully deleted."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"402": {
"description": "A paid subscription is required for this feature."
},
"403": {
"description": "Insufficient scope; expected: delete:branding."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "delete_universal-login",
"x-release-lifecycle": "GA",
"x-operation-name": "deleteUniversalLogin",
"x-operation-group": [
"branding",
"templates"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"delete:branding"
]
}
]
},
"put": {
"summary": "Set template for New Universal Login Experience",
"description": "Update the Universal Login branding template.\n\nWhen content-type header is set to application/json:
\n{\n \"template\": \"<!DOCTYPE html>{% assign resolved_dir = dir | default: \"auto\" %}<html lang=\"{{locale}}\" dir=\"{{resolved_dir}}\"><head>{%- auth0:head -%}</head><body class=\"_widget-auto-layout\">{%- auth0:widget -%}</body></html>\"\n}\n\n\n\n When content-type header is set to text/html:\n
\n<!DOCTYPE html>\n{% assign resolved_dir = dir | default: \"auto\" %}\n<html lang=\"{{locale}}\" dir=\"{{resolved_dir}}\">\n <head>\n {%- auth0:head -%}\n </head>\n <body class=\"_widget-auto-layout\">\n {%- auth0:widget -%}\n </body>\n</html>\n\n",
"tags": [
"branding"
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateUniversalLoginTemplateRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/UpdateUniversalLoginTemplateRequestContent"
}
}
}
},
"responses": {
"201": {
"description": "Template successfully created."
},
"204": {
"description": "Template successfully updated."
},
"400": {
"description": "Payload content length greater than maximum allowed: 102400.",
"x-description-1": "Payload content missing required Liquid tags (auth0:head and auth0:widget).",
"x-description-2": "Liquid template syntax error: client_id, app_type, name, and description.\n read:clients or\n read:client_keys scope:\n callbacks, oidc_logout, allowed_origins,\n web_origins, tenant, global, config_route,\n callback_url_template, jwt_configuration,\n jwt_configuration.lifetime_in_seconds, jwt_configuration.secret_encoded,\n jwt_configuration.scopes, jwt_configuration.alg, api_type,\n logo_uri, allowed_clients, owners, custom_login_page,\n custom_login_page_off, sso, addons, form_template,\n custom_login_page_codeview, resource_servers, client_metadata,\n mobile, mobile.android, mobile.ios, allowed_logout_urls,\n token_endpoint_auth_method, is_first_party, oidc_conformant,\n is_token_endpoint_ip_header_trusted, initiate_login_uri, grant_types,\n refresh_token, refresh_token.rotation_type, refresh_token.expiration_type,\n refresh_token.leeway, refresh_token.token_lifetime, refresh_token.policies, organization_usage,\n organization_require_behavior.\n read:client_keys or read:client_credentials scope:\n encryption_key, encryption_key.pub, encryption_key.cert,\n client_secret, client_authentication_methods and signing_key.\n client_authentication_methods and token_endpoint_auth_method properties are mutually exclusive. Use \nclient_authentication_methods to configure the client with Private Key JWT authentication method. Otherwise, use token_endpoint_auth_method\nto configure the client with client secret (basic or post) or with no authentication method (none).\n- When using client_authentication_methods to configure the client with Private Key JWT authentication method, specify fully defined credentials. \nThese credentials will be automatically enabled for Private Key JWT authentication on the client. \n- To configure client_authentication_methods, the create:client_credentials scope is required.\n- To configure client_authentication_methods, the property jwt_configuration.alg must be set to RS256.\n\nclient_authentication_methods property on the client. To enable credentials to be used for JWT-Secured Authorization requests set the signed_request_object property on the client.\n",
"tags": [
"clients"
],
"parameters": [
{
"name": "client_id",
"in": "path",
"description": "ID of the client.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Credentials successfully retrieved.",
"content": {
"application/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/ClientCredential"
}
}
}
}
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: read:client_credentials."
},
"404": {
"description": "Client not found."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_credentials",
"x-release-lifecycle": "GA",
"x-operation-name": "list",
"x-operation-group": [
"clients",
"credentials"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:client_credentials"
]
}
]
},
"post": {
"summary": "Create a client credential",
"description": "Create a client credential associated to your application. Credentials can be used to configure Private Key JWT and mTLS authentication methods, as well as for JWT-secured Authorization requests.\n\n{\n \"credential_type\": \"public_key\",\n \"name\": \"string\",\n \"pem\": \"string\",\n \"alg\": \"RS256\",\n \"parse_expiry_from_cert\": false,\n \"expires_at\": \"2022-12-31T23:59:59Z\"\n}{\n \"credential_type\": \"x509_cert\",\n \"name\": \"string\",\n \"pem\": \"string\"\n}{\n \"credential_type\": \"cert_subject_dn\",\n \"name\": \"string\",\n \"subject_dn\": \"string\"\n}{\n \"credential_type\": \"cert_subject_dn\",\n \"name\": \"string\",\n \"pem\": \"string\"\n}client_authentication_methods property on the client. For more information, read Configure Private Key JWT Authentication and Configure mTLS Authenticationsigned_request_objectproperty on the client. For more information, read Configure JWT-secured Authorization Requests (JAR)client_authentication_methods property on the client. To enable credentials to be used for JWT-Secured Authorization requests set the signed_request_object property on the client.\n",
"tags": [
"clients"
],
"parameters": [
{
"name": "client_id",
"in": "path",
"description": "ID of the client.",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "credential_id",
"in": "path",
"description": "ID of the credential.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Credential successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetClientCredentialResponseContent"
}
}
}
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: read:client_credentials."
},
"404": {
"description": "Client not found.",
"x-description-1": "Credential does not exist"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_credentials_by_credential_id",
"x-release-lifecycle": "GA",
"x-operation-name": "get",
"x-operation-group": [
"clients",
"credentials"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:client_credentials"
]
}
]
},
"delete": {
"summary": "Delete a client credential",
"description": "Delete a client credential you previously created. May be enabled or disabled. For more information, read Client Credential Flow.",
"tags": [
"clients"
],
"parameters": [
{
"name": "client_id",
"in": "path",
"description": "ID of the client.",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "credential_id",
"in": "path",
"description": "ID of the credential to delete.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"204": {
"description": "Credential successfully deleted."
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: delete:client_credentials."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "delete_credentials_by_credential_id",
"x-release-lifecycle": "GA",
"x-operation-name": "delete",
"x-operation-group": [
"clients",
"credentials"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"delete:client_credentials"
]
}
]
},
"patch": {
"summary": "Update a client credential",
"description": "Change a client credential you previously created. May be enabled or disabled. For more information, read Client Credential Flow.",
"tags": [
"clients"
],
"parameters": [
{
"name": "client_id",
"in": "path",
"description": "ID of the client.",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "credential_id",
"in": "path",
"description": "ID of the credential.",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/PatchClientCredentialRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/PatchClientCredentialRequestContent"
}
}
}
},
"responses": {
"201": {
"description": "Credential successfully updated.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/PatchClientCredentialResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: update:client_credentials."
},
"404": {
"description": "Client not found.",
"x-description-1": "Credential does not exist"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "patch_credentials_by_credential_id",
"x-release-lifecycle": "GA",
"x-operation-name": "update",
"x-operation-group": [
"clients",
"credentials"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:client_credentials"
]
}
]
}
},
"/clients/{id}": {
"get": {
"summary": "Get client by ID",
"description": "Retrieve client details by ID. Clients are SSO connections or Applications linked with your Auth0 tenant. A list of fields to include or exclude may also be specified. \nFor more information, read Applications in Auth0 and Single Sign-On.\nclient_id, app_type, name, and description.\n read:clients or\n read:client_keys scopes:\n callbacks, oidc_logout, allowed_origins,\n web_origins, tenant, global, config_route,\n callback_url_template, jwt_configuration,\n jwt_configuration.lifetime_in_seconds, jwt_configuration.secret_encoded,\n jwt_configuration.scopes, jwt_configuration.alg, api_type,\n logo_uri, allowed_clients, owners, custom_login_page,\n custom_login_page_off, sso, addons, form_template,\n custom_login_page_codeview, resource_servers, client_metadata,\n mobile, mobile.android, mobile.ios, allowed_logout_urls,\n token_endpoint_auth_method, is_first_party, oidc_conformant,\n is_token_endpoint_ip_header_trusted, initiate_login_uri, grant_types,\n refresh_token, refresh_token.rotation_type, refresh_token.expiration_type,\n refresh_token.leeway, refresh_token.token_lifetime, refresh_token.policies, organization_usage,\n organization_require_behavior.\n read:client_keys or read:client_credentials scopes:\n encryption_key, encryption_key.pub, encryption_key.cert,\n client_secret, client_authentication_methods and signing_key.\n client_authentication_methods and token_endpoint_auth_method properties are mutually exclusive. Use client_authentication_methods to configure the client with Private Key JWT authentication method. Otherwise, use token_endpoint_auth_method to configure the client with client secret (basic or post) or with no authentication method (none).\n- When using client_authentication_methods to configure the client with Private Key JWT authentication method, only specify the credential IDs that were generated when creating the credentials on the client.\n- To configure client_authentication_methods, the update:client_credentials scope is required.\n- To configure client_authentication_methods, the property jwt_configuration.alg must be set to RS256.\n- To change a client's is_first_party property to false, the organization_usage and organization_require_behavior properties must be unset.\n",
"tags": [
"clients"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the client to update.",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateClientRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/UpdateClientRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "Client successfully updated.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateClientResponseContent"
}
}
}
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause.",
"x-description-1": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: update:clients, update:client_keys.",
"x-description-1": "Some fields cannot be updated with the permissions granted by the bearer token scopes. The message will vary depending on the fields and the scopes.",
"x-description-2": "The account is not allowed to perform this operation.",
"x-description-3": "Organizations are only available to first party clients on user-based flows. Properties organization_usage and organization_require_behavior must be unset for third party clients."
},
"404": {
"description": "Client not found."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "patch_clients_by_id",
"x-release-lifecycle": "GA",
"x-operation-name": "update",
"x-operation-group": "clients",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:clients",
"update:client_keys",
"update:client_credentials",
"update:client_token_vault_privileged_access"
]
}
]
}
},
"/clients/{id}/connections": {
"get": {
"summary": "Get enabled connections for a client",
"description": "Retrieve all connections that are enabled for the specified Application, using checkpoint pagination. A list of fields to include or exclude for each connection may also be specified.\nread:connections scope and any one of read:clients or read:client_summary.\n from parameter. If there are more results, a next value is included in the response. You can use this for subsequent API calls. When next is no longer included in the response, no further results are remaining.\n true if the fields specified are to be included in the result, false otherwise (defaults to true)",
"schema": {
"type": "boolean"
}
}
],
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ListClientConnectionsResponseContent"
}
}
}
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause.",
"x-description-1": "Invalid query string. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected: read:connections and any of: read:clients or read:client_summary."
},
"404": {
"description": "Client does not exist."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_client_connections",
"x-release-lifecycle": "GA",
"x-operation-name": "get",
"x-operation-group": [
"clients",
"connections"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:connections",
"read:clients",
"read:client_summary"
]
}
]
}
},
"/clients/{id}/rotate-secret": {
"post": {
"summary": "Rotate a client secret",
"description": "Rotate a client secret.\n\nThis endpoint cannot be used with clients configured with Private Key JWT authentication method (client_authentication_methods configured with private_key_jwt). The generated secret is NOT base64 encoded.\n\nFor more information, read Rotate Client Secrets.",
"tags": [
"clients"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the client that will rotate secrets.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Secret successfully rotated.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/RotateClientSecretResponseContent"
}
}
}
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause.",
"x-description-1": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: update:client_keys.",
"x-description-1": "Some fields cannot be updated with the permissions granted by the bearer token scopes. The message will vary depending on the fields and the scopes."
},
"404": {
"description": "Client not found."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "post_rotate-secret",
"x-release-lifecycle": "GA",
"x-operation-name": "rotateSecret",
"x-operation-group": "clients",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:client_keys"
]
}
]
}
},
"/connection-profiles": {
"get": {
"summary": "Get Connection Profiles",
"description": "Retrieve a list of Connection Profiles. This endpoint supports Checkpoint pagination.\n",
"tags": [
"connection-profiles"
],
"parameters": [
{
"name": "from",
"in": "query",
"description": "Optional Id from which to start selection.",
"schema": {
"type": "string"
}
},
{
"name": "take",
"in": "query",
"description": "Number of results per page. Defaults to 5.",
"schema": {
"type": "integer",
"minimum": 1,
"maximum": 10
}
}
],
"responses": {
"200": {
"description": "Connection Profiles successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ListConnectionProfilesPaginatedResponseContent"
}
}
}
},
"400": {
"description": "Invalid request query string. The message will vary depending on the cause.",
"x-description-1": "Invalid query string paging options. The message will vary depending on the cause"
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: read:connection_profiles."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_connection-profiles",
"x-operation-name": "list",
"x-operation-request-parameters-name": "ListConnectionProfileRequestParameters",
"x-operation-group": "connectionProfiles",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:connection_profiles"
]
}
]
},
"post": {
"summary": "Create a connection profile",
"description": "Create a Connection Profile.\n",
"tags": [
"connection-profiles"
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateConnectionProfileRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/CreateConnectionProfileRequestContent"
}
}
}
},
"responses": {
"201": {
"description": "Connection profile successfully created.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateConnectionProfileResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: create:connection_profiles."
},
"409": {
"description": "Connection profile conflict."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "post_connection-profiles",
"x-operation-name": "create",
"x-operation-group": "connectionProfiles",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:connection_profiles"
]
}
]
}
},
"/connection-profiles/templates": {
"get": {
"summary": "Get Connection Profile Templates",
"description": "Retrieve a list of Connection Profile Templates.\n",
"tags": [
"connection-profiles"
],
"responses": {
"200": {
"description": "Connection Profile Templates successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ListConnectionProfileTemplateResponseContent"
}
}
}
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: read:connection_profiles."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_connection_profile_templates",
"x-operation-name": "listTemplates",
"x-operation-group": "connectionProfiles",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:connection_profiles"
]
}
]
}
},
"/connection-profiles/templates/{id}": {
"get": {
"summary": "Get Connection Profile Template",
"description": "Retrieve a Connection Profile Template.\n",
"tags": [
"connection-profiles"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the connection-profile-template to retrieve.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Connection Profile Template successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetConnectionProfileTemplateResponseContent"
}
}
}
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: read:connection_profiles."
},
"404": {
"description": "Connection profile template not found."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_connection_profile_template",
"x-operation-name": "getTemplate",
"x-operation-group": "connectionProfiles",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:connection_profiles"
]
}
]
}
},
"/connection-profiles/{id}": {
"get": {
"summary": "Get Connection Profile",
"description": "Retrieve details about a single Connection Profile specified by ID.\n",
"tags": [
"connection-profiles"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the connection-profile to retrieve.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Record for existing connection profile.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetConnectionProfileResponseContent"
}
}
}
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: read:connection-profiles."
},
"404": {
"description": "Connection profile not found."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_connection-profiles_by_id",
"x-operation-name": "get",
"x-operation-group": "connectionProfiles",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:connection_profiles"
]
}
]
},
"delete": {
"summary": "Delete Connection Profile",
"description": "Delete a single Connection Profile specified by ID.\n",
"tags": [
"connection-profiles"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the connection-profile to delete.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"204": {
"description": "Connection profile successfully deleted."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: delete:connection-profiles."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "delete_connection-profiles_by_id",
"x-operation-name": "delete",
"x-operation-group": "connectionProfiles",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"delete:connection_profiles"
]
}
]
},
"patch": {
"summary": "Modify a Connection Profile",
"description": "Update the details of a specific Connection Profile.\n",
"tags": [
"connection-profiles"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the connection profile to update.",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateConnectionProfileRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/UpdateConnectionProfileRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "Connection profile successfully updated.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateConnectionProfileResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: update:connection_profiles."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "patch_connection-profiles_by_id",
"x-operation-name": "update",
"x-operation-group": "connectionProfiles",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:connection_profiles"
]
}
]
}
},
"/connections": {
"get": {
"summary": "Get all connections",
"description": "Retrieves detailed list of all connections that match the specified strategy. If no strategy is provided, all connections within your tenant are retrieved. This action can accept a list of fields to include or exclude from the resulting list of connections. \n\nThis endpoint supports two types of pagination:\nfrom: Optional id from which to start selection.take: The total amount of entries to retrieve when using the from parameter. Defaults to 50.from parameter. If there are more results, a next value is included in the response. You can use this for subsequent API calls. When next is no longer included in the response, no pages are remaining.\n",
"tags": [
"connections"
],
"parameters": [
{
"name": "per_page",
"in": "query",
"description": "The amount of entries per page. Defaults to 100 if not provided",
"schema": {
"type": "integer",
"minimum": 1,
"maximum": 100
}
},
{
"name": "page",
"in": "query",
"description": "The page number. Zero based",
"schema": {
"type": "integer",
"minimum": 0
}
},
{
"name": "include_totals",
"in": "query",
"description": "true if a query summary must be included in the result, false otherwise. Not returned when using checkpoint pagination. Default false.",
"schema": {
"type": "boolean"
}
},
{
"name": "from",
"in": "query",
"description": "Optional Id from which to start selection.",
"schema": {
"type": "string"
}
},
{
"name": "take",
"in": "query",
"description": "Number of results per page. Defaults to 50.",
"schema": {
"type": "integer",
"minimum": 1,
"maximum": 100
}
},
{
"name": "strategy",
"in": "query",
"description": "Provide strategies to only retrieve connections with such strategies",
"style": "form",
"explode": true,
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/ConnectionStrategyEnum"
}
}
},
{
"name": "name",
"in": "query",
"description": "Provide the name of the connection to retrieve",
"schema": {
"type": "string"
}
},
{
"name": "fields",
"in": "query",
"description": "A comma separated list of fields to include or exclude (depending on include_fields) from the result, empty to retrieve all fields",
"schema": {
"type": "string",
"pattern": "^((name)|(display_name)|(strategy)|(options)|(id)|(provisioning_ticket_url)|(metadata)|(show_as_button)|(clients)|(authentication)|(connected_accounts)|(cross_app_access_requesting_app)|(cross_app_access_resource_app)|(enabled_clients))(,((name)|(display_name)|(strategy)|(options)|(id)|(provisioning_ticket_url)|(metadata)|(show_as_button)|(clients)|(authentication)|(connected_accounts)|(cross_app_access_requesting_app)|(cross_app_access_resource_app)|(enabled_clients)))*$"
}
},
{
"name": "include_fields",
"in": "query",
"description": "true if the fields specified are to be included in the result, false otherwise (defaults to true)",
"schema": {
"type": "boolean"
}
}
],
"responses": {
"200": {
"description": "The connections were retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ListConnectionsResponseContent"
}
}
}
},
"400": {
"description": "Invalid request query string. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation"
},
"403": {
"description": "Insufficient scope, expected any of: read:connections"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_connections",
"x-release-lifecycle": "GA",
"x-operation-name": "list",
"x-operation-request-parameters-name": "ListConnectionsQueryParameters",
"x-operation-group": "connections",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:connections"
]
}
]
},
"post": {
"summary": "Create a connection",
"description": "Creates a new connection according to the JSON object received in body.\n\nNote: If a connection with the same name was recently deleted and had a large number of associated users, the deletion may still be processing. Creating a new connection with that name before the deletion completes may fail or produce unexpected results. ",
"tags": [
"connections"
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateConnectionRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/CreateConnectionRequestContent"
}
}
}
},
"responses": {
"201": {
"description": "The connection was created.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateConnectionResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause.",
"x-description-1": "Your account is not allowed to set options.set_user_root_attributes",
"x-description-2": "options.set_user_root_attributes can be set only for enterprise connections, social connections or custom database connections (using external users store)",
"x-description-3": "No phone provider configured for the tenant",
"x-description-4": "Passwordless connection cannot be made as delivery method (sms/text) is not supported by the configured Tenant phone provider",
"x-description-5": "custom_password_hash option cannot be set because the universal password hash feature is not enabled for this tenant",
"x-description-6": "The custom_password_hash option is only available for database connections",
"x-description-7": "The action_id field value cannot be empty, null or undefined",
"x-description-8": "The provided custom password hash action id does not exist",
"x-description-9": "The provided action does not support the password hash migration trigger",
"x-description-10": "The provided action must be deployed to be used for password hash migration"
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation"
},
"403": {
"description": "Insufficient scope, expected any of: create:connections",
"x-description-1": "You reached the limit of entities of this type for this tenant.",
"x-description-2": "You can only create 1 non-Okta enterprise connection(s) for this tenant."
},
"409": {
"description": "A connection with the same name already exists",
"x-description-1": "A connection with the same name is being deleted, try again later",
"x-description-2": "There is already another connection with some realms from \"realms\" parameter",
"x-description-3": "There is already a domain connection enabled for strategy"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "post_connections",
"x-release-lifecycle": "GA",
"x-operation-name": "create",
"x-operation-group": "connections",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:connections"
]
}
]
}
},
"/connections-directory-provisionings": {
"get": {
"summary": "Get a list of directory provisioning configurations",
"description": "Retrieve a list of directory provisioning configurations of a tenant.\n",
"tags": [
"connections-directory-provisionings"
],
"parameters": [
{
"name": "from",
"in": "query",
"description": "Optional Id from which to start selection.",
"schema": {
"type": "string"
}
},
{
"name": "take",
"in": "query",
"description": "Number of results per page. Defaults to 50.",
"schema": {
"type": "integer",
"minimum": 1,
"maximum": 100
}
}
],
"responses": {
"200": {
"description": "The tenant's directory provisioning configuration. See Response Schemas for schema.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ListDirectoryProvisioningsResponseContent"
}
}
}
},
"400": {
"description": "Invalid pagination cursor",
"x-description-1": "Invalid request query string. The message will vary depending on the cause.",
"x-description-2": "Invalid query string paging options. The message will vary depending on the cause"
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "The inbound directory provisioning feature is not enabled for this tenant",
"x-description-1": "Insufficient scope; expected any of: read:directory_provisionings."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_connections-directory-provisionings",
"x-release-lifecycle": "GA",
"x-operation-name": "list",
"x-operation-request-parameters-name": "ListDirectoryProvisioningsRequestParameters",
"x-operation-group": [
"connections",
"directoryProvisioning"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:directory_provisionings"
]
}
]
}
},
"/connections-scim-configurations": {
"get": {
"summary": "Get a list of SCIM configurations",
"description": "Retrieve a list of SCIM configurations of a tenant.\n",
"tags": [
"connections-scim-configurations"
],
"parameters": [
{
"name": "from",
"in": "query",
"description": "Optional Id from which to start selection.",
"schema": {
"type": "string"
}
},
{
"name": "take",
"in": "query",
"description": "Number of results per page. Defaults to 50.",
"schema": {
"type": "integer",
"minimum": 1,
"maximum": 100
}
}
],
"responses": {
"200": {
"description": "The tenant's SCIM configurations. See Response Schema for schema.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ListSCIMConfigurationsResponseContent"
}
}
}
},
"400": {
"description": "Invalid pagination cursor.",
"x-description-1": "Invalid request query string. The message will vary depending on the cause.",
"x-description-2": "Invalid query string paging options. The message will vary depending on the cause"
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: read:scim_config."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_connections-scim-configurations",
"x-release-lifecycle": "GA",
"x-operation-name": "list",
"x-operation-request-parameters-name": "ListSCIMConfigurationsRequestParameters",
"x-operation-group": [
"connections",
"scimConfiguration"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:scim_config"
]
}
]
}
},
"/connections/{id}": {
"get": {
"summary": "Get a connection",
"description": "Retrieve details for a specified connection along with options that can be used for identity provider configuration.",
"tags": [
"connections"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The id of the connection to retrieve",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "fields",
"in": "query",
"description": "A comma separated list of fields to include or exclude (depending on include_fields) from the result, empty to retrieve all fields",
"schema": {
"type": "string",
"pattern": "^((name)|(display_name)|(strategy)|(options)|(id)|(provisioning_ticket_url)|(metadata)|(show_as_button)|(clients)|(authentication)|(connected_accounts)|(cross_app_access_requesting_app)|(cross_app_access_resource_app)|(enabled_clients))(,((name)|(display_name)|(strategy)|(options)|(id)|(provisioning_ticket_url)|(metadata)|(show_as_button)|(clients)|(authentication)|(connected_accounts)|(cross_app_access_requesting_app)|(cross_app_access_resource_app)|(enabled_clients)))*$"
}
},
{
"name": "include_fields",
"in": "query",
"description": "true if the fields specified are to be included in the result, false otherwise (defaults to true)",
"schema": {
"type": "boolean"
}
}
],
"responses": {
"200": {
"description": "The connection was retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetConnectionResponseContent"
}
}
}
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause.",
"x-description-1": "Invalid request query string. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation"
},
"403": {
"description": "Insufficient scope, expected any of: read:connections"
},
"404": {
"description": "The connection does not exist."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_connections_by_id",
"x-release-lifecycle": "GA",
"x-operation-name": "get",
"x-operation-request-parameters-name": "GetConnectionRequestParameters",
"x-operation-group": "connections",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:connections"
]
}
]
},
"delete": {
"summary": "Delete a connection",
"description": "Removes a specific connection from your tenant. This action cannot be undone. Once removed, users can no longer use this connection to authenticate.\n\nNote: If your connection has a large amount of users associated with it, please be aware that this operation can be long running after the response is returned and may impact concurrent create connection requests, if they use an identical connection name. ",
"tags": [
"connections"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The id of the connection to delete",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"202": {
"description": "The connection is being deleted."
},
"204": {
"description": "The connection no longer exists."
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation"
},
"403": {
"description": "Insufficient scope, expected any of: delete:connections"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "delete_connections_by_id",
"x-release-lifecycle": "GA",
"x-operation-name": "delete",
"x-operation-group": "connections",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"delete:connections"
]
}
]
},
"patch": {
"summary": "Update a connection",
"description": "Update details for a specific connection, including option properties for identity provider configuration.\n\nNote: If you use the options parameter, the entire options object is overriden. To avoid partial data or other issues, ensure all parameters are present when using this option.",
"tags": [
"connections"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The id of the connection to update",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateConnectionRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/UpdateConnectionRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "The connection was updated.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateConnectionResponseContent"
}
}
}
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause.",
"x-description-1": "Invalid request body. The message will vary depending on the cause.",
"x-description-2": "This database contains users. You cannot change \"options.enabledDatabaseCustomization\" setting.",
"x-description-3": "Your account is not allowed to set options.set_user_root_attributes",
"x-description-4": "The Azure AD common endpoint cannot be enabled for this connection when SCIM is enabled.",
"x-description-5": "The Google Workspace Users API (options.api_enable_users) cannot be disabled for this connection when inbound directory provisioning is enabled.",
"x-description-6": "The Groups extended attribute (options.ext_groups) cannot be disabled for this connection when inbound directory provisioning for groups is enabled.",
"x-description-7": "options.set_user_root_attributes can be set only for enterprise connections, social connections or custom database connections (using external users store)",
"x-description-8": "custom_password_hash option cannot be set because the universal password hash feature is not enabled for this tenant",
"x-description-9": "The custom_password_hash option is only available for database connections",
"x-description-10": "The action_id field value cannot be empty, null or undefined",
"x-description-11": "The provided custom password hash action id does not exist",
"x-description-12": "The provided action does not support the password hash migration trigger",
"x-description-13": "The provided action must be deployed to be used for password hash migration"
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation"
},
"403": {
"description": "Insufficient scope, expected any of: update:connections"
},
"404": {
"description": "The connection does not exist"
},
"409": {
"description": "The name/client_id tuple has already been used for another connection"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "patch_connections_by_id",
"x-release-lifecycle": "GA",
"x-operation-name": "update",
"x-operation-group": "connections",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:connections"
]
}
]
}
},
"/connections/{id}/clients": {
"get": {
"summary": "Get enabled clients for a connection",
"description": "Retrieve all clients that have the specified connection enabled.\n\nNote: The first time you call this endpoint, omit the from parameter. If there are more results, a next value is included in the response. You can use this for subsequent API calls. When next is no longer included in the response, no further results are remaining.\n",
"tags": [
"connections"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The id of the connection for which enabled clients are to be retrieved",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "take",
"in": "query",
"description": "Number of results per page. Defaults to 50.",
"schema": {
"type": "integer",
"minimum": 1,
"maximum": 1000
}
},
{
"name": "from",
"in": "query",
"description": "Optional Id from which to start selection.",
"schema": {
"type": "string",
"maxLength": 1000
}
}
],
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetConnectionEnabledClientsResponseContent"
}
}
}
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause.",
"x-description-1": "Invalid query string. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation"
},
"403": {
"description": "Insufficient scope, expected any of: read:connections"
},
"404": {
"description": "The connection does not exist"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_connection_clients",
"x-release-lifecycle": "GA",
"x-operation-name": "get",
"x-operation-request-parameters-name": "GetConnectionEnabledClientsRequestParameters",
"x-operation-group": [
"connections",
"clients"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:connections"
]
}
]
},
"patch": {
"summary": "Update enabled clients for a connection",
"tags": [
"connections"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The id of the connection to modify",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateEnabledClientConnectionsRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/UpdateEnabledClientConnectionsRequestContent"
}
}
}
},
"responses": {
"204": {
"description": "Success"
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause.",
"x-description-1": "Invalid request body. The message will vary depending on the cause.",
"x-description-2": "Tenant Phone Provider not set. Connection can not be enable on a client.",
"x-description-3": "Passwordless cannot be enabled for a client, as delivery method (sms/text) is not supported by the configured Tenant phone provider"
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation"
},
"403": {
"description": "Insufficient scope, expected any of: update:connections"
},
"404": {
"description": "The connection does not exist",
"x-description-1": "The client does not exist"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "patch_clients",
"x-release-lifecycle": "GA",
"x-operation-name": "update",
"x-operation-group": [
"connections",
"clients"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:connections"
]
}
]
}
},
"/connections/{id}/directory-provisioning": {
"get": {
"summary": "Get a directory provisioning configuration",
"description": "Retrieve the directory provisioning configuration of a connection.",
"tags": [
"connections"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The id of the connection to retrieve its directory provisioning configuration",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "The connection's directory provisioning configuration. See Response Schemas for schema.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetDirectoryProvisioningResponseContent"
}
}
}
},
"400": {
"description": "Path validation error",
"x-description-1": "The connection strategy does not support inbound directory provisioning"
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "The inbound directory provisioning feature is not enabled for this tenant",
"x-description-1": "Insufficient scope; expected any of: read:directory_provisionings."
},
"404": {
"description": "The connection does not exist",
"x-description-1": "Directory provisioning configuration not found"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_directory-provisioning",
"x-release-lifecycle": "GA",
"x-operation-name": "get",
"x-operation-group": [
"connections",
"directoryProvisioning"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:directory_provisionings"
]
}
]
},
"delete": {
"summary": "Delete a directory provisioning configuration",
"description": "Delete the directory provisioning configuration of a connection.",
"tags": [
"connections"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The id of the connection to delete its directory provisioning configuration",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"204": {
"description": "The connection's directory provisioning configuration has been deleted."
},
"400": {
"description": "Path validation error"
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "The inbound directory provisioning feature is not enabled for this tenant",
"x-description-1": "Insufficient scope; expected any of: delete:directory_provisionings."
},
"404": {
"description": "The connection does not exist"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "delete_directory-provisioning",
"x-release-lifecycle": "GA",
"x-operation-name": "delete",
"x-operation-group": [
"connections",
"directoryProvisioning"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"delete:directory_provisionings"
]
}
]
},
"patch": {
"summary": "Patch a directory provisioning configuration",
"description": "Update the directory provisioning configuration of a connection.\n",
"tags": [
"connections"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The id of the connection to create its directory provisioning configuration",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateDirectoryProvisioningRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/UpdateDirectoryProvisioningRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "The connection's directory provisioning configuration was updated. See Response Schemas for schema.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateDirectoryProvisioningResponseContent"
}
}
}
},
"400": {
"description": "Path validation error",
"x-description-1": "Payload validation error",
"x-description-2": "Invalid mapping provided",
"x-description-3": "The connection strategy does not support inbound directory provisioning",
"x-description-4": "The connection cannot be synchronized because setup is incomplete. Please complete the Google Workspace connection administrator setup and try again.",
"x-description-5": "The Groups extended attribute is not enabled on the connection. Select the Groups extended attribute option and go through the setup again.",
"x-description-6": "The Google Workspace Groups API is not enabled on the connection. Select the Enable Groups API option and go through the setup again."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "The inbound directory provisioning feature is not enabled for this tenant",
"x-description-1": "Group synchronization is not enabled for this tenant",
"x-description-2": "Insufficient scope; expected any of: update:directory_provisionings."
},
"404": {
"description": "The connection does not exist",
"x-description-1": "Directory provisioning configuration not found"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "patch_directory-provisioning",
"x-release-lifecycle": "GA",
"x-operation-name": "update",
"x-operation-group": [
"connections",
"directoryProvisioning"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:directory_provisionings"
]
}
]
},
"post": {
"summary": "Create a directory provisioning configuration",
"description": "Create a directory provisioning configuration for a connection.\n",
"tags": [
"connections"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The id of the connection to create its directory provisioning configuration",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateDirectoryProvisioningRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/CreateDirectoryProvisioningRequestContent"
}
}
}
},
"responses": {
"201": {
"description": "The connection's directory provisioning configuration was created. See Response Schemas for schema.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateDirectoryProvisioningResponseContent"
}
}
}
},
"400": {
"description": "Path validation error",
"x-description-1": "Payload validation error",
"x-description-2": "Invalid mapping provided",
"x-description-3": "The connection strategy does not support inbound directory provisioning",
"x-description-4": "The Google Workspace Users API is not enabled on the connection. Select the Enable Users API option and go through the setup again.",
"x-description-5": "The connection cannot be synchronized because setup is incomplete. Please complete the Google Workspace connection administrator setup and try again.",
"x-description-6": "The Groups extended attribute is not enabled on the connection. Select the Groups extended attribute option and go through the setup again.",
"x-description-7": "The Google Workspace Groups API is not enabled on the connection. Select the Enable Groups API option and go through the setup again."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "The inbound directory provisioning feature is not enabled for this tenant",
"x-description-1": "Group synchronization is not enabled for this tenant",
"x-description-2": "Insufficient scope; expected any of: create:directory_provisionings."
},
"404": {
"description": "The connection does not exist"
},
"409": {
"description": "Directory provisioning is already enabled on the specified connection"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "post_directory-provisioning",
"x-release-lifecycle": "GA",
"x-operation-name": "create",
"x-operation-group": [
"connections",
"directoryProvisioning"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:directory_provisionings"
]
}
]
}
},
"/connections/{id}/directory-provisioning/default-mapping": {
"get": {
"summary": "Get a connection's default directory provisioning attribute mapping",
"description": "Retrieve the directory provisioning default attribute mapping of a connection.\n",
"tags": [
"connections"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The id of the connection to retrieve its directory provisioning configuration",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "The connection's directory provisioning default mapping. See Response Schemas for schema.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetDirectoryProvisioningDefaultMappingResponseContent"
}
}
}
},
"400": {
"description": "Path validation error",
"x-description-1": "The connection strategy does not support inbound directory provisioning"
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "The inbound directory provisioning feature is not enabled for this tenant",
"x-description-1": "Insufficient scope; expected any of: read:directory_provisionings."
},
"404": {
"description": "The connection does not exist",
"x-description-1": "Directory provisioning configuration not found"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_directory_provisioning_default_mapping",
"x-release-lifecycle": "GA",
"x-operation-name": "getDefaultMapping",
"x-operation-group": [
"connections",
"directoryProvisioning"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:directory_provisionings"
]
}
]
}
},
"/connections/{id}/directory-provisioning/synchronizations": {
"post": {
"summary": "Request an on-demand synchronization of the directory",
"description": "Request an on-demand synchronization of the directory.\n",
"tags": [
"connections"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The id of the connection to trigger synchronization for",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"201": {
"description": "The directory synchronization was triggered. See Response Schemas for schema.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateDirectorySynchronizationResponseContent"
}
}
}
},
"400": {
"description": "Path validation error",
"x-description-1": "Connection has been synchronized in the last 30 minutes. Please wait before synchronizing it again.",
"x-description-2": "The connection cannot be synchronized because setup is incomplete. Please complete the Google Workspace connection administrator setup and try again."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: create:directory_provisionings."
},
"404": {
"description": "The connection does not exist",
"x-description-1": "Directory provisioning configuration not found"
},
"409": {
"description": "A synchronization has already been requested or is in progress for the connection"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "post_synchronizations",
"x-release-lifecycle": "GA",
"x-operation-name": "create",
"x-operation-group": [
"connections",
"directoryProvisioning",
"synchronizations"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:directory_provisionings"
]
}
]
}
},
"/connections/{id}/directory-provisioning/synchronized-groups": {
"get": {
"summary": "Get synchronized groups for a directory provisioning configuration",
"description": "Retrieve the configured synchronized groups for a connection directory provisioning configuration.\n",
"tags": [
"connections"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The id of the connection to list synchronized groups for.",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "from",
"in": "query",
"description": "Optional Id from which to start selection.",
"schema": {
"type": "string"
}
},
{
"name": "take",
"in": "query",
"description": "Number of results per page. Defaults to 50.",
"schema": {
"type": "integer",
"minimum": 1,
"maximum": 100
}
}
],
"responses": {
"200": {
"description": "The connection's synchronized groups. See Response Schemas for schema.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ListSynchronizedGroupsResponseContent"
}
}
}
},
"400": {
"description": "Path validation error",
"x-description-1": "The Google Workspace Groups API is not enabled on the connection. Select the Enable Groups API option and go through the setup again.",
"x-description-2": "The connection cannot be synchronized because setup is incomplete. Please complete the Google Workspace connection administrator setup and try again.",
"x-description-3": "The pagination token has expired.",
"x-description-4": "Invalid request query string. The message will vary depending on the cause.",
"x-description-5": "Invalid query string paging options. The message will vary depending on the cause"
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Synchronized groups selection is not enabled for this tenant",
"x-description-1": "Group synchronization is not enabled for this tenant",
"x-description-2": "The inbound directory provisioning feature is not enabled for this tenant",
"x-description-3": "Insufficient scope; expected any of: read:directory_provisionings."
},
"404": {
"description": "The connection does not exist",
"x-description-1": "Connection directory provisioning configuration not found"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_synchronized-groups",
"x-release-lifecycle": "EA",
"x-operation-name": "listSynchronizedGroups",
"x-operation-request-parameters-name": "ListSynchronizedGroupsRequestParameters",
"x-operation-group": [
"connections",
"directoryProvisioning"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:directory_provisionings"
]
}
]
},
"put": {
"summary": "Create or replace synchronized group selections for a directory provisioning configuration",
"description": "Create or replace the selected groups for a connection directory provisioning configuration.\n",
"tags": [
"connections"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The id of the connection to create or replace synchronized groups for",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ReplaceSynchronizedGroupsRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/ReplaceSynchronizedGroupsRequestContent"
}
}
}
},
"responses": {
"204": {
"description": "No Content"
},
"400": {
"description": "Path validation error",
"x-description-1": "Payload validation error",
"x-description-2": "The Google Workspace Groups API is not enabled on the connection. Select the Enable Groups API option and go through the setup again.",
"x-description-3": "The connection cannot be synchronized because setup is incomplete. Please complete the Google Workspace connection administrator setup and try again."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Synchronized groups selection is not enabled for this tenant",
"x-description-1": "Group synchronization is not enabled for this tenant",
"x-description-2": "The inbound directory provisioning feature is not enabled for this tenant",
"x-description-3": "Insufficient scope; expected any of: update:directory_provisionings."
},
"404": {
"description": "The connection does not exist",
"x-description-1": "Connection directory provisioning configuration not found"
},
"409": {
"description": "Conflict"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "put_synchronized-groups",
"x-release-lifecycle": "EA",
"x-operation-name": "set",
"x-operation-group": [
"connections",
"directoryProvisioning"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:directory_provisionings"
]
}
]
}
},
"/connections/{id}/keys": {
"get": {
"summary": "Get connection keys",
"description": "Gets the connection keys for the Okta or OIDC connection strategy.\n",
"tags": [
"connections"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the connection",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Connection keys successfully retrieved.",
"content": {
"application/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/ConnectionKey"
}
}
}
}
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause.",
"x-description-1": "keys are not available for this connection"
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: read:connections_keys."
},
"404": {
"description": "Connection not found."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_keys",
"x-release-lifecycle": "GA",
"x-operation-name": "get",
"x-operation-group": [
"connections",
"keys"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:connections_keys"
]
}
]
},
"post": {
"summary": "Create connection keys",
"description": "Provision initial connection keys for Okta or OIDC connection strategies. This endpoint allows you to create keys before configuring the connection to use Private Key JWT authentication, enabling zero-downtime transitions.\n",
"tags": [
"connections"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the connection",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/PostConnectionKeysRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/PostConnectionKeysRequestContent"
}
}
}
},
"responses": {
"201": {
"description": "Connection keys successfully created.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/PostConnectionsKeysResponseContent"
}
}
}
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause.",
"x-description-1": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: create:connections_keys."
},
"404": {
"description": "Connection not found."
},
"409": {
"description": "Keys have already been created for this connection."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "post_keys",
"x-release-lifecycle": "GA",
"x-operation-name": "create",
"x-operation-group": [
"connections",
"keys"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:connections_keys"
]
}
]
}
},
"/connections/{id}/keys/rotate": {
"post": {
"summary": "Rotate connection keys",
"description": "Rotates the connection keys for the Okta or OIDC connection strategies.\n",
"tags": [
"connections"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the connection",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/RotateConnectionKeysRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/RotateConnectionKeysRequestContent"
}
}
}
},
"responses": {
"201": {
"description": "Connection keys successfully rotated.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/RotateConnectionsKeysResponseContent"
}
}
}
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause.",
"x-description-1": "Key rotation is not supported on this connection",
"x-description-2": "Connection is not configured to use JWT Client Authentication"
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected all of: create:connections_keys, update:connections_keys."
},
"404": {
"description": "Connection not found."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "post_rotate",
"x-release-lifecycle": "GA",
"x-operation-name": "rotate",
"x-operation-group": [
"connections",
"keys"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:connections_keys",
"update:connections_keys"
]
}
]
}
},
"/connections/{id}/scim-configuration": {
"get": {
"summary": "Get a connection's SCIM configuration",
"description": "Retrieves a scim configuration by its connectionId.\n",
"tags": [
"connections"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The id of the connection to retrieve its SCIM configuration",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "The connection's SCIM configuration was retrieved. See Response Schemas for schema.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetScimConfigurationResponseContent"
}
}
}
},
"400": {
"description": "Path validation error"
},
"404": {
"description": "The connection does not exist",
"x-description-1": "Not Found"
}
},
"operationId": "get_scim-configuration",
"x-release-lifecycle": "GA",
"x-operation-name": "get",
"x-operation-group": [
"connections",
"scimConfiguration"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:scim_config"
]
}
]
},
"delete": {
"summary": "Delete a connection's SCIM configuration",
"description": "Deletes a scim configuration by its connectionId.\n",
"tags": [
"connections"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The id of the connection to delete its SCIM configuration",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"204": {
"description": "The connection's SCIM configuration has been deleted."
},
"400": {
"description": "Path validation error"
},
"404": {
"description": "The connection does not exist"
}
},
"operationId": "delete_scim-configuration",
"x-release-lifecycle": "GA",
"x-operation-name": "delete",
"x-operation-group": [
"connections",
"scimConfiguration"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"delete:scim_config"
]
}
]
},
"patch": {
"summary": "Patch a connection's SCIM configuration",
"description": "Update a scim configuration by its connectionId.\n",
"tags": [
"connections"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The id of the connection to update its SCIM configuration",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateScimConfigurationRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/UpdateScimConfigurationRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "The connection's SCIM configuration was updated. See Response Schemas for schema.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateScimConfigurationResponseContent"
}
}
}
},
"400": {
"description": "Invalid mapping provided",
"x-description-1": "Invalid payload",
"x-description-2": "Path validation error"
},
"404": {
"description": "The connection does not exist"
}
},
"operationId": "patch_scim-configuration",
"x-release-lifecycle": "GA",
"x-operation-name": "update",
"x-operation-group": [
"connections",
"scimConfiguration"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:scim_config"
]
}
]
},
"post": {
"summary": "Create a SCIM configuration",
"description": "Create a scim configuration for a connection.\n",
"tags": [
"connections"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The id of the connection to create its SCIM configuration",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateScimConfigurationRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/CreateScimConfigurationRequestContent"
}
}
}
},
"responses": {
"201": {
"description": "The connection's SCIM configuration was created. See Response Schemas for schema.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateScimConfigurationResponseContent"
}
}
}
},
"400": {
"description": "Path validation error",
"x-description-1": "SCIM configuration alreay exists for connection",
"x-description-2": "Invalid mapping provided",
"x-description-3": "Invalid payload",
"x-description-4": "SCIM cannot be enabled for this connection when the Azure AD common endpoint is used."
},
"404": {
"description": "The connection does not exist"
}
},
"operationId": "post_scim-configuration",
"x-release-lifecycle": "GA",
"x-operation-name": "create",
"x-operation-group": [
"connections",
"scimConfiguration"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:scim_config"
]
}
]
}
},
"/connections/{id}/scim-configuration/default-mapping": {
"get": {
"summary": "Get a connection's default SCIM mapping",
"description": "Retrieves a scim configuration's default mapping by its connectionId.\n",
"tags": [
"connections"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The id of the connection to retrieve its default SCIM mapping",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "The connection's default SCIM mapping was retrieved. See Response Schemas for schema.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetScimConfigurationDefaultMappingResponseContent"
}
}
}
},
"400": {
"description": "Path validation error"
},
"404": {
"description": "Not Found",
"x-description-1": "The connection does not exist"
}
},
"operationId": "get_default-mapping",
"x-release-lifecycle": "GA",
"x-operation-name": "getDefaultMapping",
"x-operation-group": [
"connections",
"scimConfiguration"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:scim_config"
]
}
]
}
},
"/connections/{id}/scim-configuration/tokens": {
"get": {
"summary": "Get a connection's SCIM tokens",
"description": "Retrieves all scim tokens by its connection id.\n",
"tags": [
"connections"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The id of the connection to retrieve its SCIM configuration",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "The connection's SCIM tokens were retrieved. See Response Schemas for schema.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetScimTokensResponseContent"
}
}
}
},
"400": {
"description": "Path validation error"
},
"404": {
"description": "The connection does not exist"
}
},
"operationId": "get_scim_tokens",
"x-release-lifecycle": "GA",
"x-operation-name": "get",
"x-operation-group": [
"connections",
"scimConfiguration",
"tokens"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:scim_token"
]
}
]
},
"post": {
"summary": "Create a SCIM Token",
"description": "Create a scim token for a scim client.\n",
"tags": [
"connections"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The id of the connection to create its SCIM token",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateScimTokenRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/CreateScimTokenRequestContent"
}
}
}
},
"responses": {
"201": {
"description": "The connection's SCIM token was created. See Response Schemas for schema.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateScimTokenResponseContent"
}
}
}
},
"400": {
"description": "Path validation error"
},
"404": {
"description": "The connection does not exist"
},
"409": {
"description": "Maximum of 2 tokens already issued for this connection"
}
},
"operationId": "post_scim_token",
"x-release-lifecycle": "GA",
"x-operation-name": "create",
"x-operation-group": [
"connections",
"scimConfiguration",
"tokens"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:scim_token"
]
}
]
}
},
"/connections/{id}/scim-configuration/tokens/{tokenId}": {
"delete": {
"summary": "Delete a connection's SCIM token",
"description": "Deletes a scim token by its connection id and tokenId.\n",
"tags": [
"connections"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The connection id that owns the SCIM token to delete",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "tokenId",
"in": "path",
"description": "The id of the scim token to delete",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"204": {
"description": "The SCIM token has been deleted."
},
"400": {
"description": "Path validation error"
},
"404": {
"description": "The connection does not exist"
}
},
"operationId": "delete_tokens_by_tokenId",
"x-release-lifecycle": "GA",
"x-operation-name": "delete",
"x-operation-group": [
"connections",
"scimConfiguration",
"tokens"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"delete:scim_token"
]
}
]
}
},
"/connections/{id}/status": {
"get": {
"summary": "Check connection status",
"description": "Retrieves the status of an ad/ldap connection referenced by its ID. 200 OK http status code response is returned when the connection is online, otherwise a 404 status code is returned along with an error message",
"tags": [
"connections"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the connection to check",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Connection status successfully retrieved."
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: read:connections."
},
"404": {
"description": "Connection not found.",
"x-description-1": "not connected to any node"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_status",
"x-release-lifecycle": "GA",
"x-operation-name": "checkStatus",
"x-operation-group": "connections",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:connections"
]
}
]
}
},
"/connections/{id}/users": {
"delete": {
"summary": "Delete a connection user",
"description": "Deletes a specified connection user by its email (you cannot delete all users from specific connection). Currently, only Database Connections are supported.\n",
"tags": [
"connections"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The id of the connection (currently only database connections are supported)",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "email",
"in": "query",
"description": "The email of the user to delete",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"204": {
"description": "The user no longer exists."
},
"400": {
"description": "The connection does not exist",
"x-description-1": "Connection must be a database connection",
"x-description-2": "Invalid request URI. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation"
},
"403": {
"description": "Insufficient scope, expected any of: delete:users"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "delete_users_by_email",
"x-release-lifecycle": "GA",
"x-operation-name": "deleteByEmail",
"x-operation-request-parameters-name": "DeleteConnectionUsersByEmailQueryParameters",
"x-operation-group": [
"connections",
"users"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"delete:users"
]
}
]
}
},
"/custom-domains": {
"get": {
"summary": "Get custom domains configurations",
"description": "Retrieve details on custom domains.",
"tags": [
"custom-domains"
],
"parameters": [
{
"name": "take",
"in": "query",
"description": "Number of results per page. Defaults to 50.",
"schema": {
"type": "integer",
"minimum": 1,
"maximum": 100
}
},
{
"name": "from",
"in": "query",
"description": "Optional Id from which to start selection.",
"schema": {
"type": "string",
"maxLength": 1000
}
},
{
"name": "q",
"in": "query",
"description": "Query in Lucene query string syntax.",
"schema": {
"type": "string",
"maxLength": 1000
}
},
{
"name": "fields",
"in": "query",
"description": "Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields.",
"schema": {
"type": "string",
"maxLength": 100
}
},
{
"name": "include_fields",
"in": "query",
"description": "Whether specified fields are to be included (true) or excluded (false).",
"schema": {
"type": "boolean"
}
},
{
"name": "sort",
"in": "query",
"description": "Field to sort by. Only domain:1 (ascending order by domain) is supported at this time.",
"schema": {
"type": "string",
"maxLength": 15,
"pattern": "^domain:1$"
}
}
],
"responses": {
"200": {
"description": "Custom domains successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ListCustomDomainsResponseContent"
}
}
}
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: read:custom_domains.",
"x-description-1": "Some fields cannot be read with the permissions granted by the bearer token scopes. The message will vary depending on the fields and the scopes.",
"x-description-2": "The account is not allowed to perform this operation.",
"x-description-3": "There must be a verified credit card on file to perform this operation"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_custom-domains",
"x-release-lifecycle": "GA",
"x-operation-name": "list",
"x-operation-request-parameters-name": "ListCustomDomainsRequestParameters",
"x-operation-group": "customDomains",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:custom_domains"
]
}
]
},
"post": {
"summary": "Configure a new custom domain",
"description": "Create a new custom domain.\n\nNote: The custom domain will need to be verified before it will accept\nrequests.\n\nOptional attributes that can be updated:\n\n- custom_client_ip_header\n- tls_policy\n\n\nTLS Policies:\n\n- recommended - for modern usage this includes TLS 1.2 only\n",
"tags": [
"custom-domains"
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateCustomDomainRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/CreateCustomDomainRequestContent"
}
}
}
},
"responses": {
"201": {
"description": "Custom domain successfully created (verification is pending).",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateCustomDomainResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause.",
"x-description-1": "The 'tls_policy' cannot be set on self_managed domains",
"x-description-2": "The 'custom_client_ip_header' cannot be set on auth0_managed domains",
"x-description-3": "The 'relying_party_identifier' must be equal to or a registrable domain suffix of the domain."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: create:custom_domains.",
"x-description-1": "The account is not allowed to perform this operation.",
"x-description-2": "There must be a verified credit card on file to perform this operation"
},
"409": {
"description": "Custom domain already exists.",
"x-description-1": "You reached the maximum number of custom domains for your account."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "post_custom-domains",
"x-release-lifecycle": "GA",
"x-operation-name": "create",
"x-operation-group": "customDomains",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:custom_domains"
]
}
]
}
},
"/custom-domains/default": {
"get": {
"summary": "Get the default domain",
"description": "Retrieve the tenant's default domain.\n",
"tags": [
"custom-domains"
],
"responses": {
"200": {
"description": "Default domain successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetDefaultDomainResponseContent"
}
}
}
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: read:custom_domains.",
"x-description-1": "The account is not allowed to perform this operation."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_default",
"x-release-lifecycle": "GA",
"x-operation-name": "getDefault",
"x-operation-group": "customDomains",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:custom_domains"
]
}
]
},
"patch": {
"summary": "Update the default custom domain for the tenant",
"description": "Set the default custom domain for the tenant.\n",
"tags": [
"custom-domains"
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SetDefaultCustomDomainRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/SetDefaultCustomDomainRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "Default custom domain set successfully.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateDefaultDomainResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"403": {
"description": "Insufficient scope; expected update:custom_domains.",
"x-description-1": "The account is not allowed to perform this operation."
}
},
"operationId": "patch_default",
"x-release-lifecycle": "GA",
"x-operation-name": "setDefault",
"x-operation-group": "customDomains",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:custom_domains"
]
}
]
}
},
"/custom-domains/{id}": {
"get": {
"summary": "Get custom domain configuration",
"description": "Retrieve a custom domain configuration and status.",
"tags": [
"custom-domains"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the custom domain to retrieve.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Custom domain successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetCustomDomainResponseContent"
}
}
}
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: read:custom_domains.",
"x-description-1": "Some fields cannot be read with the permissions granted by the bearer token scopes. The message will vary depending on the fields and the scopes.",
"x-description-2": "The account is not allowed to perform this operation.",
"x-description-3": "There must be a verified credit card on file to perform this operation"
},
"404": {
"description": "Custom domain not found."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_custom-domains_by_id",
"x-release-lifecycle": "GA",
"x-operation-name": "get",
"x-operation-group": "customDomains",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:custom_domains"
]
}
]
},
"delete": {
"summary": "Delete custom domain configuration",
"description": "Delete a custom domain and stop serving requests for it.",
"tags": [
"custom-domains"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the custom domain to delete.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"204": {
"description": "Custom domain successfully deleted."
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: delete:custom_domains.",
"x-description-1": "The account is not allowed to perform this operation.",
"x-description-2": "There must be a verified credit card on file to perform this operation."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "delete_custom-domains_by_id",
"x-release-lifecycle": "GA",
"x-operation-name": "delete",
"x-operation-group": "customDomains",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"delete:custom_domains"
]
}
]
},
"patch": {
"summary": "Update custom domain configuration",
"description": "Update a custom domain.\n\nThese are the attributes that can be updated:\n\n- custom_client_ip_header\n- tls_policy\n\ncustom_client_ip_header for a domain, the body to\nsend should be:\n{ \"custom_client_ip_header\": \"cf-connecting-ip\" }tls_policy for a domain, the body to send should be:\n{ \"tls_policy\": \"recommended\" }compatible TLS policy is no longer supported.\n",
"tags": [
"custom-domains"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The id of the custom domain to update",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateCustomDomainRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/UpdateCustomDomainRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "Custom domain updated.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateCustomDomainResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause.",
"x-description-1": "The 'tls_policy' cannot be set on self_managed domains",
"x-description-2": "The 'custom_client_ip_header' cannot be set on auth0_managed domains",
"x-description-3": "The 'relying_party_identifier' must be equal to or a registrable domain suffix of the domain."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected: update:custom_domains.",
"x-description-1": "Your account is not allowed to perform this operation.",
"x-description-2": "There must be a verified credit card on file to perform this operation"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "patch_custom-domains_by_id",
"x-release-lifecycle": "GA",
"x-operation-name": "update",
"x-operation-group": "customDomains",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:custom_domains"
]
}
]
}
},
"/custom-domains/{id}/test": {
"post": {
"summary": "Test a custom domain",
"description": "Run the test process on a custom domain.",
"tags": [
"custom-domains"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the custom domain to test.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Custom domain test successfully completed.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/TestCustomDomainResponseContent"
}
}
}
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: read:custom_domains.",
"x-description-1": "The account is not allowed to perform this operation.",
"x-description-2": "There must be a verified credit card on file to perform this operation"
},
"404": {
"description": "Custom domain not found."
},
"409": {
"description": "The custom domain is not ready."
}
},
"operationId": "post_test_domain",
"x-release-lifecycle": "GA",
"x-operation-name": "test",
"x-operation-group": "customDomains",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:custom_domains"
]
}
]
}
},
"/custom-domains/{id}/verify": {
"post": {
"summary": "Verify a custom domain",
"description": "Run the verification process on a custom domain.\n\nNote: Check the status field to see its verification status. Once verification is complete, it may take up to 10 minutes before the custom domain can start accepting requests.\n\nFor self_managed_certs, when the custom domain is verified for the first time, the response will also include the cname_api_key which you will need to configure your proxy. This key must be kept secret, and is used to validate the proxy requests.\n\nLearn more about verifying custom domains that use Auth0 Managed certificates.\nLearn more about verifying custom domains that use Self Managed certificates.\n",
"tags": [
"custom-domains"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the custom domain to verify.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Custom domain successfully verified.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/VerifyCustomDomainResponseContent"
}
}
},
"x-description-1": "Custom domain failed verification."
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause.",
"x-description-1": "Custom domain already verified."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: create:custom_domains.",
"x-description-1": "The account is not allowed to perform this operation.",
"x-description-2": "There must be a verified credit card on file to perform this operation"
},
"404": {
"description": "Custom domain not found."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "post_verify",
"x-release-lifecycle": "GA",
"x-operation-name": "verify",
"x-operation-group": "customDomains",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:custom_domains"
]
}
]
}
},
"/device-credentials": {
"get": {
"summary": "Retrieve device credentials",
"description": "Retrieve device credential information (public_key, refresh_token, or rotating_refresh_token) associated with a specific user.\n",
"tags": [
"device-credentials"
],
"parameters": [
{
"name": "page",
"in": "query",
"description": "Page index of the results to return. First page is 0.",
"schema": {
"type": "integer",
"minimum": 0
}
},
{
"name": "per_page",
"in": "query",
"description": "Number of results per page. There is a maximum of 1000 results allowed from this endpoint.",
"schema": {
"type": "integer",
"minimum": 1,
"maximum": 100
}
},
{
"name": "include_totals",
"in": "query",
"description": "Return results inside an object that contains the total result count (true) or as a direct array of results (false, default).",
"schema": {
"type": "boolean"
}
},
{
"name": "fields",
"in": "query",
"description": "Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields.",
"schema": {
"type": "string",
"pattern": "^((device_name)|(id)|(device_id)|(type)|(user_id)|(client_id))(,((device_name)|(id)|(device_id)|(type)|(user_id)|(client_id)))*$"
}
},
{
"name": "include_fields",
"in": "query",
"description": "Whether specified fields are to be included (true) or excluded (false).",
"schema": {
"type": "boolean"
}
},
{
"name": "user_id",
"in": "query",
"description": "user_id of the devices to retrieve.",
"schema": {
"type": "string"
}
},
{
"name": "client_id",
"in": "query",
"description": "client_id of the devices to retrieve.",
"schema": {
"type": "string"
}
},
{
"name": "type",
"in": "query",
"description": "Type of credentials to retrieve. Must be `public_key`, `refresh_token` or `rotating_refresh_token`. The property will default to `refresh_token` when paging is requested",
"schema": {
"$ref": "#/components/schemas/DeviceCredentialTypeEnum"
}
}
],
"responses": {
"200": {
"description": "Device credentials successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ListDeviceCredentialsResponseContent"
}
}
}
},
"400": {
"description": "Invalid request query string. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation.",
"x-description-3": "Username is malformed, try with '{connection}\\{email_or_username}'",
"x-description-4": "Bad username or password."
},
"403": {
"description": "User to be acted on does not match subject in bearer token.",
"x-description-1": "Insufficient scope, expected any of: read:device_credentials",
"x-description-2": "Cannot retrieve device credentials for that user.",
"x-description-3": "Cannot retrieve device credentials for that client.",
"x-description-4": "Must provide client_id parameter."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_device-credentials",
"x-release-lifecycle": "GA",
"x-operation-name": "list",
"x-operation-request-parameters-name": "ListDeviceCredentialsRequestParameters",
"x-operation-group": "deviceCredentials",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:device_credentials"
]
}
]
},
"post": {
"summary": "Create a device public key credential",
"description": "Create a device credential public key to manage refresh token rotation for a given user_id. Device Credentials APIs are designed for ad-hoc administrative use only and paging is by default enabled for GET requests.\n\nWhen refresh token rotation is enabled, the endpoint becomes consistent. For more information, read Signing Keys.\n",
"tags": [
"device-credentials"
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreatePublicKeyDeviceCredentialRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/CreatePublicKeyDeviceCredentialRequestContent"
}
}
}
},
"responses": {
"201": {
"description": "Device credentials successfully created.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreatePublicKeyDeviceCredentialResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Username is malformed, try with \"{connection}\\{email_or_username}\".",
"x-description-3": "Bad username or password."
},
"403": {
"description": "Cannot create device credentials for that user.",
"x-description-1": "Cannot create device credentials for that client.",
"x-description-2": "Insufficient scope; expected any of: create:current_user_device_credentials."
},
"409": {
"description": "A public key already exists for the device."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "post_device-credentials",
"x-release-lifecycle": "GA",
"x-operation-name": "createPublicKey",
"x-operation-group": "deviceCredentials",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:current_user_device_credentials"
]
}
]
}
},
"/device-credentials/{id}": {
"delete": {
"summary": "Delete a device credential",
"description": "Permanently delete a device credential (such as a refresh token or public key) with the given ID.",
"tags": [
"device-credentials"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the credential to delete.",
"required": true,
"schema": {
"type": "string",
"pattern": "^dcr_[A-Za-z0-9]{16}$"
}
}
],
"responses": {
"204": {
"description": "Device credentials successfully deleted."
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation.",
"x-description-3": "Username is malformed, try with \"{connection}\\{email_or_username}\".",
"x-description-4": "Bad username or password."
},
"403": {
"description": "Insufficient scope; expected any of: delete:device_credentials, update:current_user, delete:current_user_device_credentials."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "delete_device-credentials_by_id",
"x-release-lifecycle": "GA",
"x-operation-name": "delete",
"x-operation-group": "deviceCredentials",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"delete:device_credentials",
"delete:current_user_device_credentials"
]
}
]
}
},
"/email-templates": {
"post": {
"summary": "Create an email template",
"description": "Create an email template.",
"tags": [
"email-templates"
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateEmailTemplateRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/CreateEmailTemplateRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "Template successfully created.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateEmailTemplateResponseContent"
}
}
}
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause.",
"x-description-1": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected: create:email_templates."
},
"409": {
"description": "Template (templateName) already exists."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "post_email-templates",
"x-release-lifecycle": "GA",
"x-operation-name": "create",
"x-operation-group": "emailTemplates",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:email_templates"
]
}
]
}
},
"/email-templates/{templateName}": {
"get": {
"summary": "Get an email template",
"description": "Retrieve an email template by pre-defined name. These names are `verify_email`, `verify_email_by_code`, `reset_email`, `reset_email_by_code`, `welcome_email`, `blocked_account`, `stolen_credentials`, `enrollment_email`, `mfa_oob_code`, `user_invitation`, and `async_approval`. The names `change_password`, and `password_reset` are also supported for legacy scenarios.",
"tags": [
"email-templates"
],
"parameters": [
{
"name": "templateName",
"in": "path",
"description": "Template name. Can be `verify_email`, `verify_email_by_code`, `reset_email`, `reset_email_by_code`, `welcome_email`, `blocked_account`, `stolen_credentials`, `enrollment_email`, `mfa_oob_code`, `user_invitation`, `async_approval`, `change_password` (legacy), or `password_reset` (legacy).",
"required": true,
"schema": {
"$ref": "#/components/schemas/EmailTemplateNameEnum"
}
}
],
"responses": {
"200": {
"description": "Template successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetEmailTemplateResponseContent"
}
}
}
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected: read:email_templates."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_email-templates_by_templateName",
"x-release-lifecycle": "GA",
"x-operation-name": "get",
"x-operation-group": "emailTemplates",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:email_templates"
]
}
]
},
"patch": {
"summary": "Patch an email template",
"description": "Modify an email template.",
"tags": [
"email-templates"
],
"parameters": [
{
"name": "templateName",
"in": "path",
"description": "Template name. Can be `verify_email`, `verify_email_by_code`, `reset_email`, `reset_email_by_code`, `welcome_email`, `blocked_account`, `stolen_credentials`, `enrollment_email`, `mfa_oob_code`, `user_invitation`, `async_approval`, `change_password` (legacy), or `password_reset` (legacy).",
"required": true,
"schema": {
"$ref": "#/components/schemas/EmailTemplateNameEnum"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateEmailTemplateRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/UpdateEmailTemplateRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "Template successfully updated.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateEmailTemplateResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected: update:email_templates."
},
"404": {
"description": "Template not found and cannot be updated."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "patch_email-templates_by_templateName",
"x-release-lifecycle": "GA",
"x-operation-name": "update",
"x-operation-group": "emailTemplates",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:email_templates"
]
}
]
},
"put": {
"summary": "Update an email template",
"description": "Update an email template.",
"tags": [
"email-templates"
],
"parameters": [
{
"name": "templateName",
"in": "path",
"description": "Template name. Can be `verify_email`, `verify_email_by_code`, `reset_email`, `reset_email_by_code`, `welcome_email`, `blocked_account`, `stolen_credentials`, `enrollment_email`, `mfa_oob_code`, `user_invitation`, `async_approval`, `change_password` (legacy), or `password_reset` (legacy).",
"required": true,
"schema": {
"$ref": "#/components/schemas/EmailTemplateNameEnum"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SetEmailTemplateRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/SetEmailTemplateRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "Template successfully updated.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SetEmailTemplateResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected: update:email_templates."
},
"404": {
"description": "Template not found."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "put_email-templates_by_templateName",
"x-release-lifecycle": "GA",
"x-operation-name": "set",
"x-operation-group": "emailTemplates",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:email_templates"
]
}
]
}
},
"/emails/provider": {
"get": {
"summary": "Get email provider",
"description": "Retrieve details of the email provider configuration in your tenant. A list of fields to include or exclude may also be specified.\n",
"tags": [
"emails"
],
"parameters": [
{
"name": "fields",
"in": "query",
"description": "Comma-separated list of fields to include or exclude (dependent upon include_fields) from the result. Leave empty to retrieve `name` and `enabled`. Additional fields available include `credentials`, `default_from_address`, and `settings`.",
"schema": {
"type": "string",
"pattern": "^((name)|(enabled)|(credentials)|(settings)|(default_from_address))(,((name)|(enabled)|(credentials)|(settings)|(default_from_address)))*$"
}
},
{
"name": "include_fields",
"in": "query",
"description": "Whether specified fields are to be included (true) or excluded (false).",
"schema": {
"type": "boolean"
}
}
],
"responses": {
"200": {
"description": "Email provider successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetEmailProviderResponseContent"
}
}
}
},
"400": {
"description": "Invalid request query string. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: read:email_provider."
},
"404": {
"description": "Email provider has not been configured."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_provider",
"x-release-lifecycle": "GA",
"x-operation-name": "get",
"x-operation-request-parameters-name": "GetEmailProviderRequestParameters",
"x-operation-group": [
"emails",
"provider"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:email_provider"
]
}
]
},
"delete": {
"summary": "Delete email provider",
"description": "Delete the email provider.\n",
"tags": [
"emails"
],
"responses": {
"204": {
"description": "The email provider has been deleted."
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation"
},
"403": {
"description": "Insufficient scope, expected any of: delete:email_provider"
},
"404": {
"description": "Email provider does not exist."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "delete_provider",
"x-release-lifecycle": "GA",
"x-operation-name": "delete",
"x-operation-group": [
"emails",
"provider"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"delete:email_provider"
]
}
]
},
"patch": {
"summary": "Update email provider",
"description": "Update an email provider. The credentials object\nrequires different properties depending on the email provider (which is specified using the name property):\nmandrill requires api_keysendgrid requires api_keysparkpost requires api_key. Optionally, set region to eu to use\n the SparkPost service hosted in Western Europe; set to null to use the SparkPost service hosted in\n North America. eu or null are the only valid values for region.\n mailgun requires api_key and domain. Optionally, set region to\n eu to use the Mailgun service hosted in Europe; set to null otherwise. eu or\n null are the only valid values for region.\n ses requires accessKeyId, secretAccessKey, and regionsmtp requires smtp_host, smtp_port, smtp_user, and\n smtp_pass\n settings object with different configuration\noptions, which will be used when sending an email:\nsmtp provider, settings may contain headers object.\n X-SES-Configuration-Set header. Value must be a string.\n X-MSYS_API header. Value must be an object.\n ses provider, settings may contain message object, where you can provide\n a name of configuration set in configuration_set_name property. Value must be a string.\n credentials object\nrequires different properties depending on the email provider (which is specified using the name property):\nmandrill requires api_keysendgrid requires api_keysparkpost requires api_key. Optionally, set region to eu to use\n the SparkPost service hosted in Western Europe; set to null to use the SparkPost service hosted in\n North America. eu or null are the only valid values for region.\n mailgun requires api_key and domain. Optionally, set region to\n eu to use the Mailgun service hosted in Europe; set to null otherwise. eu or\n null are the only valid values for region.\n ses requires accessKeyId, secretAccessKey, and regionsmtp requires smtp_host, smtp_port, smtp_user, and\n smtp_pass\n settings object with different configuration\noptions, which will be used when sending an email:\nsmtp provider, settings may contain headers object.\n X-SES-Configuration-Set header. Value must be a string.\n X-MSYS_API header. Value must be an object.\n ses provider, settings may contain message object, where you can provide\n a name of configuration set in configuration_set_name property. Value must be a string.\n all-applications policy prompts with MFA for all logins.confidence-score policy prompts with MFA only for low confidence logins.confidence-score policy is part of the Adaptive MFA feature. Adaptive MFA requires an add-on for the Enterprise plan; review Auth0 Pricing for more details.\n",
"tags": [
"guardian"
],
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ListGuardianPoliciesResponseContent"
}
}
}
},
"400": {
"description": "Invalid input based on schemas"
},
"401": {
"description": "Token has expired or signature is invalid"
},
"403": {
"description": "Insufficient scope"
}
},
"operationId": "get_policies",
"x-release-lifecycle": "GA",
"x-operation-name": "list",
"x-operation-group": [
"guardian",
"policies"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:mfa_policies"
]
}
]
},
"put": {
"summary": "Update multi-factor authentication policies",
"description": "Set multi-factor authentication (MFA) policies for your tenant.\n\nThe following policies are supported:\nall-applications policy prompts with MFA for all logins.confidence-score policy prompts with MFA only for low confidence logins.confidence-score policy is part of the Adaptive MFA feature. Adaptive MFA requires an add-on for the Enterprise plan; review Auth0 Pricing for more details.\n",
"tags": [
"guardian"
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SetGuardianPoliciesRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/SetGuardianPoliciesRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "Policies updated",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SetGuardianPoliciesResponseContent"
}
}
}
},
"400": {
"description": "Invalid input based on schemas"
},
"401": {
"description": "Token has expired or signature is invalid"
},
"403": {
"description": "Insufficient scope"
}
},
"operationId": "put_policies",
"x-release-lifecycle": "GA",
"x-operation-name": "set",
"x-operation-group": [
"guardian",
"policies"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:mfa_policies"
]
}
]
}
},
"/hooks": {
"get": {
"summary": "Get hooks",
"description": "Retrieve all hooks. Accepts a list of fields to include or exclude in the result.\n",
"tags": [
"hooks"
],
"parameters": [
{
"name": "page",
"in": "query",
"description": "Page index of the results to return. First page is 0.",
"schema": {
"type": "integer",
"minimum": 0
}
},
{
"name": "per_page",
"in": "query",
"description": "Number of results per page.",
"schema": {
"type": "integer",
"minimum": 0,
"maximum": 100
}
},
{
"name": "include_totals",
"in": "query",
"description": "Return results inside an object that contains the total result count (true) or as a direct array of results (false, default).",
"schema": {
"type": "boolean"
}
},
{
"name": "enabled",
"in": "query",
"description": "Optional filter on whether a hook is enabled (true) or disabled (false).",
"schema": {
"type": "boolean"
}
},
{
"name": "fields",
"in": "query",
"description": "Comma-separated list of fields to include in the result. Leave empty to retrieve all fields.",
"schema": {
"type": "string",
"pattern": "^((id)|(name)|(script)|(dependencies)|(enabled)|(triggerId))(,((id)|(name)|(script)|(dependencies)|(enabled)|(triggerId)))*$"
}
},
{
"name": "triggerId",
"in": "query",
"description": "Retrieves hooks that match the trigger",
"schema": {
"$ref": "#/components/schemas/HookTriggerIdEnum"
}
}
],
"responses": {
"200": {
"description": "Hooks successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ListHooksResponseContent"
}
}
}
},
"400": {
"description": "Invalid request query string. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: read:hooks."
},
"404": {
"description": "Hook not found."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_hooks",
"x-release-lifecycle": "GA",
"x-operation-name": "list",
"x-operation-request-parameters-name": "ListHooksRequestParameters",
"x-operation-group": "hooks",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:hooks"
]
}
]
},
"post": {
"summary": "Create a hook",
"description": "Create a new hook.\n",
"tags": [
"hooks"
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateHookRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/CreateHookRequestContent"
}
}
}
},
"responses": {
"201": {
"description": "Hook successfully created.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateHookResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: create:hooks.",
"x-description-1": "This endpoint is disabled for your tenant."
},
"409": {
"description": "Hook with the same name already exists."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "post_hooks",
"x-release-lifecycle": "GA",
"x-operation-name": "create",
"x-operation-group": "hooks",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:hooks"
]
}
]
}
},
"/hooks/{id}": {
"get": {
"summary": "Get a hook",
"description": "Retrieve a hook by its ID. Accepts a list of fields to include in the result.\n",
"tags": [
"hooks"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the hook to retrieve.",
"required": true,
"schema": {
"type": "string",
"pattern": "^[A-Za-z0-9-]*$"
}
},
{
"name": "fields",
"in": "query",
"description": "Comma-separated list of fields to include in the result. Leave empty to retrieve all fields.",
"schema": {
"type": "string",
"pattern": "^((id)|(name)|(script)|(dependencies)|(enabled)|(triggerId))(,((id)|(name)|(script)|(dependencies)|(enabled)|(triggerId)))*$"
}
}
],
"responses": {
"200": {
"description": "Hook successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetHookResponseContent"
}
}
}
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause.",
"x-description-1": "Invalid request query string. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: read:hooks."
},
"404": {
"description": "Hook not found."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_hooks_by_id",
"x-release-lifecycle": "GA",
"x-operation-name": "get",
"x-operation-request-parameters-name": "GetHookRequestParameters",
"x-operation-group": "hooks",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:hooks"
]
}
]
},
"delete": {
"summary": "Delete a hook",
"description": "Delete a hook.\n",
"tags": [
"hooks"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the hook to delete.",
"required": true,
"schema": {
"type": "string",
"pattern": "^[A-Za-z0-9-]*$"
}
}
],
"responses": {
"204": {
"description": "Hook successfully deleted."
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: delete:hooks."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "delete_hooks_by_id",
"x-release-lifecycle": "GA",
"x-operation-name": "delete",
"x-operation-group": "hooks",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"delete:hooks"
]
}
]
},
"patch": {
"summary": "Update a hook",
"description": "Update an existing hook.\n",
"tags": [
"hooks"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the hook to update.",
"required": true,
"schema": {
"type": "string",
"pattern": "^[A-Za-z0-9-]*$"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateHookRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/UpdateHookRequestContent"
}
}
}
},
"responses": {
"201": {
"description": "Hook successfully created.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateHookResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: create:hooks.",
"x-description-1": "This endpoint is disabled for your tenant."
},
"404": {
"description": "The hook does not exist"
},
"409": {
"description": "A hook with the same name already exists."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "patch_hooks_by_id",
"x-release-lifecycle": "GA",
"x-operation-name": "update",
"x-operation-group": "hooks",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:hooks"
]
}
]
}
},
"/hooks/{id}/secrets": {
"get": {
"summary": "Get hook secrets",
"description": "Retrieve a hook's secrets by the ID of the hook. \n",
"tags": [
"hooks"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the hook to retrieve secrets from.",
"required": true,
"schema": {
"type": "string",
"pattern": "^[A-Za-z0-9-]*$"
}
}
],
"responses": {
"200": {
"description": "Hook secrets successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetHookSecretResponseContent"
}
}
}
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause.",
"x-description-1": "Invalid request query string. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: read:hooks."
},
"404": {
"description": "Hook not found."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_secrets",
"x-release-lifecycle": "GA",
"x-operation-name": "get",
"x-operation-group": [
"hooks",
"secrets"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:hooks"
]
}
]
},
"delete": {
"summary": "Delete hook secrets",
"description": "Delete one or more existing secrets for a given hook. Accepts an array of secret names to delete. ",
"tags": [
"hooks"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the hook whose secrets to delete.",
"required": true,
"schema": {
"type": "string",
"pattern": "^[A-Za-z0-9-]*$"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/DeleteHookSecretRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/DeleteHookSecretRequestContent"
}
}
}
},
"responses": {
"204": {
"description": "Hook secrets successfully deleted."
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: delete:hooks."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "delete_secrets",
"x-release-lifecycle": "GA",
"x-operation-name": "delete",
"x-operation-group": [
"hooks",
"secrets"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"delete:hooks"
]
}
]
},
"patch": {
"summary": "Update hook secrets",
"description": "Update one or more existing secrets for an existing hook. Accepts an object of key-value pairs, where the key is the name of the existing secret. \n",
"tags": [
"hooks"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the hook whose secrets to update.",
"required": true,
"schema": {
"type": "string",
"pattern": "^[A-Za-z0-9-]*$"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateHookSecretRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/UpdateHookSecretRequestContent"
}
}
}
},
"responses": {
"201": {
"description": "Hook secrets successfully updated."
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: create:hooks.",
"x-description-1": "This endpoint is disabled for your tenant."
},
"404": {
"description": "Hook or secret not found."
},
"409": {
"description": "Secret with the same name already exists."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "patch_secrets",
"x-release-lifecycle": "GA",
"x-operation-name": "update",
"x-operation-group": [
"hooks",
"secrets"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:hooks"
]
}
]
},
"post": {
"summary": "Add hook secrets",
"description": "Add one or more secrets to an existing hook. Accepts an object of key-value pairs, where the key is the name of the secret. A hook can have a maximum of 20 secrets. \n",
"tags": [
"hooks"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The id of the hook to retrieve",
"required": true,
"schema": {
"type": "string",
"pattern": "^[A-Za-z0-9-]*$"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateHookSecretRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/CreateHookSecretRequestContent"
}
}
}
},
"responses": {
"201": {
"description": "Hook secrets successfully added."
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: create:hooks.",
"x-description-1": "This endpoint is disabled for your tenant."
},
"409": {
"description": "Secret with the same name already exists."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "post_secrets",
"x-release-lifecycle": "GA",
"x-operation-name": "create",
"x-operation-group": [
"hooks",
"secrets"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:hooks"
]
}
]
}
},
"/jobs/users-exports": {
"post": {
"summary": "Create export users job",
"description": "Export all users to a file via a long-running job.",
"tags": [
"jobs"
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateExportUsersRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/CreateExportUsersRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "Job created successfully.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateExportUsersResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause.",
"x-description-1": "The connection does not exist."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: read:users."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "post_users-exports",
"x-release-lifecycle": "GA",
"x-operation-name": "create",
"x-operation-group": [
"jobs",
"usersExports"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:users"
]
}
]
}
},
"/jobs/users-imports": {
"post": {
"summary": "Create import users job",
"description": "Import users from a formatted file into a connection via a long-running job. When importing users, with or without upsert, the `email_verified` is set to `false` when the email address is added or updated. Users must verify their email address. To avoid this behavior, set `email_verified` to `true` in the imported data.",
"tags": [
"jobs"
],
"requestBody": {
"content": {
"multipart/form-data": {
"schema": {
"$ref": "#/components/schemas/CreateImportUsersRequestContent"
}
}
}
},
"responses": {
"202": {
"description": "Job successfully created.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateImportUsersResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause.",
"x-description-1": "Must provide 'users' file as multipart part.",
"x-description-2": "Payload validation error: 'Invalid multipart payload format'.",
"x-description-3": "Users file must not be empty.",
"x-description-4": "Must provide 'connection_id' as multipart part.",
"x-description-5": "Connection must be a database connection.",
"x-description-6": "Connection must be enabled.",
"x-description-7": "Payload validation error: 'String does not match pattern ^con_[A-Za-z0-9]{16}$' on property connection_id.",
"x-description-8": "The connection does not exist.",
"x-description-9": "Custom Database Connections without import mode are not allowed."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: create:users."
},
"413": {
"description": "Payload content length greater than maximum allowed: 512000."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
},
"500": {
"description": "Internal error."
}
},
"operationId": "post_users-imports",
"x-release-lifecycle": "GA",
"x-operation-name": "create",
"x-operation-group": [
"jobs",
"usersImports"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:users"
]
}
]
}
},
"/jobs/verification-email": {
"post": {
"summary": "Send an email address verification email",
"description": "Send an email to the specified user that asks them to click a link to verify their email address.\n\nNote: You must have the `Status` toggle enabled for the verification email template for the email to be sent.",
"tags": [
"jobs"
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateVerificationEmailRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/CreateVerificationEmailRequestContent"
}
}
}
},
"responses": {
"201": {
"description": "Job successfully created.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateVerificationEmailResponseContent"
}
}
}
},
"400": {
"description": "Invalid request parameters. The message will vary depending on the cause.",
"x-description-1": "Connection must be a database connection.",
"x-description-2": "User does not have an email address.",
"x-description-3": "connection does not exist.",
"x-description-4": "Connection must be enabled.",
"x-description-5": "Identity connection does not exist.",
"x-description-6": "The user exists, but does not contain the given identity.",
"x-description-7": "The organization does not exist"
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: update:users."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "post_verification-email",
"x-release-lifecycle": "GA",
"x-operation-name": "create",
"x-operation-group": [
"jobs",
"verificationEmail"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:users"
]
}
]
}
},
"/jobs/{id}": {
"get": {
"summary": "Get a job",
"description": "Retrieves a job. Useful to check its status.",
"tags": [
"jobs"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the job.",
"required": true,
"schema": {
"type": "string",
"pattern": "^job_[A-Za-z0-9]{16}$"
}
}
],
"responses": {
"200": {
"description": "Job retrieved successfully.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetJobResponseContent"
}
}
}
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: create:users."
},
"404": {
"description": "Job not found."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_jobs_by_id",
"x-release-lifecycle": "GA",
"x-operation-name": "get",
"x-operation-group": "jobs",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:users",
"read:users"
]
}
]
}
},
"/jobs/{id}/errors": {
"get": {
"summary": "Get job error details",
"description": "Retrieve error details of a failed job.",
"tags": [
"jobs"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the job.",
"required": true,
"schema": {
"type": "string",
"pattern": "^job_[A-Za-z0-9]{16}$"
}
}
],
"responses": {
"200": {
"description": "Job successfully retrieved.",
"content": {
"application/json": {
"schema": {
"oneOf": [
{
"type": "array",
"items": {
"$ref": "#/components/schemas/GetJobErrorResponseContent"
}
},
{
"$ref": "#/components/schemas/GetJobGenericErrorResponseContent"
}
]
}
}
}
},
"204": {
"description": "The job was retrieved, but no errors were found.",
"content": {
"application/json": {
"schema": {
"oneOf": [
{
"type": "array",
"items": {
"$ref": "#/components/schemas/GetJobErrorResponseContent"
}
},
{
"$ref": "#/components/schemas/GetJobGenericErrorResponseContent"
}
]
}
}
}
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation"
},
"403": {
"description": "Insufficient scope, expected any of: create:users"
},
"404": {
"description": "The job does not exist"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_errors",
"x-release-lifecycle": "GA",
"x-operation-name": "get",
"x-operation-group": [
"jobs",
"errors"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:users",
"read:users"
]
}
]
}
},
"/keys/custom-signing": {
"get": {
"summary": "Get custom signing keys",
"description": "Get entire jwks representation of custom signing keys.",
"tags": [
"keys"
],
"responses": {
"200": {
"description": "Custom signing keys were successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetCustomSigningKeysResponseContent"
}
}
}
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: read:custom_signing_keys."
},
"404": {
"description": "No custom signing keys found for this tenant. Upload custom signing keys first."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_custom_signing_keys",
"x-release-lifecycle": "GA",
"x-operation-name": "get",
"x-operation-group": [
"keys",
"customSigning"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:custom_signing_keys"
]
}
]
},
"delete": {
"summary": "Delete custom signing keys",
"description": "Delete entire jwks representation of custom signing keys.",
"tags": [
"keys"
],
"responses": {
"204": {
"description": "Custom signing keys were successfully deleted."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: delete:custom_signing_keys."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "delete_custom_signing_keys",
"x-release-lifecycle": "GA",
"x-operation-name": "delete",
"x-operation-group": [
"keys",
"customSigning"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"delete:custom_signing_keys"
]
}
]
},
"put": {
"summary": "Create or replace custom signing keys",
"description": "Create or replace entire jwks representation of custom signing keys.",
"tags": [
"keys"
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SetCustomSigningKeysRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/SetCustomSigningKeysRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "Custom signing keys were successfully created or replaced.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SetCustomSigningKeysResponseContent"
}
}
}
},
"400": {
"description": "Payload validation error."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope, expected all of: create:custom_signing_keys,update:custom_signing_keys."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "put_custom_signing_keys",
"x-release-lifecycle": "GA",
"x-operation-name": "set",
"x-operation-group": [
"keys",
"customSigning"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:custom_signing_keys",
"update:custom_signing_keys"
]
}
]
}
},
"/keys/encryption": {
"get": {
"summary": "Get all encryption keys",
"description": "Retrieve details of all the encryption keys associated with your tenant.",
"tags": [
"keys"
],
"parameters": [
{
"name": "page",
"in": "query",
"description": "Page index of the results to return. First page is 0.",
"schema": {
"type": "integer",
"minimum": 0
}
},
{
"name": "per_page",
"in": "query",
"description": "Number of results per page. Default value is 50, maximum value is 100.",
"schema": {
"type": "integer",
"minimum": 1,
"maximum": 100
}
},
{
"name": "include_totals",
"in": "query",
"description": "Return results inside an object that contains the total result count (true) or as a direct array of results (false, default).",
"schema": {
"type": "boolean"
}
}
],
"responses": {
"200": {
"description": "The keys were successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ListEncryptionKeysResponseContent"
}
}
}
},
"400": {
"description": "Invalid request query string. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: read:encryption_keys."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_encryption_keys",
"x-release-lifecycle": "GA",
"x-operation-name": "list",
"x-operation-request-parameters-name": "ListEncryptionKeysRequestParameters",
"x-operation-group": [
"keys",
"encryption"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:encryption_keys"
]
}
]
},
"post": {
"summary": "Create the new encryption key",
"description": "Create the new, pre-activated encryption key, without the key material.",
"tags": [
"keys"
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateEncryptionKeyRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/CreateEncryptionKeyRequestContent"
}
}
}
},
"responses": {
"201": {
"description": "The key was successfully created.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateEncryptionKeyResponseContent"
}
}
}
},
"400": {
"description": "Request body is invalid. Unsupported key \"type\" provided."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: create:encryption_keys."
},
"409": {
"description": "Encryption key has already been created."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "post_encryption",
"x-release-lifecycle": "GA",
"x-operation-name": "create",
"x-operation-group": [
"keys",
"encryption"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:encryption_keys"
]
}
]
}
},
"/keys/encryption/rekey": {
"post": {
"summary": "Rekey the key hierarchy",
"description": "Perform rekeying operation on the key hierarchy.",
"tags": [
"keys"
],
"responses": {
"204": {
"description": "The key hierarchy was successfully rekeyed."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected all of: create:encryption_keys update:encryption_keys."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "post_encryption_rekey",
"x-release-lifecycle": "GA",
"x-operation-name": "rekey",
"x-operation-group": [
"keys",
"encryption"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:encryption_keys",
"update:encryption_keys"
]
}
]
}
},
"/keys/encryption/{kid}": {
"get": {
"summary": "Get the encryption key by its key id",
"description": "Retrieve details of the encryption key with the given ID.",
"tags": [
"keys"
],
"parameters": [
{
"name": "kid",
"in": "path",
"description": "Encryption key ID",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "The key was successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetEncryptionKeyResponseContent"
}
}
}
},
"400": {
"description": "Invalid UUID format in uri.",
"x-description-1": "Invalid key id or unsupported key type."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: read:encryption_keys."
},
"404": {
"description": "The key does not exist."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_encryption_key",
"x-release-lifecycle": "GA",
"x-operation-name": "get",
"x-operation-group": [
"keys",
"encryption"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:encryption_keys"
]
}
]
},
"delete": {
"summary": "Delete the encryption key by its key id",
"description": "Delete the custom provided encryption key with the given ID and move back to using native encryption key.",
"tags": [
"keys"
],
"parameters": [
{
"name": "kid",
"in": "path",
"description": "Encryption key ID",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"204": {
"description": "The key was successfully deleted."
},
"400": {
"description": "Invalid UUID format in uri.",
"x-description-1": "Invalid key id or unsupported key type."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: delete:encryption_keys."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "delete_encryption_key",
"x-release-lifecycle": "GA",
"x-operation-name": "delete",
"x-operation-group": [
"keys",
"encryption"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"delete:encryption_keys"
]
}
]
},
"post": {
"summary": "Import the encryption key",
"description": "Import wrapped key material and activate encryption key.",
"tags": [
"keys"
],
"parameters": [
{
"name": "kid",
"in": "path",
"description": "Encryption key ID",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ImportEncryptionKeyRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/ImportEncryptionKeyRequestContent"
}
}
}
},
"responses": {
"201": {
"description": "The key was successfully imported.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ImportEncryptionKeyResponseContent"
}
}
}
},
"400": {
"description": "The key ID was not found.",
"x-description-1": "Invalid UUID format in uri.",
"x-description-2": "Invalid input. Wrapped key material is invalid or unsupported key type."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: update:encryption_keys."
},
"409": {
"description": "Failed precondition. Key import not in progress or unable to find the wrapping key. Make sure you have followed all the steps to import a key."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "post_encryption_key",
"x-release-lifecycle": "GA",
"x-operation-name": "import",
"x-operation-group": [
"keys",
"encryption"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:encryption_keys"
]
}
]
}
},
"/keys/encryption/{kid}/wrapping-key": {
"post": {
"summary": "Create the public wrapping key",
"description": "Create the public wrapping key to wrap your own encryption key material.",
"tags": [
"keys"
],
"parameters": [
{
"name": "kid",
"in": "path",
"description": "Encryption key ID",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"201": {
"description": "The public wrapping key was successfully created.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateEncryptionKeyPublicWrappingResponseContent"
}
}
}
},
"400": {
"description": "Invalid UUID format in uri.",
"x-description-1": "Invalid key id or unsupported key type."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: create:encryption_keys."
},
"409": {
"description": "Failed precondition. Create new encryption key without the key material first."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "post_encryption_wrapping_key",
"x-release-lifecycle": "GA",
"x-operation-name": "createPublicWrappingKey",
"x-operation-group": [
"keys",
"encryption"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:encryption_keys"
]
}
]
}
},
"/keys/signing": {
"get": {
"summary": "Get all Application Signing Keys",
"description": "Retrieve details of all the application signing keys associated with your tenant.",
"tags": [
"keys"
],
"responses": {
"200": {
"description": "The signing keys were retrieved.",
"content": {
"application/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/SigningKeys"
}
}
}
}
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause.",
"x-description-1": "Invalid request query string. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation"
},
"403": {
"description": "Insufficient scope, expected any of: read:signing_keys"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_signing_keys",
"x-release-lifecycle": "GA",
"x-operation-name": "list",
"x-operation-group": [
"keys",
"signing"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:signing_keys"
]
}
]
}
},
"/keys/signing/rotate": {
"post": {
"summary": "Rotate the Application Signing Key",
"description": "Rotate the application signing key of your tenant.",
"tags": [
"keys"
],
"responses": {
"201": {
"description": "Signing key rotated successfully.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/RotateSigningKeysResponseContent"
}
}
}
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected create:signing_keys and update:signing_keys."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "post_signing_keys",
"x-release-lifecycle": "GA",
"x-operation-name": "rotate",
"x-operation-group": [
"keys",
"signing"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:signing_keys",
"update:signing_keys"
]
}
]
}
},
"/keys/signing/{kid}": {
"get": {
"summary": "Get an Application Signing Key by its key id",
"description": "Retrieve details of the application signing key with the given ID.",
"tags": [
"keys"
],
"parameters": [
{
"name": "kid",
"in": "path",
"description": "Key id of the key to retrieve",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "The signing keys were retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetSigningKeysResponseContent"
}
}
}
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause.",
"x-description-1": "Invalid request query string. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation"
},
"403": {
"description": "Insufficient scope, expected any of: read:signing_keys"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_signing_key",
"x-release-lifecycle": "GA",
"x-operation-name": "get",
"x-operation-group": [
"keys",
"signing"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:signing_keys"
]
}
]
}
},
"/keys/signing/{kid}/revoke": {
"put": {
"summary": "Revoke an Application Signing Key by its key id",
"description": "Revoke the application signing key with the given ID.",
"tags": [
"keys"
],
"parameters": [
{
"name": "kid",
"in": "path",
"description": "Key id of the key to revoke",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Signing key revoked successfully.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/RevokedSigningKeysResponseContent"
}
}
}
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: update:signing_keys."
},
"404": {
"description": "Signing key not found."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "put_signing_keys",
"x-release-lifecycle": "GA",
"x-operation-name": "revoke",
"x-operation-group": [
"keys",
"signing"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:signing_keys"
]
}
]
}
},
"/log-streams": {
"get": {
"summary": "Get log streams",
"description": "Retrieve details on [log streams](https://auth0.com/docs/logs/streams).\n\n**Sample Response**\n\n```json\n[{\n \"id\": \"string\",\n \"name\": \"string\",\n \"type\": \"eventbridge\",\n \"status\": \"active|paused|suspended\",\n \"sink\": {\n \"awsAccountId\": \"string\",\n \"awsRegion\": \"string\",\n \"awsPartnerEventSource\": \"string\"\n }\n}, {\n \"id\": \"string\",\n \"name\": \"string\",\n \"type\": \"http\",\n \"status\": \"active|paused|suspended\",\n \"sink\": {\n \"httpContentFormat\": \"JSONLINES|JSONARRAY\",\n \"httpContentType\": \"string\",\n \"httpEndpoint\": \"string\",\n \"httpAuthorization\": \"string\"\n }\n},\n{\n \"id\": \"string\",\n \"name\": \"string\",\n \"type\": \"eventgrid\",\n \"status\": \"active|paused|suspended\",\n \"sink\": {\n \"azureSubscriptionId\": \"string\",\n \"azureResourceGroup\": \"string\",\n \"azureRegion\": \"string\",\n \"azurePartnerTopic\": \"string\"\n }\n},\n{\n \"id\": \"string\",\n \"name\": \"string\",\n \"type\": \"splunk\",\n \"status\": \"active|paused|suspended\",\n \"sink\": {\n \"splunkDomain\": \"string\",\n \"splunkToken\": \"string\",\n \"splunkPort\": \"string\",\n \"splunkSecure\": \"boolean\"\n }\n},\n{\n \"id\": \"string\",\n \"name\": \"string\",\n \"type\": \"sumo\",\n \"status\": \"active|paused|suspended\",\n \"sink\": {\n \"sumoSourceAddress\": \"string\"\n }\n},\n{\n \"id\": \"string\",\n \"name\": \"string\",\n \"type\": \"datadog\",\n \"status\": \"active|paused|suspended\",\n \"sink\": {\n \"datadogRegion\": \"string\",\n \"datadogApiKey\": \"string\"\n }\n}]\n```\n",
"tags": [
"log-streams"
],
"responses": {
"200": {
"description": "Returning log streams",
"content": {
"application/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/LogStreamResponseSchema"
}
}
}
}
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: read:log_streams.",
"x-description-1": "The account is not allowed to perform this operation."
},
"404": {
"description": "The log stream does not exist."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_log-streams",
"x-release-lifecycle": "GA",
"x-operation-name": "list",
"x-operation-group": "logStreams",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:log_streams"
]
}
]
},
"post": {
"summary": "Create a log stream",
"description": "Create a log stream.\n\n**Log Stream Types**\n\nThe `type` of log stream being created determines the properties required in the `sink` payload.\n\n**HTTP Stream**\n\nFor an `http` Stream, the `sink` properties are listed in the payload below.\n\n**Request:**\n```json\n{\n \"name\": \"string\",\n \"type\": \"http\",\n \"sink\": {\n \"httpEndpoint\": \"string\",\n \"httpContentType\": \"string\",\n \"httpContentFormat\": \"JSONLINES|JSONARRAY\",\n \"httpAuthorization\": \"string\"\n }\n}\n```\n\n**Response:**\n```json\n{\n \"id\": \"string\",\n \"name\": \"string\",\n \"type\": \"http\",\n \"status\": \"active\",\n \"sink\": {\n \"httpEndpoint\": \"string\",\n \"httpContentType\": \"string\",\n \"httpContentFormat\": \"JSONLINES|JSONARRAY\",\n \"httpAuthorization\": \"string\"\n }\n}\n```\n\n**Amazon EventBridge Stream**\n\nFor an `eventbridge` Stream, the `sink` properties are listed in the payload below.\n\n**Request:**\n```json\n{\n \"name\": \"string\",\n \"type\": \"eventbridge\",\n \"sink\": {\n \"awsRegion\": \"string\",\n \"awsAccountId\": \"string\"\n }\n}\n```\n\nThe response will include an additional field `awsPartnerEventSource` in the `sink`:\n\n**Response:**\n```json\n{\n \"id\": \"string\",\n \"name\": \"string\",\n \"type\": \"eventbridge\",\n \"status\": \"active\",\n \"sink\": {\n \"awsAccountId\": \"string\",\n \"awsRegion\": \"string\",\n \"awsPartnerEventSource\": \"string\"\n }\n}\n```\n\n**Azure Event Grid Stream**\n\nFor an `Azure Event Grid` Stream, the `sink` properties are listed in the payload below.\n\n**Request:**\n```json\n{\n \"name\": \"string\",\n \"type\": \"eventgrid\",\n \"sink\": {\n \"azureSubscriptionId\": \"string\",\n \"azureResourceGroup\": \"string\",\n \"azureRegion\": \"string\"\n }\n}\n```\n\n**Response:**\n```json\n{\n \"id\": \"string\",\n \"name\": \"string\",\n \"type\": \"http\",\n \"status\": \"active\",\n \"sink\": {\n \"azureSubscriptionId\": \"string\",\n \"azureResourceGroup\": \"string\",\n \"azureRegion\": \"string\",\n \"azurePartnerTopic\": \"string\"\n }\n}\n```\n\n**Datadog Stream**\n\nFor a `Datadog` Stream, the `sink` properties are listed in the payload below.\n\n**Request:**\n```json\n{\n \"name\": \"string\",\n \"type\": \"datadog\",\n \"sink\": {\n \"datadogRegion\": \"string\",\n \"datadogApiKey\": \"string\"\n }\n}\n```\n\n**Response:**\n```json\n{\n \"id\": \"string\",\n \"name\": \"string\",\n \"type\": \"datadog\",\n \"status\": \"active\",\n \"sink\": {\n \"datadogRegion\": \"string\",\n \"datadogApiKey\": \"string\"\n }\n}\n```\n\n**Splunk Stream**\n\nFor a `Splunk` Stream, the `sink` properties are listed in the payload below.\n\n**Request:**\n```json\n{\n \"name\": \"string\",\n \"type\": \"splunk\",\n \"sink\": {\n \"splunkDomain\": \"string\",\n \"splunkToken\": \"string\",\n \"splunkPort\": \"string\",\n \"splunkSecure\": \"boolean\"\n }\n}\n```\n\n**Response:**\n```json\n{\n \"id\": \"string\",\n \"name\": \"string\",\n \"type\": \"splunk\",\n \"status\": \"active\",\n \"sink\": {\n \"splunkDomain\": \"string\",\n \"splunkToken\": \"string\",\n \"splunkPort\": \"string\",\n \"splunkSecure\": \"boolean\"\n }\n}\n```\n\n**Sumo Logic Stream**\n\nFor a `Sumo Logic` Stream, the `sink` properties are listed in the payload below.\n\n**Request:**\n```json\n{\n \"name\": \"string\",\n \"type\": \"sumo\",\n \"sink\": {\n \"sumoSourceAddress\": \"string\"\n }\n}\n```\n\n**Response:**\n```json\n{\n \"id\": \"string\",\n \"name\": \"string\",\n \"type\": \"sumo\",\n \"status\": \"active\",\n \"sink\": {\n \"sumoSourceAddress\": \"string\"\n }\n}\n```\n",
"tags": [
"log-streams"
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateLogStreamRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/CreateLogStreamRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "Log stream created",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateLogStreamResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: create:log_streams.",
"x-description-1": "The account is not allowed to perform this operation."
},
"409": {
"description": "You have reached the maximum number of log streams for your account."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "post_log-streams",
"x-release-lifecycle": "GA",
"x-operation-name": "create",
"x-operation-group": "logStreams",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:log_streams"
]
}
]
}
},
"/log-streams/{id}": {
"get": {
"summary": "Get log stream by ID",
"description": "Retrieve a log stream configuration and status.\n\n**Sample responses**\n\n**Amazon EventBridge Log Stream**\n\n```json\n{\n \"id\": \"string\",\n \"name\": \"string\",\n \"type\": \"eventbridge\",\n \"status\": \"active|paused|suspended\",\n \"sink\": {\n \"awsAccountId\": \"string\",\n \"awsRegion\": \"string\",\n \"awsPartnerEventSource\": \"string\"\n }\n}\n```\n\n**HTTP Log Stream**\n\n```json\n{\n \"id\": \"string\",\n \"name\": \"string\",\n \"type\": \"http\",\n \"status\": \"active|paused|suspended\",\n \"sink\": {\n \"httpContentFormat\": \"JSONLINES|JSONARRAY\",\n \"httpContentType\": \"string\",\n \"httpEndpoint\": \"string\",\n \"httpAuthorization\": \"string\"\n }\n}\n```\n\n**Datadog Log Stream**\n\n```json\n{\n \"id\": \"string\",\n \"name\": \"string\",\n \"type\": \"datadog\",\n \"status\": \"active|paused|suspended\",\n \"sink\": {\n \"datadogRegion\": \"string\",\n \"datadogApiKey\": \"string\"\n }\n}\n```\n\n**Mixpanel**\n\n**Request:**\n\n```json\n{\n \"name\": \"string\",\n \"type\": \"mixpanel\",\n \"sink\": {\n \"mixpanelRegion\": \"string\",\n \"mixpanelProjectId\": \"string\",\n \"mixpanelServiceAccountUsername\": \"string\",\n \"mixpanelServiceAccountPassword\": \"string\"\n }\n}\n```\n\n**Response:**\n\n```json\n{\n \"id\": \"string\",\n \"name\": \"string\",\n \"type\": \"mixpanel\",\n \"status\": \"active\",\n \"sink\": {\n \"mixpanelRegion\": \"string\",\n \"mixpanelProjectId\": \"string\",\n \"mixpanelServiceAccountUsername\": \"string\",\n \"mixpanelServiceAccountPassword\": \"string\"\n }\n}\n```\n\n**Segment**\n\n**Request:**\n\n```json\n{\n \"name\": \"string\",\n \"type\": \"segment\",\n \"sink\": {\n \"segmentWriteKey\": \"string\"\n }\n}\n```\n\n**Response:**\n\n```json\n{\n \"id\": \"string\",\n \"name\": \"string\",\n \"type\": \"segment\",\n \"status\": \"active\",\n \"sink\": {\n \"segmentWriteKey\": \"string\"\n }\n}\n```\n\n**Splunk Log Stream**\n\n```json\n{\n \"id\": \"string\",\n \"name\": \"string\",\n \"type\": \"splunk\",\n \"status\": \"active|paused|suspended\",\n \"sink\": {\n \"splunkDomain\": \"string\",\n \"splunkToken\": \"string\",\n \"splunkPort\": \"string\",\n \"splunkSecure\": \"boolean\"\n }\n}\n```\n\n**Sumo Logic Log Stream**\n\n```json\n{\n \"id\": \"string\",\n \"name\": \"string\",\n \"type\": \"sumo\",\n \"status\": \"active|paused|suspended\",\n \"sink\": {\n \"sumoSourceAddress\": \"string\"\n }\n}\n```\n\n**Status**\n\nThe `status` of a log stream maybe any of the following:\n\n1. `active` - Stream is currently enabled.\n2. `paused` - Stream is currently user disabled and will not attempt log delivery.\n3. `suspended` - Stream is currently disabled because of errors and will not attempt log delivery.\n",
"tags": [
"log-streams"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The id of the log stream to get",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Returning log stream.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetLogStreamResponseContent"
}
}
}
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: read:log_streams.",
"x-description-1": "The account is not allowed to perform this operation."
},
"404": {
"description": "The log stream does not exist."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_log-streams_by_id",
"x-release-lifecycle": "GA",
"x-operation-name": "get",
"x-operation-group": "logStreams",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:log_streams"
]
}
]
},
"delete": {
"summary": "Delete log stream",
"description": "Delete a log stream.\n",
"tags": [
"log-streams"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The id of the log stream to delete",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"204": {
"description": "The log stream was deleted."
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope, expected: delete:log_streams."
},
"404": {
"description": "The log stream does not exist."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "delete_log-streams_by_id",
"x-release-lifecycle": "GA",
"x-operation-name": "delete",
"x-operation-group": "logStreams",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"delete:log_streams"
]
}
]
},
"patch": {
"summary": "Update a log stream",
"description": "Update a log stream.\n\n**Examples of how to use the PATCH endpoint.**\n\nThe following fields may be updated in a PATCH operation:\n\n- name\n- status\n- sink\n\nNote: For log streams of type `eventbridge` and `eventgrid`, updating the `sink` is not permitted.\n\n**Update the status of a log stream**\n\n```json\n{\n \"status\": \"active|paused\"\n}\n```\n\n**Update the name of a log stream**\n\n```json\n{\n \"name\": \"string\"\n}\n```\n\n**Update the sink properties of a stream of type `http`**\n\n```json\n{\n \"sink\": {\n \"httpEndpoint\": \"string\",\n \"httpContentType\": \"string\",\n \"httpContentFormat\": \"JSONARRAY|JSONLINES\",\n \"httpAuthorization\": \"string\"\n }\n}\n```\n\n**Update the sink properties of a stream of type `datadog`**\n\n```json\n{\n \"sink\": {\n \"datadogRegion\": \"string\",\n \"datadogApiKey\": \"string\"\n }\n}\n```\n\n**Update the sink properties of a stream of type `splunk`**\n\n```json\n{\n \"sink\": {\n \"splunkDomain\": \"string\",\n \"splunkToken\": \"string\",\n \"splunkPort\": \"string\",\n \"splunkSecure\": \"boolean\"\n }\n}\n```\n\n**Update the sink properties of a stream of type `sumo`**\n\n```json\n{\n \"sink\": {\n \"sumoSourceAddress\": \"string\"\n }\n}\n```\n",
"tags": [
"log-streams"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The id of the log stream to get",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateLogStreamRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/UpdateLogStreamRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "Log stream updated",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateLogStreamResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: update:log_streams.",
"x-description-1": "The account is not allowed to perform this operation."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "patch_log-streams_by_id",
"x-release-lifecycle": "GA",
"x-operation-name": "update",
"x-operation-group": "logStreams",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:log_streams"
]
}
]
}
},
"/logs": {
"get": {
"summary": "Search log events",
"description": "Retrieve log entries that match the specified search criteria (or all log entries if no criteria specified).\n\nSet custom search criteria using the q parameter, or search from a specific log ID (\"search from checkpoint\").\n\nFor more information on all possible event types, their respective acronyms, and descriptions, see Log Event Type Codes.\n\nfields and sort, see Searchable Fields.\n\nAuth0 limits the number of logs you can return by search criteria to 100 logs per request. Furthermore, you may paginate only through 1,000 search results. If you exceed this threshold, please redefine your search or use the get logs by checkpoint method.\n\ntake parameter. If you use from at the same time as q, from takes precedence and q is ignored.from parameter.from and take will be ignored, and date ordering is not guaranteed.\n",
"tags": [
"logs"
],
"parameters": [
{
"name": "page",
"in": "query",
"description": "Page index of the results to return. First page is 0.",
"schema": {
"type": "integer",
"minimum": 0
}
},
{
"name": "per_page",
"in": "query",
"description": " Number of results per page. Paging is disabled if parameter not sent. Default: 50. Max value: 100",
"schema": {
"type": "integer",
"minimum": 0,
"maximum": 100
}
},
{
"name": "sort",
"in": "query",
"description": "Field to use for sorting appended with :1 for ascending and :-1 for descending. e.g. date:-1",
"schema": {
"type": "string",
"pattern": "^((date)|(connection)|(client_id)|(client_name)|(ip)|(user_id)|(user_name)|(description)|(user_agent)|(type)|(details)|(strategy)|(strategy_type))\\:(1|-1)$"
}
},
{
"name": "fields",
"in": "query",
"description": "Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields.",
"schema": {
"type": "string",
"pattern": "^((date)|(connection)|(client_id)|(client_name)|(ip)|(user_id)|(user_name)|(description)|(user_agent)|(type)|(details)|(strategy)|(strategy_type))(,((date)|(connection)|(client_id)|(client_name)|(ip)|(user_id)|(user_name)|(description)|(user_agent)|(type)|(details)|(strategy)|(strategy_type)))*$"
}
},
{
"name": "include_fields",
"in": "query",
"description": "Whether specified fields are to be included (true) or excluded (false)",
"schema": {
"type": "boolean"
}
},
{
"name": "include_totals",
"in": "query",
"description": "Return results as an array when false (default). Return results inside an object that also contains a total result count when true.",
"schema": {
"type": "boolean"
}
},
{
"name": "from",
"in": "query",
"description": "Log Event Id from which to start selection from.",
"schema": {
"type": "string"
}
},
{
"name": "take",
"in": "query",
"description": "Number of entries to retrieve when using the from parameter. Default 50, max 100",
"schema": {
"type": "integer"
}
},
{
"name": "search",
"in": "query",
"description": "Retrieves logs that match the specified search criteria. This parameter can be combined with all the others in the /api/logs endpoint but is specified separately for clarity.\nIf no fields are provided a case insensitive 'starts with' search is performed on all of the following fields: client_name, connection, user_name. Otherwise, you can specify multiple fields and specify the search using the %field%:%search%, for example: application:node user:\"John@contoso.com\".\nValues specified without quotes are matched using a case insensitive 'starts with' search. If quotes are used a case insensitve exact search is used. If multiple fields are used, the AND operator is used to join the clauses.",
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Logs successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ListLogResponseContent"
}
}
}
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: read:logs, read:logs_users."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_logs",
"x-release-lifecycle": "GA",
"x-operation-name": "list",
"x-operation-request-parameters-name": "ListLogsRequestParameters",
"x-operation-group": "logs",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:logs",
"read:logs_users"
]
}
]
}
},
"/logs/{id}": {
"get": {
"summary": "Get a log event by id",
"description": "Retrieve an individual log event.",
"tags": [
"logs"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "log_id of the log to retrieve.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Log successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetLogResponseContent"
}
}
}
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: read:logs, read:logs_users."
},
"404": {
"description": "Log not found."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_logs_by_id",
"x-release-lifecycle": "GA",
"x-operation-name": "get",
"x-operation-group": "logs",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:logs",
"read:logs_users"
]
}
]
}
},
"/network-acls": {
"get": {
"summary": "Get all access control list entries for a tenant",
"description": "Get all access control list entries for your client.",
"tags": [
"network-acls"
],
"parameters": [
{
"name": "page",
"in": "query",
"description": "Use this field to request a specific page of the list results.",
"schema": {
"type": "integer",
"minimum": 0
}
},
{
"name": "per_page",
"in": "query",
"description": "The amount of results per page.",
"schema": {
"type": "integer",
"minimum": 0,
"maximum": 100
}
},
{
"name": "include_totals",
"in": "query",
"description": "Return results inside an object that contains the total result count (true) or as a direct array of results (false, default).",
"schema": {
"type": "boolean"
}
}
],
"responses": {
"200": {
"description": "Network access control list successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ListNetworkAclsResponseContent"
}
}
}
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: read:network_acls."
},
"404": {
"description": "Network access control list not found."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_network-acls",
"x-release-lifecycle": "GA",
"x-operation-name": "list",
"x-operation-request-parameters-name": "ListNetworkAclsRequestParameters",
"x-operation-group": "networkAcls",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:network_acls"
]
}
]
},
"post": {
"summary": "Create Access Control List",
"description": "Create a new access control list for your client.",
"tags": [
"network-acls"
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateNetworkAclRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/CreateNetworkAclRequestContent"
}
}
}
},
"responses": {
"201": {
"description": "Network ACL successfully created."
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Entitlement is not enabled for this tenant. Please upgrade your subscription to enable Tenant ACL Management.",
"x-description-1": "Tenant ACL Management is not enabled for this tenant.",
"x-description-0": "Insufficient scope; expected any of: create:network_acls."
},
"409": {
"description": "A Network ACL with this priority number has already been created."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
},
"500": {
"description": "There was an error retrieving Networks ACLs subscription settings."
}
},
"operationId": "post_network-acls",
"x-release-lifecycle": "GA",
"x-operation-name": "create",
"x-operation-group": "networkAcls",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:network_acls"
]
}
]
}
},
"/network-acls/{id}": {
"get": {
"summary": "Get a specific access control list entry for a tenant",
"description": "Get a specific access control list entry for your client.",
"tags": [
"network-acls"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The id of the access control list to retrieve.",
"required": true,
"schema": {
"type": "string",
"maxLength": 36
}
}
],
"responses": {
"200": {
"description": "Network access control list successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetNetworkAclsResponseContent"
}
}
}
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: read:network_acls."
},
"404": {
"description": "Network access control list not found."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_network-acls_by_id",
"x-release-lifecycle": "GA",
"x-operation-name": "get",
"x-operation-group": "networkAcls",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:network_acls"
]
}
]
},
"delete": {
"summary": "Delete Access Control List",
"description": "Delete existing access control list for your client.",
"tags": [
"network-acls"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The id of the ACL to delete",
"required": true,
"schema": {
"type": "string",
"maxLength": 36
}
}
],
"responses": {
"204": {
"description": "Network ACL successfully deleted"
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Tenant ACL Management is not enabled for this tenant.",
"x-description-1": "Insufficient scope; expected any of: delete:network_acls."
},
"404": {
"description": "This ACL does not exist"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "delete_network-acls_by_id",
"x-release-lifecycle": "GA",
"x-operation-name": "delete",
"x-operation-group": "networkAcls",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"delete:network_acls"
]
}
]
},
"patch": {
"summary": "Partial Update for an Access Control List",
"description": "Update existing access control list for your client.",
"tags": [
"network-acls"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The id of the ACL to update.",
"required": true,
"schema": {
"type": "string",
"maxLength": 36
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateNetworkAclRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/UpdateNetworkAclRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "Network ACL properties successfully updated",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateNetworkAclResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: update:network_acls."
},
"404": {
"description": "Network ACL not found and cannot be updated"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "patch_network-acls_by_id",
"x-release-lifecycle": "GA",
"x-operation-name": "update",
"x-operation-group": "networkAcls",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:network_acls"
]
}
]
},
"put": {
"summary": "Update Access Control List",
"description": "Update existing access control list for your client.",
"tags": [
"network-acls"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The id of the ACL to update.",
"required": true,
"schema": {
"type": "string",
"maxLength": 36
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SetNetworkAclRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/SetNetworkAclRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "Network ACL properties successfully updated",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SetNetworkAclsResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: update:network_acls."
},
"404": {
"description": "Network ACL not found and cannot be updated"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "put_network-acls_by_id",
"x-release-lifecycle": "GA",
"x-operation-name": "set",
"x-operation-group": "networkAcls",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:network_acls"
]
}
]
}
},
"/organizations": {
"get": {
"summary": "Get organizations",
"description": "Retrieve detailed list of all Organizations available in your tenant. For more information, see Auth0 Organizations.\n\nThis endpoint supports two types of pagination:\nfrom: Optional id from which to start selection.take: The total number of entries to retrieve when using the from parameter. Defaults to 50.from parameter. If there are more results, a next value is included in the response. You can use this for subsequent API calls. When next is no longer included in the response, no pages are remaining.\n",
"tags": [
"organizations"
],
"parameters": [
{
"name": "page",
"in": "query",
"description": "Page index of the results to return. First page is 0.",
"schema": {
"type": "integer",
"minimum": 0,
"maximum": 1000
}
},
{
"name": "per_page",
"in": "query",
"description": "Number of results per page. Defaults to 50.",
"schema": {
"type": "integer",
"minimum": 1,
"maximum": 100
}
},
{
"name": "include_totals",
"in": "query",
"description": "Return results inside an object that contains the total result count (true) or as a direct array of results (false, default).",
"schema": {
"type": "boolean"
}
},
{
"name": "from",
"in": "query",
"description": "Optional Id from which to start selection.",
"schema": {
"type": "string"
}
},
{
"name": "take",
"in": "query",
"description": "Number of results per page. Defaults to 50.",
"schema": {
"type": "integer",
"minimum": 1,
"maximum": 100
}
},
{
"name": "sort",
"in": "query",
"description": "Field to sort by. Use field:order where order is 1 for ascending and -1 for descending. e.g. created_at:1. We currently support sorting by the following fields: name, display_name and created_at.",
"schema": {
"type": "string",
"maxLength": 15,
"pattern": "^((display_name)|(created_at)|(name))\\:(1|-1)$"
}
}
],
"responses": {
"200": {
"description": "Organizations successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ListOrganizationsResponseContent"
}
}
}
},
"400": {
"description": "Invalid request query string. The message will vary depending on the cause.",
"x-description-1": "Invalid query string paging options. The message will vary depending on the cause"
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: read:organizations."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_organizations",
"x-release-lifecycle": "GA",
"x-operation-name": "list",
"x-operation-request-parameters-name": "ListOrganizationsRequestParameters",
"x-operation-group": "organizations",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:organizations",
"read:organizations_summary"
]
}
]
},
"post": {
"summary": "Create an Organization",
"description": "Create a new Organization within your tenant. To learn more about Organization settings, behavior, and configuration options, review Create Your First Organization.\n",
"tags": [
"organizations"
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateOrganizationRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/CreateOrganizationRequestContent"
}
}
}
},
"responses": {
"201": {
"description": "Organization successfully created.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateOrganizationResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: create:organizations."
},
"409": {
"description": "An organization with this name already exists."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "post_organizations",
"x-release-lifecycle": "GA",
"x-operation-name": "create",
"x-operation-group": "organizations",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:organizations",
"create:organization_connections"
]
}
]
}
},
"/organizations/name/{name}": {
"get": {
"summary": "Get organization by name",
"description": "Retrieve details about a single Organization specified by name.\n",
"tags": [
"organizations"
],
"parameters": [
{
"name": "name",
"in": "path",
"description": "name of the organization to retrieve.",
"required": true,
"schema": {
"type": "string",
"minLength": 1,
"maxLength": 50
}
}
],
"responses": {
"200": {
"description": "Organization successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetOrganizationByNameResponseContent"
}
}
}
},
"400": {
"description": "Invalid request query string. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: read:organizations."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_name_by_name",
"x-release-lifecycle": "GA",
"x-operation-name": "getByName",
"x-operation-group": "organizations",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:organizations"
]
}
]
}
},
"/organizations/{id}": {
"get": {
"summary": "Get organization",
"description": "Retrieve details about a single Organization specified by ID. \n",
"tags": [
"organizations"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the organization to retrieve.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Organization successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetOrganizationResponseContent"
}
}
}
},
"400": {
"description": "Invalid request query string. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: read:organizations."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_organizations_by_id",
"x-release-lifecycle": "GA",
"x-operation-name": "get",
"x-operation-group": "organizations",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:organizations",
"read:organizations_summary"
]
}
]
},
"delete": {
"summary": "Delete organization",
"description": "Remove an Organization from your tenant. This action cannot be undone. \n\nNote: Members are automatically disassociated from an Organization when it is deleted. However, this action does not delete these users from your tenant.\n",
"tags": [
"organizations"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "Organization identifier.",
"required": true,
"schema": {
"type": "string",
"maxLength": 50
}
}
],
"responses": {
"204": {
"description": "The organization was deleted."
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: delete:organizations."
},
"404": {
"description": "The organization does not exist."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "delete_organizations_by_id",
"x-release-lifecycle": "GA",
"x-operation-name": "delete",
"x-operation-group": "organizations",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"delete:organizations"
]
}
]
},
"patch": {
"summary": "Modify an Organization",
"description": "Update the details of a specific Organization, such as name and display name, branding options, and metadata.\n",
"tags": [
"organizations"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the organization to update.",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateOrganizationRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/UpdateOrganizationRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "Organization successfully updated.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateOrganizationResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: update:organizations."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "patch_organizations_by_id",
"x-release-lifecycle": "GA",
"x-operation-name": "update",
"x-operation-group": "organizations",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:organizations"
]
}
]
}
},
"/organizations/{id}/client-grants": {
"get": {
"summary": "Get client grants associated to an organization",
"tags": [
"organizations"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "Organization identifier.",
"required": true,
"schema": {
"type": "string",
"maxLength": 50
}
},
{
"name": "audience",
"in": "query",
"description": "Optional filter on audience of the client grant.",
"schema": {
"type": "string",
"maxLength": 600
}
},
{
"name": "client_id",
"in": "query",
"description": "Optional filter on client_id of the client grant.",
"schema": {
"type": "string"
}
},
{
"name": "grant_ids",
"in": "query",
"description": "Optional filter on the ID of the client grant. Must be URL encoded and may be specified multiple times (max 10).status field must be either pending or verified. The use_for_organization_discovery field can be true or false (default: true).\n",
"tags": [
"organizations"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the organization.",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "discovery_domain_id",
"in": "path",
"description": "ID of the discovery domain to update.",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateOrganizationDiscoveryDomainRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/UpdateOrganizationDiscoveryDomainRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "Organization discovery domain successfully updated.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateOrganizationDiscoveryDomainResponseContent"
}
}
}
},
"400": {
"description": "Invalid Request Body."
},
"404": {
"description": "Organization not found.",
"x-description-1": "Organization discovery domain not found."
}
},
"operationId": "patch_discovery-domains_by_discovery_domain_id",
"x-release-lifecycle": "GA",
"x-operation-name": "update",
"x-operation-group": [
"organizations",
"discoveryDomains"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:organization_discovery_domains"
]
}
]
}
},
"/organizations/{id}/enabled_connections": {
"get": {
"summary": "Get connections enabled for an organization",
"description": "Retrieve details about a specific connection currently enabled for an Organization. Information returned includes details such as connection ID, name, strategy, and whether the connection automatically grants membership upon login.\n",
"tags": [
"organizations"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "Organization identifier.",
"required": true,
"schema": {
"type": "string",
"maxLength": 50
}
},
{
"name": "page",
"in": "query",
"description": "Page index of the results to return. First page is 0.",
"schema": {
"type": "integer",
"minimum": 0
}
},
{
"name": "per_page",
"in": "query",
"description": "Number of results per page. Defaults to 50.",
"schema": {
"type": "integer",
"minimum": 1,
"maximum": 100
}
},
{
"name": "include_totals",
"in": "query",
"description": "Return results inside an object that contains the total result count (true) or as a direct array of results (false, default).",
"schema": {
"type": "boolean"
}
}
],
"responses": {
"200": {
"description": "Connections successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ListOrganizationConnectionsResponseContent"
}
}
}
},
"400": {
"description": "Invalid request query string. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: read:organization_connections."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_enabled_connections",
"x-release-lifecycle": "GA",
"x-operation-name": "list",
"x-operation-request-parameters-name": "ListOrganizationConnectionsRequestParameters",
"x-operation-group": [
"organizations",
"enabledConnections"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:organization_connections"
]
}
]
},
"post": {
"summary": "Add connections to an organization",
"description": "Enable a specific connection for a given Organization. To enable a connection, it must already exist within your tenant; connections cannot be created through this action.\n\nConnections represent the relationship between Auth0 and a source of users. Available types of connections include database, enterprise, and social.\n",
"tags": [
"organizations"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "Organization identifier.",
"required": true,
"schema": {
"type": "string",
"maxLength": 50
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AddOrganizationConnectionRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/AddOrganizationConnectionRequestContent"
}
}
}
},
"responses": {
"201": {
"description": "Organization connection successfully added.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AddOrganizationConnectionResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: create:organization_connections."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "post_enabled_connections",
"x-release-lifecycle": "GA",
"x-operation-name": "add",
"x-operation-group": [
"organizations",
"enabledConnections"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:organization_connections"
]
}
]
}
},
"/organizations/{id}/enabled_connections/{connectionId}": {
"get": {
"summary": "Get an enabled connection for an organization",
"description": "Retrieve details about a specific connection currently enabled for an Organization. Information returned includes details such as connection ID, name, strategy, and whether the connection automatically grants membership upon login.\n",
"tags": [
"organizations"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "Organization identifier.",
"required": true,
"schema": {
"type": "string",
"maxLength": 50
}
},
{
"name": "connectionId",
"in": "path",
"description": "Connection identifier.",
"required": true,
"schema": {
"type": "string",
"minLength": 1,
"maxLength": 50
}
}
],
"responses": {
"200": {
"description": "Connection successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetOrganizationConnectionResponseContent"
}
}
}
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: read:organization_connections."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_enabled_connections_by_connectionId",
"x-release-lifecycle": "GA",
"x-operation-name": "get",
"x-operation-group": [
"organizations",
"enabledConnections"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:organization_connections"
]
}
]
},
"delete": {
"summary": "Delete connections from an organization",
"description": "Disable a specific connection for an Organization. Once disabled, Organization members can no longer use that connection to authenticate. \n\nNote: This action does not remove the connection from your tenant.\n",
"tags": [
"organizations"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "Organization identifier.",
"required": true,
"schema": {
"type": "string",
"maxLength": 50
}
},
{
"name": "connectionId",
"in": "path",
"description": "Connection identifier.",
"required": true,
"schema": {
"type": "string",
"minLength": 1,
"maxLength": 50
}
}
],
"responses": {
"204": {
"description": "Connection successfully removed from organization."
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: delete:organization_connections."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "delete_enabled_connections_by_connectionId",
"x-release-lifecycle": "GA",
"x-operation-name": "delete",
"x-operation-group": [
"organizations",
"enabledConnections"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"delete:organization_connections"
]
}
]
},
"patch": {
"summary": "Update the Connection of an Organization",
"description": "Modify the details of a specific connection currently enabled for an Organization.\n",
"tags": [
"organizations"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "Organization identifier.",
"required": true,
"schema": {
"type": "string",
"maxLength": 50
}
},
{
"name": "connectionId",
"in": "path",
"description": "Connection identifier.",
"required": true,
"schema": {
"type": "string",
"minLength": 1,
"maxLength": 50
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateOrganizationConnectionRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/UpdateOrganizationConnectionRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "Organization connection successfully updated.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateOrganizationConnectionResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: update:organization_connections."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "patch_enabled_connections_by_connectionId",
"x-release-lifecycle": "GA",
"x-operation-name": "update",
"x-operation-group": [
"organizations",
"enabledConnections"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:organization_connections"
]
}
]
}
},
"/organizations/{id}/invitations": {
"get": {
"summary": "Get invitations to an organization",
"description": "Retrieve a detailed list of invitations sent to users for a specific Organization. The list includes details such as inviter and invitee information, invitation URLs, and dates of creation and expiration. To learn more about Organization invitations, review Invite Organization Members. \n",
"tags": [
"organizations"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "Organization identifier.",
"required": true,
"schema": {
"type": "string",
"maxLength": 50
}
},
{
"name": "page",
"in": "query",
"description": "Page index of the results to return. First page is 0.",
"schema": {
"type": "integer",
"minimum": 0
}
},
{
"name": "per_page",
"in": "query",
"description": "Number of results per page. Defaults to 50.",
"schema": {
"type": "integer",
"minimum": 1,
"maximum": 100
}
},
{
"name": "include_totals",
"in": "query",
"description": "When true, return results inside an object that also contains the start and limit. When false (default), a direct array of results is returned. We do not yet support returning the total invitations count.",
"schema": {
"type": "boolean"
}
},
{
"name": "fields",
"in": "query",
"description": "Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields.",
"schema": {
"type": "string",
"pattern": "^((app_metadata)|(user_metadata)|(client_id)|(connection_id)|(created_at)|(expires_at)|(id)|(invitation_url)|(invitee)|(inviter)|(organization_id)|(roles))(,((app_metadata)|(user_metadata)|(client_id)|(connection_id)|(created_at)|(expires_at)|(id)|(invitation_url)|(invitee)|(inviter)|(organization_id)|(roles)))*$"
}
},
{
"name": "include_fields",
"in": "query",
"description": "Whether specified fields are to be included (true) or excluded (false). Defaults to true.",
"schema": {
"type": "boolean"
}
},
{
"name": "sort",
"in": "query",
"description": "Field to sort by. Use field:order where order is 1 for ascending and -1 for descending Defaults to created_at:-1.",
"schema": {
"type": "string",
"pattern": "^((created_at))\\:(1|-1)$"
}
}
],
"responses": {
"200": {
"description": "Invitations successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ListOrganizationInvitationsResponseContent"
}
}
}
},
"400": {
"description": "Requesting page exceeds the allowed maximum of 1000 records",
"x-description-0": "Invalid request query string. The message will vary depending on the cause."
},
"401": {
"description": "Client is not global.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Invalid token."
},
"403": {
"description": "Insufficient scope; expected any of: read:organization_invitations."
},
"404": {
"description": "No organization found by that id."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_invitations",
"x-release-lifecycle": "GA",
"x-operation-name": "list",
"x-operation-request-parameters-name": "ListOrganizationInvitationsRequestParameters",
"x-operation-group": [
"organizations",
"invitations"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:organization_invitations"
]
}
]
},
"post": {
"summary": "Create invitations to an organization",
"description": "Create a user invitation for a specific Organization. Upon creation, the listed user receives an email inviting them to join the Organization. To learn more about Organization invitations, review Invite Organization Members. \n",
"tags": [
"organizations"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "Organization identifier.",
"required": true,
"schema": {
"type": "string",
"maxLength": 50
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateOrganizationInvitationRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/CreateOrganizationInvitationRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "Invitation successfully created.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateOrganizationInvitationResponseContent"
}
}
}
},
"400": {
"description": "A default login route is required to generate the invitation url. For more information, see https://auth0.com/docs/universal-login/configure-default-login-routes",
"x-description-1": "One or more of the specified roles do not exist: rol_0000000000000001, rol_0000000000000002",
"x-description-2": "Passwordless connections are not supported.",
"x-description-3": "The specified client_id does not allow organizations.",
"x-description-4": "The specified client_id does not exist.",
"x-description-5": "The specified connection (con_0000000000000001) is not enabled for the organization",
"x-description-6": "The specified connection does not exist.",
"x-description-0": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Client is not global.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Invalid token."
},
"403": {
"description": "Insufficient scope; expected any of: create:organization_invitations."
},
"404": {
"description": "No organization found by that id."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "post_invitations",
"x-release-lifecycle": "GA",
"x-operation-name": "create",
"x-operation-group": [
"organizations",
"invitations"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:organization_invitations"
]
}
]
}
},
"/organizations/{id}/invitations/{invitation_id}": {
"get": {
"summary": "Get a specific invitation to an Organization",
"tags": [
"organizations"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "Organization identifier.",
"required": true,
"schema": {
"type": "string",
"maxLength": 50
}
},
{
"name": "invitation_id",
"in": "path",
"description": "The id of the user invitation.",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "fields",
"in": "query",
"description": "Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields.",
"schema": {
"type": "string",
"pattern": "^((app_metadata)|(user_metadata)|(client_id)|(connection_id)|(created_at)|(expires_at)|(id)|(invitation_url)|(invitee)|(inviter)|(organization_id)|(roles))(,((app_metadata)|(user_metadata)|(client_id)|(connection_id)|(created_at)|(expires_at)|(id)|(invitation_url)|(invitee)|(inviter)|(organization_id)|(roles)))*$"
}
},
{
"name": "include_fields",
"in": "query",
"description": "Whether specified fields are to be included (true) or excluded (false). Defaults to true.",
"schema": {
"type": "boolean"
}
}
],
"responses": {
"200": {
"description": "Invitation successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetOrganizationInvitationResponseContent"
}
}
}
},
"400": {
"description": "Invalid request query string. The message will vary depending on the cause."
},
"401": {
"description": "Client is not global.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Invalid token."
},
"403": {
"description": "Insufficient scope; expected any of: read:organization_invitations."
},
"404": {
"description": "No organization found by that id.",
"x-description-1": "The invitation does not exist."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_invitations_by_invitation_id",
"x-release-lifecycle": "GA",
"x-operation-name": "get",
"x-operation-request-parameters-name": "GetOrganizationInvitationRequestParameters",
"x-operation-group": [
"organizations",
"invitations"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:organization_invitations"
]
}
]
},
"delete": {
"summary": "Delete an invitation to an Organization",
"tags": [
"organizations"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "Organization identifier.",
"required": true,
"schema": {
"type": "string",
"maxLength": 50
}
},
{
"name": "invitation_id",
"in": "path",
"description": "The id of the user invitation.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"204": {
"description": "Invitation successfully deleted."
},
"401": {
"description": "Client is not global.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Invalid token."
},
"403": {
"description": "Insufficient scope; expected any of: delete:organization_invitations."
},
"404": {
"description": "No organization found by that id."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "delete_invitations_by_invitation_id",
"x-release-lifecycle": "GA",
"x-operation-name": "delete",
"x-operation-group": [
"organizations",
"invitations"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"delete:organization_invitations"
]
}
]
}
},
"/organizations/{id}/members": {
"get": {
"summary": "Get members who belong to an organization",
"description": "List organization members.\nThis endpoint is subject to eventual consistency. New users may not be immediately included in the response and deleted users may not be immediately removed from it.\n\nfields parameter to optionally define the specific member details retrieved. If fields is left blank, all fields (except roles) are returned.\n fields=roles to retrieve the roles assigned to each listed member. To use this parameter, you must include the read:organization_member_roles scope in the token.\n from parameter. If there are more results, a next value will be included in the response. You can use this for subsequent API calls. When next is no longer included in the response, this indicates there are no more pages remaining.\n",
"tags": [
"organizations"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "Organization identifier.",
"required": true,
"schema": {
"type": "string",
"maxLength": 50
}
},
{
"name": "page",
"in": "query",
"description": "Page index of the results to return. First page is 0.",
"schema": {
"type": "integer",
"minimum": 0,
"maximum": 1000
}
},
{
"name": "per_page",
"in": "query",
"description": "Number of results per page. Defaults to 50.",
"schema": {
"type": "integer",
"minimum": 1,
"maximum": 100
}
},
{
"name": "include_totals",
"in": "query",
"description": "Return results inside an object that contains the total result count (true) or as a direct array of results (false, default).",
"schema": {
"type": "boolean"
}
},
{
"name": "from",
"in": "query",
"description": "Optional Id from which to start selection.",
"schema": {
"type": "string"
}
},
{
"name": "take",
"in": "query",
"description": "Number of results per page. Defaults to 50.",
"schema": {
"type": "integer",
"minimum": 1,
"maximum": 100
}
},
{
"name": "fields",
"in": "query",
"description": "Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields.",
"schema": {
"type": "string",
"pattern": "^((user_id)|(email)|(picture)|(name)|(roles))(,((user_id)|(email)|(picture)|(name)|(roles)))*$"
}
},
{
"name": "include_fields",
"in": "query",
"description": "Whether specified fields are to be included (true) or excluded (false).",
"schema": {
"type": "boolean"
}
}
],
"responses": {
"200": {
"description": "Members successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ListOrganizationMembersResponseContent"
}
}
}
},
"400": {
"description": "Invalid request query string. The message will vary depending on the cause.",
"x-description-1": "Invalid query string paging options. The message will vary depending on the cause"
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: read:organization_members, read:organization_member_roles."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_organization_members",
"x-release-lifecycle": "GA",
"x-operation-name": "list",
"x-operation-request-parameters-name": "ListOrganizationMembersRequestParameters",
"x-operation-group": [
"organizations",
"members"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:organization_members"
]
}
]
},
"delete": {
"summary": "Delete members from an organization",
"tags": [
"organizations"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "Organization identifier.",
"required": true,
"schema": {
"type": "string",
"maxLength": 50
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/DeleteOrganizationMembersRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/DeleteOrganizationMembersRequestContent"
}
}
}
},
"responses": {
"204": {
"description": "Users successfully removed from organization."
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: delete:organization_members."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "delete_members",
"x-release-lifecycle": "GA",
"x-operation-name": "delete",
"x-operation-group": [
"organizations",
"members"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"delete:organization_members"
]
}
]
},
"post": {
"summary": "Add members to an organization",
"description": "Set one or more existing users as members of a specific Organization.\n\nTo add a user to an Organization through this action, the user must already exist in your tenant. If a user does not yet exist, you can invite them to create an account, manually create them through the Auth0 Dashboard, or use the Management API.\n",
"tags": [
"organizations"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "Organization identifier.",
"required": true,
"schema": {
"type": "string",
"maxLength": 50
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateOrganizationMemberRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/CreateOrganizationMemberRequestContent"
}
}
}
},
"responses": {
"204": {
"description": "Members successfully added to organization."
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: create:organization_members."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "post_members",
"x-release-lifecycle": "GA",
"x-operation-name": "create",
"x-operation-group": [
"organizations",
"members"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:organization_members"
]
}
]
}
},
"/organizations/{id}/members/{user_id}/roles": {
"get": {
"summary": "Get user roles assigned to an Organization member",
"description": "Retrieve detailed list of roles assigned to a given user within the context of a specific Organization. \n\nUsers can be members of multiple Organizations with unique roles assigned for each membership. This action only returns the roles associated with the specified Organization; any roles assigned to the user within other Organizations are not included.\n",
"tags": [
"organizations"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "Organization identifier.",
"required": true,
"schema": {
"type": "string",
"maxLength": 50
}
},
{
"name": "user_id",
"in": "path",
"description": "ID of the user to associate roles with.",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "page",
"in": "query",
"description": "Page index of the results to return. First page is 0.",
"schema": {
"type": "integer",
"minimum": 0,
"maximum": 1000
}
},
{
"name": "per_page",
"in": "query",
"description": "Number of results per page. Defaults to 50.",
"schema": {
"type": "integer",
"minimum": 1,
"maximum": 100
}
},
{
"name": "include_totals",
"in": "query",
"description": "Return results inside an object that contains the total result count (true) or as a direct array of results (false, default).",
"schema": {
"type": "boolean"
}
}
],
"responses": {
"200": {
"description": "Roles successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ListOrganizationMemberRolesResponseContent"
}
}
}
},
"400": {
"description": "Invalid request query string. The message will vary depending on the cause.",
"x-description-1": "Invalid query string paging options. The message will vary depending on the cause"
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: read:organization_member_roles."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_organization_member_roles",
"x-release-lifecycle": "GA",
"x-operation-name": "list",
"x-operation-request-parameters-name": "ListOrganizationMemberRolesRequestParameters",
"x-operation-group": [
"organizations",
"members",
"roles"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:organization_member_roles"
]
}
]
},
"delete": {
"summary": "Delete user roles from an Organization member",
"description": "Remove one or more Organization-specific roles from a given user.\n\nUsers can be members of multiple Organizations with unique roles assigned for each membership. This action removes roles from a user in relation to the specified Organization. Roles assigned to the user within a different Organization cannot be managed in the same call.\n",
"tags": [
"organizations"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "Organization identifier.",
"required": true,
"schema": {
"type": "string",
"maxLength": 50
}
},
{
"name": "user_id",
"in": "path",
"description": "User ID of the organization member to remove roles from.",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/DeleteOrganizationMemberRolesRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/DeleteOrganizationMemberRolesRequestContent"
}
}
}
},
"responses": {
"204": {
"description": "Roles successfully removed from organization member."
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: delete:organization_member_roles."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "delete_organization_member_roles",
"x-release-lifecycle": "GA",
"x-operation-name": "delete",
"x-operation-group": [
"organizations",
"members",
"roles"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"delete:organization_member_roles"
]
}
]
},
"post": {
"summary": "Assign user roles to an Organization member",
"description": "Assign one or more roles to a user to determine their access for a specific Organization.\n\nUsers can be members of multiple Organizations with unique roles assigned for each membership. This action assigns roles to a user only for the specified Organization. Roles cannot be assigned to a user across multiple Organizations in the same call.\n",
"tags": [
"organizations"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "Organization identifier.",
"required": true,
"schema": {
"type": "string",
"maxLength": 50
}
},
{
"name": "user_id",
"in": "path",
"description": "ID of the user to associate roles with.",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AssignOrganizationMemberRolesRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/AssignOrganizationMemberRolesRequestContent"
}
}
}
},
"responses": {
"204": {
"description": "Roles successfully associated with user."
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: create:organization_member_roles."
},
"409": {
"description": "No more roles can be assigned to this organization member."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "post_organization_member_roles",
"x-release-lifecycle": "GA",
"x-operation-name": "assign",
"x-operation-group": [
"organizations",
"members",
"roles"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:organization_member_roles"
]
}
]
}
},
"/prompts": {
"get": {
"summary": "Get prompt settings",
"description": "Retrieve details of the Universal Login configuration of your tenant. This includes the Identifier First Authentication and WebAuthn with Device Biometrics for MFA features.",
"tags": [
"prompts"
],
"responses": {
"200": {
"description": "Prompt settings successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetSettingsResponseContent"
}
}
}
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "The specified client cannot perform the requested operation.",
"x-description-1": "Insufficient scope; expected any of: read:prompts."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_prompts",
"x-release-lifecycle": "GA",
"x-operation-name": "getSettings",
"x-operation-group": "prompts",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:prompts"
]
}
]
},
"patch": {
"summary": "Update prompt settings",
"description": "Update the Universal Login configuration of your tenant. This includes the Identifier First Authentication and WebAuthn with Device Biometrics for MFA features.",
"tags": [
"prompts"
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateSettingsRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/UpdateSettingsRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "Prompts settings successfully updated.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateSettingsResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: update:prompts."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "patch_prompts",
"x-release-lifecycle": "GA",
"x-operation-name": "updateSettings",
"x-operation-group": "prompts",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:prompts"
]
}
]
}
},
"/prompts/rendering": {
"get": {
"summary": "Get render setting configurations for all screens",
"description": "Get render setting configurations for all screens.",
"tags": [
"prompts"
],
"parameters": [
{
"name": "fields",
"in": "query",
"description": "Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields.",
"schema": {
"type": "string",
"pattern": "^((rendering_mode)|(prompt)|(screen)|(context_configuration)|(default_head_tags_disabled)|(head_tags))(,((rendering_mode)|(prompt)|(screen)|(context_configuration)|(default_head_tags_disabled)|(head_tags)))*$"
}
},
{
"name": "include_fields",
"in": "query",
"description": "Whether specified fields are to be included (default: true) or excluded (false).",
"schema": {
"type": "boolean"
}
},
{
"name": "page",
"in": "query",
"description": "Page index of the results to return. First page is 0.",
"schema": {
"type": "integer",
"minimum": 0
}
},
{
"name": "per_page",
"in": "query",
"description": "Number of results per page. Maximum value is 100, default value is 50.",
"schema": {
"type": "integer",
"minimum": 1,
"maximum": 100
}
},
{
"name": "include_totals",
"in": "query",
"description": "Return results inside an object that contains the total configuration count (true) or as a direct array of results (false, default).",
"schema": {
"type": "boolean"
}
},
{
"name": "prompt",
"in": "query",
"description": "Name of the prompt to filter by",
"schema": {
"type": "string",
"pattern": "^((login)|(login-id)|(login-password)|(login-passwordless)|(login-email-verification)|(signup)|(signup-id)|(signup-password)|(phone-identifier-enrollment)|(phone-identifier-challenge)|(email-identifier-challenge)|(reset-password)|(custom-form)|(consent)|(customized-consent)|(logout)|(mfa-push)|(mfa-otp)|(mfa-voice)|(mfa-phone)|(mfa-webauthn)|(mfa-sms)|(mfa-email)|(mfa-recovery-code)|(mfa)|(status)|(device-flow)|(email-verification)|(email-otp-challenge)|(organizations)|(invitation)|(common)|(passkeys)|(captcha)|(brute-force-protection)|(async-approval-flow))(,((login)|(login-id)|(login-password)|(login-passwordless)|(login-email-verification)|(signup)|(signup-id)|(signup-password)|(phone-identifier-enrollment)|(phone-identifier-challenge)|(email-identifier-challenge)|(reset-password)|(custom-form)|(consent)|(customized-consent)|(logout)|(mfa-push)|(mfa-otp)|(mfa-voice)|(mfa-phone)|(mfa-webauthn)|(mfa-sms)|(mfa-email)|(mfa-recovery-code)|(mfa)|(status)|(device-flow)|(email-verification)|(email-otp-challenge)|(organizations)|(invitation)|(common)|(passkeys)|(captcha)|(brute-force-protection)|(async-approval-flow)))*$"
}
},
{
"name": "screen",
"in": "query",
"description": "Name of the screen to filter by",
"schema": {
"type": "string",
"pattern": "^((login)|(login-id)|(login-password)|(login-passwordless-email-code)|(login-passwordless-email-link)|(login-passwordless-sms-otp)|(login-email-verification)|(signup)|(signup-id)|(signup-password)|(phone-identifier-enrollment)|(phone-identifier-challenge)|(email-identifier-challenge)|(reset-password-request)|(reset-password-email)|(reset-password)|(reset-password-success)|(reset-password-error)|(reset-password-mfa-email-challenge)|(reset-password-mfa-otp-challenge)|(reset-password-mfa-phone-challenge)|(reset-password-mfa-push-challenge-push)|(reset-password-mfa-recovery-code-challenge)|(reset-password-mfa-sms-challenge)|(reset-password-mfa-voice-challenge)|(reset-password-mfa-webauthn-platform-challenge)|(reset-password-mfa-webauthn-roaming-challenge)|(custom-form)|(consent)|(customized-consent)|(logout)|(logout-complete)|(logout-aborted)|(mfa-push-welcome)|(mfa-push-enrollment-qr)|(mfa-push-enrollment-code)|(mfa-push-success)|(mfa-push-challenge-push)|(mfa-push-list)|(mfa-otp-enrollment-qr)|(mfa-otp-enrollment-code)|(mfa-otp-challenge)|(mfa-voice-enrollment)|(mfa-voice-challenge)|(mfa-phone-challenge)|(mfa-phone-enrollment)|(mfa-webauthn-platform-enrollment)|(mfa-webauthn-roaming-enrollment)|(mfa-webauthn-platform-challenge)|(mfa-webauthn-roaming-challenge)|(mfa-webauthn-change-key-nickname)|(mfa-webauthn-enrollment-success)|(mfa-webauthn-error)|(mfa-webauthn-not-available-error)|(mfa-country-codes)|(mfa-sms-enrollment)|(mfa-sms-challenge)|(mfa-sms-list)|(mfa-email-challenge)|(mfa-email-list)|(mfa-recovery-code-enrollment)|(mfa-recovery-code-challenge-new-code)|(mfa-recovery-code-challenge)|(mfa-detect-browser-capabilities)|(mfa-enroll-result)|(mfa-login-options)|(mfa-begin-enroll-options)|(status)|(device-code-activation)|(device-code-activation-allowed)|(device-code-activation-denied)|(device-code-confirmation)|(email-verification-result)|(email-otp-challenge)|(organization-selection)|(organization-picker)|(pre-login-organization-picker)|(accept-invitation)|(redeem-ticket)|(passkey-enrollment)|(passkey-enrollment-local)|(interstitial-captcha)|(brute-force-protection-unblock)|(brute-force-protection-unblock-success)|(brute-force-protection-unblock-failure)|(async-approval-error)|(async-approval-accepted)|(async-approval-denied)|(async-approval-wrong-user))(,((login)|(login-id)|(login-password)|(login-passwordless-email-code)|(login-passwordless-email-link)|(login-passwordless-sms-otp)|(login-email-verification)|(signup)|(signup-id)|(signup-password)|(phone-identifier-enrollment)|(phone-identifier-challenge)|(email-identifier-challenge)|(reset-password-request)|(reset-password-email)|(reset-password)|(reset-password-success)|(reset-password-error)|(reset-password-mfa-email-challenge)|(reset-password-mfa-otp-challenge)|(reset-password-mfa-phone-challenge)|(reset-password-mfa-push-challenge-push)|(reset-password-mfa-recovery-code-challenge)|(reset-password-mfa-sms-challenge)|(reset-password-mfa-voice-challenge)|(reset-password-mfa-webauthn-platform-challenge)|(reset-password-mfa-webauthn-roaming-challenge)|(custom-form)|(consent)|(customized-consent)|(logout)|(logout-complete)|(logout-aborted)|(mfa-push-welcome)|(mfa-push-enrollment-qr)|(mfa-push-enrollment-code)|(mfa-push-success)|(mfa-push-challenge-push)|(mfa-push-list)|(mfa-otp-enrollment-qr)|(mfa-otp-enrollment-code)|(mfa-otp-challenge)|(mfa-voice-enrollment)|(mfa-voice-challenge)|(mfa-phone-challenge)|(mfa-phone-enrollment)|(mfa-webauthn-platform-enrollment)|(mfa-webauthn-roaming-enrollment)|(mfa-webauthn-platform-challenge)|(mfa-webauthn-roaming-challenge)|(mfa-webauthn-change-key-nickname)|(mfa-webauthn-enrollment-success)|(mfa-webauthn-error)|(mfa-webauthn-not-available-error)|(mfa-country-codes)|(mfa-sms-enrollment)|(mfa-sms-challenge)|(mfa-sms-list)|(mfa-email-challenge)|(mfa-email-list)|(mfa-recovery-code-enrollment)|(mfa-recovery-code-challenge-new-code)|(mfa-recovery-code-challenge)|(mfa-detect-browser-capabilities)|(mfa-enroll-result)|(mfa-login-options)|(mfa-begin-enroll-options)|(status)|(device-code-activation)|(device-code-activation-allowed)|(device-code-activation-denied)|(device-code-confirmation)|(email-verification-result)|(email-otp-challenge)|(organization-selection)|(organization-picker)|(pre-login-organization-picker)|(accept-invitation)|(redeem-ticket)|(passkey-enrollment)|(passkey-enrollment-local)|(interstitial-captcha)|(brute-force-protection-unblock)|(brute-force-protection-unblock-success)|(brute-force-protection-unblock-failure)|(async-approval-error)|(async-approval-accepted)|(async-approval-denied)|(async-approval-wrong-user)))*$"
}
},
{
"name": "rendering_mode",
"in": "query",
"description": "Rendering mode to filter by",
"schema": {
"$ref": "#/components/schemas/AculRenderingModeEnum"
}
}
],
"responses": {
"200": {
"description": "ACUL settings successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ListAculsResponseContent"
}
}
}
},
"400": {
"description": "Invalid request query string. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"402": {
"description": "A paid subscription is required to use Advanced Customizations."
},
"403": {
"description": "Insufficient scope; expected any of: read:prompts.",
"x-description-1": "This tenant does not have Advanced Customizations enabled."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_all_rendering",
"x-release-lifecycle": "GA",
"x-operation-name": "list",
"x-operation-request-parameters-name": "ListAculsRequestParameters",
"x-operation-group": [
"prompts",
"rendering"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:prompts"
]
}
]
},
"patch": {
"summary": "Update render settings for multiple screens",
"description": "Learn more about configuring render settings for advanced customization.\n",
"tags": [
"prompts"
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/BulkUpdateAculRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/BulkUpdateAculRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "ACUL settings successfully updated.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/BulkUpdateAculResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause.",
"x-description-1": "Invalid request URI. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"402": {
"description": "A paid subscription is required to use Advanced Customizations."
},
"403": {
"description": "Insufficient scope; expected any of: update:prompts.",
"x-description-1": "This tenant does not have Advanced Customizations enabled.",
"x-description-2": "This screen is not available in Advanced Customizations"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "patch_bulk_rendering",
"x-release-lifecycle": "GA",
"x-operation-name": "bulkUpdate",
"x-operation-group": [
"prompts",
"rendering"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:prompts"
]
}
]
}
},
"/prompts/{prompt}/custom-text/{language}": {
"get": {
"summary": "Get custom text for a prompt",
"description": "Retrieve custom text for a specific prompt and language.",
"tags": [
"prompts"
],
"parameters": [
{
"name": "prompt",
"in": "path",
"description": "Name of the prompt.",
"required": true,
"schema": {
"$ref": "#/components/schemas/PromptGroupNameEnum"
}
},
{
"name": "language",
"in": "path",
"description": "Language to update.",
"required": true,
"schema": {
"$ref": "#/components/schemas/PromptLanguageEnum"
}
}
],
"responses": {
"200": {
"description": "Prompt dictionaries successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetCustomTextsByLanguageResponseContent"
}
}
}
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause.",
"x-description-1": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: read:prompts."
},
"404": {
"description": "The prompt does not exist."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_custom-text_by_language",
"x-release-lifecycle": "GA",
"x-operation-name": "get",
"x-operation-group": [
"prompts",
"customText"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:prompts"
]
}
]
},
"put": {
"summary": "Set custom text for a specific prompt",
"description": "Set custom text for a specific prompt. Existing texts will be overwritten.",
"tags": [
"prompts"
],
"parameters": [
{
"name": "prompt",
"in": "path",
"description": "Name of the prompt.",
"required": true,
"schema": {
"$ref": "#/components/schemas/PromptGroupNameEnum"
}
},
{
"name": "language",
"in": "path",
"description": "Language to update.",
"required": true,
"schema": {
"$ref": "#/components/schemas/PromptLanguageEnum"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SetsCustomTextsByLanguageRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/SetsCustomTextsByLanguageRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "Prompt dictionaries successfully updated."
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: update:prompts."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "put_custom-text_by_language",
"x-release-lifecycle": "GA",
"x-operation-name": "set",
"x-operation-group": [
"prompts",
"customText"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:prompts"
]
}
]
}
},
"/prompts/{prompt}/partials": {
"get": {
"summary": "Get partials for a prompt",
"description": "Get template partials for a prompt",
"tags": [
"prompts"
],
"parameters": [
{
"name": "prompt",
"in": "path",
"description": "Name of the prompt.",
"required": true,
"schema": {
"$ref": "#/components/schemas/PartialGroupsEnum"
}
}
],
"responses": {
"200": {
"description": "Prompt partials successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetPartialsResponseContent"
}
}
}
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause.",
"x-description-1": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: read:prompts.",
"x-description-1": "Permission Denied. This feature is not available on this plan."
},
"404": {
"description": "The prompt does not exist."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_partials",
"x-release-lifecycle": "GA",
"x-operation-name": "get",
"x-operation-group": [
"prompts",
"partials"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:prompts"
]
}
]
},
"put": {
"summary": "Set partials for a prompt",
"description": "Set template partials for a prompt",
"tags": [
"prompts"
],
"parameters": [
{
"name": "prompt",
"in": "path",
"description": "Name of the prompt.",
"required": true,
"schema": {
"$ref": "#/components/schemas/PartialGroupsEnum"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SetPartialsRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/SetPartialsRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "Template partials successfully updated."
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: update:prompts.",
"x-description-1": "Permission Denied. This feature is not available on this plan."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "put_partials",
"x-release-lifecycle": "GA",
"x-operation-name": "set",
"x-operation-group": [
"prompts",
"partials"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:prompts"
]
}
]
}
},
"/prompts/{prompt}/screen/{screen}/rendering": {
"get": {
"summary": "Get render settings for a screen",
"description": "Get render settings for a screen.",
"tags": [
"prompts"
],
"parameters": [
{
"name": "prompt",
"in": "path",
"description": "Name of the prompt",
"required": true,
"schema": {
"$ref": "#/components/schemas/PromptGroupNameEnum"
}
},
{
"name": "screen",
"in": "path",
"description": "Name of the screen",
"required": true,
"schema": {
"$ref": "#/components/schemas/ScreenGroupNameEnum"
}
}
],
"responses": {
"200": {
"description": "ACUL settings successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetAculResponseContent"
}
}
}
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"402": {
"description": "A paid subscription is required to use Advanced Customizations."
},
"403": {
"description": "Insufficient scope; expected any of: read:prompts.",
"x-description-1": "This tenant does not have Advanced Customizations enabled.",
"x-description-2": "This screen is not available in Advanced Customizations"
},
"404": {
"description": "The prompt does not exist."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_rendering",
"x-release-lifecycle": "GA",
"x-operation-name": "get",
"x-operation-group": [
"prompts",
"rendering"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:prompts"
]
}
]
},
"patch": {
"summary": "Update render settings for a screen",
"description": "Learn more about configuring render settings for advanced customization.\n",
"tags": [
"prompts"
],
"parameters": [
{
"name": "prompt",
"in": "path",
"description": "Name of the prompt",
"required": true,
"schema": {
"$ref": "#/components/schemas/PromptGroupNameEnum"
}
},
{
"name": "screen",
"in": "path",
"description": "Name of the screen",
"required": true,
"schema": {
"$ref": "#/components/schemas/ScreenGroupNameEnum"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateAculRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/UpdateAculRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "ACUL settings successfully updated.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateAculResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause.",
"x-description-1": "Invalid request URI. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"402": {
"description": "A paid subscription is required to use Advanced Customizations."
},
"403": {
"description": "Insufficient scope; expected any of: update:prompts.",
"x-description-1": "This tenant does not have Advanced Customizations enabled.",
"x-description-2": "This screen is not available in Advanced Customizations"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "patch_rendering",
"x-release-lifecycle": "GA",
"x-operation-name": "update",
"x-operation-group": [
"prompts",
"rendering"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:prompts"
]
}
]
}
},
"/refresh-tokens": {
"get": {
"summary": "Get refresh tokens",
"description": "Retrieve a paginated list of refresh tokens for a specific user, with optional filtering by client ID. Results are sorted by credential_id ascending.",
"tags": [
"refresh-tokens"
],
"parameters": [
{
"name": "user_id",
"in": "query",
"description": "ID of the user whose refresh tokens to retrieve. Required.",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "client_id",
"in": "query",
"description": "Filter results by client ID. Only valid when user_id is provided.",
"schema": {
"type": "string"
}
},
{
"name": "from",
"in": "query",
"description": "An opaque cursor from which to start the selection (exclusive). Expires after 24 hours. Obtained from the next property of a previous response.",
"schema": {
"type": "string"
}
},
{
"name": "take",
"in": "query",
"description": "Number of results per page. Defaults to 50.",
"schema": {
"type": "integer",
"minimum": 1,
"maximum": 100
}
},
{
"name": "fields",
"in": "query",
"description": "Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields.",
"schema": {
"type": "string"
}
},
{
"name": "include_fields",
"in": "query",
"description": "Whether specified fields are to be included (true) or excluded (false).",
"schema": {
"type": "boolean"
}
}
],
"responses": {
"200": {
"description": "The refresh tokens were retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetRefreshTokensPaginatedResponseContent"
}
}
}
},
"400": {
"description": "Missing required 'user_id' parameter.",
"x-description-1": "The checkpoint ID provided in the 'from' parameter has expired or is invalid, please remove the checkpoint ID and try again"
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation"
},
"403": {
"description": "Insufficient scope, expected any of: read:refresh_tokens"
},
"404": {
"description": "User not found",
"x-description-1": "The client does not exist."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_refresh_tokens",
"x-release-lifecycle": "EA",
"x-operation-name": "list",
"x-operation-request-parameters-name": "GetRefreshTokensRequestParameters",
"x-operation-group": "refreshTokens",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:refresh_tokens"
]
}
]
}
},
"/refresh-tokens/revoke": {
"post": {
"summary": "Revoke refresh tokens",
"description": "Revoke refresh tokens in bulk by ID list, user, user+client, or client.",
"tags": [
"refresh-tokens"
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/RevokeRefreshTokensRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/RevokeRefreshTokensRequestContent"
}
}
}
},
"responses": {
"202": {
"description": "Refresh token revocation request accepted."
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause.",
"x-description-1": "Invalid combination of parameters.",
"x-description-2": "API doesn't support Online Refresh Tokens. To revoke an Online Refresh Token, use the Sessions API: POST /api/v2/sessions/{session_id}/revoke",
"x-description-3": "User not found.",
"x-description-4": "Client not found."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected: delete:refresh_tokens",
"x-description-1": "This feature is not enabled for this tenant."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "revoke_refresh_tokens",
"x-release-lifecycle": "EA",
"x-operation-name": "revoke",
"x-operation-group": "refreshTokens",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"delete:refresh_tokens"
]
}
]
}
},
"/refresh-tokens/{id}": {
"get": {
"summary": "Get a refresh token",
"description": "Retrieve refresh token information.",
"tags": [
"refresh-tokens"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID refresh token to retrieve",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "The refresh token was retrieved",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetRefreshTokenResponseContent"
}
}
}
},
"400": {
"description": "API doesn't support Online Refresh Tokens"
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation"
},
"403": {
"description": "Insufficient scope, expected: read:refresh_tokens"
},
"404": {
"description": "The refresh token does not exist."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_refresh_token",
"x-release-lifecycle": "GA",
"x-operation-name": "get",
"x-operation-group": "refreshTokens",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:refresh_tokens"
]
}
]
},
"delete": {
"summary": "Delete a refresh token",
"description": "Delete a refresh token by its ID.",
"tags": [
"refresh-tokens"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the refresh token to delete.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"202": {
"description": "Refresh token deletion request accepted."
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause.",
"x-description-1": "API doesn't support Online Refresh Tokens. To revoke an Online Refresh Token, use the Sessions API: POST /api/v2/sessions/{session_id}/revoke"
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected: delete:refresh_tokens"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "delete_refresh_token",
"x-release-lifecycle": "GA",
"x-operation-name": "delete",
"x-operation-group": "refreshTokens",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"delete:refresh_tokens"
]
}
]
},
"patch": {
"summary": "Update a refresh token",
"description": "Update a refresh token by its ID.",
"tags": [
"refresh-tokens"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the refresh token to update.",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateRefreshTokenRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/UpdateRefreshTokenRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "Refresh token successfully updated.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateRefreshTokenResponseContent"
}
}
}
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause.",
"x-description-1": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected: update:refresh_tokens.",
"x-description-1": "The account is not allowed to perform this operation.",
"x-description-2": "Subscription missing entitlement.",
"x-description-3": "This feature is not enabled for this tenant."
},
"404": {
"description": "The refresh token does not exist."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "patch_refresh-tokens_by_id",
"x-release-lifecycle": "GA",
"x-operation-name": "update",
"x-operation-group": "refreshTokens",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:refresh_tokens"
]
}
]
}
},
"/resource-servers": {
"get": {
"summary": "Get resource servers",
"description": "Retrieve details of all APIs associated with your tenant.",
"tags": [
"resource-servers"
],
"parameters": [
{
"name": "identifiers",
"in": "query",
"description": "An optional filter on the resource server identifier. Must be URL encoded and may be specified multiple times (max 10).from: Optional id from which to start selection.take: The total amount of entries to retrieve when using the from parameter. Defaults to 50.from parameter. If there are more results, a next value is included in the response. You can use this for subsequent API calls. When next is no longer included in the response, no pages are remaining.\n",
"tags": [
"roles"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the role to retrieve a list of users associated with.",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "per_page",
"in": "query",
"description": "Number of results per page. Defaults to 50.",
"schema": {
"type": "integer",
"minimum": 1,
"maximum": 100
}
},
{
"name": "page",
"in": "query",
"description": "Page index of the results to return. First page is 0.",
"schema": {
"type": "integer",
"minimum": 0
}
},
{
"name": "include_totals",
"in": "query",
"description": "Return results inside an object that contains the total result count (true) or as a direct array of results (false, default).",
"schema": {
"type": "boolean"
}
},
{
"name": "from",
"in": "query",
"description": "Optional Id from which to start selection.",
"schema": {
"type": "string"
}
},
{
"name": "take",
"in": "query",
"description": "Number of results per page. Defaults to 50.",
"schema": {
"type": "integer",
"minimum": 1,
"maximum": 100
}
}
],
"responses": {
"200": {
"description": "Role users successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ListRoleUsersResponseContent"
}
}
}
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause.",
"x-description-1": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected all of: read:users, read:roles."
},
"404": {
"description": "Role not found."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_role_user",
"x-release-lifecycle": "GA",
"x-operation-name": "list",
"x-operation-request-parameters-name": "ListRoleUsersRequestParameters",
"x-operation-group": [
"roles",
"users"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:users",
"read:roles",
"read:role_members"
]
}
]
},
"post": {
"summary": "Assign users to a role",
"description": "Assign one or more users to an existing user role. To learn more, review Role-Based Access Control.\n\nNote: New roles cannot be created through this action.\n",
"tags": [
"roles"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the role to assign users to.",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AssignRoleUsersRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/AssignRoleUsersRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "Role users successfully updated."
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause.",
"x-description-1": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected: update:roles."
},
"404": {
"description": "Role not found.",
"x-description-1": "One or more of the users do not exist."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "post_role_users",
"x-release-lifecycle": "GA",
"x-operation-name": "assign",
"x-operation-group": [
"roles",
"users"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:roles",
"create:role_members"
]
}
]
}
},
"/rules": {
"get": {
"summary": "Get rules",
"description": "Retrieve a filtered list of rules. Accepts a list of fields to include or exclude.\n",
"tags": [
"rules"
],
"parameters": [
{
"name": "page",
"in": "query",
"description": "Page index of the results to return. First page is 0.",
"schema": {
"type": "integer",
"minimum": 0
}
},
{
"name": "per_page",
"in": "query",
"description": "Number of results per page.",
"schema": {
"type": "integer",
"minimum": 0,
"maximum": 100
}
},
{
"name": "include_totals",
"in": "query",
"description": "Return results inside an object that contains the total result count (true) or as a direct array of results (false, default).",
"schema": {
"type": "boolean"
}
},
{
"name": "enabled",
"in": "query",
"description": "Optional filter on whether a rule is enabled (true) or disabled (false).",
"schema": {
"type": "boolean"
}
},
{
"name": "fields",
"in": "query",
"description": "Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields.",
"schema": {
"type": "string",
"pattern": "^((name)|(enabled)|(script)|(order)|(id)|(stage))(,((name)|(enabled)|(script)|(order)|(id)|(stage)))*$"
}
},
{
"name": "include_fields",
"in": "query",
"description": "Whether specified fields are to be included (true) or excluded (false).",
"schema": {
"type": "boolean"
}
}
],
"responses": {
"200": {
"description": "Rules successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ListRulesResponseContent"
}
}
}
},
"400": {
"description": "Invalid request query string. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: read:rules."
},
"404": {
"description": "Rule not found."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_rules",
"x-release-lifecycle": "GA",
"x-operation-name": "list",
"x-operation-request-parameters-name": "ListRulesRequestParameters",
"x-operation-group": "rules",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:rules"
]
}
]
},
"post": {
"summary": "Create a rule",
"description": "Create a new rule.\n\nNote: Changing a rule's stage of execution from the default login_success can change the rule's function signature to have user omitted.\n",
"tags": [
"rules"
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateRuleRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/CreateRuleRequestContent"
}
}
}
},
"responses": {
"201": {
"description": "Rule successfully created.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateRuleResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: read:rules.",
"x-description-1": "You reached the limit of entities of this type for this tenant."
},
"409": {
"description": "A rule with the same name already exists.",
"x-description-1": "A rule with the same order already exists.",
"x-description-2": "A rule with the same execution stage already exists."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "post_rules",
"x-release-lifecycle": "GA",
"x-operation-name": "create",
"x-operation-group": "rules",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:rules"
]
}
]
}
},
"/rules-configs": {
"get": {
"summary": "Retrieve config variable keys for rules (get_rules-configs)",
"description": "Retrieve rules config variable keys.\n\n Note: For security, config variable values cannot be retrieved outside rule execution.",
"tags": [
"rules-configs"
],
"responses": {
"200": {
"description": "Rules config keys successfully retrieved.",
"content": {
"application/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/RulesConfig"
}
}
}
}
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: read:rules_configs."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_rules-configs",
"x-release-lifecycle": "GA",
"x-operation-name": "list",
"x-operation-group": "rulesConfigs",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:rules_configs"
]
}
]
}
},
"/rules-configs/{key}": {
"delete": {
"summary": "Delete rules config for a given key",
"description": "Delete a rules config variable identified by its key.",
"tags": [
"rules-configs"
],
"parameters": [
{
"name": "key",
"in": "path",
"description": "Key of the rules config variable to delete.",
"required": true,
"schema": {
"type": "string",
"minLength": 1,
"maxLength": 127,
"pattern": "^[A-Za-z0-9_\\-@*+:]*$"
}
}
],
"responses": {
"204": {
"description": "Rules config variable successfully removed."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: update:rules_configs."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "delete_rules-configs_by_key",
"x-release-lifecycle": "GA",
"x-operation-name": "delete",
"x-operation-group": "rulesConfigs",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"delete:rules_configs"
]
}
]
},
"put": {
"summary": "Set rules config for a given key",
"description": "Sets a rules config variable.",
"tags": [
"rules-configs"
],
"parameters": [
{
"name": "key",
"in": "path",
"description": "Key of the rules config variable to set (max length: 127 characters).",
"required": true,
"schema": {
"type": "string",
"minLength": 1,
"maxLength": 127,
"pattern": "^[A-Za-z0-9_\\-@*+:]*$"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SetRulesConfigRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/SetRulesConfigRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "Rules config variable successfully set.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SetRulesConfigResponseContent"
}
}
}
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: update:rules_configs."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "put_rules-configs_by_key",
"x-release-lifecycle": "GA",
"x-operation-name": "set",
"x-operation-group": "rulesConfigs",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:rules_configs"
]
}
]
}
},
"/rules/{id}": {
"get": {
"summary": "Get a rule",
"description": "Retrieve rule details. Accepts a list of fields to include or exclude in the result.\n",
"tags": [
"rules"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the rule to retrieve.",
"required": true,
"schema": {
"type": "string",
"pattern": "^rul_[A-Za-z0-9]{16}$"
}
},
{
"name": "fields",
"in": "query",
"description": "Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields.",
"schema": {
"type": "string",
"pattern": "^((name)|(enabled)|(script)|(order)|(id)|(stage))(,((name)|(enabled)|(script)|(order)|(id)|(stage)))*$"
}
},
{
"name": "include_fields",
"in": "query",
"description": "Whether specified fields are to be included (true) or excluded (false).",
"schema": {
"type": "boolean"
}
}
],
"responses": {
"200": {
"description": "Rule successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetRuleResponseContent"
}
}
}
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause.",
"x-description-1": "Invalid request query string. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: read:rules."
},
"404": {
"description": "Rule not found."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_rules_by_id",
"x-release-lifecycle": "GA",
"x-operation-name": "get",
"x-operation-request-parameters-name": "GetRuleRequestParameters",
"x-operation-group": "rules",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:rules"
]
}
]
},
"delete": {
"summary": "Delete a rule",
"description": "Delete a rule.\n",
"tags": [
"rules"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the rule to delete.",
"required": true,
"schema": {
"type": "string",
"pattern": "^rul_[A-Za-z0-9]{16}$"
}
}
],
"responses": {
"204": {
"description": "Rule successfully deleted."
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: delete:rules."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "delete_rules_by_id",
"x-release-lifecycle": "GA",
"x-operation-name": "delete",
"x-operation-group": "rules",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"delete:rules"
]
}
]
},
"patch": {
"summary": "Update a rule",
"description": "Update an existing rule.\n",
"tags": [
"rules"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the rule to retrieve.",
"required": true,
"schema": {
"type": "string",
"pattern": "^rul_[A-Za-z0-9]{16}$"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateRuleRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/UpdateRuleRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "Rule successfully updated.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateRuleResponseContent"
}
}
}
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause.",
"x-description-1": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: update:rules."
},
"404": {
"description": "Rule not found."
},
"409": {
"description": "A rule with the same name already exists."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "patch_rules_by_id",
"x-release-lifecycle": "GA",
"x-operation-name": "update",
"x-operation-group": "rules",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:rules"
]
}
]
}
},
"/self-service-profiles": {
"get": {
"summary": "Get self-service profiles",
"description": "Retrieves self-service profiles.\n",
"tags": [
"self-service-profiles"
],
"parameters": [
{
"name": "page",
"in": "query",
"description": "Page index of the results to return. First page is 0.",
"schema": {
"type": "integer",
"minimum": 0
}
},
{
"name": "per_page",
"in": "query",
"description": "Number of results per page. Defaults to 50.",
"schema": {
"type": "integer",
"minimum": 1,
"maximum": 100
}
},
{
"name": "include_totals",
"in": "query",
"description": "Return results inside an object that contains the total result count (true) or as a direct array of results (false, default).",
"schema": {
"type": "boolean"
}
}
],
"responses": {
"200": {
"description": "List of existing profiles.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ListSelfServiceProfilesResponseContent"
}
}
}
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope, expected: read:self_service_profiles."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
},
"500": {
"description": "Internal error."
}
},
"operationId": "get_self-service-profiles",
"x-release-lifecycle": "GA",
"x-operation-name": "list",
"x-operation-request-parameters-name": "ListSelfServiceProfilesRequestParameters",
"x-operation-group": "selfServiceProfiles",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:self_service_profiles"
]
}
]
},
"post": {
"summary": "Create a self-service profile",
"description": "Creates a self-service profile.\n",
"tags": [
"self-service-profiles"
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateSelfServiceProfileRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/CreateSelfServiceProfileRequestContent"
}
}
}
},
"responses": {
"201": {
"description": "Self-service profile successfully created.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateSelfServiceProfileResponseContent"
}
}
}
},
"400": {
"description": "Invalid Request Body."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope, expected: create:self_service_profiles."
},
"409": {
"description": "No more profiles can be created for this tenant."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
},
"500": {
"description": "Internal error."
}
},
"operationId": "post_self-service-profiles",
"x-release-lifecycle": "GA",
"x-operation-name": "create",
"x-operation-group": "selfServiceProfiles",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:self_service_profiles"
]
}
]
}
},
"/self-service-profiles/{id}": {
"get": {
"summary": "Get a self-service profile by Id",
"description": "Retrieves a self-service profile by Id.",
"tags": [
"self-service-profiles"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The id of the self-service profile to retrieve",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Record for existing self-service profile.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetSelfServiceProfileResponseContent"
}
}
}
},
"400": {
"description": "Invalid Request."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope, expected: read:self_service_profiles."
},
"404": {
"description": "Self-service profile not found"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
},
"500": {
"description": "Internal error."
}
},
"operationId": "get_self-service-profiles_by_id",
"x-release-lifecycle": "GA",
"x-operation-name": "get",
"x-operation-group": "selfServiceProfiles",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:self_service_profiles"
]
}
]
},
"delete": {
"summary": "Delete a self-service profile by Id",
"description": "Deletes a self-service profile by Id.",
"tags": [
"self-service-profiles"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The id of the self-service profile to delete",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"204": {
"description": "Self-service profile successfully deleted."
},
"400": {
"description": "Invalid Request."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope, expected: delete:self_service_profiles."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
},
"500": {
"description": "Internal error."
}
},
"operationId": "delete_self-service-profiles_by_id",
"x-release-lifecycle": "GA",
"x-operation-name": "delete",
"x-operation-group": "selfServiceProfiles",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"delete:self_service_profiles"
]
}
]
},
"patch": {
"summary": "Update a self-service profile",
"description": "Updates a self-service profile.",
"tags": [
"self-service-profiles"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The id of the self-service profile to update",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateSelfServiceProfileRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/UpdateSelfServiceProfileRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "Self-service profile successfully updated.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateSelfServiceProfileResponseContent"
}
}
}
},
"400": {
"description": "Invalid Request."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope, expected: update:self_service_profiles."
},
"404": {
"description": "Self-service profile not found"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
},
"500": {
"description": "Internal error."
}
},
"operationId": "patch_self-service-profiles_by_id",
"x-release-lifecycle": "GA",
"x-operation-name": "update",
"x-operation-group": "selfServiceProfiles",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:self_service_profiles"
]
}
]
}
},
"/self-service-profiles/{id}/custom-text/{language}/{page}": {
"get": {
"summary": "Get custom text for a self-service profile",
"description": "Retrieves text customizations for a given self-service profile, language and Self-Service Enterprise Configuration flow page.\n",
"tags": [
"self-service-profiles"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The id of the self-service profile.",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "language",
"in": "path",
"description": "The language of the custom text.",
"required": true,
"schema": {
"$ref": "#/components/schemas/SelfServiceProfileCustomTextLanguageEnum"
}
},
{
"name": "page",
"in": "path",
"description": "The page where the custom text is shown.",
"required": true,
"schema": {
"$ref": "#/components/schemas/SelfServiceProfileCustomTextPageEnum"
}
}
],
"responses": {
"200": {
"description": "Retrieved custom text.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ListSelfServiceProfileCustomTextResponseContent"
}
}
}
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: read:self_service_profile_custom_texts."
},
"404": {
"description": "Self-service profile not found."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_self_service_profile_custom_text",
"x-release-lifecycle": "GA",
"x-operation-name": "list",
"x-operation-group": [
"selfServiceProfiles",
"customText"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:self_service_profile_custom_texts"
]
}
]
},
"put": {
"summary": "Set custom text for a self-service profile",
"description": "Updates text customizations for a given self-service profile, language and Self-Service Enterprise Configuration flow page.\n",
"tags": [
"self-service-profiles"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The id of the self-service profile.",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "language",
"in": "path",
"description": "The language of the custom text.",
"required": true,
"schema": {
"$ref": "#/components/schemas/SelfServiceProfileCustomTextLanguageEnum"
}
},
{
"name": "page",
"in": "path",
"description": "The page where the custom text is shown.",
"required": true,
"schema": {
"$ref": "#/components/schemas/SelfServiceProfileCustomTextPageEnum"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SetSelfServiceProfileCustomTextRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/SetSelfServiceProfileCustomTextRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "Updated custom text.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SetSelfServiceProfileCustomTextResponseContent"
}
}
}
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: update:self_service_profile_custom_texts."
},
"404": {
"description": "Self-service profile not found."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "put_self_service_profile_custom_text",
"x-release-lifecycle": "GA",
"x-operation-name": "set",
"x-operation-group": [
"selfServiceProfiles",
"customText"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:self_service_profile_custom_texts"
]
}
]
}
},
"/self-service-profiles/{id}/sso-ticket": {
"post": {
"summary": "Create an access ticket to initiate the Self-Service Enterprise Configuration flow",
"description": "Creates an access ticket to initiate the Self-Service Enterprise Configuration flow using a self-service profile.\n",
"tags": [
"self-service-profiles"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The id of the self-service profile to retrieve",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateSelfServiceProfileSsoTicketRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/CreateSelfServiceProfileSsoTicketRequestContent"
}
}
}
},
"responses": {
"201": {
"description": "Self-Service Enterprise Configuration Access Ticket successfully created.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateSelfServiceProfileSsoTicketResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: create:sso_access_tickets."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "post_sso-ticket",
"x-release-lifecycle": "GA",
"x-operation-name": "create",
"x-operation-group": [
"selfServiceProfiles",
"ssoTicket"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:sso_access_tickets"
]
}
]
}
},
"/self-service-profiles/{profileId}/sso-ticket/{id}/revoke": {
"post": {
"summary": "Revoke a Self-Service Enterprise Configuration access ticket",
"description": "Revokes a Self-Service Enterprise Configuration access ticket and invalidates associated sessions. The ticket will no longer be accepted to initiate a Self-Service Enterprise Configuration session. If any users have already started a session through this ticket, their session will be terminated. Clients should expect a `202 Accepted` response upon successful processing, indicating that the request has been acknowledged and that the revocation is underway but may not be fully completed at the time of response. If the specified ticket does not exist, a `202 Accepted` response is also returned, signaling that no further action is required.\nClients should treat these `202` responses as an acknowledgment that the request has been accepted and is in progress, even if the ticket was not found.\n",
"tags": [
"self-service-profiles"
],
"parameters": [
{
"name": "profileId",
"in": "path",
"description": "The id of the self-service profile",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "id",
"in": "path",
"description": "The id of the ticket to revoke",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"202": {
"description": "Self-Service Enterprise Configuration Access Ticket revocation request accepted."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: delete:sso_access_tickets."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "post_revoke",
"x-release-lifecycle": "GA",
"x-operation-name": "revoke",
"x-operation-group": [
"selfServiceProfiles",
"ssoTicket"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"delete:sso_access_tickets"
]
}
]
}
},
"/sessions/{id}": {
"get": {
"summary": "Get session",
"description": "Retrieve session information.",
"tags": [
"sessions"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of session to retrieve",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "The session was retrieved",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetSessionResponseContent"
}
}
}
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation"
},
"403": {
"description": "Insufficient scope, expected any of: read:sessions"
},
"404": {
"description": "The session does not exist."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_session",
"x-release-lifecycle": "GA",
"x-operation-name": "get",
"x-operation-group": "sessions",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:sessions"
]
}
]
},
"delete": {
"summary": "Delete session",
"description": "Delete a session by ID.",
"tags": [
"sessions"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the session to delete.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"202": {
"description": "Session deletion request accepted."
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected: delete:sessions"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "delete_session",
"x-release-lifecycle": "GA",
"x-operation-name": "delete",
"x-operation-group": "sessions",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"delete:sessions"
]
}
]
},
"patch": {
"summary": "Update session",
"description": "Update session information.",
"tags": [
"sessions"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the session to update.",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateSessionRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/UpdateSessionRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "Session successfully updated.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateSessionResponseContent"
}
}
}
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause.",
"x-description-1": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected: update:sessions.",
"x-description-1": "The account is not allowed to perform this operation.",
"x-description-2": "Subscription missing entitlement.",
"x-description-3": "This feature is not enabled for this tenant."
},
"404": {
"description": "The session does not exist."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "patch_sessions_by_id",
"x-release-lifecycle": "GA",
"x-operation-name": "update",
"x-operation-group": "sessions",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:sessions"
]
}
]
}
},
"/sessions/{id}/revoke": {
"post": {
"summary": "Revokes a session",
"description": "Revokes a session by ID and all associated refresh tokens.",
"tags": [
"sessions"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the session to revoke.",
"required": true,
"schema": {
"type": "string",
"maxLength": 50
}
}
],
"responses": {
"202": {
"description": "Session deletion request accepted."
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected: delete:sessions"
},
"404": {
"description": "The session does not exist."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "revoke_session",
"x-release-lifecycle": "GA",
"x-operation-name": "revoke",
"x-operation-group": "sessions",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"delete:sessions",
"delete:refresh_tokens"
]
}
]
}
},
"/stats/active-users": {
"get": {
"summary": "Get active users count",
"description": "Retrieve the number of active users that logged in during the last 30 days.",
"tags": [
"stats"
],
"responses": {
"200": {
"description": "Number of active users successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetActiveUsersCountStatsResponseContent"
}
}
}
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: read:stats."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_active-users",
"x-release-lifecycle": "GA",
"x-operation-name": "getActiveUsersCount",
"x-operation-group": "stats",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:stats"
]
}
]
}
},
"/stats/daily": {
"get": {
"summary": "Get daily stats",
"description": "Retrieve the number of logins, signups and breached-password detections (subscription required) that occurred each day within a specified date range.",
"tags": [
"stats"
],
"parameters": [
{
"name": "from",
"in": "query",
"description": "Optional first day of the date range (inclusive) in YYYYMMDD format.",
"schema": {
"type": "string",
"pattern": "^2[0-9]{3}((0[1-9])|(1[0-2]))((0[1-9])|([12][0-9])|(3[01]))$"
}
},
{
"name": "to",
"in": "query",
"description": "Optional last day of the date range (inclusive) in YYYYMMDD format.",
"schema": {
"type": "string",
"pattern": "^2[0-9]{3}((0[1-9])|(1[0-2]))((0[1-9])|([12][0-9])|(3[01]))$"
}
}
],
"responses": {
"200": {
"description": "Daily stats successfully retrieved.",
"content": {
"application/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/DailyStats"
}
}
}
}
},
"400": {
"description": "Invalid request query. The message will vary depending on the cause.",
"x-description-1": "'from' date cannot be greater than 'to' date."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: read:stats."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_daily",
"x-release-lifecycle": "GA",
"x-operation-name": "getDaily",
"x-operation-request-parameters-name": "GetDailyStatsRequestParameters",
"x-operation-group": "stats",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:stats"
]
}
]
}
},
"/supplemental-signals": {
"get": {
"summary": "Get the supplemental signals configuration for a tenant",
"description": "Get the supplemental signals configuration for a tenant.",
"tags": [
"supplemental-signals"
],
"responses": {
"200": {
"description": "Supplemental Signals configuration successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetSupplementalSignalsResponseContent"
}
}
}
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: read:attack_protection."
},
"404": {
"description": "Supplemental Signals configuration not found."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_supplemental-signals",
"x-release-lifecycle": "EA",
"x-operation-name": "get",
"x-operation-group": "supplementalSignals",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:attack_protection"
]
}
]
},
"patch": {
"summary": "Update the supplemental signals configuration for a tenant",
"description": "Update the supplemental signals configuration for a tenant.",
"tags": [
"supplemental-signals"
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateSupplementalSignalsRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/UpdateSupplementalSignalsRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "Supplemental Signals configuration successfully updated.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/PatchSupplementalSignalsResponseContent"
}
}
}
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: update:attack_protection."
},
"404": {
"description": "Supplemental Signals configuration not found."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "patch_supplemental-signals",
"x-release-lifecycle": "EA",
"x-operation-name": "patch",
"x-operation-group": "supplementalSignals",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:attack_protection"
]
}
]
}
},
"/tenants/settings": {
"get": {
"summary": "Get tenant settings",
"description": "Retrieve tenant settings. A list of fields to include or exclude may also be specified.",
"tags": [
"tenants"
],
"parameters": [
{
"name": "fields",
"in": "query",
"description": "Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields.",
"schema": {
"type": "string",
"pattern": "^((allowed_logout_urls)|(change_password)|(default_token_quota)|(error_page)|(flags)|(friendly_name)|(picture_url)|(support_email)|(support_url)|(session_lifetime)|(default_audience)|(default_directory)|(device_flow)|(idle_session_lifetime)|(ephemeral_session_lifetime)|(idle_ephemeral_session_lifetime)|(default_redirection_uri)|(universal_login)|(universal_login\\.colors)|(universal_login\\.passwordless)|(enabled_locales)|(session_cookie)|(sessions)|(oidc_logout)|(allow_organization_name_in_authentication_api)|(mtls)|(customize_mfa_in_postlogin_action)|(skip_non_verifiable_callback_uri_confirmation_prompt)|(resource_parameter_profile)|(enable_ai_guide)|(client_id_metadata_document_supported)|(phone_consolidated_experience))(,((allowed_logout_urls)|(change_password)|(default_token_quota)|(error_page)|(flags)|(friendly_name)|(picture_url)|(support_email)|(support_url)|(session_lifetime)|(default_audience)|(default_directory)|(device_flow)|(idle_session_lifetime)|(ephemeral_session_lifetime)|(idle_ephemeral_session_lifetime)|(default_redirection_uri)|(universal_login)|(universal_login\\.colors)|(universal_login\\.passwordless)|(enabled_locales)|(session_cookie)|(sessions)|(oidc_logout)|(allow_organization_name_in_authentication_api)|(mtls)|(customize_mfa_in_postlogin_action)|(skip_non_verifiable_callback_uri_confirmation_prompt)|(resource_parameter_profile)|(enable_ai_guide)|(client_id_metadata_document_supported)|(phone_consolidated_experience)))*$"
}
},
{
"name": "include_fields",
"in": "query",
"description": "Whether specified fields are to be included (true) or excluded (false).",
"schema": {
"type": "boolean"
}
}
],
"responses": {
"200": {
"description": "Tenant settings successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetTenantSettingsResponseContent"
}
}
}
},
"400": {
"description": "Invalid request query string. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "The specified client cannot perform the requested operation.",
"x-description-1": "Insufficient scope; expected any of: read:tenant_settings."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "tenant_settings_route",
"x-release-lifecycle": "GA",
"x-operation-name": "get",
"x-operation-request-parameters-name": "GetTenantSettingsRequestParameters",
"x-operation-group": [
"tenants",
"settings"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:tenant_settings"
]
}
]
},
"patch": {
"summary": "Update tenant settings",
"description": "Update settings for a tenant.",
"tags": [
"tenants"
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateTenantSettingsRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/UpdateTenantSettingsRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "Tenant settings successfully updated.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateTenantSettingsResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: update:tenant_settings."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "patch_settings",
"x-release-lifecycle": "GA",
"x-operation-name": "update",
"x-operation-group": [
"tenants",
"settings"
],
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:tenant_settings"
]
}
]
}
},
"/tickets/email-verification": {
"post": {
"summary": "Create an email verification ticket",
"description": "Create an email verification ticket for a given user. An email verification ticket is a generated URL that the user can consume to verify their email address.\n",
"tags": [
"tickets"
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/VerifyEmailTicketRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/VerifyEmailTicketRequestContent"
}
}
}
},
"responses": {
"201": {
"description": "Ticket successfully created.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/VerifyEmailTicketResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause.",
"x-description-1": "The user does not have an email address.",
"x-description-2": "The user's main connection does not support this operation.",
"x-description-3": "An error ocurred in Auth0's identity provider.",
"x-description-4": "The connection with id {connection_id} does not exist.",
"x-description-5": "Identity connection does not exist.",
"x-description-6": "The user exists, but does not contain the given identity.",
"x-description-7": "The client does not exist",
"x-description-8": "The organization does not exist",
"x-description-9": "The user with id {user_id} is not a member of organization with id {organization_id}."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "User to be acted on does not match subject in bearer token.",
"x-description-1": "Insufficient scope; expected any of: create:user_tickets."
},
"404": {
"description": "User not found."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "post_email-verification",
"x-release-lifecycle": "GA",
"x-operation-name": "verifyEmail",
"x-operation-group": "tickets",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:user_tickets"
]
}
]
}
},
"/tickets/password-change": {
"post": {
"summary": "Create a password change ticket",
"description": "Create a password change ticket for a given user. A password change ticket is a generated URL that the user can consume to start a reset password flow.\n\nNote: This endpoint does not verify the given user’s identity. If you call this endpoint within your application, you must design your application to verify the user’s identity.\n",
"tags": [
"tickets"
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ChangePasswordTicketRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/ChangePasswordTicketRequestContent"
}
}
}
},
"responses": {
"201": {
"description": "Ticket successfully created.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ChangePasswordTicketResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause.",
"x-description-1": "The user does not have an email address.",
"x-description-2": "The user's main connection does not support this operation.",
"x-description-3": "An error ocurred in Auth0's identity provider.",
"x-description-4": "The connection with id {connection_id} does not exist.",
"x-description-5": "Identity connection does not exist.",
"x-description-6": "The user exists, but does not contain the given identity.",
"x-description-7": "The client does not exist",
"x-description-8": "The organization does not exist",
"x-description-9": "The user with id {user_id} is not a member of organization with id {organization_id}."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "User to be acted on does not match subject in bearer token.",
"x-description-1": "Insufficient scope; expected any of: create:user_tickets."
},
"404": {
"description": "User not found."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "post_password-change",
"x-release-lifecycle": "GA",
"x-operation-name": "changePassword",
"x-operation-group": "tickets",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:user_tickets"
]
}
]
}
},
"/token-exchange-profiles": {
"get": {
"summary": "Get token exchange profiles",
"description": "Retrieve a list of all Token Exchange Profiles available in your tenant.\n\nBy using this feature, you agree to the applicable Free Trial terms in Okta’s Master Subscription Agreement. It is your responsibility to securely validate the user’s subject_token. See User Guide for more details.\n\nThis endpoint supports Checkpoint pagination. To search by checkpoint, use the following parameters:\nfrom: Optional id from which to start selection.take: The total amount of entries to retrieve when using the from parameter. Defaults to 50.from parameter. If there are more results, a next value is included in the response. You can use this for subsequent API calls. When next is no longer included in the response, no pages are remaining.\n",
"tags": [
"token-exchange-profiles"
],
"parameters": [
{
"name": "from",
"in": "query",
"description": "Optional Id from which to start selection.",
"schema": {
"type": "string"
}
},
{
"name": "take",
"in": "query",
"description": "Number of results per page. Defaults to 50.",
"schema": {
"type": "integer",
"minimum": 1,
"maximum": 100
}
}
],
"responses": {
"200": {
"description": "Token Exchange Profile successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ListTokenExchangeProfileResponseContent"
}
}
}
},
"400": {
"description": "Invalid request query string. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: read:token_exchange_profiles."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_token-exchange-profiles",
"x-release-lifecycle": "EA",
"x-operation-name": "list",
"x-operation-group": "tokenExchangeProfiles",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:token_exchange_profiles"
]
}
]
},
"post": {
"summary": "Create a token exchange profile",
"description": "Create a new Token Exchange Profile within your tenant.\n\nBy using this feature, you agree to the applicable Free Trial terms in Okta’s Master Subscription Agreement. It is your responsibility to securely validate the user’s subject_token. See User Guide for more details.\n",
"tags": [
"token-exchange-profiles"
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateTokenExchangeProfileRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/CreateTokenExchangeProfileRequestContent"
}
}
}
},
"responses": {
"201": {
"description": "Token exchange profile successfully created.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateTokenExchangeProfileResponseContent"
}
}
}
},
"400": {
"description": "Type field must be custom",
"x-description-1": "Action is not deployed",
"x-description-2": "Action must have supported_triggers: custom-token-exchange",
"x-description-3": "Action not found",
"x-description-0": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "You reached the limit of entities of this type for this tenant.",
"x-description-0": "Insufficient scope; expected any of: create:token_exchange_profiles."
},
"409": {
"description": "subject_token_type already exists for tenant"
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "post_token-exchange-profiles",
"x-release-lifecycle": "EA",
"x-operation-name": "create",
"x-operation-group": "tokenExchangeProfiles",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:token_exchange_profiles"
]
}
]
}
},
"/token-exchange-profiles/{id}": {
"get": {
"summary": "Get a token exchange profile",
"description": "Retrieve details about a single Token Exchange Profile specified by ID.\n\nBy using this feature, you agree to the applicable Free Trial terms in Okta’s Master Subscription Agreement. It is your responsibility to securely validate the user’s subject_token. See User Guide for more details.\n",
"tags": [
"token-exchange-profiles"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the Token Exchange Profile to retrieve.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Token Exchange Profile successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetTokenExchangeProfileResponseContent"
}
}
}
},
"400": {
"description": "Invalid request query string. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: read:token_exchange_profiles."
},
"404": {
"description": "Token Exchange Profile not found."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_token-exchange-profiles_by_id",
"x-release-lifecycle": "EA",
"x-operation-name": "get",
"x-operation-group": "tokenExchangeProfiles",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:token_exchange_profiles"
]
}
]
},
"delete": {
"summary": "Delete a token exchange profile",
"description": "Delete a Token Exchange Profile within your tenant.\n\nBy using this feature, you agree to the applicable Free Trial terms in Okta's Master Subscription Agreement. It is your responsibility to securely validate the user's subject_token. See User Guide for more details.\n\n",
"tags": [
"token-exchange-profiles"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the Token Exchange Profile to delete.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"204": {
"description": "Token Exchange Profile successfully deleted."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: delete:token_exchange_profiles."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "delete_token-exchange-profiles_by_id",
"x-release-lifecycle": "EA",
"x-operation-name": "delete",
"x-operation-group": "tokenExchangeProfiles",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"delete:token_exchange_profiles"
]
}
]
},
"patch": {
"summary": "Update an existing token exchange profile",
"description": "Update a Token Exchange Profile within your tenant.\n\nBy using this feature, you agree to the applicable Free Trial terms in Okta's Master Subscription Agreement. It is your responsibility to securely validate the user's subject_token. See User Guide for more details.\n\n",
"tags": [
"token-exchange-profiles"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the Token Exchange Profile to update.",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateTokenExchangeProfileRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/UpdateTokenExchangeProfileRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "Token exchange profile successfully updated."
},
"400": {
"description": "subject_token_type already exists for tenant",
"x-description-1": "Unable to update field.",
"x-description-0": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: update:token_exchange_profiles."
},
"404": {
"description": "Token exchange profile not found."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "patch_token-exchange-profiles_by_id",
"x-release-lifecycle": "EA",
"x-operation-name": "update",
"x-operation-group": "tokenExchangeProfiles",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:token_exchange_profiles"
]
}
]
}
},
"/user-attribute-profiles": {
"get": {
"summary": "Get User Attribute Profiles",
"description": "Retrieve a list of User Attribute Profiles. This endpoint supports Checkpoint pagination.\n",
"tags": [
"user-attribute-profiles"
],
"parameters": [
{
"name": "from",
"in": "query",
"description": "Optional Id from which to start selection.",
"schema": {
"type": "string"
}
},
{
"name": "take",
"in": "query",
"description": "Number of results per page. Defaults to 5.",
"schema": {
"type": "integer",
"minimum": 1
}
}
],
"responses": {
"200": {
"description": "User Attribute Profiles successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ListUserAttributeProfilesPaginatedResponseContent"
}
}
}
},
"400": {
"description": "Invalid request query string. The message will vary depending on the cause.",
"x-description-1": "Invalid query string paging options. The message will vary depending on the cause"
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: read:user_attribute_profiles."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_user-attribute-profiles",
"x-release-lifecycle": "EA",
"x-operation-name": "list",
"x-operation-request-parameters-name": "ListUserAttributeProfileRequestParameters",
"x-operation-group": "userAttributeProfiles",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:user_attribute_profiles"
]
}
]
},
"post": {
"summary": "Post User Attribute Profile",
"description": "Create a User Attribute Profile",
"tags": [
"user-attribute-profiles"
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateUserAttributeProfileRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/CreateUserAttributeProfileRequestContent"
}
}
}
},
"responses": {
"201": {
"description": "User attribute successfully created.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateUserAttributeProfileResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: create:user_attribute_profiles."
},
"409": {
"description": "User attribute profile conflict."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "post_user-attribute-profiles",
"x-release-lifecycle": "EA",
"x-operation-name": "create",
"x-operation-group": "userAttributeProfiles",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:user_attribute_profiles"
]
}
]
}
},
"/user-attribute-profiles/templates": {
"get": {
"summary": "Get User Attribute Profile Templates",
"description": "Retrieve a list of User Attribute Profile Templates.\n",
"tags": [
"user-attribute-profiles"
],
"responses": {
"200": {
"description": "User Attribute Profile Templates successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ListUserAttributeProfileTemplateResponseContent"
}
}
}
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: read:user_attribute_profiles."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_user_attribute_profile_templates",
"x-release-lifecycle": "EA",
"x-operation-name": "listTemplates",
"x-operation-group": "userAttributeProfiles",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:user_attribute_profiles"
]
}
]
}
},
"/user-attribute-profiles/templates/{id}": {
"get": {
"summary": "Get User Attribute Profile Template",
"description": "Retrieve a User Attribute Profile Template.\n",
"tags": [
"user-attribute-profiles"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the user-attribute-profile-template to retrieve.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "User Attribute Profile Template successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetUserAttributeProfileTemplateResponseContent"
}
}
}
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: read:user_attribute_profiles."
},
"404": {
"description": "User attribute profile template not found."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_user_attribute_profile_template",
"x-release-lifecycle": "EA",
"x-operation-name": "getTemplate",
"x-operation-group": "userAttributeProfiles",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:user_attribute_profiles"
]
}
]
}
},
"/user-attribute-profiles/{id}": {
"get": {
"summary": "Get User Attribute Profile",
"description": "Retrieve details about a single User Attribute Profile specified by ID. ",
"tags": [
"user-attribute-profiles"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the user-attribute-profile to retrieve.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Record for existing user attribute profile.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetUserAttributeProfileResponseContent"
}
}
}
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: read:user-attribute-profiles."
},
"404": {
"description": "User attribute profile not found."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_user-attribute-profiles_by_id",
"x-release-lifecycle": "EA",
"x-operation-name": "get",
"x-operation-group": "userAttributeProfiles",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:user_attribute_profiles"
]
}
]
},
"delete": {
"summary": "Delete User Attribute Profile",
"description": "Delete a single User Attribute Profile specified by ID.\n",
"tags": [
"user-attribute-profiles"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the user-attribute-profile to delete.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"204": {
"description": "User attribute profile successfully deleted."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: delete:user-attribute-profiles."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "delete_user-attribute-profiles_by_id",
"x-release-lifecycle": "EA",
"x-operation-name": "delete",
"x-operation-group": "userAttributeProfiles",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"delete:user_attribute_profiles"
]
}
]
},
"patch": {
"summary": "Modify a user attribute profile",
"description": "Update the details of a specific User attribute profile, such as name, user_id and user_attributes.\n",
"tags": [
"user-attribute-profiles"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the user attribute profile to update.",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateUserAttributeProfileRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/UpdateUserAttributeProfileRequestContent"
}
}
}
},
"responses": {
"200": {
"description": "User attribute profile successfully updated.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateUserAttributeProfileResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Client is not global."
},
"403": {
"description": "Insufficient scope; expected any of: update:user_attribute_profiles."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "patch_user-attribute-profiles_by_id",
"x-release-lifecycle": "EA",
"x-operation-name": "update",
"x-operation-group": "userAttributeProfiles",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:user_attribute_profiles"
]
}
]
}
},
"/user-blocks": {
"get": {
"summary": "Get blocks by identifier",
"description": "Retrieve details of all Brute-force Protection blocks for a user with the given identifier (username, phone number, or email).",
"tags": [
"user-blocks"
],
"parameters": [
{
"name": "identifier",
"in": "query",
"description": "Should be any of a username, phone number, or email.",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "consider_brute_force_enablement",
"in": "query",
"description": "\n If true and Brute Force Protection is enabled and configured to block logins, will return a list of blocked IP addresses.\n If true and Brute Force Protection is disabled, will return an empty list.\n ",
"schema": {
"type": "boolean"
}
}
],
"responses": {
"200": {
"description": "User successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ListUserBlocksByIdentifierResponseContent"
}
}
}
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause.",
"x-description-1": "Invalid request query string. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope; expected any of: read:users."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_user-blocks",
"x-release-lifecycle": "GA",
"x-operation-name": "listByIdentifier",
"x-operation-request-parameters-name": "ListUserBlocksByIdentifierRequestParameters",
"x-operation-group": "userBlocks",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:users"
]
}
]
},
"delete": {
"summary": "Unblock by identifier",
"description": "Remove all Brute-force Protection blocks for the user with the given identifier (username, phone number, or email).\n\nNote: This endpoint does not unblock users that were blocked by a tenant administrator.\n",
"tags": [
"user-blocks"
],
"parameters": [
{
"name": "identifier",
"in": "query",
"description": "Should be any of a username, phone number, or email.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"204": {
"description": "User successfully unblocked."
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause.",
"x-description-1": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Some fields cannot be read with the permissions granted by the bearer token scopes. The message will vary depending on the fields and the scopes.",
"x-description-1": "Insufficient scope; expected any of: update:users."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "delete_user-blocks",
"x-release-lifecycle": "GA",
"x-operation-name": "deleteByIdentifier",
"x-operation-request-parameters-name": "DeleteUserBlocksByIdentifierRequestParameters",
"x-operation-group": "userBlocks",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:users"
]
}
]
}
},
"/user-blocks/{id}": {
"get": {
"summary": "Get a user's blocks",
"description": "Retrieve details of all Brute-force Protection blocks for the user with the given ID.\n",
"tags": [
"user-blocks"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "user_id of the user blocks to retrieve.",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "consider_brute_force_enablement",
"in": "query",
"description": "\n If true and Brute Force Protection is enabled and configured to block logins, will return a list of blocked IP addresses.\n If true and Brute Force Protection is disabled, will return an empty list.\n ",
"schema": {
"type": "boolean"
}
}
],
"responses": {
"200": {
"description": "User block successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ListUserBlocksResponseContent"
}
}
}
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause.",
"x-description-1": "Invalid request query string. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "User to be acted on does not match subject in bearer token.",
"x-description-1": "Insufficient scope; expected any of: read:users."
},
"404": {
"description": "User not found."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_user-blocks_by_id",
"x-release-lifecycle": "GA",
"x-operation-name": "list",
"x-operation-request-parameters-name": "ListUserBlocksRequestParameters",
"x-operation-group": "userBlocks",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:users"
]
}
]
},
"delete": {
"summary": "Unblock a user",
"description": "Remove all Brute-force Protection blocks for the user with the given ID.\n\nNote: This endpoint does not unblock users that were blocked by a tenant administrator.\n",
"tags": [
"user-blocks"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The user_id of the user to update.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"204": {
"description": "User successfully unblocked."
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause.",
"x-description-1": "Invalid request body. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "User to be acted on does not match subject in bearer token.",
"x-description-1": "Some fields cannot be read with the permissions granted by the bearer token scopes. The message will vary depending on the fields and the scopes.",
"x-description-2": "Insufficient scope; expected any of: update:users."
},
"404": {
"description": "User not found."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "delete_user-blocks_by_id",
"x-release-lifecycle": "GA",
"x-operation-name": "delete",
"x-operation-group": "userBlocks",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"update:users"
]
}
]
}
},
"/users": {
"get": {
"summary": "List or Search Users",
"description": "Retrieve details of users. It is possible to:\n\n- Specify a search criteria for users\n- Sort the users to be returned\n- Select the fields to be returned\n- Specify the number of users to retrieve per page and the page index\n \nThe q query parameter can be used to get users that match the specified criteria using query string syntax.\n\nLearn more about searching for users.\n\nRead about best practices when working with the API endpoints for retrieving users.\n\nAuth0 limits the number of users you can return. If you exceed this threshold, please redefine your search, use the export job, or the User Import / Export extension.\n",
"tags": [
"users"
],
"parameters": [
{
"name": "page",
"in": "query",
"description": "Page index of the results to return. First page is 0.",
"schema": {
"type": "integer",
"minimum": 0
}
},
{
"name": "per_page",
"in": "query",
"description": "Number of results per page.",
"schema": {
"type": "integer",
"minimum": 0,
"maximum": 100
}
},
{
"name": "include_totals",
"in": "query",
"description": "Return results inside an object that contains the total result count (true) or as a direct array of results (false, default).",
"schema": {
"type": "boolean"
}
},
{
"name": "sort",
"in": "query",
"description": "Field to sort by. Use field:order where order is 1 for ascending and -1 for descending. e.g. created_at:1",
"schema": {
"type": "string",
"pattern": "^(([a-zA-Z0-9_\\\\.]+))\\:(1|-1)$"
}
},
{
"name": "connection",
"in": "query",
"description": "Connection filter. Only applies when using search_engine=v1. To filter by connection with search_engine=v2|v3, use q=identities.connection:\"connection_name\"",
"schema": {
"type": "string"
}
},
{
"name": "fields",
"in": "query",
"description": "Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields.",
"schema": {
"type": "string"
}
},
{
"name": "include_fields",
"in": "query",
"description": "Whether specified fields are to be included (true) or excluded (false).",
"schema": {
"type": "boolean"
}
},
{
"name": "q",
"in": "query",
"description": "Query in Lucene query string syntax. Some query types cannot be used on metadata fields, for details see Searchable Fields.",
"schema": {
"type": "string"
}
},
{
"name": "search_engine",
"in": "query",
"description": "The version of the search engine",
"schema": {
"$ref": "#/components/schemas/SearchEngineVersionsEnum"
}
},
{
"name": "primary_order",
"in": "query",
"description": "If true (default), results are returned in a deterministic order. If false, results may be returned in a non-deterministic order, which can enhance performance for complex queries targeting a small number of users. Set to false only when consistent ordering and pagination is not required.",
"schema": {
"type": "boolean"
}
}
],
"responses": {
"200": {
"description": "Users successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ListUsersResponseContent"
}
}
}
},
"400": {
"description": "Invalid request query string. The message will vary depending on the cause.",
"x-description-1": "The 'q' parameter is available only if you specify 'search_engine=v2|v3'.",
"x-description-2": "You are not allowed to use search_engine=v1.",
"x-description-3": "You are not allowed to use search_engine=v2. Use search_engine=v3 instead.",
"x-description-4": "You are not allowed to use search_engine=v3.",
"x-description-5": "You can only page through the first 1000 records. See https://auth0.com/docs/users/search/v3/view-search-results-by-page#limitation."
},
"401": {
"description": "Client is not global.",
"x-description-1": "Invalid signature received for JSON Web Token validation.",
"x-description-2": "Invalid token."
},
"403": {
"description": "Insufficient scope, expected any of: read:users."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
},
"503": {
"description": "The query exceeded the timeout. Please try refining your search criteria. See https://auth0.com/docs/best-practices/search-best-practices."
}
},
"operationId": "get_users",
"x-release-lifecycle": "GA",
"x-operation-name": "list",
"x-operation-request-parameters-name": "ListUsersRequestParameters",
"x-operation-group": "users",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:users",
"read:user_idp_tokens"
]
}
]
},
"post": {
"summary": "Create a User",
"description": "Create a new user for a given database or passwordless connection.\n\nNote: connection is required but other parameters such as email and password are dependent upon the type of connection.",
"tags": [
"users"
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateUserRequestContent"
}
},
"application/x-www-form-urlencoded": {
"schema": {
"$ref": "#/components/schemas/CreateUserRequestContent"
}
}
}
},
"responses": {
"201": {
"description": "User successfully created.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateUserResponseContent"
}
}
}
},
"400": {
"description": "Invalid request body. The message will vary depending on the cause.",
"x-description-1": "Connection does not support user creation through the API. It must either be a database or passwordless connection.",
"x-description-2": "Cannot set username for connection without requires_username.",
"x-description-3": "Connection does not exist.",
"x-description-4": "Connection is disabled."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "Insufficient scope, expected any of: create:users."
},
"409": {
"description": "User already exists."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "post_users",
"x-release-lifecycle": "GA",
"x-operation-name": "create",
"x-operation-group": "users",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"create:users"
]
}
]
}
},
"/users-by-email": {
"get": {
"summary": "Search Users by Email",
"description": "Find users by email. If Auth0 is the identity provider (idP), the email address associated with a user is saved in lower case, regardless of how you initially provided it. \n\nFor example, if you register a user as JohnSmith@example.com, Auth0 saves the user's email as johnsmith@example.com. \n\nTherefore, when using this endpoint, make sure that you are searching for users via email addresses using the correct case.\n",
"tags": [
"users-by-email"
],
"parameters": [
{
"name": "fields",
"in": "query",
"description": "Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields.",
"schema": {
"type": "string",
"pattern": "^((phone_number)|(email)|(email_verified)|(picture)|(username)|(user_id)|(name)|(nickname)|(created_at)|(identities)|(app_metadata)|(user_metadata)|(last_ip)|(last_login)|(logins_count)|(updated_at)|(blocked)|(family_name)|(given_name))(,((phone_number)|(email)|(email_verified)|(picture)|(username)|(user_id)|(name)|(nickname)|(created_at)|(identities)|(app_metadata)|(user_metadata)|(last_ip)|(last_login)|(logins_count)|(updated_at)|(blocked)|(family_name)|(given_name)))*$"
}
},
{
"name": "include_fields",
"in": "query",
"description": "Whether specified fields are to be included (true) or excluded (false). Defaults to true.",
"schema": {
"type": "boolean"
}
},
{
"name": "email",
"in": "query",
"description": "Email address to search for (case-sensitive).",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Users successfully searched.",
"content": {
"application/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/UserResponseSchema"
}
}
}
}
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause.",
"x-description-1": "Invalid request query string. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "User to be acted on does not match subject in bearer token.",
"x-description-1": "Insufficient scope; expected any of: read:users."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_users-by-email",
"x-release-lifecycle": "GA",
"x-operation-name": "listUsersByEmail",
"x-operation-request-parameters-name": "ListUsersByEmailRequestParameters",
"x-operation-group": "users",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:users"
]
}
]
}
},
"/users/{id}": {
"get": {
"summary": "Get a User",
"description": "Retrieve user details. A list of fields to include or exclude may also be specified. For more information, see Retrieve Users with the Get Users Endpoint.\n",
"tags": [
"users"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the user to retrieve.",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "fields",
"in": "query",
"description": "Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields.",
"schema": {
"type": "string",
"pattern": "^((phone_number)|(email)|(email_verified)|(picture)|(username)|(user_id)|(name)|(nickname)|(created_at)|(identities)|(app_metadata)|(user_metadata)|(last_ip)|(last_login)|(logins_count)|(updated_at)|(blocked)|(family_name)|(given_name))(,((phone_number)|(email)|(email_verified)|(picture)|(username)|(user_id)|(name)|(nickname)|(created_at)|(identities)|(app_metadata)|(user_metadata)|(last_ip)|(last_login)|(logins_count)|(updated_at)|(blocked)|(family_name)|(given_name)))*$"
}
},
{
"name": "include_fields",
"in": "query",
"description": "Whether specified fields are to be included (true) or excluded (false).",
"schema": {
"type": "boolean"
}
}
],
"responses": {
"200": {
"description": "User successfully retrieved.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetUserResponseContent"
}
}
}
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause.",
"x-description-1": "Invalid request query string. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "User to be acted on does not match subject in bearer token.",
"x-description-1": "Insufficient scope; expected any of: read:users, read:user_idp_tokens, read:current_user."
},
"404": {
"description": "User not found."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "get_users_by_id",
"x-release-lifecycle": "GA",
"x-operation-name": "get",
"x-operation-request-parameters-name": "GetUserRequestParameters",
"x-operation-group": "users",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"read:users",
"read:current_user",
"read:user_idp_tokens"
]
}
]
},
"delete": {
"summary": "Delete a User",
"description": "Delete a user by user ID. This action cannot be undone. For Auth0 Dashboard instructions, see Delete Users.\n",
"tags": [
"users"
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ID of the user to delete.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"204": {
"description": "User successfully deleted."
},
"400": {
"description": "Invalid request URI. The message will vary depending on the cause."
},
"401": {
"description": "Invalid token.",
"x-description-1": "Client is not global.",
"x-description-2": "Invalid signature received for JSON Web Token validation."
},
"403": {
"description": "User to be acted on does not match subject in bearer token.",
"x-description-1": "Insufficient scope; expected any of: delete:users,delete:current_user."
},
"429": {
"description": "Too many requests. Check the X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers."
}
},
"operationId": "delete_users_by_id",
"x-release-lifecycle": "GA",
"x-operation-name": "delete",
"x-operation-group": "users",
"security": [
{
"bearerAuth": []
},
{
"oAuth2ClientCredentials": [
"delete:users",
"delete:current_user"
]
}
]
},
"patch": {
"summary": "Update a User",
"description": "Update a user.\n\nThese are the attributes that can be updated at the root level:\n\nuser_metadata and app_metadata). These properties are merged instead of being replaced but be careful, the merge only occurs on the first level.email, email_verified, phone_number, phone_verified, username or password of a secondary identity, you need to specify the connection property too.email or phone_number you can specify, optionally, the client_id property.email_verified is not supported for enterprise and passwordless sms connections.blocked to false does not affect the user's blocked state from an excessive amount of incorrectly provided credentials. Use the \"Unblock a user\" endpoint from the \"User Blocks\" API to change the user's state.null as the value.{ \"email_verified\": true }user_metadata:\n{ \"user_metadata\" : { \"profileCode\": 1479 } }addresses the body to send should be:\n{ \"user_metadata\" : { \"addresses\": {\"work_address\": \"100 Industrial Way\"} }}user_metadata property:{\n \"user_metadata\": {\n \"profileCode\": 1479,\n \"addresses\": { \"work_address\": \"100 Industrial Way\" }\n }\n}\"home_address\": \"742 Evergreen Terrace\" (using the addresses property) we should send the whole addresses object. Since this is a first-level object, the object will be merged in, but its own properties will not be. The body to send should be:\n{\n \"user_metadata\": {\n \"addresses\": {\n \"work_address\": \"100 Industrial Way\",\n \"home_address\": \"742 Evergreen Terrace\"\n }\n }\n}user_metadata property:\n{\n \"user_metadata\": {\n \"profileCode\": 1479,\n \"addresses\": {\n \"work_address\": \"100 Industrial Way\",\n \"home_address\": \"742 Evergreen Terrace\"\n }\n }\n}update:current_user_identities scope:\n \n POST /api/v2/users/PRIMARY_ACCOUNT_USER_ID/identities\n Authorization: \"Bearer PRIMARY_ACCOUNT_JWT\"\n {\n \"link_with\": \"SECONDARY_ACCOUNT_JWT\"\n }\n \n In this case, only the link_with param is required in the body, which also contains the JWT obtained upon the secondary account's authentication.\n update:users scope:\n \n POST /api/v2/users/PRIMARY_ACCOUNT_USER_ID/identities\n Authorization: \"Bearer YOUR_API_V2_TOKEN\"\n {\n \"provider\": \"SECONDARY_ACCOUNT_PROVIDER\",\n \"connection_id\": \"SECONDARY_ACCOUNT_CONNECTION_ID(OPTIONAL)\",\n \"user_id\": \"SECONDARY_ACCOUNT_USER_ID\"\n }\n \n In this case you need to send provider and user_id in the body. Optionally you can also send the connection_id param which is suitable for identifying a particular database connection for the 'auth0' provider.\n null to unset, a solid color as a string value #FFFFFF, or a gradient as an object.\n\n\n{\n type: 'linear-gradient',\n start: '#FFFFFF',\n end: '#000000',\n angle_deg: 35\n}\nstandard, enhanced.",
"default": "standard",
"enum": [
"standard",
"enhanced"
]
},
"BreachedPasswordDetectionPreChangePasswordShieldsEnum": {
"type": "string",
"enum": [
"block",
"admin_notification"
]
},
"BreachedPasswordDetectionPreChangePasswordStage": {
"type": "object",
"additionalProperties": false,
"properties": {
"shields": {
"type": "array",
"description": "Action to take when a breached password is detected during a password reset.\n Possible values: block, admin_notification.",
"items": {
"$ref": "#/components/schemas/BreachedPasswordDetectionPreChangePasswordShieldsEnum"
}
}
}
},
"BreachedPasswordDetectionPreUserRegistrationShieldsEnum": {
"type": "string",
"enum": [
"block",
"admin_notification"
]
},
"BreachedPasswordDetectionPreUserRegistrationStage": {
"type": "object",
"additionalProperties": false,
"properties": {
"shields": {
"type": "array",
"description": "Action to take when a breached password is detected during a signup.\n Possible values: block, admin_notification.",
"items": {
"$ref": "#/components/schemas/BreachedPasswordDetectionPreUserRegistrationShieldsEnum"
}
}
}
},
"BreachedPasswordDetectionShieldsEnum": {
"type": "string",
"enum": [
"block",
"user_notification",
"admin_notification"
]
},
"BreachedPasswordDetectionStage": {
"type": "object",
"additionalProperties": false,
"properties": {
"pre-user-registration": {
"$ref": "#/components/schemas/BreachedPasswordDetectionPreUserRegistrationStage"
},
"pre-change-password": {
"$ref": "#/components/schemas/BreachedPasswordDetectionPreChangePasswordStage"
}
}
},
"BruteForceProtectionModeEnum": {
"type": "string",
"description": "Account Lockout: Determines whether or not IP address is used when counting failed attempts.\n Possible values: count_per_identifier_and_ip, count_per_identifier.",
"default": "count_per_identifier_and_ip",
"enum": [
"count_per_identifier_and_ip",
"count_per_identifier"
]
},
"BruteForceProtectionShieldsEnum": {
"type": "string",
"enum": [
"block",
"user_notification"
]
},
"BulkUpdateAculRequestContent": {
"type": "object",
"description": "Bulk update render settings for multiple screens",
"additionalProperties": false,
"required": [
"configs"
],
"properties": {
"configs": {
"$ref": "#/components/schemas/AculConfigs"
}
}
},
"BulkUpdateAculResponseContent": {
"type": "object",
"additionalProperties": true,
"required": [
"configs"
],
"properties": {
"configs": {
"$ref": "#/components/schemas/AculConfigs"
}
}
},
"CertificateSubjectDNCredential": {
"type": "object",
"additionalProperties": false,
"required": [
"credential_type"
],
"properties": {
"credential_type": {
"$ref": "#/components/schemas/CertificateSubjectDNCredentialTypeEnum"
},
"name": {
"type": "string",
"description": "Friendly name for a credential.",
"default": "",
"maxLength": 128
},
"subject_dn": {
"type": "string",
"description": "Subject Distinguished Name. Mutually exclusive with `pem` property. Applies to `cert_subject_dn` credential type.",
"minLength": 1,
"maxLength": 256
},
"pem": {
"type": "string",
"description": "PEM-formatted X509 certificate. Must be JSON escaped. Mutually exclusive with `subject_dn` property.",
"default": "-----BEGIN CERTIFICATE-----\r\nMIIBIjANBg...\r\n-----END CERTIFICATE-----\r\n",
"minLength": 1,
"maxLength": 4096
}
}
},
"CertificateSubjectDNCredentialTypeEnum": {
"type": "string",
"enum": [
"cert_subject_dn"
]
},
"ChangePasswordTicketIdentity": {
"type": "object",
"description": "The user's identity. If you set this value, you must also send the user_id parameter.",
"additionalProperties": false,
"required": [
"user_id",
"provider"
],
"x-release-lifecycle": "EA",
"properties": {
"user_id": {
"type": "string",
"description": "user_id of the identity.",
"default": "5457edea1b8f22891a000004"
},
"provider": {
"$ref": "#/components/schemas/IdentityProviderOnlyAuth0Enum"
},
"connection_id": {
"type": "string",
"description": "connection_id of the identity.",
"pattern": "^con_[A-Za-z0-9]{16}$"
}
}
},
"ChangePasswordTicketRequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"result_url": {
"type": "string",
"description": "URL the user will be redirected to in the classic Universal Login experience once the ticket is used. Cannot be specified when using client_id or organization_id.",
"default": "http://myapp.com/callback",
"format": "url"
},
"user_id": {
"type": "string",
"description": "user_id of for whom the ticket should be created.",
"format": "user-id"
},
"client_id": {
"type": "string",
"description": "ID of the client (application). If provided for tenants using the New Universal Login experience, the email template and UI displays application details, and the user is prompted to redirect to the application's default login route after the ticket is used. client_id is required to use the Password Reset Post Challenge trigger.",
"default": "DaM8bokEXBWrTUFCiJjWn50jei6ardyX",
"format": "client-id"
},
"organization_id": {
"type": "string",
"description": "(Optional) Organization ID – the ID of the Organization. If provided, organization parameters will be made available to the email template and organization branding will be applied to the prompt. In addition, the redirect link in the prompt will include organization_id and organization_name query string parameters.",
"default": "org_2eondWoxcMIpaLQc",
"format": "organization-id"
},
"connection_id": {
"type": "string",
"description": "ID of the connection. If provided, allows the user to be specified using email instead of user_id. If you set this value, you must also send the email parameter. You cannot send user_id when specifying a connection_id.",
"default": "con_0000000000000001",
"pattern": "^con_[A-Za-z0-9]{16}$"
},
"email": {
"type": "string",
"description": "Email address of the user for whom the tickets should be created. Requires the connection_id parameter. Cannot be specified when using user_id.",
"format": "email"
},
"ttl_sec": {
"type": "integer",
"description": "Number of seconds for which the ticket is valid before expiration. If unspecified or set to 0, this value defaults to 432000 seconds (5 days).",
"minimum": 0
},
"mark_email_as_verified": {
"type": "boolean",
"description": "Whether to set the email_verified attribute to true (true) or whether it should not be updated (false).",
"default": false
},
"includeEmailInRedirect": {
"type": "boolean",
"description": "Whether to include the email address as part of the returnUrl in the reset_email (true), or not (false)."
},
"identity": {
"$ref": "#/components/schemas/ChangePasswordTicketIdentity",
"x-release-lifecycle": "EA"
}
}
},
"ChangePasswordTicketResponseContent": {
"type": "object",
"additionalProperties": true,
"required": [
"ticket"
],
"properties": {
"ticket": {
"type": "string",
"description": "URL representing the ticket.",
"default": "https://login.auth0.com/lo/reset?client_id=nsaPS2p3cargoFy82WT7betaOPOt3qSh&tenant=mdocs&bewit=bmNlR01CcDNOUE1GeXVzODJXVDdyY1RUT1BPdDNxU2hcMTQzMDY2MjE4MVxuRTcxM0RSeUNlbEpzUUJmaFVaS3A1NEdJbWFzSUZMYzRTdEFtY2NMMXhZPVx7ImVtYWloojoiZGFtaWtww2NoQGhvdG1haWwuY29tIiwidGVuYW50IjoiZHNjaGVua2tjwWFuIiwiY2xpZW50X2lkIjoibmNlR01CcDNOUE1GeXVzODJXVDdyY1RUT1BPiiqxU2giLCJjb25uZWN0aW9uIjoiRGFtaWmsdiwicmVzdWx0VXJsIjoiIn0",
"format": "url"
}
}
},
"CimdMappedClientAuthenticationMethods": {
"type": "object",
"description": "Client authentication methods derived from the JWKS document",
"additionalProperties": true,
"properties": {
"private_key_jwt": {
"$ref": "#/components/schemas/CimdMappedClientAuthenticationMethodsPrivateKeyJwt"
}
}
},
"CimdMappedClientAuthenticationMethodsPrivateKeyJwt": {
"type": "object",
"description": "Private Key JWT authentication configuration",
"additionalProperties": true,
"required": [
"credentials"
],
"properties": {
"credentials": {
"type": "array",
"description": "Credentials derived from the JWKS document",
"items": {
"$ref": "#/components/schemas/CimdMappedPrivateKeyJwtCredential"
}
}
}
},
"CimdMappedClientFields": {
"type": "object",
"description": "Auth0 client fields mapped from the Client ID Metadata Document",
"additionalProperties": true,
"properties": {
"external_client_id": {
"type": "string",
"description": "The URL of the Client ID Metadata Document"
},
"name": {
"type": "string",
"description": "Client name"
},
"app_type": {
"type": "string",
"description": "Application type (e.g., web, native)"
},
"callbacks": {
"type": "array",
"description": "Callback URLs",
"items": {
"type": "string"
}
},
"logo_uri": {
"type": "string",
"description": "Logo URI"
},
"description": {
"type": "string",
"description": "Human-readable brief description of this client presentable to the end-user"
},
"grant_types": {
"type": "array",
"description": "List of grant types",
"items": {
"type": "string"
}
},
"token_endpoint_auth_method": {
"type": "string",
"description": "Token endpoint authentication method"
},
"jwks_uri": {
"type": "string",
"description": "URL for the JSON Web Key Set containing the public keys for private_key_jwt authentication"
},
"client_authentication_methods": {
"$ref": "#/components/schemas/CimdMappedClientAuthenticationMethods"
}
}
},
"CimdMappedPrivateKeyJwtCredential": {
"type": "object",
"additionalProperties": true,
"required": [
"credential_type",
"kid",
"alg"
],
"properties": {
"credential_type": {
"type": "string",
"description": "Type of credential (e.g., public_key)"
},
"kid": {
"type": "string",
"description": "Key identifier from JWKS or calculated thumbprint"
},
"alg": {
"type": "string",
"description": "Algorithm (e.g., RS256, RS384, PS256)"
}
}
},
"CimdValidationResult": {
"type": "object",
"description": "Validation result for the Client ID Metadata Document",
"additionalProperties": true,
"required": [
"valid",
"violations",
"warnings"
],
"properties": {
"valid": {
"type": "boolean",
"description": "Whether the metadata document passed validation"
},
"violations": {
"type": "array",
"description": "Array of validation violation messages (if any)",
"items": {
"type": "string"
}
},
"warnings": {
"type": "array",
"description": "Array of warning messages (if any)",
"items": {
"type": "string"
}
}
}
},
"ClearAssessorsRequestContent": {
"type": "object",
"additionalProperties": false,
"required": [
"connection",
"assessors"
],
"properties": {
"connection": {
"type": "string",
"description": "The name of the connection containing the user whose assessors should be cleared.",
"minLength": 1,
"maxLength": 128,
"pattern": "^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$"
},
"assessors": {
"type": "array",
"description": "List of assessors to clear.",
"minItems": 1,
"items": {
"$ref": "#/components/schemas/AssessorsTypeEnum"
}
}
}
},
"Client": {
"type": "object",
"additionalProperties": true,
"properties": {
"client_id": {
"type": "string",
"description": "ID of this client.",
"default": "AaiyAPdpYdesoKnqjj8HJqRn4T5titww"
},
"tenant": {
"type": "string",
"description": "Name of the tenant this client belongs to.",
"default": ""
},
"name": {
"type": "string",
"description": "Name of this client (min length: 1 character, does not allow `<` or `>`).",
"default": "My application"
},
"description": {
"type": "string",
"description": "Free text description of this client (max length: 140 characters).",
"default": ""
},
"global": {
"type": "boolean",
"description": "Whether this is your global 'All Applications' client representing legacy tenant settings (true) or a regular client (false).",
"default": false
},
"client_secret": {
"type": "string",
"description": "Client secret (which you must not make public).",
"default": "MG_TNT2ver-SylNat-_VeMmd-4m0Waba0jr1troztBniSChEw0glxEmgEi2Kw40H"
},
"app_type": {
"$ref": "#/components/schemas/ClientAppTypeEnum"
},
"logo_uri": {
"type": "string",
"description": "URL of the logo to display for this client. Recommended size is 150x150 pixels."
},
"is_first_party": {
"type": "boolean",
"description": "Whether this client a first party client (true) or not (false).",
"default": false
},
"oidc_conformant": {
"type": "boolean",
"description": "Whether this client conforms to strict OIDC specifications (true) or uses legacy features (false).",
"default": false
},
"callbacks": {
"type": "array",
"description": "Comma-separated list of URLs whitelisted for Auth0 to use as a callback to the client after authentication.",
"items": {
"type": "string"
}
},
"allowed_origins": {
"type": "array",
"description": "Comma-separated list of URLs allowed to make requests from JavaScript to Auth0 API (typically used with CORS). By default, all your callback URLs will be allowed. This field allows you to enter other origins if necessary. You can also use wildcards at the subdomain level (e.g., https://*.contoso.com). Query strings and hash information are not taken into account when validating these URLs.",
"items": {
"type": "string"
}
},
"web_origins": {
"type": "array",
"description": "Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode.",
"items": {
"type": "string"
}
},
"client_aliases": {
"type": "array",
"description": "List of audiences/realms for SAML protocol. Used by the wsfed addon.",
"items": {
"type": "string"
}
},
"allowed_clients": {
"type": "array",
"description": "List of allow clients and API ids that are allowed to make delegation requests. Empty means all all your clients are allowed.",
"items": {
"type": "string"
}
},
"allowed_logout_urls": {
"type": "array",
"description": "Comma-separated list of URLs that are valid to redirect to after logout from Auth0. Wildcards are allowed for subdomains.",
"items": {
"type": "string"
}
},
"session_transfer": {
"$ref": "#/components/schemas/ClientSessionTransferConfiguration"
},
"oidc_logout": {
"$ref": "#/components/schemas/ClientOIDCBackchannelLogoutSettings"
},
"grant_types": {
"type": "array",
"description": "List of grant types supported for this application. Can include `authorization_code`, `implicit`, `refresh_token`, `client_credentials`, `password`, `http://auth0.com/oauth/grant-type/password-realm`, `http://auth0.com/oauth/grant-type/mfa-oob`, `http://auth0.com/oauth/grant-type/mfa-otp`, `http://auth0.com/oauth/grant-type/mfa-recovery-code`, `urn:openid:params:grant-type:ciba`, `urn:ietf:params:oauth:grant-type:device_code`, and `urn:auth0:params:oauth:grant-type:token-exchange:federated-connection-access-token`.",
"items": {
"type": "string"
}
},
"jwt_configuration": {
"$ref": "#/components/schemas/ClientJwtConfiguration"
},
"signing_keys": {
"$ref": "#/components/schemas/ClientSigningKeys"
},
"encryption_key": {
"$ref": "#/components/schemas/ClientEncryptionKey"
},
"sso": {
"type": "boolean",
"description": "Applies only to SSO clients and determines whether Auth0 will handle Single Sign On (true) or whether the Identity Provider will (false).",
"default": false
},
"sso_disabled": {
"type": "boolean",
"description": "Whether Single Sign On is disabled (true) or enabled (true). Defaults to true.",
"default": false
},
"cross_origin_authentication": {
"type": "boolean",
"description": "Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false)."
},
"cross_origin_loc": {
"type": "string",
"description": "URL of the location in your site where the cross origin verification takes place for the cross-origin auth flow when performing Auth in your own domain instead of Auth0 hosted login page.",
"format": "url"
},
"custom_login_page_on": {
"type": "boolean",
"description": "Whether a custom login page is to be used (true) or the default provided login page (false).",
"default": true
},
"custom_login_page": {
"type": "string",
"description": "The content (HTML, CSS, JS) of the custom login page.",
"default": ""
},
"custom_login_page_preview": {
"type": "string",
"description": "The content (HTML, CSS, JS) of the custom login page. (Used on Previews)",
"default": ""
},
"form_template": {
"type": "string",
"description": "HTML form template to be used for WS-Federation.",
"default": ""
},
"addons": {
"$ref": "#/components/schemas/ClientAddons"
},
"token_endpoint_auth_method": {
"$ref": "#/components/schemas/ClientTokenEndpointAuthMethodEnum"
},
"is_token_endpoint_ip_header_trusted": {
"type": "boolean",
"description": "If true, trust that the IP specified in the `auth0-forwarded-for` header is the end-user's IP for brute-force-protection on token endpoint.",
"default": false
},
"client_metadata": {
"$ref": "#/components/schemas/ClientMetadata"
},
"mobile": {
"$ref": "#/components/schemas/ClientMobile"
},
"initiate_login_uri": {
"type": "string",
"description": "Initiate login uri, must be https",
"format": "absolute-https-uri-with-placeholders-or-empty"
},
"native_social_login": {},
"refresh_token": {
"$ref": "#/components/schemas/ClientRefreshTokenConfiguration"
},
"default_organization": {
"$ref": "#/components/schemas/ClientDefaultOrganization"
},
"organization_usage": {
"$ref": "#/components/schemas/ClientOrganizationUsageEnum"
},
"organization_require_behavior": {
"$ref": "#/components/schemas/ClientOrganizationRequireBehaviorEnum"
},
"organization_discovery_methods": {
"type": "array",
"description": "Defines the available methods for organization discovery during the `pre_login_prompt`. Users can discover their organization either by `email`, `organization_name` or both.",
"minItems": 1,
"x-release-lifecycle": "EA",
"items": {
"$ref": "#/components/schemas/ClientOrganizationDiscoveryEnum"
}
},
"client_authentication_methods": {
"$ref": "#/components/schemas/ClientAuthenticationMethod"
},
"require_pushed_authorization_requests": {
"type": "boolean",
"description": "Makes the use of Pushed Authorization Requests mandatory for this client",
"default": false
},
"require_proof_of_possession": {
"type": "boolean",
"description": "Makes the use of Proof-of-Possession mandatory for this client",
"default": false
},
"signed_request_object": {
"$ref": "#/components/schemas/ClientSignedRequestObjectWithCredentialId"
},
"compliance_level": {
"$ref": "#/components/schemas/ClientComplianceLevelEnum"
},
"skip_non_verifiable_callback_uri_confirmation_prompt": {
"type": "boolean",
"description": "Controls whether a confirmation prompt is shown during login flows when the redirect URI uses non-verifiable callback URIs (for example, a custom URI schema such as `myapp://`, or `localhost`).\nIf set to true, a confirmation prompt will not be shown. We recommend that this is set to false for improved protection from malicious apps.\nSee https://auth0.com/docs/secure/security-guidance/measures-against-app-impersonation for more information."
},
"token_exchange": {
"$ref": "#/components/schemas/ClientTokenExchangeConfiguration",
"x-release-lifecycle": "GA"
},
"par_request_expiry": {
"type": [
"integer",
"null"
],
"description": "Specifies how long, in seconds, a Pushed Authorization Request URI remains valid",
"minimum": 10,
"maximum": 600
},
"token_quota": {
"$ref": "#/components/schemas/TokenQuota",
"x-release-lifecycle": "EA"
},
"express_configuration": {
"$ref": "#/components/schemas/ExpressConfiguration"
},
"my_organization_configuration": {
"$ref": "#/components/schemas/ClientMyOrganizationResponseConfiguration",
"x-release-lifecycle": "EA"
},
"third_party_security_mode": {
"$ref": "#/components/schemas/ClientThirdPartySecurityModeEnum",
"x-release-lifecycle": "GA"
},
"redirection_policy": {
"$ref": "#/components/schemas/ClientRedirectionPolicyEnum",
"x-release-lifecycle": "GA"
},
"resource_server_identifier": {
"type": "string",
"description": "The identifier of the resource server that this client is linked to."
},
"async_approval_notification_channels": {
"$ref": "#/components/schemas/ClientAsyncApprovalNotificationsChannelsAPIPostConfiguration"
},
"external_metadata_type": {
"$ref": "#/components/schemas/ClientExternalMetadataTypeEnum"
},
"external_metadata_created_by": {
"$ref": "#/components/schemas/ClientExternalMetadataCreatedByEnum"
},
"external_client_id": {
"type": "string",
"description": "An alternate client identifier to be used during authorization flows. Only supports CIMD-based client identifiers.",
"format": "absolute-https-uri-or-empty"
},
"jwks_uri": {
"type": "string",
"description": "URL for the JSON Web Key Set (JWKS) containing the public keys used for private_key_jwt authentication. Only present for CIMD clients using private_key_jwt authentication.",
"format": "absolute-https-uri-or-empty"
}
}
},
"ClientAddonAWS": {
"type": "object",
"description": "AWS addon configuration.",
"additionalProperties": true,
"properties": {
"principal": {
"type": "string",
"description": "AWS principal ARN, e.g. `arn:aws:iam::010616021751:saml-provider/idpname`"
},
"role": {
"type": "string",
"description": "AWS role ARN, e.g. `arn:aws:iam::010616021751:role/foo`"
},
"lifetime_in_seconds": {
"type": "integer",
"description": "AWS token lifetime in seconds",
"minimum": 900,
"maximum": 43200
}
}
},
"ClientAddonAzureBlob": {
"type": "object",
"description": "Azure Blob Storage addon configuration.",
"additionalProperties": true,
"properties": {
"accountName": {
"type": "string",
"description": "Your Azure storage account name. Usually first segment in your Azure storage URL. e.g. `https://acme-org.blob.core.windows.net` would be the account name `acme-org`.",
"pattern": "^([a-z0-9]){3,24}$"
},
"storageAccessKey": {
"type": "string",
"description": "Access key associated with this storage account.",
"pattern": "^([A-Za-z0-9+/]){86}==$"
},
"containerName": {
"type": "string",
"description": "Container to request a token for. e.g. `my-container`.",
"pattern": "^([a-z0-9]){1}([a-z0-9-]){2,62}$"
},
"blobName": {
"type": "string",
"description": "Entity to request a token for. e.g. `my-blob`. If blank the computed SAS will apply to the entire storage container.",
"pattern": "^(.){1,1024}$"
},
"expiration": {
"type": "integer",
"description": "Expiration in minutes for the generated token (default of 5 minutes).",
"minimum": 0
},
"signedIdentifier": {
"type": "string",
"description": "Shared access policy identifier defined in your storage account resource."
},
"blob_read": {
"type": "boolean",
"description": "Indicates if the issued token has permission to read the content, properties, metadata and block list. Use the blob as the source of a copy operation."
},
"blob_write": {
"type": "boolean",
"description": "Indicates if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account."
},
"blob_delete": {
"type": "boolean",
"description": "Indicates if the issued token has permission to delete the blob."
},
"container_read": {
"type": "boolean",
"description": "Indicates if the issued token has permission to read the content, properties, metadata or block list of any blob in the container. Use any blob in the container as the source of a copy operation"
},
"container_write": {
"type": "boolean",
"description": "Indicates that for any blob in the container if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account."
},
"container_delete": {
"type": "boolean",
"description": "Indicates if issued token has permission to delete any blob in the container."
},
"container_list": {
"type": "boolean",
"description": "Indicates if the issued token has permission to list blobs in the container."
}
}
},
"ClientAddonAzureSB": {
"type": "object",
"description": "Azure Storage Bus addon configuration.",
"additionalProperties": true,
"properties": {
"namespace": {
"type": "string",
"description": "Your Azure Service Bus namespace. Usually the first segment of your Service Bus URL (e.g. `https://acme-org.servicebus.windows.net` would be `acme-org`)."
},
"sasKeyName": {
"type": "string",
"description": "Your shared access policy name defined in your Service Bus entity."
},
"sasKey": {
"type": "string",
"description": "Primary Key associated with your shared access policy."
},
"entityPath": {
"type": "string",
"description": "Entity you want to request a token for. e.g. `my-queue`.'"
},
"expiration": {
"type": "integer",
"description": "Optional expiration in minutes for the generated token. Defaults to 5 minutes."
}
}
},
"ClientAddonBox": {
"type": "object",
"description": "Box SSO indicator (no configuration settings needed for Box SSO).",
"additionalProperties": true
},
"ClientAddonCloudBees": {
"type": "object",
"description": "CloudBees SSO indicator (no configuration settings needed for CloudBees SSO).",
"additionalProperties": true
},
"ClientAddonConcur": {
"type": "object",
"description": "Concur SSO indicator (no configuration settings needed for Concur SSO).",
"additionalProperties": true
},
"ClientAddonDropbox": {
"type": "object",
"description": "Dropbox SSO indicator (no configuration settings needed for Dropbox SSO).",
"additionalProperties": true
},
"ClientAddonEchoSign": {
"type": "object",
"description": "Adobe EchoSign SSO configuration.",
"additionalProperties": true,
"properties": {
"domain": {
"type": "string",
"description": "Your custom domain found in your EchoSign URL. e.g. `https://acme-org.echosign.com` would be `acme-org`."
}
}
},
"ClientAddonEgnyte": {
"type": "object",
"description": "Egnyte SSO configuration.",
"additionalProperties": true,
"properties": {
"domain": {
"type": "string",
"description": "Your custom domain found in your Egnyte URL. e.g. `https://acme-org.egnyte.com` would be `acme-org`."
}
}
},
"ClientAddonFirebase": {
"type": "object",
"description": "Google Firebase addon configuration.",
"additionalProperties": true,
"properties": {
"secret": {
"type": "string",
"description": "Google Firebase Secret. (SDK 2 only)."
},
"private_key_id": {
"type": "string",
"description": "Optional ID of the private key to obtain kid header in the issued token (SDK v3+ tokens only)."
},
"private_key": {
"type": "string",
"description": "Private Key for signing the token (SDK v3+ tokens only)."
},
"client_email": {
"type": "string",
"description": "ID of the Service Account you have created (shown as `client_email` in the generated JSON file, SDK v3+ tokens only)."
},
"lifetime_in_seconds": {
"type": "integer",
"description": "Optional expiration in seconds for the generated token. Defaults to 3600 seconds (SDK v3+ tokens only)."
}
}
},
"ClientAddonLayer": {
"type": "object",
"description": "Layer addon configuration.",
"additionalProperties": true,
"required": [
"providerId",
"keyId",
"privateKey"
],
"properties": {
"providerId": {
"type": "string",
"description": "Provider ID of your Layer account"
},
"keyId": {
"type": "string",
"description": "Authentication Key identifier used to sign the Layer token."
},
"privateKey": {
"type": "string",
"description": "Private key for signing the Layer token."
},
"principal": {
"type": "string",
"description": "Name of the property used as the unique user id in Layer. If not specified `user_id` is used."
},
"expiration": {
"type": "integer",
"description": "Optional expiration in minutes for the generated token. Defaults to 5 minutes.",
"minimum": 0
}
}
},
"ClientAddonMSCRM": {
"type": "object",
"description": "Microsoft Dynamics CRM SSO configuration.",
"additionalProperties": true,
"required": [
"url"
],
"properties": {
"url": {
"type": "string",
"description": "Microsoft Dynamics CRM application URL.",
"format": "url"
}
}
},
"ClientAddonNewRelic": {
"type": "object",
"description": "New Relic SSO configuration.",
"additionalProperties": true,
"properties": {
"account": {
"type": "string",
"description": "Your New Relic Account ID found in your New Relic URL after the `/accounts/` path. e.g. `https://rpm.newrelic.com/accounts/123456/query` would be `123456`."
}
}
},
"ClientAddonOAG": {
"type": [
"object",
"null"
],
"description": "Okta Access Gateway SSO configuration",
"additionalProperties": false,
"properties": {}
},
"ClientAddonOffice365": {
"type": "object",
"description": "Microsoft Office 365 SSO configuration.",
"additionalProperties": true,
"properties": {
"domain": {
"type": "string",
"description": "Your Office 365 domain name. e.g. `acme-org.com`."
},
"connection": {
"type": "string",
"description": "Optional Auth0 database connection for testing an already-configured Office 365 tenant."
}
}
},
"ClientAddonRMS": {
"type": "object",
"description": "Active Directory Rights Management Service SSO configuration.",
"additionalProperties": true,
"required": [
"url"
],
"properties": {
"url": {
"type": "string",
"description": "URL of your Rights Management Server. It can be internal or external, but users will have to be able to reach it.",
"format": "url"
}
}
},
"ClientAddonSAML": {
"type": "object",
"description": "SAML2 addon indicator (no configuration settings needed for SAML2 addon).",
"additionalProperties": true,
"properties": {
"mappings": {
"$ref": "#/components/schemas/ClientAddonSAMLMapping"
},
"audience": {
"type": "string"
},
"recipient": {
"type": "string"
},
"createUpnClaim": {
"type": "boolean"
},
"mapUnknownClaimsAsIs": {
"type": "boolean"
},
"passthroughClaimsWithNoMapping": {
"type": "boolean"
},
"mapIdentities": {
"type": "boolean"
},
"signatureAlgorithm": {
"type": "string"
},
"digestAlgorithm": {
"type": "string"
},
"issuer": {
"type": "string"
},
"destination": {
"type": "string"
},
"lifetimeInSeconds": {
"type": "integer"
},
"signResponse": {
"type": "boolean"
},
"nameIdentifierFormat": {
"type": "string"
},
"nameIdentifierProbes": {
"type": "array",
"items": {
"type": "string",
"minLength": 1
}
},
"authnContextClassRef": {
"type": "string"
}
}
},
"ClientAddonSAMLMapping": {
"type": "object",
"additionalProperties": true
},
"ClientAddonSAPAPI": {
"type": "object",
"description": "SAP API addon configuration.",
"additionalProperties": true,
"properties": {
"clientid": {
"type": "string",
"description": "If activated in the OAuth 2.0 client configuration (transaction SOAUTH2) the SAML attribute client_id must be set and equal the client_id form parameter of the access token request."
},
"usernameAttribute": {
"type": "string",
"description": "Name of the property in the user object that maps to a SAP username. e.g. `email`."
},
"tokenEndpointUrl": {
"type": "string",
"description": "Your SAP OData server OAuth2 token endpoint URL.",
"format": "url"
},
"scope": {
"type": "string",
"description": "Requested scope for SAP APIs."
},
"servicePassword": {
"type": "string",
"description": "Service account password to use to authenticate API calls to the token endpoint."
},
"nameIdentifierFormat": {
"type": "string",
"description": "NameID element of the Subject which can be used to express the user's identity. Defaults to `urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified`."
}
}
},
"ClientAddonSSOIntegration": {
"type": "object",
"additionalProperties": true,
"properties": {
"name": {
"type": "string",
"description": "SSO integration name"
},
"version": {
"type": "string",
"description": "SSO integration version installed"
}
}
},
"ClientAddonSalesforce": {
"type": "object",
"description": "Salesforce SSO configuration.",
"additionalProperties": true,
"properties": {
"entity_id": {
"type": "string",
"description": "Arbitrary logical URL that identifies the Saleforce resource. e.g. `https://acme-org.com`.",
"format": "url"
}
}
},
"ClientAddonSalesforceAPI": {
"type": "object",
"description": "Salesforce API addon configuration.",
"additionalProperties": true,
"properties": {
"clientid": {
"type": "string",
"description": "Consumer Key assigned by Salesforce to the Connected App."
},
"principal": {
"type": "string",
"description": "Name of the property in the user object that maps to a Salesforce username. e.g. `email`."
},
"communityName": {
"type": "string",
"description": "Community name."
},
"community_url_section": {
"type": "string",
"description": "Community url section."
}
}
},
"ClientAddonSalesforceSandboxAPI": {
"type": "object",
"description": "Salesforce Sandbox addon configuration.",
"additionalProperties": true,
"properties": {
"clientid": {
"type": "string",
"description": "Consumer Key assigned by Salesforce to the Connected App."
},
"principal": {
"type": "string",
"description": "Name of the property in the user object that maps to a Salesforce username. e.g. `email`."
},
"communityName": {
"type": "string",
"description": "Community name."
},
"community_url_section": {
"type": "string",
"description": "Community url section."
}
}
},
"ClientAddonSentry": {
"type": "object",
"description": "Sentry SSO configuration.",
"additionalProperties": true,
"properties": {
"org_slug": {
"type": "string",
"description": "Generated slug for your Sentry organization. Found in your Sentry URL. e.g. `https://sentry.acme.com/acme-org/` would be `acme-org`."
},
"base_url": {
"type": "string",
"description": "URL prefix only if running Sentry Community Edition, otherwise leave should be blank."
}
}
},
"ClientAddonSharePoint": {
"type": "object",
"description": "SharePoint SSO configuration.",
"additionalProperties": true,
"properties": {
"url": {
"type": "string",
"description": "Internal SharePoint application URL."
},
"external_url": {
"$ref": "#/components/schemas/ClientAddonSharePointExternalURL"
}
}
},
"ClientAddonSharePointExternalURL": {
"description": "External SharePoint application URLs if exposed to the Internet.",
"oneOf": [
{
"type": "array",
"items": {
"type": "string"
}
},
{
"type": "string"
}
]
},
"ClientAddonSlack": {
"type": "object",
"description": "Slack team or workspace name usually first segment in your Slack URL. e.g. `https://acme-org.slack.com` would be `acme-org`.",
"additionalProperties": true,
"required": [
"team"
],
"properties": {
"team": {
"type": "string",
"description": "Slack team name."
}
}
},
"ClientAddonSpringCM": {
"type": "object",
"description": "SpringCM SSO configuration.",
"additionalProperties": true,
"properties": {
"acsurl": {
"type": "string",
"description": "SpringCM ACS URL, e.g. `https://na11.springcm.com/atlas/sso/SSOEndpoint.ashx`."
}
}
},
"ClientAddonWAMS": {
"type": "object",
"description": "Windows Azure Mobile Services addon configuration.",
"additionalProperties": true,
"properties": {
"masterkey": {
"type": "string",
"description": "Your master key for Windows Azure Mobile Services."
}
}
},
"ClientAddonWSFed": {
"type": "object",
"description": "WS-Fed (WIF) addon indicator. Actual configuration is stored in `callback` and `client_aliases` properties on the client.",
"additionalProperties": true
},
"ClientAddonZendesk": {
"type": "object",
"description": "Zendesk SSO configuration.",
"additionalProperties": true,
"properties": {
"accountName": {
"type": "string",
"description": "Zendesk account name usually first segment in your Zendesk URL. e.g. `https://acme-org.zendesk.com` would be `acme-org`."
}
}
},
"ClientAddonZoom": {
"type": "object",
"description": "Zoom SSO configuration.",
"additionalProperties": true,
"properties": {
"account": {
"type": "string",
"description": "Zoom account name usually first segment of your Zoom URL, e.g. `https://acme-org.zoom.us` would be `acme-org`."
}
}
},
"ClientAddons": {
"type": "object",
"description": "Addons enabled for this client and their associated configurations.",
"additionalProperties": false,
"properties": {
"aws": {
"$ref": "#/components/schemas/ClientAddonAWS"
},
"azure_blob": {
"$ref": "#/components/schemas/ClientAddonAzureBlob"
},
"azure_sb": {
"$ref": "#/components/schemas/ClientAddonAzureSB"
},
"rms": {
"$ref": "#/components/schemas/ClientAddonRMS"
},
"mscrm": {
"$ref": "#/components/schemas/ClientAddonMSCRM"
},
"slack": {
"$ref": "#/components/schemas/ClientAddonSlack"
},
"sentry": {
"$ref": "#/components/schemas/ClientAddonSentry"
},
"box": {
"$ref": "#/components/schemas/ClientAddonBox"
},
"cloudbees": {
"$ref": "#/components/schemas/ClientAddonCloudBees"
},
"concur": {
"$ref": "#/components/schemas/ClientAddonConcur"
},
"dropbox": {
"$ref": "#/components/schemas/ClientAddonDropbox"
},
"echosign": {
"$ref": "#/components/schemas/ClientAddonEchoSign"
},
"egnyte": {
"$ref": "#/components/schemas/ClientAddonEgnyte"
},
"firebase": {
"$ref": "#/components/schemas/ClientAddonFirebase"
},
"newrelic": {
"$ref": "#/components/schemas/ClientAddonNewRelic"
},
"office365": {
"$ref": "#/components/schemas/ClientAddonOffice365"
},
"salesforce": {
"$ref": "#/components/schemas/ClientAddonSalesforce"
},
"salesforce_api": {
"$ref": "#/components/schemas/ClientAddonSalesforceAPI"
},
"salesforce_sandbox_api": {
"$ref": "#/components/schemas/ClientAddonSalesforceSandboxAPI"
},
"samlp": {
"$ref": "#/components/schemas/ClientAddonSAML"
},
"layer": {
"$ref": "#/components/schemas/ClientAddonLayer"
},
"sap_api": {
"$ref": "#/components/schemas/ClientAddonSAPAPI"
},
"sharepoint": {
"$ref": "#/components/schemas/ClientAddonSharePoint"
},
"springcm": {
"$ref": "#/components/schemas/ClientAddonSpringCM"
},
"wams": {
"$ref": "#/components/schemas/ClientAddonWAMS"
},
"wsfed": {
"$ref": "#/components/schemas/ClientAddonWSFed"
},
"zendesk": {
"$ref": "#/components/schemas/ClientAddonZendesk"
},
"zoom": {
"$ref": "#/components/schemas/ClientAddonZoom"
},
"sso_integration": {
"$ref": "#/components/schemas/ClientAddonSSOIntegration"
},
"oag": {
"$ref": "#/components/schemas/ClientAddonOAG"
}
}
},
"ClientAppTypeEnum": {
"type": "string",
"description": "The type of application this client represents",
"enum": [
"native",
"spa",
"regular_web",
"non_interactive",
"resource_server",
"express_configuration",
"rms",
"box",
"cloudbees",
"concur",
"dropbox",
"mscrm",
"echosign",
"egnyte",
"newrelic",
"office365",
"salesforce",
"sentry",
"sharepoint",
"slack",
"springcm",
"zendesk",
"zoom",
"sso_integration",
"oag"
]
},
"ClientAsyncApprovalNotificationsChannelsAPIPatchConfiguration": {
"type": [
"array",
"null"
],
"description": "Array of notification channels for contacting the user when their approval is required. Valid values are `guardian-push`, `email`.",
"minItems": 1,
"items": {
"$ref": "#/components/schemas/AsyncApprovalNotificationsChannelsEnum"
}
},
"ClientAsyncApprovalNotificationsChannelsAPIPostConfiguration": {
"type": "array",
"description": "Array of notification channels for contacting the user when their approval is required. Valid values are `guardian-push`, `email`.",
"minItems": 1,
"items": {
"$ref": "#/components/schemas/AsyncApprovalNotificationsChannelsEnum"
}
},
"ClientAuthenticationMethod": {
"type": [
"object",
"null"
],
"description": "Defines client authentication methods.",
"additionalProperties": false,
"minProperties": 1,
"maxProperties": 1,
"properties": {
"private_key_jwt": {
"$ref": "#/components/schemas/ClientAuthenticationMethodPrivateKeyJWT"
},
"tls_client_auth": {
"$ref": "#/components/schemas/ClientAuthenticationMethodTLSClientAuth"
},
"self_signed_tls_client_auth": {
"$ref": "#/components/schemas/ClientAuthenticationMethodSelfSignedTLSClientAuth"
}
}
},
"ClientAuthenticationMethodPrivateKeyJWT": {
"type": "object",
"description": "Defines `private_key_jwt` client authentication method. If this property is defined, the client is enabled to use the Private Key JWT authentication method.",
"additionalProperties": false,
"required": [
"credentials"
],
"properties": {
"credentials": {
"$ref": "#/components/schemas/ClientAuthenticationMethodPrivateKeyJWTCredentials"
}
}
},
"ClientAuthenticationMethodPrivateKeyJWTCredentials": {
"type": "array",
"description": "A list of unique and previously created credential IDs enabled on the client for Private Key JWT authentication.",
"minItems": 0,
"items": {
"$ref": "#/components/schemas/CredentialId"
}
},
"ClientAuthenticationMethodSelfSignedTLSClientAuth": {
"type": "object",
"description": "Defines `self_signed_tls_client_auth` client authentication method. If the property is defined, the client is configured to use mTLS authentication method utilizing self-signed certificate.",
"additionalProperties": false,
"required": [
"credentials"
],
"properties": {
"credentials": {
"$ref": "#/components/schemas/ClientAuthenticationMethodSelfSignedTLSClientAuthCredentials"
}
}
},
"ClientAuthenticationMethodSelfSignedTLSClientAuthCredentials": {
"type": "array",
"description": "A list of unique and previously created credential IDs enabled on the client for mTLS authentication utilizing self-signed certificate.",
"minItems": 0,
"items": {
"$ref": "#/components/schemas/CredentialId"
}
},
"ClientAuthenticationMethodTLSClientAuth": {
"type": "object",
"description": "Defines `tls_client_auth` client authentication method. If the property is defined, the client is configured to use CA-based mTLS authentication method.",
"additionalProperties": false,
"required": [
"credentials"
],
"properties": {
"credentials": {
"$ref": "#/components/schemas/ClientAuthenticationMethodTLSClientAuthCredentials"
}
}
},
"ClientAuthenticationMethodTLSClientAuthCredentials": {
"type": "array",
"description": "A list of unique and previously created credential IDs enabled on the client for CA-based mTLS authentication.",
"minItems": 0,
"items": {
"$ref": "#/components/schemas/CredentialId"
}
},
"ClientComplianceLevelEnum": {
"type": [
"string",
"null"
],
"description": "Defines the compliance level for this client, which may restrict it's capabilities",
"enum": [
"none",
"fapi1_adv_pkj_par",
"fapi1_adv_mtls_par",
"fapi2_sp_pkj_mtls",
"fapi2_sp_mtls_mtls",
null
]
},
"ClientCreateAuthenticationMethod": {
"type": "object",
"description": "Defines client authentication methods.",
"additionalProperties": false,
"minProperties": 1,
"maxProperties": 1,
"properties": {
"private_key_jwt": {
"$ref": "#/components/schemas/ClientCreateAuthenticationMethodPrivateKeyJWT"
},
"tls_client_auth": {
"$ref": "#/components/schemas/ClientCreateAuthenticationMethodTLSClientAuth"
},
"self_signed_tls_client_auth": {
"$ref": "#/components/schemas/CreateClientAuthenticationMethodSelfSignedTLSClientAuth"
}
}
},
"ClientCreateAuthenticationMethodPrivateKeyJWT": {
"type": "object",
"description": "Defines `private_key_jwt` client authentication method. If this property is defined, the client is enabled to use the Private Key JWT authentication method.",
"additionalProperties": false,
"required": [
"credentials"
],
"properties": {
"credentials": {
"$ref": "#/components/schemas/ClientCreateAuthenticationMethodPrivateKeyJWTCredentials"
}
}
},
"ClientCreateAuthenticationMethodPrivateKeyJWTCredentials": {
"type": "array",
"description": "Fully defined credentials that will be enabled on the client for Private Key JWT authentication.",
"minItems": 0,
"items": {
"$ref": "#/components/schemas/PublicKeyCredential"
}
},
"ClientCreateAuthenticationMethodTLSClientAuth": {
"type": "object",
"description": "Defines `tls_client_auth` client authentication method. If the property is defined, the client is configured to use CA-based mTLS authentication method.",
"additionalProperties": false,
"required": [
"credentials"
],
"properties": {
"credentials": {
"$ref": "#/components/schemas/ClientCreateAuthenticationMethodTLSClientAuthCredentials"
}
}
},
"ClientCreateAuthenticationMethodTLSClientAuthCredentials": {
"type": "array",
"description": "Fully defined credentials that will be enabled on the client for CA-based mTLS authentication.",
"minItems": 0,
"items": {
"$ref": "#/components/schemas/CertificateSubjectDNCredential"
}
},
"ClientCredential": {
"type": "object",
"additionalProperties": true,
"properties": {
"id": {
"type": "string",
"description": "ID of the credential. Generated on creation.",
"default": "cred_1m7sfABoNTTKYwTQ8qt6tX"
},
"name": {
"type": "string",
"description": "The name given to the credential by the user.",
"default": ""
},
"kid": {
"type": "string",
"description": "The key identifier of the credential, generated on creation.",
"default": "IZSSTECp..."
},
"alg": {
"$ref": "#/components/schemas/ClientCredentialAlgorithmEnum"
},
"credential_type": {
"$ref": "#/components/schemas/ClientCredentialTypeEnum"
},
"subject_dn": {
"type": "string",
"description": "The X509 certificate's Subject Distinguished Name"
},
"thumbprint_sha256": {
"type": "string",
"description": "The X509 certificate's SHA256 thumbprint"
},
"created_at": {
"type": "string",
"description": "The ISO 8601 formatted date the credential was created.",
"format": "date-time"
},
"updated_at": {
"type": "string",
"description": "The ISO 8601 formatted date the credential was updated.",
"format": "date-time"
},
"expires_at": {
"type": "string",
"description": "The ISO 8601 formatted date representing the expiration of the credential.",
"format": "date-time"
}
}
},
"ClientCredentialAlgorithmEnum": {
"type": "string",
"description": "Algorithm which will be used with the credential. Supported algorithms: RS256,RS384,PS256",
"default": "RS256",
"enum": [
"RS256",
"RS384",
"PS256"
]
},
"ClientCredentialTypeEnum": {
"type": "string",
"description": "The type of credential.",
"enum": [
"public_key",
"cert_subject_dn",
"x509_cert"
]
},
"ClientDefaultOrganization": {
"type": [
"object",
"null"
],
"description": "Defines the default Organization ID and flows",
"additionalProperties": false,
"required": [
"organization_id",
"flows"
],
"properties": {
"organization_id": {
"type": "string",
"description": "The default Organization ID to be used",
"format": "organization-id"
},
"flows": {
"type": "array",
"description": "The default Organization usage",
"items": {
"$ref": "#/components/schemas/ClientDefaultOrganizationFlowsEnum"
}
}
}
},
"ClientDefaultOrganizationFlowsEnum": {
"type": "string",
"enum": [
"client_credentials"
]
},
"ClientEncryptionKey": {
"type": [
"object",
"null"
],
"description": "Encryption used for WsFed responses with this client.",
"additionalProperties": true,
"properties": {
"pub": {
"type": "string",
"description": "Encryption Public RSA Key."
},
"cert": {
"type": "string",
"description": "Encryption certificate for public key in X.509 (.CER) format."
},
"subject": {
"type": "string",
"description": "Encryption certificate name for this certificate in the format `/CN={domain}`."
}
}
},
"ClientExternalMetadataCreatedByEnum": {
"type": "string",
"description": "Indicates who created the external metadata client. The value admin indicates the client was registered via the Management API. The value client indicates the client was registered dynamically. This field is only present when external_metadata_type is set.",
"enum": [
"admin",
"client"
]
},
"ClientExternalMetadataTypeEnum": {
"type": "string",
"description": "Indicates the type of external metadata used to register the client. This field is omitted for regular clients. The value cimd identifies clients registered via a Client ID Metadata Document.",
"enum": [
"cimd"
]
},
"ClientGrantAllowAnyOrganizationEnum": {
"type": "boolean",
"enum": [
true
],
"description": "Optional filter on allow_any_organization."
},
"ClientGrantDefaultForEnum": {
"type": "string",
"enum": [
"third_party_clients"
],
"x-release-lifecycle": "GA",
"description": "Applies this client grant as the default for all clients in the specified group. The only accepted value is `third_party_clients`, which applies the grant to all third-party clients. Per-client grants for the same audience take precedence. Mutually exclusive with `client_id`."
},
"ClientGrantOrganizationNullableUsageEnum": {
"type": [
"string",
"null"
],
"description": "Controls how organizations may be used with this grant",
"enum": [
"deny",
"allow",
"require",
null
]
},
"ClientGrantOrganizationUsageEnum": {
"type": "string",
"description": "Defines whether organizations can be used with client credentials exchanges for this grant.",
"enum": [
"deny",
"allow",
"require"
]
},
"ClientGrantResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"type": "string",
"description": "ID of the client grant."
},
"client_id": {
"type": "string",
"description": "ID of the client."
},
"audience": {
"type": "string",
"description": "The audience (API identifier) of this client grant.",
"minLength": 1
},
"scope": {
"type": "array",
"description": "Scopes allowed for this client grant.",
"items": {
"type": "string",
"minLength": 1
}
},
"organization_usage": {
"$ref": "#/components/schemas/ClientGrantOrganizationUsageEnum"
},
"allow_any_organization": {
"type": "boolean",
"description": "If enabled, any organization can be used with this grant. If disabled (default), the grant must be explicitly assigned to the desired organizations."
},
"default_for": {
"$ref": "#/components/schemas/ClientGrantDefaultForEnum",
"x-release-lifecycle": "GA"
},
"is_system": {
"type": "boolean",
"description": "If enabled, this grant is a special grant created by Auth0. It cannot be modified or deleted directly."
},
"subject_type": {
"$ref": "#/components/schemas/ClientGrantSubjectTypeEnum"
},
"authorization_details_types": {
"type": "array",
"description": "Types of authorization_details allowed for this client grant.",
"items": {
"type": "string",
"minLength": 1,
"maxLength": 255
}
},
"allow_all_scopes": {
"type": "boolean",
"description": "If enabled, all scopes configured on the resource server are allowed for this grant."
}
}
},
"ClientGrantSubjectTypeEnum": {
"type": "string",
"enum": [
"client",
"user"
],
"description": "The type of application access the client grant allows."
},
"ClientJwtConfiguration": {
"type": "object",
"description": "Configuration related to JWTs for the client.",
"additionalProperties": true,
"properties": {
"lifetime_in_seconds": {
"type": "integer",
"description": "Number of seconds the JWT will be valid for (affects `exp` claim).",
"default": 36000
},
"secret_encoded": {
"type": "boolean",
"description": "Whether the client secret is base64 encoded (true) or unencoded (false).",
"default": true
},
"scopes": {
"$ref": "#/components/schemas/ClientJwtConfigurationScopes"
},
"alg": {
"$ref": "#/components/schemas/SigningAlgorithmEnum"
}
}
},
"ClientJwtConfigurationScopes": {
"type": "object",
"description": "Configuration related to id token claims for the client.",
"additionalProperties": true
},
"ClientMetadata": {
"type": "object",
"description": "Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?\"/\\()<>@\t[Tab] [Space]",
"additionalProperties": true,
"maxProperties": 10
},
"ClientMobile": {
"type": "object",
"description": "Additional configuration for native mobile apps.",
"additionalProperties": true,
"properties": {
"android": {
"$ref": "#/components/schemas/ClientMobileAndroid"
},
"ios": {
"$ref": "#/components/schemas/ClientMobileiOS"
}
}
},
"ClientMobileAndroid": {
"type": "object",
"description": "Android native app configuration.",
"additionalProperties": true,
"properties": {
"app_package_name": {
"type": "string",
"description": "App package name found in AndroidManifest.xml.",
"default": ""
},
"sha256_cert_fingerprints": {
"type": "array",
"description": "SHA256 fingerprints of the app's signing certificate. Multiple fingerprints can be used to support different versions of your app, such as debug and production builds.",
"minItems": 1,
"items": {
"type": "string",
"minLength": 1
}
}
}
},
"ClientMobileiOS": {
"type": "object",
"description": "iOS native app configuration.",
"additionalProperties": true,
"properties": {
"team_id": {
"type": "string",
"description": "Identifier assigned to the Apple account that signs and uploads the app to the store.",
"default": ""
},
"app_bundle_identifier": {
"type": "string",
"description": "Assigned by developer to the app as its unique identifier inside the store. Usually this is a reverse domain plus the app name, e.g. `com.you.MyApp`.",
"default": ""
}
}
},
"ClientMyOrganizationConfigurationAllowedStrategiesEnum": {
"type": "string",
"description": "The allowed connection strategy values for the My Organization Configuration.",
"enum": [
"pingfederate",
"adfs",
"waad",
"google-apps",
"okta",
"oidc",
"samlp"
]
},
"ClientMyOrganizationDeletionBehaviorEnum": {
"type": "string",
"description": "The deletion behavior for this client.",
"default": "allow",
"enum": [
"allow",
"allow_if_empty"
]
},
"ClientMyOrganizationPatchConfiguration": {
"type": [
"object",
"null"
],
"description": "Configuration related to the My Organization Configuration for the client.",
"additionalProperties": false,
"required": [
"allowed_strategies",
"connection_deletion_behavior"
],
"x-release-lifecycle": "EA",
"properties": {
"connection_profile_id": {
"type": "string",
"description": "The connection profile ID that this client should validate against.",
"format": "connection-profile-id"
},
"user_attribute_profile_id": {
"type": "string",
"description": "The user attribute profile ID that this client should validate against.",
"format": "user-attribute-profile-id"
},
"allowed_strategies": {
"type": "array",
"description": "The allowed connection strategies for the My Organization Configuration.",
"items": {
"$ref": "#/components/schemas/ClientMyOrganizationConfigurationAllowedStrategiesEnum"
}
},
"connection_deletion_behavior": {
"$ref": "#/components/schemas/ClientMyOrganizationDeletionBehaviorEnum"
}
}
},
"ClientMyOrganizationPostConfiguration": {
"type": "object",
"description": "Configuration related to the My Organization Configuration for the client.",
"additionalProperties": false,
"required": [
"allowed_strategies",
"connection_deletion_behavior"
],
"x-release-lifecycle": "EA",
"properties": {
"connection_profile_id": {
"type": "string",
"description": "The connection profile ID that this client should validate against.",
"format": "connection-profile-id"
},
"user_attribute_profile_id": {
"type": "string",
"description": "The user attribute profile ID that this client should validate against.",
"format": "user-attribute-profile-id"
},
"allowed_strategies": {
"type": "array",
"description": "The allowed connection strategies for the My Organization Configuration.",
"items": {
"$ref": "#/components/schemas/ClientMyOrganizationConfigurationAllowedStrategiesEnum"
}
},
"connection_deletion_behavior": {
"$ref": "#/components/schemas/ClientMyOrganizationDeletionBehaviorEnum"
}
}
},
"ClientMyOrganizationResponseConfiguration": {
"type": "object",
"description": "Configuration related to the My Organization Configuration for the client.",
"additionalProperties": false,
"required": [
"allowed_strategies",
"connection_deletion_behavior"
],
"x-release-lifecycle": "EA",
"properties": {
"connection_profile_id": {
"type": "string",
"description": "The connection profile ID that this client should validate against.",
"format": "connection-profile-id"
},
"user_attribute_profile_id": {
"type": "string",
"description": "The user attribute profile ID that this client should validate against.",
"format": "user-attribute-profile-id"
},
"allowed_strategies": {
"type": "array",
"description": "The allowed connection strategies for the My Organization Configuration.",
"items": {
"$ref": "#/components/schemas/ClientMyOrganizationConfigurationAllowedStrategiesEnum"
}
},
"connection_deletion_behavior": {
"$ref": "#/components/schemas/ClientMyOrganizationDeletionBehaviorEnum"
}
}
},
"ClientOIDCBackchannelLogoutInitiators": {
"type": "object",
"description": "Configuration for OIDC backchannel logout initiators",
"additionalProperties": true,
"properties": {
"mode": {
"$ref": "#/components/schemas/ClientOIDCBackchannelLogoutInitiatorsModeEnum"
},
"selected_initiators": {
"type": "array",
"items": {
"$ref": "#/components/schemas/ClientOIDCBackchannelLogoutInitiatorsEnum"
}
}
}
},
"ClientOIDCBackchannelLogoutInitiatorsEnum": {
"type": "string",
"description": "The `selected_initiators` property contains the list of initiators to be enabled for the given application.",
"enum": [
"rp-logout",
"idp-logout",
"password-changed",
"session-expired",
"session-revoked",
"account-deleted",
"email-identifier-changed",
"mfa-phone-unenrolled",
"account-deactivated"
]
},
"ClientOIDCBackchannelLogoutInitiatorsModeEnum": {
"type": "string",
"description": "The `mode` property determines the configuration method for enabling initiators. `custom` enables only the initiators listed in the selected_initiators array, `all` enables all current and future initiators.",
"enum": [
"custom",
"all"
]
},
"ClientOIDCBackchannelLogoutSessionMetadata": {
"type": [
"object",
"null"
],
"description": "Controls whether session metadata is included in the logout token. Default value is null.",
"additionalProperties": true,
"properties": {
"include": {
"type": "boolean",
"description": "The `include` property determines whether session metadata is included in the logout token."
}
}
},
"ClientOIDCBackchannelLogoutSettings": {
"type": "object",
"description": "Configuration for OIDC backchannel logout",
"additionalProperties": true,
"properties": {
"backchannel_logout_urls": {
"type": "array",
"description": "Comma-separated list of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.",
"items": {
"type": "string",
"format": "absolute-https-uri-with-placeholders-or-empty"
}
},
"backchannel_logout_initiators": {
"$ref": "#/components/schemas/ClientOIDCBackchannelLogoutInitiators"
},
"backchannel_logout_session_metadata": {
"$ref": "#/components/schemas/ClientOIDCBackchannelLogoutSessionMetadata"
}
}
},
"ClientOrganizationDiscoveryEnum": {
"type": "string",
"description": "Method for discovering organizations during the `pre_login_prompt`. `email` allows users to find their organization by entering their email address and performing domain matching, while `organization_name` requires users to enter the organization name directly. These methods can be combined.",
"enum": [
"email",
"organization_name"
]
},
"ClientOrganizationRequireBehaviorEnum": {
"type": "string",
"description": "Defines how to proceed during an authentication transaction when `client.organization_usage: 'require'`. Can be `no_prompt` (default), `pre_login_prompt` or `post_login_prompt`. `post_login_prompt` requires `oidc_conformant: true`.",
"default": "no_prompt",
"enum": [
"no_prompt",
"pre_login_prompt",
"post_login_prompt"
]
},
"ClientOrganizationRequireBehaviorPatchEnum": {
"type": [
"string",
"null"
],
"description": "Defines how to proceed during an authentication transaction when `client.organization_usage: 'require'`. Can be `no_prompt` (default), `pre_login_prompt` or `post_login_prompt`. `post_login_prompt` requires `oidc_conformant: true`.",
"default": "no_prompt",
"enum": [
"no_prompt",
"pre_login_prompt",
"post_login_prompt",
null
]
},
"ClientOrganizationUsageEnum": {
"type": "string",
"description": "Defines how to proceed during an authentication transaction with regards an organization. Can be `deny` (default), `allow` or `require`.",
"default": "deny",
"enum": [
"deny",
"allow",
"require"
]
},
"ClientOrganizationUsagePatchEnum": {
"type": [
"string",
"null"
],
"description": "Defines how to proceed during an authentication transaction with regards an organization. Can be `deny` (default), `allow` or `require`.",
"default": "deny",
"enum": [
"deny",
"allow",
"require",
null
]
},
"ClientRedirectionPolicyEnum": {
"type": "string",
"description": "Controls whether Auth0 redirects users to the application's callback URL on authentication errors or in email verification flows. `open_redirect_protection` shows an error page instead of redirecting, and hides the callback domain from email templates. `allow_always` enables standard redirect behavior. Defaults to `open_redirect_protection` for third-party clients. Only applies when `is_first_party` is `false` and `third_party_security_mode` is `strict`. To learn more, read Redirect protection.",
"enum": [
"allow_always",
"open_redirect_protection"
],
"x-release-lifecycle": "GA"
},
"ClientRefreshTokenConfiguration": {
"type": [
"object",
"null"
],
"description": "Refresh token configuration",
"additionalProperties": false,
"required": [
"rotation_type",
"expiration_type"
],
"properties": {
"rotation_type": {
"$ref": "#/components/schemas/RefreshTokenRotationTypeEnum"
},
"expiration_type": {
"$ref": "#/components/schemas/RefreshTokenExpirationTypeEnum"
},
"leeway": {
"type": "integer",
"description": "Period in seconds where the previous refresh token can be exchanged without triggering breach detection",
"default": 0,
"minimum": 0
},
"token_lifetime": {
"type": "integer",
"description": "Period (in seconds) for which refresh tokens will remain valid",
"minimum": 1,
"maximum": 157788000
},
"infinite_token_lifetime": {
"type": "boolean",
"description": "Prevents tokens from having a set lifetime when `true` (takes precedence over `token_lifetime` values)"
},
"idle_token_lifetime": {
"type": "integer",
"description": "Period (in seconds) for which refresh tokens will remain valid without use",
"minimum": 1
},
"infinite_idle_token_lifetime": {
"type": "boolean",
"description": "Prevents tokens from expiring without use when `true` (takes precedence over `idle_token_lifetime` values)",
"default": false
},
"policies": {
"type": [
"array",
"null"
],
"description": "A collection of policies governing multi-resource refresh token exchange (MRRT), defining how refresh tokens can be used across different resource servers",
"minItems": 1,
"items": {
"$ref": "#/components/schemas/ClientRefreshTokenPolicy"
}
}
}
},
"ClientRefreshTokenPolicy": {
"type": "object",
"additionalProperties": false,
"required": [
"audience",
"scope"
],
"properties": {
"audience": {
"type": "string",
"description": "The identifier of the resource server to which the Multi Resource Refresh Token Policy applies",
"minLength": 1,
"maxLength": 600
},
"scope": {
"type": "array",
"description": "The resource server permissions granted under the Multi Resource Refresh Token Policy, defining the context in which an access token can be used",
"items": {
"type": "string",
"description": "A resource server permission granted under the Multi Resource Refresh Token Policy",
"minLength": 1,
"maxLength": 280
}
}
}
},
"ClientSessionTransferAllowedAuthenticationMethodsEnum": {
"type": "string",
"enum": [
"cookie",
"query"
]
},
"ClientSessionTransferConfiguration": {
"type": [
"object",
"null"
],
"description": "Native to Web SSO Configuration",
"additionalProperties": false,
"properties": {
"can_create_session_transfer_token": {
"type": "boolean",
"description": "Indicates whether an app can issue a Session Transfer Token through Token Exchange. If set to 'false', the app will not be able to issue a Session Transfer Token. Usually configured in the native application. Default value is `false`.",
"default": false
},
"enforce_cascade_revocation": {
"type": "boolean",
"description": "Indicates whether revoking the parent Refresh Token that initiated a Native to Web flow and was used to issue a Session Transfer Token should trigger a cascade revocation affecting its dependent child entities. Usually configured in the native application. Default value is `true`, applicable only in Native to Web SSO context.",
"default": true
},
"allowed_authentication_methods": {
"type": [
"array",
"null"
],
"description": "Indicates whether an app can create a session from a Session Transfer Token received via indicated methods. Can include `cookie` and/or `query`. Usually configured in the web application. Default value is an empty array [].",
"items": {
"$ref": "#/components/schemas/ClientSessionTransferAllowedAuthenticationMethodsEnum"
}
},
"enforce_device_binding": {
"$ref": "#/components/schemas/ClientSessionTransferDeviceBindingEnum"
},
"allow_refresh_token": {
"type": "boolean",
"description": "Indicates whether Refresh Tokens are allowed to be issued when authenticating with a Session Transfer Token. Usually configured in the web application. Default value is `false`.",
"default": false
},
"enforce_online_refresh_tokens": {
"type": "boolean",
"description": "Indicates whether Refresh Tokens created during a Native to Web session are tied to that session's lifetime. This determines if such refresh tokens should be automatically revoked when their corresponding sessions are. Usually configured in the web application. Default value is `true`, applicable only in Native to Web SSO context.",
"default": true
},
"delegation": {
"$ref": "#/components/schemas/ClientSessionTransferDelegationConfiguration",
"x-release-lifecycle": "EA"
}
}
},
"ClientSessionTransferDelegationConfiguration": {
"type": [
"object",
"null"
],
"description": "Configuration for delegation (impersonation) access using Session Transfer Tokens",
"additionalProperties": false,
"x-release-lifecycle": "EA",
"properties": {
"allow_delegated_access": {
"type": "boolean",
"description": "Indicates whether delegation (impersonation) access is allowed using Session Transfer Tokens. Default value is `false`.",
"default": false
},
"enforce_device_binding": {
"$ref": "#/components/schemas/ClientSessionTransferDelegationDeviceBindingEnum"
}
}
},
"ClientSessionTransferDelegationDeviceBindingEnum": {
"type": "string",
"description": "Indicates the device binding enforcement for delegation (impersonation) access. If set to 'ip', device binding is enforced by IP. If set to 'asn', device binding is enforced by ASN. Default value is `ip`.",
"default": "ip",
"enum": [
"ip",
"asn"
]
},
"ClientSessionTransferDeviceBindingEnum": {
"type": "string",
"description": "Indicates whether device binding security should be enforced for the app. If set to 'ip', the app will enforce device binding by IP, meaning that consumption of Session Transfer Token must be done from the same IP of the issuer. Likewise, if set to 'asn', device binding is enforced by ASN, meaning consumption of Session Transfer Token must be done from the same ASN as the issuer. If set to 'none', device binding is not enforced. Usually configured in the web application. Default value is `ip`.",
"default": "ip",
"enum": [
"ip",
"asn",
"none"
]
},
"ClientSignedRequestObjectWithCredentialId": {
"type": "object",
"description": "JWT-secured Authorization Requests (JAR) settings.",
"additionalProperties": false,
"properties": {
"required": {
"type": "boolean",
"description": "Indicates whether the JAR requests are mandatory",
"default": false
},
"credentials": {
"type": "array",
"minItems": 0,
"items": {
"$ref": "#/components/schemas/CredentialId"
}
}
}
},
"ClientSignedRequestObjectWithPublicKey": {
"type": "object",
"description": "JWT-secured Authorization Requests (JAR) settings.",
"additionalProperties": false,
"properties": {
"required": {
"type": "boolean",
"description": "Indicates whether the JAR requests are mandatory",
"default": false
},
"credentials": {
"type": "array",
"minItems": 0,
"items": {
"$ref": "#/components/schemas/PublicKeyCredential"
}
}
}
},
"ClientSigningKey": {
"type": "object",
"additionalProperties": true,
"properties": {
"pkcs7": {
"type": "string",
"description": "Signing certificate public key and chain in PKCS#7 (.P7B) format.",
"default": ""
},
"cert": {
"type": "string",
"description": "Signing certificate public key in X.509 (.CER) format.",
"default": ""
},
"subject": {
"type": "string",
"description": "Subject name for this certificate in the format `/CN={domain}`.",
"default": ""
}
}
},
"ClientSigningKeys": {
"type": [
"array",
"null"
],
"description": "Signing certificates associated with this client.",
"items": {
"$ref": "#/components/schemas/ClientSigningKey"
}
},
"ClientThirdPartySecurityModeEnum": {
"type": "string",
"description": "Security mode for third-party clients. `strict` enforces enhanced security controls: OAuth 2.1 alignment, explicit API authorization, and a curated set of supported features. `permissive` preserves pre-existing behavior and is only available to tenants with prior third-party client usage. Set on creation and cannot be modified.",
"enum": [
"strict",
"permissive"
],
"x-release-lifecycle": "GA"
},
"ClientTokenEndpointAuthMethodEnum": {
"type": "string",
"description": "Defines the requested authentication method for the token endpoint. Can be `none` (public client without a client secret), `client_secret_post` (client uses HTTP POST parameters), or `client_secret_basic` (client uses HTTP Basic).",
"default": "none",
"enum": [
"none",
"client_secret_post",
"client_secret_basic"
]
},
"ClientTokenEndpointAuthMethodOrNullEnum": {
"type": [
"string",
"null"
],
"description": "Defines the requested authentication method for the token endpoint. Can be `none` (public client without a client secret), `client_secret_post` (client uses HTTP POST parameters), or `client_secret_basic` (client uses HTTP Basic).",
"default": "none",
"enum": [
"none",
"client_secret_post",
"client_secret_basic",
null
]
},
"ClientTokenExchangeConfiguration": {
"type": "object",
"description": "Configuration for token exchange.",
"additionalProperties": false,
"x-release-lifecycle": "GA",
"properties": {
"allow_any_profile_of_type": {
"type": "array",
"description": "List the enabled token exchange types for this client.",
"minItems": 0,
"items": {
"$ref": "#/components/schemas/ClientTokenExchangeTypeEnum"
}
}
}
},
"ClientTokenExchangeConfigurationOrNull": {
"type": [
"object",
"null"
],
"description": "Configuration for token exchange.",
"additionalProperties": false,
"x-release-lifecycle": "GA",
"properties": {
"allow_any_profile_of_type": {
"type": "array",
"description": "List the enabled token exchange types for this client.",
"minItems": 0,
"items": {
"$ref": "#/components/schemas/ClientTokenExchangeTypeEnum"
}
}
}
},
"ClientTokenExchangeTypeEnum": {
"type": "string",
"description": "Token exchange type. `on_behalf_of_token_exchange`: enables On-Behalf-Of token exchange (Generally Available). `custom_authentication`: enables custom token exchange profiles (Early Access, requires entitlement).",
"minLength": 1,
"enum": [
"custom_authentication",
"on_behalf_of_token_exchange"
]
},
"ConnectedAccount": {
"type": "object",
"additionalProperties": false,
"required": [
"id",
"connection",
"connection_id",
"strategy",
"access_type",
"created_at"
],
"properties": {
"id": {
"type": "string",
"description": "The unique identifier for the connected account."
},
"connection": {
"type": "string",
"description": "The name of the connection associated with the account."
},
"connection_id": {
"type": "string",
"description": "The unique identifier of the connection associated with the account."
},
"strategy": {
"type": "string",
"description": "The authentication strategy used by the connection."
},
"access_type": {
"$ref": "#/components/schemas/ConnectedAccountAccessTypeEnum"
},
"scopes": {
"type": "array",
"description": "The scopes granted for this connected account.",
"items": {
"type": "string"
}
},
"created_at": {
"type": "string",
"description": "ISO 8601 timestamp when the connected account was created.",
"format": "date-time"
},
"expires_at": {
"type": "string",
"description": "ISO 8601 timestamp when the connected account expires.",
"format": "date-time"
},
"organization_id": {
"type": "string",
"description": "The identifier of the organization associated with the connected account.",
"format": "organization-id"
}
}
},
"ConnectedAccountAccessTypeEnum": {
"type": "string",
"description": "The access type for the connected account.",
"enum": [
"offline"
]
},
"ConnectionAccessTokenURLOAuth1": {
"description": "The URL of the OAuth 1.0a access-token endpoint. This endpoint is used to exchange the temporary request token obtained from the request-token endpoint for an access token during the OAuth 1.0a authentication flow.",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionHttpsUrlWithHttpFallback255"
}
]
},
"ConnectionAcrValuesSupported": {
"type": "array",
"description": "A list of the Authentication Context Class References that this OP supports",
"maxItems": 30,
"minItems": 0,
"items": {
"type": "string",
"maxLength": 100
}
},
"ConnectionAdminAccessTokenExpiresInGoogleApps": {
"description": "Expiration timestamp for the `admin_access_token` in ISO 8601 format. Auth0 uses this value to determine when to refresh the token.",
"type": "string",
"format": "date-time"
},
"ConnectionAdminAccessTokenGoogleApps": {
"description": "Google Workspace admin access token used to retrieve extended user attributes (such as group memberships, admin status, and suspension state) from the [Google Directory API](https://developers.google.com/admin-sdk/directory). This token is automatically managed by Auth0.",
"type": "string",
"minLength": 1,
"maxLength": 1024
},
"ConnectionAdminRefreshTokenGoogleApps": {
"description": "Google Workspace admin refresh token used to obtain new access tokens for the [Google Directory API](https://developers.google.com/admin-sdk/directory). This token is granted when a Google Workspace admin authorizes Auth0 to access directory data.",
"type": "string",
"minLength": 1,
"maxLength": 1024
},
"ConnectionAgentIPAD": {
"description": "IP address of the AD connector agent used to validate that authentication requests originate from the corporate network for Kerberos authentication (managed by the AD Connector agent).",
"type": "string",
"minLength": 2,
"maxLength": 39
},
"ConnectionAgentModeAD": {
"description": "When enabled, allows direct username/password authentication through the AD connector agent instead of WS-Federation protocol (managed by the AD Connector agent).",
"type": "boolean"
},
"ConnectionAgentVersionAD": {
"description": "Version identifier of the installed AD connector agent software (managed by the AD Connector agent).",
"type": "string",
"minLength": 5,
"maxLength": 12
},
"ConnectionAllowedAudiencesGoogleOAuth2": {
"description": "List of allowed audiences in the ID token for Google Native Social Login",
"type": "array",
"minItems": 1,
"maxItems": 64,
"items": {
"type": "string",
"description": "An allowed client id",
"minLength": 1,
"maxLength": 255
}
},
"ConnectionApiBehaviorEnum": {
"type": "string",
"description": "Specifies the API behavior for password authentication",
"enum": [
"required",
"optional"
],
"x-release-lifecycle": "EA"
},
"ConnectionApiEnableGroups": {
"type": "boolean",
"default": false
},
"ConnectionApiEnableGroupsGoogleApps": {
"description": "Enables integration with the Google Workspace Admin SDK Directory API for groups. When true, Auth0 can synchronize groups & group memberships and supports inbound directory provisioning for groups. Defaults to false.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionApiEnableGroups"
}
]
},
"ConnectionApiEnableUsers": {
"type": "boolean",
"default": false
},
"ConnectionApiEnableUsersGoogleApps": {
"description": "Enables integration with the Google Workspace Admin SDK Directory API. When true, Auth0 can retrieve extended user attributes (admin status, suspension status, group memberships) and supports inbound directory provisioning (SCIM). Defaults to true. ",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionApiEnableUsers"
}
]
},
"ConnectionAppDomainAzureAD": {
"description": "The Azure AD application domain (e.g., 'contoso.onmicrosoft.com'). Used primarily with WS-Federation protocol and Azure AD v1 endpoints.",
"type": "string",
"minLength": 0,
"maxLength": 255
},
"ConnectionAssertionDecryptionAlgorithmProfileEnum": {
"type": "string",
"description": "The algorithm profile to use for decrypting SAML assertions.",
"enum": [
"v2026-1"
]
},
"ConnectionAssertionDecryptionSettings": {
"type": "object",
"description": "Settings for SAML assertion decryption.",
"additionalProperties": false,
"required": [
"algorithm_profile"
],
"properties": {
"algorithm_profile": {
"$ref": "#/components/schemas/ConnectionAssertionDecryptionAlgorithmProfileEnum"
},
"algorithm_exceptions": {
"type": "array",
"description": "A list of insecure algorithms to allow for SAML assertion decryption.",
"items": {
"type": "string",
"minLength": 1,
"maxLength": 100
}
}
}
},
"ConnectionAttributeIdentifier": {
"type": "object",
"additionalProperties": false,
"properties": {
"active": {
"type": "boolean",
"description": "Determines if the attribute is used for identification"
},
"default_method": {
"$ref": "#/components/schemas/DefaultMethodEmailIdentifierEnum",
"x-release-lifecycle": "EA"
}
}
},
"ConnectionAttributeMapAttributes": {
"type": "object",
"additionalProperties": true,
"description": "Object containing mapping details for incoming claims"
},
"ConnectionAttributeMapOIDC": {
"type": "object",
"description": "Configuration for mapping claims from the identity provider to Auth0 user profile attributes. Allows customizing which IdP claims populate user fields and how they are transformed.",
"properties": {
"attributes": {
"$ref": "#/components/schemas/ConnectionAttributeMapAttributes"
},
"mapping_mode": {
"$ref": "#/components/schemas/ConnectionMappingModeEnumOIDC"
},
"userinfo_scope": {
"$ref": "#/components/schemas/ConnectionAttributeMapUserinfoScope"
}
}
},
"ConnectionAttributeMapOkta": {
"type": "object",
"description": "Mapping of claims received from the identity provider (IdP)",
"properties": {
"attributes": {
"$ref": "#/components/schemas/ConnectionAttributeMapAttributes"
},
"mapping_mode": {
"$ref": "#/components/schemas/ConnectionMappingModeEnumOkta"
},
"userinfo_scope": {
"$ref": "#/components/schemas/ConnectionAttributeMapUserinfoScope"
}
}
},
"ConnectionAttributeMapUserinfoScope": {
"type": "string",
"description": "Scopes to send to the IdP's Userinfo endpoint",
"minLength": 0,
"maxLength": 255
},
"ConnectionAttributes": {
"type": "object",
"description": "Attribute configuration",
"additionalProperties": false,
"minProperties": 1,
"properties": {
"email": {
"$ref": "#/components/schemas/EmailAttribute"
},
"phone_number": {
"$ref": "#/components/schemas/PhoneAttribute"
},
"username": {
"$ref": "#/components/schemas/UsernameAttribute"
}
}
},
"ConnectionAuthParamsAdditionalPropertiesOAuth2": {
"description": "Additional properties for OAuth2 connection authentication parameters",
"type": "string",
"minLength": 1,
"maxLength": 256
},
"ConnectionAuthParamsEmail": {
"description": "Authentication Parameters (must be valid JSON string)",
"type": "string",
"minLength": 1,
"maxLength": 1024
},
"ConnectionAuthParamsMap": {
"type": "object",
"description": "Maps parameter names from Auth0's /authorize endpoint to the identity provider's authorization endpoint parameters. For example, mapping 'audience' to 'resource' transforms the parameter name during authorization requests. Applied after authParams merging. See https://auth0.com/docs/authenticate/identity-providers/social-identity-providers/oauth2#pass-dynamic-parameters",
"maxProperties": 21,
"additionalProperties": {
"type": "string",
"minLength": 1,
"maxLength": 128
}
},
"ConnectionAuthParamsOAuth2": {
"type": "object",
"description": "Additional static parameters included in every authorization request to the identity provider. These parameters are merged with runtime parameters before the authorization redirect. Keys and values are passed as-is to the identity provider's authorization endpoint. See https://auth0.com/docs/authenticate/identity-providers/social-identity-providers/oauth2#pass-static-parameters",
"maxProperties": 30,
"additionalProperties": {
"$ref": "#/components/schemas/ConnectionAuthParamsAdditionalPropertiesOAuth2"
}
},
"ConnectionAuthenticationMethods": {
"type": [
"object",
"null"
],
"description": "Options for enabling authentication methods.",
"additionalProperties": false,
"properties": {
"password": {
"$ref": "#/components/schemas/ConnectionPasswordAuthenticationMethod"
},
"passkey": {
"$ref": "#/components/schemas/ConnectionPasskeyAuthenticationMethod"
},
"email_otp": {
"$ref": "#/components/schemas/ConnectionEmailOtpAuthenticationMethod",
"x-release-lifecycle": "EA"
},
"phone_otp": {
"$ref": "#/components/schemas/ConnectionPhoneOtpAuthenticationMethod",
"x-release-lifecycle": "EA"
}
}
},
"ConnectionAuthenticationPurpose": {
"type": "object",
"description": "Configure the purpose of a connection to be used for authentication during login.",
"additionalProperties": false,
"required": [
"active"
],
"x-release-lifecycle": "GA",
"properties": {
"active": {
"type": "boolean"
}
}
},
"ConnectionAuthorizationEndpoint": {
"type": "string",
"format": "uri",
"allOf": [
{
"type": "string",
"description": "URL of the identity provider's OAuth 2.0 authorization endpoint where users are redirected for authentication. Must be a valid HTTPS URL. This endpoint initiates the OAuth 2.0 authorization code flow.",
"minLength": 8,
"maxLength": 2083
},
{
"$ref": "#/components/schemas/ConnectionHttpsUrlWithHttpFallback"
}
]
},
"ConnectionAuthorizationEndpointOAuth2": {
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionAuthorizationEndpoint"
}
]
},
"ConnectionBaseUrlExact": {
"description": "Base URL override for the Exact Online API endpoint used for OAuth2 authorization and API requests. Defaults to https://start.exactonline.nl.",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionHttpsUrlWithHttpFallback"
},
{
"maxLength": 128
}
]
},
"ConnectionBruteForceProtection": {
"type": "boolean",
"description": "Enables Auth0's brute force protection to prevent credential stuffing attacks. When enabled, blocks suspicious login attempts from specific IP addresses after repeated failures."
},
"ConnectionCalculatedThumbprintSAML": {
"allOf": [
{
"$ref": "#/components/schemas/ConnectionSha1Thumbprint"
}
]
},
"ConnectionCertsAD": {
"description": "Array of X.509 certificates in PEM format used for validating SAML signatures from the AD identity provider (managed by the AD Connector agent).",
"type": "array",
"items": {
"type": "string",
"minLength": 256,
"maxLength": 3072
},
"minItems": 0,
"maxItems": 2
},
"ConnectionClaimTypesSupported": {
"type": "array",
"description": "JSON array containing a list of the Claim Types that the OpenID Provider supports. These Claim Types are described in Section 5.6 of OpenID Connect Core 1.0 [OpenID.Core]. If omitted, the implementation supports only normal Claims.",
"minItems": 0,
"maxItems": 10,
"items": {
"type": "string",
"maxLength": 25
}
},
"ConnectionClaimsLocalesSupported": {
"type": "array",
"description": "Languages and scripts supported for values in Claims being returned, represented as a JSON array of BCP47 [RFC5646] language tag values. Not all languages and scripts are necessarily supported for all Claim values.",
"minItems": 0,
"maxItems": 100,
"items": {
"type": "string",
"maxLength": 50
}
},
"ConnectionClaimsParameterSupported": {
"type": "boolean",
"description": "Boolean value specifying whether the OP supports use of the claims parameter, with true indicating support. If omitted, the default value is false.",
"default": false
},
"ConnectionClaimsSupported": {
"type": "array",
"description": "JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply values for. Note that for privacy or other reasons, this might not be an exhaustive list.",
"minItems": 0,
"maxItems": 150,
"items": {
"type": "string",
"maxLength": 100
}
},
"ConnectionClientIDBitbucket": {
"description": "OAuth 2.0 client identifier issued by the identity provider during application registration. This value identifies your Auth0 connection to the identity provider.",
"type": "string",
"minLength": 18,
"maxLength": 18
},
"ConnectionClientId": {
"type": "string",
"description": "OAuth 2.0 client identifier issued by the identity provider during application registration. This value identifies your Auth0 connection to the identity provider.",
"minLength": 0
},
"ConnectionClientIdAmazon": {
"description": "OAuth 2.0 client identifier obtained from Amazon Developer Console during Login with Amazon application registration. When not provided, Auth0 development keys are used for testing purposes.",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionClientId"
},
{
"maxLength": 255
}
]
},
"ConnectionClientIdAzureAD": {
"allOf": [
{
"$ref": "#/components/schemas/ConnectionClientId"
},
{
"pattern": "^[a-zA-Z0-9-:./_~]+$",
"minLength": 0
},
{
"maxLength": 100
}
]
},
"ConnectionClientIdExact": {
"description": "OAuth2.0 client identifier for the Exact Online connection, obtained when registering your application in the Exact App Center.",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionClientId"
},
{
"format": "uuid",
"minLength": 36,
"maxLength": 36
}
]
},
"ConnectionClientIdFacebook": {
"description": "Your Facebook App ID. You can find this in your [Facebook Developers Console](https://developers.facebook.com/apps) under the App Settings section.",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionClientId"
},
{
"minLength": 0,
"maxLength": 4096
}
]
},
"ConnectionClientIdGoogleApps": {
"description": "Your Google OAuth 2.0 client ID. You can find this in your [Google Cloud Console](https://console.cloud.google.com/apis/credentials) under the OAuth 2.0 Client IDs section.",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionClientId"
},
{
"type": "string",
"minLength": 1,
"maxLength": 128
}
]
},
"ConnectionClientIdGoogleOAuth2": {
"description": "Your Google OAuth 2.0 client ID. You can find this in your [Google Cloud Console](https://console.cloud.google.com/apis/credentials) under the OAuth 2.0 Client IDs section.",
"type": "string",
"minLength": 1,
"maxLength": 255
},
"ConnectionClientIdLine": {
"description": "LINE Channel ID issued by LINE during application registration. This value identifies your Auth0 connection to LINE.",
"type": "string",
"minLength": 10,
"maxLength": 10,
"pattern": "^\\d+$"
},
"ConnectionClientIdLinkedin": {
"description": "LinkedIn application client identifier",
"type": "string",
"minLength": 14,
"maxLength": 14,
"pattern": "^[a-z0-9]$"
},
"ConnectionClientIdOAuth1": {
"description": "OAuth 1.0a client ID (consumer key) that identifies the client to the provider and is used to sign OAuth 1.0a requests.",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionClientId"
},
{
"maxLength": 255
}
]
},
"ConnectionClientIdOAuth2": {
"allOf": [
{
"$ref": "#/components/schemas/ConnectionClientId"
},
{
"minLength": 1,
"maxLength": 128
}
]
},
"ConnectionClientIdOIDC": {
"allOf": [
{
"$ref": "#/components/schemas/ConnectionClientId"
},
{
"maxLength": 255
}
]
},
"ConnectionClientIdPaypal": {
"description": "OAuth 2.0 client identifier issued by PayPal during application registration. This value identifies your Auth0 connection to PayPal. Leave empty to use Auth0 Dev Keys.",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionClientId"
},
{
"maxLength": 255
}
]
},
"ConnectionClientIdSalesforce": {
"description": "The OAuth 2.0 client identifier",
"type": "string",
"minLength": 1,
"maxLength": 255
},
"ConnectionClientIdWindowsLive": {
"description": "OAuth 2.0 client identifier issued by the identity provider during application registration. This value identifies your Auth0 connection to the identity provider.",
"type": "string",
"anyOf": [
{
"description": "The Windows Live client ID as a UUID. The unique identifier for your Windows Live application. Must be a valid 36-character UUID.",
"format": "uuid",
"minLength": 36,
"maxLength": 36
},
{
"description": "The Windows Live client ID as a legacy hexadecimal string. The unique identifier for your Windows Live application. Must be a valid 16-character hexadecimal string.",
"format": "hexadecimal",
"minLength": 16,
"maxLength": 16
}
]
},
"ConnectionClientProtocolSAML": {
"description": "The response protocol used to communicate with the default application.",
"oneOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsIdpInitiatedClientProtocolEnumSAML"
}
]
},
"ConnectionClientSecret": {
"type": "string",
"description": "OAuth 2.0 client secret issued by the identity provider during application registration. Used to authenticate your Auth0 connection when exchanging authorization codes for tokens. May be null for public clients.",
"minLength": 0
},
"ConnectionClientSecretAmazon": {
"description": "OAuth 2.0 client secret obtained from Amazon Developer Console during Login with Amazon application registration. Used to authenticate your application when exchanging authorization codes for tokens.",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionClientSecret"
},
{
"maxLength": 255
}
]
},
"ConnectionClientSecretAzureAD": {
"description": "The client secret (application password) from your Azure AD app registration. Used to authenticate your application when exchanging authorization codes for tokens.",
"type": "string",
"maxLength": 10000
},
"ConnectionClientSecretBitbucket": {
"allOf": [
{
"$ref": "#/components/schemas/ConnectionClientSecret"
},
{
"maxLength": 512
}
]
},
"ConnectionClientSecretExact": {
"description": "OAuth2.0 client secret for the Exact Online connection, obtained when registering your application in the Exact App Center.",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionClientSecret"
},
{
"maxLength": 255
}
]
},
"ConnectionClientSecretFacebook": {
"description": "Your Facebook App Secret. You can find this in your [Facebook Developers Console](https://developers.facebook.com/apps) under the App Settings section.",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionClientSecret"
},
{
"minLength": 1,
"maxLength": 13000
}
]
},
"ConnectionClientSecretGoogleApps": {
"description": "Your Google OAuth 2.0 client secret. You can find this in your [Google Cloud Console](https://console.cloud.google.com/apis/credentials) under the OAuth 2.0 Client IDs section.",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionClientSecret"
},
{
"type": "string",
"minLength": 1,
"maxLength": 4096
}
]
},
"ConnectionClientSecretGoogleOAuth2": {
"description": "Your Google OAuth 2.0 client secret. You can find this in your [Google Cloud Console](https://console.cloud.google.com/apis/credentials) under the OAuth 2.0 Client IDs section.",
"type": "string",
"minLength": 1,
"maxLength": 255
},
"ConnectionClientSecretLine": {
"description": "LINE Channel Secret issued by provider during application registration. This value is used to authenticate your Auth0 connection to the identity provider.",
"type": "string",
"minLength": 1,
"maxLength": 255
},
"ConnectionClientSecretLinkedin": {
"description": "OAuth 2.0 client secret issued by the identity provider during application registration. This value is used to authenticate your Auth0 connection to the identity provider.",
"type": "string",
"minLength": 1,
"maxLength": 255
},
"ConnectionClientSecretOAuth1": {
"description": "OAuth 1.0a client secret paired with the consumer key to sign request-token and access-token requests for this connection. Treat as a sensitive credential and supply the exact secret issued by the upstream provider.",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionClientSecret"
},
{
"maxLength": 2400
}
]
},
"ConnectionClientSecretOAuth2": {
"allOf": [
{
"$ref": "#/components/schemas/ConnectionClientSecret"
},
{
"maxLength": 1024
}
]
},
"ConnectionClientSecretOIDC": {
"allOf": [
{
"$ref": "#/components/schemas/ConnectionClientSecret"
},
{
"maxLength": 700
}
]
},
"ConnectionClientSecretPaypal": {
"description": "OAuth 2.0 client secret issued by PayPal during application registration. Leave empty to use Auth0 Dev Keys.",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionClientSecret"
},
{
"maxLength": 255
}
]
},
"ConnectionClientSecretSalesforce": {
"description": "The OAuth 2.0 client secret",
"type": "string",
"minLength": 1,
"maxLength": 255
},
"ConnectionClientSecretWindowsLive": {
"allOf": [
{
"$ref": "#/components/schemas/ConnectionClientSecret"
},
{
"maxLength": 256
}
]
},
"ConnectionCommon": {
"type": "object",
"additionalProperties": false,
"minProperties": 1,
"properties": {
"display_name": {
"$ref": "#/components/schemas/ConnectionDisplayName"
},
"enabled_clients": {
"$ref": "#/components/schemas/ConnectionEnabledClients"
},
"is_domain_connection": {
"$ref": "#/components/schemas/ConnectionIsDomainConnection"
},
"metadata": {
"$ref": "#/components/schemas/ConnectionsMetadata"
}
}
},
"ConnectionCommunityBaseUrlSalesforce": {
"description": "The base URL of your Salesforce Community (Experience Cloud) site. When specified, authentication flows will use this Community URL instead of the standard Salesforce login page, enabling users to authenticate through your branded Community portal.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionHttpsUrlWithHttpFallback"
}
]
},
"ConnectionConfiguration": {
"type": "object",
"description": "A hash of configuration key/value pairs.",
"additionalProperties": {
"type": "string"
}
},
"ConnectionConnectedAccountsPurpose": {
"type": "object",
"description": "Configure the purpose of a connection to be used for connected accounts and Token Vault.",
"additionalProperties": false,
"required": [
"active"
],
"x-release-lifecycle": "GA",
"properties": {
"active": {
"type": "boolean"
},
"cross_app_access": {
"type": "boolean"
}
}
},
"ConnectionConnectedAccountsPurposeXAA": {
"type": "object",
"description": "Configure the purpose of a connection to be used for connected accounts and Token Vault.",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionConnectedAccountsPurpose"
},
{
"type": "object",
"properties": {
"cross_app_access": {
"type": "boolean",
"default": false
}
}
}
]
},
"ConnectionConnectionSettings": {
"type": "object",
"description": "OAuth 2.0 PKCE (Proof Key for Code Exchange) settings. PKCE enhances security for public clients by preventing authorization code interception attacks. 'auto' (recommended) uses the strongest method supported by the IdP.",
"properties": {
"pkce": {
"$ref": "#/components/schemas/ConnectionConnectionSettingsPkceEnum"
}
}
},
"ConnectionConnectionSettingsPkceEnum": {
"type": "string",
"description": "PKCE configuration.",
"enum": [
"auto",
"S256",
"plain",
"disabled"
]
},
"ConnectionCustomHeadersOAuth2": {
"description": "Custom HTTP headers sent with token exchange requests to the identity provider's token endpoint. Provided as key-value pairs (e.g., {'X-Custom-Header': 'value'}). Auth0's User-Agent header is always included by default.",
"type": "object",
"maxProperties": 30,
"additionalProperties": {
"type": "string",
"minLength": 1,
"maxLength": 1024
}
},
"ConnectionCustomScripts": {
"type": "object",
"description": "A map of scripts used to integrate with a custom database.",
"additionalProperties": true,
"properties": {
"login": {
"type": "string",
"minLength": 1
},
"get_user": {
"type": "string",
"minLength": 1
},
"delete": {
"type": "string",
"minLength": 1
},
"change_password": {
"type": "string",
"minLength": 1
},
"verify": {
"type": "string",
"minLength": 1
},
"create": {
"type": "string",
"minLength": 1
},
"change_username": {
"type": "string",
"minLength": 1
},
"change_email": {
"type": "string",
"minLength": 1
},
"change_phone_number": {
"type": "string",
"minLength": 1
}
}
},
"ConnectionDebugSAML": {
"description": "When true, enables detailed SAML debugging by issuing 'w' (warning) events in tenant logs containing SAML request/response details. WARNING: Potentially exposes sensitive user information (PII, credentials) and should only be enabled temporarily for debugging purposes.",
"type": "boolean"
},
"ConnectionDecryptionKeySAML": {
"description": "Private key used to decrypt encrypted SAML Assertions received from the identity provider. Required when the identity provider encrypts assertions for enhanced security. Can be a string (PEM) or an object with key-value pairs.",
"anyOf": [
{
"type": "object",
"description": "Key pair with 'key' and 'cert' properties.",
"properties": {
"cert": {
"description": "Base64-encoded X.509 certificate in PEM format.",
"type": "string",
"minLength": 1,
"maxLength": 10240
},
"key": {
"description": "Private key in PEM format.",
"type": "string",
"minLength": 1,
"maxLength": 10240
}
},
"additionalProperties": false
},
{
"description": "Private key in PEM format.",
"type": "string",
"minLength": 1,
"maxLength": 10240
}
]
},
"ConnectionDestinationUrlSAML": {
"description": "The URL where Auth0 will send SAML authentication requests (the Identity Provider's SSO URL). Must be a valid HTTPS URL.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionHttpsUrlWithHttpFallback255"
}
]
},
"ConnectionDigestAlgorithmEnumSAML": {
"description": "Algorithm used for computing digest values when signing SAML requests and logout requests. Defaults to 'sha256'.",
"type": "string",
"enum": [
"sha1",
"sha256"
]
},
"ConnectionDigestAlgorithmSAML": {
"description": "Algorithm used for computing digest values when signing SAML requests and logout requests. Defaults to 'sha256'.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionDigestAlgorithmEnumSAML"
}
]
},
"ConnectionDisableSelfServiceChangePassword": {
"type": "boolean",
"description": "Indicates whether to disable self-service change password. Set to true to stop the \"Forgot Password\" being displayed on login pages",
"default": false
},
"ConnectionDisableSignup": {
"description": "When true, prevents new user registration through this connection. Existing users can still authenticate. Useful for invite-only applications or during user migration.",
"type": "boolean"
},
"ConnectionDisableSignupSMS": {
"description": "Controls whether new user signups are allowed via SMS authentication",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionDisableSignup"
}
]
},
"ConnectionDiscoveryUrl": {
"description": "URL of the identity provider's OIDC Discovery endpoint (/.well-known/openid-configuration). When provided and oidc_metadata is empty, Auth0 automatically retrieves the provider's configuration including endpoints and supported features.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionHttpsUrlWithHttpFallback255"
}
]
},
"ConnectionDisplayName": {
"type": "string",
"description": "Connection name used in the new universal login experience",
"maxLength": 128,
"minLength": 1
},
"ConnectionDisplayValuesSupported": {
"type": "array",
"description": "JSON array containing a list of the JWS signing algorithms (alg values) supported by the Token Endpoint for the signature on the JWT [JWT] used to authenticate the Client at the Token Endpoint for the private_key_jwt and client_secret_jwt authentication methods. Servers SHOULD support RS256. The value none MUST NOT be used.",
"minItems": 0,
"maxItems": 6,
"items": {
"type": "string",
"maxLength": 10
}
},
"ConnectionDomainAliases": {
"description": "Email domains associated with this connection for Home Realm Discovery (HRD). When a user's email matches one of these domains, they are automatically routed to this connection during authentication.",
"type": "array",
"items": {
"$ref": "#/components/schemas/ConnectionDomainAliasesItems"
},
"minItems": 0,
"maxItems": 1000
},
"ConnectionDomainAliasesAD": {
"description": "List of domain names that can be used with identifier-first authentication flow to route users to this AD connection; each domain must be a valid DNS name up to 256 characters",
"type": "array",
"items": {
"type": "string",
"minLength": 1,
"maxLength": 255
},
"minItems": 0,
"maxItems": 1000
},
"ConnectionDomainAliasesAzureAD": {
"description": "Alternative domain names associated with this Azure AD tenant. Allows users from multiple verified domains to authenticate through this connection. Can be an array of domain strings.",
"type": "array",
"items": {
"type": "string",
"minLength": 0,
"maxLength": 255
},
"minItems": 0,
"maxItems": 1000
},
"ConnectionDomainAliasesItems": {
"oneOf": [
{
"type": "string",
"minLength": 0,
"maxLength": 256,
"pattern": "^((?!-))(xn--)?([a-zA-Z0-9](?:[a-zA-Z0-9\\-]*[a-zA-Z0-9])?\\.)*(xn--)?[a-zA-Z0-9](?:[a-zA-Z0-9\\-]*[a-zA-Z0-9])?$"
},
{
"type": "string",
"format": "uri",
"minLength": 0,
"maxLength": 255
}
]
},
"ConnectionDomainAliasesSAML": {
"description": "Domain aliases for the connection",
"type": "array",
"items": {
"$ref": "#/components/schemas/ConnectionDomainAliasesItems"
},
"minItems": 0,
"maxItems": 50001
},
"ConnectionDomainGoogleApps": {
"description": "Primary Google Workspace domain name that users must belong to.",
"type": "string",
"minLength": 1,
"maxLength": 1024
},
"ConnectionDomainOkta": {
"type": "string",
"description": "Domain of the Okta organization (e.g., dev-123456.okta.com). Should be just the domain of the okta server with no scheme or trailing backslash. Discovery runs only when connection.options.oidc_metadata is empty and a domain is provided",
"minLength": 4,
"maxLength": 255
},
"ConnectionDpopSigningAlgEnum": {
"type": "string",
"x-release-lifecycle": "EA",
"description": "Algorithm used for DPoP proof JWT signing.",
"enum": [
"ES256",
"Ed25519"
]
},
"ConnectionDpopSigningAlgValuesSupported": {
"type": "array",
"description": "JSON array containing a list of the JWS signing algorithms (alg values) supported for DPoP proof JWT signing.",
"minItems": 0,
"maxItems": 26,
"items": {
"type": "string",
"maxLength": 14
}
},
"ConnectionEmailBodyEmail": {
"description": "Email body content",
"type": "string",
"minLength": 1,
"maxLength": 20480
},
"ConnectionEmailEmail": {
"description": "Email template configuration",
"type": "object",
"properties": {
"body": {
"$ref": "#/components/schemas/ConnectionEmailBodyEmail"
},
"from": {
"$ref": "#/components/schemas/ConnectionEmailFromEmail"
},
"subject": {
"$ref": "#/components/schemas/ConnectionEmailSubjectEmail"
},
"syntax": {
"type": "string",
"description": "Email template syntax type",
"const": "liquid"
}
},
"additionalProperties": false
},
"ConnectionEmailFromEmail": {
"type": "string",
"description": "From email address",
"minLength": 1,
"maxLength": 1024
},
"ConnectionEmailOtpAuthenticationMethod": {
"type": "object",
"description": "Email OTP authentication enablement",
"additionalProperties": false,
"x-release-lifecycle": "EA",
"properties": {
"enabled": {
"type": "boolean",
"description": "Determines whether email OTP is enabled"
}
}
},
"ConnectionEmailSubjectEmail": {
"type": "string",
"description": "Email subject line",
"minLength": 1,
"maxLength": 1024
},
"ConnectionEnableScriptContext": {
"type": "boolean",
"description": "Set to true to inject context into custom DB scripts (warning: cannot be disabled once enabled)"
},
"ConnectionEnabledClient": {
"type": "object",
"additionalProperties": true,
"required": [
"client_id"
],
"properties": {
"client_id": {
"type": "string",
"description": "The client id"
}
}
},
"ConnectionEnabledClients": {
"type": "array",
"description": "DEPRECATED property. Use the PATCH /v2/connections/{id}/clients endpoint to enable the connection for a set of clients.",
"x-release-lifecycle": "deprecated",
"items": {
"type": "string",
"description": "The id of the client to for which the connection is to be enabled. ",
"format": "client-id"
}
},
"ConnectionEnabledDatabaseCustomization": {
"type": "boolean",
"description": "Set to true to use a legacy user store"
},
"ConnectionEndSessionEndpoint": {
"type": "string",
"description": "URL of the identity provider's logout/end session endpoint. When configured as a static URL, users are redirected here after logging out from Auth0. Must use HTTPS scheme.",
"format": "uri",
"pattern": "^https:\\/\\/.*",
"minLength": 8,
"maxLength": 255
},
"ConnectionEndSessionEndpointOAuth2": {
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionEndSessionEndpoint"
}
]
},
"ConnectionEntityIdSAML": {
"description": "The entity identifier (Issuer) for the SAML Service Provider. When not provided, defaults to 'urn:auth0:{tenant}:{connection}'. This value is included in SAML AuthnRequest messages sent to the identity provider.",
"type": "string",
"minLength": 1,
"maxLength": 128
},
"ConnectionExtAdmin": {
"description": "Indicates to store whether the user is a domain administrator.",
"type": "boolean",
"default": false
},
"ConnectionExtAgreedTerms": {
"type": "boolean",
"description": "Indicates to store whether the user has agreed to the terms of service.",
"default": false
},
"ConnectionExtAgreedTermsGoogleApps": {
"description": "Fetches the `agreedToTerms` flag from the Google Directory profile.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionExtAgreedTerms"
}
]
},
"ConnectionExtAssignedPlans": {
"type": "boolean",
"description": "Indicates whether to store a list of the Office 365 assigned plans for the user.",
"default": false
},
"ConnectionExtGroups": {
"type": "boolean",
"default": false
},
"ConnectionExtGroupsAzureAD": {
"description": "When enabled (true), retrieves and stores Azure AD security group memberships for the user. Requires Microsoft Graph API permissions (Directory.Read.All). Allows configuring max_groups_to_retrieve.",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionExtGroups"
}
]
},
"ConnectionExtGroupsGoogleApps": {
"description": "Enables enrichment with Google group memberships (required for `ext_groups_extended`).",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionExtGroups"
}
]
},
"ConnectionExtIsAdminGoogleApps": {
"description": "Fetches the Google Directory admin flag for the signing-in user.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionExtAdmin"
}
]
},
"ConnectionExtIsSuspended": {
"description": "Indicates to store whether a user's account is suspended.",
"type": "boolean",
"default": false
},
"ConnectionExtIsSuspendedGoogleApps": {
"description": "Fetches the Google Directory suspended flag for the signing-in user.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionExtIsSuspended"
}
]
},
"ConnectionExtProfile": {
"type": "boolean",
"description": "When enabled (true), retrieves extended profile attributes from Azure AD via Microsoft Graph API (job title, department, office location, etc.). Requires Graph API permissions. Only available with Azure AD v1 or when explicitly enabled for v2.",
"default": false
},
"ConnectionFederatedConnectionsAccessTokens": {
"type": [
"object",
"null"
],
"description": "Federated Connections Access Tokens",
"additionalProperties": false,
"properties": {
"active": {
"type": "boolean",
"description": "Enables refresh tokens and access tokens collection for federated connections"
}
}
},
"ConnectionFieldsMap": {
"type": "object",
"description": "Mapping of user profile fields returned from the OAuth2 provider to Auth0 user attributes",
"maxProperties": 100,
"additionalProperties": {
"type": "string",
"minLength": 1,
"maxLength": 128
}
},
"ConnectionFieldsMapSAML": {
"description": "Maps SAML assertion attributes from the identity provider to Auth0 user profile attributes. Format: { 'auth0_field': 'saml_attribute' } or { 'auth0_field': ['saml_attr1', 'saml_attr2'] } for fallback options. Merged with default mappings for email, name, given_name, family_name, and groups.",
"type": "object",
"maxProperties": 44,
"additionalProperties": {
"anyOf": [
{
"type": "string",
"minLength": 0,
"maxLength": 2048
},
{
"type": "array",
"items": {
"type": "string",
"minLength": 0,
"maxLength": 2048
},
"minItems": 0,
"maxItems": 4
}
]
}
},
"ConnectionForList": {
"type": "object",
"additionalProperties": false,
"properties": {
"name": {
"type": "string",
"description": "The name of the connection",
"default": "My connection"
},
"display_name": {
"type": "string",
"description": "Connection name used in login screen"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptions"
},
"id": {
"type": "string",
"description": "The connection's identifier",
"default": "con_0000000000000001"
},
"strategy": {
"type": "string",
"description": "The type of the connection, related to the identity provider",
"default": "auth0"
},
"realms": {
"type": "array",
"description": "Defines the realms for which the connection will be used (ie: email domains). If the array is empty or the property is not specified, the connection name will be added as realm.",
"items": {
"type": "string",
"description": "The realm where this connection belongs",
"format": "connection-realm"
}
},
"is_domain_connection": {
"type": "boolean",
"description": "True if the connection is domain level"
},
"show_as_button": {
"type": "boolean",
"description": "Enables showing a button for the connection in the login page (new experience only). If false, it will be usable only by HRD."
},
"metadata": {
"$ref": "#/components/schemas/ConnectionsMetadata"
},
"authentication": {
"$ref": "#/components/schemas/ConnectionAuthenticationPurpose",
"x-release-lifecycle": "GA"
},
"connected_accounts": {
"$ref": "#/components/schemas/ConnectionConnectedAccountsPurpose",
"x-release-lifecycle": "GA"
}
}
},
"ConnectionForOrganization": {
"type": "object",
"description": "Connection to be added to the organization.",
"additionalProperties": false,
"required": [
"connection_id"
],
"properties": {
"connection_id": {
"type": "string",
"description": "ID of the connection."
},
"assign_membership_on_login": {
"type": "boolean",
"description": "When true, all users that log in with this connection will be automatically granted membership in the organization. When false, users must be granted membership in the organization before logging in with this connection."
},
"show_as_button": {
"type": "boolean",
"description": "Determines whether a connection should be displayed on this organization’s login prompt. Only applicable for enterprise connections. Default: true."
},
"is_signup_enabled": {
"type": "boolean",
"description": "Determines whether organization signup should be enabled for this organization connection. Only applicable for database connections. Default: false."
}
}
},
"ConnectionForwardReqInfoSMS": {
"description": "When set to true, the gateway receives HTTP request details including IP address and User Agent from the client.",
"x-release-lifecycle": "deprecated",
"type": "boolean"
},
"ConnectionFreeformScopesAmazon": {
"description": "Additional OAuth scopes to request from Amazon beyond the standard profile and postal_code scopes. These scopes must be valid Amazon Login scopes.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionScopeArray"
}
]
},
"ConnectionFreeformScopesGoogleOAuth2": {
"description": "Array of custom OAuth 2.0 scopes to request from Google during authentication. Use this to request scopes not covered by the predefined scope options.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionScopeArray"
}
]
},
"ConnectionFreeformScopesLinkedin": {
"description": "Array of custom OAuth 2.0 scopes to request from Linkedin during authentication. Use this to request scopes not covered by the predefined scope options.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionScopeArray"
}
]
},
"ConnectionFreeformScopesPaypal": {
"description": "Additional OAuth scopes to request from PayPal beyond the standard attribute scopes. Enter valid PayPal scopes from their documentation. Invalid scopes may cause authentication errors.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionScopeArray"
}
]
},
"ConnectionFreeformScopesSalesforce": {
"description": "Additional OAuth scopes to request from Salesforce beyond the standard profile permissions. Enter valid scopes from the Salesforce documentation. Invalid scopes may cause authentication errors.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionScopeArray"
}
]
},
"ConnectionFreeformScopesWindowsLive": {
"description": "Custom OAuth scopes not predefined in the standard scope list.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionScopeArray"
}
]
},
"ConnectionFromSMS": {
"description": "The sender phone number or alphanumeric sender ID for outgoing SMS messages",
"x-release-lifecycle": "deprecated",
"type": "string",
"minLength": 1,
"maxLength": 128
},
"ConnectionGatewayAuthentication": {
"type": [
"object",
"null"
],
"description": "Token-based authentication settings to be applied when connection is using an sms strategy.",
"additionalProperties": true,
"required": [
"method",
"audience",
"secret"
],
"properties": {
"method": {
"type": "string",
"description": "The Authorization header type."
},
"subject": {
"type": "string",
"description": "The subject to be added to the JWT payload."
},
"audience": {
"type": "string",
"description": "The audience to be added to the JWT payload."
},
"secret": {
"type": "string",
"description": "The secret to be used for signing tokens."
},
"secret_base64_encoded": {
"type": "boolean",
"description": "Set to true if the provided secret is base64 encoded."
}
}
},
"ConnectionGatewayAuthenticationAudienceSMS": {
"description": "`aud` claim value in the JWT sent to the SMS gateway. Identifies the gateway service (e.g., 'urn:MySmsGateway').",
"type": "string",
"minLength": 1,
"maxLength": 128
},
"ConnectionGatewayAuthenticationMethodSMS": {
"description": "The Authorization header type when calling the SMS gateway. Set to 'bearer' for JWT token authentication.",
"type": "string",
"minLength": 1,
"maxLength": 20
},
"ConnectionGatewayAuthenticationSMS": {
"type": [
"object",
"null"
],
"description": "Optional token-based authentication configuration for the SMS gateway",
"default": null,
"required": [
"audience",
"method",
"secret"
],
"properties": {
"audience": {
"$ref": "#/components/schemas/ConnectionGatewayAuthenticationAudienceSMS"
},
"method": {
"$ref": "#/components/schemas/ConnectionGatewayAuthenticationMethodSMS"
},
"secret": {
"description": "The secret used to sign the JSON Web Token sent to the SMS gateway",
"type": "string",
"minLength": 1,
"maxLength": 5120
},
"secret_base64_encoded": {
"description": "Set to true if the secret is base64-url-encoded",
"type": "boolean",
"default": false
},
"subject": {
"$ref": "#/components/schemas/ConnectionGatewayAuthenticationSubjectSMS"
}
},
"additionalProperties": true,
"x-release-lifecycle": "deprecated"
},
"ConnectionGatewayAuthenticationSubjectSMS": {
"description": "`sub` claim value in the JWT sent to the SMS gateway. Identifies the requester (e.g., 'urn:Auth0').",
"type": "string",
"minLength": 1,
"maxLength": 64
},
"ConnectionGatewayUrlSMS": {
"description": "The URL of your SMS gateway. Auth0 must be able to reach this URL for it to use your gateway to send messages on your behalf.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionHttpsUrlWithHttpFallback255"
}
],
"x-release-lifecycle": "deprecated"
},
"ConnectionGlobalTokenRevocationJwtIssSAML": {
"description": "Expected 'iss' (Issuer) claim value for JWT tokens in Global Token Revocation requests from the identity provider. When configured, Auth0 validates the JWT issuer matches this value before processing token revocation. Must be used together with global_token_revocation_jwt_sub.",
"type": "string",
"minLength": 1,
"maxLength": 1024
},
"ConnectionGlobalTokenRevocationJwtSubSAML": {
"description": "Expected 'sub' (Subject) claim value for JWT tokens in Global Token Revocation requests from the identity provider. When configured, Auth0 validates the JWT subject matches this value before processing token revocation. Must be used together with global_token_revocation_jwt_iss.",
"type": "string",
"minLength": 1,
"maxLength": 1024
},
"ConnectionGrantTypesSupported": {
"type": "array",
"description": "A list of the OAuth 2.0 Grant Type values that this OP supports. Dynamic OpenID Providers MUST support the authorization_code and implicit Grant Type values and MAY support other Grant Types. If omitted, the default value is [\"authorization_code\", \"implicit\"].",
"maxItems": 20,
"minItems": 0,
"items": {
"type": "string",
"maxLength": 100
}
},
"ConnectionHandleLoginFromSocialGoogleApps": {
"description": "When enabled, users who sign in with their Google account through a social login will be automatically routed to this Google Workspace connection if their email domain matches the configured tenant_domain or domain_aliases. This ensures enterprise users authenticate through their organization's Google Workspace identity provider rather than through a generic Google social login, enabling access to directory-based attributes and enforcing organizational security policies. Defaults to true for new connections.",
"default": true,
"type": "boolean"
},
"ConnectionHttpsUrlWithHttpFallback": {
"type": "string",
"format": "uri",
"pattern": "^https:\\/\\/.*",
"minLength": 8
},
"ConnectionHttpsUrlWithHttpFallback2048": {
"allOf": [
{
"$ref": "#/components/schemas/ConnectionHttpsUrlWithHttpFallback"
},
{
"maxLength": 2048
}
]
},
"ConnectionHttpsUrlWithHttpFallback255": {
"allOf": [
{
"$ref": "#/components/schemas/ConnectionHttpsUrlWithHttpFallback"
},
{
"maxLength": 255
}
]
},
"ConnectionIconUrl": {
"description": "https url of the icon to be shown",
"type": "string",
"format": "uri",
"pattern": "^https:\\/\\/.*",
"minLength": 8,
"maxLength": 255
},
"ConnectionIconUrlADFS": {
"description": "URL for the connection icon displayed in Auth0 login pages. Accepts HTTPS URLs. Used for visual branding in authentication flows.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionIconUrl"
}
]
},
"ConnectionIconUrlAzureAD": {
"description": "URL for the connection icon displayed in Auth0 login pages. Accepts HTTPS URLs. Used for visual branding in authentication flows.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionIconUrl"
}
]
},
"ConnectionIconUrlGoogleApps": {
"description": "URL for the connection icon displayed in Auth0 login pages. Accepts HTTPS URLs. Used for visual branding in authentication flows.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionIconUrl"
}
]
},
"ConnectionIconUrlGoogleOAuth2": {
"description": "URL for the connection icon displayed in Auth0 login pages. Accepts HTTPS URLs. Used for visual branding in authentication flows.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionIconUrl"
}
]
},
"ConnectionIconUrlSAML": {
"description": "URL for the connection icon displayed in Auth0 login pages. Accepts HTTPS URLs. Used for visual branding in authentication flows.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionIconUrl"
}
]
},
"ConnectionId": {
"type": "string",
"description": "The connection's identifier",
"default": "con_0000000000000001"
},
"ConnectionIdTokenEncryptionAlgValuesSupported": {
"type": "array",
"description": "JSON array containing a list of the JWE encryption algorithms (alg values) supported by the OP for the ID Token to encode the Claims in a JWT",
"minItems": 0,
"maxItems": 26,
"items": {
"type": "string",
"maxLength": 14
}
},
"ConnectionIdTokenEncryptionEncValuesSupported": {
"type": "array",
"description": "JSON array containing a list of the JWE encryption algorithms (enc values) supported by the OP for the ID Token to encode the Claims in a JWT [JWT].",
"minItems": 0,
"maxItems": 12,
"items": {
"type": "string",
"maxLength": 26
}
},
"ConnectionIdTokenSignedResponseAlgEnum": {
"description": "Algorithm allowed to verify the ID tokens.",
"type": "string",
"enum": [
"ES256",
"ES384",
"PS256",
"PS384",
"RS256",
"RS384",
"RS512"
],
"x-merge-priority": -5
},
"ConnectionIdTokenSignedResponseAlgs": {
"description": "List of algorithms allowed to verify the ID tokens.",
"type": [
"array",
"null"
],
"items": {
"$ref": "#/components/schemas/ConnectionIdTokenSignedResponseAlgEnum"
},
"x-merge-priority": -5
},
"ConnectionIdTokenSigningAlgValuesSupported": {
"type": "array",
"description": "A list of the JWS signing algorithms (alg values) supported by the OP for the ID Token to encode the Claims in a JWT. The algorithm RS256 MUST be included. The value none MAY be supported, but MUST NOT be used unless the Response Type used returns no ID Token from the Authorization Endpoint (such as when using the Authorization Code Flow). https://datatracker.ietf.org/doc/html/rfc7518",
"minItems": 1,
"maxItems": 26,
"items": {
"type": "string",
"maxLength": 10
}
},
"ConnectionIdentifierPrecedence": {
"type": "array",
"description": "Order of precedence for attribute types. If the property is not specified, the default precedence of attributes will be used.",
"items": {
"$ref": "#/components/schemas/ConnectionIdentifierPrecedenceEnum"
},
"default": [
"email",
"phone_number",
"username"
],
"uniqueItems": true,
"minItems": 3,
"maxItems": 3
},
"ConnectionIdentifierPrecedenceEnum": {
"type": "string",
"description": "Order of precedence for attribute types",
"enum": [
"email",
"phone_number",
"username"
]
},
"ConnectionIdentityApiAzureAD": {
"description": "The Azure AD endpoint version for authentication. 'microsoft-identity-platform-v2.0' (recommended, default) supports modern OAuth 2.0 features. 'azure-active-directory-v1.0' is the legacy endpoint with protocol limitations. Selection affects available features.",
"default": "microsoft-identity-platform-v2.0",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionIdentityApiEnumAzureAD"
}
]
},
"ConnectionIdentityApiEnumAzureAD": {
"description": "Identity API version to use",
"default": "microsoft-identity-platform-v2.0",
"type": "string",
"enum": [
"microsoft-identity-platform-v2.0",
"azure-active-directory-v1.0"
]
},
"ConnectionIdentityProviderEnum": {
"type": "string",
"description": "The identity provider identifier for the connection",
"enum": [
"ad",
"adfs",
"amazon",
"apple",
"dropbox",
"bitbucket",
"auth0-oidc",
"auth0",
"baidu",
"bitly",
"box",
"custom",
"daccount",
"dwolla",
"email",
"evernote-sandbox",
"evernote",
"exact",
"facebook",
"fitbit",
"github",
"google-apps",
"google-oauth2",
"instagram",
"ip",
"line",
"linkedin",
"oauth1",
"oauth2",
"office365",
"oidc",
"okta",
"paypal",
"paypal-sandbox",
"pingfederate",
"planningcenter",
"salesforce-community",
"salesforce-sandbox",
"salesforce",
"samlp",
"sharepoint",
"shopify",
"shop",
"sms",
"soundcloud",
"thirtysevensignals",
"twitter",
"untappd",
"vkontakte",
"waad",
"weibo",
"windowslive",
"wordpress",
"yahoo",
"yandex"
]
},
"ConnectionImportMode": {
"type": "boolean",
"description": "Enables lazy migration mode for importing users from an external database. When a user authenticates, their credentials are validated against the legacy store, then the user is created in Auth0 for future logins."
},
"ConnectionIpsAD": {
"description": "Array of IP address ranges in CIDR notation used to determine if authentication requests originate from the corporate network for Kerberos or certificate authentication.",
"type": "array",
"items": {
"type": "string",
"minLength": 2,
"maxLength": 39
},
"minItems": 0,
"maxItems": 256
},
"ConnectionIsDomainConnection": {
"type": "boolean",
"description": "true promotes to a domain-level connection so that third-party applications can use it. false does not promote the connection, so only first-party applications with the connection enabled can use it. (Defaults to false.)",
"default": false
},
"ConnectionIssuer": {
"allOf": [
{
"description": "The identity provider's unique issuer identifier URL (e.g., https://accounts.google.com). Must match the 'iss' claim in ID tokens from the identity provider."
},
{
"$ref": "#/components/schemas/ConnectionHttpsUrlWithHttpFallback255"
}
]
},
"ConnectionJwksUri": {
"allOf": [
{
"description": "URL of the identity provider's JSON Web Key Set (JWKS) endpoint containing public keys for signature verification. Auth0 retrieves these keys to validate ID token signatures."
},
{
"$ref": "#/components/schemas/ConnectionHttpsUrlWithHttpFallback255"
}
]
},
"ConnectionKey": {
"type": "object",
"additionalProperties": true,
"required": [
"cert",
"kid",
"fingerprint",
"thumbprint"
],
"properties": {
"kid": {
"type": "string",
"description": "The key id of the signing key",
"maxLength": 255
},
"cert": {
"type": "string",
"description": "The public certificate of the signing key",
"default": "-----BEGIN CERTIFICATE-----\r\nMIIDDTCCA...YiA0TQhAt8=\r\n-----END CERTIFICATE-----",
"maxLength": 4096
},
"pkcs": {
"type": "string",
"description": "The public certificate of the signing key in pkcs7 format",
"default": "-----BEGIN PKCS7-----\r\nMIIDPA....t8xAA==\r\n-----END PKCS7-----",
"maxLength": 4096
},
"current": {
"type": "boolean",
"description": "True if the key is the the current key",
"default": true
},
"next": {
"type": "boolean",
"description": "True if the key is the the next key"
},
"previous": {
"type": "boolean",
"description": "True if the key is the the previous key"
},
"current_since": {
"type": "string",
"description": "The date and time when the key became the current key"
},
"fingerprint": {
"type": "string",
"description": "The cert fingerprint",
"default": "CC:FB:DD:D8:9A:B5:DE:1B:F0:CC:36:D2:99:59:21:12:03:DD:A8:25"
},
"thumbprint": {
"type": "string",
"description": "The cert thumbprint",
"default": "CCFBDDD89AB5DE1BF0CC36D29959211203DDA825",
"maxLength": 255
},
"algorithm": {
"type": "string",
"description": "Signing key algorithm"
},
"key_use": {
"$ref": "#/components/schemas/ConnectionKeyUseEnum"
},
"subject_dn": {
"type": "string",
"maxLength": 132
}
}
},
"ConnectionKeyUseEnum": {
"type": "string",
"description": "Signing key use, whether for encryption or signing",
"enum": [
"encryption",
"signing"
]
},
"ConnectionMappingModeEnumOIDC": {
"type": "string",
"description": "Method used to map incoming claims when strategy=oidc.",
"enum": [
"bind_all",
"use_map"
]
},
"ConnectionMappingModeEnumOkta": {
"type": "string",
"description": "Method used to map incoming claims when strategy=okta.",
"enum": [
"basic_profile",
"use_map"
]
},
"ConnectionMaxGroupsToRetrieve": {
"description": "Maximum number of Azure AD groups to retrieve per user during authentication. Helps prevent performance issues for users in many groups. Only applies when ext_groups is enabled. Leave empty to use platform default.",
"type": "string",
"pattern": "^[0-9]+$",
"minLength": 0,
"maxLength": 10
},
"ConnectionMessagingServiceSidSMS": {
"description": "Twilio Messaging Service SID",
"x-release-lifecycle": "deprecated",
"type": "string",
"minLength": 34,
"maxLength": 34,
"pattern": "^MG[0-9a-fA-F]{32}$"
},
"ConnectionMetadataUrlSAML": {
"description": "HTTPS URL to the identity provider's SAML metadata document. When provided, Auth0 automatically fetches and parses the metadata to extract signInEndpoint, signOutEndpoint, signingCert, signSAMLRequest, and protocolBinding. Use metadataUrl OR metadataXml, not both.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionHttpsUrlWithHttpFallback2048"
}
]
},
"ConnectionMetadataXml": {
"description": "Standard IdP metadata XML payload used across SAML-compatible strategies.",
"type": "string",
"minLength": 1,
"maxLength": 102400
},
"ConnectionMetadataXmlADFS": {
"description": "Inline XML alternative to 'adfs_server'. Cannot be set together with 'adfs_server'.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionMetadataXml"
}
]
},
"ConnectionMetadataXmlSAML": {
"description": "SAML metadata XML document from the identity provider. When provided, automatically parsed to extract signInEndpoint, signOutEndpoint, signingCert, signSAMLRequest, and protocolBinding. Deleted after parsing to avoid persisting large documents. Not persisted to database - deleted after parsing metadata. Use metadataUrl OR metadataXml, not both.",
"writeOnly": true,
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionMetadataXml"
}
]
},
"ConnectionMfa": {
"type": "object",
"description": "Multi-factor authentication configuration",
"properties": {
"active": {
"type": "boolean",
"description": "Indicates whether MFA is active for this connection"
},
"return_enroll_settings": {
"type": "boolean",
"description": "Indicates whether to return MFA enrollment settings"
}
}
},
"ConnectionName": {
"type": "string",
"description": "The name of the connection. Must start and end with an alphanumeric character and can only contain alphanumeric characters and '-'. Max length 128",
"pattern": "^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$",
"minLength": 1,
"maxLength": 128
},
"ConnectionNamePrefixTemplate": {
"type": "string",
"description": "Connection name prefix template.",
"minLength": 0,
"maxLength": 15,
"pattern": "^(?!-)(?!.*--)(?:[a-zA-Z0-9-]|{org_id}|{org_name})*$"
},
"ConnectionNonPersistentAttrs": {
"description": "An array of user fields that should not be stored in the Auth0 database (https://auth0.com/docs/security/data-security/denylist)",
"type": "array",
"items": {
"type": "string",
"minLength": 0,
"maxLength": 255
},
"minItems": 0,
"maxItems": 96
},
"ConnectionOpPolicyUri": {
"allOf": [
{
"description": "URL that the OpenID Provider provides to the person registering the Client to read about the OPs requirements on how the Relying Party can use the data provided by the OP. The registration process SHOULD display this URL to the person registering the Client if it is given."
},
{
"$ref": "#/components/schemas/ConnectionHttpsUrlWithHttpFallback255"
}
]
},
"ConnectionOpTosUri": {
"allOf": [
{
"description": "URL that the OpenID Provider provides to the person registering the Client to read about OpenID Providers terms of service. The registration process SHOULD display this URL to the person registering the Client if it is given."
},
{
"$ref": "#/components/schemas/ConnectionHttpsUrlWithHttpFallback255"
}
]
},
"ConnectionOptions": {
"type": "object",
"description": "In order to return options in the response, the `read:connections_options` scope must be present",
"additionalProperties": true
},
"ConnectionOptionsAD": {
"description": "Options for the 'ad' connection",
"type": "object",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsCommon"
},
{
"type": "object",
"properties": {
"agentIP": {
"$ref": "#/components/schemas/ConnectionAgentIPAD"
},
"agentMode": {
"$ref": "#/components/schemas/ConnectionAgentModeAD"
},
"agentVersion": {
"$ref": "#/components/schemas/ConnectionAgentVersionAD"
},
"brute_force_protection": {
"$ref": "#/components/schemas/ConnectionBruteForceProtection"
},
"certAuth": {
"type": "boolean",
"description": "Enables client SSL certificate authentication for the AD connector, requiring HTTPS on the sign-in endpoint"
},
"certs": {
"$ref": "#/components/schemas/ConnectionCertsAD"
},
"disable_cache": {
"type": "boolean",
"description": "When enabled, disables caching of AD connector authentication results to ensure real-time validation against the directory"
},
"disable_self_service_change_password": {
"type": "boolean",
"description": "When enabled, hides the 'Forgot Password' link on login pages to prevent users from initiating self-service password resets"
},
"domain_aliases": {
"$ref": "#/components/schemas/ConnectionDomainAliasesAD"
},
"icon_url": {
"$ref": "#/components/schemas/ConnectionIconUrl"
},
"ips": {
"$ref": "#/components/schemas/ConnectionIpsAD"
},
"kerberos": {
"type": "boolean",
"description": "Enables Windows Integrated Authentication (Kerberos) for seamless SSO when users authenticate from within the corporate network IP ranges",
"default": false
},
"set_user_root_attributes": {
"$ref": "#/components/schemas/ConnectionSetUserRootAttributesEnum"
},
"signInEndpoint": {
"$ref": "#/components/schemas/ConnectionSignInEndpointAD"
},
"tenant_domain": {
"$ref": "#/components/schemas/ConnectionTenantDomainAD"
},
"thumbprints": {
"$ref": "#/components/schemas/ConnectionThumbprintsAD"
},
"upstream_params": {
"$ref": "#/components/schemas/ConnectionUpstreamParams"
}
}
}
],
"additionalProperties": true
},
"ConnectionOptionsADFS": {
"description": "Options for the 'adfs' connection",
"additionalProperties": true,
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsCommon"
},
{
"type": "object",
"properties": {
"adfs_server": {
"type": "string",
"description": "ADFS federation metadata host or XML URL used to discover WS-Fed endpoints and certificates. Errors if adfs_server and fedMetadataXml are both absent.",
"minLength": 0,
"maxLength": 2048
},
"domain_aliases": {
"$ref": "#/components/schemas/ConnectionDomainAliases"
},
"entityId": {
"description": "The entity identifier (Issuer) for the ADFS Service Provider. When not provided, defaults to 'urn:auth0:{tenant}:{connection}'.",
"type": "string",
"minLength": 1,
"maxLength": 128
},
"fedMetadataXml": {
"$ref": "#/components/schemas/ConnectionMetadataXmlADFS"
},
"icon_url": {
"$ref": "#/components/schemas/ConnectionIconUrlADFS"
},
"prev_thumbprints": {
"$ref": "#/components/schemas/ConnectionThumbprints"
},
"set_user_root_attributes": {
"$ref": "#/components/schemas/ConnectionSetUserRootAttributesEnum"
},
"should_trust_email_verified_connection": {
"$ref": "#/components/schemas/ConnectionShouldTrustEmailVerifiedConnectionEnum"
},
"signInEndpoint": {
"$ref": "#/components/schemas/ConnectionSignInEndpointADFS"
},
"tenant_domain": {
"$ref": "#/components/schemas/ConnectionTenantDomain"
},
"thumbprints": {
"$ref": "#/components/schemas/ConnectionThumbprints"
},
"upstream_params": {
"$ref": "#/components/schemas/ConnectionUpstreamParamsADFS"
},
"user_id_attribute": {
"description": "Custom ADFS claim to use as the unique user identifier. When provided, this attribute is prepended to the default user_id mapping list with highest priority. Accepts a string (single ADFS claim name).",
"type": "string",
"minLength": 1,
"maxLength": 128
}
}
}
]
},
"ConnectionOptionsAmazon": {
"description": "Options for the 'amazon' connection",
"type": "object",
"additionalProperties": true,
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsCommon"
},
{
"type": "object",
"properties": {
"client_id": {
"$ref": "#/components/schemas/ConnectionClientIdAmazon"
},
"client_secret": {
"$ref": "#/components/schemas/ConnectionClientSecretAmazon"
},
"freeform_scopes": {
"$ref": "#/components/schemas/ConnectionFreeformScopesAmazon"
},
"postal_code": {
"type": "boolean",
"description": "When enabled, requests the user's postal code from Amazon during authentication. This adds the 'postal_code' scope to the authorization request.",
"default": false
},
"profile": {
"type": "boolean",
"description": "When enabled, requests the user's basic profile information (name, email, user ID) from Amazon during authentication. This scope is always enabled for Amazon connections.",
"const": true
},
"scope": {
"$ref": "#/components/schemas/ConnectionScopeAmazon"
},
"set_user_root_attributes": {
"$ref": "#/components/schemas/ConnectionSetUserRootAttributesEnum"
},
"upstream_params": {
"$ref": "#/components/schemas/ConnectionUpstreamParams"
}
}
}
]
},
"ConnectionOptionsApple": {
"description": "Options for the 'apple' connection",
"type": "object",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsCommon"
},
{
"type": "object",
"properties": {
"app_secret": {
"type": [
"string",
"null"
],
"description": "Apple App Secret (must be a PEM)",
"minLength": 0,
"maxLength": 5120
},
"client_id": {
"type": [
"string",
"null"
],
"description": "Apple Services ID",
"minLength": 0,
"maxLength": 384
},
"email": {
"type": "boolean",
"description": "User has the option to obfuscate the email with Apple's relay service"
},
"freeform_scopes": {
"type": "array",
"description": "Array of freeform scopes",
"minItems": 0,
"maxItems": 1024,
"items": {
"type": "string",
"description": "A freeform scope",
"minLength": 0,
"maxLength": 2560
}
},
"kid": {
"type": [
"string",
"null"
],
"description": "Apple Key ID",
"minLength": 0,
"maxLength": 1536
},
"name": {
"type": "boolean",
"description": "Whether to request name from Apple"
},
"scope": {
"type": "string",
"description": "Space separated list of scopes",
"minLength": 0,
"maxLength": 91260
},
"set_user_root_attributes": {
"$ref": "#/components/schemas/ConnectionSetUserRootAttributesEnum"
},
"team_id": {
"type": [
"string",
"null"
],
"description": "Apple Team ID",
"minLength": 0,
"maxLength": 256
},
"upstream_params": {
"$ref": "#/components/schemas/ConnectionUpstreamParams"
}
}
}
],
"additionalProperties": true
},
"ConnectionOptionsAuth0": {
"description": "Options for the 'auth0' connection",
"type": "object",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsCommon"
},
{
"type": "object",
"properties": {
"attributes": {
"$ref": "#/components/schemas/ConnectionAttributes"
},
"authentication_methods": {
"$ref": "#/components/schemas/ConnectionAuthenticationMethods"
},
"brute_force_protection": {
"$ref": "#/components/schemas/ConnectionBruteForceProtection"
},
"configuration": {
"$ref": "#/components/schemas/ConnectionConfiguration"
},
"customScripts": {
"$ref": "#/components/schemas/ConnectionCustomScripts"
},
"disable_self_service_change_password": {
"$ref": "#/components/schemas/ConnectionDisableSelfServiceChangePassword"
},
"disable_signup": {
"$ref": "#/components/schemas/ConnectionDisableSignup"
},
"enable_script_context": {
"$ref": "#/components/schemas/ConnectionEnableScriptContext"
},
"enabledDatabaseCustomization": {
"$ref": "#/components/schemas/ConnectionEnabledDatabaseCustomization"
},
"import_mode": {
"$ref": "#/components/schemas/ConnectionImportMode"
},
"mfa": {
"$ref": "#/components/schemas/ConnectionMfa"
},
"passkey_options": {
"$ref": "#/components/schemas/ConnectionPasskeyOptions"
},
"passwordPolicy": {
"$ref": "#/components/schemas/ConnectionPasswordPolicyEnum"
},
"password_complexity_options": {
"$ref": "#/components/schemas/ConnectionPasswordComplexityOptions"
},
"password_dictionary": {
"$ref": "#/components/schemas/ConnectionPasswordDictionaryOptions"
},
"password_history": {
"$ref": "#/components/schemas/ConnectionPasswordHistoryOptions"
},
"password_no_personal_info": {
"$ref": "#/components/schemas/ConnectionPasswordNoPersonalInfoOptions"
},
"password_options": {
"$ref": "#/components/schemas/ConnectionPasswordOptions"
},
"precedence": {
"$ref": "#/components/schemas/ConnectionIdentifierPrecedence"
},
"realm_fallback": {
"$ref": "#/components/schemas/ConnectionRealmFallback"
},
"requires_username": {
"$ref": "#/components/schemas/ConnectionRequiresUsername"
},
"validation": {
"$ref": "#/components/schemas/ConnectionValidationOptions"
}
}
}
],
"additionalProperties": true
},
"ConnectionOptionsAuth0OIDC": {
"description": "Options for the 'auth0-oidc' connection",
"type": "object",
"additionalProperties": true,
"properties": {
"client_id": {
"$ref": "#/components/schemas/ConnectionClientId"
},
"client_secret": {
"$ref": "#/components/schemas/ConnectionClientSecret"
}
}
},
"ConnectionOptionsAzureAD": {
"description": "Options for the 'waad' connection",
"type": "object",
"allOf": [
{
"type": "object",
"properties": {
"api_enable_users": {
"type": "boolean",
"description": "Enable users API"
},
"app_domain": {
"$ref": "#/components/schemas/ConnectionAppDomainAzureAD"
},
"app_id": {
"type": "string",
"description": "The Application ID URI (App ID URI) for the Azure AD application. Required when using Azure AD v1 with the Resource Owner Password flow. Used to identify the resource being requested in OAuth token requests.",
"minLength": 0,
"maxLength": 500
},
"basic_profile": {
"type": "boolean",
"description": "Includes basic user profile information from Azure AD (name, email, given_name, family_name). Always enabled and required - represents the minimum profile data retrieved during authentication."
},
"client_id": {
"$ref": "#/components/schemas/ConnectionClientIdAzureAD"
},
"client_secret": {
"$ref": "#/components/schemas/ConnectionClientSecretAzureAD"
},
"domain_aliases": {
"$ref": "#/components/schemas/ConnectionDomainAliasesAzureAD"
},
"ext_access_token": {
"type": "boolean",
"description": "When false, prevents storing the user's Azure AD access token in the Auth0 user profile. When true (default), the access token is persisted for API access."
},
"ext_account_enabled": {
"type": "boolean",
"description": "When false, prevents storing whether the user's Azure AD account is enabled. When true (default), the account enabled status is persisted in the user profile."
},
"ext_admin": {
"$ref": "#/components/schemas/ConnectionExtAdmin"
},
"ext_agreed_terms": {
"$ref": "#/components/schemas/ConnectionExtAgreedTerms"
},
"ext_assigned_licenses": {
"type": "boolean",
"description": "When false, prevents storing the list of Microsoft 365/Office 365 licenses assigned to the user. When true (default), license information is persisted in the user profile."
},
"ext_assigned_plans": {
"$ref": "#/components/schemas/ConnectionExtAssignedPlans"
},
"ext_azure_id": {
"type": "boolean",
"description": "When false, prevents storing the user's Azure ID identifier. When true (default), the Azure ID is persisted. Note: 'oid' (Object ID) is the recommended unique identifier for single-tenant connections."
},
"ext_city": {
"type": "boolean",
"description": "When false, prevents storing the user's city from Azure AD. When true (default), city information is persisted in the user profile."
},
"ext_country": {
"type": "boolean",
"description": "When false, prevents storing the user's country from Azure AD. When true (default), country information is persisted in the user profile."
},
"ext_department": {
"type": "boolean",
"description": "When false, prevents storing the user's department from Azure AD. When true (default), department information is persisted in the user profile."
},
"ext_dir_sync_enabled": {
"type": "boolean",
"description": "When false, prevents storing whether directory synchronization is enabled for the user. When true (default), directory sync status is persisted in the user profile."
},
"ext_email": {
"type": "boolean",
"description": "When false, prevents storing the user's email address from Azure AD. When true (default), email is persisted in the user profile."
},
"ext_expires_in": {
"type": "boolean",
"description": "When false, prevents storing the token expiration time (in seconds). When true (default), expiration information is persisted in the user profile."
},
"ext_family_name": {
"type": "boolean",
"description": "When false, prevents storing the user's family name (last name) from Azure AD. When true (default), family name is persisted in the user profile."
},
"ext_fax": {
"type": "boolean",
"description": "When false, prevents storing the user's fax number from Azure AD. When true (default), fax information is persisted in the user profile."
},
"ext_given_name": {
"type": "boolean",
"description": "When false, prevents storing the user's given name (first name) from Azure AD. When true (default), given name is persisted in the user profile."
},
"ext_group_ids": {
"type": "boolean",
"description": "When false, prevents storing the list of Azure AD group IDs the user is a member of. When true (default), group membership IDs are persisted. See ext_groups for retrieving group details."
},
"ext_groups": {
"$ref": "#/components/schemas/ConnectionExtGroupsAzureAD"
},
"ext_is_suspended": {
"$ref": "#/components/schemas/ConnectionExtIsSuspended"
},
"ext_job_title": {
"type": "boolean",
"description": "When false, prevents storing the user's job title from Azure AD. When true (default), job title information is persisted in the user profile."
},
"ext_last_sync": {
"type": "boolean",
"description": "When false, prevents storing the timestamp of the last directory synchronization. When true (default), the last sync date is persisted in the user profile."
},
"ext_mobile": {
"type": "boolean",
"description": "When false, prevents storing the user's mobile phone number from Azure AD. When true (default), mobile number is persisted in the user profile."
},
"ext_name": {
"type": "boolean",
"description": "When false, prevents storing the user's full name from Azure AD. When true (default), full name is persisted in the user profile."
},
"ext_nested_groups": {
"type": "boolean",
"description": "When true, stores all groups the user is member of, including transitive group memberships (groups within groups). When false (default), only direct group memberships are included.",
"default": false
},
"ext_nickname": {
"type": "boolean",
"description": "When false, prevents storing the user's nickname or display name from Azure AD. When true (default), nickname is persisted in the user profile."
},
"ext_oid": {
"type": "boolean",
"description": "When false, prevents storing the user's Object ID (oid) from Azure AD. When true (default), the oid is persisted. Note: 'oid' is the recommended unique identifier for single-tenant connections and required for SCIM."
},
"ext_phone": {
"type": "boolean",
"description": "When false, prevents storing the user's phone number from Azure AD. When true (default), phone number is persisted in the user profile."
},
"ext_physical_delivery_office_name": {
"type": "boolean",
"description": "When false, prevents storing the user's office location from Azure AD. When true (default), office location is persisted in the user profile."
},
"ext_postal_code": {
"type": "boolean",
"description": "When false, prevents storing the user's postal code from Azure AD. When true (default), postal code is persisted in the user profile."
},
"ext_preferred_language": {
"type": "boolean",
"description": "When false, prevents storing the user's preferred language from Azure AD. When true (default), language preference is persisted in the user profile."
},
"ext_profile": {
"$ref": "#/components/schemas/ConnectionExtProfile"
},
"ext_provisioned_plans": {
"type": "boolean",
"description": "When false, prevents storing the list of service plans provisioned to the user. When true (default), provisioned plans are persisted in the user profile."
},
"ext_provisioning_errors": {
"type": "boolean",
"description": "When false, prevents storing provisioning errors that occurred during synchronization. When true (default), error information is persisted. Useful for troubleshooting sync issues."
},
"ext_proxy_addresses": {
"type": "boolean",
"description": "When false, prevents storing all proxy email addresses (email aliases) for the user. When true (default), proxy addresses are persisted in the user profile."
},
"ext_puid": {
"type": "boolean",
"description": "When false, prevents storing the user's Passport User ID (puid). When true (default), puid is persisted in the user profile. Legacy attribute."
},
"ext_refresh_token": {
"type": "boolean",
"description": "When false, prevents storing the Azure AD refresh token. When true (default), the refresh token is persisted for offline access. Required for token refresh in long-lived applications."
},
"ext_roles": {
"type": "boolean",
"description": "When false, prevents storing Azure AD application roles assigned to the user. When true (default), role information is persisted. Useful for RBAC in applications."
},
"ext_state": {
"type": "boolean",
"description": "When false, prevents storing the user's state (province/region) from Azure AD. When true (default), state information is persisted in the user profile."
},
"ext_street": {
"type": "boolean",
"description": "When false, prevents storing the user's street address from Azure AD. When true (default), street address is persisted in the user profile."
},
"ext_telephoneNumber": {
"type": "boolean",
"description": "When false, prevents storing the user's telephone number from Azure AD. When true (default), telephone number is persisted in the user profile."
},
"ext_tenantid": {
"type": "boolean",
"description": "When false, prevents storing the user's Azure AD tenant ID. When true (default), tenant ID is persisted. Useful for identifying which Azure AD organization the user belongs to."
},
"ext_upn": {
"type": "boolean",
"description": "When false, prevents storing the user's User Principal Name (UPN) from Azure AD. When true (default), UPN is persisted. UPN is the user's logon name (e.g., user@contoso.com)."
},
"ext_usage_location": {
"type": "boolean",
"description": "When false, prevents storing the user's usage location for license assignment. When true (default), usage location is persisted in the user profile."
},
"ext_user_id": {
"type": "boolean",
"description": "When false, prevents storing an alternative user ID. When true (default), this user ID is persisted in the user profile."
},
"federated_connections_access_tokens": {
"$ref": "#/components/schemas/ConnectionFederatedConnectionsAccessTokens"
},
"granted": {
"type": "boolean",
"description": "Indicates whether admin consent has been granted for the required Azure AD permissions. Read-only status field managed by Auth0 during the OAuth authorization flow."
},
"icon_url": {
"$ref": "#/components/schemas/ConnectionIconUrlAzureAD"
},
"identity_api": {
"$ref": "#/components/schemas/ConnectionIdentityApiAzureAD"
},
"max_groups_to_retrieve": {
"$ref": "#/components/schemas/ConnectionMaxGroupsToRetrieve"
},
"scope": {
"$ref": "#/components/schemas/ConnectionScopeAzureAD"
},
"set_user_root_attributes": {
"$ref": "#/components/schemas/ConnectionSetUserRootAttributesEnum"
},
"should_trust_email_verified_connection": {
"$ref": "#/components/schemas/ConnectionShouldTrustEmailVerifiedConnectionEnum"
},
"tenant_domain": {
"$ref": "#/components/schemas/ConnectionTenantDomainAzureAD"
},
"tenantId": {
"$ref": "#/components/schemas/ConnectionTenantIdAzureAD"
},
"thumbprints": {
"$ref": "#/components/schemas/ConnectionThumbprints"
},
"upstream_params": {
"$ref": "#/components/schemas/ConnectionUpstreamParams"
},
"use_wsfed": {
"type": "boolean",
"description": "Indicates WS-Federation protocol usage. When true, uses WS-Federation; when false, uses OpenID Connect."
},
"useCommonEndpoint": {
"$ref": "#/components/schemas/ConnectionUseCommonEndpointAzureAD"
},
"userid_attribute": {
"$ref": "#/components/schemas/ConnectionUseridAttributeAzureAD"
},
"waad_protocol": {
"$ref": "#/components/schemas/ConnectionWaadProtocol"
}
}
},
{
"$ref": "#/components/schemas/ConnectionOptionsCommon"
}
],
"required": [
"client_id"
],
"additionalProperties": true
},
"ConnectionOptionsBaidu": {
"description": "Options for the 'baidu' connection",
"type": "object",
"additionalProperties": true,
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsOAuth2Common"
},
{
"type": "object",
"properties": {}
}
]
},
"ConnectionOptionsBitbucket": {
"description": "Options for the 'bitbucket' connection",
"type": "object",
"additionalProperties": true,
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsCommon"
},
{
"type": "object",
"properties": {
"client_id": {
"$ref": "#/components/schemas/ConnectionClientIDBitbucket"
},
"client_secret": {
"$ref": "#/components/schemas/ConnectionClientSecretBitbucket"
},
"freeform_scopes": {
"$ref": "#/components/schemas/ConnectionScopeArray"
},
"profile": {
"$ref": "#/components/schemas/ConnectionProfileBitbucket"
},
"scope": {
"$ref": "#/components/schemas/ConnectionScopeArray"
},
"set_user_root_attributes": {
"$ref": "#/components/schemas/ConnectionSetUserRootAttributesEnum"
}
}
}
]
},
"ConnectionOptionsBitly": {
"description": "Options for the 'bitly' connection",
"type": "object",
"additionalProperties": true,
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsOAuth2Common"
},
{
"type": "object",
"properties": {}
}
]
},
"ConnectionOptionsBox": {
"description": "Options for the 'box' connection",
"type": "object",
"additionalProperties": true,
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsOAuth2Common"
},
{
"type": "object",
"properties": {}
}
]
},
"ConnectionOptionsClientIdGithub": {
"description": "OAuth 2.0 client identifier issued by the identity provider during application registration. This value identifies your Auth0 connection to the identity provider.",
"type": "string",
"minLength": 1,
"maxLength": 255
},
"ConnectionOptionsClientIdTwitter": {
"description": "OAuth 2.0 client identifier issued by the identity provider during application registration. This value identifies your Auth0 connection to the identity provider.",
"type": "string",
"minLength": 1,
"maxLength": 255
},
"ConnectionOptionsClientSecretGithub": {
"description": "OAuth 2.0 client secret issued by the identity provider during application registration. This value is used to authenticate your Auth0 connection to the identity provider.",
"type": "string",
"minLength": 1,
"maxLength": 255
},
"ConnectionOptionsClientSecretTwitter": {
"description": "OAuth 2.0 client secret issued by the identity provider during application registration. This value is used to authenticate your Auth0 connection to the identity provider.",
"type": "string",
"minLength": 1,
"maxLength": 255
},
"ConnectionOptionsCommon": {
"type": "object",
"description": "Common attributes for connection options including non-persistent attributes and Cross App Access",
"properties": {
"non_persistent_attrs": {
"$ref": "#/components/schemas/ConnectionNonPersistentAttrs"
}
}
},
"ConnectionOptionsCommonOIDC": {
"description": "common options for OIDC connections",
"type": "object",
"properties": {
"authorization_endpoint": {
"$ref": "#/components/schemas/ConnectionAuthorizationEndpoint"
},
"client_id": {
"$ref": "#/components/schemas/ConnectionClientIdOIDC"
},
"client_secret": {
"$ref": "#/components/schemas/ConnectionClientSecretOIDC"
},
"connection_settings": {
"$ref": "#/components/schemas/ConnectionConnectionSettings"
},
"domain_aliases": {
"$ref": "#/components/schemas/ConnectionDomainAliases"
},
"dpop_signing_alg": {
"$ref": "#/components/schemas/ConnectionDpopSigningAlgEnum"
},
"federated_connections_access_tokens": {
"$ref": "#/components/schemas/ConnectionFederatedConnectionsAccessTokens"
},
"icon_url": {
"$ref": "#/components/schemas/ConnectionIconUrl"
},
"id_token_signed_response_algs": {
"$ref": "#/components/schemas/ConnectionIdTokenSignedResponseAlgs"
},
"issuer": {
"$ref": "#/components/schemas/ConnectionIssuer"
},
"jwks_uri": {
"$ref": "#/components/schemas/ConnectionJwksUri"
},
"oidc_metadata": {
"$ref": "#/components/schemas/ConnectionOptionsOIDCMetadata"
},
"scope": {
"$ref": "#/components/schemas/ConnectionScopeOIDC"
},
"send_back_channel_nonce": {
"$ref": "#/components/schemas/ConnectionSendBackChannelNonce"
},
"set_user_root_attributes": {
"$ref": "#/components/schemas/ConnectionSetUserRootAttributesEnum"
},
"tenant_domain": {
"$ref": "#/components/schemas/ConnectionTenantDomain"
},
"token_endpoint": {
"$ref": "#/components/schemas/ConnectionTokenEndpointOIDC"
},
"token_endpoint_auth_method": {
"$ref": "#/components/schemas/ConnectionTokenEndpointAuthMethodEnum"
},
"token_endpoint_auth_signing_alg": {
"$ref": "#/components/schemas/ConnectionTokenEndpointAuthSigningAlgEnum"
},
"token_endpoint_jwtca_aud_format": {
"$ref": "#/components/schemas/ConnectionTokenEndpointJwtcaAudFormatEnumOIDC"
},
"upstream_params": {
"$ref": "#/components/schemas/ConnectionUpstreamParams"
},
"userinfo_endpoint": {
"$ref": "#/components/schemas/ConnectionUserinfoEndpointOIDC"
}
},
"additionalProperties": true,
"required": [
"client_id"
]
},
"ConnectionOptionsCommonSAML": {
"description": "Common options for SAML-based enterprise connections (shared by samlp and pingfederate).",
"type": "object",
"properties": {
"assertion_decryption_settings": {
"$ref": "#/components/schemas/ConnectionAssertionDecryptionSettings"
},
"cert": {
"$ref": "#/components/schemas/ConnectionSigningCertificateDerSAML"
},
"decryptionKey": {
"$ref": "#/components/schemas/ConnectionDecryptionKeySAML"
},
"digestAlgorithm": {
"$ref": "#/components/schemas/ConnectionDigestAlgorithmSAML"
},
"domain_aliases": {
"$ref": "#/components/schemas/ConnectionDomainAliasesSAML"
},
"entityId": {
"$ref": "#/components/schemas/ConnectionEntityIdSAML"
},
"icon_url": {
"$ref": "#/components/schemas/ConnectionIconUrlSAML"
},
"idpinitiated": {
"$ref": "#/components/schemas/ConnectionOptionsIdpinitiatedSAML"
},
"protocolBinding": {
"$ref": "#/components/schemas/ConnectionProtocolBindingSAML"
},
"set_user_root_attributes": {
"$ref": "#/components/schemas/ConnectionSetUserRootAttributesEnum"
},
"signInEndpoint": {
"$ref": "#/components/schemas/ConnectionSignInEndpointSAML"
},
"signSAMLRequest": {
"$ref": "#/components/schemas/ConnectionSignSAMLRequestSAML"
},
"signatureAlgorithm": {
"$ref": "#/components/schemas/ConnectionSignatureAlgorithmSAML"
},
"tenant_domain": {
"$ref": "#/components/schemas/ConnectionTenantDomainSAML"
},
"thumbprints": {
"$ref": "#/components/schemas/ConnectionThumbprintsSAML"
},
"upstream_params": {
"$ref": "#/components/schemas/ConnectionUpstreamParams"
}
}
},
"ConnectionOptionsCustom": {
"description": "Options for 'custom' connections",
"type": "object",
"additionalProperties": true,
"properties": {}
},
"ConnectionOptionsDaccount": {
"description": "Options for the 'daccount' connection",
"type": "object",
"additionalProperties": true,
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsOAuth2Common"
},
{
"type": "object",
"properties": {}
}
]
},
"ConnectionOptionsDeflateSAML": {
"description": "When true, enables DEFLATE compression for SAML requests sent via HTTP-Redirect binding.",
"type": "boolean"
},
"ConnectionOptionsDropbox": {
"description": "Options for the 'dropbox' connection",
"type": "object",
"additionalProperties": true,
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsOAuth2Common"
},
{
"type": "object",
"properties": {}
}
]
},
"ConnectionOptionsDwolla": {
"description": "Options for the 'dwolla' connection",
"type": "object",
"additionalProperties": true,
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsOAuth2Common"
},
{
"type": "object",
"properties": {}
}
]
},
"ConnectionOptionsEmail": {
"description": "Options for the 'email' connection",
"type": "object",
"allOf": [
{
"properties": {
"authParams": {
"$ref": "#/components/schemas/ConnectionAuthParamsEmail"
},
"brute_force_protection": {
"$ref": "#/components/schemas/ConnectionBruteForceProtection"
},
"disable_signup": {
"$ref": "#/components/schemas/ConnectionDisableSignup"
},
"email": {
"$ref": "#/components/schemas/ConnectionEmailEmail"
},
"name": {
"type": "string",
"description": "Connection name",
"minLength": 3,
"maxLength": 128
},
"totp": {
"$ref": "#/components/schemas/ConnectionTotpEmail"
}
},
"required": [
"brute_force_protection",
"email",
"name"
]
},
{
"$ref": "#/components/schemas/ConnectionOptionsCommon"
}
],
"additionalProperties": true
},
"ConnectionOptionsEvernote": {
"description": "Options for the evernote family of connections",
"type": "object",
"additionalProperties": true,
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsOAuth1Common"
},
{
"type": "object",
"properties": {}
}
]
},
"ConnectionOptionsExact": {
"description": "Options for the 'exact' connection",
"type": "object",
"additionalProperties": true,
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsCommon"
},
{
"type": "object",
"properties": {
"baseUrl": {
"$ref": "#/components/schemas/ConnectionBaseUrlExact"
},
"client_id": {
"$ref": "#/components/schemas/ConnectionClientIdExact"
},
"client_secret": {
"$ref": "#/components/schemas/ConnectionClientSecretExact"
},
"profile": {
"description": "Enables retrieval of basic profile attributes from Exact Online including name, username, picture, email, gender, and language.",
"type": "boolean"
},
"set_user_root_attributes": {
"$ref": "#/components/schemas/ConnectionSetUserRootAttributesEnum"
},
"upstream_params": {
"$ref": "#/components/schemas/ConnectionUpstreamParams"
}
}
}
]
},
"ConnectionOptionsFacebook": {
"description": "Options for the 'facebook' connection",
"type": "object",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsCommon"
},
{
"type": "object",
"properties": {
"client_id": {
"$ref": "#/components/schemas/ConnectionClientIdFacebook"
},
"client_secret": {
"$ref": "#/components/schemas/ConnectionClientSecretFacebook"
},
"freeform_scopes": {
"$ref": "#/components/schemas/ConnectionScopeArrayFacebook"
},
"upstream_params": {
"$ref": "#/components/schemas/ConnectionUpstreamParamsFacebook"
},
"scope": {
"$ref": "#/components/schemas/ConnectionScopeFacebook"
},
"set_user_root_attributes": {
"$ref": "#/components/schemas/ConnectionSetUserRootAttributesEnum"
}
}
},
{
"type": "object",
"properties": {
"ads_management": {
"default": false,
"description": "Grants permission to both read and manage ads for ad accounts you own or have been granted access to by the owner. By default, your app may only access ad accounts owned by admins of the app when in developer mode.",
"type": "boolean"
},
"ads_read": {
"default": false,
"description": "Grants access to the Ads Insights API to pull ads report information for ad accounts you own or have been granted access to by the owner of other ad accounts.",
"type": "boolean"
},
"allow_context_profile_field": {
"default": false,
"deprecated": true,
"description": "Provides access to a social context. Deprecated on April 30th, 2019.",
"type": "boolean",
"x-release-lifecycle": "deprecated"
},
"business_management": {
"default": false,
"description": "Grants permission to read and write with the Business Manager API.",
"type": "boolean"
},
"email": {
"default": false,
"description": "Grants permission to access a person's primary email address.",
"type": "boolean"
},
"groups_access_member_info": {
"default": false,
"description": "Grants permission to publicly available group member information.",
"type": "boolean"
},
"leads_retrieval": {
"default": false,
"description": "Grants permission to retrieve all the information captured within a lead.",
"type": "boolean"
},
"manage_notifications": {
"default": false,
"deprecated": true,
"description": "Enables your app to read a person's notifications and mark them as read. This permission does not let you send notifications to a person. Deprecated in Graph API v2.3.",
"type": "boolean",
"x-release-lifecycle": "deprecated"
},
"manage_pages": {
"default": false,
"description": "Grants permission to retrieve Page Access Tokens for the Pages and Apps that the person administers. Apps need both manage_pages and publish_pages to be able to publish as a Page.",
"type": "boolean"
},
"pages_manage_cta": {
"default": false,
"description": "Allows the app to perform POST and DELETE operations on endpoints used for managing a Page's Call To Action buttons.",
"type": "boolean"
},
"pages_manage_instant_articles": {
"default": false,
"description": "Grants permission to manage Instant Articles on behalf of Facebook Pages administered by people using your app.",
"type": "boolean"
},
"pages_messaging": {
"default": false,
"description": "Grants permission to send and receive messages through a Facebook Page.",
"type": "boolean"
},
"pages_messaging_phone_number": {
"default": false,
"description": "Grants permission to use the phone number messaging feature.",
"type": "boolean"
},
"pages_messaging_subscriptions": {
"default": false,
"description": "Grants permission to send messages using Facebook Pages at any time after the first user interaction. Your app may only send advertising or promotional content through sponsored messages or within 24 hours of user interaction.",
"type": "boolean"
},
"pages_show_list": {
"default": false,
"description": "Grants access to show the list of the Pages that a person manages.",
"type": "boolean"
},
"public_profile": {
"default": true,
"description": "Provides access to a user's public profile information including id, first_name, last_name, middle_name, name, name_format, picture, and short_name. This is the most basic permission and is required by Facebook.",
"type": "boolean"
},
"publish_actions": {
"default": false,
"deprecated": true,
"description": "Allows your app to publish to the Open Graph using Built-in Actions, Achievements, Scores, or Custom Actions. Deprecated on August 1st, 2018.",
"type": "boolean",
"x-release-lifecycle": "deprecated"
},
"publish_pages": {
"default": false,
"description": "Grants permission to publish posts, comments, and like Pages managed by a person using your app. Your app must also have manage_pages to publish as a Page.",
"type": "boolean"
},
"publish_to_groups": {
"default": false,
"description": "Grants permission to post content into a group on behalf of a user who has granted the app this permission.",
"type": "boolean"
},
"publish_video": {
"default": false,
"description": "Grants permission to publish live videos to the app User's timeline.",
"type": "boolean"
},
"read_audience_network_insights": {
"default": false,
"description": "Grants read-only access to the Audience Network Insights data for Apps the person owns.",
"type": "boolean"
},
"read_insights": {
"default": false,
"description": "Grants read-only access to the Insights data for Pages, Apps, and web domains the person owns.",
"type": "boolean"
},
"read_mailbox": {
"default": false,
"deprecated": true,
"description": "Provides the ability to read the messages in a person's Facebook Inbox through the inbox edge and the thread node. Deprecated in Graph API v2.3.",
"type": "boolean",
"x-release-lifecycle": "deprecated"
},
"read_page_mailboxes": {
"default": false,
"description": "Grants permission to read from the Page Inboxes of the Pages managed by a person. This permission is often used alongside the manage_pages permission.",
"type": "boolean"
},
"read_stream": {
"default": false,
"deprecated": true,
"description": "Provides access to read the posts in a person's News Feed, or the posts on their Profile. Deprecated in Graph API v2.3.",
"type": "boolean",
"x-release-lifecycle": "deprecated"
},
"user_age_range": {
"default": false,
"description": "Grants permission to access a person's age range.",
"type": "boolean"
},
"user_birthday": {
"default": false,
"description": "Grants permission to access a person's birthday.",
"type": "boolean"
},
"user_events": {
"default": false,
"description": "Grants read-only access to the Events a person is a host of or has RSVPed to. This permission is restricted to a limited set of partners and usage requires prior approval by Facebook.",
"type": "boolean"
},
"user_friends": {
"default": false,
"description": "Grants permission to access a list of friends that also use said app. This permission is restricted to a limited set of partners and usage requires prior approval by Facebook.",
"type": "boolean"
},
"user_gender": {
"default": false,
"description": "Grants permission to access a person's gender.",
"type": "boolean"
},
"user_groups": {
"default": false,
"deprecated": true,
"description": "Enables your app to read the Groups a person is a member of through the groups edge on the User object. Deprecated in Graph API v2.3.",
"type": "boolean",
"x-release-lifecycle": "deprecated"
},
"user_hometown": {
"default": false,
"description": "Grants permission to access a person's hometown location set in their User Profile.",
"type": "boolean"
},
"user_likes": {
"default": false,
"description": "Grants permission to access the list of all Facebook Pages that a person has liked.",
"type": "boolean"
},
"user_link": {
"default": false,
"description": "Grants permission to access the Facebook Profile URL of the user of your app.",
"type": "boolean"
},
"user_location": {
"default": false,
"description": "Provides access to a person's current city through the location field on the User object. The current city is set by a person on their Profile.",
"type": "boolean"
},
"user_managed_groups": {
"default": false,
"deprecated": true,
"description": "Enables your app to read the Groups a person is an admin of through the groups edge on the User object. Deprecated in Graph API v3.0.",
"type": "boolean",
"x-release-lifecycle": "deprecated"
},
"user_photos": {
"default": false,
"description": "Provides access to the photos a person has uploaded or been tagged in. This permission is restricted to a limited set of partners and usage requires prior approval by Facebook.",
"type": "boolean"
},
"user_posts": {
"default": false,
"description": "Provides access to the posts on a person's Timeline including their own posts, posts they are tagged in, and posts other people make on their Timeline. This permission is restricted to a limited set of partners and usage requires prior approval by Facebook.",
"type": "boolean"
},
"user_status": {
"default": false,
"deprecated": true,
"description": "Provides access to a person's statuses. These are posts on Facebook which don't include links, videos or photos. Deprecated in Graph API v2.3.",
"type": "boolean",
"x-release-lifecycle": "deprecated"
},
"user_tagged_places": {
"default": false,
"description": "Provides access to the Places a person has been tagged at in photos, videos, statuses and links. This permission is restricted to a limited set of partners and usage requires prior approval by Facebook.",
"type": "boolean"
},
"user_videos": {
"default": false,
"description": "Provides access to the videos a person has uploaded or been tagged in. This permission is restricted to a limited set of partners and usage requires prior approval by Facebook.",
"type": "boolean"
}
}
}
],
"additionalProperties": true
},
"ConnectionOptionsFitbit": {
"description": "Options for the 'fitbit' connection",
"type": "object",
"additionalProperties": true,
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsOAuth2Common"
},
{
"type": "object",
"properties": {}
}
]
},
"ConnectionOptionsFreeformScopesGithub": {
"description": "Array of custom OAuth 2.0 scopes to request from GitHub during authentication. Use this to request scopes not covered by the predefined scope options.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionScopeArray"
}
]
},
"ConnectionOptionsGitHub": {
"description": "Options for the 'github' connection",
"type": "object",
"additionalProperties": true,
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsCommon"
},
{
"type": "object",
"properties": {
"client_id": {
"$ref": "#/components/schemas/ConnectionOptionsClientIdGithub"
},
"client_secret": {
"$ref": "#/components/schemas/ConnectionOptionsClientSecretGithub"
},
"freeform_scopes": {
"$ref": "#/components/schemas/ConnectionOptionsFreeformScopesGithub"
},
"scope": {
"$ref": "#/components/schemas/ConnectionOptionsScopeGithub"
},
"set_user_root_attributes": {
"$ref": "#/components/schemas/ConnectionSetUserRootAttributesEnum"
},
"upstream_params": {
"$ref": "#/components/schemas/ConnectionUpstreamParams"
}
}
},
{
"type": "object",
"properties": {
"admin_org": {
"type": "boolean",
"default": false,
"description": "Requests the GitHub admin:org scope so Auth0 can fully manage organizations, teams, and memberships on behalf of the user."
},
"admin_public_key": {
"type": "boolean",
"default": false,
"description": "Requests the admin:public_key scope to allow creating, updating, and deleting the user's SSH public keys."
},
"admin_repo_hook": {
"type": "boolean",
"default": false,
"description": "Requests the admin:repo_hook scope so Auth0 can read, write, ping, and delete repository webhooks."
},
"delete_repo": {
"type": "boolean",
"default": false,
"description": "Requests the delete_repo scope so the user can remove repositories they administer while signing in through Auth0."
},
"email": {
"type": "boolean",
"default": false,
"description": "Requests the user:email scope so Auth0 pulls addresses from GitHub's /user/emails endpoint and populates the profile."
},
"follow": {
"type": "boolean",
"default": false,
"description": "Requests the user:follow scope to allow following or unfollowing GitHub users for the signed-in account."
},
"gist": {
"type": "boolean",
"default": false,
"description": "Requests the gist scope so the application can create or update gists on behalf of the user."
},
"notifications": {
"type": "boolean",
"default": false,
"description": "Requests the notifications scope to read GitHub inbox notifications; repo also implicitly grants this access."
},
"profile": {
"default": true,
"description": "Controls the GitHub read:user call that returns the user's basic profile (name, avatar, profile URL) and is on by default for successful logins.",
"type": "boolean"
},
"public_repo": {
"type": "boolean",
"default": false,
"description": "Requests the public_repo scope for read and write operations on public repositories, deployments, and statuses."
},
"read_org": {
"type": "boolean",
"default": false,
"description": "Requests the read:org scope so Auth0 can view organizations, teams, and membership lists without making changes."
},
"read_public_key": {
"type": "boolean",
"default": false,
"description": "Requests the read:public_key scope so Auth0 can list and inspect the user's SSH public keys."
},
"read_repo_hook": {
"type": "boolean",
"default": false,
"description": "Requests the read:repo_hook scope to read and ping repository webhooks."
},
"read_user": {
"type": "boolean",
"default": false,
"description": "Requests the read:user scope to load extended profile information, implicitly covering user:email and user:follow."
},
"repo": {
"type": "boolean",
"default": false,
"description": "Requests the repo scope for read and write access to both public and private repositories, deployments, and statuses."
},
"repo_deployment": {
"type": "boolean",
"default": false,
"description": "Requests the repo_deployment scope in order to read and write deployment statuses for repositories."
},
"repo_status": {
"type": "boolean",
"default": false,
"description": "Requests the repo:status scope to manage commit statuses on public and private repositories."
},
"write_org": {
"type": "boolean",
"default": false,
"description": "Requests the write:org scope so Auth0 can change whether organization memberships are publicized."
},
"write_public_key": {
"type": "boolean",
"default": false,
"description": "Requests the write:public_key scope to create or update SSH public keys for the user."
},
"write_repo_hook": {
"type": "boolean",
"default": false,
"description": "Requests the write:repo_hook scope so Auth0 can read, create, update, and ping repository webhooks."
}
}
}
]
},
"ConnectionOptionsGoogleApps": {
"description": "Options for the 'google-apps' connection",
"type": "object",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsCommon"
},
{
"type": "object",
"required": [
"client_id"
],
"properties": {
"admin_access_token": {
"$ref": "#/components/schemas/ConnectionAdminAccessTokenGoogleApps"
},
"admin_access_token_expiresin": {
"$ref": "#/components/schemas/ConnectionAdminAccessTokenExpiresInGoogleApps"
},
"admin_refresh_token": {
"$ref": "#/components/schemas/ConnectionAdminRefreshTokenGoogleApps"
},
"allow_setting_login_scopes": {
"type": "boolean",
"description": "When true, allows customization of OAuth scopes requested during user login. Custom scopes are appended to the mandatory email and profile scopes. When false or omitted, only the default email and profile scopes are used. This property is automatically enabled when Token Vault or Connected Accounts features are activated.",
"default": false
},
"api_enable_groups": {
"$ref": "#/components/schemas/ConnectionApiEnableGroupsGoogleApps"
},
"api_enable_users": {
"$ref": "#/components/schemas/ConnectionApiEnableUsersGoogleApps"
},
"client_id": {
"$ref": "#/components/schemas/ConnectionClientIdGoogleApps"
},
"client_secret": {
"$ref": "#/components/schemas/ConnectionClientSecretGoogleApps"
},
"domain": {
"$ref": "#/components/schemas/ConnectionDomainGoogleApps"
},
"domain_aliases": {
"$ref": "#/components/schemas/ConnectionDomainAliases"
},
"email": {
"type": "boolean",
"description": "Whether the OAuth flow requests the `email` scope.",
"default": true
},
"ext_agreed_terms": {
"$ref": "#/components/schemas/ConnectionExtAgreedTermsGoogleApps"
},
"ext_groups": {
"$ref": "#/components/schemas/ConnectionExtGroupsGoogleApps"
},
"ext_groups_extended": {
"type": "boolean",
"description": "Controls whether enriched group entries include `id`, `email`, `name` (true) or only the group name (false); can only be set when `ext_groups` is true.",
"default": true
},
"ext_is_admin": {
"$ref": "#/components/schemas/ConnectionExtIsAdminGoogleApps"
},
"ext_is_suspended": {
"$ref": "#/components/schemas/ConnectionExtIsSuspendedGoogleApps"
},
"federated_connections_access_tokens": {
"$ref": "#/components/schemas/ConnectionFederatedConnectionsAccessTokens"
},
"handle_login_from_social": {
"$ref": "#/components/schemas/ConnectionHandleLoginFromSocialGoogleApps"
},
"icon_url": {
"$ref": "#/components/schemas/ConnectionIconUrlGoogleApps"
},
"map_user_id_to_id": {
"type": "boolean",
"description": "Determines how Auth0 generates the user_id for Google Workspace users. When false (default), the user's email address is used. When true, Google's stable numeric user ID is used instead, which persists even if the user's email changes. This setting can only be configured when creating the connection and cannot be changed afterward.",
"default": false
},
"profile": {
"type": "boolean",
"description": "Whether the OAuth flow requests the `profile` scope.",
"default": true
},
"scope": {
"$ref": "#/components/schemas/ConnectionScopeGoogleApps"
},
"set_user_root_attributes": {
"$ref": "#/components/schemas/ConnectionSetUserRootAttributesEnum"
},
"tenant_domain": {
"$ref": "#/components/schemas/ConnectionTenantDomainGoogleApps"
},
"upstream_params": {
"$ref": "#/components/schemas/ConnectionUpstreamParams"
}
}
}
],
"additionalProperties": true
},
"ConnectionOptionsGoogleOAuth2": {
"description": "Options for the 'google-oauth2' connection",
"type": "object",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsCommon"
},
{
"type": "object",
"properties": {
"allowed_audiences": {
"$ref": "#/components/schemas/ConnectionAllowedAudiencesGoogleOAuth2"
},
"client_id": {
"$ref": "#/components/schemas/ConnectionClientIdGoogleOAuth2"
},
"client_secret": {
"$ref": "#/components/schemas/ConnectionClientSecretGoogleOAuth2"
},
"freeform_scopes": {
"$ref": "#/components/schemas/ConnectionFreeformScopesGoogleOAuth2"
},
"icon_url": {
"$ref": "#/components/schemas/ConnectionIconUrlGoogleOAuth2"
},
"scope": {
"$ref": "#/components/schemas/ConnectionScopeGoogleOAuth2"
},
"set_user_root_attributes": {
"$ref": "#/components/schemas/ConnectionSetUserRootAttributesEnum"
},
"upstream_params": {
"$ref": "#/components/schemas/ConnectionUpstreamParams"
}
}
},
{
"type": "object",
"properties": {
"adsense_management": {
"type": "boolean",
"description": "View and manage user's ad applications, ad units, and channels in AdSense"
},
"analytics": {
"type": "boolean",
"description": "View user's configuration information and reports"
},
"blogger": {
"type": "boolean",
"description": "View and manage user's posts and blogs on Blogger and Blogger comments"
},
"calendar": {
"type": "boolean",
"description": "See, edit, share, and permanently delete all the calendars you can access using Google Calendar"
},
"calendar_addons_execute": {
"type": "boolean",
"description": "Run as a Calendar add-on"
},
"calendar_events": {
"type": "boolean",
"description": "View and edit events on all your calendars"
},
"calendar_events_readonly": {
"type": "boolean",
"description": "View events on all your calendars"
},
"calendar_settings_readonly": {
"type": "boolean",
"description": "View your Calendar settings"
},
"chrome_web_store": {
"type": "boolean",
"description": "Read access to user's chrome web store"
},
"contacts": {
"type": "boolean",
"description": "Full access to the authenticated user's contacts"
},
"contacts_new": {
"type": "boolean",
"description": "Full access to the authenticated user's contacts"
},
"contacts_other_readonly": {
"type": "boolean",
"description": "Read-only access to the authenticated user's 'Other contacts'"
},
"contacts_readonly": {
"type": "boolean",
"description": "Read-only access to the authenticated user's contacts"
},
"content_api_for_shopping": {
"type": "boolean",
"description": "View and manage user's products, feeds, and subaccounts"
},
"coordinate": {
"type": "boolean",
"description": "Grants read and write access to the Coordinate API"
},
"coordinate_readonly": {
"type": "boolean",
"description": "Grants read access to the Coordinate API"
},
"directory_readonly": {
"type": "boolean",
"description": "Read-only access to the authenticated user's corporate directory (if applicable)"
},
"document_list": {
"type": "boolean",
"description": "Access to Google Docs document list feed"
},
"drive": {
"type": "boolean",
"description": "Full access to all files and folders in the user's Google Drive"
},
"drive_activity": {
"type": "boolean",
"description": "View and add to the activity record of files in your Drive"
},
"drive_activity_readonly": {
"type": "boolean",
"description": "View the activity record of files in your Drive"
},
"drive_appdata": {
"type": "boolean",
"description": "Access to the application's configuration data in the user's Google Drive"
},
"drive_apps_readonly": {
"type": "boolean",
"description": "View apps authorized to access your Drive"
},
"drive_file": {
"type": "boolean",
"description": "Access to files created or opened by the app"
},
"drive_metadata": {
"type": "boolean",
"description": "Access to file metadata, including listing files and folders"
},
"drive_metadata_readonly": {
"type": "boolean",
"description": "Read-only access to file metadata"
},
"drive_photos_readonly": {
"type": "boolean",
"description": "Read-only access to the user's Google Photos"
},
"drive_readonly": {
"type": "boolean",
"description": "Read-only access to all files and folders in the user's Google Drive"
},
"drive_scripts": {
"type": "boolean",
"description": "Modify the behavior of Google Apps Scripts"
},
"email": {
"type": "boolean",
"description": "Email and verified email flag"
},
"gmail": {
"type": "boolean",
"description": "Full access to the account's mailboxes, including permanent deletion of threads and messages"
},
"gmail_compose": {
"type": "boolean",
"description": "Read all resources and their metadata—no write operations"
},
"gmail_insert": {
"type": "boolean",
"description": "Insert and import messages only"
},
"gmail_labels": {
"type": "boolean",
"description": "Create, read, update, and delete labels only"
},
"gmail_metadata": {
"type": "boolean",
"description": "Read resources metadata including labels, history records, and email message headers, but not the message body or attachments"
},
"gmail_modify": {
"type": "boolean",
"description": "All read/write operations except immediate, permanent deletion of threads and messages, bypassing Trash"
},
"gmail_new": {
"type": "boolean",
"description": "Full access to the account's mailboxes, including permanent deletion of threads and messages"
},
"gmail_readonly": {
"type": "boolean",
"description": "Read all resources and their metadata—no write operations"
},
"gmail_send": {
"type": "boolean",
"description": "Send messages only. No read or modify privileges on mailbox"
},
"gmail_settings_basic": {
"type": "boolean",
"description": "Manage basic mail settings"
},
"gmail_settings_sharing": {
"type": "boolean",
"description": "Manage sensitive mail settings, including forwarding rules and aliases. Note: Operations guarded by this scope are restricted to administrative use only"
},
"google_affiliate_network": {
"type": "boolean",
"description": "View and manage user's publisher data in the Google Affiliate Network"
},
"google_books": {
"type": "boolean",
"description": "View and manage user's books and library in Google Books"
},
"google_cloud_storage": {
"type": "boolean",
"description": "View and manage user's data stored in Google Cloud Storage"
},
"google_drive": {
"type": "boolean",
"description": "Full access to all files and folders in the user's Google Drive"
},
"google_drive_files": {
"type": "boolean",
"description": "Access to files created or opened by the app"
},
"google_plus": {
"type": "boolean",
"description": "Associate user with its public Google profile"
},
"latitude_best": {
"type": "boolean",
"description": "View and manage user's best-available current location and location history in Google Latitude"
},
"latitude_city": {
"type": "boolean",
"description": "View and manage user's city-level current location and location history in Google Latitude"
},
"moderator": {
"type": "boolean",
"description": "View and manage user's votes, topics, and submissions"
},
"offline_access": {
"type": "boolean",
"description": "Request a refresh token when the user authorizes your application"
},
"orkut": {
"type": "boolean",
"description": "View and manage user's friends, applications and profile and status"
},
"picasa_web": {
"type": "boolean",
"description": "View and manage user's Google photos, videos, photo and video tags and comments"
},
"profile": {
"type": "boolean",
"description": "Name, public profile URL, photo, country, language, and timezone"
},
"sites": {
"type": "boolean",
"description": "View and manage user's sites on Google Sites"
},
"tasks": {
"type": "boolean",
"description": "Full access to create, edit, organize, and delete all your tasks"
},
"tasks_readonly": {
"type": "boolean",
"description": "Read-only access to view your tasks and task lists"
},
"url_shortener": {
"type": "boolean",
"description": "View, manage and view statistics user's short URLs"
},
"webmaster_tools": {
"type": "boolean",
"description": "View and manage user's sites and messages, view keywords"
},
"youtube": {
"type": "boolean",
"description": "Manage your YouTube account"
},
"youtube_channelmemberships_creator": {
"type": "boolean",
"description": "See a list of your current active channel members, their current level, and when they became a member"
},
"youtube_new": {
"type": "boolean",
"description": "Manage your YouTube account"
},
"youtube_readonly": {
"type": "boolean",
"description": "View your YouTube account"
},
"youtube_upload": {
"type": "boolean",
"description": "Manage your YouTube videos"
},
"youtubepartner": {
"type": "boolean",
"description": "View and manage your assets and associated content on YouTube"
}
}
}
],
"additionalProperties": true
},
"ConnectionOptionsIP": {
"description": "Options for the 'ip' connection",
"type": "object",
"additionalProperties": true,
"properties": {},
"x-release-lifecycle": "deprecated"
},
"ConnectionOptionsIdpInitiatedClientProtocolEnumSAML": {
"description": "The response protocol used to communicate with the default application.",
"type": "string",
"enum": [
"oidc",
"samlp",
"wsfed"
]
},
"ConnectionOptionsIdpinitiatedSAML": {
"description": "Configuration for IdP-Initiated SAML Single Sign-On. When enabled, allows users to initiate login directly from their SAML identity provider without first visiting Auth0. The IdP must include the connection parameter in the post-back URL (Assertion Consumer Service URL).",
"type": "object",
"properties": {
"client_authorizequery": {
"description": "The query string sent to the default application",
"type": "string",
"minLength": 1,
"maxLength": 2048
},
"client_id": {
"description": "The client ID to use for IdP-initiated login requests.",
"type": "string",
"minLength": 1,
"maxLength": 256
},
"client_protocol": {
"$ref": "#/components/schemas/ConnectionClientProtocolSAML"
},
"enabled": {
"description": "When true, enables IdP-initiated login support for this SAML connection. Allows users to log in directly from the identity provider without first visiting Auth0.",
"type": "boolean"
}
},
"additionalProperties": false,
"maxProperties": 6
},
"ConnectionOptionsInstagram": {
"description": "Options for the 'instagram' connection",
"type": "object",
"additionalProperties": true,
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsOAuth2Common"
},
{
"type": "object",
"properties": {}
}
],
"x-release-lifecycle": "deprecated"
},
"ConnectionOptionsLine": {
"description": "Options for the 'line' connection",
"type": "object",
"additionalProperties": true,
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsCommon"
},
{
"type": "object",
"properties": {
"client_id": {
"$ref": "#/components/schemas/ConnectionClientIdLine"
},
"client_secret": {
"$ref": "#/components/schemas/ConnectionClientSecretLine"
},
"freeform_scopes": {
"$ref": "#/components/schemas/ConnectionScopeArray"
},
"scope": {
"$ref": "#/components/schemas/ConnectionScopeArray"
},
"set_user_root_attributes": {
"$ref": "#/components/schemas/ConnectionSetUserRootAttributesEnum"
},
"upstream_params": {
"$ref": "#/components/schemas/ConnectionUpstreamParams"
}
}
},
{
"type": "object",
"properties": {
"email": {
"description": "Permission to request the user's email address from LINE. When enabled, adds the 'email' scope to OAuth requests. Note: LINE requires special approval to access user email addresses.",
"type": "boolean",
"default": false
},
"profile": {
"description": "Permission to request the user's basic profile information from LINE. When enabled, adds the 'profile' scope to OAuth requests. LINE requires this scope to retrieve user display name, profile picture, and status message.",
"type": "boolean",
"const": true
}
}
}
]
},
"ConnectionOptionsLinkedin": {
"description": "Options for the 'linkedin' connection",
"type": "object",
"additionalProperties": true,
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsCommon"
},
{
"type": "object",
"properties": {
"client_id": {
"$ref": "#/components/schemas/ConnectionClientIdLinkedin"
},
"client_secret": {
"$ref": "#/components/schemas/ConnectionClientSecretLinkedin"
},
"freeform_scopes": {
"$ref": "#/components/schemas/ConnectionFreeformScopesLinkedin"
},
"scope": {
"$ref": "#/components/schemas/ConnectionScopeLinkedin"
},
"set_user_root_attributes": {
"$ref": "#/components/schemas/ConnectionSetUserRootAttributesEnum"
},
"strategy_version": {
"description": "The strategy_version property determines which LinkedIn API version and OAuth scopes are used for authentication. Version 1 uses legacy scopes (r_basicprofile, r_fullprofile, r_network), Version 2 uses updated scopes (r_liteprofile, r_basicprofile), and Version 3 uses OpenID Connect scopes (profile, email, openid). If not specified, the connection defaults to Version 3.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionStrategyVersionEnumLinkedin"
}
]
},
"upstream_params": {
"$ref": "#/components/schemas/ConnectionUpstreamParams"
}
}
},
{
"type": "object",
"properties": {
"basic_profile": {
"type": "boolean",
"default": false,
"description": "Request the LinkedIn lite profile scope (r_liteprofile) to retrieve member id, localized first/last name, and profile picture. Off by default."
},
"email": {
"type": "boolean",
"default": false,
"description": "Request the email address scope (r_emailaddress) to return the member's primary email. Off by default."
},
"full_profile": {
"type": "boolean",
"default": false,
"description": "Request the legacy full profile scope (r_fullprofile) for extended attributes. Deprecated by LinkedIn; use only if enabled for your app. Off by default."
},
"network": {
"type": "boolean",
"default": false,
"description": "Request legacy network access (first-degree connections). Deprecated by LinkedIn and typically unavailable to new apps. Off by default."
},
"openid": {
"type": "boolean",
"const": true,
"description": "Request OpenID Connect authentication support (openid scope). When enabled, the connection will request the 'openid' scope from LinkedIn, allowing the use of OpenID Connect flows for authentication and enabling the issuance of ID tokens. This is off by default and should only be enabled if your LinkedIn application is configured for OpenID Connect."
},
"profile": {
"type": "boolean",
"const": true,
"description": "Always-true flag that ensures the LinkedIn profile scope (r_basicprofile/r_liteprofile/profile) is requested."
}
}
}
]
},
"ConnectionOptionsOAuth1": {
"description": "Options for the 'oauth1' connection",
"type": "object",
"additionalProperties": true,
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsCommon"
},
{
"type": "object",
"properties": {
"accessTokenURL": {
"$ref": "#/components/schemas/ConnectionAccessTokenURLOAuth1"
},
"client_id": {
"$ref": "#/components/schemas/ConnectionClientIdOAuth1"
},
"client_secret": {
"$ref": "#/components/schemas/ConnectionClientSecretOAuth1"
},
"requestTokenURL": {
"$ref": "#/components/schemas/ConnectionRequestTokenURLOAuth1"
},
"scripts": {
"$ref": "#/components/schemas/ConnectionScriptsOAuth1"
},
"signatureMethod": {
"$ref": "#/components/schemas/ConnectionSignatureMethodOAuth1"
},
"upstream_params": {
"$ref": "#/components/schemas/ConnectionUpstreamParams"
},
"userAuthorizationURL": {
"$ref": "#/components/schemas/ConnectionUserAuthorizationURLOAuth1"
}
}
}
]
},
"ConnectionOptionsOAuth1Common": {
"allOf": [
{
"type": "object",
"properties": {
"client_id": {
"type": "string",
"description": "OAuth 1.0 client identifier issued by the identity provider during application registration. This value identifies your Auth0 connection to the identity provider.",
"minLength": 0
},
"client_secret": {
"type": "string",
"description": "OAuth 1.0 client secret issued by the identity provider during application registration. Used to authenticate your Auth0 connection when signing requests and exchanging request tokens and verifiers for access tokens. May be null for public clients.",
"minLength": 0
},
"set_user_root_attributes": {
"$ref": "#/components/schemas/ConnectionSetUserRootAttributesEnum"
},
"upstream_params": {
"$ref": "#/components/schemas/ConnectionUpstreamParams"
}
}
},
{
"$ref": "#/components/schemas/ConnectionOptionsCommon"
}
]
},
"ConnectionOptionsOAuth2": {
"description": "Options for the 'oauth2' connection",
"type": "object",
"allOf": [
{
"type": "object",
"properties": {
"authParams": {
"$ref": "#/components/schemas/ConnectionAuthParamsOAuth2"
},
"authParamsMap": {
"$ref": "#/components/schemas/ConnectionAuthParamsMap"
},
"authorizationURL": {
"$ref": "#/components/schemas/ConnectionAuthorizationEndpointOAuth2"
},
"client_id": {
"$ref": "#/components/schemas/ConnectionClientIdOAuth2"
},
"client_secret": {
"$ref": "#/components/schemas/ConnectionClientSecretOAuth2"
},
"customHeaders": {
"$ref": "#/components/schemas/ConnectionCustomHeadersOAuth2"
},
"fieldsMap": {
"$ref": "#/components/schemas/ConnectionFieldsMap"
},
"icon_url": {
"$ref": "#/components/schemas/ConnectionIconUrl"
},
"logoutUrl": {
"$ref": "#/components/schemas/ConnectionEndSessionEndpointOAuth2"
},
"pkce_enabled": {
"type": "boolean",
"description": "When true, enables Proof Key for Code Exchange (PKCE) for the authorization code flow. PKCE provides additional security by preventing authorization code interception attacks."
},
"scope": {
"$ref": "#/components/schemas/ConnectionScopeOAuth2"
},
"scripts": {
"$ref": "#/components/schemas/ConnectionScriptsOAuth2"
},
"set_user_root_attributes": {
"$ref": "#/components/schemas/ConnectionSetUserRootAttributesEnum"
},
"tokenURL": {
"$ref": "#/components/schemas/ConnectionTokenEndpointOAuth2"
},
"upstream_params": {
"$ref": "#/components/schemas/ConnectionUpstreamParams"
},
"useOauthSpecScope": {
"type": "boolean",
"description": "When true, uses space-delimited scopes (per OAuth 2.0 spec) instead of comma-delimited when calling the identity provider's authorization endpoint. Only relevant when using the connection_scope parameter. See https://auth0.com/docs/authenticate/identity-providers/adding-scopes-for-an-external-idp#pass-scopes-to-authorize-endpoint"
}
}
},
{
"$ref": "#/components/schemas/ConnectionOptionsCommon"
}
],
"additionalProperties": true
},
"ConnectionOptionsOAuth2Common": {
"allOf": [
{
"type": "object",
"properties": {
"client_id": {
"$ref": "#/components/schemas/ConnectionClientId"
},
"client_secret": {
"$ref": "#/components/schemas/ConnectionClientSecret"
},
"scope": {
"$ref": "#/components/schemas/ConnectionScopeOAuth2"
},
"set_user_root_attributes": {
"$ref": "#/components/schemas/ConnectionSetUserRootAttributesEnum"
},
"upstream_params": {
"$ref": "#/components/schemas/ConnectionUpstreamParams"
}
}
},
{
"$ref": "#/components/schemas/ConnectionOptionsCommon"
}
]
},
"ConnectionOptionsOIDC": {
"description": "Options for the 'oidc' connection",
"type": "object",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsCommonOIDC"
},
{
"type": "object",
"properties": {
"attribute_map": {
"$ref": "#/components/schemas/ConnectionAttributeMapOIDC"
},
"discovery_url": {
"$ref": "#/components/schemas/ConnectionDiscoveryUrl"
},
"type": {
"$ref": "#/components/schemas/ConnectionTypeEnumOIDC"
}
}
},
{
"$ref": "#/components/schemas/ConnectionOptionsCommon"
}
],
"additionalProperties": true
},
"ConnectionOptionsOIDCMetadata": {
"description": "OpenID Connect Provider Metadata as per https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata",
"type": "object",
"properties": {
"acr_values_supported": {
"$ref": "#/components/schemas/ConnectionAcrValuesSupported"
},
"authorization_endpoint": {
"$ref": "#/components/schemas/ConnectionAuthorizationEndpoint"
},
"claim_types_supported": {
"$ref": "#/components/schemas/ConnectionClaimTypesSupported"
},
"claims_locales_supported": {
"$ref": "#/components/schemas/ConnectionClaimsLocalesSupported"
},
"claims_parameter_supported": {
"$ref": "#/components/schemas/ConnectionClaimsParameterSupported"
},
"claims_supported": {
"$ref": "#/components/schemas/ConnectionClaimsSupported"
},
"display_values_supported": {
"$ref": "#/components/schemas/ConnectionDisplayValuesSupported"
},
"dpop_signing_alg_values_supported": {
"$ref": "#/components/schemas/ConnectionDpopSigningAlgValuesSupported"
},
"end_session_endpoint": {
"$ref": "#/components/schemas/ConnectionEndSessionEndpoint"
},
"grant_types_supported": {
"$ref": "#/components/schemas/ConnectionGrantTypesSupported"
},
"id_token_encryption_alg_values_supported": {
"$ref": "#/components/schemas/ConnectionIdTokenEncryptionAlgValuesSupported"
},
"id_token_encryption_enc_values_supported": {
"$ref": "#/components/schemas/ConnectionIdTokenEncryptionEncValuesSupported"
},
"id_token_signing_alg_values_supported": {
"$ref": "#/components/schemas/ConnectionIdTokenSigningAlgValuesSupported"
},
"issuer": {
"$ref": "#/components/schemas/ConnectionIssuer"
},
"jwks_uri": {
"$ref": "#/components/schemas/ConnectionJwksUri"
},
"op_policy_uri": {
"$ref": "#/components/schemas/ConnectionOpPolicyUri"
},
"op_tos_uri": {
"$ref": "#/components/schemas/ConnectionOpTosUri"
},
"registration_endpoint": {
"$ref": "#/components/schemas/ConnectionRegistrationEndpoint"
},
"request_object_encryption_alg_values_supported": {
"$ref": "#/components/schemas/ConnectionRequestObjectEncryptionAlgValuesSupported"
},
"request_object_encryption_enc_values_supported": {
"$ref": "#/components/schemas/ConnectionRequestObjectEncryptionEncValuesSupported"
},
"request_object_signing_alg_values_supported": {
"$ref": "#/components/schemas/ConnectionRequestObjectSigningAlgValuesSupported"
},
"request_parameter_supported": {
"$ref": "#/components/schemas/ConnectionRequestParameterSupported"
},
"request_uri_parameter_supported": {
"$ref": "#/components/schemas/ConnectionRequestUriParameterSupported"
},
"require_request_uri_registration": {
"$ref": "#/components/schemas/ConnectionRequireRequestUriRegistration"
},
"response_modes_supported": {
"$ref": "#/components/schemas/ConnectionResponseModesSupported"
},
"response_types_supported": {
"$ref": "#/components/schemas/ConnectionResponseTypesSupported"
},
"scopes_supported": {
"$ref": "#/components/schemas/ConnectionScopesSupported"
},
"service_documentation": {
"$ref": "#/components/schemas/ConnectionServiceDocumentation"
},
"subject_types_supported": {
"$ref": "#/components/schemas/ConnectionSubjectTypesSupported"
},
"token_endpoint": {
"$ref": "#/components/schemas/ConnectionTokenEndpoint"
},
"token_endpoint_auth_methods_supported": {
"$ref": "#/components/schemas/ConnectionTokenEndpointAuthMethodsSupported"
},
"token_endpoint_auth_signing_alg_values_supported": {
"$ref": "#/components/schemas/ConnectionTokenEndpointAuthSigningAlgValuesSupported"
},
"ui_locales_supported": {
"$ref": "#/components/schemas/ConnectionUiLocalesSupported"
},
"userinfo_encryption_alg_values_supported": {
"$ref": "#/components/schemas/ConnectionUserinfoEncryptionAlgValuesSupported"
},
"userinfo_encryption_enc_values_supported": {
"$ref": "#/components/schemas/ConnectionUserinfoEncryptionEncValuesSupported"
},
"userinfo_endpoint": {
"$ref": "#/components/schemas/ConnectionUserinfoEndpoint"
},
"userinfo_signing_alg_values_supported": {
"$ref": "#/components/schemas/ConnectionUserinfoSigningAlgValuesSupported"
}
},
"required": [
"authorization_endpoint",
"id_token_signing_alg_values_supported",
"issuer",
"jwks_uri"
],
"additionalProperties": true
},
"ConnectionOptionsOffice365": {
"description": "Options for the 'office365' connection",
"type": "object",
"additionalProperties": true,
"properties": {
"client_id": {
"$ref": "#/components/schemas/ConnectionClientId"
},
"client_secret": {
"$ref": "#/components/schemas/ConnectionClientSecret"
}
}
},
"ConnectionOptionsOkta": {
"description": "Options for the 'okta' connection",
"type": "object",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsCommon"
},
{
"$ref": "#/components/schemas/ConnectionOptionsCommonOIDC"
},
{
"type": "object",
"properties": {
"attribute_map": {
"$ref": "#/components/schemas/ConnectionAttributeMapOkta"
},
"domain": {
"$ref": "#/components/schemas/ConnectionDomainOkta"
},
"type": {
"$ref": "#/components/schemas/ConnectionTypeEnumOkta"
}
}
}
],
"additionalProperties": true
},
"ConnectionOptionsPaypal": {
"description": "Options for the 'paypal' and 'paypal-sandbox' connections",
"type": "object",
"additionalProperties": true,
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsCommon"
},
{
"type": "object",
"properties": {
"client_id": {
"$ref": "#/components/schemas/ConnectionClientIdPaypal"
},
"client_secret": {
"$ref": "#/components/schemas/ConnectionClientSecretPaypal"
},
"freeform_scopes": {
"$ref": "#/components/schemas/ConnectionFreeformScopesPaypal"
},
"scope": {
"$ref": "#/components/schemas/ConnectionScopePaypal"
},
"set_user_root_attributes": {
"$ref": "#/components/schemas/ConnectionSetUserRootAttributesEnum"
}
}
},
{
"type": "object",
"properties": {
"address": {
"type": "boolean",
"description": "When enabled, requests the 'address' scope from PayPal to access the user's address information.",
"default": false
},
"email": {
"type": "boolean",
"description": "When enabled, requests the 'email' scope from PayPal to access the user's email address.",
"default": false
},
"phone": {
"type": "boolean",
"description": "When enabled, requests the 'phone' scope from PayPal to access the user's phone number.",
"default": false
},
"profile": {
"type": "boolean",
"description": "When enabled, requests the 'profile' scope from PayPal to access basic profile information including first name, last name, date of birth, time zone, locale, and language. This scope is always enabled by the system.",
"const": true
}
}
}
]
},
"ConnectionOptionsPingFederate": {
"description": "Options for the 'pingfederate' connection",
"type": "object",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsCommonSAML"
},
{
"$ref": "#/components/schemas/ConnectionOptionsCommon"
},
{
"type": "object",
"properties": {
"pingFederateBaseUrl": {
"$ref": "#/components/schemas/ConnectionPingFederateBaseUrl"
},
"signingCert": {
"$ref": "#/components/schemas/ConnectionSigningCertificatePemPingFederate"
}
},
"required": [
"pingFederateBaseUrl"
]
}
],
"additionalProperties": true
},
"ConnectionOptionsPlanningCenter": {
"description": "Options for the 'planningcenter' connection",
"type": "object",
"additionalProperties": true,
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsOAuth2Common"
},
{
"type": "object",
"properties": {}
}
]
},
"ConnectionOptionsProtocolEnumTwitter": {
"description": "Allowed protocol identifiers for Twitter connections. Use oauth1 for the legacy v1.1 OAuth flow or oauth2 for the newer OAuth 2.0 flow.",
"type": "string",
"enum": [
"oauth1",
"oauth2"
]
},
"ConnectionOptionsSAML": {
"description": "Options for the 'samlp' connection",
"type": "object",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsCommonSAML"
},
{
"$ref": "#/components/schemas/ConnectionOptionsCommon"
},
{
"type": "object",
"properties": {
"debug": {
"$ref": "#/components/schemas/ConnectionDebugSAML"
},
"deflate": {
"$ref": "#/components/schemas/ConnectionOptionsDeflateSAML"
},
"destinationUrl": {
"$ref": "#/components/schemas/ConnectionDestinationUrlSAML"
},
"disableSignout": {
"description": "When true, disables sending SAML logout requests (SingleLogoutService) to the identity provider during user sign-out. The user will be logged out of Auth0 but will remain logged into the identity provider. Defaults to false (federated logout enabled).",
"type": "boolean"
},
"fieldsMap": {
"$ref": "#/components/schemas/ConnectionFieldsMapSAML"
},
"global_token_revocation_jwt_iss": {
"$ref": "#/components/schemas/ConnectionGlobalTokenRevocationJwtIssSAML"
},
"global_token_revocation_jwt_sub": {
"$ref": "#/components/schemas/ConnectionGlobalTokenRevocationJwtSubSAML"
},
"metadataUrl": {
"$ref": "#/components/schemas/ConnectionMetadataUrlSAML"
},
"metadataXml": {
"$ref": "#/components/schemas/ConnectionMetadataXmlSAML"
},
"recipientUrl": {
"$ref": "#/components/schemas/ConnectionRecipientUrlSAML"
},
"requestTemplate": {
"$ref": "#/components/schemas/ConnectionRequestTemplateSAML"
},
"signingCert": {
"$ref": "#/components/schemas/ConnectionSigningCertSAML"
},
"signing_key": {
"$ref": "#/components/schemas/ConnectionSigningKeySAML"
},
"signOutEndpoint": {
"$ref": "#/components/schemas/ConnectionSignOutEndpointSAML"
},
"user_id_attribute": {
"$ref": "#/components/schemas/ConnectionUserIdAttributeSAML"
}
}
}
],
"additionalProperties": true
},
"ConnectionOptionsSMS": {
"description": "Options for the 'sms' connection",
"type": "object",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsCommon"
},
{
"type": "object",
"properties": {
"brute_force_protection": {
"type": "boolean",
"description": "Whether brute force protection is enabled"
},
"disable_signup": {
"$ref": "#/components/schemas/ConnectionDisableSignupSMS"
},
"forward_req_info": {
"$ref": "#/components/schemas/ConnectionForwardReqInfoSMS"
},
"from": {
"$ref": "#/components/schemas/ConnectionFromSMS"
},
"gateway_authentication": {
"$ref": "#/components/schemas/ConnectionGatewayAuthenticationSMS"
},
"gateway_url": {
"$ref": "#/components/schemas/ConnectionGatewayUrlSMS"
},
"messaging_service_sid": {
"$ref": "#/components/schemas/ConnectionMessagingServiceSidSMS"
},
"name": {
"description": "Connection name",
"type": "string",
"minLength": 1,
"maxLength": 255
},
"provider": {
"$ref": "#/components/schemas/ConnectionProviderSMS"
},
"syntax": {
"$ref": "#/components/schemas/ConnectionTemplateSyntaxEnumSMS"
},
"template": {
"$ref": "#/components/schemas/ConnectionTemplateSMS"
},
"totp": {
"$ref": "#/components/schemas/ConnectionTotpSMS"
},
"twilio_sid": {
"$ref": "#/components/schemas/ConnectionTwilioSidSMS"
},
"twilio_token": {
"$ref": "#/components/schemas/ConnectionTwilioTokenSMS"
}
}
}
],
"additionalProperties": true
},
"ConnectionOptionsSalesforce": {
"description": "Options for the salesforce family of connections (salesforce, salesforce-sandbox, salesforce-community)",
"type": "object",
"additionalProperties": true,
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsCommon"
},
{
"type": "object",
"properties": {
"client_id": {
"$ref": "#/components/schemas/ConnectionClientIdSalesforce"
},
"client_secret": {
"$ref": "#/components/schemas/ConnectionClientSecretSalesforce"
},
"freeform_scopes": {
"$ref": "#/components/schemas/ConnectionFreeformScopesSalesforce"
},
"profile": {
"description": "When enabled, requests the Salesforce profile scope to retrieve basic user information including user_id, organization_id, username, display_name, email, status, photos, and URLs.",
"type": "boolean",
"default": true
},
"scope": {
"$ref": "#/components/schemas/ConnectionScopeSalesforce"
},
"set_user_root_attributes": {
"$ref": "#/components/schemas/ConnectionSetUserRootAttributesEnum"
},
"upstream_params": {
"$ref": "#/components/schemas/ConnectionUpstreamParams"
}
}
}
]
},
"ConnectionOptionsSalesforceCommunity": {
"description": "Options for the 'salesforce-community' connection",
"type": "object",
"additionalProperties": true,
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsSalesforce"
},
{
"type": "object",
"properties": {
"community_base_url": {
"$ref": "#/components/schemas/ConnectionCommunityBaseUrlSalesforce"
}
}
}
]
},
"ConnectionOptionsScopeGithub": {
"description": "Scope options for GitHub connections.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionScopeArray"
}
]
},
"ConnectionOptionsScopeTwitter": {
"description": "Array of OAuth 2.0 scopes to request from Twitter during authentication. Use this to request scopes not covered by the predefined scope options.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionScopeArray"
}
]
},
"ConnectionOptionsSharepoint": {
"description": "Options for the 'sharepoint' connection",
"type": "object",
"additionalProperties": true,
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsOAuth2Common"
},
{
"type": "object",
"properties": {}
}
],
"x-release-lifecycle": "deprecated"
},
"ConnectionOptionsShop": {
"description": "Options for the 'shop' connection",
"type": "object",
"additionalProperties": true,
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsOAuth2Common"
},
{
"type": "object",
"properties": {}
}
]
},
"ConnectionOptionsShopify": {
"description": "Options for the 'shopify' connection",
"type": "object",
"additionalProperties": true,
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsOAuth2Common"
},
{
"type": "object",
"properties": {}
}
]
},
"ConnectionOptionsSoundcloud": {
"description": "Options for the 'soundcloud' connection",
"type": "object",
"additionalProperties": true,
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsOAuth2Common"
},
{
"type": "object",
"properties": {}
}
],
"x-release-lifecycle": "deprecated"
},
"ConnectionOptionsThirtySevenSignals": {
"description": "Options for the 'thirtysevensignals' connection",
"type": "object",
"additionalProperties": true,
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsOAuth2Common"
},
{
"type": "object",
"properties": {}
}
]
},
"ConnectionOptionsTwitter": {
"description": "Options for the 'twitter' connection",
"type": "object",
"additionalProperties": true,
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsCommon"
},
{
"type": "object",
"properties": {
"client_id": {
"$ref": "#/components/schemas/ConnectionOptionsClientIdTwitter"
},
"client_secret": {
"$ref": "#/components/schemas/ConnectionOptionsClientSecretTwitter"
},
"freeform_scopes": {
"$ref": "#/components/schemas/ConnectionScopeArray"
},
"protocol": {
"$ref": "#/components/schemas/ConnectionOptionsProtocolEnumTwitter"
},
"scope": {
"$ref": "#/components/schemas/ConnectionOptionsScopeTwitter"
},
"set_user_root_attributes": {
"$ref": "#/components/schemas/ConnectionSetUserRootAttributesEnum"
},
"upstream_params": {
"$ref": "#/components/schemas/ConnectionUpstreamParams"
}
}
},
{
"type": "object",
"properties": {
"offline_access": {
"type": "boolean",
"description": "Request long-lived refresh tokens so your app can act on behalf of users even when they’re not actively signed in. Typical Twitter use case: keeping a background service synced without forcing users to reauthorize every session."
},
"profile": {
"type": "boolean",
"const": true,
"description": "Pull account profile metadata such as display name, bio, location, and URL so downstream apps can prefill or personalize user experiences."
},
"tweet_read": {
"type": "boolean",
"const": true,
"description": "Allow the application to read a user’s public and protected Tweets—required for timelines, analytics, or moderation workflows."
},
"users_read": {
"type": "boolean",
"const": true,
"description": "Read non-Tweet user information (e.g., followers/following, account settings) to power relationship graphs or audience insights."
}
}
}
]
},
"ConnectionOptionsUntappd": {
"description": "Options for the 'untappd' connection",
"type": "object",
"additionalProperties": true,
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsOAuth2Common"
},
{
"type": "object",
"properties": {}
}
],
"x-release-lifecycle": "deprecated"
},
"ConnectionOptionsVkontakte": {
"description": "Options for the 'vkontakte' connection",
"type": "object",
"additionalProperties": true,
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsOAuth2Common"
},
{
"type": "object",
"properties": {}
}
]
},
"ConnectionOptionsWeibo": {
"description": "Options for the 'weibo' connection",
"type": "object",
"additionalProperties": true,
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsOAuth2Common"
},
{
"type": "object",
"properties": {}
}
]
},
"ConnectionOptionsWindowsLive": {
"description": "Options for the 'windowslive' connection",
"type": "object",
"additionalProperties": true,
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsCommon"
},
{
"type": "object",
"properties": {
"client_id": {
"$ref": "#/components/schemas/ConnectionClientIdWindowsLive"
},
"client_secret": {
"$ref": "#/components/schemas/ConnectionClientSecretWindowsLive"
},
"freeform_scopes": {
"$ref": "#/components/schemas/ConnectionFreeformScopesWindowsLive"
},
"scope": {
"$ref": "#/components/schemas/ConnectionScopeArrayWindowsLive"
},
"set_user_root_attributes": {
"$ref": "#/components/schemas/ConnectionSetUserRootAttributesEnum"
},
"strategy_version": {
"$ref": "#/components/schemas/ConnectionStrategyVersionEnumWindowsLive"
},
"upstream_params": {
"$ref": "#/components/schemas/ConnectionUpstreamParams"
}
}
},
{
"type": "object",
"properties": {
"applications": {
"type": "boolean",
"description": "When enabled, requests access to user's applications."
},
"applications_create": {
"type": "boolean",
"description": "When enabled, requests permission to create applications."
},
"basic": {
"type": "boolean",
"description": "When enabled, requests read access to user's basic profile information and contacts list."
},
"birthday": {
"type": "boolean",
"description": "When enabled, requests read access to user's birth day, month, and year."
},
"calendars": {
"type": "boolean",
"description": "When enabled, requests read access to user's calendars and events."
},
"calendars_update": {
"type": "boolean",
"description": "When enabled, requests read and write access to user's calendars and events."
},
"contacts_birthday": {
"type": "boolean",
"description": "When enabled, requests read access to contacts' birth day and birth month."
},
"contacts_calendars": {
"type": "boolean",
"description": "When enabled, requests read access to user's calendars and shared calendars/events from others."
},
"contacts_create": {
"type": "boolean",
"description": "When enabled, requests permission to create new contacts in user's address book."
},
"contacts_photos": {
"type": "boolean",
"description": "When enabled, requests read access to user's and shared albums, photos, videos, and audio."
},
"contacts_skydrive": {
"type": "boolean",
"description": "When enabled, requests read access to OneDrive files shared by other users."
},
"directory_accessasuser_all": {
"type": "boolean",
"description": "When enabled, allows the app to have the same access to information in the directory as the signed-in user."
},
"directory_read_all": {
"type": "boolean",
"description": "When enabled, allows the app to read data in your organization's directory, such as users, groups, and apps."
},
"directory_readwrite_all": {
"type": "boolean",
"description": "When enabled, allows the app to read and write data in your organization's directory, such as users and groups."
},
"emails": {
"type": "boolean",
"description": "When enabled, requests read access to personal, preferred, and business email addresses."
},
"events_create": {
"type": "boolean",
"description": "When enabled, requests permission to create events on user's default calendar."
},
"graph_calendars": {
"description": "When enabled, requests permission to read the user's calendars.",
"type": "boolean"
},
"graph_calendars_update": {
"description": "When enabled, requests permission to read and write the user's calendars.",
"type": "boolean"
},
"graph_contacts": {
"description": "When enabled, requests permission to read the user's contacts.",
"type": "boolean"
},
"graph_contacts_update": {
"description": "When enabled, requests permission to read and write the user's contacts.",
"type": "boolean"
},
"graph_device": {
"description": "When enabled, requests permission to read the user's device information.",
"type": "boolean"
},
"graph_device_command": {
"description": "When enabled, requests permission to send commands to the user's devices.",
"type": "boolean"
},
"graph_emails": {
"description": "When enabled, requests permission to read the user's emails.",
"type": "boolean"
},
"graph_emails_update": {
"description": "When enabled, requests permission to read and write the user's emails.",
"type": "boolean"
},
"graph_files": {
"description": "When enabled, requests permission to read the user's files.",
"type": "boolean"
},
"graph_files_all": {
"description": "When enabled, requests permission to read all files the user has access to.",
"type": "boolean"
},
"graph_files_all_update": {
"description": "When enabled, requests permission to read and write all files the user has access to.",
"type": "boolean"
},
"graph_files_update": {
"description": "When enabled, requests permission to read and write the user's files.",
"type": "boolean"
},
"graph_notes": {
"description": "When enabled, requests permission to read the user's OneNote notebooks.",
"type": "boolean"
},
"graph_notes_create": {
"description": "When enabled, requests permission to create new OneNote notebooks.",
"type": "boolean"
},
"graph_notes_update": {
"description": "When enabled, requests permission to read and write the user's OneNote notebooks.",
"type": "boolean"
},
"graph_tasks": {
"description": "When enabled, requests permission to read the user's tasks.",
"type": "boolean"
},
"graph_tasks_update": {
"description": "When enabled, requests permission to read and write the user's tasks.",
"type": "boolean"
},
"graph_user": {
"description": "When enabled, requests permission to read the user's profile.",
"type": "boolean"
},
"graph_user_activity": {
"description": "When enabled, requests permission to read the user's activity history.",
"type": "boolean"
},
"graph_user_update": {
"description": "When enabled, requests permission to read and write the user's profile.",
"type": "boolean"
},
"group_read_all": {
"type": "boolean",
"description": "When enabled, allows the app to read all group properties and memberships."
},
"group_readwrite_all": {
"type": "boolean",
"description": "When enabled, allows the app to create groups, read all group properties and memberships, update group properties and memberships, and delete groups."
},
"mail_readwrite_all": {
"type": "boolean",
"description": "When enabled, allows the app to create, read, update, and delete all mail in all mailboxes."
},
"mail_send": {
"type": "boolean",
"description": "When enabled, allows the app to send mail as users in the organization."
},
"messenger": {
"type": "boolean",
"description": "When enabled, requests access to user's Windows Live Messenger data."
},
"offline_access": {
"description": "When enabled, requests a refresh token for offline access.",
"type": "boolean"
},
"phone_numbers": {
"type": "boolean",
"description": "When enabled, requests read access to personal, business, and mobile phone numbers."
},
"photos": {
"type": "boolean",
"description": "When enabled, requests read access to user's photos, videos, audio, and albums."
},
"postal_addresses": {
"type": "boolean",
"description": "When enabled, requests read access to personal and business postal addresses."
},
"rolemanagement_read_all": {
"type": "boolean",
"description": "When enabled, allows the app to read the role-based access control (RBAC) settings for your company's directory."
},
"rolemanagement_readwrite_directory": {
"type": "boolean",
"description": "When enabled, allows the app to read and write the role-based access control (RBAC) settings for your company's directory."
},
"share": {
"type": "boolean",
"description": "When enabled, requests permission to share content with other users."
},
"signin": {
"description": "When enabled, provides single sign-in behavior for users already signed into their Microsoft account.",
"type": "boolean",
"const": true
},
"sites_read_all": {
"type": "boolean",
"description": "When enabled, allows the app to read documents and list items in all SharePoint site collections."
},
"sites_readwrite_all": {
"type": "boolean",
"description": "When enabled, allows the app to create, read, update, and delete documents and list items in all SharePoint site collections."
},
"skydrive": {
"type": "boolean",
"description": "When enabled, requests read access to user's files stored on OneDrive."
},
"skydrive_update": {
"type": "boolean",
"description": "When enabled, requests read and write access to user's OneDrive files."
},
"team_readbasic_all": {
"type": "boolean",
"description": "When enabled, allows the app to read the names and descriptions of all teams."
},
"team_readwrite_all": {
"type": "boolean",
"description": "When enabled, allows the app to read and write all teams' information and change team membership."
},
"user_read_all": {
"type": "boolean",
"description": "When enabled, allows the app to read the full set of profile properties, reports, and managers of all users."
},
"user_readbasic_all": {
"type": "boolean",
"description": "When enabled, allows the app to read a basic set of profile properties of all users in the directory."
},
"work_profile": {
"type": "boolean",
"description": "When enabled, requests read access to employer and work position information."
}
}
}
]
},
"ConnectionOptionsWordpress": {
"description": "Options for the 'wordpress' connection",
"type": "object",
"additionalProperties": true,
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsOAuth2Common"
},
{
"type": "object",
"properties": {}
}
]
},
"ConnectionOptionsYahoo": {
"description": "Options for the 'yahoo' connection",
"type": "object",
"additionalProperties": true,
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsOAuth2Common"
},
{
"type": "object",
"properties": {}
}
]
},
"ConnectionOptionsYandex": {
"description": "Options for the 'yandex' connection",
"type": "object",
"additionalProperties": true,
"allOf": [
{
"$ref": "#/components/schemas/ConnectionOptionsOAuth2Common"
},
{
"type": "object",
"properties": {}
}
]
},
"ConnectionPasskeyAuthenticationMethod": {
"type": "object",
"description": "Passkey authentication enablement",
"additionalProperties": false,
"properties": {
"enabled": {
"type": "boolean",
"description": "Determines whether passkeys are enabled"
}
}
},
"ConnectionPasskeyChallengeUIEnum": {
"type": "string",
"description": "Controls the UI used to challenge the user for their passkey.",
"enum": [
"both",
"autofill",
"button"
]
},
"ConnectionPasskeyOptions": {
"type": [
"object",
"null"
],
"description": "Options for the passkey authentication method",
"additionalProperties": false,
"properties": {
"challenge_ui": {
"$ref": "#/components/schemas/ConnectionPasskeyChallengeUIEnum"
},
"progressive_enrollment_enabled": {
"type": "boolean",
"description": "Enables or disables progressive enrollment of passkeys for the connection."
},
"local_enrollment_enabled": {
"type": "boolean",
"description": "Enables or disables enrollment prompt for local passkey when user authenticates using a cross-device passkey for the connection."
}
}
},
"ConnectionPasswordAuthenticationMethod": {
"type": "object",
"description": "Password authentication enablement",
"additionalProperties": false,
"properties": {
"enabled": {
"type": "boolean",
"description": "Determines whether passwords are enabled"
},
"api_behavior": {
"$ref": "#/components/schemas/ConnectionApiBehaviorEnum",
"x-release-lifecycle": "EA"
},
"signup_behavior": {
"$ref": "#/components/schemas/ConnectionSignupBehaviorEnum",
"x-release-lifecycle": "EA"
}
}
},
"ConnectionPasswordComplexityOptions": {
"type": [
"object",
"null"
],
"description": "Password complexity options",
"additionalProperties": false,
"properties": {
"min_length": {
"type": "integer",
"description": "Minimum password length",
"minimum": 1,
"maximum": 128
}
}
},
"ConnectionPasswordDictionaryOptions": {
"type": [
"object",
"null"
],
"description": "Options for password dictionary policy",
"additionalProperties": false,
"required": [
"enable"
],
"properties": {
"enable": {
"type": "boolean"
},
"dictionary": {
"type": "array",
"description": "Custom Password Dictionary. An array of up to 200 entries.",
"items": {
"type": "string",
"description": "Custom Password Dictionary entry. 50 characters max.",
"maxLength": 50
}
}
}
},
"ConnectionPasswordHistoryOptions": {
"type": [
"object",
"null"
],
"description": "Options for password history policy",
"additionalProperties": false,
"required": [
"enable"
],
"properties": {
"enable": {
"type": "boolean"
},
"size": {
"type": "integer",
"minimum": 0,
"maximum": 24
}
}
},
"ConnectionPasswordNoPersonalInfoOptions": {
"type": [
"object",
"null"
],
"description": "Options for personal info in passwords policy",
"additionalProperties": false,
"required": [
"enable"
],
"properties": {
"enable": {
"type": "boolean"
}
}
},
"ConnectionPasswordOptions": {
"type": "object",
"description": "Password policy options for flexible password policy configuration",
"additionalProperties": false,
"x-release-lifecycle": "EA",
"properties": {
"complexity": {
"$ref": "#/components/schemas/ConnectionPasswordOptionsComplexity"
},
"dictionary": {
"$ref": "#/components/schemas/ConnectionPasswordOptionsDictionary"
},
"history": {
"$ref": "#/components/schemas/ConnectionPasswordOptionsHistory"
},
"profile_data": {
"$ref": "#/components/schemas/ConnectionPasswordOptionsProfileData"
}
}
},
"ConnectionPasswordOptionsComplexity": {
"type": "object",
"description": "Password complexity requirements configuration",
"additionalProperties": false,
"properties": {
"min_length": {
"type": "integer",
"description": "Minimum password length required (1-72 characters)",
"minimum": 1,
"maximum": 72
},
"character_types": {
"type": "array",
"description": "Required character types that must be present in passwords. Valid options: uppercase, lowercase, number, special",
"items": {
"$ref": "#/components/schemas/PasswordCharacterTypeEnum"
}
},
"character_type_rule": {
"$ref": "#/components/schemas/PasswordCharacterTypeRulePolicyEnum"
},
"identical_characters": {
"$ref": "#/components/schemas/PasswordIdenticalCharactersPolicyEnum"
},
"sequential_characters": {
"$ref": "#/components/schemas/PasswordSequentialCharactersPolicyEnum"
},
"max_length_exceeded": {
"$ref": "#/components/schemas/PasswordMaxLengthExceededPolicyEnum"
}
}
},
"ConnectionPasswordOptionsDictionary": {
"type": "object",
"description": "Dictionary-based password restriction policy to prevent common passwords",
"additionalProperties": false,
"properties": {
"active": {
"type": "boolean",
"description": "Enables dictionary checking to prevent use of common passwords and custom blocked words"
},
"custom": {
"type": "array",
"description": "Array of custom words to block in passwords. Maximum 200 items, each up to 50 characters",
"items": {
"type": "string",
"maxLength": 50
}
},
"default": {
"$ref": "#/components/schemas/PasswordDefaultDictionariesEnum"
}
}
},
"ConnectionPasswordOptionsHistory": {
"type": "object",
"description": "Password history policy configuration to prevent password reuse",
"additionalProperties": false,
"properties": {
"active": {
"type": "boolean",
"description": "Enables password history checking to prevent users from reusing recent passwords"
},
"size": {
"type": "integer",
"description": "Number of previous passwords to remember and prevent reuse (1-24)",
"minimum": 1,
"maximum": 24
}
}
},
"ConnectionPasswordOptionsProfileData": {
"type": "object",
"description": "Personal information restriction policy to prevent use of profile data in passwords",
"additionalProperties": false,
"properties": {
"active": {
"type": "boolean",
"description": "Prevents users from including profile data (like name, email) in their passwords"
},
"blocked_fields": {
"type": "array",
"description": "Blocked profile fields. An array of up to 12 entries.",
"items": {
"type": "string",
"description": "Blocked profile fields entry. 100 characters max.",
"maxLength": 100
}
}
}
},
"ConnectionPasswordPolicyEnum": {
"type": [
"string",
"null"
],
"description": "Password strength level",
"enum": [
"none",
"low",
"fair",
"good",
"excellent",
null
]
},
"ConnectionPhoneOtpAuthenticationMethod": {
"type": "object",
"description": "Phone OTP authentication enablement",
"additionalProperties": false,
"x-release-lifecycle": "EA",
"properties": {
"enabled": {
"type": "boolean",
"description": "Determines whether phone OTP is enabled"
}
}
},
"ConnectionPingFederateBaseUrl": {
"description": "URL provided by PingFederate which returns information used for creating the connection",
"oneOf": [
{
"$ref": "#/components/schemas/ConnectionPingFederateBaseUrlPingFederate"
}
]
},
"ConnectionPingFederateBaseUrlPingFederate": {
"description": "PingFederate base URL constrained to HTTP/HTTPS with length bounds",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionHttpsUrlWithHttpFallback"
},
{
"type": "string",
"minLength": 1,
"maxLength": 256
}
]
},
"ConnectionProfile": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"$ref": "#/components/schemas/ConnectionProfileId"
},
"name": {
"$ref": "#/components/schemas/ConnectionProfileName"
},
"organization": {
"$ref": "#/components/schemas/ConnectionProfileOrganization"
},
"connection_name_prefix_template": {
"$ref": "#/components/schemas/ConnectionNamePrefixTemplate"
},
"enabled_features": {
"$ref": "#/components/schemas/ConnectionProfileEnabledFeatures"
},
"connection_config": {
"$ref": "#/components/schemas/ConnectionProfileConfig"
},
"strategy_overrides": {
"$ref": "#/components/schemas/ConnectionProfileStrategyOverrides"
}
}
},
"ConnectionProfileBitbucket": {
"description": "`profile` is a boolean that controls whether basic profile information (name, picture, email) is requested from Bitbucket during authentication. When `true`, the connection requests access to the user's basic profile data.",
"default": true,
"type": "boolean",
"const": true
},
"ConnectionProfileConfig": {
"type": "object",
"description": "Connection profile configuration.",
"additionalProperties": false,
"properties": {}
},
"ConnectionProfileEnabledFeatures": {
"type": "array",
"description": "Enabled features for the connection profile.",
"items": {
"$ref": "#/components/schemas/EnabledFeaturesEnum"
}
},
"ConnectionProfileId": {
"type": "string",
"description": "Connection Profile identifier.",
"format": "connection-profile-id"
},
"ConnectionProfileName": {
"type": "string",
"description": "The name of the connection profile.",
"minLength": 1,
"maxLength": 50
},
"ConnectionProfileOrganization": {
"type": "object",
"description": "The organization of the connection profile.",
"additionalProperties": false,
"properties": {
"show_as_button": {
"$ref": "#/components/schemas/ConnectionProfileOrganizationShowAsButtonEnum"
},
"assign_membership_on_login": {
"$ref": "#/components/schemas/ConnectionProfileOrganizationAssignMembershipOnLoginEnum"
}
}
},
"ConnectionProfileOrganizationAssignMembershipOnLoginEnum": {
"type": "string",
"description": "Indicates if membership should be assigned on login.",
"enum": [
"none",
"optional",
"required"
]
},
"ConnectionProfileOrganizationShowAsButtonEnum": {
"type": "string",
"description": "Indicates if the organization should be shown as a button.",
"enum": [
"none",
"optional",
"required"
]
},
"ConnectionProfileStrategyOverride": {
"type": "object",
"description": "Connection Profile Strategy Override",
"additionalProperties": false,
"properties": {
"enabled_features": {
"$ref": "#/components/schemas/ConnectionProfileStrategyOverridesEnabledFeatures"
},
"connection_config": {
"$ref": "#/components/schemas/ConnectionProfileStrategyOverridesConnectionConfig"
}
}
},
"ConnectionProfileStrategyOverrides": {
"type": "object",
"description": "Strategy-specific overrides for this attribute",
"additionalProperties": false,
"properties": {
"pingfederate": {
"$ref": "#/components/schemas/ConnectionProfileStrategyOverride"
},
"ad": {
"$ref": "#/components/schemas/ConnectionProfileStrategyOverride"
},
"adfs": {
"$ref": "#/components/schemas/ConnectionProfileStrategyOverride"
},
"waad": {
"$ref": "#/components/schemas/ConnectionProfileStrategyOverride"
},
"google-apps": {
"$ref": "#/components/schemas/ConnectionProfileStrategyOverride"
},
"okta": {
"$ref": "#/components/schemas/ConnectionProfileStrategyOverride"
},
"oidc": {
"$ref": "#/components/schemas/ConnectionProfileStrategyOverride"
},
"samlp": {
"$ref": "#/components/schemas/ConnectionProfileStrategyOverride"
}
}
},
"ConnectionProfileStrategyOverridesConnectionConfig": {
"type": "object",
"description": "Connection profile strategy overrides connection configuration.",
"additionalProperties": false,
"properties": {}
},
"ConnectionProfileStrategyOverridesEnabledFeatures": {
"type": "array",
"description": "Enabled features for a connections profile strategy override.",
"items": {
"$ref": "#/components/schemas/EnabledFeaturesEnum"
}
},
"ConnectionProfileTemplate": {
"type": "object",
"description": "The structure of the template, which can be used as the payload for creating or updating a Connection Profile.",
"additionalProperties": false,
"properties": {
"name": {
"$ref": "#/components/schemas/ConnectionProfileName"
},
"organization": {
"$ref": "#/components/schemas/ConnectionProfileOrganization"
},
"connection_name_prefix_template": {
"$ref": "#/components/schemas/ConnectionNamePrefixTemplate"
},
"enabled_features": {
"$ref": "#/components/schemas/ConnectionProfileEnabledFeatures"
},
"connection_config": {
"$ref": "#/components/schemas/ConnectionProfileConfig"
},
"strategy_overrides": {
"$ref": "#/components/schemas/ConnectionProfileStrategyOverrides"
}
}
},
"ConnectionProfileTemplateItem": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"type": "string",
"description": "The id of the template."
},
"display_name": {
"type": "string",
"description": "The user-friendly name of the template displayed in the UI."
},
"template": {
"$ref": "#/components/schemas/ConnectionProfileTemplate"
}
}
},
"ConnectionPropertiesOptions": {
"type": "object",
"description": "The connection's options (depend on the connection strategy)",
"additionalProperties": true,
"properties": {
"validation": {
"$ref": "#/components/schemas/ConnectionValidationOptions"
},
"non_persistent_attrs": {
"type": [
"array",
"null"
],
"description": "An array of user fields that should not be stored in the Auth0 database (https://auth0.com/docs/security/data-security/denylist)",
"items": {
"type": "string"
}
},
"precedence": {
"type": "array",
"description": "Order of precedence for attribute types. If the property is not specified, the default precedence of attributes will be used.",
"minItems": 3,
"items": {
"$ref": "#/components/schemas/ConnectionIdentifierPrecedenceEnum"
}
},
"attributes": {
"$ref": "#/components/schemas/ConnectionAttributes"
},
"enable_script_context": {
"type": "boolean",
"description": "Set to true to inject context into custom DB scripts (warning: cannot be disabled once enabled)"
},
"enabledDatabaseCustomization": {
"type": "boolean",
"description": "Set to true to use a legacy user store"
},
"import_mode": {
"type": "boolean",
"description": "Enable this if you have a legacy user store and you want to gradually migrate those users to the Auth0 user store"
},
"configuration": {
"type": [
"object",
"null"
],
"description": "Stores encrypted string only configurations for connections",
"additionalProperties": {
"type": [
"string",
"null"
]
}
},
"customScripts": {
"$ref": "#/components/schemas/ConnectionCustomScripts"
},
"authentication_methods": {
"$ref": "#/components/schemas/ConnectionAuthenticationMethods"
},
"passkey_options": {
"$ref": "#/components/schemas/ConnectionPasskeyOptions"
},
"passwordPolicy": {
"$ref": "#/components/schemas/ConnectionPasswordPolicyEnum"
},
"password_complexity_options": {
"$ref": "#/components/schemas/ConnectionPasswordComplexityOptions"
},
"password_history": {
"$ref": "#/components/schemas/ConnectionPasswordHistoryOptions"
},
"password_no_personal_info": {
"$ref": "#/components/schemas/ConnectionPasswordNoPersonalInfoOptions"
},
"password_dictionary": {
"$ref": "#/components/schemas/ConnectionPasswordDictionaryOptions"
},
"api_enable_users": {
"type": "boolean"
},
"api_enable_groups": {
"type": "boolean",
"x-release-lifecycle": "EA"
},
"basic_profile": {
"type": "boolean"
},
"ext_admin": {
"type": "boolean"
},
"ext_is_suspended": {
"type": "boolean"
},
"ext_agreed_terms": {
"type": "boolean"
},
"ext_groups": {
"type": "boolean"
},
"ext_assigned_plans": {
"type": "boolean"
},
"ext_profile": {
"type": "boolean"
},
"disable_self_service_change_password": {
"type": "boolean"
},
"upstream_params": {
"$ref": "#/components/schemas/ConnectionUpstreamParams"
},
"set_user_root_attributes": {
"$ref": "#/components/schemas/ConnectionSetUserRootAttributesEnum"
},
"gateway_authentication": {
"$ref": "#/components/schemas/ConnectionGatewayAuthentication"
},
"federated_connections_access_tokens": {
"$ref": "#/components/schemas/ConnectionFederatedConnectionsAccessTokens"
},
"password_options": {
"$ref": "#/components/schemas/ConnectionPasswordOptions",
"x-release-lifecycle": "EA"
},
"assertion_decryption_settings": {
"$ref": "#/components/schemas/ConnectionAssertionDecryptionSettings"
},
"id_token_signed_response_algs": {
"$ref": "#/components/schemas/ConnectionIdTokenSignedResponseAlgs"
},
"token_endpoint_auth_method": {
"$ref": "#/components/schemas/ConnectionTokenEndpointAuthMethodEnum"
},
"token_endpoint_auth_signing_alg": {
"$ref": "#/components/schemas/ConnectionTokenEndpointAuthSigningAlgEnum"
},
"token_endpoint_jwtca_aud_format": {
"$ref": "#/components/schemas/ConnectionTokenEndpointJwtcaAudFormatEnumOIDC"
}
}
},
"ConnectionProtocolBindingEnumSAML": {
"description": "Valid SAML protocol bindings",
"type": "string",
"enum": [
"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
]
},
"ConnectionProtocolBindingSAML": {
"description": "SAML protocol binding mechanism for sending authentication requests to the identity provider.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionProtocolBindingEnumSAML"
}
]
},
"ConnectionProviderEnumSMS": {
"description": "SMS provider values. Use 'sms_gateway' to use a custom SMS gateway instead of Twilio.",
"type": "string",
"enum": [
"sms_gateway",
"twilio"
]
},
"ConnectionProviderSMS": {
"description": "SMS provider. Set to 'sms_gateway' to use a custom SMS gateway instead of Twilio.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionProviderEnumSMS"
}
],
"x-release-lifecycle": "deprecated"
},
"ConnectionProvisioningTicketUrl": {
"description": "A ticket URL used for provisioning the connection",
"readOnly": true,
"type": "string",
"format": "uri",
"pattern": "^https:\\/\\/.*",
"minLength": 32,
"maxLength": 256
},
"ConnectionPurposes": {
"description": "Purposes for a connection",
"type": "object",
"properties": {
"authentication": {
"$ref": "#/components/schemas/ConnectionAuthenticationPurpose"
},
"connected_accounts": {
"$ref": "#/components/schemas/ConnectionConnectedAccountsPurpose"
}
}
},
"ConnectionRealmFallback": {
"type": "boolean",
"description": "Indicates whether to use realm fallback.",
"default": false
},
"ConnectionRealms": {
"type": "array",
"description": "Defines the realms for which the connection will be used (ie: email domains). If the array is empty or the property is not specified, the connection name will be added as realm.",
"items": {
"type": "string",
"description": "The realm where this connection belongs",
"format": "connection-realm"
},
"minItems": 0,
"maxItems": 10
},
"ConnectionRecipientUrlSAML": {
"description": "The URL where Auth0 will send SAML authentication requests (the Identity Provider's SSO URL). Must be a valid HTTPS URL.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionHttpsUrlWithHttpFallback255"
}
]
},
"ConnectionRegistrationEndpoint": {
"allOf": [
{
"description": "URL of the OPs Dynamic Client Registration Endpoint. RECOMMENDED but not REQUIRED. https://openid.net/specs/openid-connect-discovery-1_0.html#OpenID.Registration"
},
{
"$ref": "#/components/schemas/ConnectionHttpsUrlWithHttpFallback255"
}
]
},
"ConnectionRequestObjectEncryptionAlgValuesSupported": {
"type": "array",
"description": "JSON array containing a list of the JWE encryption algorithms (alg values) supported by the OP for Request Objects. These algorithms are used both when the Request Object is passed by value and when it is passed by reference.",
"minItems": 0,
"maxItems": 26,
"items": {
"type": "string",
"maxLength": 28
}
},
"ConnectionRequestObjectEncryptionEncValuesSupported": {
"type": "array",
"description": "JSON array containing a list of the JWE encryption algorithms (enc values) supported by the OP for Request Objects. These algorithms are used both when the Request Object is passed by value and when it is passed by reference.",
"minItems": 0,
"maxItems": 12,
"items": {
"type": "string",
"maxLength": 26
}
},
"ConnectionRequestObjectSigningAlgValuesSupported": {
"type": "array",
"description": "JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for Request Objects, which are described in Section 6.1 of OpenID Connect Core 1.0 [OpenID.Core]. These algorithms are used both when the Request Object is passed by value (using the request parameter) and when it is passed by reference (using the request_uri parameter). Servers SHOULD support none and RS256.",
"minItems": 0,
"maxItems": 26,
"items": {
"type": "string",
"maxLength": 10
}
},
"ConnectionRequestParameterSupported": {
"type": "boolean",
"description": "Boolean value specifying whether the OP supports use of the request parameter, with true indicating support. If omitted, the default value is false.",
"default": false
},
"ConnectionRequestTemplateSAML": {
"description": "Custom XML template for SAML authentication requests. Supports variable substitution using @@variableName@@ syntax. When not provided, uses default SAML AuthnRequest template. See https://auth0.com/docs/authenticate/protocols/saml/saml-sso-integrations/configure-auth0-saml-service-provider#customize-the-request-template",
"type": "string",
"minLength": 1,
"maxLength": 10240
},
"ConnectionRequestTokenURLOAuth1": {
"description": "The URL of the OAuth 1.0a request-token endpoint. This endpoint is used to obtain a temporary request token during the OAuth 1.0a authentication flow.",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionHttpsUrlWithHttpFallback255"
}
]
},
"ConnectionRequestUriParameterSupported": {
"type": "boolean",
"description": "Boolean value specifying whether the OP supports use of the request_uri parameter, with true indicating support. If omitted, the default value is false.",
"default": false
},
"ConnectionRequireRequestUriRegistration": {
"type": "boolean",
"description": "Boolean value specifying whether the OP requires use of the request_uri parameter. If omitted, the default value is false.",
"default": false
},
"ConnectionRequiresUsername": {
"type": "boolean",
"description": "Indicates whether the user is required to provide a username in addition to an email address."
},
"ConnectionResponseCommon": {
"allOf": [
{
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"$ref": "#/components/schemas/ConnectionId"
},
"realms": {
"$ref": "#/components/schemas/ConnectionRealms"
}
}
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
],
"required": [
"display_name",
"id",
"name",
"strategy"
]
},
"ConnectionResponseContentAD": {
"description": "Response for connections with strategy=ad",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "ad"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsAD"
},
"provisioning_ticket_url": {
"$ref": "#/components/schemas/ConnectionProvisioningTicketUrl"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentADFS": {
"description": "Response for connections with strategy=adfs",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "adfs"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsADFS"
},
"provisioning_ticket_url": {
"$ref": "#/components/schemas/ConnectionProvisioningTicketUrl"
},
"show_as_button": {
"$ref": "#/components/schemas/ConnectionShowAsButton"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentAmazon": {
"description": "Response for connections with strategy=amazon",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "amazon"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsAmazon"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentApple": {
"description": "Response for connections with strategy=apple",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "apple"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsApple"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentAuth0": {
"description": "Response for connections with strategy=auth0",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "auth0"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsAuth0"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentAuth0OIDC": {
"description": "Response for connections with strategy=auth0-oidc",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "auth0-oidc"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsAuth0OIDC"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentAzureAD": {
"description": "Response for connections with strategy=waad",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "waad"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsAzureAD"
},
"provisioning_ticket_url": {
"$ref": "#/components/schemas/ConnectionProvisioningTicketUrl"
},
"show_as_button": {
"$ref": "#/components/schemas/ConnectionShowAsButton"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentBaidu": {
"description": "Response for connections with strategy=baidu",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "baidu"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsBaidu"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentBitbucket": {
"description": "Response for connections with strategy=bitbucket",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "bitbucket"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsBitbucket"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentBitly": {
"description": "Response for connections with strategy=bitly",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "bitly"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsBitly"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentBox": {
"description": "Response for connections with strategy=box",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "box"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsBox"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentCustom": {
"description": "Response for connections with strategy=custom",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "custom"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsCustom"
},
"provisioning_ticket_url": {
"$ref": "#/components/schemas/ConnectionProvisioningTicketUrl"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentDaccount": {
"description": "Response for connections with strategy=daccount",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "daccount"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsDaccount"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentDropbox": {
"description": "Response for connections with strategy=dropbox",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "dropbox"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsDropbox"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentDwolla": {
"description": "Response for connections with strategy=dwolla",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "dwolla"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsDwolla"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentEmail": {
"description": "Response for connections with strategy=email",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "email"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsEmail"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentEvernote": {
"description": "Response for connections with strategy=evernote",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "evernote"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsEvernote"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentEvernoteSandbox": {
"description": "Response for connections with strategy=evernote-sandbox",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "evernote-sandbox"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsEvernote"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentExact": {
"description": "Response for connections with strategy=exact",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "exact"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsExact"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentFacebook": {
"description": "Response for connections with strategy=facebook",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "facebook"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsFacebook"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentFitbit": {
"description": "Response for connections with strategy=fitbit",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "fitbit"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsFitbit"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentGitHub": {
"description": "Response for connections with strategy=github",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "github"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsGitHub"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentGoogleApps": {
"description": "Response for connections with strategy=google-apps",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "google-apps"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsGoogleApps"
},
"provisioning_ticket_url": {
"$ref": "#/components/schemas/ConnectionProvisioningTicketUrl"
},
"show_as_button": {
"$ref": "#/components/schemas/ConnectionShowAsButton"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentGoogleOAuth2": {
"description": "Response for connections with strategy=google-oauth2",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "google-oauth2"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsGoogleOAuth2"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentIP": {
"description": "Response for connections with strategy=ip",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "ip"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsIP"
},
"show_as_button": {
"$ref": "#/components/schemas/ConnectionShowAsButton"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
],
"x-release-lifecycle": "deprecated"
},
"ConnectionResponseContentInstagram": {
"description": "Response for connections with strategy=instagram",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "instagram"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsInstagram"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
],
"x-release-lifecycle": "deprecated"
},
"ConnectionResponseContentLine": {
"description": "Response for connections with strategy=line",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "line"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsLine"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentLinkedin": {
"description": "Response for connections with strategy=linkedin",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "linkedin"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsLinkedin"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentOAuth1": {
"description": "Response for connections with strategy=oauth1",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "oauth1"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsOAuth1"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
],
"x-release-lifecycle": "deprecated"
},
"ConnectionResponseContentOAuth2": {
"description": "Response for connections with strategy=oauth2",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "oauth2"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsOAuth2"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentOIDC": {
"description": "Response for connections with strategy=oidc",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "oidc"
},
"authentication": {
"$ref": "#/components/schemas/ConnectionAuthenticationPurpose"
},
"connected_accounts": {
"$ref": "#/components/schemas/ConnectionConnectedAccountsPurposeXAA"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsOIDC"
},
"show_as_button": {
"$ref": "#/components/schemas/ConnectionShowAsButton"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentOffice365": {
"description": "Response for connections with strategy=office365",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "office365"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsOffice365"
},
"provisioning_ticket_url": {
"$ref": "#/components/schemas/ConnectionProvisioningTicketUrl"
},
"show_as_button": {
"$ref": "#/components/schemas/ConnectionShowAsButton"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentOkta": {
"description": "Response for connections with strategy=okta",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "okta"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsOkta"
},
"show_as_button": {
"$ref": "#/components/schemas/ConnectionShowAsButton"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentPaypal": {
"description": "Response for connections with strategy=paypal",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "paypal"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsPaypal"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentPaypalSandbox": {
"description": "Response for connections with strategy=paypal-sandbox",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "paypal-sandbox"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsPaypal"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentPingFederate": {
"description": "Response for connections with strategy=pingfederate",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "pingfederate"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsPingFederate"
},
"provisioning_ticket_url": {
"$ref": "#/components/schemas/ConnectionProvisioningTicketUrl"
},
"show_as_button": {
"$ref": "#/components/schemas/ConnectionShowAsButton"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentPlanningCenter": {
"description": "Response for connections with strategy=planningcenter",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "planningcenter"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsPlanningCenter"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentSAML": {
"description": "Response for connections with strategy=samlp",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "samlp"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsSAML"
},
"provisioning_ticket_url": {
"$ref": "#/components/schemas/ConnectionProvisioningTicketUrl"
},
"show_as_button": {
"$ref": "#/components/schemas/ConnectionShowAsButton"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentSMS": {
"description": "Response for connections with strategy=sms",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "sms"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsSMS"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentSalesforce": {
"description": "Response for connections with strategy=salesforce",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "salesforce"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsSalesforce"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentSalesforceCommunity": {
"description": "Response for connections with strategy=salesforce-community",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "salesforce-community"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsSalesforceCommunity"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentSalesforceSandbox": {
"description": "Response for connections with strategy=salesforce-sandbox",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "salesforce-sandbox"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsSalesforce"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentSharepoint": {
"description": "Response for connections with strategy=sharepoint",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "sharepoint"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsSharepoint"
},
"show_as_button": {
"$ref": "#/components/schemas/ConnectionShowAsButton"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
],
"x-release-lifecycle": "deprecated"
},
"ConnectionResponseContentShop": {
"description": "Response for connections with strategy=shop",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "shop"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsShop"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentShopify": {
"description": "Response for connections with strategy=shopify",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "shopify"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsShopify"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentSoundcloud": {
"description": "Response for connections with strategy=soundcloud",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "soundcloud"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsSoundcloud"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
],
"x-release-lifecycle": "deprecated"
},
"ConnectionResponseContentThirtySevenSignals": {
"description": "Response for connections with strategy=thirtysevensignals",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "thirtysevensignals"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsThirtySevenSignals"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentTwitter": {
"description": "Response for connections with strategy=twitter",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "twitter"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsTwitter"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentUntappd": {
"description": "Response for connections with strategy=untappd",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "untappd"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsUntappd"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentVkontakte": {
"description": "Response for connections with strategy=vkontakte",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "vkontakte"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsVkontakte"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentWeibo": {
"description": "Response for connections with strategy=weibo",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "weibo"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsWeibo"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentWindowsLive": {
"description": "Response for connections with strategy=windowslive",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "windowslive"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsWindowsLive"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentWordpress": {
"description": "Response for connections with strategy=wordpress",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "wordpress"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsWordpress"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentYahoo": {
"description": "Response for connections with strategy=yahoo",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "yahoo"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsYahoo"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseContentYandex": {
"description": "Response for connections with strategy=yandex",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "yandex"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsYandex"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/ConnectionResponseCommon"
}
]
},
"ConnectionResponseModesSupported": {
"type": "array",
"description": "A list of the OAuth 2.0 response_mode values that this OP supports. If omitted, the default for Dynamic OpenID Providers is [\"query\", \"fragment\"]",
"minItems": 0,
"maxItems": 16,
"items": {
"type": "string",
"maxLength": 20
}
},
"ConnectionResponseTypesSupported": {
"type": "array",
"description": "A list of the OAuth 2.0 response_type values that this OP supports. Dynamic OpenID Providers MUST support the code, id_token, and the token id_token Response Type values",
"minItems": 1,
"maxItems": 40,
"items": {
"type": "string",
"maxLength": 40
}
},
"ConnectionScopeAmazon": {
"description": "OAuth 2.0 scopes that will be requested from Amazon during authorization. This is automatically populated based on the profile and postal_code settings, plus any freeform_scopes.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionScopeArray"
}
]
},
"ConnectionScopeArray": {
"description": "Array of custom OAuth 2.0 scopes to request during authentication.",
"type": "array",
"minItems": 0,
"maxItems": 255,
"items": {
"$ref": "#/components/schemas/ConnectionScopeItem"
}
},
"ConnectionScopeArrayFacebook": {
"description": "Array of custom OAuth 2.0 scopes to request during authentication.",
"type": "array",
"minItems": 1,
"maxItems": 255,
"items": {
"$ref": "#/components/schemas/ConnectionScopeItem"
}
},
"ConnectionScopeArrayWindowsLive": {
"description": "Array of custom OAuth 2.0 scopes to request during authentication.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionScopeArray"
}
]
},
"ConnectionScopeAzureAD": {
"description": "OAuth 2.0 scopes to request from Azure AD during authentication. Each scope represents a permission (e.g., 'User.Read', 'Group.Read.All'). Only applies with Microsoft Identity Platform v2.0. See Microsoft Graph permissions reference for available scopes.",
"type": "array",
"minItems": 0,
"maxItems": 100,
"items": {
"type": "string",
"minLength": 0,
"maxLength": 100
}
},
"ConnectionScopeFacebook": {
"description": "Computed comma-separated OAuth scope string sent to Facebook.",
"type": "string",
"minLength": 0,
"maxLength": 2048
},
"ConnectionScopeGoogleApps": {
"description": "Additional OAuth scopes requested beyond the default `email profile` scopes; ignored unless `allow_setting_login_scopes` is true.",
"type": "array",
"items": {
"$ref": "#/components/schemas/ConnectionScopeItemGoogleApps"
},
"minItems": 1,
"maxItems": 64,
"default": [
"email",
"profile"
]
},
"ConnectionScopeGoogleOAuth2": {
"description": "Array of OAuth 2.0 scopes requested during Google authentication.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionScopeArray"
}
]
},
"ConnectionScopeItem": {
"description": "A single OAuth 2.0 scope string",
"type": "string",
"minLength": 1,
"maxLength": 255
},
"ConnectionScopeItemGoogleApps": {
"description": "An OAuth scope string.",
"type": "string",
"minLength": 1,
"maxLength": 255
},
"ConnectionScopeLinkedin": {
"description": "Scopes to request from LinkedIn during OAuth. Use standard scopes such as r_liteprofile and r_emailaddress; legacy or partner scopes (e.g., r_basicprofile, r_fullprofile, rw_company_admin) may require LinkedIn approval and may not be available to new apps.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionScopeArray"
}
]
},
"ConnectionScopeOAuth2": {
"description": "OAuth 2.0 scopes requested from the identity provider during authorization. Determines what user information and permissions Auth0 can access. Can be specified as a space-delimited string (e.g., 'openid profile email') or array of scope values. The 'useOauthSpecScope' setting controls delimiter behavior when using connection_scope parameter.",
"anyOf": [
{
"type": "string",
"minLength": 0,
"maxLength": 4096
},
{
"type": "array",
"minItems": 0,
"maxItems": 20,
"items": {
"type": "string",
"minLength": 0,
"maxLength": 189
}
}
]
},
"ConnectionScopeOIDC": {
"type": "string",
"description": "Space-separated list of OAuth 2.0 scopes requested during authorization. Must include 'openid' (required by OIDC spec). Common values: 'openid profile email'. Additional scopes depend on the identity provider.",
"minLength": 6,
"maxLength": 255
},
"ConnectionScopePaypal": {
"description": "OAuth 2.0 scopes requested from PayPal during authorization. Built automatically from the enabled attribute flags (profile, email, address, phone) plus any freeform_scopes. Always includes 'openid' as the base scope.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionScopeArray"
}
]
},
"ConnectionScopeSalesforce": {
"description": "OAuth scopes to request from Salesforce. This is computed from enabled permission options and any additional freeform scopes.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionScopeArray"
}
]
},
"ConnectionScopesSupported": {
"type": [
"array",
"null"
],
"description": "A list of the OAuth 2.0 [RFC6749] scope values that this server supports. The server MUST support the openid scope value. Servers MAY choose not to advertise some supported scope values even when this parameter is used, although those defined in [OpenID.Core] SHOULD be listed, if supported. RECOMMENDED but not REQUIRED",
"maxItems": 7000,
"minItems": 0,
"items": {
"type": "string",
"maxLength": 100
},
"contains": {
"type": "string",
"const": "openid"
}
},
"ConnectionScriptsOAuth1": {
"type": "object",
"description": "Custom scripts to transform user profile data or modify OAuth1 flow behavior",
"additionalProperties": false,
"properties": {
"fetchUserProfile": {
"type": "string",
"description": "Custom JavaScript function to retrieve and transform user profile data from the identity provider. Called with the access token and token exchange response. Must return a user profile object. Executed in a sandboxed environment. If not provided, an empty profile object is used.",
"minLength": 0,
"maxLength": 51200
}
}
},
"ConnectionScriptsOAuth2": {
"type": "object",
"description": "Custom scripts to transform user profile data or modify OAuth2 flow behavior",
"additionalProperties": false,
"properties": {
"fetchUserProfile": {
"type": "string",
"description": "Custom JavaScript function to retrieve and transform user profile data from the identity provider. Called with the access token and token exchange response. Must return a user profile object. Executed in a sandboxed environment. If not provided, an empty profile object is used.",
"minLength": 0,
"maxLength": 51200
},
"getLogoutUrl": {
"type": "string",
"description": "Custom JavaScript function to dynamically construct the logout URL for the identity provider. Called with the request query parameters and must invoke a callback with the logout URL. Only used if 'logoutUrl' is not configured. Executed in a sandboxed environment.",
"minLength": 0,
"maxLength": 51200
}
}
},
"ConnectionSendBackChannelNonce": {
"type": "boolean",
"description": "When true and type is 'back_channel', includes a cryptographic nonce in authorization requests to prevent replay attacks. The identity provider must include this nonce in the ID token for validation."
},
"ConnectionServiceDocumentation": {
"allOf": [
{
"description": "URL of a page containing human-readable information that developers might want or need to know when using the OpenID Provider. In particular, if the OpenID Provider does not support Dynamic Client Registration, then information on how to register Clients needs to be provided in this documentation."
},
{
"$ref": "#/components/schemas/ConnectionHttpsUrlWithHttpFallback255"
}
]
},
"ConnectionSetUserRootAttributesEnum": {
"type": "string",
"description": "When using an external IdP, this flag determines whether 'name', 'given_name', 'family_name', 'nickname', and 'picture' attributes are updated. In addition, it also determines whether the user is created when user doesnt exist previously. Possible values are 'on_each_login' (default value, it configures the connection to automatically create the user if necessary and update the root attributes from the external IdP with each user login. When this setting is used, root attributes cannot be independently updated), 'on_first_login' (configures the connection to create the user and set the root attributes on first login only, allowing them to be independently updated thereafter), and 'never_on_login' (configures the connection not to create the user and not to set the root attributes from the external IdP, allowing them to be independently updated).",
"default": "on_each_login",
"enum": [
"on_each_login",
"on_first_login",
"never_on_login"
]
},
"ConnectionSha1Thumbprint": {
"description": "SHA-1 thumbprint of the certificate",
"type": "string",
"format": "hexadecimal",
"minLength": 40,
"maxLength": 40
},
"ConnectionShouldTrustEmailVerifiedConnectionEnum": {
"type": "string",
"description": "Choose how Auth0 sets the email_verified field in the user profile.",
"enum": [
"never_set_emails_as_verified",
"always_set_emails_as_verified"
],
"default": "never_set_emails_as_verified"
},
"ConnectionShowAsButton": {
"type": "boolean",
"description": "Enables showing a button for the connection in the login page (new experience only). If false, it will be usable only by HRD. Defaults to `false`.",
"default": false
},
"ConnectionSignInEndpointAD": {
"description": "The sign-in endpoint type for the AD-LDAP connector agent (managed by the AD Connector agent).",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionHttpsUrlWithHttpFallback255"
}
]
},
"ConnectionSignInEndpointADFS": {
"description": "Passive Requestor (WS-Fed) sign-in endpoint discovered from metadata or provided explicitly.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionHttpsUrlWithHttpFallback2048"
}
]
},
"ConnectionSignInEndpointSAML": {
"description": "Identity provider's SAML SingleSignOnService endpoint URL where Auth0 sends SAML authentication requests. This is the primary login URL for the SAML connection. Required unless using metadataUrl or metadataXml.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionHttpsUrlWithHttpFallback2048"
}
]
},
"ConnectionSignOutEndpointSAML": {
"description": "Identity provider's SAML SingleLogoutService endpoint URL where Auth0 sends logout requests for federated sign-out. When not provided, defaults to signInEndpoint. Only used if disableSignout is false.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionHttpsUrlWithHttpFallback2048"
}
]
},
"ConnectionSignSAMLRequestSAML": {
"description": "When true, Auth0 signs SAML authentication requests using the connection's signing key. The signature includes the request's digest and is validated by the identity provider. Defaults to false (unsigned requests).",
"type": "boolean"
},
"ConnectionSignatureAlgorithmEnumSAML": {
"description": "Valid SAML signature algorithms",
"type": "string",
"enum": [
"rsa-sha1",
"rsa-sha256"
]
},
"ConnectionSignatureAlgorithmSAML": {
"description": "Algorithm used to sign SAML authentication requests and logout requests using the connection's signing key. Common values: 'rsa-sha256' (RSA signature with SHA-256 digest) or 'rsa-sha1'. Defaults to 'rsa-sha256'.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionSignatureAlgorithmEnumSAML"
}
]
},
"ConnectionSignatureMethodOAuth1": {
"description": "OAuth 1.0a signature algorithm used when signing request-token and access-token calls for this connection (RSA-SHA1 only).",
"type": "string",
"const": "RSA-SHA1"
},
"ConnectionSigningCertSAML": {
"description": "Base64-encoded X.509 certificate from the identity provider used to validate signatures in SAML responses and assertions. The certificate is decoded and used for cryptographic signature verification.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionSigningCertificatePemSAML"
}
]
},
"ConnectionSigningCertificateDerSAML": {
"description": "X.509 signing certificate from the identity provider in .der format. Used to validate signatures in SAML Responses and Assertions. This is an alternative to signingCert and is kept for backward compatibility. Prefer using signingCert instead.",
"type": "string",
"x-release-lifecycle": "deprecated",
"minLength": 1,
"maxLength": 10240
},
"ConnectionSigningCertificatePemPingFederate": {
"description": "Base64-encoded X.509 certificate from the identity provider used to validate signatures in SAML responses and assertions. The certificate is decoded and used for cryptographic signature verification.",
"type": "string",
"writeOnly": true,
"minLength": 1,
"maxLength": 10240
},
"ConnectionSigningCertificatePemSAML": {
"description": "Base64-encoded X.509 certificate from the identity provider used to validate signatures in SAML responses and assertions. The certificate is decoded and used for cryptographic signature verification.",
"type": "string",
"minLength": 1,
"maxLength": 10240
},
"ConnectionSigningKeySAML": {
"description": "Key pair with 'key' and 'cert' properties for signing SAML messages",
"type": "object",
"properties": {
"cert": {
"description": "Base64-encoded X.509 certificate in PEM format used by Auth0 to sign SAML requests and logout messages.",
"type": "string",
"minLength": 1,
"maxLength": 10240
},
"key": {
"description": "Private key in PEM format used by Auth0 to sign SAML requests and logout messages.",
"type": "string",
"minLength": 1,
"maxLength": 10240
}
},
"additionalProperties": {
"type": "string",
"minLength": 0,
"maxLength": 9216
},
"maxProperties": 6
},
"ConnectionSignupBehaviorEnum": {
"type": "string",
"description": "Specifies the signup behavior for password authentication",
"enum": [
"allow",
"block"
],
"x-release-lifecycle": "EA"
},
"ConnectionStrategyEnum": {
"type": "string",
"enum": [
"ad",
"adfs",
"amazon",
"apple",
"dropbox",
"bitbucket",
"auth0-oidc",
"auth0",
"baidu",
"bitly",
"box",
"custom",
"daccount",
"dwolla",
"email",
"evernote-sandbox",
"evernote",
"exact",
"facebook",
"fitbit",
"github",
"google-apps",
"google-oauth2",
"instagram",
"ip",
"line",
"linkedin",
"oauth1",
"oauth2",
"office365",
"oidc",
"okta",
"paypal",
"paypal-sandbox",
"pingfederate",
"planningcenter",
"salesforce-community",
"salesforce-sandbox",
"salesforce",
"samlp",
"sharepoint",
"shopify",
"shop",
"sms",
"soundcloud",
"thirtysevensignals",
"twitter",
"untappd",
"vkontakte",
"waad",
"weibo",
"windowslive",
"wordpress",
"yahoo",
"yandex",
"auth0-adldap"
]
},
"ConnectionStrategyVersionEnumLinkedin": {
"type": "integer",
"default": 3,
"enum": [
1,
2,
3
]
},
"ConnectionStrategyVersionEnumWindowsLive": {
"type": "integer",
"description": "Version number of the windowslive strategy implementation.",
"default": 2,
"enum": [
1,
2
]
},
"ConnectionSubjectTypesSupported": {
"description": "A list of the Subject Identifier types that this OP supports. Valid types include pairwise and public",
"type": "array",
"minItems": 0,
"maxItems": 20,
"items": {
"type": "string",
"minLength": 0,
"maxLength": 100
}
},
"ConnectionTemplateSMS": {
"description": "SMS message template. Use `@@password@@` as a placeholder for the verification code.",
"example": "Your verification code is: @@password@@",
"x-release-lifecycle": "deprecated",
"type": "string",
"minLength": 1,
"maxLength": 5120
},
"ConnectionTemplateSyntaxEnumSMS": {
"description": "SMS template syntax type. Set to 'md_with_macros' to enable macro processing in templates.",
"type": "string",
"enum": [
"liquid",
"md_with_macros"
],
"x-release-lifecycle": "deprecated"
},
"ConnectionTenantDomain": {
"description": "Tenant domain",
"type": "string",
"minLength": 1,
"maxLength": 255
},
"ConnectionTenantDomainAD": {
"description": "Primary AD domain hint used for HRD and discovery.",
"type": "string",
"format": "hostname",
"minLength": 1,
"maxLength": 512
},
"ConnectionTenantDomainAzureAD": {
"description": "The Azure AD tenant domain or tenant ID (UUID). Auto-populated from the 'domain' field. Can be either a hostname (e.g., 'contoso.onmicrosoft.com') or a UUID tenant ID.",
"anyOf": [
{
"type": "string",
"format": "hostname",
"minLength": 0,
"maxLength": 512
},
{
"type": "string",
"format": "uuid"
}
]
},
"ConnectionTenantDomainGoogleApps": {
"description": "The Google Workspace primary domain used to identify the organization during authentication.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionTenantDomain"
}
]
},
"ConnectionTenantDomainSAML": {
"allOf": [
{
"description": "For SAML connections, the tenant domain used to construct the login endpoint URL. Can be a string for single-tenant or an array of strings for multi-tenant validation."
},
{
"$ref": "#/components/schemas/ConnectionTenantDomain"
}
]
},
"ConnectionTenantIdAzureAD": {
"description": "The Azure AD tenant ID as a UUID. The unique identifier for your Azure AD organization. Must be a valid 36-character UUID.",
"type": "string",
"format": "uuid",
"minLength": 36,
"maxLength": 36
},
"ConnectionThumbprints": {
"description": "Array of certificate thumbprints (SHA-128/SHA-256/SHA-512 hex hashes) for validating SAML signatures. Used with WS-Federation protocol. Maximum 20 thumbprints. Each thumbprint must be a hexadecimal string.",
"type": "array",
"minItems": 0,
"maxItems": 20,
"items": {
"type": "string",
"pattern": "^[0-9a-fA-F]+$",
"minLength": 0,
"maxLength": 64
}
},
"ConnectionThumbprintsAD": {
"description": "Array of certificate SHA-1 thumbprints for validating signatures. Managed by Auth0 when using the AD Connector agent.",
"type": "array",
"minItems": 0,
"maxItems": 2,
"items": {
"$ref": "#/components/schemas/ConnectionSha1Thumbprint"
}
},
"ConnectionThumbprintsSAML": {
"description": "SHA-1 thumbprints (fingerprints) of the identity provider's signing certificates. Automatically computed from signingCert during connection creation. Each thumbprint must be a 40-character hexadecimal string.",
"type": "array",
"minItems": 0,
"maxItems": 1,
"items": {
"$ref": "#/components/schemas/ConnectionSha1Thumbprint"
}
},
"ConnectionTokenEndpoint": {
"allOf": [
{
"description": "URL of the identity provider's OAuth 2.0 token endpoint where authorization codes are exchanged for access tokens. Must be a valid HTTPS URL. Required for authorization code flow but optional for implicit flow."
},
{
"$ref": "#/components/schemas/ConnectionHttpsUrlWithHttpFallback255"
}
]
},
"ConnectionTokenEndpointAuthMethodEnum": {
"type": [
"string",
"null"
],
"description": "Authentication method used at the identity provider's token endpoint. 'client_secret_post' sends credentials in the request body; 'private_key_jwt' uses a signed JWT assertion for enhanced security.",
"enum": [
"client_secret_post",
"private_key_jwt"
],
"x-merge-priority": -5
},
"ConnectionTokenEndpointAuthMethodsSupported": {
"type": "array",
"description": "JSON array containing a list of Client Authentication methods supported by this Token Endpoint. The options are client_secret_post, client_secret_basic, client_secret_jwt, and private_key_jwt, as described in Section 9 of OpenID Connect Core 1.0 [OpenID.Core]. Other authentication methods MAY be defined by extensions. If omitted, the default is client_secret_basic -- the HTTP Basic Authentication Scheme specified in Section 2.3.1 of OAuth 2.0 [RFC6749].",
"minItems": 0,
"maxItems": 14,
"items": {
"type": "string",
"maxLength": 60
}
},
"ConnectionTokenEndpointAuthSigningAlgEnum": {
"type": [
"string",
"null"
],
"description": "Algorithm used to sign client_assertions.",
"enum": [
"ES256",
"ES384",
"PS256",
"PS384",
"RS256",
"RS384",
"RS512"
],
"x-merge-priority": -5
},
"ConnectionTokenEndpointAuthSigningAlgValuesSupported": {
"type": "array",
"description": "JSON array containing a list of the JWS signing algorithms (alg values) supported by the Token Endpoint for the signature on the JWT [JWT] used to authenticate the Client at the Token Endpoint for the private_key_jwt and client_secret_jwt authentication methods. Servers SHOULD support RS256. The value none MUST NOT be used.",
"minItems": 0,
"maxItems": 24,
"items": {
"type": "string",
"maxLength": 10
}
},
"ConnectionTokenEndpointJwtcaAudFormatEnumOIDC": {
"type": "string",
"description": "Specifies the format of the aud (audience) claim included in the JWT used for client authentication at the token endpoint. Accepted values are: 'issuer' (the aud claim is set to the OIDC issuer URL) or 'token_endpoint' (the aud claim is set to the token endpoint URL).",
"enum": [
"issuer",
"token_endpoint"
],
"x-merge-priority": -5
},
"ConnectionTokenEndpointOAuth2": {
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionTokenEndpoint"
}
]
},
"ConnectionTokenEndpointOIDC": {
"oneOf": [
{
"$ref": "#/components/schemas/ConnectionTokenEndpoint"
}
]
},
"ConnectionTotpEmail": {
"type": "object",
"properties": {
"length": {
"$ref": "#/components/schemas/ConnectionTotpLengthEmail"
},
"time_step": {
"$ref": "#/components/schemas/ConnectionTotpTimeStepEmail"
}
},
"additionalProperties": false
},
"ConnectionTotpLengthEmail": {
"description": "Length of the TOTP code",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionTotpLengthPasswordless"
}
]
},
"ConnectionTotpLengthPasswordless": {
"description": "Length of the TOTP code",
"type": "integer",
"minimum": 4,
"maximum": 40
},
"ConnectionTotpLengthSMS": {
"description": "Number of digits in the verification code",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionTotpLengthPasswordless"
}
]
},
"ConnectionTotpSMS": {
"type": "object",
"description": "Time-based One-Time Password (TOTP) options",
"properties": {
"length": {
"$ref": "#/components/schemas/ConnectionTotpLengthSMS"
},
"time_step": {
"$ref": "#/components/schemas/ConnectionTotpTimeStepSMS"
}
},
"additionalProperties": false
},
"ConnectionTotpTimeStepEmail": {
"description": "Time step for TOTP in seconds",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionTotpTimeStepPasswordless"
}
]
},
"ConnectionTotpTimeStepPasswordless": {
"description": "Time step for TOTP in seconds",
"type": "integer",
"minimum": 60
},
"ConnectionTotpTimeStepSMS": {
"description": "Code validity duration in seconds",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionTotpTimeStepPasswordless"
}
]
},
"ConnectionTwilioSidSMS": {
"description": "Twilio Account SID",
"x-release-lifecycle": "deprecated",
"type": "string",
"minLength": 34,
"maxLength": 34,
"pattern": "^AC[0-9a-fA-F]{32}$"
},
"ConnectionTwilioTokenSMS": {
"description": "Twilio Auth Token",
"x-release-lifecycle": "deprecated",
"type": "string",
"minLength": 32,
"maxLength": 2048
},
"ConnectionTypeEnumOIDC": {
"type": "string",
"description": "OIDC communication channel type. 'back_channel' (confidential client) exchanges tokens server-side for stronger security; 'front_channel' handles responses in the browser.",
"enum": [
"back_channel",
"front_channel"
],
"default": "front_channel"
},
"ConnectionTypeEnumOkta": {
"type": "string",
"description": "Connection type",
"enum": [
"back_channel"
],
"default": "back_channel"
},
"ConnectionUiLocalesSupported": {
"type": "array",
"description": "Languages and scripts supported for the user interface, represented as a JSON array of BCP47 [RFC5646] language tag values.",
"minItems": 0,
"maxItems": 150,
"items": {
"type": "string",
"maxLength": 50
}
},
"ConnectionUpstreamAdditionalProperties": {
"type": "object",
"oneOf": [
{
"$ref": "#/components/schemas/ConnectionUpstreamAlias"
},
{
"$ref": "#/components/schemas/ConnectionUpstreamValue"
}
]
},
"ConnectionUpstreamAlias": {
"type": "object",
"additionalProperties": false,
"properties": {
"alias": {
"$ref": "#/components/schemas/ConnectionUpstreamAliasEnum"
}
}
},
"ConnectionUpstreamAliasEnum": {
"type": "string",
"enum": [
"acr_values",
"audience",
"client_id",
"display",
"id_token_hint",
"login_hint",
"max_age",
"prompt",
"resource",
"response_mode",
"response_type",
"ui_locales"
]
},
"ConnectionUpstreamParams": {
"type": [
"object",
"null"
],
"description": "Options for adding parameters in the request to the upstream IdP",
"additionalProperties": {
"$ref": "#/components/schemas/ConnectionUpstreamAdditionalProperties"
}
},
"ConnectionUpstreamParamsADFS": {
"oneOf": [
{
"$ref": "#/components/schemas/ConnectionUpstreamParams"
}
]
},
"ConnectionUpstreamParamsFacebook": {
"description": "Options for adding parameters in the request to the upstream IdP. See https://auth0.com/docs/authenticate/identity-providers/pass-parameters-to-idps",
"type": "object",
"additionalProperties": {
"$ref": "#/components/schemas/ConnectionUpstreamAdditionalProperties"
},
"maxProperties": 10
},
"ConnectionUpstreamValue": {
"type": "object",
"additionalProperties": false,
"properties": {
"value": {
"type": "string"
}
}
},
"ConnectionUseCommonEndpointAzureAD": {
"description": "When enabled (true), uses the Azure AD common endpoint for multi-tenant authentication. Allows users from any Azure AD organization to sign in. Requires userid_attribute set to 'sub' (not 'oid'). Cannot be used with SCIM provisioning. Defaults to false.",
"default": false,
"type": "boolean"
},
"ConnectionUserAuthorizationURLOAuth1": {
"description": "The URL of the OAuth 1.0a user-authorization endpoint. This endpoint is used to redirect users to the provider's site to authorize the temporary request token obtained from the request-token endpoint during the OAuth 1.0a authentication flow.",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionHttpsUrlWithHttpFallback255"
}
]
},
"ConnectionUserIdAttributeSAML": {
"description": "Custom SAML assertion attribute to use as the unique user identifier. When provided, this attribute is prepended to the default user_id mapping list with highest priority. Accepts a string (single SAML attribute name).",
"type": "string",
"minLength": 1,
"maxLength": 2396
},
"ConnectionUseridAttributeAzureAD": {
"description": "The Azure AD claim to use as the unique user identifier. 'oid' (Object ID) is recommended for single-tenant connections and required for SCIM. 'sub' (Subject) is required for multi-tenant/common endpoint. Only applies with OpenID Connect protocol.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionUseridAttributeEnumAzureAD"
}
]
},
"ConnectionUseridAttributeEnumAzureAD": {
"description": "User ID attribute to use. Only applies when waad_protocol=openid-connect",
"type": "string",
"enum": [
"oid",
"sub"
]
},
"ConnectionUserinfoEncryptionAlgValuesSupported": {
"type": "array",
"description": "JSON array containing a list of the JWE [JWE] encryption algorithms (alg values) [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT [JWT].",
"minItems": 0,
"maxItems": 26,
"items": {
"type": "string"
}
},
"ConnectionUserinfoEncryptionEncValuesSupported": {
"type": "array",
"description": "JSON array containing a list of the JWE encryption algorithms (enc values) [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT [JWT].",
"minItems": 0,
"maxItems": 12,
"items": {
"type": "string"
}
},
"ConnectionUserinfoEndpoint": {
"allOf": [
{
"description": "Optional URL of the identity provider's UserInfo endpoint. When configured with attribute mapping, Auth0 calls this endpoint to retrieve additional user profile claims using the access token."
},
{
"$ref": "#/components/schemas/ConnectionHttpsUrlWithHttpFallback255"
}
]
},
"ConnectionUserinfoEndpointOIDC": {
"oneOf": [
{
"$ref": "#/components/schemas/ConnectionUserinfoEndpoint"
}
]
},
"ConnectionUserinfoSigningAlgValuesSupported": {
"type": "array",
"description": "JSON array containing a list of the JWS [JWS] signing algorithms (alg values) [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT [JWT]. The value none MAY be included.",
"minItems": 0,
"maxItems": 26,
"items": {
"type": "string",
"maxLength": 10
}
},
"ConnectionUsernameValidationOptions": {
"type": [
"object",
"null"
],
"additionalProperties": false,
"required": [
"max",
"min"
],
"properties": {
"min": {
"type": "integer",
"minimum": 1
},
"max": {
"type": "integer",
"maximum": 128
}
}
},
"ConnectionValidationOptions": {
"type": [
"object",
"null"
],
"description": "Options for validation",
"additionalProperties": false,
"properties": {
"username": {
"$ref": "#/components/schemas/ConnectionUsernameValidationOptions"
}
}
},
"ConnectionWaadProtocol": {
"description": "The authentication protocol for Azure AD v1 endpoints. 'openid-connect' (default, recommended) uses modern OAuth 2.0/OIDC. 'ws-federation' is a legacy SAML-based protocol for older integrations. Only available with Azure AD v1 API.",
"anyOf": [
{
"$ref": "#/components/schemas/ConnectionWaadProtocolEnumAzureAD"
}
]
},
"ConnectionWaadProtocolEnumAzureAD": {
"type": "string",
"description": "Available WAAD protocols",
"enum": [
"ws-federation",
"openid-connect"
],
"default": "openid-connect"
},
"ConnectionsMetadata": {
"type": "object",
"description": "Metadata associated with the connection in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed.",
"additionalProperties": {
"type": [
"string",
"null"
],
"maxLength": 255
},
"maxProperties": 10
},
"CreateActionModuleRequestContent": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"code"
],
"properties": {
"name": {
"type": "string",
"description": "The name of the action module.",
"maxLength": 255,
"pattern": "^[^\u0000]*$"
},
"code": {
"type": "string",
"description": "The source code of the action module.",
"maxLength": 65536,
"pattern": "^[^\u0000]*$"
},
"secrets": {
"type": "array",
"description": "The secrets to associate with the action module.",
"items": {
"$ref": "#/components/schemas/ActionModuleSecretRequest"
}
},
"dependencies": {
"type": "array",
"description": "The npm dependencies of the action module.",
"items": {
"$ref": "#/components/schemas/ActionModuleDependencyRequest"
}
},
"api_version": {
"type": "string",
"description": "The API version of the module.",
"maxLength": 20,
"pattern": "^[^\u0000]*$"
},
"publish": {
"type": "boolean",
"description": "Whether to publish the module immediately after creation."
}
}
},
"CreateActionModuleResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"type": "string",
"description": "The unique ID of the module."
},
"name": {
"type": "string",
"description": "The name of the module."
},
"code": {
"type": "string",
"description": "The source code from the module's draft version."
},
"dependencies": {
"type": "array",
"description": "The npm dependencies from the module's draft version.",
"items": {
"$ref": "#/components/schemas/ActionModuleDependency"
}
},
"secrets": {
"type": "array",
"description": "The secrets from the module's draft version (names and timestamps only, values never returned).",
"items": {
"$ref": "#/components/schemas/ActionModuleSecret"
}
},
"actions_using_module_total": {
"type": "integer",
"description": "The number of deployed actions using this module."
},
"all_changes_published": {
"type": "boolean",
"description": "Whether all draft changes have been published as a version."
},
"latest_version_number": {
"type": "integer",
"description": "The version number of the latest published version. Omitted if no versions have been published."
},
"created_at": {
"type": "string",
"description": "Timestamp when the module was created.",
"format": "date-time"
},
"updated_at": {
"type": "string",
"description": "Timestamp when the module was last updated.",
"format": "date-time"
},
"latest_version": {
"$ref": "#/components/schemas/ActionModuleVersionReference"
}
}
},
"CreateActionModuleVersionResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"type": "string",
"description": "The unique ID for this version."
},
"module_id": {
"type": "string",
"description": "The ID of the parent module."
},
"version_number": {
"type": "integer",
"description": "The sequential version number."
},
"code": {
"type": "string",
"description": "The exact source code that was published with this version."
},
"secrets": {
"type": "array",
"description": "Secrets available to this version (name and updated_at only, values never returned).",
"items": {
"$ref": "#/components/schemas/ActionModuleSecret"
}
},
"dependencies": {
"type": "array",
"description": "Dependencies locked to this version.",
"items": {
"$ref": "#/components/schemas/ActionModuleDependency"
}
},
"created_at": {
"type": "string",
"description": "The timestamp when this version was created.",
"format": "date-time"
}
}
},
"CreateActionRequestContent": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"supported_triggers"
],
"properties": {
"name": {
"type": "string",
"description": "The name of an action.",
"default": "my-action"
},
"supported_triggers": {
"type": "array",
"description": "The list of triggers that this action supports. At this time, an action can only target a single trigger at a time.",
"minItems": 1,
"items": {
"$ref": "#/components/schemas/ActionTrigger",
"x-release-lifecycle": "GA"
}
},
"code": {
"type": "string",
"description": "The source code of the action.",
"default": "module.exports = () => {}"
},
"dependencies": {
"type": "array",
"description": "The list of third party npm modules, and their versions, that this action depends on.",
"items": {
"$ref": "#/components/schemas/ActionVersionDependency"
}
},
"runtime": {
"type": "string",
"description": "The Node runtime. For example: `node22`, defaults to `node22`",
"default": "node22"
},
"secrets": {
"type": "array",
"description": "The list of secrets that are included in an action or a version of an action.",
"items": {
"$ref": "#/components/schemas/ActionSecretRequest"
}
},
"modules": {
"type": "array",
"description": "The list of action modules and their versions used by this action.",
"items": {
"$ref": "#/components/schemas/ActionModuleReference"
}
},
"deploy": {
"type": "boolean",
"description": "True if the action should be deployed after creation.",
"default": false
}
}
},
"CreateActionResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"type": "string",
"description": "The unique ID of the action.",
"default": "910b1053-577f-4d81-a8c8-020e7319a38a"
},
"name": {
"type": "string",
"description": "The name of an action.",
"default": "my-action"
},
"supported_triggers": {
"type": "array",
"description": "The list of triggers that this action supports. At this time, an action can only target a single trigger at a time.",
"minItems": 1,
"items": {
"$ref": "#/components/schemas/ActionTrigger",
"x-release-lifecycle": "GA"
}
},
"all_changes_deployed": {
"type": "boolean",
"description": "True if all of an Action's contents have been deployed.",
"default": false
},
"created_at": {
"type": "string",
"description": "The time when this action was created.",
"default": "2021-01-01T00:00:00.000Z",
"format": "date-time"
},
"updated_at": {
"type": "string",
"description": "The time when this action was updated.",
"default": "2021-01-01T00:00:00.000Z",
"format": "date-time"
},
"code": {
"type": "string",
"description": "The source code of the action.",
"default": "module.exports = () => {}"
},
"dependencies": {
"type": "array",
"description": "The list of third party npm modules, and their versions, that this action depends on.",
"items": {
"$ref": "#/components/schemas/ActionVersionDependency"
}
},
"runtime": {
"type": "string",
"description": "The Node runtime. For example: `node22`, defaults to `node22`",
"default": "node22"
},
"secrets": {
"type": "array",
"description": "The list of secrets that are included in an action or a version of an action.",
"items": {
"$ref": "#/components/schemas/ActionSecretResponse"
}
},
"deployed_version": {
"$ref": "#/components/schemas/ActionDeployedVersion"
},
"installed_integration_id": {
"type": "string",
"description": "installed_integration_id is the fk reference to the InstalledIntegration entity.",
"default": "7d2bc0c9-c0c2-433a-9f4e-86ef80270aad"
},
"integration": {
"$ref": "#/components/schemas/Integration"
},
"status": {
"$ref": "#/components/schemas/ActionBuildStatusEnum"
},
"built_at": {
"type": "string",
"description": "The time when this action was built successfully.",
"default": "2021-01-01T00:00:00.000Z",
"format": "date-time"
},
"deploy": {
"type": "boolean",
"description": "True if the action should be deployed after creation.",
"default": false
},
"modules": {
"type": "array",
"description": "The list of action modules and their versions used by this action.",
"items": {
"$ref": "#/components/schemas/ActionModuleReference"
}
}
}
},
"CreateBrandingPhoneProviderRequestContent": {
"type": "object",
"description": "Phone provider configuration schema",
"additionalProperties": true,
"required": [
"name",
"credentials"
],
"properties": {
"name": {
"$ref": "#/components/schemas/PhoneProviderNameEnum"
},
"disabled": {
"type": "boolean",
"description": "Whether the provider is enabled (false) or disabled (true)."
},
"configuration": {
"$ref": "#/components/schemas/PhoneProviderConfiguration"
},
"credentials": {
"$ref": "#/components/schemas/PhoneProviderCredentials"
}
}
},
"CreateBrandingPhoneProviderResponseContent": {
"type": "object",
"description": "Phone provider configuration schema",
"additionalProperties": false,
"required": [
"name",
"credentials"
],
"properties": {
"id": {
"type": "string",
"minLength": 1,
"maxLength": 255
},
"tenant": {
"type": "string",
"description": "The name of the tenant",
"minLength": 1,
"maxLength": 255
},
"name": {
"$ref": "#/components/schemas/PhoneProviderNameEnum"
},
"channel": {
"$ref": "#/components/schemas/PhoneProviderChannelEnum"
},
"disabled": {
"type": "boolean",
"description": "Whether the provider is enabled (false) or disabled (true)."
},
"configuration": {
"$ref": "#/components/schemas/PhoneProviderConfiguration"
},
"created_at": {
"type": "string",
"description": "The provider's creation date and time in ISO 8601 format",
"maxLength": 27,
"format": "date-time"
},
"updated_at": {
"type": "string",
"description": "The date and time of the last update to the provider in ISO 8601 format",
"maxLength": 27,
"format": "date-time"
}
}
},
"CreateBrandingThemeRequestContent": {
"type": "object",
"description": "Branding theme",
"additionalProperties": false,
"required": [
"borders",
"colors",
"fonts",
"page_background",
"widget"
],
"minProperties": 1,
"properties": {
"borders": {
"$ref": "#/components/schemas/BrandingThemeBorders"
},
"colors": {
"$ref": "#/components/schemas/BrandingThemeColors"
},
"displayName": {
"type": "string",
"description": "Display Name",
"maxLength": 2048,
"pattern": "^[^<>]*$"
},
"fonts": {
"$ref": "#/components/schemas/BrandingThemeFonts"
},
"page_background": {
"$ref": "#/components/schemas/BrandingThemePageBackground"
},
"widget": {
"$ref": "#/components/schemas/BrandingThemeWidget"
}
}
},
"CreateBrandingThemeResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"borders",
"colors",
"displayName",
"fonts",
"page_background",
"themeId",
"widget"
],
"properties": {
"borders": {
"$ref": "#/components/schemas/BrandingThemeBorders"
},
"colors": {
"$ref": "#/components/schemas/BrandingThemeColors"
},
"displayName": {
"type": "string",
"description": "Display Name",
"maxLength": 2048,
"pattern": "^[^<>]*$"
},
"fonts": {
"$ref": "#/components/schemas/BrandingThemeFonts"
},
"page_background": {
"$ref": "#/components/schemas/BrandingThemePageBackground"
},
"themeId": {
"type": "string",
"description": "Theme Id",
"maxLength": 32,
"pattern": "^[a-zA-Z0-9]{32}$"
},
"widget": {
"$ref": "#/components/schemas/BrandingThemeWidget"
}
}
},
"CreateClientAuthenticationMethodSelfSignedTLSClientAuth": {
"type": "object",
"description": "Defines `self_signed_tls_client_auth` client authentication method. If the property is defined, the client is configured to use mTLS authentication method utilizing self-signed certificate.",
"additionalProperties": false,
"required": [
"credentials"
],
"properties": {
"credentials": {
"$ref": "#/components/schemas/CreateClientAuthenticationMethodSelfSignedTLSClientAuthCredentials"
}
}
},
"CreateClientAuthenticationMethodSelfSignedTLSClientAuthCredentials": {
"type": "array",
"description": "Fully defined credentials that will be enabled on the client for mTLS authentication utilizing self-signed certificate.",
"minItems": 0,
"items": {
"$ref": "#/components/schemas/X509CertificateCredential"
}
},
"CreateClientGrantRequestContent": {
"type": "object",
"additionalProperties": false,
"required": [
"audience"
],
"properties": {
"client_id": {
"type": "string",
"description": "ID of the client."
},
"audience": {
"type": "string",
"description": "The audience (API identifier) of this client grant",
"minLength": 1
},
"default_for": {
"$ref": "#/components/schemas/ClientGrantDefaultForEnum",
"x-release-lifecycle": "GA"
},
"organization_usage": {
"$ref": "#/components/schemas/ClientGrantOrganizationUsageEnum"
},
"allow_any_organization": {
"type": "boolean",
"description": "If enabled, any organization can be used with this grant. If disabled (default), the grant must be explicitly assigned to the desired organizations.",
"default": false
},
"scope": {
"type": "array",
"description": "Scopes allowed for this client grant.",
"items": {
"type": "string",
"minLength": 1,
"maxLength": 280
}
},
"subject_type": {
"$ref": "#/components/schemas/ClientGrantSubjectTypeEnum"
},
"authorization_details_types": {
"type": "array",
"description": "Types of authorization_details allowed for this client grant.",
"items": {
"type": "string",
"minLength": 1,
"maxLength": 255
}
},
"allow_all_scopes": {
"type": "boolean",
"description": "If enabled, all scopes configured on the resource server are allowed for this grant."
}
}
},
"CreateClientGrantResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"type": "string",
"description": "ID of the client grant."
},
"client_id": {
"type": "string",
"description": "ID of the client."
},
"audience": {
"type": "string",
"description": "The audience (API identifier) of this client grant.",
"minLength": 1
},
"scope": {
"type": "array",
"description": "Scopes allowed for this client grant.",
"items": {
"type": "string",
"minLength": 1
}
},
"organization_usage": {
"$ref": "#/components/schemas/ClientGrantOrganizationUsageEnum"
},
"allow_any_organization": {
"type": "boolean",
"description": "If enabled, any organization can be used with this grant. If disabled (default), the grant must be explicitly assigned to the desired organizations."
},
"default_for": {
"$ref": "#/components/schemas/ClientGrantDefaultForEnum",
"x-release-lifecycle": "GA"
},
"is_system": {
"type": "boolean",
"description": "If enabled, this grant is a special grant created by Auth0. It cannot be modified or deleted directly."
},
"subject_type": {
"$ref": "#/components/schemas/ClientGrantSubjectTypeEnum"
},
"authorization_details_types": {
"type": "array",
"description": "Types of authorization_details allowed for this client grant.",
"items": {
"type": "string",
"minLength": 1,
"maxLength": 255
}
},
"allow_all_scopes": {
"type": "boolean",
"description": "If enabled, all scopes configured on the resource server are allowed for this grant."
}
}
},
"CreateClientRequestContent": {
"type": "object",
"additionalProperties": false,
"required": [
"name"
],
"properties": {
"name": {
"type": "string",
"description": "Name of this client (min length: 1 character, does not allow `<` or `>`).",
"pattern": "^[^<>]+$"
},
"description": {
"type": "string",
"description": "Free text description of this client (max length: 140 characters).",
"maxLength": 140
},
"logo_uri": {
"type": "string",
"description": "URL of the logo to display for this client. Recommended size is 150x150 pixels.",
"format": "absolute-uri-or-empty"
},
"callbacks": {
"type": "array",
"description": "Comma-separated list of URLs whitelisted for Auth0 to use as a callback to the client after authentication.",
"items": {
"type": "string",
"format": "callback-url"
}
},
"oidc_logout": {
"$ref": "#/components/schemas/ClientOIDCBackchannelLogoutSettings"
},
"oidc_backchannel_logout": {
"$ref": "#/components/schemas/ClientOIDCBackchannelLogoutSettings",
"x-release-lifecycle": "deprecated",
"description": "Configuration for OIDC backchannel logout (deprecated, in favor of oidc_logout)"
},
"session_transfer": {
"$ref": "#/components/schemas/ClientSessionTransferConfiguration"
},
"allowed_origins": {
"type": "array",
"description": "Comma-separated list of URLs allowed to make requests from JavaScript to Auth0 API (typically used with CORS). By default, all your callback URLs will be allowed. This field allows you to enter other origins if necessary. You can also use wildcards at the subdomain level (e.g., https://*.contoso.com). Query strings and hash information are not taken into account when validating these URLs.",
"items": {
"type": "string",
"format": "url-with-placeholders"
}
},
"web_origins": {
"type": "array",
"description": "Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode.",
"items": {
"type": "string",
"format": "url-with-placeholders"
}
},
"client_aliases": {
"type": "array",
"description": "List of audiences/realms for SAML protocol. Used by the wsfed addon.",
"items": {
"type": "string",
"minLength": 1
}
},
"allowed_clients": {
"type": "array",
"description": "List of allow clients and API ids that are allowed to make delegation requests. Empty means all all your clients are allowed.",
"items": {
"type": "string",
"minLength": 1
}
},
"allowed_logout_urls": {
"type": "array",
"description": "Comma-separated list of URLs that are valid to redirect to after logout from Auth0. Wildcards are allowed for subdomains.",
"items": {
"type": "string",
"format": "url-with-placeholders"
}
},
"grant_types": {
"type": "array",
"description": "List of grant types supported for this application. Can include `authorization_code`, `implicit`, `refresh_token`, `client_credentials`, `password`, `http://auth0.com/oauth/grant-type/password-realm`, `http://auth0.com/oauth/grant-type/mfa-oob`, `http://auth0.com/oauth/grant-type/mfa-otp`, `http://auth0.com/oauth/grant-type/mfa-recovery-code`, `urn:openid:params:grant-type:ciba`, `urn:ietf:params:oauth:grant-type:device_code`, and `urn:auth0:params:oauth:grant-type:token-exchange:federated-connection-access-token`.",
"items": {
"type": "string",
"minLength": 1
}
},
"token_endpoint_auth_method": {
"$ref": "#/components/schemas/ClientTokenEndpointAuthMethodEnum"
},
"is_token_endpoint_ip_header_trusted": {
"type": "boolean",
"description": "If true, trust that the IP specified in the `auth0-forwarded-for` header is the end-user's IP for brute-force-protection on token endpoint.",
"default": false
},
"app_type": {
"$ref": "#/components/schemas/ClientAppTypeEnum"
},
"is_first_party": {
"type": "boolean",
"description": "Whether this client a first party client or not",
"default": true
},
"oidc_conformant": {
"type": "boolean",
"description": "Whether this client conforms to strict OIDC specifications (true) or uses legacy features (false).",
"default": false
},
"jwt_configuration": {
"$ref": "#/components/schemas/ClientJwtConfiguration"
},
"encryption_key": {
"$ref": "#/components/schemas/ClientEncryptionKey"
},
"sso": {
"type": "boolean",
"description": "Applies only to SSO clients and determines whether Auth0 will handle Single Sign On (true) or whether the Identity Provider will (false)."
},
"cross_origin_authentication": {
"type": "boolean",
"description": "Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false).",
"default": false
},
"cross_origin_loc": {
"type": "string",
"description": "URL of the location in your site where the cross origin verification takes place for the cross-origin auth flow when performing Auth in your own domain instead of Auth0 hosted login page.",
"format": "url"
},
"sso_disabled": {
"type": "boolean",
"description": "true to disable Single Sign On, false otherwise (default: false)"
},
"custom_login_page_on": {
"type": "boolean",
"description": "true if the custom login page is to be used, false otherwise. Defaults to true"
},
"custom_login_page": {
"type": "string",
"description": "The content (HTML, CSS, JS) of the custom login page.",
"minLength": 1
},
"custom_login_page_preview": {
"type": "string",
"description": "The content (HTML, CSS, JS) of the custom login page. (Used on Previews)",
"minLength": 1
},
"form_template": {
"type": "string",
"description": "HTML form template to be used for WS-Federation.",
"minLength": 1
},
"addons": {
"$ref": "#/components/schemas/ClientAddons"
},
"client_metadata": {
"$ref": "#/components/schemas/ClientMetadata"
},
"mobile": {
"$ref": "#/components/schemas/ClientMobile"
},
"initiate_login_uri": {
"type": "string",
"description": "Initiate login uri, must be https",
"format": "absolute-https-uri-with-placeholders-or-empty"
},
"native_social_login": {
"$ref": "#/components/schemas/NativeSocialLogin"
},
"refresh_token": {
"$ref": "#/components/schemas/ClientRefreshTokenConfiguration"
},
"default_organization": {
"$ref": "#/components/schemas/ClientDefaultOrganization"
},
"organization_usage": {
"$ref": "#/components/schemas/ClientOrganizationUsageEnum"
},
"organization_require_behavior": {
"$ref": "#/components/schemas/ClientOrganizationRequireBehaviorEnum"
},
"organization_discovery_methods": {
"type": "array",
"description": "Defines the available methods for organization discovery during the `pre_login_prompt`. Users can discover their organization either by `email`, `organization_name` or both.",
"minItems": 1,
"x-release-lifecycle": "EA",
"items": {
"$ref": "#/components/schemas/ClientOrganizationDiscoveryEnum"
}
},
"client_authentication_methods": {
"$ref": "#/components/schemas/ClientCreateAuthenticationMethod"
},
"require_pushed_authorization_requests": {
"type": "boolean",
"description": "Makes the use of Pushed Authorization Requests mandatory for this client",
"default": false
},
"require_proof_of_possession": {
"type": "boolean",
"description": "Makes the use of Proof-of-Possession mandatory for this client",
"default": false
},
"signed_request_object": {
"$ref": "#/components/schemas/ClientSignedRequestObjectWithPublicKey"
},
"compliance_level": {
"$ref": "#/components/schemas/ClientComplianceLevelEnum"
},
"skip_non_verifiable_callback_uri_confirmation_prompt": {
"type": "boolean",
"description": "Controls whether a confirmation prompt is shown during login flows when the redirect URI uses non-verifiable callback URIs (for example, a custom URI schema such as `myapp://`, or `localhost`).\nIf set to true, a confirmation prompt will not be shown. We recommend that this is set to false for improved protection from malicious apps.\nSee https://auth0.com/docs/secure/security-guidance/measures-against-app-impersonation for more information."
},
"token_exchange": {
"$ref": "#/components/schemas/ClientTokenExchangeConfiguration",
"x-release-lifecycle": "GA"
},
"par_request_expiry": {
"type": [
"integer",
"null"
],
"description": "Specifies how long, in seconds, a Pushed Authorization Request URI remains valid",
"minimum": 10,
"maximum": 600
},
"token_quota": {
"$ref": "#/components/schemas/CreateTokenQuota",
"x-release-lifecycle": "EA"
},
"resource_server_identifier": {
"type": "string",
"description": "The identifier of the resource server that this client is linked to.",
"minLength": 1,
"maxLength": 600
},
"third_party_security_mode": {
"$ref": "#/components/schemas/ClientThirdPartySecurityModeEnum",
"x-release-lifecycle": "GA"
},
"redirection_policy": {
"$ref": "#/components/schemas/ClientRedirectionPolicyEnum",
"x-release-lifecycle": "GA"
},
"express_configuration": {
"$ref": "#/components/schemas/ExpressConfiguration"
},
"my_organization_configuration": {
"$ref": "#/components/schemas/ClientMyOrganizationPostConfiguration",
"x-release-lifecycle": "EA"
},
"async_approval_notification_channels": {
"$ref": "#/components/schemas/ClientAsyncApprovalNotificationsChannelsAPIPostConfiguration"
}
}
},
"CreateClientResponseContent": {
"type": "object",
"additionalProperties": true,
"properties": {
"client_id": {
"type": "string",
"description": "ID of this client.",
"default": "AaiyAPdpYdesoKnqjj8HJqRn4T5titww"
},
"tenant": {
"type": "string",
"description": "Name of the tenant this client belongs to.",
"default": ""
},
"name": {
"type": "string",
"description": "Name of this client (min length: 1 character, does not allow `<` or `>`).",
"default": "My application"
},
"description": {
"type": "string",
"description": "Free text description of this client (max length: 140 characters).",
"default": ""
},
"global": {
"type": "boolean",
"description": "Whether this is your global 'All Applications' client representing legacy tenant settings (true) or a regular client (false).",
"default": false
},
"client_secret": {
"type": "string",
"description": "Client secret (which you must not make public).",
"default": "MG_TNT2ver-SylNat-_VeMmd-4m0Waba0jr1troztBniSChEw0glxEmgEi2Kw40H"
},
"app_type": {
"$ref": "#/components/schemas/ClientAppTypeEnum"
},
"logo_uri": {
"type": "string",
"description": "URL of the logo to display for this client. Recommended size is 150x150 pixels."
},
"is_first_party": {
"type": "boolean",
"description": "Whether this client a first party client (true) or not (false).",
"default": false
},
"oidc_conformant": {
"type": "boolean",
"description": "Whether this client conforms to strict OIDC specifications (true) or uses legacy features (false).",
"default": false
},
"callbacks": {
"type": "array",
"description": "Comma-separated list of URLs whitelisted for Auth0 to use as a callback to the client after authentication.",
"items": {
"type": "string"
}
},
"allowed_origins": {
"type": "array",
"description": "Comma-separated list of URLs allowed to make requests from JavaScript to Auth0 API (typically used with CORS). By default, all your callback URLs will be allowed. This field allows you to enter other origins if necessary. You can also use wildcards at the subdomain level (e.g., https://*.contoso.com). Query strings and hash information are not taken into account when validating these URLs.",
"items": {
"type": "string"
}
},
"web_origins": {
"type": "array",
"description": "Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode.",
"items": {
"type": "string"
}
},
"client_aliases": {
"type": "array",
"description": "List of audiences/realms for SAML protocol. Used by the wsfed addon.",
"items": {
"type": "string"
}
},
"allowed_clients": {
"type": "array",
"description": "List of allow clients and API ids that are allowed to make delegation requests. Empty means all all your clients are allowed.",
"items": {
"type": "string"
}
},
"allowed_logout_urls": {
"type": "array",
"description": "Comma-separated list of URLs that are valid to redirect to after logout from Auth0. Wildcards are allowed for subdomains.",
"items": {
"type": "string"
}
},
"session_transfer": {
"$ref": "#/components/schemas/ClientSessionTransferConfiguration"
},
"oidc_logout": {
"$ref": "#/components/schemas/ClientOIDCBackchannelLogoutSettings"
},
"grant_types": {
"type": "array",
"description": "List of grant types supported for this application. Can include `authorization_code`, `implicit`, `refresh_token`, `client_credentials`, `password`, `http://auth0.com/oauth/grant-type/password-realm`, `http://auth0.com/oauth/grant-type/mfa-oob`, `http://auth0.com/oauth/grant-type/mfa-otp`, `http://auth0.com/oauth/grant-type/mfa-recovery-code`, `urn:openid:params:grant-type:ciba`, `urn:ietf:params:oauth:grant-type:device_code`, and `urn:auth0:params:oauth:grant-type:token-exchange:federated-connection-access-token`.",
"items": {
"type": "string"
}
},
"jwt_configuration": {
"$ref": "#/components/schemas/ClientJwtConfiguration"
},
"signing_keys": {
"$ref": "#/components/schemas/ClientSigningKeys"
},
"encryption_key": {
"$ref": "#/components/schemas/ClientEncryptionKey"
},
"sso": {
"type": "boolean",
"description": "Applies only to SSO clients and determines whether Auth0 will handle Single Sign On (true) or whether the Identity Provider will (false).",
"default": false
},
"sso_disabled": {
"type": "boolean",
"description": "Whether Single Sign On is disabled (true) or enabled (true). Defaults to true.",
"default": false
},
"cross_origin_authentication": {
"type": "boolean",
"description": "Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false)."
},
"cross_origin_loc": {
"type": "string",
"description": "URL of the location in your site where the cross origin verification takes place for the cross-origin auth flow when performing Auth in your own domain instead of Auth0 hosted login page.",
"format": "url"
},
"custom_login_page_on": {
"type": "boolean",
"description": "Whether a custom login page is to be used (true) or the default provided login page (false).",
"default": true
},
"custom_login_page": {
"type": "string",
"description": "The content (HTML, CSS, JS) of the custom login page.",
"default": ""
},
"custom_login_page_preview": {
"type": "string",
"description": "The content (HTML, CSS, JS) of the custom login page. (Used on Previews)",
"default": ""
},
"form_template": {
"type": "string",
"description": "HTML form template to be used for WS-Federation.",
"default": ""
},
"addons": {
"$ref": "#/components/schemas/ClientAddons"
},
"token_endpoint_auth_method": {
"$ref": "#/components/schemas/ClientTokenEndpointAuthMethodEnum"
},
"is_token_endpoint_ip_header_trusted": {
"type": "boolean",
"description": "If true, trust that the IP specified in the `auth0-forwarded-for` header is the end-user's IP for brute-force-protection on token endpoint.",
"default": false
},
"client_metadata": {
"$ref": "#/components/schemas/ClientMetadata"
},
"mobile": {
"$ref": "#/components/schemas/ClientMobile"
},
"initiate_login_uri": {
"type": "string",
"description": "Initiate login uri, must be https",
"format": "absolute-https-uri-with-placeholders-or-empty"
},
"native_social_login": {},
"refresh_token": {
"$ref": "#/components/schemas/ClientRefreshTokenConfiguration"
},
"default_organization": {
"$ref": "#/components/schemas/ClientDefaultOrganization"
},
"organization_usage": {
"$ref": "#/components/schemas/ClientOrganizationUsageEnum"
},
"organization_require_behavior": {
"$ref": "#/components/schemas/ClientOrganizationRequireBehaviorEnum"
},
"organization_discovery_methods": {
"type": "array",
"description": "Defines the available methods for organization discovery during the `pre_login_prompt`. Users can discover their organization either by `email`, `organization_name` or both.",
"minItems": 1,
"x-release-lifecycle": "EA",
"items": {
"$ref": "#/components/schemas/ClientOrganizationDiscoveryEnum"
}
},
"client_authentication_methods": {
"$ref": "#/components/schemas/ClientAuthenticationMethod"
},
"require_pushed_authorization_requests": {
"type": "boolean",
"description": "Makes the use of Pushed Authorization Requests mandatory for this client",
"default": false
},
"require_proof_of_possession": {
"type": "boolean",
"description": "Makes the use of Proof-of-Possession mandatory for this client",
"default": false
},
"signed_request_object": {
"$ref": "#/components/schemas/ClientSignedRequestObjectWithCredentialId"
},
"compliance_level": {
"$ref": "#/components/schemas/ClientComplianceLevelEnum"
},
"skip_non_verifiable_callback_uri_confirmation_prompt": {
"type": "boolean",
"description": "Controls whether a confirmation prompt is shown during login flows when the redirect URI uses non-verifiable callback URIs (for example, a custom URI schema such as `myapp://`, or `localhost`).\nIf set to true, a confirmation prompt will not be shown. We recommend that this is set to false for improved protection from malicious apps.\nSee https://auth0.com/docs/secure/security-guidance/measures-against-app-impersonation for more information."
},
"token_exchange": {
"$ref": "#/components/schemas/ClientTokenExchangeConfiguration",
"x-release-lifecycle": "GA"
},
"par_request_expiry": {
"type": [
"integer",
"null"
],
"description": "Specifies how long, in seconds, a Pushed Authorization Request URI remains valid",
"minimum": 10,
"maximum": 600
},
"token_quota": {
"$ref": "#/components/schemas/TokenQuota",
"x-release-lifecycle": "EA"
},
"express_configuration": {
"$ref": "#/components/schemas/ExpressConfiguration"
},
"my_organization_configuration": {
"$ref": "#/components/schemas/ClientMyOrganizationResponseConfiguration",
"x-release-lifecycle": "EA"
},
"third_party_security_mode": {
"$ref": "#/components/schemas/ClientThirdPartySecurityModeEnum",
"x-release-lifecycle": "GA"
},
"redirection_policy": {
"$ref": "#/components/schemas/ClientRedirectionPolicyEnum",
"x-release-lifecycle": "GA"
},
"resource_server_identifier": {
"type": "string",
"description": "The identifier of the resource server that this client is linked to."
},
"async_approval_notification_channels": {
"$ref": "#/components/schemas/ClientAsyncApprovalNotificationsChannelsAPIPostConfiguration"
},
"external_metadata_type": {
"$ref": "#/components/schemas/ClientExternalMetadataTypeEnum"
},
"external_metadata_created_by": {
"$ref": "#/components/schemas/ClientExternalMetadataCreatedByEnum"
},
"external_client_id": {
"type": "string",
"description": "An alternate client identifier to be used during authorization flows. Only supports CIMD-based client identifiers.",
"format": "absolute-https-uri-or-empty"
},
"jwks_uri": {
"type": "string",
"description": "URL for the JSON Web Key Set (JWKS) containing the public keys used for private_key_jwt authentication. Only present for CIMD clients using private_key_jwt authentication.",
"format": "absolute-https-uri-or-empty"
}
}
},
"CreateConnectionCommon": {
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"name": {
"$ref": "#/components/schemas/ConnectionName"
},
"enabled_clients": {
"type": "array",
"description": "Use of this property is NOT RECOMMENDED. Use the PATCH /v2/connections/{id}/clients endpoint to enable the connection for a set of clients.",
"items": {
"type": "string",
"description": "The id of the client for which the connection is to be enabled.",
"format": "client-id"
}
}
}
}
],
"required": [
"name"
]
},
"CreateConnectionProfileRequestContent": {
"type": "object",
"additionalProperties": false,
"required": [
"name"
],
"properties": {
"name": {
"$ref": "#/components/schemas/ConnectionProfileName"
},
"organization": {
"$ref": "#/components/schemas/ConnectionProfileOrganization"
},
"connection_name_prefix_template": {
"$ref": "#/components/schemas/ConnectionNamePrefixTemplate"
},
"enabled_features": {
"$ref": "#/components/schemas/ConnectionProfileEnabledFeatures"
},
"connection_config": {
"$ref": "#/components/schemas/ConnectionProfileConfig"
},
"strategy_overrides": {
"$ref": "#/components/schemas/ConnectionProfileStrategyOverrides"
}
}
},
"CreateConnectionProfileResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"$ref": "#/components/schemas/ConnectionProfileId"
},
"name": {
"$ref": "#/components/schemas/ConnectionProfileName"
},
"organization": {
"$ref": "#/components/schemas/ConnectionProfileOrganization"
},
"connection_name_prefix_template": {
"$ref": "#/components/schemas/ConnectionNamePrefixTemplate"
},
"enabled_features": {
"$ref": "#/components/schemas/ConnectionProfileEnabledFeatures"
},
"connection_config": {
"$ref": "#/components/schemas/ConnectionProfileConfig"
},
"strategy_overrides": {
"$ref": "#/components/schemas/ConnectionProfileStrategyOverrides"
}
}
},
"CreateConnectionRequestContent": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"strategy"
],
"properties": {
"name": {
"type": "string",
"description": "The name of the connection. Must start and end with an alphanumeric character and can only contain alphanumeric characters and '-'. Max length 128",
"maxLength": 128,
"pattern": "^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$"
},
"display_name": {
"type": "string",
"description": "Connection name used in the new universal login experience",
"maxLength": 128
},
"strategy": {
"$ref": "#/components/schemas/ConnectionIdentityProviderEnum"
},
"options": {
"$ref": "#/components/schemas/ConnectionPropertiesOptions"
},
"enabled_clients": {
"type": "array",
"description": "Use of this property is NOT RECOMMENDED. Use the PATCH /v2/connections/{id}/clients endpoint to enable the connection for a set of clients.",
"items": {
"type": "string",
"description": "The id of the client for which the connection is to be enabled.",
"format": "client-id"
}
},
"is_domain_connection": {
"type": "boolean",
"description": "true promotes to a domain-level connection so that third-party applications can use it. false does not promote the connection, so only first-party applications with the connection enabled can use it. (Defaults to false.)"
},
"show_as_button": {
"type": "boolean",
"description": "Enables showing a button for the connection in the login page (new experience only). If false, it will be usable only by HRD. (Defaults to false.)"
},
"realms": {
"type": "array",
"description": "Defines the realms for which the connection will be used (ie: email domains). If the array is empty or the property is not specified, the connection name will be added as realm.",
"items": {
"type": "string",
"description": "The realm where this connection belongs",
"format": "connection-realm"
}
},
"metadata": {
"$ref": "#/components/schemas/ConnectionsMetadata"
},
"authentication": {
"$ref": "#/components/schemas/ConnectionAuthenticationPurpose",
"x-release-lifecycle": "GA"
},
"connected_accounts": {
"$ref": "#/components/schemas/ConnectionConnectedAccountsPurpose",
"x-release-lifecycle": "GA"
}
}
},
"CreateConnectionRequestContentAD": {
"description": "Create a connection with strategy=ad",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "ad"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsAD"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentADFS": {
"description": "Create a connection with strategy=adfs",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "adfs"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsADFS"
},
"show_as_button": {
"$ref": "#/components/schemas/ConnectionShowAsButton"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentAmazon": {
"description": "Create a connection with strategy=amazon",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "amazon"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsAmazon"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentApple": {
"description": "Create a connection with strategy=apple",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "apple"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsApple"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentAuth0": {
"description": "Create a connection with strategy=auth0",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "auth0"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsAuth0"
},
"realms": {
"$ref": "#/components/schemas/ConnectionRealms"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentAuth0OIDC": {
"description": "Create a connection with strategy=auth0-oidc",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "auth0-oidc"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsAuth0OIDC"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentAzureAD": {
"description": "Create a connection with strategy=waad",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "waad"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsAzureAD"
},
"show_as_button": {
"$ref": "#/components/schemas/ConnectionShowAsButton"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentBaidu": {
"description": "Create a connection with strategy=baidu",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "baidu"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsBaidu"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentBitbucket": {
"description": "Create a connection with strategy=bitbucket",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "bitbucket"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsBitbucket"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentBitly": {
"description": "Create a connection with strategy=bitly",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "bitly"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsBitly"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentBox": {
"description": "Create a connection with strategy=box",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "box"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsBox"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentCustom": {
"description": "Create a connection with strategy=custom",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "custom"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsCustom"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentDaccount": {
"description": "Create a connection with strategy=daccount",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "daccount"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsDaccount"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentDropbox": {
"description": "Create a connection with strategy=dropbox",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "dropbox"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsDropbox"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentDwolla": {
"description": "Create a connection with strategy=dwolla",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "dwolla"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsDwolla"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentEmail": {
"description": "Create a connection with strategy=email",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "email"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsEmail"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentEvernote": {
"description": "Create a connection with strategy=evernote",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "evernote"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsEvernote"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentEvernoteSandbox": {
"description": "Create a connection with strategy=evernote-sandbox",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "evernote-sandbox"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsEvernote"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentExact": {
"description": "Create a connection with strategy=exact",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "exact"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsExact"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentFacebook": {
"description": "Create a connection with strategy=facebook",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "facebook"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsFacebook"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentFitbit": {
"description": "Create a connection with strategy=fitbit",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "fitbit"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsFitbit"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentGitHub": {
"description": "Create a connection with strategy=github",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "github"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsGitHub"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentGoogleApps": {
"description": "Create a connection with strategy=google-apps",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "google-apps"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsGoogleApps"
},
"show_as_button": {
"$ref": "#/components/schemas/ConnectionShowAsButton"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentGoogleOAuth2": {
"description": "Create a connection with strategy=google-oauth2",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "google-oauth2"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsGoogleOAuth2"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentIP": {
"description": "Create a connection with strategy=ip",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "ip"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsIP"
},
"show_as_button": {
"$ref": "#/components/schemas/ConnectionShowAsButton"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
],
"x-release-lifecycle": "deprecated"
},
"CreateConnectionRequestContentInstagram": {
"description": "Create a connection with strategy=instagram",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "instagram"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsInstagram"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
],
"x-release-lifecycle": "deprecated"
},
"CreateConnectionRequestContentLine": {
"description": "Create a connection with strategy=line",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "line"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsLine"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentLinkedin": {
"description": "Create a connection with strategy=linkedin",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "linkedin"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsLinkedin"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentOAuth1": {
"description": "Create a connection with strategy=oauth1",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "oauth1"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsOAuth1"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
],
"x-release-lifecycle": "deprecated"
},
"CreateConnectionRequestContentOAuth2": {
"description": "Create a connection with strategy=oauth2",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "oauth2"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsOAuth2"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentOIDC": {
"description": "Create a connection with strategy=oidc",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "oidc"
},
"authentication": {
"$ref": "#/components/schemas/ConnectionAuthenticationPurpose"
},
"connected_accounts": {
"$ref": "#/components/schemas/ConnectionConnectedAccountsPurposeXAA"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsOIDC"
},
"show_as_button": {
"$ref": "#/components/schemas/ConnectionShowAsButton"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentOffice365": {
"description": "Create a connection with strategy=office365",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "office365"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsOffice365"
},
"show_as_button": {
"$ref": "#/components/schemas/ConnectionShowAsButton"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
],
"x-release-lifecycle": "deprecated"
},
"CreateConnectionRequestContentOkta": {
"description": "Create a connection with strategy=okta",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "okta"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsOkta"
},
"show_as_button": {
"$ref": "#/components/schemas/ConnectionShowAsButton"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentPaypal": {
"description": "Create a connection with strategy=paypal",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "paypal"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsPaypal"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentPaypalSandbox": {
"description": "Create a connection with strategy=paypal-sandbox",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "paypal-sandbox"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsPaypal"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentPingFederate": {
"description": "Create a connection with strategy=pingfederate",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "pingfederate"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsPingFederate"
},
"show_as_button": {
"$ref": "#/components/schemas/ConnectionShowAsButton"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentPlanningCenter": {
"description": "Create a connection with strategy=planningcenter",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "planningcenter"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsPlanningCenter"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentSAML": {
"description": "Create a connection with strategy=samlp",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "samlp"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsSAML"
},
"show_as_button": {
"$ref": "#/components/schemas/ConnectionShowAsButton"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentSMS": {
"description": "Create a connection with strategy=sms",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "sms"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsSMS"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentSalesforce": {
"description": "Create a connection with strategy=salesforce",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "salesforce"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsSalesforce"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentSalesforceCommunity": {
"description": "Create a connection with strategy=salesforce-community",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "salesforce-community"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsSalesforceCommunity"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentSalesforceSandbox": {
"description": "Create a connection with strategy=salesforce-sandbox",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "salesforce-sandbox"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsSalesforce"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentSharepoint": {
"description": "Create a connection with strategy=sharepoint",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "sharepoint"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsSharepoint"
},
"show_as_button": {
"$ref": "#/components/schemas/ConnectionShowAsButton"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
],
"x-release-lifecycle": "deprecated"
},
"CreateConnectionRequestContentShop": {
"description": "Create a connection with strategy=shop",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "shop"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsShop"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentShopify": {
"description": "Create a connection with strategy=shopify",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "shopify"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsShopify"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentSoundcloud": {
"description": "Create a connection with strategy=soundcloud",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "soundcloud"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsSoundcloud"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
],
"x-release-lifecycle": "deprecated"
},
"CreateConnectionRequestContentThirtySevenSignals": {
"description": "Create a connection with strategy=thirtysevensignals",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "thirtysevensignals"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsThirtySevenSignals"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentTwitter": {
"description": "Create a connection with strategy=twitter",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "twitter"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsTwitter"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentUntappd": {
"description": "Create a connection with strategy=untappd",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "untappd"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsUntappd"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
],
"x-release-lifecycle": "deprecated"
},
"CreateConnectionRequestContentVkontakte": {
"description": "Create a connection with strategy=vkontakte",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "vkontakte"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsVkontakte"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentWeibo": {
"description": "Create a connection with strategy=weibo",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "weibo"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsWeibo"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentWindowsLive": {
"description": "Create a connection with strategy=windowslive",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "windowslive"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsWindowsLive"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentWordpress": {
"description": "Create a connection with strategy=wordpress",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "wordpress"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsWordpress"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentYahoo": {
"description": "Create a connection with strategy=yahoo",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "yahoo"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsYahoo"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionRequestContentYandex": {
"description": "Create a connection with strategy=yandex",
"allOf": [
{
"type": "object",
"properties": {
"strategy": {
"const": "yandex"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptionsYandex"
}
},
"required": [
"strategy"
]
},
{
"$ref": "#/components/schemas/CreateConnectionCommon"
}
]
},
"CreateConnectionResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"name": {
"type": "string",
"description": "The name of the connection",
"default": "My connection"
},
"display_name": {
"type": "string",
"description": "Connection name used in login screen"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptions"
},
"id": {
"type": "string",
"description": "The connection's identifier",
"default": "con_0000000000000001"
},
"strategy": {
"type": "string",
"description": "The type of the connection, related to the identity provider",
"default": "auth0"
},
"realms": {
"type": "array",
"description": "Defines the realms for which the connection will be used (ie: email domains). If the array is empty or the property is not specified, the connection name will be added as realm.",
"items": {
"type": "string",
"description": "The realm where this connection belongs",
"format": "connection-realm"
}
},
"enabled_clients": {
"type": "array",
"description": "DEPRECATED property. Use the GET /connections/:id/clients endpoint to get the ids of the clients for which the connection is enabled",
"x-release-lifecycle": "deprecated",
"items": {
"type": "string",
"description": "The client id"
}
},
"is_domain_connection": {
"type": "boolean",
"description": "True if the connection is domain level"
},
"show_as_button": {
"type": "boolean",
"description": "Enables showing a button for the connection in the login page (new experience only). If false, it will be usable only by HRD."
},
"metadata": {
"$ref": "#/components/schemas/ConnectionsMetadata"
},
"authentication": {
"$ref": "#/components/schemas/ConnectionAuthenticationPurpose",
"x-release-lifecycle": "GA"
},
"connected_accounts": {
"$ref": "#/components/schemas/ConnectionConnectedAccountsPurpose",
"x-release-lifecycle": "GA"
}
}
},
"CreateCustomDomainRequestContent": {
"type": "object",
"additionalProperties": false,
"required": [
"domain",
"type"
],
"properties": {
"domain": {
"type": "string",
"description": "Domain name.",
"minLength": 3,
"maxLength": 255,
"pattern": "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]{0,61}[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])$"
},
"type": {
"$ref": "#/components/schemas/CustomDomainProvisioningTypeEnum"
},
"verification_method": {
"$ref": "#/components/schemas/CustomDomainVerificationMethodEnum"
},
"tls_policy": {
"$ref": "#/components/schemas/CustomDomainTlsPolicyEnum"
},
"custom_client_ip_header": {
"$ref": "#/components/schemas/CustomDomainCustomClientIpHeader"
},
"domain_metadata": {
"$ref": "#/components/schemas/DomainMetadata"
},
"relying_party_identifier": {
"type": "string",
"description": "Relying Party ID (rpId) to be used for Passkeys on this custom domain. If not provided, the full domain will be used.",
"maxLength": 255,
"format": "hostname"
}
}
},
"CreateCustomDomainResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"custom_domain_id",
"domain",
"primary",
"status",
"type",
"verification"
],
"properties": {
"custom_domain_id": {
"type": "string",
"description": "ID of the custom domain.",
"default": "cd_0000000000000001"
},
"domain": {
"type": "string",
"description": "Domain name.",
"default": "login.mycompany.com"
},
"primary": {
"type": "boolean",
"description": "Whether this is a primary domain (true) or not (false).",
"default": false
},
"is_default": {
"type": "boolean",
"description": "Whether this is the default custom domain (true) or not (false).",
"default": false
},
"status": {
"$ref": "#/components/schemas/CustomDomainStatusFilterEnum"
},
"type": {
"$ref": "#/components/schemas/CustomDomainTypeEnum"
},
"verification": {
"$ref": "#/components/schemas/DomainVerification"
},
"custom_client_ip_header": {
"type": [
"string",
"null"
],
"description": "The HTTP header to fetch the client's IP address"
},
"tls_policy": {
"type": "string",
"description": "The TLS version policy",
"default": "recommended"
},
"domain_metadata": {
"$ref": "#/components/schemas/DomainMetadata"
},
"certificate": {
"$ref": "#/components/schemas/DomainCertificate"
},
"relying_party_identifier": {
"type": "string",
"description": "Relying Party ID (rpId) to be used for Passkeys on this custom domain. If not present, the full domain will be used.",
"format": "hostname"
}
}
},
"CreateDirectoryProvisioningRequestContent": {
"type": [
"object",
"null"
],
"additionalProperties": false,
"properties": {
"mapping": {
"type": "array",
"description": "The mapping between Auth0 and IDP user attributes",
"minItems": 1,
"items": {
"$ref": "#/components/schemas/DirectoryProvisioningMappingItem"
}
},
"synchronize_automatically": {
"type": "boolean",
"description": "Whether periodic automatic synchronization is enabled"
},
"synchronize_groups": {
"$ref": "#/components/schemas/SynchronizeGroupsEnum",
"x-release-lifecycle": "EA"
}
}
},
"CreateDirectoryProvisioningResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"connection_id",
"connection_name",
"strategy",
"mapping",
"synchronize_automatically",
"created_at",
"updated_at"
],
"properties": {
"connection_id": {
"type": "string",
"description": "The connection's identifier"
},
"connection_name": {
"type": "string",
"description": "The connection's name"
},
"strategy": {
"type": "string",
"description": "The connection's strategy"
},
"mapping": {
"type": "array",
"description": "The mapping between Auth0 and IDP user attributes",
"minItems": 1,
"items": {
"$ref": "#/components/schemas/DirectoryProvisioningMappingItem"
}
},
"synchronize_automatically": {
"type": "boolean",
"description": "Whether periodic automatic synchronization is enabled"
},
"synchronize_groups": {
"$ref": "#/components/schemas/SynchronizeGroupsEnum",
"x-release-lifecycle": "EA"
},
"created_at": {
"type": "string",
"description": "The timestamp at which the directory provisioning configuration was created",
"format": "date-time"
},
"updated_at": {
"type": "string",
"description": "The timestamp at which the directory provisioning configuration was last updated",
"format": "date-time"
},
"last_synchronization_at": {
"type": "string",
"description": "The timestamp at which the connection was last synchronized",
"format": "date-time"
},
"last_synchronization_status": {
"type": "string",
"description": "The status of the last synchronization"
},
"last_synchronization_error": {
"type": "string",
"description": "The error message of the last synchronization, if any"
}
}
},
"CreateDirectorySynchronizationResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"connection_id",
"synchronization_id",
"status"
],
"properties": {
"connection_id": {
"type": "string",
"description": "The connection's identifier"
},
"synchronization_id": {
"type": "string",
"description": "The synchronization's identifier"
},
"status": {
"type": "string",
"description": "The synchronization status"
}
}
},
"CreateEmailProviderRequestContent": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"credentials"
],
"properties": {
"name": {
"$ref": "#/components/schemas/EmailProviderNameEnum"
},
"enabled": {
"type": "boolean",
"description": "Whether the provider is enabled (true) or disabled (false).",
"default": true
},
"default_from_address": {
"type": "string",
"description": "Email address to use as \"from\" when no other address specified."
},
"credentials": {
"$ref": "#/components/schemas/EmailProviderCredentialsSchema"
},
"settings": {
"$ref": "#/components/schemas/EmailSpecificProviderSettingsWithAdditionalProperties"
}
}
},
"CreateEmailProviderResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"name": {
"type": "string",
"description": "Name of the email provider. Can be `mailgun`, `mandrill`, `sendgrid`, `resend`, `ses`, `sparkpost`, `smtp`, `azure_cs`, `ms365`, or `custom`.",
"default": "sendgrid"
},
"enabled": {
"type": "boolean",
"description": "Whether the provider is enabled (true) or disabled (false).",
"default": true
},
"default_from_address": {
"type": "string",
"description": "Email address to use as \"from\" when no other address specified."
},
"credentials": {
"$ref": "#/components/schemas/EmailProviderCredentials"
},
"settings": {
"$ref": "#/components/schemas/EmailProviderSettings"
}
}
},
"CreateEmailTemplateRequestContent": {
"type": "object",
"additionalProperties": false,
"required": [
"template",
"body",
"from",
"subject",
"syntax",
"enabled"
],
"properties": {
"template": {
"$ref": "#/components/schemas/EmailTemplateNameEnum"
},
"body": {
"type": [
"string",
"null"
],
"description": "Body of the email template."
},
"from": {
"type": [
"string",
"null"
],
"description": "Senders `from` email address.",
"default": "sender@auth0.com"
},
"resultUrl": {
"type": [
"string",
"null"
],
"description": "URL to redirect the user to after a successful action."
},
"subject": {
"type": [
"string",
"null"
],
"description": "Subject line of the email."
},
"syntax": {
"type": [
"string",
"null"
],
"description": "Syntax of the template body.",
"default": "liquid"
},
"urlLifetimeInSeconds": {
"type": [
"number",
"null"
],
"description": "Lifetime in seconds that the link within the email will be valid for.",
"minimum": 0
},
"includeEmailInRedirect": {
"type": "boolean",
"description": "Whether the `reset_email` and `verify_email` templates should include the user's email address as the `email` parameter in the returnUrl (true) or whether no email address should be included in the redirect (false). Defaults to true."
},
"enabled": {
"type": [
"boolean",
"null"
],
"description": "Whether the template is enabled (true) or disabled (false)."
}
}
},
"CreateEmailTemplateResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"template",
"body",
"from",
"subject",
"syntax",
"enabled"
],
"properties": {
"template": {
"$ref": "#/components/schemas/EmailTemplateNameEnum"
},
"body": {
"type": [
"string",
"null"
],
"description": "Body of the email template."
},
"from": {
"type": [
"string",
"null"
],
"description": "Senders `from` email address.",
"default": "sender@auth0.com"
},
"resultUrl": {
"type": [
"string",
"null"
],
"description": "URL to redirect the user to after a successful action."
},
"subject": {
"type": [
"string",
"null"
],
"description": "Subject line of the email."
},
"syntax": {
"type": [
"string",
"null"
],
"description": "Syntax of the template body.",
"default": "liquid"
},
"urlLifetimeInSeconds": {
"type": [
"number",
"null"
],
"description": "Lifetime in seconds that the link within the email will be valid for.",
"minimum": 0
},
"includeEmailInRedirect": {
"type": "boolean",
"description": "Whether the `reset_email` and `verify_email` templates should include the user's email address as the `email` parameter in the returnUrl (true) or whether no email address should be included in the redirect (false). Defaults to true."
},
"enabled": {
"type": [
"boolean",
"null"
],
"description": "Whether the template is enabled (true) or disabled (false)."
}
}
},
"CreateEncryptionKeyPublicWrappingResponseContent": {
"type": "object",
"additionalProperties": true,
"required": [
"public_key",
"algorithm"
],
"properties": {
"public_key": {
"type": "string",
"description": "Public wrapping key in PEM format"
},
"algorithm": {
"$ref": "#/components/schemas/EncryptionKeyPublicWrappingAlgorithm"
}
}
},
"CreateEncryptionKeyRequestContent": {
"type": "object",
"additionalProperties": true,
"required": [
"type"
],
"properties": {
"type": {
"$ref": "#/components/schemas/CreateEncryptionKeyType"
}
}
},
"CreateEncryptionKeyResponseContent": {
"type": "object",
"description": "Encryption key",
"additionalProperties": false,
"required": [
"kid",
"type",
"state",
"created_at",
"updated_at"
],
"properties": {
"kid": {
"type": "string",
"description": "Key ID"
},
"type": {
"$ref": "#/components/schemas/EncryptionKeyType"
},
"state": {
"$ref": "#/components/schemas/EncryptionKeyState"
},
"created_at": {
"type": "string",
"description": "Key creation timestamp",
"format": "date-time"
},
"updated_at": {
"type": "string",
"description": "Key update timestamp",
"format": "date-time"
},
"parent_kid": {
"type": [
"string",
"null"
],
"description": "ID of parent wrapping key"
},
"public_key": {
"type": [
"string",
"null"
],
"description": "Public key in PEM format"
}
}
},
"CreateEncryptionKeyType": {
"type": "string",
"description": "Type of the encryption key to be created.",
"enum": [
"customer-provided-root-key",
"tenant-encryption-key"
]
},
"CreateEventStreamActionRequestContent": {
"type": "object",
"additionalProperties": false,
"required": [
"destination"
],
"properties": {
"name": {
"type": "string",
"description": "Name of the event stream.",
"minLength": 1,
"maxLength": 128
},
"subscriptions": {
"type": "array",
"description": "List of event types subscribed to in this stream.",
"minItems": 1,
"items": {
"$ref": "#/components/schemas/EventStreamSubscription"
}
},
"destination": {
"$ref": "#/components/schemas/EventStreamActionDestination"
},
"status": {
"$ref": "#/components/schemas/EventStreamStatusEnum"
}
}
},
"CreateEventStreamEventBridgeRequestContent": {
"type": "object",
"additionalProperties": false,
"required": [
"destination"
],
"properties": {
"name": {
"type": "string",
"description": "Name of the event stream.",
"minLength": 1,
"maxLength": 128
},
"subscriptions": {
"type": "array",
"description": "List of event types subscribed to in this stream.",
"minItems": 1,
"items": {
"$ref": "#/components/schemas/EventStreamSubscription"
}
},
"destination": {
"$ref": "#/components/schemas/EventStreamEventBridgeDestination"
},
"status": {
"$ref": "#/components/schemas/EventStreamStatusEnum"
}
}
},
"CreateEventStreamRedeliveryRequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"date_from": {
"type": "string",
"description": "An RFC-3339 date-time for redelivery start, inclusive. Does not allow sub-second precision.",
"maxLength": 20,
"format": "date-time"
},
"date_to": {
"type": "string",
"description": "An RFC-3339 date-time for redelivery end, exclusive. Does not allow sub-second precision.",
"maxLength": 20,
"format": "date-time"
},
"statuses": {
"type": "array",
"description": "Filter by status",
"items": {
"$ref": "#/components/schemas/EventStreamDeliveryStatusEnum"
}
},
"event_types": {
"type": "array",
"description": "Filter by event type",
"items": {
"$ref": "#/components/schemas/EventStreamEventTypeEnum"
}
}
}
},
"CreateEventStreamRedeliveryResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"date_from": {
"type": "string",
"description": "An RFC-3339 date-time for redelivery start, inclusive. Does not allow sub-second precision.",
"maxLength": 20,
"format": "date-time"
},
"date_to": {
"type": "string",
"description": "An RFC-3339 date-time for redelivery end, exclusive. Does not allow sub-second precision.",
"maxLength": 20,
"format": "date-time"
},
"statuses": {
"type": "array",
"description": "Filter by status",
"items": {
"$ref": "#/components/schemas/EventStreamDeliveryStatusEnum"
}
},
"event_types": {
"type": "array",
"description": "Filter by event type",
"items": {
"$ref": "#/components/schemas/EventStreamEventTypeEnum"
}
}
}
},
"CreateEventStreamResponseContent": {
"oneOf": [
{
"$ref": "#/components/schemas/EventStreamWebhookResponseContent"
},
{
"$ref": "#/components/schemas/EventStreamEventBridgeResponseContent"
},
{
"$ref": "#/components/schemas/EventStreamActionResponseContent"
}
]
},
"CreateEventStreamTestEventRequestContent": {
"type": "object",
"description": "The payload for sending a test event to an event stream.",
"additionalProperties": false,
"required": [
"event_type"
],
"properties": {
"event_type": {
"$ref": "#/components/schemas/EventStreamTestEventTypeEnum"
},
"data": {
"$ref": "#/components/schemas/TestEventDataContent"
}
}
},
"CreateEventStreamTestEventResponseContent": {
"type": "object",
"description": "Metadata about a specific attempt to deliver an event",
"additionalProperties": false,
"required": [
"id",
"event_stream_id",
"status",
"event_type",
"attempts"
],
"properties": {
"id": {
"type": "string",
"description": "Unique identifier for the delivery"
},
"event_stream_id": {
"type": "string",
"description": "Unique identifier for the event stream.",
"minLength": 26,
"maxLength": 26,
"format": "event-stream-id"
},
"status": {
"$ref": "#/components/schemas/EventStreamDeliveryStatusEnum"
},
"event_type": {
"$ref": "#/components/schemas/EventStreamDeliveryEventTypeEnum"
},
"attempts": {
"type": "array",
"description": "Results of delivery attempts",
"items": {
"$ref": "#/components/schemas/EventStreamDeliveryAttempt"
}
},
"event": {
"$ref": "#/components/schemas/EventStreamCloudEvent"
}
}
},
"CreateEventStreamWebHookRequestContent": {
"type": "object",
"additionalProperties": false,
"required": [
"destination"
],
"properties": {
"name": {
"type": "string",
"description": "Name of the event stream.",
"minLength": 1,
"maxLength": 128
},
"subscriptions": {
"type": "array",
"description": "List of event types subscribed to in this stream.",
"minItems": 1,
"items": {
"$ref": "#/components/schemas/EventStreamSubscription"
}
},
"destination": {
"$ref": "#/components/schemas/EventStreamWebhookDestination"
},
"status": {
"$ref": "#/components/schemas/EventStreamStatusEnum"
}
}
},
"CreateExportUsersFields": {
"type": "object",
"additionalProperties": false,
"required": [
"name"
],
"properties": {
"name": {
"type": "string",
"description": "Name of the field in the profile.",
"maxLength": 100
},
"export_as": {
"type": "string",
"description": "Title of the column in the exported CSV.",
"maxLength": 100
}
}
},
"CreateExportUsersRequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"connection_id": {
"type": "string",
"description": "connection_id of the connection from which users will be exported.",
"default": "con_0000000000000001",
"pattern": "^con_[A-Za-z0-9]{16}$"
},
"format": {
"$ref": "#/components/schemas/JobFileFormatEnum"
},
"limit": {
"type": "integer",
"description": "Limit the number of records.",
"default": 5,
"minimum": 1
},
"fields": {
"type": "array",
"description": "List of fields to be included in the CSV. Defaults to a predefined set of fields.",
"items": {
"$ref": "#/components/schemas/CreateExportUsersFields"
}
}
}
},
"CreateExportUsersResponseContent": {
"type": "object",
"additionalProperties": true,
"required": [
"id",
"type",
"status",
"connection"
],
"properties": {
"status": {
"type": "string",
"description": "Status of this job.",
"default": "pending"
},
"type": {
"type": "string",
"description": "Type of job this is.",
"default": "users_export"
},
"created_at": {
"type": "string",
"description": "When this job was created."
},
"id": {
"type": "string",
"description": "ID of this job.",
"default": "job_0000000000000001"
},
"connection_id": {
"type": "string",
"description": "connection_id of the connection from which users will be exported.",
"default": "con_0000000000000001",
"pattern": "^con_[A-Za-z0-9]{16}$"
},
"format": {
"$ref": "#/components/schemas/JobFileFormatEnum"
},
"limit": {
"type": "integer",
"description": "Limit the number of records.",
"default": 5,
"minimum": 1
},
"fields": {
"type": "array",
"description": "List of fields to be included in the CSV. Defaults to a predefined set of fields.",
"items": {
"$ref": "#/components/schemas/CreateExportUsersFields"
}
}
}
},
"CreateFlowRequestContent": {
"type": "object",
"additionalProperties": false,
"required": [
"name"
],
"x-release-lifecycle": "GA",
"properties": {
"name": {
"type": "string",
"minLength": 1,
"maxLength": 150
},
"actions": {
"type": "array",
"minItems": 0,
"items": {
"$ref": "#/components/schemas/FlowAction"
}
}
}
},
"CreateFlowResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"id",
"name",
"created_at",
"updated_at"
],
"x-release-lifecycle": "GA",
"properties": {
"id": {
"type": "string",
"maxLength": 30,
"format": "flow-id"
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 150
},
"actions": {
"type": "array",
"minItems": 0,
"items": {
"$ref": "#/components/schemas/FlowAction"
}
},
"created_at": {
"type": "string",
"format": "date-time"
},
"updated_at": {
"type": "string",
"format": "date-time"
},
"executed_at": {
"type": "string",
"format": "date"
}
}
},
"CreateFlowsVaultConnectionActivecampaign": {
"type": "object",
"oneOf": [
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionActivecampaignApiKey"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionActivecampaignUninitialized"
}
]
},
"CreateFlowsVaultConnectionActivecampaignApiKey": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id",
"setup"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdActivecampaignEnum"
},
"setup": {
"$ref": "#/components/schemas/FlowsVaultConnectioSetupApiKeyWithBaseUrl"
}
}
},
"CreateFlowsVaultConnectionActivecampaignUninitialized": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdActivecampaignEnum"
}
}
},
"CreateFlowsVaultConnectionAirtable": {
"type": "object",
"oneOf": [
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionAirtableApiKey"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionAirtableUninitialized"
}
]
},
"CreateFlowsVaultConnectionAirtableApiKey": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id",
"setup"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdAirtableEnum"
},
"setup": {
"$ref": "#/components/schemas/FlowsVaultConnectioSetupApiKey"
}
}
},
"CreateFlowsVaultConnectionAirtableUninitialized": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdAirtableEnum"
}
}
},
"CreateFlowsVaultConnectionAuth0": {
"type": "object",
"oneOf": [
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionAuth0OauthApp"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionAuth0Uninitialized"
}
]
},
"CreateFlowsVaultConnectionAuth0OauthApp": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id",
"setup"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdAuth0Enum"
},
"setup": {
"$ref": "#/components/schemas/FlowsVaultConnectioSetupOauthApp"
}
}
},
"CreateFlowsVaultConnectionAuth0Uninitialized": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdAuth0Enum"
}
}
},
"CreateFlowsVaultConnectionBigquery": {
"type": "object",
"oneOf": [
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionBigqueryJwt"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionBigqueryUninitialized"
}
]
},
"CreateFlowsVaultConnectionBigqueryJwt": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id",
"setup"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdBigqueryEnum"
},
"setup": {
"$ref": "#/components/schemas/FlowsVaultConnectioSetupBigqueryOauthJwt"
}
}
},
"CreateFlowsVaultConnectionBigqueryUninitialized": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdBigqueryEnum"
}
}
},
"CreateFlowsVaultConnectionClearbit": {
"type": "object",
"oneOf": [
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionClearbitApiKey"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionClearbitUninitialized"
}
]
},
"CreateFlowsVaultConnectionClearbitApiKey": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id",
"setup"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdClearbitEnum"
},
"setup": {
"$ref": "#/components/schemas/FlowsVaultConnectioSetupSecretApiKey"
}
}
},
"CreateFlowsVaultConnectionClearbitUninitialized": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdClearbitEnum"
}
}
},
"CreateFlowsVaultConnectionDocusign": {
"type": "object",
"oneOf": [
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionDocusignOauthCode"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionDocusignUninitialized"
}
]
},
"CreateFlowsVaultConnectionDocusignOauthCode": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id",
"setup"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdDocusignEnum"
},
"setup": {
"$ref": "#/components/schemas/FlowsVaultConnectioSetupOauthCode"
}
}
},
"CreateFlowsVaultConnectionDocusignUninitialized": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdDocusignEnum"
}
}
},
"CreateFlowsVaultConnectionGoogleSheets": {
"type": "object",
"oneOf": [
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionGoogleSheetsOauthCode"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionGoogleSheetsUninitialized"
}
]
},
"CreateFlowsVaultConnectionGoogleSheetsOauthCode": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id",
"setup"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdGoogleSheetsEnum"
},
"setup": {
"$ref": "#/components/schemas/FlowsVaultConnectioSetupOauthCode"
}
}
},
"CreateFlowsVaultConnectionGoogleSheetsUninitialized": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdGoogleSheetsEnum"
}
}
},
"CreateFlowsVaultConnectionHttp": {
"type": "object",
"oneOf": [
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionHttpBearer"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionHttpBasicAuth"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionHttpApiKey"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionHttpOauthClientCredentials"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionHttpUninitialized"
}
]
},
"CreateFlowsVaultConnectionHttpApiKey": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id",
"setup"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdHttpEnum"
},
"setup": {
"$ref": "#/components/schemas/FlowsVaultConnectionHttpApiKeySetup"
}
}
},
"CreateFlowsVaultConnectionHttpBasicAuth": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id",
"setup"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdHttpEnum"
},
"setup": {
"$ref": "#/components/schemas/FlowsVaultConnectionHttpBasicAuthSetup"
}
}
},
"CreateFlowsVaultConnectionHttpBearer": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id",
"setup"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdHttpEnum"
},
"setup": {
"$ref": "#/components/schemas/FlowsVaultConnectioSetupHttpBearer"
}
}
},
"CreateFlowsVaultConnectionHttpOauthClientCredentials": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id",
"setup"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdHttpEnum"
},
"setup": {
"$ref": "#/components/schemas/FlowsVaultConnectionHttpOauthClientCredentialsSetup"
}
}
},
"CreateFlowsVaultConnectionHttpUninitialized": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdHttpEnum"
}
}
},
"CreateFlowsVaultConnectionHubspot": {
"type": "object",
"oneOf": [
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionHubspotApiKey"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionHubspotOauthCode"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionHubspotUninitialized"
}
]
},
"CreateFlowsVaultConnectionHubspotApiKey": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id",
"setup"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdHubspotEnum"
},
"setup": {
"$ref": "#/components/schemas/FlowsVaultConnectioSetupApiKey"
}
}
},
"CreateFlowsVaultConnectionHubspotOauthCode": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id",
"setup"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdHubspotEnum"
},
"setup": {
"$ref": "#/components/schemas/FlowsVaultConnectioSetupOauthCode"
}
}
},
"CreateFlowsVaultConnectionHubspotUninitialized": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdHubspotEnum"
}
}
},
"CreateFlowsVaultConnectionJwt": {
"type": "object",
"oneOf": [
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionJwtJwt"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionJwtUninitialized"
}
]
},
"CreateFlowsVaultConnectionJwtJwt": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id",
"setup"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdJwtEnum"
},
"setup": {
"$ref": "#/components/schemas/FlowsVaultConnectioSetupJwt"
}
}
},
"CreateFlowsVaultConnectionJwtUninitialized": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdJwtEnum"
}
}
},
"CreateFlowsVaultConnectionMailchimp": {
"type": "object",
"oneOf": [
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionMailchimpApiKey"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionMailchimpOauthCode"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionMailchimpUninitialized"
}
]
},
"CreateFlowsVaultConnectionMailchimpApiKey": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id",
"setup"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdMailchimpEnum"
},
"setup": {
"$ref": "#/components/schemas/FlowsVaultConnectioSetupSecretApiKey"
}
}
},
"CreateFlowsVaultConnectionMailchimpOauthCode": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id",
"setup"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdMailchimpEnum"
},
"setup": {
"$ref": "#/components/schemas/FlowsVaultConnectioSetupOauthCode"
}
}
},
"CreateFlowsVaultConnectionMailchimpUninitialized": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdMailchimpEnum"
}
}
},
"CreateFlowsVaultConnectionMailjet": {
"type": "object",
"oneOf": [
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionMailjetApiKey"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionMailjetUninitialized"
}
]
},
"CreateFlowsVaultConnectionMailjetApiKey": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id",
"setup"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdMailjetEnum"
},
"setup": {
"$ref": "#/components/schemas/FlowsVaultConnectioSetupMailjetApiKey"
}
}
},
"CreateFlowsVaultConnectionMailjetUninitialized": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdMailjetEnum"
}
}
},
"CreateFlowsVaultConnectionPipedrive": {
"type": "object",
"oneOf": [
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionPipedriveToken"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionPipedriveOauthCode"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionPipedriveUninitialized"
}
]
},
"CreateFlowsVaultConnectionPipedriveOauthCode": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id",
"setup"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdPipedriveEnum"
},
"setup": {
"$ref": "#/components/schemas/FlowsVaultConnectioSetupOauthCode"
}
}
},
"CreateFlowsVaultConnectionPipedriveToken": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id",
"setup"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdPipedriveEnum"
},
"setup": {
"$ref": "#/components/schemas/FlowsVaultConnectioSetupToken"
}
}
},
"CreateFlowsVaultConnectionPipedriveUninitialized": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdPipedriveEnum"
}
}
},
"CreateFlowsVaultConnectionRequestContent": {
"type": "object",
"oneOf": [
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionActivecampaign"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionAirtable"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionAuth0"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionBigquery"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionClearbit"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionDocusign"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionGoogleSheets"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionHttp"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionHubspot"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionJwt"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionMailchimp"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionMailjet"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionPipedrive"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionSalesforce"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionSendgrid"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionSlack"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionStripe"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionTelegram"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionTwilio"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionWhatsapp"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionZapier"
}
]
},
"CreateFlowsVaultConnectionResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"id",
"app_id",
"name",
"ready",
"created_at",
"updated_at",
"fingerprint"
],
"properties": {
"id": {
"type": "string",
"description": "Flows Vault Connection identifier.",
"maxLength": 30,
"format": "flows-vault-connections-id"
},
"app_id": {
"type": "string",
"description": "Flows Vault Connection app identifier.",
"minLength": 1,
"maxLength": 55
},
"environment": {
"type": "string",
"description": "Flows Vault Connection environment.",
"minLength": 1,
"maxLength": 55
},
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"account_name": {
"type": "string",
"description": "Flows Vault Connection custom account name.",
"minLength": 1,
"maxLength": 150
},
"ready": {
"type": "boolean",
"description": "Whether the Flows Vault Connection is configured."
},
"created_at": {
"type": "string",
"description": "The ISO 8601 formatted date when this Flows Vault Connection was created.",
"format": "date-time"
},
"updated_at": {
"type": "string",
"description": "The ISO 8601 formatted date when this Flows Vault Connection was updated.",
"format": "date-time"
},
"refreshed_at": {
"type": "string",
"description": "The ISO 8601 formatted date when this Flows Vault Connection was refreshed.",
"format": "date-time"
},
"fingerprint": {
"type": "string",
"minLength": 1
}
}
},
"CreateFlowsVaultConnectionSalesforce": {
"type": "object",
"oneOf": [
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionSalesforceOauthCode"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionSalesforceUninitialized"
}
]
},
"CreateFlowsVaultConnectionSalesforceOauthCode": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id",
"setup"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdSalesforceEnum"
},
"setup": {
"$ref": "#/components/schemas/FlowsVaultConnectioSetupOauthCode"
}
}
},
"CreateFlowsVaultConnectionSalesforceUninitialized": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdSalesforceEnum"
}
}
},
"CreateFlowsVaultConnectionSendgrid": {
"type": "object",
"oneOf": [
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionSendgridApiKey"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionSendgridUninitialized"
}
]
},
"CreateFlowsVaultConnectionSendgridApiKey": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id",
"setup"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdSendgridEnum"
},
"setup": {
"$ref": "#/components/schemas/FlowsVaultConnectioSetupApiKey"
}
}
},
"CreateFlowsVaultConnectionSendgridUninitialized": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdSendgridEnum"
}
}
},
"CreateFlowsVaultConnectionSlack": {
"type": "object",
"oneOf": [
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionSlackWebhook"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionSlackOauthCode"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionSlackUninitialized"
}
]
},
"CreateFlowsVaultConnectionSlackOauthCode": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id",
"setup"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdSlackEnum"
},
"setup": {
"$ref": "#/components/schemas/FlowsVaultConnectioSetupOauthCode"
}
}
},
"CreateFlowsVaultConnectionSlackUninitialized": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdSlackEnum"
}
}
},
"CreateFlowsVaultConnectionSlackWebhook": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id",
"setup"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdSlackEnum"
},
"setup": {
"$ref": "#/components/schemas/FlowsVaultConnectioSetupWebhook"
}
}
},
"CreateFlowsVaultConnectionStripe": {
"type": "object",
"oneOf": [
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionStripeKeyPair"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionStripeOauthCode"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionStripeUninitialized"
}
]
},
"CreateFlowsVaultConnectionStripeKeyPair": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id",
"setup"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdStripeEnum"
},
"setup": {
"$ref": "#/components/schemas/FlowsVaultConnectioSetupStripeKeyPair"
}
}
},
"CreateFlowsVaultConnectionStripeOauthCode": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id",
"setup"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdStripeEnum"
},
"setup": {
"$ref": "#/components/schemas/FlowsVaultConnectioSetupOauthCode"
}
}
},
"CreateFlowsVaultConnectionStripeUninitialized": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdStripeEnum"
}
}
},
"CreateFlowsVaultConnectionTelegram": {
"type": "object",
"oneOf": [
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionTelegramToken"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionTelegramUninitialized"
}
]
},
"CreateFlowsVaultConnectionTelegramToken": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id",
"setup"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdTelegramEnum"
},
"setup": {
"$ref": "#/components/schemas/FlowsVaultConnectioSetupToken"
}
}
},
"CreateFlowsVaultConnectionTelegramUninitialized": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdTelegramEnum"
}
}
},
"CreateFlowsVaultConnectionTwilio": {
"type": "object",
"oneOf": [
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionTwilioApiKey"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionTwilioUninitialized"
}
]
},
"CreateFlowsVaultConnectionTwilioApiKey": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id",
"setup"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdTwilioEnum"
},
"setup": {
"$ref": "#/components/schemas/FlowsVaultConnectioSetupTwilioApiKey"
}
}
},
"CreateFlowsVaultConnectionTwilioUninitialized": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdTwilioEnum"
}
}
},
"CreateFlowsVaultConnectionWhatsapp": {
"type": "object",
"oneOf": [
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionWhatsappToken"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionWhatsappUninitialized"
}
]
},
"CreateFlowsVaultConnectionWhatsappToken": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id",
"setup"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdWhatsappEnum"
},
"setup": {
"$ref": "#/components/schemas/FlowsVaultConnectioSetupToken"
}
}
},
"CreateFlowsVaultConnectionWhatsappUninitialized": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdWhatsappEnum"
}
}
},
"CreateFlowsVaultConnectionZapier": {
"type": "object",
"oneOf": [
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionZapierWebhook"
},
{
"$ref": "#/components/schemas/CreateFlowsVaultConnectionZapierUninitialized"
}
]
},
"CreateFlowsVaultConnectionZapierUninitialized": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdZapierEnum"
}
}
},
"CreateFlowsVaultConnectionZapierWebhook": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"app_id",
"setup"
],
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"app_id": {
"$ref": "#/components/schemas/FlowsVaultConnectionAppIdZapierEnum"
},
"setup": {
"$ref": "#/components/schemas/FlowsVaultConnectioSetupWebhook"
}
}
},
"CreateFormRequestContent": {
"type": "object",
"additionalProperties": false,
"required": [
"name"
],
"properties": {
"name": {
"type": "string",
"minLength": 1,
"maxLength": 150
},
"messages": {
"$ref": "#/components/schemas/FormMessages"
},
"languages": {
"$ref": "#/components/schemas/FormLanguages"
},
"translations": {
"$ref": "#/components/schemas/FormTranslations"
},
"nodes": {
"$ref": "#/components/schemas/FormNodeList"
},
"start": {
"$ref": "#/components/schemas/FormStartNode"
},
"ending": {
"$ref": "#/components/schemas/FormEndingNode"
},
"style": {
"$ref": "#/components/schemas/FormStyle"
}
}
},
"CreateFormResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"id",
"name",
"created_at",
"updated_at"
],
"properties": {
"id": {
"type": "string",
"maxLength": 30,
"format": "form-id"
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 150
},
"messages": {
"$ref": "#/components/schemas/FormMessages"
},
"languages": {
"$ref": "#/components/schemas/FormLanguages"
},
"translations": {
"$ref": "#/components/schemas/FormTranslations"
},
"nodes": {
"$ref": "#/components/schemas/FormNodeList"
},
"start": {
"$ref": "#/components/schemas/FormStartNode"
},
"ending": {
"$ref": "#/components/schemas/FormEndingNode"
},
"style": {
"$ref": "#/components/schemas/FormStyle"
},
"created_at": {
"type": "string",
"format": "date-time"
},
"updated_at": {
"type": "string",
"format": "date-time"
},
"embedded_at": {
"type": "string",
"format": "date"
},
"submitted_at": {
"type": "string",
"format": "date"
}
}
},
"CreateGuardianEnrollmentTicketRequestContent": {
"type": "object",
"additionalProperties": false,
"required": [
"user_id"
],
"properties": {
"user_id": {
"type": "string",
"description": "user_id for the enrollment ticket",
"format": "user-id"
},
"email": {
"type": "string",
"description": "alternate email to which the enrollment email will be sent. Optional - by default, the email will be sent to the user's default address",
"format": "email"
},
"send_mail": {
"type": "boolean",
"description": "Send an email to the user to start the enrollment"
},
"email_locale": {
"type": "string",
"description": "Optional. Specify the locale of the enrollment email. Used with send_email."
},
"factor": {
"$ref": "#/components/schemas/GuardianEnrollmentFactorEnum"
},
"allow_multiple_enrollments": {
"type": "boolean",
"description": "Optional. Allows a user who has previously enrolled in MFA to enroll with additional factors.true if the identity provider is a social provider, falses otherwise"
},
"access_token": {
"type": "string",
"description": "IDP access token returned only if scope read:user_idp_tokens is defined"
},
"access_token_secret": {
"type": "string",
"description": "IDP access token secret returned only if scope read:user_idp_tokens is defined."
},
"refresh_token": {
"type": "string",
"description": "IDP refresh token returned only if scope read:user_idp_tokens is defined."
},
"profileData": {
"$ref": "#/components/schemas/UserProfileData"
}
}
}
},
"DeleteUserPermissionsRequestContent": {
"type": "object",
"additionalProperties": false,
"required": [
"permissions"
],
"properties": {
"permissions": {
"type": "array",
"description": "List of permissions to remove from this user.",
"minItems": 1,
"items": {
"$ref": "#/components/schemas/PermissionRequestPayload"
}
}
}
},
"DeleteUserRolesRequestContent": {
"type": "object",
"additionalProperties": false,
"required": [
"roles"
],
"properties": {
"roles": {
"type": "array",
"description": "List of roles IDs to remove from the user.",
"minItems": 1,
"items": {
"type": "string",
"minLength": 1
}
}
}
},
"DeployActionResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"type": "string",
"description": "The unique id of an action version.",
"default": "12a3b9e6-06e6-4a29-96bf-90c82fe79a0d"
},
"action_id": {
"type": "string",
"description": "The id of the action to which this version belongs.",
"default": "910b1053-577f-4d81-a8c8-020e7319a38a"
},
"code": {
"type": "string",
"description": "The source code of this specific version of the action.",
"default": "module.exports = () => {}"
},
"dependencies": {
"type": "array",
"description": "The list of third party npm modules, and their versions, that this specific version depends on. ",
"items": {
"$ref": "#/components/schemas/ActionVersionDependency"
}
},
"deployed": {
"type": "boolean",
"description": "Indicates if this specific version is the currently one deployed.",
"default": true
},
"runtime": {
"type": "string",
"description": "The Node runtime. For example: `node22`",
"default": "node22"
},
"secrets": {
"type": "array",
"description": "The list of secrets that are included in an action or a version of an action.",
"items": {
"$ref": "#/components/schemas/ActionSecretResponse"
}
},
"status": {
"$ref": "#/components/schemas/ActionVersionBuildStatusEnum"
},
"number": {
"type": "number",
"description": "The index of this version in list of versions for the action.",
"default": 1
},
"errors": {
"type": "array",
"description": "Any errors that occurred while the version was being built.",
"items": {
"$ref": "#/components/schemas/ActionError"
}
},
"action": {
"$ref": "#/components/schemas/ActionBase"
},
"built_at": {
"type": "string",
"description": "The time when this version was built successfully.",
"default": "2021-01-01T00:00:00.000Z",
"format": "date-time"
},
"created_at": {
"type": "string",
"description": "The time when this version was created.",
"default": "2021-01-01T00:00:00.000Z",
"format": "date-time"
},
"updated_at": {
"type": "string",
"description": "The time when a version was updated. Versions are never updated externally. Only Auth0 will update an action version as it is being built.",
"default": "2021-01-01T00:00:00.000Z",
"format": "date-time"
},
"supported_triggers": {
"type": "array",
"description": "The list of triggers that this version supports. At this time, a version can only target a single trigger at a time.",
"minItems": 1,
"items": {
"$ref": "#/components/schemas/ActionTrigger",
"x-release-lifecycle": "GA"
}
},
"modules": {
"type": "array",
"description": "The list of action modules and their versions used by this action version.",
"items": {
"$ref": "#/components/schemas/ActionModuleReference"
}
}
}
},
"DeployActionVersionRequestContent": {
"type": [
"object",
"null"
],
"additionalProperties": false,
"properties": {
"update_draft": {
"type": "boolean",
"description": "True if the draft of the action should be updated with the reverted version.",
"default": false
}
}
},
"DeployActionVersionResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"type": "string",
"description": "The unique id of an action version.",
"default": "12a3b9e6-06e6-4a29-96bf-90c82fe79a0d"
},
"action_id": {
"type": "string",
"description": "The id of the action to which this version belongs.",
"default": "910b1053-577f-4d81-a8c8-020e7319a38a"
},
"code": {
"type": "string",
"description": "The source code of this specific version of the action.",
"default": "module.exports = () => {}"
},
"dependencies": {
"type": "array",
"description": "The list of third party npm modules, and their versions, that this specific version depends on. ",
"items": {
"$ref": "#/components/schemas/ActionVersionDependency"
}
},
"deployed": {
"type": "boolean",
"description": "Indicates if this specific version is the currently one deployed.",
"default": true
},
"runtime": {
"type": "string",
"description": "The Node runtime. For example: `node22`",
"default": "node22"
},
"secrets": {
"type": "array",
"description": "The list of secrets that are included in an action or a version of an action.",
"items": {
"$ref": "#/components/schemas/ActionSecretResponse"
}
},
"status": {
"$ref": "#/components/schemas/ActionVersionBuildStatusEnum"
},
"number": {
"type": "number",
"description": "The index of this version in list of versions for the action.",
"default": 1
},
"errors": {
"type": "array",
"description": "Any errors that occurred while the version was being built.",
"items": {
"$ref": "#/components/schemas/ActionError"
}
},
"action": {
"$ref": "#/components/schemas/ActionBase"
},
"built_at": {
"type": "string",
"description": "The time when this version was built successfully.",
"default": "2021-01-01T00:00:00.000Z",
"format": "date-time"
},
"created_at": {
"type": "string",
"description": "The time when this version was created.",
"default": "2021-01-01T00:00:00.000Z",
"format": "date-time"
},
"updated_at": {
"type": "string",
"description": "The time when a version was updated. Versions are never updated externally. Only Auth0 will update an action version as it is being built.",
"default": "2021-01-01T00:00:00.000Z",
"format": "date-time"
},
"supported_triggers": {
"type": "array",
"description": "The list of triggers that this version supports. At this time, a version can only target a single trigger at a time.",
"minItems": 1,
"items": {
"$ref": "#/components/schemas/ActionTrigger",
"x-release-lifecycle": "GA"
}
},
"modules": {
"type": "array",
"description": "The list of action modules and their versions used by this action version.",
"items": {
"$ref": "#/components/schemas/ActionModuleReference"
}
}
}
},
"DeviceCredential": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"type": "string",
"description": "ID of this device.",
"default": "dcr_0000000000000001"
},
"device_name": {
"type": "string",
"description": "User agent for this device",
"default": "iPhone Mobile Safari UI/WKWebView"
},
"device_id": {
"type": "string",
"description": "Unique identifier for the device. NOTE: This field is generally not populated for refresh_tokens and rotating_refresh_tokens",
"default": "550e8400-e29b-41d4-a716-446655440000"
},
"type": {
"$ref": "#/components/schemas/DeviceCredentialTypeEnum",
"description": "Type of credential. Can be `public_key`, `refresh_token`, or `rotating_refresh_token`."
},
"user_id": {
"type": "string",
"description": "user_id this credential is associated with.",
"default": "usr_5457edea1b8f33391a000004"
},
"client_id": {
"type": "string",
"description": "client_id of the client (application) this credential is for.",
"default": "AaiyAPdpYdesoKnqjj8HJqRn4T5titww"
}
}
},
"DeviceCredentialPublicKeyTypeEnum": {
"type": "string",
"description": "Type of credential. Must be `public_key`.",
"enum": [
"public_key"
]
},
"DeviceCredentialTypeEnum": {
"type": "string",
"enum": [
"public_key",
"refresh_token",
"rotating_refresh_token"
],
"description": "Type of credentials to retrieve. Must be `public_key`, `refresh_token` or `rotating_refresh_token`. The property will default to `refresh_token` when paging is requested"
},
"DirectoryProvisioning": {
"type": "object",
"additionalProperties": false,
"required": [
"connection_id",
"connection_name",
"strategy",
"mapping",
"synchronize_automatically",
"created_at",
"updated_at"
],
"properties": {
"connection_id": {
"type": "string",
"description": "The connection's identifier"
},
"connection_name": {
"type": "string",
"description": "The connection's name"
},
"strategy": {
"type": "string",
"description": "The connection's strategy"
},
"mapping": {
"type": "array",
"description": "The mapping between Auth0 and IDP user attributes",
"minItems": 1,
"items": {
"$ref": "#/components/schemas/DirectoryProvisioningMappingItem"
}
},
"synchronize_automatically": {
"type": "boolean",
"description": "Whether periodic automatic synchronization is enabled"
},
"synchronize_groups": {
"$ref": "#/components/schemas/SynchronizeGroupsEnum",
"x-release-lifecycle": "EA"
},
"created_at": {
"type": "string",
"description": "The timestamp at which the directory provisioning configuration was created",
"format": "date-time"
},
"updated_at": {
"type": "string",
"description": "The timestamp at which the directory provisioning configuration was last updated",
"format": "date-time"
},
"last_synchronization_at": {
"type": "string",
"description": "The timestamp at which the connection was last synchronized",
"format": "date-time"
},
"last_synchronization_status": {
"type": "string",
"description": "The status of the last synchronization"
},
"last_synchronization_error": {
"type": "string",
"description": "The error message of the last synchronization, if any"
}
}
},
"DirectoryProvisioningMappingItem": {
"type": "object",
"additionalProperties": false,
"required": [
"auth0",
"idp"
],
"properties": {
"auth0": {
"type": "string",
"description": "The field location in the Auth0 schema"
},
"idp": {
"type": "string",
"description": "The field location in the IDP schema"
}
}
},
"DomainCertificate": {
"type": "object",
"description": "Certificate information. This object is relevant only for Custom Domains with Auth0-Managed Certificates.",
"additionalProperties": false,
"properties": {
"status": {
"$ref": "#/components/schemas/DomainCertificateStatusEnum"
},
"error_msg": {
"type": "string",
"description": "A user-friendly error message will be presented if the certificate status is provisioning_failed or renewing_failed."
},
"certificate_authority": {
"$ref": "#/components/schemas/DomainCertificateAuthorityEnum"
},
"renews_before": {
"type": "string",
"description": "The certificate will be renewed prior to this date."
}
}
},
"DomainCertificateAuthorityEnum": {
"type": "string",
"description": "The Certificate Authority issued the certificate.",
"enum": [
"letsencrypt",
"googletrust"
]
},
"DomainCertificateStatusEnum": {
"type": "string",
"description": "The provisioning status of the certificate.",
"enum": [
"provisioning",
"provisioning_failed",
"provisioned",
"renewing_failed"
]
},
"DomainMetadata": {
"type": "object",
"description": "Domain metadata associated with the custom domain, in the form of an object with string values (max 255 chars). Maximum of 10 domain metadata properties allowed.",
"additionalProperties": {
"type": [
"string",
"null"
],
"maxLength": 255
},
"maxProperties": 10
},
"DomainVerification": {
"type": "object",
"description": "Domain verification settings.",
"additionalProperties": false,
"properties": {
"methods": {
"type": "array",
"description": "Domain verification methods.",
"minItems": 1,
"items": {
"$ref": "#/components/schemas/DomainVerificationMethod"
}
},
"status": {
"$ref": "#/components/schemas/DomainVerificationStatusEnum"
},
"error_msg": {
"type": "string",
"description": "The user0-friendly error message in case of failed verification. This field is relevant only for Custom Domains with Auth0-Managed Certificates."
},
"last_verified_at": {
"type": "string",
"description": "The date and time when the custom domain was last verified. This field is relevant only for Custom Domains with Auth0-Managed Certificates."
}
}
},
"DomainVerificationMethod": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"record"
],
"properties": {
"name": {
"$ref": "#/components/schemas/DomainVerificationMethodNameEnum"
},
"record": {
"type": "string",
"description": "Value used to verify the domain.",
"default": "auth0-domain-verification=..."
},
"domain": {
"type": "string",
"description": "The name of the txt record for verification",
"default": "_cf-custom-hostname.login.mycompany.com"
}
}
},
"DomainVerificationMethodNameEnum": {
"type": "string",
"description": "Domain verification method.",
"default": "txt",
"enum": [
"cname",
"txt"
]
},
"DomainVerificationStatusEnum": {
"type": "string",
"description": "The DNS record verification status. This field is relevant only for Custom Domains with Auth0-Managed Certificates.",
"enum": [
"verified",
"pending",
"failed"
]
},
"EmailAttribute": {
"type": "object",
"description": "Configuration for the email attribute for users.",
"additionalProperties": false,
"properties": {
"identifier": {
"$ref": "#/components/schemas/ConnectionAttributeIdentifier"
},
"unique": {
"type": "boolean",
"description": "Determines if the attribute is unique in a given connection"
},
"profile_required": {
"type": "boolean",
"description": "Determines if property should be required for users"
},
"verification_method": {
"$ref": "#/components/schemas/VerificationMethodEnum"
},
"signup": {
"$ref": "#/components/schemas/SignupVerified"
}
}
},
"EmailMailgunRegionEnum": {
"description": "Set to eu if your domain is provisioned to use Mailgun's EU region. Otherwise, set to null.",
"enum": [
"eu",
null
]
},
"EmailProviderCredentials": {
"type": "object",
"description": "Credentials required to use the provider.",
"additionalProperties": false,
"properties": {
"api_user": {
"type": "string",
"description": "API User."
},
"region": {
"type": "string",
"description": "AWS or SparkPost region."
},
"smtp_host": {
"type": "string",
"description": "SMTP host."
},
"smtp_port": {
"type": "integer",
"description": "SMTP port."
},
"smtp_user": {
"type": "string",
"description": "SMTP username."
}
}
},
"EmailProviderCredentialsSchema": {
"type": "object",
"description": "Credentials required to use the provider.",
"anyOf": [
{
"type": "object",
"additionalProperties": false,
"required": [
"api_key"
],
"properties": {
"api_key": {
"type": "string",
"description": "API Key",
"minLength": 1
}
}
},
{
"type": "object",
"additionalProperties": false,
"minProperties": 1,
"properties": {
"accessKeyId": {
"type": "string",
"description": "AWS Access Key ID.",
"minLength": 1
},
"secretAccessKey": {
"type": "string",
"description": "AWS Secret Access Key.",
"minLength": 1
},
"region": {
"type": "string",
"description": "AWS region.",
"minLength": 1
}
}
},
{
"type": "object",
"additionalProperties": false,
"minProperties": 1,
"properties": {
"smtp_host": {
"$ref": "#/components/schemas/EmailSMTPHost"
},
"smtp_port": {
"type": "integer",
"description": "SMTP port."
},
"smtp_user": {
"type": "string",
"description": "SMTP username.",
"minLength": 1
},
"smtp_pass": {
"type": "string",
"description": "SMTP password.",
"minLength": 1
}
}
},
{
"type": "object",
"additionalProperties": false,
"minProperties": 1,
"properties": {
"api_key": {
"type": "string",
"description": "API Key",
"minLength": 1
},
"region": {
"$ref": "#/components/schemas/EmailSparkPostRegionEnum"
}
}
},
{
"type": "object",
"additionalProperties": false,
"minProperties": 1,
"properties": {
"api_key": {
"type": "string",
"description": "API Key",
"minLength": 1
},
"domain": {
"type": "string",
"description": "Domain",
"minLength": 4
},
"region": {
"$ref": "#/components/schemas/EmailMailgunRegionEnum"
}
}
},
{
"type": "object",
"additionalProperties": false,
"minProperties": 1,
"properties": {
"connectionString": {
"type": "string",
"description": "Azure Communication Services Connection String.",
"minLength": 1
}
}
},
{
"type": "object",
"additionalProperties": false,
"minProperties": 1,
"properties": {
"tenantId": {
"type": "string",
"description": "Microsoft 365 Tenant ID.",
"minLength": 1
},
"clientId": {
"type": "string",
"description": "Microsoft 365 Client ID.",
"minLength": 1
},
"clientSecret": {
"type": "string",
"description": "Microsoft 365 Client Secret.",
"minLength": 1
}
}
},
{
"$ref": "#/components/schemas/ExtensibilityEmailProviderCredentials"
}
]
},
"EmailProviderNameEnum": {
"type": "string",
"description": "Name of the email provider. Can be `mailgun`, `mandrill`, `sendgrid`, `resend`, `ses`, `sparkpost`, `smtp`, `azure_cs`, `ms365`, or `custom`.",
"enum": [
"mailgun",
"mandrill",
"sendgrid",
"resend",
"ses",
"sparkpost",
"smtp",
"azure_cs",
"ms365",
"custom"
]
},
"EmailProviderSettings": {
"type": "object",
"description": "Specific provider setting",
"additionalProperties": true
},
"EmailSMTPHost": {
"type": "string",
"description": "SMTP host.",
"anyOf": [
{
"type": "string",
"format": "hostname-rfc2181"
},
{
"type": "string",
"format": "ipv4"
},
{
"type": "string",
"format": "ipv6"
}
]
},
"EmailSparkPostRegionEnum": {
"description": "Set to eu to use SparkPost service hosted in Western Europe. To use SparkPost hosted in North America, set it to null.",
"enum": [
"eu",
null
]
},
"EmailSpecificProviderSettingsWithAdditionalProperties": {
"type": [
"object",
"null"
],
"description": "Specific provider setting",
"additionalProperties": true
},
"EmailTemplateNameEnum": {
"type": "string",
"description": "Template name. Can be `verify_email`, `verify_email_by_code`, `reset_email`, `reset_email_by_code`, `welcome_email`, `blocked_account`, `stolen_credentials`, `enrollment_email`, `mfa_oob_code`, `user_invitation`, `async_approval`, `change_password` (legacy), or `password_reset` (legacy).",
"default": "verify_email",
"enum": [
"verify_email",
"verify_email_by_code",
"reset_email",
"reset_email_by_code",
"welcome_email",
"blocked_account",
"stolen_credentials",
"enrollment_email",
"mfa_oob_code",
"user_invitation",
"change_password",
"password_reset",
"async_approval"
]
},
"EnabledFeaturesEnum": {
"type": "string",
"description": "Enum for enabled features.",
"enum": [
"scim",
"universal_logout"
]
},
"EncryptionKey": {
"type": "object",
"description": "Encryption key",
"additionalProperties": false,
"required": [
"kid",
"type",
"state",
"created_at",
"updated_at"
],
"properties": {
"kid": {
"type": "string",
"description": "Key ID"
},
"type": {
"$ref": "#/components/schemas/EncryptionKeyType"
},
"state": {
"$ref": "#/components/schemas/EncryptionKeyState"
},
"created_at": {
"type": "string",
"description": "Key creation timestamp",
"format": "date-time"
},
"updated_at": {
"type": "string",
"description": "Key update timestamp",
"format": "date-time"
},
"parent_kid": {
"type": [
"string",
"null"
],
"description": "ID of parent wrapping key"
},
"public_key": {
"type": [
"string",
"null"
],
"description": "Public key in PEM format"
}
}
},
"EncryptionKeyPublicWrappingAlgorithm": {
"type": "string",
"description": "Encryption algorithm that shall be used to wrap your key material",
"enum": [
"CKM_RSA_AES_KEY_WRAP"
]
},
"EncryptionKeyState": {
"type": "string",
"description": "Key state",
"enum": [
"pre-activation",
"active",
"deactivated",
"destroyed"
]
},
"EncryptionKeyType": {
"type": "string",
"description": "Key type",
"enum": [
"customer-provided-root-key",
"environment-root-key",
"tenant-master-key",
"tenant-encryption-key"
]
},
"EventStreamActionConfiguration": {
"type": "object",
"description": "Configuration specific to an action destination.",
"additionalProperties": false,
"required": [
"action_id"
],
"properties": {
"action_id": {
"type": "string",
"description": "Action ID for the action destination."
}
}
},
"EventStreamActionDestination": {
"type": "object",
"additionalProperties": false,
"required": [
"type",
"configuration"
],
"properties": {
"type": {
"$ref": "#/components/schemas/EventStreamActionDestinationTypeEnum"
},
"configuration": {
"$ref": "#/components/schemas/EventStreamActionConfiguration"
}
}
},
"EventStreamActionDestinationTypeEnum": {
"type": "string",
"enum": [
"action"
]
},
"EventStreamActionResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"type": "string",
"description": "Unique identifier for the event stream.",
"minLength": 26,
"maxLength": 26,
"format": "event-stream-id"
},
"name": {
"type": "string",
"description": "Name of the event stream.",
"minLength": 1,
"maxLength": 128
},
"subscriptions": {
"type": "array",
"description": "List of event types subscribed to in this stream.",
"minItems": 1,
"items": {
"$ref": "#/components/schemas/EventStreamSubscription"
}
},
"destination": {
"$ref": "#/components/schemas/EventStreamActionDestination"
},
"status": {
"$ref": "#/components/schemas/EventStreamStatusEnum"
},
"created_at": {
"type": "string",
"description": "Timestamp when the event stream was created.",
"format": "date-time"
},
"updated_at": {
"type": "string",
"description": "Timestamp when the event stream was last updated.",
"format": "date-time"
}
}
},
"EventStreamCloudEvent": {
"type": "object",
"description": "Event content. This will only be set if delivery failed.",
"additionalProperties": false,
"properties": {
"id": {
"type": "string",
"description": "Unique identifier for the event",
"minLength": 26,
"maxLength": 26,
"format": "event-id"
},
"source": {
"type": "string",
"description": "Where the event originated"
},
"specversion": {
"type": "string",
"description": "Version of CloudEvents spec"
},
"type": {
"type": "string",
"description": "Type of the event (e.g., user.created)"
},
"time": {
"type": "string",
"description": "Timestamp at which the event was generated",
"format": "date-time"
},
"data": {
"type": "string",
"description": "Event contents encoded as a string."
}
}
},
"EventStreamCloudEventA0PurposeEnum": {
"type": "string",
"description": "The purpose of this event. This field will typically appear only in special cases\nsuch as sending a test event. For normal events, this field will be omitted.",
"enum": [
"test"
]
},
"EventStreamCloudEventContext": {
"type": "object",
"description": "Information about the context in which the event was produced. This may include things like\nHTTP request details, client information, connection information, etc.\n\nNote: This field may not be present on all events, depending on the event type and the\ncontext in which it was generated.",
"additionalProperties": false,
"required": [
"tenant"
],
"properties": {
"client": {
"$ref": "#/components/schemas/EventStreamCloudEventContextClient"
},
"connection": {
"$ref": "#/components/schemas/EventStreamCloudEventContextConnection"
},
"request": {
"$ref": "#/components/schemas/EventStreamCloudEventContextRequest"
},
"tenant": {
"$ref": "#/components/schemas/EventStreamCloudEventContextTenant"
}
}
},
"EventStreamCloudEventContextClient": {
"type": "object",
"description": "The OAuth Client requesting or presenting an access token.",
"additionalProperties": false,
"required": [
"id",
"name",
"metadata"
],
"properties": {
"id": {
"type": "string",
"description": "The client identifier."
},
"name": {
"type": "string",
"description": "The client name."
},
"metadata": {
"$ref": "#/components/schemas/EventStreamCloudEventContextClientMetadata"
}
}
},
"EventStreamCloudEventContextClientMetadata": {
"type": "object",
"description": "Client metadata.",
"additionalProperties": true,
"properties": {}
},
"EventStreamCloudEventContextConnection": {
"type": "object",
"description": "The Auth0 Connection used for the authentication transaction that generated the event.",
"additionalProperties": false,
"required": [
"id",
"name",
"strategy"
],
"properties": {
"id": {
"type": "string",
"description": "The ID of the connection.",
"pattern": "con_[a-zA-Z0-9]{16}"
},
"name": {
"type": "string",
"description": "The name of the connection.",
"pattern": "^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$"
},
"strategy": {
"type": "string",
"description": "The auth strategy implemented by the connection."
}
}
},
"EventStreamCloudEventContextRequest": {
"type": "object",
"description": "An HTTP request.",
"additionalProperties": false,
"required": [
"geo",
"hostname",
"ip",
"method",
"user_agent"
],
"properties": {
"geo": {
"$ref": "#/components/schemas/EventStreamCloudEventContextRequestGeo"
},
"hostname": {
"type": "string",
"description": "The hostname the request is for."
},
"custom_domain": {
"type": "string",
"description": "The custom domain used in the request (if any)."
},
"ip": {
"type": "string",
"description": "The originating IP address of the request."
},
"method": {
"type": "string",
"description": "The HTTP method used for the request."
},
"user_agent": {
"type": "string",
"description": "The value of the `User-Agent` header."
}
}
},
"EventStreamCloudEventContextRequestGeo": {
"type": "object",
"description": "Geographic information about the request origin.",
"additionalProperties": false,
"properties": {
"continent_code": {
"type": "string",
"description": "Continent code."
},
"country_code": {
"type": "string",
"description": "Country code."
},
"country_name": {
"type": "string",
"description": "Country name."
},
"latitude": {
"type": "number",
"description": "Latitude coordinate."
},
"longitude": {
"type": "number",
"description": "Longitude coordinate."
},
"subdivision_code": {
"type": "string",
"description": "Subdivision (state/province) code."
},
"subdivision_name": {
"type": "string",
"description": "Subdivision (state/province) name."
},
"city_name": {
"type": "string",
"description": "City name."
},
"time_zone": {
"type": "string",
"description": "Time zone."
}
}
},
"EventStreamCloudEventContextTenant": {
"type": "object",
"description": "Reference to a tenant in event context",
"additionalProperties": false,
"required": [
"tenant_id"
],
"properties": {
"tenant_id": {
"type": "string",
"description": "Machine-generated unique tenant identifier.",
"pattern": "ten_[a-zA-Z0-9]{16}"
}
}
},
"EventStreamCloudEventErrorCodeEnum": {
"type": "string",
"description": "Machine-readable error code.",
"enum": [
"invalid_cursor",
"cursor_expired",
"timeout",
"payload_too_large",
"processing_error",
"connection_timeout"
]
},
"EventStreamCloudEventErrorDetail": {
"type": "object",
"description": "Error details.",
"additionalProperties": false,
"required": [
"code",
"message"
],
"properties": {
"code": {
"$ref": "#/components/schemas/EventStreamCloudEventErrorCodeEnum"
},
"message": {
"type": "string",
"description": "Human-readable error message."
},
"offset": {
"type": "string",
"description": "The cursor at the time of the error (when available). Can be used to resume from this position."
}
}
},
"EventStreamCloudEventErrorMessage": {
"type": "object",
"description": "An error message delivered via the SSE stream. The stream closes after this message.",
"additionalProperties": false,
"required": [
"type",
"error"
],
"properties": {
"type": {
"$ref": "#/components/schemas/EventStreamCloudEventErrorMessageTypeEnum"
},
"error": {
"$ref": "#/components/schemas/EventStreamCloudEventErrorDetail"
}
}
},
"EventStreamCloudEventErrorMessageTypeEnum": {
"type": "string",
"description": "Identifies this as an error message (injected from the SSE event field).",
"enum": [
"error"
]
},
"EventStreamCloudEventGroupCreated": {
"type": "object",
"description": "SSE message for group.created.",
"additionalProperties": false,
"required": [
"type",
"offset",
"event"
],
"properties": {
"type": {
"$ref": "#/components/schemas/EventStreamCloudEventGroupCreatedTypeEnum"
},
"offset": {
"type": "string",
"description": "Opaque cursor representing position in the stream. Pass as the `from` query parameter to resume."
},
"event": {
"$ref": "#/components/schemas/EventStreamCloudEventGroupCreatedCloudEvent"
}
}
},
"EventStreamCloudEventGroupCreatedCloudEvent": {
"type": "object",
"description": "Represents an event that occurs when a group is created.",
"additionalProperties": false,
"required": [
"specversion",
"type",
"source",
"id",
"time",
"data",
"a0tenant",
"a0stream"
],
"properties": {
"specversion": {
"type": "string",
"description": "The version of the CloudEvents specification which the event uses."
},
"type": {
"$ref": "#/components/schemas/EventStreamCloudEventGroupCreatedCloudEventTypeEnum"
},
"source": {
"type": "string",
"description": "The source of the event. This will take the form 'urn:auth0:block, user_notification, admin_notification.",
"items": {
"$ref": "#/components/schemas/BreachedPasswordDetectionShieldsEnum"
}
},
"admin_notification_frequency": {
"type": "array",
"description": "When \"admin_notification\" is enabled, determines how often email notifications are sent.\n Possible values: immediately, daily, weekly, monthly.",
"items": {
"$ref": "#/components/schemas/BreachedPasswordDetectionAdminNotificationFrequencyEnum"
}
},
"method": {
"$ref": "#/components/schemas/BreachedPasswordDetectionMethodEnum"
},
"stage": {
"$ref": "#/components/schemas/BreachedPasswordDetectionStage"
}
}
},
"GetBruteForceSettingsResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"enabled": {
"type": "boolean",
"description": "Whether or not brute force attack protections are active."
},
"shields": {
"type": "array",
"description": "Action to take when a brute force protection threshold is violated.\n Possible values: block, user_notification.",
"items": {
"$ref": "#/components/schemas/BruteForceProtectionShieldsEnum"
}
},
"allowlist": {
"type": "array",
"description": "List of trusted IP addresses that will not have attack protection enforced against them.",
"items": {
"type": "string",
"anyOf": [
{
"type": "string",
"format": "ipv4"
},
{
"type": "string",
"format": "cidr"
},
{
"type": "string",
"format": "ipv6"
},
{
"type": "string",
"format": "ipv6_cidr"
}
]
}
},
"mode": {
"$ref": "#/components/schemas/BruteForceProtectionModeEnum"
},
"max_attempts": {
"type": "integer",
"description": "Maximum number of unsuccessful attempts.",
"default": 10,
"minimum": 1,
"maximum": 100
}
}
},
"GetClientCredentialResponseContent": {
"type": "object",
"additionalProperties": true,
"properties": {
"id": {
"type": "string",
"description": "ID of the credential. Generated on creation.",
"default": "cred_1m7sfABoNTTKYwTQ8qt6tX"
},
"name": {
"type": "string",
"description": "The name given to the credential by the user.",
"default": ""
},
"kid": {
"type": "string",
"description": "The key identifier of the credential, generated on creation.",
"default": "IZSSTECp..."
},
"alg": {
"$ref": "#/components/schemas/ClientCredentialAlgorithmEnum"
},
"credential_type": {
"$ref": "#/components/schemas/ClientCredentialTypeEnum"
},
"subject_dn": {
"type": "string",
"description": "The X509 certificate's Subject Distinguished Name"
},
"thumbprint_sha256": {
"type": "string",
"description": "The X509 certificate's SHA256 thumbprint"
},
"created_at": {
"type": "string",
"description": "The ISO 8601 formatted date the credential was created.",
"format": "date-time"
},
"updated_at": {
"type": "string",
"description": "The ISO 8601 formatted date the credential was updated.",
"format": "date-time"
},
"expires_at": {
"type": "string",
"description": "The ISO 8601 formatted date representing the expiration of the credential.",
"format": "date-time"
}
}
},
"GetClientGrantResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"type": "string",
"description": "ID of the client grant."
},
"client_id": {
"type": "string",
"description": "ID of the client."
},
"audience": {
"type": "string",
"description": "The audience (API identifier) of this client grant.",
"minLength": 1
},
"scope": {
"type": "array",
"description": "Scopes allowed for this client grant.",
"items": {
"type": "string",
"minLength": 1
}
},
"organization_usage": {
"$ref": "#/components/schemas/ClientGrantOrganizationUsageEnum"
},
"allow_any_organization": {
"type": "boolean",
"description": "If enabled, any organization can be used with this grant. If disabled (default), the grant must be explicitly assigned to the desired organizations."
},
"default_for": {
"$ref": "#/components/schemas/ClientGrantDefaultForEnum",
"x-release-lifecycle": "GA"
},
"is_system": {
"type": "boolean",
"description": "If enabled, this grant is a special grant created by Auth0. It cannot be modified or deleted directly."
},
"subject_type": {
"$ref": "#/components/schemas/ClientGrantSubjectTypeEnum"
},
"authorization_details_types": {
"type": "array",
"description": "Types of authorization_details allowed for this client grant.",
"items": {
"type": "string",
"minLength": 1,
"maxLength": 255
}
},
"allow_all_scopes": {
"type": "boolean",
"description": "If enabled, all scopes configured on the resource server are allowed for this grant."
}
}
},
"GetClientResponseContent": {
"type": "object",
"additionalProperties": true,
"properties": {
"client_id": {
"type": "string",
"description": "ID of this client.",
"default": "AaiyAPdpYdesoKnqjj8HJqRn4T5titww"
},
"tenant": {
"type": "string",
"description": "Name of the tenant this client belongs to.",
"default": ""
},
"name": {
"type": "string",
"description": "Name of this client (min length: 1 character, does not allow `<` or `>`).",
"default": "My application"
},
"description": {
"type": "string",
"description": "Free text description of this client (max length: 140 characters).",
"default": ""
},
"global": {
"type": "boolean",
"description": "Whether this is your global 'All Applications' client representing legacy tenant settings (true) or a regular client (false).",
"default": false
},
"client_secret": {
"type": "string",
"description": "Client secret (which you must not make public).",
"default": "MG_TNT2ver-SylNat-_VeMmd-4m0Waba0jr1troztBniSChEw0glxEmgEi2Kw40H"
},
"app_type": {
"$ref": "#/components/schemas/ClientAppTypeEnum"
},
"logo_uri": {
"type": "string",
"description": "URL of the logo to display for this client. Recommended size is 150x150 pixels."
},
"is_first_party": {
"type": "boolean",
"description": "Whether this client a first party client (true) or not (false).",
"default": false
},
"oidc_conformant": {
"type": "boolean",
"description": "Whether this client conforms to strict OIDC specifications (true) or uses legacy features (false).",
"default": false
},
"callbacks": {
"type": "array",
"description": "Comma-separated list of URLs whitelisted for Auth0 to use as a callback to the client after authentication.",
"items": {
"type": "string"
}
},
"allowed_origins": {
"type": "array",
"description": "Comma-separated list of URLs allowed to make requests from JavaScript to Auth0 API (typically used with CORS). By default, all your callback URLs will be allowed. This field allows you to enter other origins if necessary. You can also use wildcards at the subdomain level (e.g., https://*.contoso.com). Query strings and hash information are not taken into account when validating these URLs.",
"items": {
"type": "string"
}
},
"web_origins": {
"type": "array",
"description": "Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode.",
"items": {
"type": "string"
}
},
"client_aliases": {
"type": "array",
"description": "List of audiences/realms for SAML protocol. Used by the wsfed addon.",
"items": {
"type": "string"
}
},
"allowed_clients": {
"type": "array",
"description": "List of allow clients and API ids that are allowed to make delegation requests. Empty means all all your clients are allowed.",
"items": {
"type": "string"
}
},
"allowed_logout_urls": {
"type": "array",
"description": "Comma-separated list of URLs that are valid to redirect to after logout from Auth0. Wildcards are allowed for subdomains.",
"items": {
"type": "string"
}
},
"session_transfer": {
"$ref": "#/components/schemas/ClientSessionTransferConfiguration"
},
"oidc_logout": {
"$ref": "#/components/schemas/ClientOIDCBackchannelLogoutSettings"
},
"grant_types": {
"type": "array",
"description": "List of grant types supported for this application. Can include `authorization_code`, `implicit`, `refresh_token`, `client_credentials`, `password`, `http://auth0.com/oauth/grant-type/password-realm`, `http://auth0.com/oauth/grant-type/mfa-oob`, `http://auth0.com/oauth/grant-type/mfa-otp`, `http://auth0.com/oauth/grant-type/mfa-recovery-code`, `urn:openid:params:grant-type:ciba`, `urn:ietf:params:oauth:grant-type:device_code`, and `urn:auth0:params:oauth:grant-type:token-exchange:federated-connection-access-token`.",
"items": {
"type": "string"
}
},
"jwt_configuration": {
"$ref": "#/components/schemas/ClientJwtConfiguration"
},
"signing_keys": {
"$ref": "#/components/schemas/ClientSigningKeys"
},
"encryption_key": {
"$ref": "#/components/schemas/ClientEncryptionKey"
},
"sso": {
"type": "boolean",
"description": "Applies only to SSO clients and determines whether Auth0 will handle Single Sign On (true) or whether the Identity Provider will (false).",
"default": false
},
"sso_disabled": {
"type": "boolean",
"description": "Whether Single Sign On is disabled (true) or enabled (true). Defaults to true.",
"default": false
},
"cross_origin_authentication": {
"type": "boolean",
"description": "Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false)."
},
"cross_origin_loc": {
"type": "string",
"description": "URL of the location in your site where the cross origin verification takes place for the cross-origin auth flow when performing Auth in your own domain instead of Auth0 hosted login page.",
"format": "url"
},
"custom_login_page_on": {
"type": "boolean",
"description": "Whether a custom login page is to be used (true) or the default provided login page (false).",
"default": true
},
"custom_login_page": {
"type": "string",
"description": "The content (HTML, CSS, JS) of the custom login page.",
"default": ""
},
"custom_login_page_preview": {
"type": "string",
"description": "The content (HTML, CSS, JS) of the custom login page. (Used on Previews)",
"default": ""
},
"form_template": {
"type": "string",
"description": "HTML form template to be used for WS-Federation.",
"default": ""
},
"addons": {
"$ref": "#/components/schemas/ClientAddons"
},
"token_endpoint_auth_method": {
"$ref": "#/components/schemas/ClientTokenEndpointAuthMethodEnum"
},
"is_token_endpoint_ip_header_trusted": {
"type": "boolean",
"description": "If true, trust that the IP specified in the `auth0-forwarded-for` header is the end-user's IP for brute-force-protection on token endpoint.",
"default": false
},
"client_metadata": {
"$ref": "#/components/schemas/ClientMetadata"
},
"mobile": {
"$ref": "#/components/schemas/ClientMobile"
},
"initiate_login_uri": {
"type": "string",
"description": "Initiate login uri, must be https",
"format": "absolute-https-uri-with-placeholders-or-empty"
},
"native_social_login": {},
"refresh_token": {
"$ref": "#/components/schemas/ClientRefreshTokenConfiguration"
},
"default_organization": {
"$ref": "#/components/schemas/ClientDefaultOrganization"
},
"organization_usage": {
"$ref": "#/components/schemas/ClientOrganizationUsageEnum"
},
"organization_require_behavior": {
"$ref": "#/components/schemas/ClientOrganizationRequireBehaviorEnum"
},
"organization_discovery_methods": {
"type": "array",
"description": "Defines the available methods for organization discovery during the `pre_login_prompt`. Users can discover their organization either by `email`, `organization_name` or both.",
"minItems": 1,
"x-release-lifecycle": "EA",
"items": {
"$ref": "#/components/schemas/ClientOrganizationDiscoveryEnum"
}
},
"client_authentication_methods": {
"$ref": "#/components/schemas/ClientAuthenticationMethod"
},
"require_pushed_authorization_requests": {
"type": "boolean",
"description": "Makes the use of Pushed Authorization Requests mandatory for this client",
"default": false
},
"require_proof_of_possession": {
"type": "boolean",
"description": "Makes the use of Proof-of-Possession mandatory for this client",
"default": false
},
"signed_request_object": {
"$ref": "#/components/schemas/ClientSignedRequestObjectWithCredentialId"
},
"compliance_level": {
"$ref": "#/components/schemas/ClientComplianceLevelEnum"
},
"skip_non_verifiable_callback_uri_confirmation_prompt": {
"type": "boolean",
"description": "Controls whether a confirmation prompt is shown during login flows when the redirect URI uses non-verifiable callback URIs (for example, a custom URI schema such as `myapp://`, or `localhost`).\nIf set to true, a confirmation prompt will not be shown. We recommend that this is set to false for improved protection from malicious apps.\nSee https://auth0.com/docs/secure/security-guidance/measures-against-app-impersonation for more information."
},
"token_exchange": {
"$ref": "#/components/schemas/ClientTokenExchangeConfiguration",
"x-release-lifecycle": "GA"
},
"par_request_expiry": {
"type": [
"integer",
"null"
],
"description": "Specifies how long, in seconds, a Pushed Authorization Request URI remains valid",
"minimum": 10,
"maximum": 600
},
"token_quota": {
"$ref": "#/components/schemas/TokenQuota",
"x-release-lifecycle": "EA"
},
"express_configuration": {
"$ref": "#/components/schemas/ExpressConfiguration"
},
"my_organization_configuration": {
"$ref": "#/components/schemas/ClientMyOrganizationResponseConfiguration",
"x-release-lifecycle": "EA"
},
"third_party_security_mode": {
"$ref": "#/components/schemas/ClientThirdPartySecurityModeEnum",
"x-release-lifecycle": "GA"
},
"redirection_policy": {
"$ref": "#/components/schemas/ClientRedirectionPolicyEnum",
"x-release-lifecycle": "GA"
},
"resource_server_identifier": {
"type": "string",
"description": "The identifier of the resource server that this client is linked to."
},
"async_approval_notification_channels": {
"$ref": "#/components/schemas/ClientAsyncApprovalNotificationsChannelsAPIPostConfiguration"
},
"external_metadata_type": {
"$ref": "#/components/schemas/ClientExternalMetadataTypeEnum"
},
"external_metadata_created_by": {
"$ref": "#/components/schemas/ClientExternalMetadataCreatedByEnum"
},
"external_client_id": {
"type": "string",
"description": "An alternate client identifier to be used during authorization flows. Only supports CIMD-based client identifiers.",
"format": "absolute-https-uri-or-empty"
},
"jwks_uri": {
"type": "string",
"description": "URL for the JSON Web Key Set (JWKS) containing the public keys used for private_key_jwt authentication. Only present for CIMD clients using private_key_jwt authentication.",
"format": "absolute-https-uri-or-empty"
}
}
},
"GetConnectionEnabledClientsResponseContent": {
"type": "object",
"additionalProperties": true,
"required": [
"clients"
],
"properties": {
"clients": {
"type": "array",
"description": "Clients for which the connection is enabled",
"items": {
"$ref": "#/components/schemas/ConnectionEnabledClient"
}
},
"next": {
"type": "string",
"description": "Encoded next token"
}
}
},
"GetConnectionProfileResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"$ref": "#/components/schemas/ConnectionProfileId"
},
"name": {
"$ref": "#/components/schemas/ConnectionProfileName"
},
"organization": {
"$ref": "#/components/schemas/ConnectionProfileOrganization"
},
"connection_name_prefix_template": {
"$ref": "#/components/schemas/ConnectionNamePrefixTemplate"
},
"enabled_features": {
"$ref": "#/components/schemas/ConnectionProfileEnabledFeatures"
},
"connection_config": {
"$ref": "#/components/schemas/ConnectionProfileConfig"
},
"strategy_overrides": {
"$ref": "#/components/schemas/ConnectionProfileStrategyOverrides"
}
}
},
"GetConnectionProfileTemplateResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"type": "string",
"description": "The id of the template."
},
"display_name": {
"type": "string",
"description": "The user-friendly name of the template displayed in the UI."
},
"template": {
"$ref": "#/components/schemas/ConnectionProfileTemplate"
}
}
},
"GetConnectionResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"name": {
"type": "string",
"description": "The name of the connection",
"default": "My connection"
},
"display_name": {
"type": "string",
"description": "Connection name used in login screen"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptions"
},
"id": {
"type": "string",
"description": "The connection's identifier",
"default": "con_0000000000000001"
},
"strategy": {
"type": "string",
"description": "The type of the connection, related to the identity provider",
"default": "auth0"
},
"realms": {
"type": "array",
"description": "Defines the realms for which the connection will be used (ie: email domains). If the array is empty or the property is not specified, the connection name will be added as realm.",
"items": {
"type": "string",
"description": "The realm where this connection belongs",
"format": "connection-realm"
}
},
"enabled_clients": {
"type": "array",
"description": "DEPRECATED property. Use the GET /connections/:id/clients endpoint to get the ids of the clients for which the connection is enabled",
"x-release-lifecycle": "deprecated",
"items": {
"type": "string",
"description": "The client id"
}
},
"is_domain_connection": {
"type": "boolean",
"description": "True if the connection is domain level"
},
"show_as_button": {
"type": "boolean",
"description": "Enables showing a button for the connection in the login page (new experience only). If false, it will be usable only by HRD."
},
"metadata": {
"$ref": "#/components/schemas/ConnectionsMetadata"
},
"authentication": {
"$ref": "#/components/schemas/ConnectionAuthenticationPurpose",
"x-release-lifecycle": "GA"
},
"connected_accounts": {
"$ref": "#/components/schemas/ConnectionConnectedAccountsPurpose",
"x-release-lifecycle": "GA"
}
}
},
"GetCustomDomainResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"custom_domain_id",
"domain",
"primary",
"status",
"type"
],
"properties": {
"custom_domain_id": {
"type": "string",
"description": "ID of the custom domain.",
"default": "cd_0000000000000001"
},
"domain": {
"type": "string",
"description": "Domain name.",
"default": "login.mycompany.com"
},
"primary": {
"type": "boolean",
"description": "Whether this is a primary domain (true) or not (false).",
"default": false
},
"is_default": {
"type": "boolean",
"description": "Whether this is the default custom domain (true) or not (false).",
"default": false
},
"status": {
"$ref": "#/components/schemas/CustomDomainStatusFilterEnum"
},
"type": {
"$ref": "#/components/schemas/CustomDomainTypeEnum"
},
"origin_domain_name": {
"type": "string",
"description": "Intermediate address.",
"default": "mycompany_cd_0000000000000001.edge.tenants.auth0.com"
},
"verification": {
"$ref": "#/components/schemas/DomainVerification"
},
"custom_client_ip_header": {
"type": [
"string",
"null"
],
"description": "The HTTP header to fetch the client's IP address"
},
"tls_policy": {
"type": "string",
"description": "The TLS version policy",
"default": "recommended"
},
"domain_metadata": {
"$ref": "#/components/schemas/DomainMetadata"
},
"certificate": {
"$ref": "#/components/schemas/DomainCertificate"
},
"relying_party_identifier": {
"type": "string",
"description": "Relying Party ID (rpId) to be used for Passkeys on this custom domain. If not present, the full domain will be used.",
"format": "hostname"
}
}
},
"GetCustomSigningKeysResponseContent": {
"type": "object",
"description": "JWKS representing an array of custom public signing keys.",
"additionalProperties": false,
"properties": {
"keys": {
"type": "array",
"description": "An array of custom public signing keys.",
"items": {
"$ref": "#/components/schemas/CustomSigningKeyJWK"
}
}
}
},
"GetCustomTextsByLanguageResponseContent": {
"type": "object",
"description": "An object containing custom dictionaries for a group of screens.",
"additionalProperties": true
},
"GetDefaultCanonicalDomainResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"domain"
],
"properties": {
"domain": {
"type": "string",
"description": "Domain name.",
"default": "login.mycompany.com"
}
}
},
"GetDefaultCustomDomainResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"custom_domain_id",
"domain",
"primary",
"status",
"type"
],
"properties": {
"custom_domain_id": {
"type": "string",
"description": "ID of the custom domain.",
"default": "cd_0000000000000001"
},
"domain": {
"type": "string",
"description": "Domain name.",
"default": "login.mycompany.com"
},
"primary": {
"type": "boolean",
"description": "Whether this is a primary domain (true) or not (false).",
"default": false
},
"is_default": {
"type": "boolean",
"description": "Whether this is the default custom domain (true) or not (false).",
"default": false
},
"status": {
"$ref": "#/components/schemas/CustomDomainStatusFilterEnum"
},
"type": {
"$ref": "#/components/schemas/CustomDomainTypeEnum"
},
"origin_domain_name": {
"type": "string",
"description": "Intermediate address.",
"default": "mycompany_cd_0000000000000001.edge.tenants.auth0.com"
},
"verification": {
"$ref": "#/components/schemas/DomainVerification"
},
"custom_client_ip_header": {
"type": [
"string",
"null"
],
"description": "The HTTP header to fetch the client's IP address"
},
"tls_policy": {
"type": "string",
"description": "The TLS version policy",
"default": "recommended"
},
"domain_metadata": {
"$ref": "#/components/schemas/DomainMetadata"
},
"certificate": {
"$ref": "#/components/schemas/DomainCertificate"
},
"relying_party_identifier": {
"type": "string",
"description": "Relying Party ID (rpId) to be used for Passkeys on this custom domain. If not present, the full domain will be used.",
"format": "hostname"
}
}
},
"GetDefaultDomainResponseContent": {
"oneOf": [
{
"$ref": "#/components/schemas/GetDefaultCustomDomainResponseContent"
},
{
"$ref": "#/components/schemas/GetDefaultCanonicalDomainResponseContent"
}
]
},
"GetDirectoryProvisioningDefaultMappingResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"mapping": {
"type": "array",
"description": "The mapping between Auth0 and IDP user attributes",
"minItems": 1,
"items": {
"$ref": "#/components/schemas/DirectoryProvisioningMappingItem"
}
}
}
},
"GetDirectoryProvisioningResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"connection_id",
"connection_name",
"strategy",
"mapping",
"synchronize_automatically",
"created_at",
"updated_at"
],
"properties": {
"connection_id": {
"type": "string",
"description": "The connection's identifier"
},
"connection_name": {
"type": "string",
"description": "The connection's name"
},
"strategy": {
"type": "string",
"description": "The connection's strategy"
},
"mapping": {
"type": "array",
"description": "The mapping between Auth0 and IDP user attributes",
"minItems": 1,
"items": {
"$ref": "#/components/schemas/DirectoryProvisioningMappingItem"
}
},
"synchronize_automatically": {
"type": "boolean",
"description": "Whether periodic automatic synchronization is enabled"
},
"synchronize_groups": {
"$ref": "#/components/schemas/SynchronizeGroupsEnum",
"x-release-lifecycle": "EA"
},
"created_at": {
"type": "string",
"description": "The timestamp at which the directory provisioning configuration was created",
"format": "date-time"
},
"updated_at": {
"type": "string",
"description": "The timestamp at which the directory provisioning configuration was last updated",
"format": "date-time"
},
"last_synchronization_at": {
"type": "string",
"description": "The timestamp at which the connection was last synchronized",
"format": "date-time"
},
"last_synchronization_status": {
"type": "string",
"description": "The status of the last synchronization"
},
"last_synchronization_error": {
"type": "string",
"description": "The error message of the last synchronization, if any"
}
}
},
"GetEmailProviderResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"name": {
"type": "string",
"description": "Name of the email provider. Can be `mailgun`, `mandrill`, `sendgrid`, `resend`, `ses`, `sparkpost`, `smtp`, `azure_cs`, `ms365`, or `custom`.",
"default": "sendgrid"
},
"enabled": {
"type": "boolean",
"description": "Whether the provider is enabled (true) or disabled (false).",
"default": true
},
"default_from_address": {
"type": "string",
"description": "Email address to use as \"from\" when no other address specified."
},
"credentials": {
"$ref": "#/components/schemas/EmailProviderCredentials"
},
"settings": {
"$ref": "#/components/schemas/EmailProviderSettings"
}
}
},
"GetEmailTemplateResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"template": {
"$ref": "#/components/schemas/EmailTemplateNameEnum"
},
"body": {
"type": [
"string",
"null"
],
"description": "Body of the email template."
},
"from": {
"type": [
"string",
"null"
],
"description": "Senders `from` email address.",
"default": "sender@auth0.com"
},
"resultUrl": {
"type": [
"string",
"null"
],
"description": "URL to redirect the user to after a successful action."
},
"subject": {
"type": [
"string",
"null"
],
"description": "Subject line of the email."
},
"syntax": {
"type": [
"string",
"null"
],
"description": "Syntax of the template body.",
"default": "liquid"
},
"urlLifetimeInSeconds": {
"type": [
"number",
"null"
],
"description": "Lifetime in seconds that the link within the email will be valid for.",
"minimum": 0
},
"includeEmailInRedirect": {
"type": "boolean",
"description": "Whether the `reset_email` and `verify_email` templates should include the user's email address as the `email` parameter in the returnUrl (true) or whether no email address should be included in the redirect (false). Defaults to true."
},
"enabled": {
"type": [
"boolean",
"null"
],
"description": "Whether the template is enabled (true) or disabled (false)."
}
}
},
"GetEncryptionKeyResponseContent": {
"type": "object",
"description": "Encryption key",
"additionalProperties": false,
"required": [
"kid",
"type",
"state",
"created_at",
"updated_at"
],
"properties": {
"kid": {
"type": "string",
"description": "Key ID"
},
"type": {
"$ref": "#/components/schemas/EncryptionKeyType"
},
"state": {
"$ref": "#/components/schemas/EncryptionKeyState"
},
"created_at": {
"type": "string",
"description": "Key creation timestamp",
"format": "date-time"
},
"updated_at": {
"type": "string",
"description": "Key update timestamp",
"format": "date-time"
},
"parent_kid": {
"type": [
"string",
"null"
],
"description": "ID of parent wrapping key"
},
"public_key": {
"type": [
"string",
"null"
],
"description": "Public key in PEM format"
}
}
},
"GetEventStreamDeliveryHistoryResponseContent": {
"type": "object",
"description": "Metadata about a specific attempt to deliver an event",
"additionalProperties": false,
"required": [
"id",
"event_stream_id",
"status",
"event_type",
"attempts"
],
"properties": {
"id": {
"type": "string",
"description": "Unique identifier for the delivery"
},
"event_stream_id": {
"type": "string",
"description": "Unique identifier for the event stream.",
"minLength": 26,
"maxLength": 26,
"format": "event-stream-id"
},
"status": {
"$ref": "#/components/schemas/EventStreamDeliveryStatusEnum"
},
"event_type": {
"$ref": "#/components/schemas/EventStreamDeliveryEventTypeEnum"
},
"attempts": {
"type": "array",
"description": "Results of delivery attempts",
"items": {
"$ref": "#/components/schemas/EventStreamDeliveryAttempt"
}
},
"event": {
"$ref": "#/components/schemas/EventStreamCloudEvent"
}
}
},
"GetEventStreamResponseContent": {
"oneOf": [
{
"$ref": "#/components/schemas/EventStreamWebhookResponseContent"
},
{
"$ref": "#/components/schemas/EventStreamEventBridgeResponseContent"
},
{
"$ref": "#/components/schemas/EventStreamActionResponseContent"
}
]
},
"GetFlowExecutionRequestParametersHydrateEnum": {
"type": "string",
"maxLength": 5,
"enum": [
"debug"
]
},
"GetFlowExecutionResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"id",
"trace_id",
"status",
"created_at",
"updated_at"
],
"properties": {
"id": {
"type": "string",
"description": "Flow execution identifier",
"maxLength": 30,
"format": "flow-execution-id"
},
"trace_id": {
"type": "string",
"description": "Trace id",
"minLength": 1,
"maxLength": 50
},
"journey_id": {
"type": "string",
"description": "Journey id",
"minLength": 1,
"maxLength": 50
},
"status": {
"type": "string",
"description": "Execution status",
"minLength": 1,
"maxLength": 50
},
"debug": {
"$ref": "#/components/schemas/FlowExecutionDebug"
},
"created_at": {
"type": "string",
"description": "The ISO 8601 formatted date when this flow execution was created.",
"format": "date-time"
},
"updated_at": {
"type": "string",
"description": "The ISO 8601 formatted date when this flow execution was updated.",
"format": "date-time"
},
"started_at": {
"type": "string",
"description": "The ISO 8601 formatted date when this flow execution started.",
"format": "date-time"
},
"ended_at": {
"type": "string",
"description": "The ISO 8601 formatted date when this flow execution ended.",
"format": "date-time"
}
}
},
"GetFlowRequestParametersHydrateEnum": {
"type": "string",
"maxLength": 50,
"enum": [
"form_count",
"forms"
]
},
"GetFlowResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"id",
"name",
"created_at",
"updated_at"
],
"x-release-lifecycle": "GA",
"properties": {
"id": {
"type": "string",
"maxLength": 30,
"format": "flow-id"
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 150
},
"actions": {
"type": "array",
"minItems": 0,
"items": {
"$ref": "#/components/schemas/FlowAction"
}
},
"created_at": {
"type": "string",
"format": "date-time"
},
"updated_at": {
"type": "string",
"format": "date-time"
},
"executed_at": {
"type": "string",
"format": "date"
}
}
},
"GetFlowsExecutionsResponseContent": {
"oneOf": [
{
"$ref": "#/components/schemas/ListFlowExecutionsResponseContent"
},
{
"$ref": "#/components/schemas/ListFlowExecutionsOffsetPaginatedResponseContent"
},
{
"$ref": "#/components/schemas/ListFlowExecutionsPaginatedResponseContent"
}
]
},
"GetFlowsVaultConnectionResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"id",
"app_id",
"name",
"ready",
"created_at",
"updated_at",
"fingerprint"
],
"properties": {
"id": {
"type": "string",
"description": "Flows Vault Connection identifier.",
"maxLength": 30,
"format": "flows-vault-connections-id"
},
"app_id": {
"type": "string",
"description": "Flows Vault Connection app identifier.",
"minLength": 1,
"maxLength": 55
},
"environment": {
"type": "string",
"description": "Flows Vault Connection environment.",
"minLength": 1,
"maxLength": 55
},
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"account_name": {
"type": "string",
"description": "Flows Vault Connection custom account name.",
"minLength": 1,
"maxLength": 150
},
"ready": {
"type": "boolean",
"description": "Whether the Flows Vault Connection is configured."
},
"created_at": {
"type": "string",
"description": "The ISO 8601 formatted date when this Flows Vault Connection was created.",
"format": "date-time"
},
"updated_at": {
"type": "string",
"description": "The ISO 8601 formatted date when this Flows Vault Connection was updated.",
"format": "date-time"
},
"refreshed_at": {
"type": "string",
"description": "The ISO 8601 formatted date when this Flows Vault Connection was refreshed.",
"format": "date-time"
},
"fingerprint": {
"type": "string",
"minLength": 1
}
}
},
"GetFormResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"id",
"name",
"created_at",
"updated_at"
],
"properties": {
"id": {
"type": "string",
"maxLength": 30,
"format": "form-id"
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 150
},
"messages": {
"$ref": "#/components/schemas/FormMessages"
},
"languages": {
"$ref": "#/components/schemas/FormLanguages"
},
"translations": {
"$ref": "#/components/schemas/FormTranslations"
},
"nodes": {
"$ref": "#/components/schemas/FormNodeList"
},
"start": {
"$ref": "#/components/schemas/FormStartNode"
},
"ending": {
"$ref": "#/components/schemas/FormEndingNode"
},
"style": {
"$ref": "#/components/schemas/FormStyle"
},
"created_at": {
"type": "string",
"format": "date-time"
},
"updated_at": {
"type": "string",
"format": "date-time"
},
"embedded_at": {
"type": "string",
"format": "date"
},
"submitted_at": {
"type": "string",
"format": "date"
}
}
},
"GetGroupMembersResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"members"
],
"properties": {
"members": {
"type": "array",
"items": {
"$ref": "#/components/schemas/GroupMember"
}
},
"next": {
"type": "string",
"description": "A cursor to be used as the \"from\" query parameter for the next page of results."
}
}
},
"GetGroupResponseContent": {
"type": "object",
"description": "Represents the metadata of a group. Member lists are retrieved via a separate endpoint.",
"additionalProperties": true,
"required": [
"id",
"name",
"created_at",
"updated_at",
"tenant_name"
],
"properties": {
"id": {
"type": "string",
"description": "Unique identifier for the group (service-generated).",
"minLength": 18,
"maxLength": 26,
"pattern": "^grp_[1-9a-km-zA-HJ-NP-Z]{14,22}$"
},
"name": {
"type": "string",
"description": "Name of the group. Must be unique within its connection. Must contain between 1 and 128 printable ASCII characters.",
"minLength": 1,
"maxLength": 128,
"pattern": "^[\\x20-\\x7E]+$"
},
"external_id": {
"type": "string",
"description": "External identifier for the group, often used for SCIM synchronization. Max length of 256 characters.",
"maxLength": 256
},
"connection_id": {
"type": "string",
"description": "Identifier for the connection this group belongs to (if a connection group).",
"format": "connection-id"
},
"tenant_name": {
"type": "string",
"description": "Identifier for the tenant this group belongs to.",
"minLength": 3,
"pattern": "^[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?$"
},
"created_at": {
"type": "string",
"description": "Timestamp of when the group was created.",
"format": "date-time"
},
"updated_at": {
"type": "string",
"description": "Timestamp of when the group was last updated.",
"format": "date-time"
}
}
},
"GetGuardianEnrollmentResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"id"
],
"properties": {
"id": {
"type": "string",
"description": "ID for this enrollment.",
"default": "dev_0000000000000001"
},
"status": {
"$ref": "#/components/schemas/GuardianEnrollmentStatus"
},
"name": {
"type": "string",
"description": "Device name (only for push notification).",
"default": "iPhone 7",
"minLength": 1,
"maxLength": 20,
"pattern": "^\\+[0-9]{8, 20}"
},
"identifier": {
"type": "string",
"description": "Device identifier. This is usually the phone identifier.",
"default": "76dc-a90c-a88c-a90c-a88c-a88c-a90c"
},
"phone_number": {
"type": "string",
"description": "Phone number.",
"default": "+1 999999999999"
},
"enrolled_at": {
"$ref": "#/components/schemas/GuardianEnrollmentDate"
},
"last_auth": {
"$ref": "#/components/schemas/GuardianEnrollmentDate"
}
}
},
"GetGuardianFactorDuoSettingsResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"ikey": {
"type": "string",
"maxLength": 10000
},
"skey": {
"type": "string",
"maxLength": 10000,
"format": "non-empty-string"
},
"host": {
"type": "string",
"maxLength": 10000
}
}
},
"GetGuardianFactorPhoneMessageTypesResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"message_types": {
"type": "array",
"description": "The list of phone factors to enable on the tenant. Can include `sms` and `voice`.",
"items": {
"$ref": "#/components/schemas/GuardianFactorPhoneFactorMessageTypeEnum"
}
}
}
},
"GetGuardianFactorPhoneTemplatesResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"enrollment_message",
"verification_message"
],
"properties": {
"enrollment_message": {
"type": "string",
"description": "Message sent to the user when they are invited to enroll with a phone number.",
"default": "{{code}} is your verification code for {{tenant.friendly_name}}. Please enter this code to verify your enrollment."
},
"verification_message": {
"type": "string",
"description": "Message sent to the user when they are prompted to verify their account.",
"default": "{{code}} is your verification code for {{tenant.friendly_name}}"
}
}
},
"GetGuardianFactorSmsTemplatesResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"enrollment_message",
"verification_message"
],
"properties": {
"enrollment_message": {
"type": "string",
"description": "Message sent to the user when they are invited to enroll with a phone number.",
"default": "{{code}} is your verification code for {{tenant.friendly_name}}. Please enter this code to verify your enrollment."
},
"verification_message": {
"type": "string",
"description": "Message sent to the user when they are prompted to verify their account.",
"default": "{{code}} is your verification code for {{tenant.friendly_name}}"
}
}
},
"GetGuardianFactorsProviderApnsResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"bundle_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 20
},
"sandbox": {
"type": "boolean"
},
"enabled": {
"type": "boolean"
}
}
},
"GetGuardianFactorsProviderPhoneResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"provider": {
"$ref": "#/components/schemas/GuardianFactorsProviderSmsProviderEnum"
}
}
},
"GetGuardianFactorsProviderPhoneTwilioResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"from": {
"type": [
"string",
"null"
],
"description": "From number",
"default": "+1223323",
"minLength": 0,
"maxLength": 64
},
"messaging_service_sid": {
"type": [
"string",
"null"
],
"description": "Copilot SID",
"default": "5dEkAiHLPCuQ1uJj4qNXcAnERFAL6cpq",
"minLength": 1,
"maxLength": 1000
},
"auth_token": {
"type": [
"string",
"null"
],
"description": "Twilio Authentication token",
"default": "zw5Ku6z2sxhd0ZVXto5SDHX6KPDByJPU",
"minLength": 1,
"maxLength": 1000
},
"sid": {
"type": [
"string",
"null"
],
"description": "Twilio SID",
"default": "wywA2BH4VqTpfywiDuyDAYZL3xQjoO40",
"minLength": 1,
"maxLength": 1000
}
}
},
"GetGuardianFactorsProviderPushNotificationResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"provider": {
"$ref": "#/components/schemas/GuardianFactorsProviderPushNotificationProviderDataEnum"
}
}
},
"GetGuardianFactorsProviderSmsResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"provider": {
"$ref": "#/components/schemas/GuardianFactorsProviderSmsProviderEnum"
}
}
},
"GetGuardianFactorsProviderSmsTwilioResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"from": {
"type": [
"string",
"null"
],
"description": "From number",
"default": "+1223323",
"minLength": 0,
"maxLength": 64
},
"messaging_service_sid": {
"type": [
"string",
"null"
],
"description": "Copilot SID",
"default": "5dEkAiHLPCuQ1uJj4qNXcAnERFAL6cpq",
"minLength": 1,
"maxLength": 1000
},
"auth_token": {
"type": [
"string",
"null"
],
"description": "Twilio Authentication token",
"default": "zw5Ku6z2sxhd0ZVXto5SDHX6KPDByJPU",
"minLength": 1,
"maxLength": 1000
},
"sid": {
"type": [
"string",
"null"
],
"description": "Twilio SID",
"default": "wywA2BH4VqTpfywiDuyDAYZL3xQjoO40",
"minLength": 1,
"maxLength": 1000
}
}
},
"GetGuardianFactorsProviderSnsResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"aws_access_key_id": {
"type": [
"string",
"null"
],
"default": "wywA2BH4VqTpfywiDuyDAYZL3xQjoO40",
"minLength": 1,
"maxLength": 1000
},
"aws_secret_access_key": {
"type": [
"string",
"null"
],
"default": "B1ER5JHDGJL3C4sVAKK7SBsq806R3IpL",
"minLength": 1,
"maxLength": 1000
},
"aws_region": {
"type": [
"string",
"null"
],
"default": "us-west-1",
"minLength": 1,
"maxLength": 1000,
"pattern": "^(?:us-east-[0-9]{1,2}|us-west-[0-9]{1,2}|ap-southeast-[0-9]{1,2}|ap-northeast-[0-9]{1,2}|ap-central-[0-9]{1,2}|eu-west-[0-9]{1,2}|eu-central-[0-9]{1,2})$"
},
"sns_apns_platform_application_arn": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 1000
},
"sns_gcm_platform_application_arn": {
"type": [
"string",
"null"
],
"default": "urn://yRMeBxgcCXh8MeTXPBAxhQnm6gP6f5nP",
"minLength": 1,
"maxLength": 1000
}
}
},
"GetHookResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"triggerId": {
"type": "string",
"description": "Trigger ID"
},
"id": {
"type": "string",
"description": "ID of this hook.",
"default": "00001"
},
"name": {
"type": "string",
"description": "Name of this hook.",
"default": "hook"
},
"enabled": {
"type": "boolean",
"description": "Whether this hook will be executed (true) or ignored (false).",
"default": true
},
"script": {
"type": "string",
"description": "Code to be executed when this hook runs.",
"default": "module.exports = function(client, scope, audience, context, cb) cb(null, access_token); };"
},
"dependencies": {
"$ref": "#/components/schemas/HookDependencies"
}
}
},
"GetHookSecretResponseContent": {
"type": "object",
"description": "Hashmap of key-value pairs where the value must be a string.",
"additionalProperties": {
"type": "string"
},
"minProperties": 1,
"maxProperties": 20
},
"GetJobErrorResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"user": {
"$ref": "#/components/schemas/GetJobUserError"
},
"errors": {
"type": "array",
"description": "Errors importing the user.",
"items": {
"$ref": "#/components/schemas/GetJobImportUserError"
}
}
}
},
"GetJobGenericErrorResponseContent": {
"type": "object",
"additionalProperties": true,
"required": [
"id",
"type",
"status"
],
"properties": {
"status": {
"type": "string",
"description": "Status of this job.",
"default": "pending"
},
"type": {
"type": "string",
"description": "Type of job this is.",
"default": "users_import"
},
"created_at": {
"type": "string",
"description": "When this job was created."
},
"id": {
"type": "string",
"description": "ID of this job.",
"default": "job_0000000000000001"
},
"connection_id": {
"type": "string",
"description": "connection_id of the connection this job uses.",
"default": "con_0000000000000001"
},
"status_details": {
"type": "string",
"description": "Status details."
}
}
},
"GetJobImportUserError": {
"type": "object",
"additionalProperties": true,
"properties": {
"code": {
"type": "string",
"description": "Error code."
},
"message": {
"type": "string",
"description": "Error message."
},
"path": {
"type": "string",
"description": "Error field."
}
}
},
"GetJobResponseContent": {
"type": "object",
"additionalProperties": true,
"required": [
"id",
"type",
"status"
],
"properties": {
"status": {
"type": "string",
"description": "Status of this job.",
"default": "pending"
},
"type": {
"type": "string",
"description": "Type of job this is.",
"default": "users_import"
},
"created_at": {
"type": "string",
"description": "When this job was created."
},
"id": {
"type": "string",
"description": "ID of this job.",
"default": "job_0000000000000001"
},
"connection_id": {
"type": "string",
"description": "connection_id of the connection this job uses.",
"default": "con_0000000000000001"
},
"location": {
"type": "string",
"description": "URL to download the result of this job."
},
"percentage_done": {
"type": "integer",
"description": "Completion percentage of this job."
},
"time_left_seconds": {
"type": "integer",
"description": "Estimated time remaining before job completes."
},
"format": {
"$ref": "#/components/schemas/JobFileFormatEnum"
},
"status_details": {
"type": "string",
"description": "Status details."
},
"summary": {
"$ref": "#/components/schemas/GetJobSummary"
}
}
},
"GetJobSummary": {
"type": "object",
"description": "Job execution summary.",
"additionalProperties": true,
"properties": {
"failed": {
"type": "integer",
"description": "Number of failed operations.",
"default": 0
},
"updated": {
"type": "integer",
"description": "Number of updated records.",
"default": 0
},
"inserted": {
"type": "integer",
"description": "Number of inserted records.",
"default": 0
},
"total": {
"type": "integer",
"description": "Total number of operations.",
"default": 0
}
}
},
"GetJobUserError": {
"type": "object",
"description": "User, as provided in the import file",
"additionalProperties": true
},
"GetLogResponseContent": {
"type": "object",
"additionalProperties": true,
"properties": {
"date": {
"$ref": "#/components/schemas/LogDate"
},
"type": {
"type": "string",
"description": "Type of event.",
"default": "sapi"
},
"description": {
"type": [
"string",
"null"
],
"description": "Description of this event."
},
"connection": {
"type": "string",
"description": "Name of the connection the event relates to."
},
"connection_id": {
"type": "string",
"description": "ID of the connection the event relates to."
},
"client_id": {
"type": "string",
"description": "ID of the client (application).",
"default": "AaiyAPdpYdesoKnqjj8HJqRn4T5titww"
},
"client_name": {
"type": "string",
"description": "Name of the client (application).",
"default": "My application Name"
},
"ip": {
"type": "string",
"description": "IP address of the log event source.",
"default": "190.257.209.19"
},
"hostname": {
"type": "string",
"description": "Hostname the event applies to.",
"default": "190.257.209.19"
},
"user_id": {
"type": "string",
"description": "ID of the user involved in the event.",
"default": "auth0|56c75c4e42b6359e98374bc2"
},
"user_name": {
"type": "string",
"description": "Name of the user involved in the event."
},
"audience": {
"type": "string",
"description": "API audience the event applies to."
},
"scope": {
"type": "string",
"description": "Scope permissions applied to the event.",
"default": ""
},
"strategy": {
"type": "string",
"description": "Name of the strategy involved in the event."
},
"strategy_type": {
"type": "string",
"description": "Type of strategy involved in the event."
},
"log_id": {
"type": "string",
"description": "Unique ID of the event."
},
"isMobile": {
"type": "boolean",
"description": "Whether the client was a mobile device (true) or desktop/laptop/server (false)."
},
"details": {
"$ref": "#/components/schemas/LogDetails"
},
"user_agent": {
"type": "string",
"description": "User agent string from the client device that caused the event."
},
"security_context": {
"$ref": "#/components/schemas/LogSecurityContext"
},
"location_info": {
"$ref": "#/components/schemas/LogLocationInfo"
}
}
},
"GetLogStreamResponseContent": {
"oneOf": [
{
"$ref": "#/components/schemas/LogStreamHttpResponseSchema"
},
{
"$ref": "#/components/schemas/LogStreamEventBridgeResponseSchema"
},
{
"$ref": "#/components/schemas/LogStreamEventGridResponseSchema"
},
{
"$ref": "#/components/schemas/LogStreamDatadogResponseSchema"
},
{
"$ref": "#/components/schemas/LogStreamSplunkResponseSchema"
},
{
"$ref": "#/components/schemas/LogStreamSumoResponseSchema"
},
{
"$ref": "#/components/schemas/LogStreamSegmentResponseSchema"
},
{
"$ref": "#/components/schemas/LogStreamMixpanelResponseSchema"
}
]
},
"GetNetworkAclsResponseContent": {
"type": "object",
"additionalProperties": true,
"properties": {
"id": {
"type": "string"
},
"description": {
"type": "string"
},
"active": {
"type": "boolean"
},
"priority": {
"type": "number",
"minimum": 1,
"maximum": 100
},
"rule": {
"$ref": "#/components/schemas/NetworkAclRule"
},
"created_at": {
"type": "string",
"description": "The timestamp when the Network ACL Configuration was created"
},
"updated_at": {
"type": "string",
"description": "The timestamp when the Network ACL Configuration was last updated"
}
}
},
"GetOrganizationAllConnectionResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"connection_id"
],
"properties": {
"organization_connection_name": {
"type": "string",
"description": "Name of the connection in the scope of this organization.",
"minLength": 1,
"maxLength": 50,
"pattern": "^[^\u0000]*$"
},
"assign_membership_on_login": {
"type": "boolean",
"description": "When true, all users that log in with this connection will be automatically granted membership in the organization. When false, users must be granted membership in the organization before logging in with this connection."
},
"show_as_button": {
"type": "boolean",
"description": "Determines whether a connection should be displayed on this organization’s login prompt. Only applicable for enterprise connections. Default: true."
},
"is_signup_enabled": {
"type": "boolean",
"description": "Determines whether organization signup should be enabled for this organization connection. Only applicable for database connections. Default: false."
},
"organization_access_level": {
"$ref": "#/components/schemas/OrganizationAccessLevelEnum"
},
"is_enabled": {
"type": "boolean",
"description": "Whether the connection is enabled for the organization."
},
"connection_id": {
"type": "string",
"description": "Connection identifier.",
"minLength": 1,
"maxLength": 50,
"format": "connection-id"
},
"connection": {
"$ref": "#/components/schemas/OrganizationConnectionInformation"
}
}
},
"GetOrganizationByNameResponseContent": {
"type": "object",
"additionalProperties": true,
"properties": {
"id": {
"type": "string",
"description": "Organization identifier.",
"maxLength": 50,
"format": "organization-id"
},
"name": {
"type": "string",
"description": "The name of this organization.",
"default": "organization-1",
"minLength": 1,
"maxLength": 50,
"format": "organization-name"
},
"display_name": {
"type": "string",
"description": "Friendly name of this organization.",
"default": "Acme Users",
"minLength": 1,
"maxLength": 255
},
"branding": {
"$ref": "#/components/schemas/OrganizationBranding"
},
"metadata": {
"$ref": "#/components/schemas/OrganizationMetadata"
},
"token_quota": {
"$ref": "#/components/schemas/TokenQuota",
"x-release-lifecycle": "EA"
}
}
},
"GetOrganizationConnectionResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"connection_id": {
"type": "string",
"description": "ID of the connection."
},
"assign_membership_on_login": {
"type": "boolean",
"description": "When true, all users that log in with this connection will be automatically granted membership in the organization. When false, users must be granted membership in the organization before logging in with this connection."
},
"show_as_button": {
"type": "boolean",
"description": "Determines whether a connection should be displayed on this organization’s login prompt. Only applicable for enterprise connections. Default: true."
},
"is_signup_enabled": {
"type": "boolean",
"description": "Determines whether organization signup should be enabled for this organization connection. Only applicable for database connections. Default: false."
},
"connection": {
"$ref": "#/components/schemas/OrganizationConnectionInformation"
}
}
},
"GetOrganizationDiscoveryDomainByNameResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"id",
"domain",
"status",
"verification_txt",
"verification_host"
],
"properties": {
"id": {
"type": "string",
"description": "Organization discovery domain identifier.",
"format": "organization-discovery-domain-id"
},
"domain": {
"type": "string",
"description": "The domain name to associate with the organization e.g. acme.com.",
"minLength": 3,
"maxLength": 255,
"pattern": "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9-]*[A-Za-z0-9])$"
},
"status": {
"$ref": "#/components/schemas/OrganizationDiscoveryDomainStatus"
},
"use_for_organization_discovery": {
"type": "boolean",
"description": "Indicates whether this domain should be used for organization discovery."
},
"verification_txt": {
"type": "string",
"description": "A unique token generated for the discovery domain. This must be placed in a DNS TXT record at the location specified by the verification_host field to prove domain ownership."
},
"verification_host": {
"type": "string",
"description": "The full domain where the TXT record should be added."
}
}
},
"GetOrganizationDiscoveryDomainResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"id",
"domain",
"status",
"verification_txt",
"verification_host"
],
"properties": {
"id": {
"type": "string",
"description": "Organization discovery domain identifier.",
"format": "organization-discovery-domain-id"
},
"domain": {
"type": "string",
"description": "The domain name to associate with the organization e.g. acme.com.",
"minLength": 3,
"maxLength": 255,
"pattern": "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9-]*[A-Za-z0-9])$"
},
"status": {
"$ref": "#/components/schemas/OrganizationDiscoveryDomainStatus"
},
"use_for_organization_discovery": {
"type": "boolean",
"description": "Indicates whether this domain should be used for organization discovery."
},
"verification_txt": {
"type": "string",
"description": "A unique token generated for the discovery domain. This must be placed in a DNS TXT record at the location specified by the verification_host field to prove domain ownership."
},
"verification_host": {
"type": "string",
"description": "The full domain where the TXT record should be added."
}
}
},
"GetOrganizationInvitationResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"type": "string",
"description": "The id of the user invitation.",
"default": "uinv_0000000000000001",
"format": "user-invitation-id"
},
"organization_id": {
"type": "string",
"description": "Organization identifier.",
"maxLength": 50,
"format": "organization-id"
},
"inviter": {
"$ref": "#/components/schemas/OrganizationInvitationInviter"
},
"invitee": {
"$ref": "#/components/schemas/OrganizationInvitationInvitee"
},
"invitation_url": {
"type": "string",
"description": "The invitation url to be send to the invitee.",
"default": "https://mycompany.org/login?invitation=f81dWWYW6gzGGicxT8Ha0txBkGNcAcYr&organization=org_0000000000000001&organization_name=acme",
"format": "strict-https-uri"
},
"created_at": {
"type": "string",
"description": "The ISO 8601 formatted timestamp representing the creation time of the invitation.",
"default": "2020-08-20T19:10:06.299Z",
"format": "date-time"
},
"expires_at": {
"type": "string",
"description": "The ISO 8601 formatted timestamp representing the expiration time of the invitation.",
"default": "2020-08-27T19:10:06.299Z",
"format": "date-time"
},
"client_id": {
"type": "string",
"description": "Auth0 client ID. Used to resolve the application's login initiation endpoint.",
"default": "AaiyAPdpYdesoKnqjj8HJqRn4T5titww",
"format": "client-id"
},
"connection_id": {
"type": "string",
"description": "The id of the connection to force invitee to authenticate with.",
"default": "con_0000000000000001",
"format": "connection-id"
},
"app_metadata": {
"$ref": "#/components/schemas/AppMetadata"
},
"user_metadata": {
"$ref": "#/components/schemas/UserMetadata"
},
"roles": {
"type": "array",
"description": "List of roles IDs to associated with the user.",
"minItems": 1,
"items": {
"type": "string",
"format": "role-id"
}
},
"ticket_id": {
"type": "string",
"description": "The id of the invitation ticket",
"format": "ticket-id"
}
}
},
"GetOrganizationResponseContent": {
"type": "object",
"additionalProperties": true,
"properties": {
"id": {
"type": "string",
"description": "Organization identifier.",
"maxLength": 50,
"format": "organization-id"
},
"name": {
"type": "string",
"description": "The name of this organization.",
"default": "organization-1",
"minLength": 1,
"maxLength": 50,
"format": "organization-name"
},
"display_name": {
"type": "string",
"description": "Friendly name of this organization.",
"default": "Acme Users",
"minLength": 1,
"maxLength": 255
},
"branding": {
"$ref": "#/components/schemas/OrganizationBranding"
},
"metadata": {
"$ref": "#/components/schemas/OrganizationMetadata"
},
"token_quota": {
"$ref": "#/components/schemas/TokenQuota",
"x-release-lifecycle": "EA"
}
}
},
"GetPartialsResponseContent": {
"type": "object",
"description": "An object containing template partials for a group of screens.",
"additionalProperties": true
},
"GetPhoneTemplateResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"content",
"disabled",
"id",
"type"
],
"properties": {
"id": {
"type": "string",
"minLength": 1,
"maxLength": 255
},
"channel": {
"type": "string"
},
"customizable": {
"type": "boolean"
},
"tenant": {
"type": "string",
"minLength": 1,
"maxLength": 255
},
"content": {
"$ref": "#/components/schemas/PhoneTemplateContent"
},
"type": {
"$ref": "#/components/schemas/PhoneTemplateNotificationTypeEnum"
},
"disabled": {
"type": "boolean",
"description": "Whether the template is enabled (false) or disabled (true).",
"default": false
}
}
},
"GetRefreshTokenResponseContent": {
"type": "object",
"additionalProperties": true,
"properties": {
"id": {
"type": "string",
"description": "The ID of the refresh token"
},
"user_id": {
"type": "string",
"description": "ID of the user which can be used when interacting with other APIs.",
"default": "auth0|507f1f77bcf86cd799439020"
},
"created_at": {
"$ref": "#/components/schemas/RefreshTokenDate"
},
"idle_expires_at": {
"$ref": "#/components/schemas/RefreshTokenDate"
},
"expires_at": {
"$ref": "#/components/schemas/RefreshTokenDate"
},
"device": {
"$ref": "#/components/schemas/RefreshTokenDevice"
},
"client_id": {
"type": "string",
"description": "ID of the client application granted with this refresh token"
},
"session_id": {
"$ref": "#/components/schemas/RefreshTokenSessionId"
},
"rotating": {
"type": "boolean",
"description": "True if the token is a rotating refresh token"
},
"resource_servers": {
"type": "array",
"description": "A list of the resource server IDs associated to this refresh-token and their granted scopes",
"items": {
"$ref": "#/components/schemas/RefreshTokenResourceServer"
}
},
"refresh_token_metadata": {
"$ref": "#/components/schemas/RefreshTokenMetadata"
},
"last_exchanged_at": {
"$ref": "#/components/schemas/RefreshTokenDate"
}
}
},
"GetRefreshTokensPaginatedResponseContent": {
"type": "object",
"additionalProperties": true,
"properties": {
"refresh_tokens": {
"type": "array",
"items": {
"$ref": "#/components/schemas/RefreshTokenResponseContent"
}
},
"next": {
"type": "string",
"description": "A cursor to be used as the \"from\" query parameter for the next page of results."
}
}
},
"GetResourceServerResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"type": "string",
"description": "ID of the API (resource server)."
},
"name": {
"type": "string",
"description": "Friendly name for this resource server. Can not contain `<` or `>` characters."
},
"is_system": {
"type": "boolean",
"description": "Whether this is an Auth0 system API (true) or a custom API (false)."
},
"identifier": {
"type": "string",
"description": "Unique identifier for the API used as the audience parameter on authorization calls. Can not be changed once set."
},
"scopes": {
"type": "array",
"description": "List of permissions (scopes) that this API uses.",
"items": {
"$ref": "#/components/schemas/ResourceServerScope"
}
},
"signing_alg": {
"$ref": "#/components/schemas/SigningAlgorithmEnum"
},
"signing_secret": {
"type": "string",
"description": "Secret used to sign tokens when using symmetric algorithms (HS256).",
"minLength": 16
},
"allow_offline_access": {
"type": "boolean",
"description": "Whether refresh tokens can be issued for this API (true) or not (false)."
},
"allow_online_access": {
"type": "boolean",
"description": "Whether Online Refresh Tokens can be issued for this API (true) or not (false)."
},
"skip_consent_for_verifiable_first_party_clients": {
"type": "boolean",
"description": "Whether to skip user consent for applications flagged as first party (true) or not (false)."
},
"token_lifetime": {
"type": "integer",
"description": "Expiration value (in seconds) for access tokens issued for this API from the token endpoint."
},
"token_lifetime_for_web": {
"type": "integer",
"description": "Expiration value (in seconds) for access tokens issued for this API via Implicit or Hybrid Flows. Cannot be greater than the `token_lifetime` value."
},
"enforce_policies": {
"type": "boolean",
"description": "Whether authorization polices are enforced (true) or unenforced (false)."
},
"token_dialect": {
"$ref": "#/components/schemas/ResourceServerTokenDialectResponseEnum"
},
"token_encryption": {
"$ref": "#/components/schemas/ResourceServerTokenEncryption"
},
"consent_policy": {
"$ref": "#/components/schemas/ResourceServerConsentPolicyEnum"
},
"authorization_details": {
"type": [
"array",
"null"
],
"items": {}
},
"proof_of_possession": {
"$ref": "#/components/schemas/ResourceServerProofOfPossession"
},
"subject_type_authorization": {
"$ref": "#/components/schemas/ResourceServerSubjectTypeAuthorization"
},
"authorization_policy": {
"$ref": "#/components/schemas/ResourceServerAuthorizationPolicy",
"x-release-lifecycle": "EA"
},
"client_id": {
"type": "string",
"description": "The client ID of the client that this resource server is linked to",
"format": "client-id"
}
}
},
"GetRiskAssessmentsSettingsNewDeviceResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"remember_for"
],
"properties": {
"remember_for": {
"type": "integer",
"description": "Length of time to remember devices for, in days.",
"minimum": 1,
"maximum": 365
}
}
},
"GetRiskAssessmentsSettingsResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"enabled"
],
"properties": {
"enabled": {
"type": "boolean",
"description": "Whether or not risk assessment is enabled."
}
}
},
"GetRoleResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"type": "string",
"description": "ID for this role."
},
"name": {
"type": "string",
"description": "Name of this role."
},
"description": {
"type": "string",
"description": "Description of this role."
}
}
},
"GetRuleResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"name": {
"type": "string",
"description": "Name of this rule.",
"default": "rule_1"
},
"id": {
"type": "string",
"description": "ID of this rule.",
"default": "con_0000000000000001"
},
"enabled": {
"type": "boolean",
"description": "Whether the rule is enabled (true), or disabled (false).",
"default": true
},
"script": {
"type": "string",
"description": "Code to be executed when this rule runs.",
"default": "function (user, context, callback) {\n callback(null, user, context);\n}"
},
"order": {
"type": "number",
"description": "Order that this rule should execute in relative to other rules. Lower-valued rules execute first.",
"default": 1
},
"stage": {
"type": "string",
"description": "Execution stage of this rule. Can be `login_success`, `login_failure`, or `pre_authorize`.",
"default": "login_success"
}
}
},
"GetScimConfigurationDefaultMappingResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"mapping": {
"type": "array",
"description": "The mapping between auth0 and SCIM",
"items": {
"$ref": "#/components/schemas/ScimMappingItem"
}
}
}
},
"GetScimConfigurationResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"tenant_name",
"connection_id",
"connection_name",
"strategy",
"created_at",
"updated_on",
"mapping",
"user_id_attribute"
],
"properties": {
"connection_id": {
"type": "string",
"description": "The connection's identifier"
},
"connection_name": {
"type": "string",
"description": "The connection's name"
},
"strategy": {
"type": "string",
"description": "The connection's strategy"
},
"tenant_name": {
"type": "string",
"description": "The tenant's name"
},
"user_id_attribute": {
"type": "string",
"description": "User ID attribute for generating unique user ids"
},
"mapping": {
"type": "array",
"description": "The mapping between auth0 and SCIM",
"items": {
"$ref": "#/components/schemas/ScimMappingItem"
}
},
"created_at": {
"type": "string",
"description": "The ISO 8601 date and time the SCIM configuration was created at",
"format": "date-time"
},
"updated_on": {
"type": "string",
"description": "The ISO 8601 date and time the SCIM configuration was last updated on",
"format": "date-time"
}
}
},
"GetScimTokensResponseContent": {
"type": "array",
"description": "The list of scim tokens for scim clients",
"items": {
"$ref": "#/components/schemas/ScimTokenItem"
}
},
"GetSelfServiceProfileResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"type": "string",
"description": "The unique ID of the self-service Profile.",
"default": "ssp_n7SNCL8seoyV1TuSTCnAeo"
},
"name": {
"type": "string",
"description": "The name of the self-service Profile."
},
"description": {
"type": "string",
"description": "The description of the self-service Profile."
},
"user_attributes": {
"type": "array",
"description": "List of attributes to be mapped that will be shown to the user during the Self-Service Enterprise Configuration flow.",
"items": {
"$ref": "#/components/schemas/SelfServiceProfileUserAttribute"
}
},
"created_at": {
"type": "string",
"description": "The time when this self-service Profile was created.",
"default": "2021-01-01T00:00:00.000Z",
"format": "date-time"
},
"updated_at": {
"type": "string",
"description": "The time when this self-service Profile was updated.",
"default": "2021-01-01T00:00:00.000Z",
"format": "date-time"
},
"branding": {
"$ref": "#/components/schemas/SelfServiceProfileBrandingProperties"
},
"allowed_strategies": {
"type": "array",
"description": "List of IdP strategies that will be shown to users during the Self-Service Enterprise Configuration flow. Possible values: [`oidc`, `samlp`, `waad`, `google-apps`, `adfs`, `okta`, `auth0-samlp`, `okta-samlp`, `keycloak-samlp`, `pingfederate`]",
"minItems": 1,
"items": {
"$ref": "#/components/schemas/SelfServiceProfileAllowedStrategyEnum"
}
},
"user_attribute_profile_id": {
"type": "string",
"description": "ID of the user-attribute-profile to associate with this self-service profile.",
"format": "user-attribute-profile-id",
"x-release-lifecycle": "EA"
}
}
},
"GetSessionResponseContent": {
"type": "object",
"additionalProperties": true,
"properties": {
"id": {
"type": "string",
"description": "The ID of the session"
},
"user_id": {
"type": "string",
"description": "ID of the user which can be used when interacting with other APIs."
},
"created_at": {
"$ref": "#/components/schemas/SessionDate"
},
"updated_at": {
"$ref": "#/components/schemas/SessionDate"
},
"authenticated_at": {
"$ref": "#/components/schemas/SessionDate"
},
"idle_expires_at": {
"$ref": "#/components/schemas/SessionDate"
},
"expires_at": {
"$ref": "#/components/schemas/SessionDate"
},
"last_interacted_at": {
"$ref": "#/components/schemas/SessionDate"
},
"device": {
"$ref": "#/components/schemas/SessionDeviceMetadata"
},
"clients": {
"type": "array",
"description": "List of client details for the session",
"items": {
"$ref": "#/components/schemas/SessionClientMetadata"
}
},
"authentication": {
"$ref": "#/components/schemas/SessionAuthenticationSignals"
},
"cookie": {
"$ref": "#/components/schemas/SessionCookieMetadata"
},
"session_metadata": {
"$ref": "#/components/schemas/SessionMetadata"
}
}
},
"GetSettingsResponseContent": {
"type": "object",
"additionalProperties": true,
"properties": {
"universal_login_experience": {
"$ref": "#/components/schemas/UniversalLoginExperienceEnum"
},
"identifier_first": {
"type": "boolean",
"description": "Whether identifier first is enabled or not"
},
"webauthn_platform_first_factor": {
"type": "boolean",
"description": "Use WebAuthn with Device Biometrics as the first authentication factor"
}
}
},
"GetSigningKeysResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"cert",
"kid",
"fingerprint",
"thumbprint"
],
"properties": {
"kid": {
"type": "string",
"description": "The key id of the signing key",
"default": "21hi274Rp02112mgkUGma"
},
"cert": {
"type": "string",
"description": "The public certificate of the signing key",
"default": "-----BEGIN CERTIFICATE-----\r\nMIIDDTCCA...YiA0TQhAt8=\r\n-----END CERTIFICATE-----"
},
"pkcs7": {
"type": "string",
"description": "The public certificate of the signing key in pkcs7 format",
"default": "-----BEGIN PKCS7-----\r\nMIIDPA....t8xAA==\r\n-----END PKCS7-----"
},
"current": {
"type": "boolean",
"description": "True if the key is the the current key",
"default": true
},
"next": {
"type": "boolean",
"description": "True if the key is the the next key"
},
"previous": {
"type": "boolean",
"description": "True if the key is the the previous key"
},
"current_since": {
"$ref": "#/components/schemas/SigningKeysDate"
},
"current_until": {
"$ref": "#/components/schemas/SigningKeysDate"
},
"fingerprint": {
"type": "string",
"description": "The cert fingerprint",
"default": "CC:FB:DD:D8:9A:B5:DE:1B:F0:CC:36:D2:99:59:21:12:03:DD:A8:25"
},
"thumbprint": {
"type": "string",
"description": "The cert thumbprint",
"default": "CCFBDDD89AB5DE1BF0CC36D29959211203DDA825"
},
"revoked": {
"type": "boolean",
"description": "True if the key is revoked"
},
"revoked_at": {
"$ref": "#/components/schemas/SigningKeysDate"
}
}
},
"GetSupplementalSignalsResponseContent": {
"type": "object",
"additionalProperties": true,
"properties": {
"akamai_enabled": {
"type": "boolean",
"description": "Indicates if incoming Akamai Headers should be processed"
}
}
},
"GetSuspiciousIPThrottlingSettingsResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"enabled": {
"type": "boolean",
"description": "Whether or not suspicious IP throttling attack protections are active."
},
"shields": {
"type": "array",
"description": "Action to take when a suspicious IP throttling threshold is violated.\n Possible values: block, admin_notification.",
"items": {
"$ref": "#/components/schemas/SuspiciousIPThrottlingShieldsEnum"
}
},
"allowlist": {
"$ref": "#/components/schemas/SuspiciousIPThrottlingAllowlist"
},
"stage": {
"$ref": "#/components/schemas/SuspiciousIPThrottlingStage"
}
}
},
"GetTenantSettingsResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"change_password": {
"$ref": "#/components/schemas/TenantSettingsPasswordPage"
},
"guardian_mfa_page": {
"$ref": "#/components/schemas/TenantSettingsGuardianPage"
},
"default_audience": {
"type": "string",
"description": "Default audience for API authorization.",
"default": ""
},
"default_directory": {
"type": "string",
"description": "Name of connection used for password grants at the `/token`endpoint. The following connection types are supported: LDAP, AD, Database Connections, Passwordless, Windows Azure Active Directory, ADFS.",
"default": ""
},
"error_page": {
"$ref": "#/components/schemas/TenantSettingsErrorPage"
},
"device_flow": {
"$ref": "#/components/schemas/TenantSettingsDeviceFlow"
},
"default_token_quota": {
"$ref": "#/components/schemas/DefaultTokenQuota",
"x-release-lifecycle": "EA"
},
"flags": {
"$ref": "#/components/schemas/TenantSettingsFlags"
},
"friendly_name": {
"type": "string",
"description": "Friendly name for this tenant.",
"default": "My Company"
},
"picture_url": {
"type": "string",
"description": "URL of logo to be shown for this tenant (recommended size: 150x150)",
"default": "https://mycompany.org/logo.png",
"format": "absolute-uri-or-empty"
},
"support_email": {
"type": "string",
"description": "End-user support email address.",
"default": "support@mycompany.org",
"format": "email-or-empty"
},
"support_url": {
"type": "string",
"description": "End-user support URL.",
"default": "https://mycompany.org/support",
"format": "absolute-uri-or-empty"
},
"allowed_logout_urls": {
"type": "array",
"description": "URLs that are valid to redirect to after logout from Auth0.",
"items": {
"type": "string",
"format": "url"
}
},
"session_lifetime": {
"type": "number",
"description": "Number of hours a session will stay valid.",
"default": 168
},
"idle_session_lifetime": {
"type": "number",
"description": "Number of hours for which a session can be inactive before the user must log in again.",
"default": 72
},
"ephemeral_session_lifetime": {
"type": "number",
"description": "Number of hours an ephemeral (non-persistent) session will stay valid.",
"default": 72,
"minimum": 1
},
"idle_ephemeral_session_lifetime": {
"type": "number",
"description": "Number of hours for which an ephemeral (non-persistent) session can be inactive before the user must log in again.",
"default": 24,
"minimum": 1
},
"sandbox_version": {
"type": "string",
"description": "Selected sandbox version for the extensibility environment.",
"default": "22"
},
"legacy_sandbox_version": {
"type": "string",
"description": "Selected sandbox version for rules and hooks extensibility.",
"default": ""
},
"sandbox_versions_available": {
"type": "array",
"description": "Available sandbox versions for the extensibility environment.",
"items": {
"type": "string"
}
},
"default_redirection_uri": {
"type": "string",
"description": "The default absolute redirection uri, must be https"
},
"enabled_locales": {
"type": "array",
"description": "Supported locales for the user interface.",
"items": {
"$ref": "#/components/schemas/SupportedLocales"
}
},
"session_cookie": {
"$ref": "#/components/schemas/SessionCookieSchema"
},
"sessions": {
"$ref": "#/components/schemas/TenantSettingsSessions"
},
"oidc_logout": {
"$ref": "#/components/schemas/TenantOIDCLogoutSettings"
},
"allow_organization_name_in_authentication_api": {
"type": "boolean",
"description": "Whether to accept an organization name instead of an ID on auth endpoints",
"default": false
},
"customize_mfa_in_postlogin_action": {
"type": "boolean",
"description": "Whether to enable flexible factors for MFA in the PostLogin action",
"default": false
},
"acr_values_supported": {
"type": [
"array",
"null"
],
"description": "Supported ACR values",
"minItems": 0,
"items": {
"type": "string",
"format": "acr"
}
},
"mtls": {
"$ref": "#/components/schemas/TenantSettingsMTLS"
},
"pushed_authorization_requests_supported": {
"type": "boolean",
"description": "Enables the use of Pushed Authorization Requests",
"default": false
},
"authorization_response_iss_parameter_supported": {
"type": [
"boolean",
"null"
],
"description": "Supports iss parameter in authorization responses",
"default": false
},
"skip_non_verifiable_callback_uri_confirmation_prompt": {
"type": [
"boolean",
"null"
],
"description": "Controls whether a confirmation prompt is shown during login flows when the redirect URI uses non-verifiable callback URIs (for example, a custom URI schema such as `myapp://`, or `localhost`).\nIf set to true, a confirmation prompt will not be shown. We recommend that this is set to false for improved protection from malicious apps.\nSee https://auth0.com/docs/secure/security-guidance/measures-against-app-impersonation for more information."
},
"resource_parameter_profile": {
"$ref": "#/components/schemas/TenantSettingsResourceParameterProfile",
"x-release-lifecycle": "GA"
},
"client_id_metadata_document_supported": {
"type": "boolean",
"description": "Whether the authorization server supports retrieving client metadata from a client_id URL.",
"default": false,
"x-release-lifecycle": "EA"
},
"phone_consolidated_experience": {
"type": "boolean",
"description": "Whether Phone Consolidated Experience is enabled for this tenant."
},
"enable_ai_guide": {
"type": "boolean",
"description": "Whether Auth0 Guide (AI-powered assistance) is enabled for this tenant."
},
"dynamic_client_registration_security_mode": {
"$ref": "#/components/schemas/TenantSettingsDynamicClientRegistrationSecurityMode",
"x-release-lifecycle": "GA"
}
}
},
"GetTokenExchangeProfileResponseContent": {
"type": "object",
"additionalProperties": true,
"properties": {
"id": {
"type": "string",
"description": "The unique ID of the token exchange profile.",
"format": "token-exchange-profile-id"
},
"name": {
"type": "string",
"description": "Friendly name of this profile.",
"default": "Token Exchange Profile 1",
"minLength": 3,
"maxLength": 50
},
"subject_token_type": {
"type": "string",
"description": "Subject token type for this profile. When receiving a token exchange request on the Authentication API, the corresponding token exchange profile with a matching subject_token_type will be executed. This must be a URI.",
"minLength": 8,
"maxLength": 100,
"format": "url"
},
"action_id": {
"type": "string",
"description": "The ID of the Custom Token Exchange action to execute for this profile, in order to validate the subject_token. The action must use the custom-token-exchange trigger.",
"minLength": 1,
"maxLength": 36
},
"type": {
"$ref": "#/components/schemas/TokenExchangeProfileTypeEnum"
},
"created_at": {
"type": "string",
"description": "The time when this profile was created.",
"default": "2024-01-01T00:00:00.000Z",
"format": "date-time"
},
"updated_at": {
"type": "string",
"description": "The time when this profile was updated.",
"default": "2024-01-01T00:00:00.000Z",
"format": "date-time"
}
}
},
"GetUniversalLoginTemplate": {
"type": "object",
"additionalProperties": false,
"properties": {
"body": {
"type": "string",
"description": "The custom page template for the New Universal Login Experience"
}
}
},
"GetUniversalLoginTemplateResponseContent": {
"type": "object",
"oneOf": [
{
"$ref": "#/components/schemas/GetUniversalLoginTemplate"
},
{
"type": "string",
"description": "The custom page template for the New Universal Login Experience"
}
]
},
"GetUserAttributeProfileResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"$ref": "#/components/schemas/UserAttributeProfileId"
},
"name": {
"$ref": "#/components/schemas/UserAttributeProfileName"
},
"user_id": {
"$ref": "#/components/schemas/UserAttributeProfileUserId"
},
"user_attributes": {
"$ref": "#/components/schemas/UserAttributeProfileUserAttributes"
}
}
},
"GetUserAttributeProfileTemplateResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"type": "string",
"description": "The id of the template."
},
"display_name": {
"type": "string",
"description": "The user-friendly name of the template displayed in the UI."
},
"template": {
"$ref": "#/components/schemas/UserAttributeProfileTemplate"
}
}
},
"GetUserAuthenticationMethodResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"id",
"type",
"created_at"
],
"properties": {
"id": {
"type": "string",
"description": "The ID of the authentication method (auto generated)"
},
"type": {
"$ref": "#/components/schemas/AuthenticationMethodTypeEnum"
},
"confirmed": {
"type": "boolean",
"description": "The authentication method status"
},
"name": {
"type": "string",
"description": "A human-readable label to identify the authentication method",
"maxLength": 20
},
"authentication_methods": {
"type": "array",
"items": {
"$ref": "#/components/schemas/UserAuthenticationMethodProperties"
}
},
"preferred_authentication_method": {
"$ref": "#/components/schemas/PreferredAuthenticationMethodEnum"
},
"link_id": {
"type": "string",
"description": "The ID of a linked authentication method. Linked authentication methods will be deleted together."
},
"phone_number": {
"type": "string",
"description": "Applies to phone authentication methods only. The destination phone number used to send verification codes via text and voice."
},
"email": {
"type": "string",
"description": "Applies to email and email-verification authentication methods only. The email address used to send verification messages."
},
"key_id": {
"type": "string",
"description": "Applies to webauthn authentication methods only. The ID of the generated credential."
},
"public_key": {
"type": "string",
"description": "Applies to webauthn authentication methods only. The public key."
},
"created_at": {
"type": "string",
"description": "Authenticator creation date",
"format": "date-time"
},
"enrolled_at": {
"type": "string",
"description": "Enrollment date",
"format": "date-time"
},
"last_auth_at": {
"type": "string",
"description": "Last authentication",
"format": "date-time"
},
"credential_device_type": {
"type": "string",
"description": "Applies to passkeys only. The kind of device the credential is stored on as defined by backup eligibility. \"single_device\" credentials cannot be backed up and synced to another device, \"multi_device\" credentials can be backed up if enabled by the end-user."
},
"credential_backed_up": {
"type": "boolean",
"description": "Applies to passkeys only. Whether the credential was backed up."
},
"identity_user_id": {
"type": "string",
"description": "Applies to passkeys only. The ID of the user identity linked with the authentication method."
},
"user_agent": {
"type": "string",
"description": "Applies to passkeys only. The user-agent of the browser used to create the passkey."
},
"aaguid": {
"type": "string",
"description": "Applies to passkey authentication methods only. Authenticator Attestation Globally Unique Identifier."
},
"relying_party_identifier": {
"type": "string",
"description": "Applies to webauthn/passkey authentication methods only. The credential's relying party identifier."
}
}
},
"GetUserGroupsPaginatedResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"groups"
],
"properties": {
"groups": {
"type": "array",
"items": {
"$ref": "#/components/schemas/UserGroupsResponseSchema"
}
},
"next": {
"type": "string",
"description": "A cursor to be used as the \"from\" query parameter for the next page of results."
},
"start": {
"type": "number"
},
"limit": {
"type": "number"
},
"total": {
"type": "number"
}
}
},
"GetUserGroupsResponseContent": {
"oneOf": [
{
"type": "array",
"items": {
"$ref": "#/components/schemas/UserGroupsResponseSchema"
}
},
{
"$ref": "#/components/schemas/GetUserGroupsPaginatedResponseContent"
}
]
},
"GetUserResponseContent": {
"type": "object",
"additionalProperties": true,
"properties": {
"user_id": {
"type": "string",
"description": "ID of the user which can be used when interacting with other APIs.",
"default": "auth0|507f1f77bcf86cd799439020"
},
"email": {
"type": "string",
"description": "Email address of this user.",
"default": "john.doe@gmail.com",
"format": "email"
},
"email_verified": {
"type": "boolean",
"description": "Whether this email address is verified (true) or unverified (false).",
"default": false
},
"username": {
"type": "string",
"description": "Username of this user.",
"default": "johndoe"
},
"phone_number": {
"type": "string",
"description": "Phone number for this user. Follows the E.164 recommendation.",
"default": "+199999999999999"
},
"phone_verified": {
"type": "boolean",
"description": "Whether this phone number has been verified (true) or not (false).",
"default": false
},
"created_at": {
"$ref": "#/components/schemas/UserDateSchema"
},
"updated_at": {
"$ref": "#/components/schemas/UserDateSchema"
},
"identities": {
"type": "array",
"description": "Array of user identity objects when accounts are linked.",
"items": {
"$ref": "#/components/schemas/UserIdentitySchema"
}
},
"app_metadata": {
"$ref": "#/components/schemas/UserAppMetadataSchema"
},
"user_metadata": {
"$ref": "#/components/schemas/UserMetadataSchema"
},
"picture": {
"type": "string",
"description": "URL to picture, photo, or avatar of this user."
},
"name": {
"type": "string",
"description": "Name of this user."
},
"nickname": {
"type": "string",
"description": "Preferred nickname or alias of this user."
},
"multifactor": {
"type": "array",
"description": "List of multi-factor authentication providers with which this user has enrolled.",
"items": {
"type": "string"
}
},
"last_ip": {
"type": "string",
"description": "Last IP address from which this user logged in."
},
"last_login": {
"$ref": "#/components/schemas/UserDateSchema"
},
"logins_count": {
"type": "integer",
"description": "Total number of logins this user has performed."
},
"blocked": {
"type": "boolean",
"description": "Whether this user was blocked by an administrator (true) or is not (false)."
},
"given_name": {
"type": "string",
"description": "Given name/first name/forename of this user."
},
"family_name": {
"type": "string",
"description": "Family name/last name/surname of this user."
}
}
},
"GetVerifiableCredentialTemplateResponseContent": {
"type": "object",
"additionalProperties": true,
"properties": {
"id": {
"type": "string",
"description": "The id of the template.",
"default": "vct_0000000000000001"
},
"name": {
"type": "string",
"description": "The name of the template."
},
"type": {
"type": "string",
"description": "The type of the template.",
"default": "mdl"
},
"dialect": {
"type": "string",
"description": "The dialect of the template.",
"default": "simplified/1.0",
"maxLength": 255
},
"presentation": {
"$ref": "#/components/schemas/MdlPresentationRequest"
},
"custom_certificate_authority": {
"type": [
"string",
"null"
],
"description": "The custom certificate authority.",
"minLength": 1,
"maxLength": 4096
},
"well_known_trusted_issuers": {
"type": [
"string",
"null"
],
"description": "The well-known trusted issuers, comma separated.",
"minLength": 1,
"maxLength": 255
},
"created_at": {
"type": "string",
"description": "The date and time the template was created.",
"default": "2021-01-01T00:00:00Z",
"format": "date-time"
},
"updated_at": {
"type": "string",
"description": "The date and time the template was created.",
"default": "2021-01-01T00:00:00Z",
"format": "date-time"
}
}
},
"Group": {
"type": "object",
"description": "Represents the metadata of a group. Member lists are retrieved via a separate endpoint.",
"additionalProperties": true,
"properties": {
"id": {
"type": "string",
"description": "Unique identifier for the group (service-generated).",
"minLength": 18,
"maxLength": 26,
"pattern": "^grp_[1-9a-km-zA-HJ-NP-Z]{14,22}$"
},
"name": {
"type": "string",
"description": "Name of the group. Must be unique within its connection. Must contain between 1 and 128 printable ASCII characters.",
"minLength": 1,
"maxLength": 128,
"pattern": "^[\\x20-\\x7E]+$"
},
"external_id": {
"type": "string",
"description": "External identifier for the group, often used for SCIM synchronization. Max length of 256 characters.",
"maxLength": 256
},
"connection_id": {
"type": "string",
"description": "Identifier for the connection this group belongs to (if a connection group).",
"format": "connection-id"
},
"tenant_name": {
"type": "string",
"description": "Identifier for the tenant this group belongs to.",
"minLength": 3,
"pattern": "^[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?$"
},
"created_at": {
"type": "string",
"description": "Timestamp of when the group was created.",
"format": "date-time"
},
"updated_at": {
"type": "string",
"description": "Timestamp of when the group was last updated.",
"format": "date-time"
}
}
},
"GroupMember": {
"type": "object",
"description": "Represents the metadata of a group membership.",
"additionalProperties": true,
"properties": {
"id": {
"type": "string",
"description": "Unique identifier for the member."
},
"member_type": {
"$ref": "#/components/schemas/GroupMemberTypeEnum"
},
"type": {
"$ref": "#/components/schemas/GroupTypeEnum"
},
"connection_id": {
"type": "string",
"description": "Identifier for the connection this group belongs to (if a connection group).",
"format": "connection-id"
},
"created_at": {
"type": "string",
"description": "Timestamp of when the membership was created.",
"format": "date-time"
}
}
},
"GroupMemberTypeEnum": {
"type": "string",
"description": "Type of the member.",
"enum": [
"user",
"group"
]
},
"GroupTypeEnum": {
"type": "string",
"description": "Type of the group.",
"enum": [
"connection",
"organization",
"tenant"
]
},
"GuardianEnrollmentDate": {
"type": "string",
"default": "2016-07-12T17:56:26.804Z",
"description": "Enrollment date and time."
},
"GuardianEnrollmentFactorEnum": {
"type": "string",
"description": "Optional. Specifies which factor the user must enroll with.true promotes to a domain-level connection so that third-party applications can use it. false does not promote the connection, so only first-party applications with the connection enabled can use it. (Defaults to false.)"
},
"show_as_button": {
"type": "boolean",
"description": "Enables showing a button for the connection in the login page (new experience only). If false, it will be usable only by HRD. (Defaults to false.)"
},
"metadata": {
"$ref": "#/components/schemas/ConnectionsMetadata"
},
"options": {
"$ref": "#/components/schemas/SelfServiceProfileSsoTicketConnectionOptions"
}
}
},
"SelfServiceProfileSsoTicketConnectionOptions": {
"type": [
"object",
"null"
],
"description": "The connection's options (depend on the connection strategy)",
"additionalProperties": false,
"properties": {
"icon_url": {
"type": [
"string",
"null"
],
"description": "URL for the icon. Must use HTTPS.",
"format": "strict-https-uri-or-null"
},
"domain_aliases": {
"type": [
"array",
"null"
],
"description": "List of domain_aliases that can be authenticated in the Identity Provider",
"items": {
"type": "string",
"minLength": 1,
"maxLength": 255
}
},
"idpinitiated": {
"$ref": "#/components/schemas/SelfServiceProfileSsoTicketIdpInitiatedOptions"
}
}
},
"SelfServiceProfileSsoTicketDomainAliasesConfig": {
"type": "object",
"description": "Configuration for the setup of the connection’s domain_aliases in the Self-Service Enterprise Configuration flow.",
"additionalProperties": false,
"required": [
"domain_verification"
],
"properties": {
"domain_verification": {
"$ref": "#/components/schemas/SelfServiceProfileSsoTicketDomainVerificationEnum"
},
"pending_domains": {
"type": "array",
"description": "List of domains that will be submitted for verification during the Self-Service Enterprise Configuration flow.",
"x-release-lifecycle": "GA",
"items": {
"type": "string",
"minLength": 1,
"maxLength": 255
}
}
}
},
"SelfServiceProfileSsoTicketDomainVerificationEnum": {
"type": "string",
"description": "Whether the end user should complete the domain verification step. Possible values are 'none' (the step is not shown to the user), 'optional' (the user may add a domain alias in the domain verification step) or 'required' (the user must add a domain alias in order to enable the connection). Defaults to 'none'.",
"enum": [
"none",
"optional",
"required"
]
},
"SelfServiceProfileSsoTicketEnabledFeatures": {
"type": "object",
"description": "Specifies which features are enabled for an \"edit connection\" ticket. Only applicable when connection ID is provided.",
"additionalProperties": false,
"x-release-lifecycle": "GA",
"properties": {
"sso": {
"type": "boolean",
"description": "Whether SSO configuration is enabled in this ticket."
},
"domain_verification": {
"type": "boolean",
"description": "Whether domain verification is enabled in this ticket."
},
"provisioning": {
"type": "boolean",
"description": "Whether provisioning configuration is enabled in this ticket."
}
}
},
"SelfServiceProfileSsoTicketEnabledOrganization": {
"type": "object",
"additionalProperties": false,
"required": [
"organization_id"
],
"properties": {
"organization_id": {
"type": "string",
"description": "Organization identifier.",
"maxLength": 50,
"format": "organization-id"
},
"assign_membership_on_login": {
"type": "boolean",
"description": "When true, all users that log in with this connection will be automatically granted membership in the organization. When false, users must be granted membership in the organization before logging in with this connection."
},
"show_as_button": {
"type": "boolean",
"description": "Determines whether a connection should be displayed on this organization’s login prompt. Only applicable for enterprise connections. Default: true."
}
}
},
"SelfServiceProfileSsoTicketGoogleWorkspaceConfig": {
"type": "object",
"description": "Configuration for Google Workspace Directory Sync during the self-service flow.",
"additionalProperties": false,
"required": [
"sync_users"
],
"x-release-lifecycle": "GA",
"properties": {
"sync_users": {
"type": "boolean",
"description": "Whether to enable Google Workspace Directory Sync for users during the self-service flow."
}
}
},
"SelfServiceProfileSsoTicketIdpInitiatedClientProtocolEnum": {
"type": "string",
"description": "The protocol used to connect to the the default application",
"enum": [
"samlp",
"wsfed",
"oauth2"
]
},
"SelfServiceProfileSsoTicketIdpInitiatedOptions": {
"type": [
"object",
"null"
],
"description": "Allows IdP-initiated login",
"additionalProperties": false,
"properties": {
"enabled": {
"type": "boolean",
"description": "Enables IdP-initiated login for this connection"
},
"client_id": {
"type": "string",
"description": "Default application client_id user is redirected to after validated SAML response",
"format": "client-id"
},
"client_protocol": {
"$ref": "#/components/schemas/SelfServiceProfileSsoTicketIdpInitiatedClientProtocolEnum"
},
"client_authorizequery": {
"type": "string",
"description": "Query string options to customize the behaviour for OpenID Connect when idpinitiated.client_protocol is oauth2. Allowed parameters: redirect_uri, scope, response_type. For example, redirect_uri=https://jwt.io&scope=openid email&response_type=token",
"maxLength": 256
}
}
},
"SelfServiceProfileSsoTicketProvisioningConfig": {
"type": "object",
"description": "Configuration for the setup of Provisioning in the self-service flow.",
"additionalProperties": false,
"x-release-lifecycle": "GA",
"properties": {
"scopes": {
"type": "array",
"description": "The scopes of the SCIM tokens generated during the self-service flow.",
"minItems": 1,
"items": {
"$ref": "#/components/schemas/SelfServiceProfileSsoTicketProvisioningScopeEnum"
}
},
"google_workspace": {
"$ref": "#/components/schemas/SelfServiceProfileSsoTicketGoogleWorkspaceConfig",
"x-release-lifecycle": "GA"
},
"token_lifetime": {
"description": "Lifetime of the tokens in seconds. Must be greater than 900. If not provided, the tokens don't expire.",
"type": [
"integer",
"null"
],
"minimum": 900
}
}
},
"SelfServiceProfileSsoTicketProvisioningScopeEnum": {
"type": "string",
"enum": [
"get:users",
"post:users",
"put:users",
"patch:users",
"delete:users",
"get:groups",
"post:groups",
"put:groups",
"patch:groups",
"delete:groups"
]
},
"SelfServiceProfileUserAttribute": {
"type": "object",
"additionalProperties": false,
"required": [
"name",
"description",
"is_optional"
],
"properties": {
"name": {
"type": "string",
"description": "Identifier of this attribute.",
"maxLength": 250
},
"description": {
"type": "string",
"description": "Description of this attribute."
},
"is_optional": {
"type": "boolean",
"description": "Determines if this attribute is required"
}
}
},
"SelfServiceProfileUserAttributes": {
"type": [
"array",
"null"
],
"description": "List of attributes to be mapped that will be shown to the user during the Self-Service Enterprise Configuration flow.",
"items": {
"$ref": "#/components/schemas/SelfServiceProfileUserAttribute"
}
},
"SessionAuthenticationSignal": {
"type": "object",
"description": "Authentication signal details",
"additionalProperties": true,
"properties": {
"name": {
"type": "string",
"description": "One of: \"federated\", \"passkey\", \"pwd\", \"sms\", \"email\", \"mfa\", \"mock\" or a custom method denoted by a URL"
},
"timestamp": {
"$ref": "#/components/schemas/SessionDate"
},
"type": {
"type": "string",
"description": "A specific MFA factor. Only present when \"name\" is set to \"mfa\""
}
}
},
"SessionAuthenticationSignals": {
"type": "object",
"description": "Details about authentication signals obtained during the login flow",
"additionalProperties": true,
"properties": {
"methods": {
"type": "array",
"description": "Contains the authentication methods a user has completed during their session",
"items": {
"$ref": "#/components/schemas/SessionAuthenticationSignal"
}
}
}
},
"SessionClientMetadata": {
"type": "object",
"description": "Client details",
"additionalProperties": true,
"properties": {
"client_id": {
"type": "string",
"description": "ID of client for the session"
}
}
},
"SessionCookieMetadata": {
"type": "object",
"description": "[Private Early Access] Session cookie configuration.",
"additionalProperties": true,
"properties": {
"mode": {
"$ref": "#/components/schemas/SessionCookieMetadataModeEnum"
}
}
},
"SessionCookieMetadataModeEnum": {
"type": "string",
"description": "[Private Early Access] The persistence mode of the session cookie. When set to \"non-persistent\" (ephemeral), the cookie will be deleted when the browser is closed. When set to \"persistent\", the cookie will be stored until it expires or is deleted by the user.",
"enum": [
"non-persistent",
"persistent"
]
},
"SessionCookieModeEnum": {
"type": "string",
"description": "Behavior of the session cookie",
"default": "persistent",
"enum": [
"persistent",
"non-persistent"
]
},
"SessionCookieSchema": {
"type": [
"object",
"null"
],
"description": "Session cookie configuration",
"additionalProperties": false,
"required": [
"mode"
],
"properties": {
"mode": {
"$ref": "#/components/schemas/SessionCookieModeEnum"
}
}
},
"SessionDate": {
"oneOf": [
{
"type": "string",
"description": "The date and time when the session was created",
"format": "date-time"
},
{
"type": "object",
"description": "The date and time when the session was created",
"additionalProperties": true
},
{
"type": "null"
}
]
},
"SessionDeviceMetadata": {
"type": "object",
"description": "Metadata related to the device used in the session",
"additionalProperties": true,
"properties": {
"initial_user_agent": {
"type": "string",
"description": "First user agent of the device from which this user logged in"
},
"initial_ip": {
"$ref": "#/components/schemas/SessionIp"
},
"initial_asn": {
"type": "string",
"description": "First autonomous system number associated with this session"
},
"last_user_agent": {
"type": "string",
"description": "Last user agent of the device from which this user logged in"
},
"last_ip": {
"$ref": "#/components/schemas/SessionIp"
},
"last_asn": {
"type": "string",
"description": "Last autonomous system number from which this user logged in"
}
}
},
"SessionIp": {
"type": [
"string",
"null"
],
"description": "First IP address associated with this session"
},
"SessionMetadata": {
"type": [
"object",
"null"
],
"description": "Metadata associated with the session, in the form of an object with string values (max 255 chars). Maximum of 25 metadata properties allowed.",
"additionalProperties": true,
"maxProperties": 25
},
"SessionResponseContent": {
"type": "object",
"additionalProperties": true,
"properties": {
"id": {
"type": "string",
"description": "The ID of the session"
},
"user_id": {
"type": "string",
"description": "ID of the user which can be used when interacting with other APIs."
},
"created_at": {
"$ref": "#/components/schemas/SessionDate"
},
"updated_at": {
"$ref": "#/components/schemas/SessionDate"
},
"authenticated_at": {
"$ref": "#/components/schemas/SessionDate"
},
"idle_expires_at": {
"$ref": "#/components/schemas/SessionDate"
},
"expires_at": {
"$ref": "#/components/schemas/SessionDate"
},
"last_interacted_at": {
"$ref": "#/components/schemas/SessionDate"
},
"device": {
"$ref": "#/components/schemas/SessionDeviceMetadata"
},
"clients": {
"type": "array",
"description": "List of client details for the session",
"items": {
"$ref": "#/components/schemas/SessionClientMetadata"
}
},
"authentication": {
"$ref": "#/components/schemas/SessionAuthenticationSignals"
},
"cookie": {
"$ref": "#/components/schemas/SessionCookieMetadata"
},
"session_metadata": {
"$ref": "#/components/schemas/SessionMetadata"
}
}
},
"SetCustomSigningKeysRequestContent": {
"type": "object",
"description": "JWKS representing an array of custom public signing keys.",
"additionalProperties": false,
"required": [
"keys"
],
"properties": {
"keys": {
"type": "array",
"description": "An array of custom public signing keys.",
"minItems": 1,
"items": {
"$ref": "#/components/schemas/CustomSigningKeyJWK"
}
}
}
},
"SetCustomSigningKeysResponseContent": {
"type": "object",
"description": "JWKS representing an array of custom public signing keys.",
"additionalProperties": false,
"properties": {
"keys": {
"type": "array",
"description": "An array of custom public signing keys.",
"items": {
"$ref": "#/components/schemas/CustomSigningKeyJWK"
}
}
}
},
"SetDefaultCustomDomainRequestContent": {
"type": "object",
"additionalProperties": false,
"required": [
"domain"
],
"properties": {
"domain": {
"type": "string",
"description": "The domain to set as the default custom domain. Must be a verified custom domain or the canonical domain.",
"minLength": 3,
"maxLength": 255
}
}
},
"SetEmailTemplateRequestContent": {
"type": "object",
"additionalProperties": false,
"required": [
"template",
"body",
"from",
"subject",
"syntax",
"enabled"
],
"properties": {
"template": {
"$ref": "#/components/schemas/EmailTemplateNameEnum"
},
"body": {
"type": [
"string",
"null"
],
"description": "Body of the email template."
},
"from": {
"type": [
"string",
"null"
],
"description": "Senders `from` email address.",
"default": "sender@auth0.com"
},
"resultUrl": {
"type": [
"string",
"null"
],
"description": "URL to redirect the user to after a successful action."
},
"subject": {
"type": [
"string",
"null"
],
"description": "Subject line of the email."
},
"syntax": {
"type": [
"string",
"null"
],
"description": "Syntax of the template body.",
"default": "liquid"
},
"urlLifetimeInSeconds": {
"type": [
"number",
"null"
],
"description": "Lifetime in seconds that the link within the email will be valid for.",
"minimum": 0
},
"includeEmailInRedirect": {
"type": "boolean",
"description": "Whether the `reset_email` and `verify_email` templates should include the user's email address as the `email` parameter in the returnUrl (true) or whether no email address should be included in the redirect (false). Defaults to true."
},
"enabled": {
"type": [
"boolean",
"null"
],
"description": "Whether the template is enabled (true) or disabled (false)."
}
}
},
"SetEmailTemplateResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"template",
"body",
"from",
"subject",
"syntax",
"enabled"
],
"properties": {
"template": {
"$ref": "#/components/schemas/EmailTemplateNameEnum"
},
"body": {
"type": [
"string",
"null"
],
"description": "Body of the email template."
},
"from": {
"type": [
"string",
"null"
],
"description": "Senders `from` email address.",
"default": "sender@auth0.com"
},
"resultUrl": {
"type": [
"string",
"null"
],
"description": "URL to redirect the user to after a successful action."
},
"subject": {
"type": [
"string",
"null"
],
"description": "Subject line of the email."
},
"syntax": {
"type": [
"string",
"null"
],
"description": "Syntax of the template body.",
"default": "liquid"
},
"urlLifetimeInSeconds": {
"type": [
"number",
"null"
],
"description": "Lifetime in seconds that the link within the email will be valid for.",
"minimum": 0
},
"includeEmailInRedirect": {
"type": "boolean",
"description": "Whether the `reset_email` and `verify_email` templates should include the user's email address as the `email` parameter in the returnUrl (true) or whether no email address should be included in the redirect (false). Defaults to true."
},
"enabled": {
"type": [
"boolean",
"null"
],
"description": "Whether the template is enabled (true) or disabled (false)."
}
}
},
"SetGuardianFactorDuoSettingsRequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"ikey": {
"type": "string",
"maxLength": 10000
},
"skey": {
"type": "string",
"maxLength": 10000,
"format": "non-empty-string"
},
"host": {
"type": "string",
"maxLength": 10000
}
}
},
"SetGuardianFactorDuoSettingsResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"ikey": {
"type": "string",
"maxLength": 10000
},
"skey": {
"type": "string",
"maxLength": 10000,
"format": "non-empty-string"
},
"host": {
"type": "string",
"maxLength": 10000
}
}
},
"SetGuardianFactorPhoneMessageTypesRequestContent": {
"type": "object",
"additionalProperties": false,
"required": [
"message_types"
],
"properties": {
"message_types": {
"type": "array",
"description": "The list of phone factors to enable on the tenant. Can include `sms` and `voice`.",
"items": {
"$ref": "#/components/schemas/GuardianFactorPhoneFactorMessageTypeEnum"
}
}
}
},
"SetGuardianFactorPhoneMessageTypesResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"message_types": {
"type": "array",
"description": "The list of phone factors to enable on the tenant. Can include `sms` and `voice`.",
"items": {
"$ref": "#/components/schemas/GuardianFactorPhoneFactorMessageTypeEnum"
}
}
}
},
"SetGuardianFactorPhoneTemplatesRequestContent": {
"type": "object",
"additionalProperties": false,
"required": [
"enrollment_message",
"verification_message"
],
"properties": {
"enrollment_message": {
"type": "string",
"description": "Message sent to the user when they are invited to enroll with a phone number.",
"default": "{{code}} is your verification code for {{tenant.friendly_name}}. Please enter this code to verify your enrollment."
},
"verification_message": {
"type": "string",
"description": "Message sent to the user when they are prompted to verify their account.",
"default": "{{code}} is your verification code for {{tenant.friendly_name}}"
}
}
},
"SetGuardianFactorPhoneTemplatesResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"enrollment_message",
"verification_message"
],
"properties": {
"enrollment_message": {
"type": "string",
"description": "Message sent to the user when they are invited to enroll with a phone number.",
"default": "{{code}} is your verification code for {{tenant.friendly_name}}. Please enter this code to verify your enrollment."
},
"verification_message": {
"type": "string",
"description": "Message sent to the user when they are prompted to verify their account.",
"default": "{{code}} is your verification code for {{tenant.friendly_name}}"
}
}
},
"SetGuardianFactorRequestContent": {
"type": "object",
"additionalProperties": false,
"required": [
"enabled"
],
"properties": {
"enabled": {
"type": "boolean",
"description": "Whether this factor is enabled (true) or disabled (false)."
}
}
},
"SetGuardianFactorResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"enabled"
],
"properties": {
"enabled": {
"type": "boolean",
"description": "Whether this factor is enabled (true) or disabled (false)."
}
}
},
"SetGuardianFactorSmsTemplatesRequestContent": {
"type": "object",
"additionalProperties": false,
"required": [
"enrollment_message",
"verification_message"
],
"properties": {
"enrollment_message": {
"type": "string",
"description": "Message sent to the user when they are invited to enroll with a phone number.",
"default": "{{code}} is your verification code for {{tenant.friendly_name}}. Please enter this code to verify your enrollment."
},
"verification_message": {
"type": "string",
"description": "Message sent to the user when they are prompted to verify their account.",
"default": "{{code}} is your verification code for {{tenant.friendly_name}}"
}
}
},
"SetGuardianFactorSmsTemplatesResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"enrollment_message",
"verification_message"
],
"properties": {
"enrollment_message": {
"type": "string",
"description": "Message sent to the user when they are invited to enroll with a phone number.",
"default": "{{code}} is your verification code for {{tenant.friendly_name}}. Please enter this code to verify your enrollment."
},
"verification_message": {
"type": "string",
"description": "Message sent to the user when they are prompted to verify their account.",
"default": "{{code}} is your verification code for {{tenant.friendly_name}}"
}
}
},
"SetGuardianFactorsProviderPhoneRequestContent": {
"type": "object",
"additionalProperties": false,
"required": [
"provider"
],
"properties": {
"provider": {
"$ref": "#/components/schemas/GuardianFactorsProviderSmsProviderEnum"
}
}
},
"SetGuardianFactorsProviderPhoneResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"provider": {
"$ref": "#/components/schemas/GuardianFactorsProviderSmsProviderEnum"
}
}
},
"SetGuardianFactorsProviderPhoneTwilioRequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"from": {
"type": [
"string",
"null"
],
"description": "From number",
"default": "+1223323",
"minLength": 0,
"maxLength": 64
},
"messaging_service_sid": {
"type": [
"string",
"null"
],
"description": "Copilot SID",
"default": "5dEkAiHLPCuQ1uJj4qNXcAnERFAL6cpq",
"minLength": 1,
"maxLength": 1000
},
"auth_token": {
"type": [
"string",
"null"
],
"description": "Twilio Authentication token",
"default": "zw5Ku6z2sxhd0ZVXto5SDHX6KPDByJPU",
"minLength": 1,
"maxLength": 1000
},
"sid": {
"type": [
"string",
"null"
],
"description": "Twilio SID",
"default": "wywA2BH4VqTpfywiDuyDAYZL3xQjoO40",
"minLength": 1,
"maxLength": 1000
}
}
},
"SetGuardianFactorsProviderPhoneTwilioResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"from": {
"type": [
"string",
"null"
],
"description": "From number",
"default": "+1223323",
"minLength": 0,
"maxLength": 64
},
"messaging_service_sid": {
"type": [
"string",
"null"
],
"description": "Copilot SID",
"default": "5dEkAiHLPCuQ1uJj4qNXcAnERFAL6cpq",
"minLength": 1,
"maxLength": 1000
},
"auth_token": {
"type": [
"string",
"null"
],
"description": "Twilio Authentication token",
"default": "zw5Ku6z2sxhd0ZVXto5SDHX6KPDByJPU",
"minLength": 1,
"maxLength": 1000
},
"sid": {
"type": [
"string",
"null"
],
"description": "Twilio SID",
"default": "wywA2BH4VqTpfywiDuyDAYZL3xQjoO40",
"minLength": 1,
"maxLength": 1000
}
}
},
"SetGuardianFactorsProviderPushNotificationApnsRequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"sandbox": {
"type": "boolean"
},
"bundle_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 1000
},
"p12": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 10000
}
}
},
"SetGuardianFactorsProviderPushNotificationApnsResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"sandbox": {
"type": "boolean"
},
"bundle_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 1000
}
}
},
"SetGuardianFactorsProviderPushNotificationFcmRequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"server_key": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 152
}
}
},
"SetGuardianFactorsProviderPushNotificationFcmResponseContent": {
"type": "object",
"additionalProperties": true,
"minProperties": 0,
"maxProperties": 0
},
"SetGuardianFactorsProviderPushNotificationFcmv1RequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"server_credentials": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 10000
}
}
},
"SetGuardianFactorsProviderPushNotificationFcmv1ResponseContent": {
"type": "object",
"additionalProperties": true,
"minProperties": 0,
"maxProperties": 0
},
"SetGuardianFactorsProviderPushNotificationRequestContent": {
"type": "object",
"additionalProperties": false,
"required": [
"provider"
],
"properties": {
"provider": {
"$ref": "#/components/schemas/GuardianFactorsProviderPushNotificationProviderDataEnum"
}
}
},
"SetGuardianFactorsProviderPushNotificationResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"provider": {
"$ref": "#/components/schemas/GuardianFactorsProviderPushNotificationProviderDataEnum"
}
}
},
"SetGuardianFactorsProviderPushNotificationSnsRequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"aws_access_key_id": {
"type": [
"string",
"null"
],
"default": "wywA2BH4VqTpfywiDuyDAYZL3xQjoO40",
"minLength": 1,
"maxLength": 1000
},
"aws_secret_access_key": {
"type": [
"string",
"null"
],
"default": "B1ER5JHDGJL3C4sVAKK7SBsq806R3IpL",
"minLength": 1,
"maxLength": 1000
},
"aws_region": {
"type": [
"string",
"null"
],
"default": "us-west-1",
"minLength": 1,
"maxLength": 1000,
"pattern": "^(?:us-east-[0-9]{1,2}|us-west-[0-9]{1,2}|ap-southeast-[0-9]{1,2}|ap-northeast-[0-9]{1,2}|ap-central-[0-9]{1,2}|eu-west-[0-9]{1,2}|eu-central-[0-9]{1,2})$"
},
"sns_apns_platform_application_arn": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 1000
},
"sns_gcm_platform_application_arn": {
"type": [
"string",
"null"
],
"default": "urn://yRMeBxgcCXh8MeTXPBAxhQnm6gP6f5nP",
"minLength": 1,
"maxLength": 1000
}
}
},
"SetGuardianFactorsProviderPushNotificationSnsResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"aws_access_key_id": {
"type": [
"string",
"null"
],
"default": "wywA2BH4VqTpfywiDuyDAYZL3xQjoO40",
"minLength": 1,
"maxLength": 1000
},
"aws_secret_access_key": {
"type": [
"string",
"null"
],
"default": "B1ER5JHDGJL3C4sVAKK7SBsq806R3IpL",
"minLength": 1,
"maxLength": 1000
},
"aws_region": {
"type": [
"string",
"null"
],
"default": "us-west-1",
"minLength": 1,
"maxLength": 1000,
"pattern": "^(?:us-east-[0-9]{1,2}|us-west-[0-9]{1,2}|ap-southeast-[0-9]{1,2}|ap-northeast-[0-9]{1,2}|ap-central-[0-9]{1,2}|eu-west-[0-9]{1,2}|eu-central-[0-9]{1,2})$"
},
"sns_apns_platform_application_arn": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 1000
},
"sns_gcm_platform_application_arn": {
"type": [
"string",
"null"
],
"default": "urn://yRMeBxgcCXh8MeTXPBAxhQnm6gP6f5nP",
"minLength": 1,
"maxLength": 1000
}
}
},
"SetGuardianFactorsProviderSmsRequestContent": {
"type": "object",
"additionalProperties": false,
"required": [
"provider"
],
"properties": {
"provider": {
"$ref": "#/components/schemas/GuardianFactorsProviderSmsProviderEnum"
}
}
},
"SetGuardianFactorsProviderSmsResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"provider": {
"$ref": "#/components/schemas/GuardianFactorsProviderSmsProviderEnum"
}
}
},
"SetGuardianFactorsProviderSmsTwilioRequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"from": {
"type": [
"string",
"null"
],
"description": "From number",
"default": "+1223323",
"minLength": 0,
"maxLength": 64
},
"messaging_service_sid": {
"type": [
"string",
"null"
],
"description": "Copilot SID",
"default": "5dEkAiHLPCuQ1uJj4qNXcAnERFAL6cpq",
"minLength": 1,
"maxLength": 1000
},
"auth_token": {
"type": [
"string",
"null"
],
"description": "Twilio Authentication token",
"default": "zw5Ku6z2sxhd0ZVXto5SDHX6KPDByJPU",
"minLength": 1,
"maxLength": 1000
},
"sid": {
"type": [
"string",
"null"
],
"description": "Twilio SID",
"default": "wywA2BH4VqTpfywiDuyDAYZL3xQjoO40",
"minLength": 1,
"maxLength": 1000
}
}
},
"SetGuardianFactorsProviderSmsTwilioResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"from": {
"type": [
"string",
"null"
],
"description": "From number",
"default": "+1223323",
"minLength": 0,
"maxLength": 64
},
"messaging_service_sid": {
"type": [
"string",
"null"
],
"description": "Copilot SID",
"default": "5dEkAiHLPCuQ1uJj4qNXcAnERFAL6cpq",
"minLength": 1,
"maxLength": 1000
},
"auth_token": {
"type": [
"string",
"null"
],
"description": "Twilio Authentication token",
"default": "zw5Ku6z2sxhd0ZVXto5SDHX6KPDByJPU",
"minLength": 1,
"maxLength": 1000
},
"sid": {
"type": [
"string",
"null"
],
"description": "Twilio SID",
"default": "wywA2BH4VqTpfywiDuyDAYZL3xQjoO40",
"minLength": 1,
"maxLength": 1000
}
}
},
"SetGuardianPoliciesRequestContent": {
"type": "array",
"items": {
"$ref": "#/components/schemas/MFAPolicyEnum"
}
},
"SetGuardianPoliciesResponseContent": {
"type": "array",
"items": {
"$ref": "#/components/schemas/MFAPolicyEnum"
}
},
"SetNetworkAclRequestContent": {
"type": "object",
"additionalProperties": false,
"required": [
"description",
"active",
"rule"
],
"properties": {
"description": {
"type": "string",
"maxLength": 255
},
"active": {
"type": "boolean",
"description": "Indicates whether or not this access control list is actively being used"
},
"priority": {
"type": "number",
"description": "Indicates the order in which the ACL will be evaluated relative to other ACL rules.",
"default": 50,
"minimum": 1,
"maximum": 100
},
"rule": {
"$ref": "#/components/schemas/NetworkAclRule"
}
}
},
"SetNetworkAclsResponseContent": {
"type": "object",
"additionalProperties": true,
"properties": {
"id": {
"type": "string"
},
"description": {
"type": "string"
},
"active": {
"type": "boolean"
},
"priority": {
"type": "number",
"minimum": 1,
"maximum": 100
},
"rule": {
"$ref": "#/components/schemas/NetworkAclRule"
},
"created_at": {
"type": "string",
"description": "The timestamp when the Network ACL Configuration was created"
},
"updated_at": {
"type": "string",
"description": "The timestamp when the Network ACL Configuration was last updated"
}
}
},
"SetPartialsRequestContent": {
"type": "object",
"description": "An object containing template partials for a group of screens.",
"additionalProperties": true
},
"SetRulesConfigRequestContent": {
"type": "object",
"additionalProperties": false,
"required": [
"value"
],
"properties": {
"value": {
"type": "string",
"description": "Value for a rules config variable.",
"default": "MY_RULES_CONFIG_VALUE"
}
}
},
"SetRulesConfigResponseContent": {
"type": "object",
"additionalProperties": true,
"required": [
"key",
"value"
],
"properties": {
"key": {
"type": "string",
"description": "Key for a rules config variable.",
"default": "MY_RULES_CONFIG_KEY",
"minLength": 1,
"maxLength": 127,
"pattern": "^[A-Za-z0-9_\\-@*+:]*$"
},
"value": {
"type": "string",
"description": "Value for a rules config variable.",
"default": "MY_RULES_CONFIG_VALUE"
}
}
},
"SetSelfServiceProfileCustomTextRequestContent": {
"type": "object",
"description": "The list of text keys and values to customize the Self-Service Enterprise Configuration flow page. Values can be plain text or rich HTML content limited to basic styling tags and hyperlinks.",
"additionalProperties": {
"type": "string",
"maxLength": 2000
}
},
"SetSelfServiceProfileCustomTextResponseContent": {
"type": "object",
"description": "The resulting list of custom text keys and values.",
"additionalProperties": {
"type": "string"
}
},
"SetUserAuthenticationMethodResponseContent": {
"type": "object",
"description": "The successfully created authentication method.",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"id": {
"type": "string",
"description": "The ID of the newly created authentication method (automatically generated by the application)",
"format": "authenticator-id"
},
"type": {
"$ref": "#/components/schemas/CreatedAuthenticationMethodTypeEnum"
},
"name": {
"type": "string",
"description": "A human-readable label to identify the authentication method."
},
"totp_secret": {
"type": "string",
"description": "Base32 encoded secret for TOTP generation"
},
"phone_number": {
"type": "string",
"description": "Applies to phone authentication methods only. The destination phone number used to send verification codes via text and voice.",
"minLength": 2,
"maxLength": 30
},
"email": {
"type": "string",
"description": "Applies to email authentication methods only. The email address used to send verification messages."
},
"authentication_methods": {
"type": "array",
"items": {
"$ref": "#/components/schemas/UserAuthenticationMethodProperties"
}
},
"preferred_authentication_method": {
"$ref": "#/components/schemas/PreferredAuthenticationMethodEnum",
"description": "Preferred phone authentication method"
},
"key_id": {
"type": "string",
"description": "Applies to webauthn authenticators only. The id of the credential."
},
"public_key": {
"type": "string",
"description": "Applies to webauthn authenticators only. The public key."
},
"aaguid": {
"type": "string",
"description": "Applies to passkeys only. Authenticator Attestation Globally Unique Identifier."
},
"relying_party_identifier": {
"type": "string",
"description": "Applies to webauthn authenticators only. The relying party identifier."
},
"created_at": {
"type": "string",
"description": "Authentication method creation date",
"format": "date-time"
}
}
},
"SetUserAuthenticationMethods": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"$ref": "#/components/schemas/AuthenticationTypeEnum"
},
"preferred_authentication_method": {
"$ref": "#/components/schemas/PreferredAuthenticationMethodEnum"
},
"name": {
"type": "string",
"description": "AA human-readable label to identify the authentication method.",
"minLength": 1,
"maxLength": 20
},
"phone_number": {
"type": "string",
"description": "Applies to phone authentication methods only. The destination phone number used to send verification codes via text and voice.",
"minLength": 2,
"maxLength": 30
},
"email": {
"type": "string",
"description": "Applies to email authentication methods only. The email address used to send verification messages.",
"minLength": 1
},
"totp_secret": {
"type": "string",
"description": "Applies to totp authentication methods only. The base32 encoded secret for TOTP generation.",
"minLength": 1
}
}
},
"SetUserAuthenticationMethodsRequestContent": {
"type": "array",
"items": {
"$ref": "#/components/schemas/SetUserAuthenticationMethods"
}
},
"SetsCustomTextsByLanguageRequestContent": {
"type": "object",
"description": "An object containing custom dictionaries for a group of screens.",
"additionalProperties": true
},
"SigningAlgorithmEnum": {
"type": "string",
"description": "Algorithm used to sign JWTs. Can be `HS256` (default) or `RS256`. `PS256` available via addon.",
"default": "HS256",
"enum": [
"HS256",
"RS256",
"RS512",
"PS256"
]
},
"SigningKeys": {
"type": "object",
"additionalProperties": false,
"required": [
"cert",
"kid",
"fingerprint",
"thumbprint"
],
"properties": {
"kid": {
"type": "string",
"description": "The key id of the signing key",
"default": "21hi274Rp02112mgkUGma"
},
"cert": {
"type": "string",
"description": "The public certificate of the signing key",
"default": "-----BEGIN CERTIFICATE-----\r\nMIIDDTCCA...YiA0TQhAt8=\r\n-----END CERTIFICATE-----"
},
"pkcs7": {
"type": "string",
"description": "The public certificate of the signing key in pkcs7 format",
"default": "-----BEGIN PKCS7-----\r\nMIIDPA....t8xAA==\r\n-----END PKCS7-----"
},
"current": {
"type": "boolean",
"description": "True if the key is the the current key",
"default": true
},
"next": {
"type": "boolean",
"description": "True if the key is the the next key"
},
"previous": {
"type": "boolean",
"description": "True if the key is the the previous key"
},
"current_since": {
"$ref": "#/components/schemas/SigningKeysDate"
},
"current_until": {
"$ref": "#/components/schemas/SigningKeysDate"
},
"fingerprint": {
"type": "string",
"description": "The cert fingerprint",
"default": "CC:FB:DD:D8:9A:B5:DE:1B:F0:CC:36:D2:99:59:21:12:03:DD:A8:25"
},
"thumbprint": {
"type": "string",
"description": "The cert thumbprint",
"default": "CCFBDDD89AB5DE1BF0CC36D29959211203DDA825"
},
"revoked": {
"type": "boolean",
"description": "True if the key is revoked"
},
"revoked_at": {
"$ref": "#/components/schemas/SigningKeysDate"
}
}
},
"SigningKeysDate": {
"oneOf": [
{
"type": "string",
"description": "The date and time when the key became the current key"
},
{
"type": "object",
"description": "The date and time when the key became the current key",
"additionalProperties": true
}
]
},
"SignupSchema": {
"type": "object",
"additionalProperties": false,
"properties": {
"status": {
"$ref": "#/components/schemas/SignupStatusEnum"
}
}
},
"SignupStatusEnum": {
"type": "string",
"enum": [
"required",
"optional",
"inactive"
]
},
"SignupVerification": {
"type": "object",
"additionalProperties": false,
"properties": {
"active": {
"type": "boolean"
}
}
},
"SignupVerified": {
"type": "object",
"additionalProperties": false,
"properties": {
"status": {
"$ref": "#/components/schemas/SignupStatusEnum"
},
"verification": {
"$ref": "#/components/schemas/SignupVerification"
}
}
},
"SupportedLocales": {
"type": "string",
"enum": [
"am",
"ar",
"ar-EG",
"ar-SA",
"az",
"bg",
"bn",
"bs",
"ca-ES",
"cnr",
"cs",
"cy",
"da",
"de",
"el",
"en",
"en-CA",
"es",
"es-419",
"es-AR",
"es-MX",
"et",
"eu-ES",
"fa",
"fi",
"fr",
"fr-CA",
"fr-FR",
"gl-ES",
"gu",
"he",
"hi",
"hr",
"hu",
"hy",
"id",
"is",
"it",
"ja",
"ka",
"kk",
"kn",
"ko",
"lt",
"lv",
"mk",
"ml",
"mn",
"mr",
"ms",
"my",
"nb",
"nl",
"nn",
"no",
"pa",
"pl",
"pt",
"pt-BR",
"pt-PT",
"ro",
"ru",
"sk",
"sl",
"so",
"sq",
"sr",
"sv",
"sw",
"ta",
"te",
"th",
"tl",
"tr",
"uk",
"ur",
"vi",
"zgh",
"zh-CN",
"zh-HK",
"zh-MO",
"zh-TW"
]
},
"SuspiciousIPThrottlingAllowlist": {
"type": "array",
"description": "List of trusted IP addresses that will not have attack protection enforced against them.",
"items": {
"$ref": "#/components/schemas/SuspiciousIPThrottlingAllowlistItem"
}
},
"SuspiciousIPThrottlingAllowlistItem": {
"type": "string",
"anyOf": [
{
"type": "string",
"format": "ipv4"
},
{
"type": "string",
"format": "cidr"
},
{
"type": "string",
"format": "ipv6"
},
{
"type": "string",
"format": "ipv6_cidr"
}
]
},
"SuspiciousIPThrottlingPreLoginStage": {
"type": "object",
"description": "Configuration options that apply before every login attempt.",
"additionalProperties": false,
"properties": {
"max_attempts": {
"type": "integer",
"description": "Total number of attempts allowed per day.",
"default": 100,
"minimum": 1,
"maximum": 2500
},
"rate": {
"type": "integer",
"description": "Interval of time, given in milliseconds, at which new attempts are granted.",
"default": 864000,
"minimum": 34560,
"maximum": 86400000
}
}
},
"SuspiciousIPThrottlingPreUserRegistrationStage": {
"type": "object",
"description": "Configuration options that apply before every user registration attempt.",
"additionalProperties": false,
"properties": {
"max_attempts": {
"type": "integer",
"description": "Total number of attempts allowed.",
"default": 50,
"minimum": 1,
"maximum": 72000
},
"rate": {
"type": "integer",
"description": "Interval of time, given in milliseconds, at which new attempts are granted.",
"default": 1728000,
"minimum": 1200,
"maximum": 86400000
}
}
},
"SuspiciousIPThrottlingShieldsEnum": {
"type": "string",
"enum": [
"block",
"admin_notification"
]
},
"SuspiciousIPThrottlingStage": {
"type": "object",
"description": "Holds per-stage configuration options (max_attempts and rate).",
"additionalProperties": false,
"properties": {
"pre-login": {
"$ref": "#/components/schemas/SuspiciousIPThrottlingPreLoginStage"
},
"pre-user-registration": {
"$ref": "#/components/schemas/SuspiciousIPThrottlingPreUserRegistrationStage"
}
}
},
"SynchronizeGroupsEnum": {
"type": "string",
"description": "Group synchronization configuration",
"enum": [
"all",
"off",
"selected"
],
"x-release-lifecycle": "EA"
},
"SynchronizedGroupPayload": {
"type": "object",
"additionalProperties": false,
"required": [
"id"
],
"properties": {
"id": {
"type": "string",
"description": "Google Workspace Directory group ID.",
"minLength": 1,
"maxLength": 32,
"pattern": "^[A-Za-z0-9]+$"
}
}
},
"TenantOIDCLogoutSettings": {
"type": "object",
"description": "Settings related to OIDC RP-initiated Logout",
"additionalProperties": false,
"properties": {
"rp_logout_end_session_endpoint_discovery": {
"type": "boolean",
"description": "Enable the end_session_endpoint URL in the .well-known discovery configuration",
"default": true
}
}
},
"TenantSettingsDeviceFlow": {
"type": [
"object",
"null"
],
"description": "Device Flow configuration",
"additionalProperties": false,
"properties": {
"charset": {
"$ref": "#/components/schemas/TenantSettingsDeviceFlowCharset"
},
"mask": {
"type": "string",
"description": "Mask used to format a generated User Code into a friendly, readable format.",
"default": "****-****",
"maxLength": 20
}
}
},
"TenantSettingsDeviceFlowCharset": {
"type": "string",
"description": "Character set used to generate a User Code. Can be `base20` or `digits`.",
"default": "base20",
"enum": [
"base20",
"digits"
]
},
"TenantSettingsDynamicClientRegistrationSecurityMode": {
"type": "string",
"description": "Sets the `third_party_security_mode` assigned to clients created via Dynamic Client Registration. `strict` applies enhanced security controls. `permissive` preserves pre-existing behavior and is only available to tenants with prior third-party client usage.",
"enum": [
"strict",
"permissive"
],
"x-release-lifecycle": "GA"
},
"TenantSettingsErrorPage": {
"type": [
"object",
"null"
],
"description": "Error page customization.",
"additionalProperties": false,
"properties": {
"html": {
"type": "string",
"description": "Custom Error HTML (Liquid syntax is supported).",
"default": ""
},
"show_log_link": {
"type": "boolean",
"description": "Whether to show the link to log as part of the default error page (true, default) or not to show the link (false).",
"default": false
},
"url": {
"type": "string",
"description": "URL to redirect to when an error occurs instead of showing the default error page.",
"default": "https://mycompany.org/error",
"format": "absolute-uri-or-empty"
}
}
},
"TenantSettingsFlags": {
"type": "object",
"description": "Flags used to change the behavior of this tenant.",
"additionalProperties": false,
"properties": {
"change_pwd_flow_v1": {
"type": "boolean",
"description": "Whether to use the older v1 change password flow (true, not recommended except for backward compatibility) or the newer safer flow (false, recommended).",
"default": false
},
"enable_apis_section": {
"type": "boolean",
"description": "Whether the APIs section is enabled (true) or disabled (false).",
"default": false
},
"disable_impersonation": {
"type": "boolean",
"description": "Whether the impersonation functionality has been disabled (true) or not (false). Read-only.",
"default": false
},
"enable_client_connections": {
"type": "boolean",
"description": "Whether all current connections should be enabled when a new client (application) is created (true, default) or not (false).",
"default": true
},
"enable_pipeline2": {
"type": "boolean",
"description": "Whether advanced API Authorization scenarios are enabled (true) or disabled (false).",
"default": true
},
"allow_legacy_delegation_grant_types": {
"type": "boolean",
"description": "If enabled, clients are able to add legacy delegation grants."
},
"allow_legacy_ro_grant_types": {
"type": "boolean",
"description": "If enabled, clients are able to add legacy RO grants."
},
"allow_legacy_tokeninfo_endpoint": {
"type": "boolean",
"description": "Whether the legacy `/tokeninfo` endpoint is enabled for your account (true) or unavailable (false)."
},
"enable_legacy_profile": {
"type": "boolean",
"description": "Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false)."
},
"enable_idtoken_api2": {
"type": "boolean",
"description": "Whether ID tokens can be used to authorize some types of requests to API v2 (true) not not (false)."
},
"enable_public_signup_user_exists_error": {
"type": "boolean",
"description": "Whether the public sign up process shows a user_exists error (true) or a generic error (false) if the user already exists."
},
"enable_sso": {
"type": "boolean",
"description": "Whether users are prompted to confirm log in before SSO redirection (false) or are not prompted (true)."
},
"allow_changing_enable_sso": {
"type": "boolean",
"description": "Whether the `enable_sso` setting can be changed (true) or not (false)."
},
"disable_clickjack_protection_headers": {
"type": "boolean",
"description": "Whether classic Universal Login prompts include additional security headers to prevent clickjacking (true) or no safeguard (false)."
},
"no_disclose_enterprise_connections": {
"type": "boolean",
"description": "Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file."
},
"enforce_client_authentication_on_passwordless_start": {
"type": "boolean",
"description": "Enforce client authentication for passwordless start."
},
"enable_adfs_waad_email_verification": {
"type": "boolean",
"description": "Enables the email verification flow during login for Azure AD and ADFS connections"
},
"revoke_refresh_token_grant": {
"type": "boolean",
"description": "Delete underlying grant when a Refresh Token is revoked via the Authentication API."
},
"dashboard_log_streams_next": {
"type": "boolean",
"description": "Enables beta access to log streaming changes"
},
"dashboard_insights_view": {
"type": "boolean",
"description": "Enables new insights activity page view"
},
"disable_fields_map_fix": {
"type": "boolean",
"description": "Disables SAML fields map fix for bad mappings with repeated attributes"
},
"mfa_show_factor_list_on_enrollment": {
"type": "boolean",
"description": "Used to allow users to pick what factor to enroll of the available MFA factors."
},
"remove_alg_from_jwks": {
"type": "boolean",
"description": "Removes alg property from jwks .well-known endpoint"
},
"improved_signup_bot_detection_in_classic": {
"type": "boolean",
"description": "Improves bot detection during signup in classic universal login"
},
"genai_trial": {
"type": "boolean",
"description": "This tenant signed up for the Auth4GenAI trail"
},
"enable_dynamic_client_registration": {
"type": "boolean",
"description": "Whether third-party developers can dynamically register applications for your APIs (true) or not (false). This flag enables dynamic client registration.",
"default": false
},
"disable_management_api_sms_obfuscation": {
"type": "boolean",
"description": "If true, SMS phone numbers will not be obfuscated in Management API GET calls.",
"default": true
},
"trust_azure_adfs_email_verified_connection_property": {
"type": "boolean",
"description": "Changes email_verified behavior for Azure AD/ADFS connections when enabled. Sets email_verified to false otherwise.",
"default": false
},
"custom_domains_provisioning": {
"type": "boolean",
"description": "If true, custom domains feature will be enabled for tenant.",
"default": false
}
}
},
"TenantSettingsGuardianPage": {
"type": [
"object",
"null"
],
"description": "Guardian page customization.",
"additionalProperties": false,
"properties": {
"enabled": {
"type": "boolean",
"description": "Whether to use the custom Guardian HTML (true) or the default Auth0 page (false, default)",
"default": false
},
"html": {
"type": "string",
"description": " Custom Guardian HTML (Liquid syntax is supported).",
"default": ""
}
}
},
"TenantSettingsMTLS": {
"type": [
"object",
"null"
],
"description": "mTLS configuration.",
"additionalProperties": false,
"properties": {
"enable_endpoint_aliases": {
"type": "boolean",
"description": "If true, enables mTLS endpoint aliases",
"default": false
}
}
},
"TenantSettingsPasswordPage": {
"type": [
"object",
"null"
],
"description": "Change Password page customization.",
"additionalProperties": false,
"properties": {
"enabled": {
"type": "boolean",
"description": "Whether to use the custom change password HTML (true) or the default Auth0 page (false). Default is to use the Auth0 page.",
"default": false
},
"html": {
"type": "string",
"description": "Custom change password HTML (Liquid syntax supported).",
"default": ""
}
}
},
"TenantSettingsResourceParameterProfile": {
"type": "string",
"description": "Profile that determines how the identity of the protected resource (i.e., API) can be specified in the OAuth endpoints when access is being requested. When set to audience (default), the audience parameter is used to specify the resource server. When set to compatibility, the audience parameter is still checked first, but if it not provided, then the resource parameter can be used to specify the resource server.",
"default": "audience",
"enum": [
"audience",
"compatibility"
],
"x-release-lifecycle": "GA"
},
"TenantSettingsSessions": {
"type": [
"object",
"null"
],
"description": "Sessions related settings for tenant",
"additionalProperties": false,
"properties": {
"oidc_logout_prompt_enabled": {
"type": "boolean",
"description": "Whether to bypass prompting logic (false) when performing OIDC Logout",
"default": true
}
}
},
"TenantSettingsSupportedLocalesEnum": {
"type": "string",
"enum": [
"am",
"ar",
"ar-EG",
"ar-SA",
"az",
"bg",
"bn",
"bs",
"ca-ES",
"cnr",
"cs",
"cy",
"da",
"de",
"el",
"en",
"en-CA",
"es",
"es-419",
"es-AR",
"es-MX",
"et",
"eu-ES",
"fa",
"fi",
"fr",
"fr-CA",
"fr-FR",
"gl-ES",
"gu",
"he",
"hi",
"hr",
"hu",
"hy",
"id",
"is",
"it",
"ja",
"ka",
"kk",
"kn",
"ko",
"lt",
"lv",
"mk",
"ml",
"mn",
"mr",
"ms",
"my",
"nb",
"nl",
"nn",
"no",
"pa",
"pl",
"pt",
"pt-BR",
"pt-PT",
"ro",
"ru",
"sk",
"sl",
"so",
"sq",
"sr",
"sv",
"sw",
"ta",
"te",
"th",
"tl",
"tr",
"uk",
"ur",
"vi",
"zgh",
"zh-CN",
"zh-HK",
"zh-MO",
"zh-TW"
]
},
"TestActionPayload": {
"type": "object",
"description": "The payload for the action.",
"additionalProperties": true
},
"TestActionRequestContent": {
"type": "object",
"additionalProperties": false,
"required": [
"payload"
],
"properties": {
"payload": {
"$ref": "#/components/schemas/TestActionPayload"
}
}
},
"TestActionResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"payload": {
"$ref": "#/components/schemas/TestActionResultPayload"
}
}
},
"TestActionResultPayload": {
"type": "object",
"description": "The resulting payload after an action was executed.",
"additionalProperties": true
},
"TestCustomDomainResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"success"
],
"properties": {
"success": {
"type": "boolean",
"description": "Result of the operation."
},
"message": {
"type": "string",
"description": "Message describing the operation status."
}
}
},
"TestEventDataContent": {
"type": "object",
"description": "The raw payload of the test event.",
"additionalProperties": true
},
"TokenExchangeProfileResponseContent": {
"type": "object",
"additionalProperties": true,
"properties": {
"id": {
"type": "string",
"description": "The unique ID of the token exchange profile.",
"format": "token-exchange-profile-id"
},
"name": {
"type": "string",
"description": "Friendly name of this profile.",
"default": "Token Exchange Profile 1",
"minLength": 3,
"maxLength": 50
},
"subject_token_type": {
"type": "string",
"description": "Subject token type for this profile. When receiving a token exchange request on the Authentication API, the corresponding token exchange profile with a matching subject_token_type will be executed. This must be a URI.",
"minLength": 8,
"maxLength": 100,
"format": "url"
},
"action_id": {
"type": "string",
"description": "The ID of the Custom Token Exchange action to execute for this profile, in order to validate the subject_token. The action must use the custom-token-exchange trigger.",
"minLength": 1,
"maxLength": 36
},
"type": {
"$ref": "#/components/schemas/TokenExchangeProfileTypeEnum"
},
"created_at": {
"type": "string",
"description": "The time when this profile was created.",
"default": "2024-01-01T00:00:00.000Z",
"format": "date-time"
},
"updated_at": {
"type": "string",
"description": "The time when this profile was updated.",
"default": "2024-01-01T00:00:00.000Z",
"format": "date-time"
}
}
},
"TokenExchangeProfileTypeEnum": {
"type": "string",
"description": "The type of the profile, which controls how the profile will be executed when receiving a token exchange request.",
"minLength": 1,
"maxLength": 21,
"enum": [
"custom_authentication"
]
},
"TokenQuota": {
"type": "object",
"additionalProperties": false,
"required": [
"client_credentials"
],
"x-release-lifecycle": "EA",
"properties": {
"client_credentials": {
"$ref": "#/components/schemas/TokenQuotaClientCredentials"
}
}
},
"TokenQuotaClientCredentials": {
"type": "object",
"description": "The token quota configuration",
"additionalProperties": false,
"minProperties": 1,
"properties": {
"enforce": {
"type": "boolean",
"description": "If enabled, the quota will be enforced and requests in excess of the quota will fail. If disabled, the quota will not be enforced, but notifications for requests exceeding the quota will be available in logs."
},
"per_day": {
"type": "integer",
"description": "Maximum number of issued tokens per day",
"minimum": 1,
"maximum": 2147483647
},
"per_hour": {
"type": "integer",
"description": "Maximum number of issued tokens per hour",
"minimum": 1,
"maximum": 2147483647
}
}
},
"TokenQuotaConfiguration": {
"type": "object",
"additionalProperties": true,
"required": [
"client_credentials"
],
"properties": {
"client_credentials": {
"$ref": "#/components/schemas/TokenQuotaClientCredentials"
}
}
},
"TwilioProviderConfiguration": {
"type": "object",
"additionalProperties": false,
"required": [
"sid",
"delivery_methods"
],
"properties": {
"default_from": {
"type": "string"
},
"mssid": {
"type": "string"
},
"sid": {
"type": "string"
},
"delivery_methods": {
"type": "array",
"minItems": 1,
"items": {
"$ref": "#/components/schemas/TwilioProviderDeliveryMethodEnum"
}
}
}
},
"TwilioProviderCredentials": {
"type": "object",
"additionalProperties": false,
"required": [
"auth_token"
],
"properties": {
"auth_token": {
"type": "string",
"minLength": 1,
"maxLength": 255
}
}
},
"TwilioProviderDeliveryMethodEnum": {
"type": "string",
"enum": [
"text",
"voice"
]
},
"UniversalLoginExperienceEnum": {
"type": "string",
"description": "Which login experience to use. Can be `new` or `classic`.",
"enum": [
"new",
"classic"
]
},
"UpdateActionBindingItem": {
"oneOf": [
{
"$ref": "#/components/schemas/ActionBindingWithRef"
}
]
},
"UpdateActionBindingsRequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"bindings": {
"type": "array",
"description": "The actions that will be bound to this trigger. The order in which they are included will be the order in which they are executed.",
"items": {
"$ref": "#/components/schemas/UpdateActionBindingItem"
}
}
}
},
"UpdateActionBindingsResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"bindings": {
"type": "array",
"items": {
"$ref": "#/components/schemas/ActionBinding"
}
}
}
},
"UpdateActionModuleRequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"code": {
"type": "string",
"description": "The source code of the action module.",
"maxLength": 65536,
"pattern": "^[^\u0000]*$"
},
"secrets": {
"type": "array",
"description": "The secrets to associate with the action module.",
"items": {
"$ref": "#/components/schemas/ActionModuleSecretRequest"
}
},
"dependencies": {
"type": "array",
"description": "The npm dependencies of the action module.",
"items": {
"$ref": "#/components/schemas/ActionModuleDependencyRequest"
}
}
}
},
"UpdateActionModuleResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"type": "string",
"description": "The unique ID of the module."
},
"name": {
"type": "string",
"description": "The name of the module."
},
"code": {
"type": "string",
"description": "The source code from the module's draft version."
},
"dependencies": {
"type": "array",
"description": "The npm dependencies from the module's draft version.",
"items": {
"$ref": "#/components/schemas/ActionModuleDependency"
}
},
"secrets": {
"type": "array",
"description": "The secrets from the module's draft version (names and timestamps only, values never returned).",
"items": {
"$ref": "#/components/schemas/ActionModuleSecret"
}
},
"actions_using_module_total": {
"type": "integer",
"description": "The number of deployed actions using this module."
},
"all_changes_published": {
"type": "boolean",
"description": "Whether all draft changes have been published as a version."
},
"latest_version_number": {
"type": "integer",
"description": "The version number of the latest published version. Omitted if no versions have been published."
},
"created_at": {
"type": "string",
"description": "Timestamp when the module was created.",
"format": "date-time"
},
"updated_at": {
"type": "string",
"description": "Timestamp when the module was last updated.",
"format": "date-time"
},
"latest_version": {
"$ref": "#/components/schemas/ActionModuleVersionReference"
}
}
},
"UpdateActionRequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"name": {
"type": "string",
"description": "The name of an action.",
"default": "my-action"
},
"supported_triggers": {
"type": "array",
"description": "The list of triggers that this action supports. At this time, an action can only target a single trigger at a time.",
"minItems": 1,
"items": {
"$ref": "#/components/schemas/ActionTrigger",
"x-release-lifecycle": "GA"
}
},
"code": {
"type": "string",
"description": "The source code of the action.",
"default": "module.exports = () => {}"
},
"dependencies": {
"type": "array",
"description": "The list of third party npm modules, and their versions, that this action depends on.",
"items": {
"$ref": "#/components/schemas/ActionVersionDependency"
}
},
"runtime": {
"type": "string",
"description": "The Node runtime. For example: `node22`, defaults to `node22`",
"default": "node22"
},
"secrets": {
"type": "array",
"description": "The list of secrets that are included in an action or a version of an action.",
"items": {
"$ref": "#/components/schemas/ActionSecretRequest"
}
},
"modules": {
"type": "array",
"description": "The list of action modules and their versions used by this action.",
"items": {
"$ref": "#/components/schemas/ActionModuleReference"
}
}
}
},
"UpdateActionResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"type": "string",
"description": "The unique ID of the action.",
"default": "910b1053-577f-4d81-a8c8-020e7319a38a"
},
"name": {
"type": "string",
"description": "The name of an action.",
"default": "my-action"
},
"supported_triggers": {
"type": "array",
"description": "The list of triggers that this action supports. At this time, an action can only target a single trigger at a time.",
"minItems": 1,
"items": {
"$ref": "#/components/schemas/ActionTrigger",
"x-release-lifecycle": "GA"
}
},
"all_changes_deployed": {
"type": "boolean",
"description": "True if all of an Action's contents have been deployed.",
"default": false
},
"created_at": {
"type": "string",
"description": "The time when this action was created.",
"default": "2021-01-01T00:00:00.000Z",
"format": "date-time"
},
"updated_at": {
"type": "string",
"description": "The time when this action was updated.",
"default": "2021-01-01T00:00:00.000Z",
"format": "date-time"
},
"code": {
"type": "string",
"description": "The source code of the action.",
"default": "module.exports = () => {}"
},
"dependencies": {
"type": "array",
"description": "The list of third party npm modules, and their versions, that this action depends on.",
"items": {
"$ref": "#/components/schemas/ActionVersionDependency"
}
},
"runtime": {
"type": "string",
"description": "The Node runtime. For example: `node22`, defaults to `node22`",
"default": "node22"
},
"secrets": {
"type": "array",
"description": "The list of secrets that are included in an action or a version of an action.",
"items": {
"$ref": "#/components/schemas/ActionSecretResponse"
}
},
"deployed_version": {
"$ref": "#/components/schemas/ActionDeployedVersion"
},
"installed_integration_id": {
"type": "string",
"description": "installed_integration_id is the fk reference to the InstalledIntegration entity.",
"default": "7d2bc0c9-c0c2-433a-9f4e-86ef80270aad"
},
"integration": {
"$ref": "#/components/schemas/Integration"
},
"status": {
"$ref": "#/components/schemas/ActionBuildStatusEnum"
},
"built_at": {
"type": "string",
"description": "The time when this action was built successfully.",
"default": "2021-01-01T00:00:00.000Z",
"format": "date-time"
},
"deploy": {
"type": "boolean",
"description": "True if the action should be deployed after creation.",
"default": false
},
"modules": {
"type": "array",
"description": "The list of action modules and their versions used by this action.",
"items": {
"$ref": "#/components/schemas/ActionModuleReference"
}
}
}
},
"UpdateAculRequestContent": {
"type": "object",
"description": "Render settings for the given screen",
"additionalProperties": false,
"properties": {
"rendering_mode": {
"$ref": "#/components/schemas/AculRenderingModeEnum",
"description": "Rendering mode"
},
"context_configuration": {
"$ref": "#/components/schemas/AculContextConfiguration"
},
"default_head_tags_disabled": {
"type": [
"boolean",
"null"
],
"description": "Override Universal Login default head tags",
"default": false
},
"use_page_template": {
"type": [
"boolean",
"null"
],
"description": "Use page template with ACUL",
"default": false
},
"head_tags": {
"type": [
"array",
"null"
],
"description": "An array of head tags",
"items": {
"$ref": "#/components/schemas/AculHeadTag"
}
},
"filters": {
"$ref": "#/components/schemas/AculFilters"
}
}
},
"UpdateAculResponseContent": {
"type": "object",
"additionalProperties": true,
"properties": {
"rendering_mode": {
"$ref": "#/components/schemas/AculRenderingModeEnum",
"description": "Rendering mode"
},
"context_configuration": {
"$ref": "#/components/schemas/AculContextConfiguration"
},
"default_head_tags_disabled": {
"type": [
"boolean",
"null"
],
"description": "Override Universal Login default head tags",
"default": false
},
"use_page_template": {
"type": [
"boolean",
"null"
],
"description": "Use page template with ACUL",
"default": false
},
"head_tags": {
"type": [
"array",
"null"
],
"description": "An array of head tags",
"items": {
"$ref": "#/components/schemas/AculHeadTag"
}
},
"filters": {
"$ref": "#/components/schemas/AculFilters"
}
}
},
"UpdateAttackProtectionCaptchaRequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"active_provider_id": {
"$ref": "#/components/schemas/AttackProtectionCaptchaProviderId"
},
"arkose": {
"$ref": "#/components/schemas/AttackProtectionUpdateCaptchaArkose"
},
"auth_challenge": {
"$ref": "#/components/schemas/AttackProtectionCaptchaAuthChallengeRequest"
},
"hcaptcha": {
"$ref": "#/components/schemas/AttackProtectionUpdateCaptchaHcaptcha"
},
"friendly_captcha": {
"$ref": "#/components/schemas/AttackProtectionUpdateCaptchaFriendlyCaptcha"
},
"recaptcha_enterprise": {
"$ref": "#/components/schemas/AttackProtectionUpdateCaptchaRecaptchaEnterprise"
},
"recaptcha_v2": {
"$ref": "#/components/schemas/AttackProtectionUpdateCaptchaRecaptchaV2"
},
"simple_captcha": {
"$ref": "#/components/schemas/AttackProtectionCaptchaSimpleCaptchaResponseContent"
}
}
},
"UpdateAttackProtectionCaptchaResponseContent": {
"type": "object",
"additionalProperties": true,
"properties": {
"active_provider_id": {
"type": "string"
},
"arkose": {
"$ref": "#/components/schemas/AttackProtectionCaptchaArkoseResponseContent"
},
"auth_challenge": {
"$ref": "#/components/schemas/AttackProtectionCaptchaAuthChallengeResponseContent"
},
"hcaptcha": {
"$ref": "#/components/schemas/AttackProtectionCaptchaHcaptchaResponseContent"
},
"friendly_captcha": {
"$ref": "#/components/schemas/AttackProtectionCaptchaFriendlyCaptchaResponseContent"
},
"recaptcha_enterprise": {
"$ref": "#/components/schemas/AttackProtectionCaptchaRecaptchaEnterpriseResponseContent"
},
"recaptcha_v2": {
"$ref": "#/components/schemas/AttackProtectionCaptchaRecaptchaV2ResponseContent"
},
"simple_captcha": {
"$ref": "#/components/schemas/AttackProtectionCaptchaSimpleCaptchaResponseContent"
}
}
},
"UpdateBotDetectionSettingsRequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"bot_detection_level": {
"$ref": "#/components/schemas/BotDetectionLevelEnum"
},
"challenge_password_policy": {
"$ref": "#/components/schemas/BotDetectionChallengePolicyPasswordFlowEnum"
},
"challenge_passwordless_policy": {
"$ref": "#/components/schemas/BotDetectionChallengePolicyPasswordlessFlowEnum"
},
"challenge_password_reset_policy": {
"$ref": "#/components/schemas/BotDetectionChallengePolicyPasswordResetFlowEnum"
},
"allowlist": {
"$ref": "#/components/schemas/BotDetectionAllowlist"
},
"monitoring_mode_enabled": {
"$ref": "#/components/schemas/BotDetectionMonitoringModeEnabled"
}
}
},
"UpdateBotDetectionSettingsResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"bot_detection_level": {
"$ref": "#/components/schemas/BotDetectionLevelEnum"
},
"challenge_password_policy": {
"$ref": "#/components/schemas/BotDetectionChallengePolicyPasswordFlowEnum"
},
"challenge_passwordless_policy": {
"$ref": "#/components/schemas/BotDetectionChallengePolicyPasswordlessFlowEnum"
},
"challenge_password_reset_policy": {
"$ref": "#/components/schemas/BotDetectionChallengePolicyPasswordResetFlowEnum"
},
"allowlist": {
"$ref": "#/components/schemas/BotDetectionAllowlist"
},
"monitoring_mode_enabled": {
"$ref": "#/components/schemas/BotDetectionMonitoringModeEnabled"
}
}
},
"UpdateBrandingColors": {
"type": [
"object",
"null"
],
"description": "Custom color settings.",
"additionalProperties": false,
"minProperties": 1,
"properties": {
"primary": {
"type": [
"string",
"null"
],
"description": "Accent color.",
"format": "html-color-or-null"
},
"page_background": {
"$ref": "#/components/schemas/UpdateBrandingPageBackground"
}
}
},
"UpdateBrandingFont": {
"type": [
"object",
"null"
],
"description": "Custom font settings.",
"additionalProperties": false,
"minProperties": 1,
"properties": {
"url": {
"type": [
"string",
"null"
],
"description": "URL for the custom font. The URL must point to a font file and not a stylesheet. Must use HTTPS.",
"format": "strict-https-uri-or-null"
}
}
},
"UpdateBrandingIdentifiers": {
"type": [
"object",
"null"
],
"description": "Identifier input display settings.",
"additionalProperties": false,
"minProperties": 1,
"properties": {
"login_display": {
"$ref": "#/components/schemas/UpdateBrandingLoginDisplayEnum"
},
"otp_autocomplete": {
"type": "boolean",
"description": "Whether OTP autocomplete (autocomplete=\"one-time-code\") is enabled.",
"default": true
},
"phone_display": {
"$ref": "#/components/schemas/UpdateBrandingPhoneDisplay"
}
}
},
"UpdateBrandingLoginDisplayEnum": {
"type": "string",
"description": "Controls identifier input presentation on the login flow. Defaults to \"unified\" for legacy tenants, \"separate\" for tenants created post-GA of this feature.",
"default": "unified",
"enum": [
"unified",
"separate"
]
},
"UpdateBrandingPageBackground": {
"description": "Page Background Color or Gradient.\nProperty contains either null to unset, a solid color as a string value #FFFFFF, or a gradient as an object.\n\n\n{\n type: 'linear-gradient',\n start: '#FFFFFF',\n end: '#000000',\n angle_deg: 35\n}\nblock, user_notification, admin_notification.",
"items": {
"$ref": "#/components/schemas/BreachedPasswordDetectionShieldsEnum"
}
},
"admin_notification_frequency": {
"type": "array",
"description": "When \"admin_notification\" is enabled, determines how often email notifications are sent.\n Possible values: immediately, daily, weekly, monthly.",
"items": {
"$ref": "#/components/schemas/BreachedPasswordDetectionAdminNotificationFrequencyEnum"
}
},
"method": {
"$ref": "#/components/schemas/BreachedPasswordDetectionMethodEnum"
},
"stage": {
"$ref": "#/components/schemas/BreachedPasswordDetectionStage"
}
}
},
"UpdateBreachedPasswordDetectionSettingsResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"enabled": {
"type": "boolean",
"description": "Whether or not breached password detection is active.",
"default": true
},
"shields": {
"type": "array",
"description": "Action to take when a breached password is detected during a login.\n Possible values: block, user_notification, admin_notification.",
"items": {
"$ref": "#/components/schemas/BreachedPasswordDetectionShieldsEnum"
}
},
"admin_notification_frequency": {
"type": "array",
"description": "When \"admin_notification\" is enabled, determines how often email notifications are sent.\n Possible values: immediately, daily, weekly, monthly.",
"items": {
"$ref": "#/components/schemas/BreachedPasswordDetectionAdminNotificationFrequencyEnum"
}
},
"method": {
"$ref": "#/components/schemas/BreachedPasswordDetectionMethodEnum"
},
"stage": {
"$ref": "#/components/schemas/BreachedPasswordDetectionStage"
}
}
},
"UpdateBruteForceSettingsRequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"enabled": {
"type": "boolean",
"description": "Whether or not brute force attack protections are active."
},
"shields": {
"type": "array",
"description": "Action to take when a brute force protection threshold is violated.\n Possible values: block, user_notification.",
"items": {
"$ref": "#/components/schemas/BruteForceProtectionShieldsEnum"
}
},
"allowlist": {
"type": "array",
"description": "List of trusted IP addresses that will not have attack protection enforced against them.",
"items": {
"type": "string",
"anyOf": [
{
"type": "string",
"format": "ipv4"
},
{
"type": "string",
"format": "cidr"
},
{
"type": "string",
"format": "ipv6"
},
{
"type": "string",
"format": "ipv6_cidr"
}
]
}
},
"mode": {
"$ref": "#/components/schemas/BruteForceProtectionModeEnum"
},
"max_attempts": {
"type": "integer",
"description": "Maximum number of unsuccessful attempts.",
"default": 10,
"minimum": 1,
"maximum": 100
}
}
},
"UpdateBruteForceSettingsResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"enabled": {
"type": "boolean",
"description": "Whether or not brute force attack protections are active."
},
"shields": {
"type": "array",
"description": "Action to take when a brute force protection threshold is violated.\n Possible values: block, user_notification.",
"items": {
"$ref": "#/components/schemas/BruteForceProtectionShieldsEnum"
}
},
"allowlist": {
"type": "array",
"description": "List of trusted IP addresses that will not have attack protection enforced against them.",
"items": {
"type": "string",
"anyOf": [
{
"type": "string",
"format": "ipv4"
},
{
"type": "string",
"format": "cidr"
},
{
"type": "string",
"format": "ipv6"
},
{
"type": "string",
"format": "ipv6_cidr"
}
]
}
},
"mode": {
"$ref": "#/components/schemas/BruteForceProtectionModeEnum"
},
"max_attempts": {
"type": "integer",
"description": "Maximum number of unsuccessful attempts.",
"default": 10,
"minimum": 1,
"maximum": 100
}
}
},
"UpdateClientGrantRequestContent": {
"type": "object",
"additionalProperties": false,
"minProperties": 1,
"properties": {
"scope": {
"type": [
"array",
"null"
],
"description": "Scopes allowed for this client grant.",
"items": {
"type": "string",
"minLength": 1,
"maxLength": 280
}
},
"organization_usage": {
"$ref": "#/components/schemas/ClientGrantOrganizationNullableUsageEnum"
},
"allow_any_organization": {
"type": [
"boolean",
"null"
],
"description": "Controls allowing any organization to be used with this grant"
},
"authorization_details_types": {
"type": "array",
"description": "Types of authorization_details allowed for this client grant.",
"items": {
"type": "string",
"minLength": 1,
"maxLength": 255
}
},
"allow_all_scopes": {
"type": [
"boolean",
"null"
],
"description": "If enabled, all scopes configured on the resource server are allowed for this grant."
}
}
},
"UpdateClientGrantResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"type": "string",
"description": "ID of the client grant."
},
"client_id": {
"type": "string",
"description": "ID of the client."
},
"audience": {
"type": "string",
"description": "The audience (API identifier) of this client grant.",
"minLength": 1
},
"scope": {
"type": "array",
"description": "Scopes allowed for this client grant.",
"items": {
"type": "string",
"minLength": 1
}
},
"organization_usage": {
"$ref": "#/components/schemas/ClientGrantOrganizationUsageEnum"
},
"allow_any_organization": {
"type": "boolean",
"description": "If enabled, any organization can be used with this grant. If disabled (default), the grant must be explicitly assigned to the desired organizations."
},
"default_for": {
"$ref": "#/components/schemas/ClientGrantDefaultForEnum",
"x-release-lifecycle": "GA"
},
"is_system": {
"type": "boolean",
"description": "If enabled, this grant is a special grant created by Auth0. It cannot be modified or deleted directly."
},
"subject_type": {
"$ref": "#/components/schemas/ClientGrantSubjectTypeEnum"
},
"authorization_details_types": {
"type": "array",
"description": "Types of authorization_details allowed for this client grant.",
"items": {
"type": "string",
"minLength": 1,
"maxLength": 255
}
},
"allow_all_scopes": {
"type": "boolean",
"description": "If enabled, all scopes configured on the resource server are allowed for this grant."
}
}
},
"UpdateClientRequestContent": {
"type": "object",
"additionalProperties": false,
"minProperties": 1,
"properties": {
"name": {
"type": "string",
"description": "The name of the client. Must contain at least one character. Does not allow '<' or '>'.",
"pattern": "^[^<>]+$"
},
"description": {
"type": "string",
"description": "Free text description of the purpose of the Client. (Max character length: 140)",
"maxLength": 140
},
"client_secret": {
"type": "string",
"description": "The secret used to sign tokens for the client",
"minLength": 1
},
"logo_uri": {
"type": "string",
"description": "The URL of the client logo (recommended size: 150x150)",
"format": "absolute-uri-or-empty"
},
"callbacks": {
"type": "array",
"description": "A set of URLs that are valid to call back from Auth0 when authenticating users",
"items": {
"type": "string",
"format": "callback-url"
}
},
"oidc_logout": {
"$ref": "#/components/schemas/ClientOIDCBackchannelLogoutSettings"
},
"oidc_backchannel_logout": {
"$ref": "#/components/schemas/ClientOIDCBackchannelLogoutSettings",
"x-release-lifecycle": "deprecated",
"description": "Configuration for OIDC backchannel logout (deprecated, in favor of oidc_logout)"
},
"session_transfer": {
"$ref": "#/components/schemas/ClientSessionTransferConfiguration"
},
"allowed_origins": {
"type": "array",
"description": "A set of URLs that represents valid origins for CORS",
"items": {
"type": "string",
"format": "url-with-placeholders"
}
},
"web_origins": {
"type": "array",
"description": "A set of URLs that represents valid web origins for use with web message response mode",
"items": {
"type": "string",
"format": "url-with-placeholders"
}
},
"grant_types": {
"type": "array",
"description": "A set of grant types that the client is authorized to use. Can include `authorization_code`, `implicit`, `refresh_token`, `client_credentials`, `password`, `http://auth0.com/oauth/grant-type/password-realm`, `http://auth0.com/oauth/grant-type/mfa-oob`, `http://auth0.com/oauth/grant-type/mfa-otp`, `http://auth0.com/oauth/grant-type/mfa-recovery-code`, `urn:openid:params:grant-type:ciba`, `urn:ietf:params:oauth:grant-type:device_code`, and `urn:auth0:params:oauth:grant-type:token-exchange:federated-connection-access-token`.",
"items": {
"type": "string",
"minLength": 1
}
},
"client_aliases": {
"type": "array",
"description": "List of audiences for SAML protocol",
"items": {
"type": "string",
"minLength": 1
}
},
"allowed_clients": {
"type": "array",
"description": "Ids of clients that will be allowed to perform delegation requests. Clients that will be allowed to make delegation request. By default, all your clients will be allowed. This field allows you to specify specific clients",
"items": {
"type": "string",
"minLength": 1
}
},
"allowed_logout_urls": {
"type": "array",
"description": "URLs that are valid to redirect to after logout from Auth0",
"items": {
"type": "string",
"format": "url-with-placeholders"
}
},
"jwt_configuration": {
"$ref": "#/components/schemas/ClientJwtConfiguration",
"description": "An object that holds settings related to how JWTs are created"
},
"encryption_key": {
"$ref": "#/components/schemas/ClientEncryptionKey",
"description": "The client's encryption key"
},
"sso": {
"type": "boolean",
"description": "true to use Auth0 instead of the IdP to do Single Sign On, false otherwise (default: false)"
},
"cross_origin_authentication": {
"type": "boolean",
"description": "true if this client can be used to make cross-origin authentication requests, false otherwise if cross origin is disabled"
},
"cross_origin_loc": {
"type": [
"string",
"null"
],
"description": "URL for the location in your site where the cross origin verification takes place for the cross-origin auth flow when performing Auth in your own domain instead of Auth0 hosted login page.",
"format": "url-or-null"
},
"sso_disabled": {
"type": "boolean",
"description": "true to disable Single Sign On, false otherwise (default: false)"
},
"custom_login_page_on": {
"type": "boolean",
"description": "true if the custom login page is to be used, false otherwise."
},
"token_endpoint_auth_method": {
"$ref": "#/components/schemas/ClientTokenEndpointAuthMethodOrNullEnum"
},
"is_token_endpoint_ip_header_trusted": {
"type": "boolean",
"description": "If true, trust that the IP specified in the `auth0-forwarded-for` header is the end-user's IP for brute-force-protection on token endpoint.",
"default": false
},
"app_type": {
"$ref": "#/components/schemas/ClientAppTypeEnum"
},
"is_first_party": {
"type": "boolean",
"description": "Whether this client a first party client or not",
"default": true
},
"oidc_conformant": {
"type": "boolean",
"description": "Whether this client will conform to strict OIDC specifications",
"default": false
},
"custom_login_page": {
"type": "string",
"description": "The content (HTML, CSS, JS) of the custom login page"
},
"custom_login_page_preview": {
"type": "string"
},
"token_quota": {
"$ref": "#/components/schemas/UpdateTokenQuota",
"x-release-lifecycle": "EA"
},
"form_template": {
"type": "string",
"description": "Form template for WS-Federation protocol"
},
"addons": {
"$ref": "#/components/schemas/ClientAddons"
},
"client_metadata": {
"$ref": "#/components/schemas/ClientMetadata"
},
"mobile": {
"$ref": "#/components/schemas/ClientMobile",
"description": "Configuration related to native mobile apps"
},
"initiate_login_uri": {
"type": "string",
"description": "Initiate login uri, must be https",
"format": "absolute-https-uri-with-placeholders-or-empty"
},
"native_social_login": {
"$ref": "#/components/schemas/NativeSocialLogin"
},
"refresh_token": {
"$ref": "#/components/schemas/ClientRefreshTokenConfiguration"
},
"default_organization": {
"$ref": "#/components/schemas/ClientDefaultOrganization"
},
"organization_usage": {
"$ref": "#/components/schemas/ClientOrganizationUsagePatchEnum"
},
"organization_require_behavior": {
"$ref": "#/components/schemas/ClientOrganizationRequireBehaviorPatchEnum"
},
"organization_discovery_methods": {
"type": [
"array",
"null"
],
"description": "Defines the available methods for organization discovery during the `pre_login_prompt`. Users can discover their organization either by `email`, `organization_name` or both.",
"minItems": 1,
"x-release-lifecycle": "EA",
"items": {
"$ref": "#/components/schemas/ClientOrganizationDiscoveryEnum"
}
},
"client_authentication_methods": {
"$ref": "#/components/schemas/ClientAuthenticationMethod"
},
"require_pushed_authorization_requests": {
"type": "boolean",
"description": "Makes the use of Pushed Authorization Requests mandatory for this client",
"default": false
},
"require_proof_of_possession": {
"type": "boolean",
"description": "Makes the use of Proof-of-Possession mandatory for this client",
"default": false
},
"signed_request_object": {
"$ref": "#/components/schemas/ClientSignedRequestObjectWithCredentialId"
},
"compliance_level": {
"$ref": "#/components/schemas/ClientComplianceLevelEnum"
},
"skip_non_verifiable_callback_uri_confirmation_prompt": {
"type": [
"boolean",
"null"
],
"description": "Controls whether a confirmation prompt is shown during login flows when the redirect URI uses non-verifiable callback URIs (for example, a custom URI schema such as `myapp://`, or `localhost`).\nIf set to true, a confirmation prompt will not be shown. We recommend that this is set to false for improved protection from malicious apps.\nSee https://auth0.com/docs/secure/security-guidance/measures-against-app-impersonation for more information."
},
"token_exchange": {
"$ref": "#/components/schemas/ClientTokenExchangeConfigurationOrNull",
"x-release-lifecycle": "GA"
},
"par_request_expiry": {
"type": [
"integer",
"null"
],
"description": "Specifies how long, in seconds, a Pushed Authorization Request URI remains valid",
"minimum": 10,
"maximum": 600
},
"express_configuration": {
"$ref": "#/components/schemas/ExpressConfigurationOrNull"
},
"my_organization_configuration": {
"$ref": "#/components/schemas/ClientMyOrganizationPatchConfiguration",
"x-release-lifecycle": "EA"
},
"async_approval_notification_channels": {
"$ref": "#/components/schemas/ClientAsyncApprovalNotificationsChannelsAPIPatchConfiguration"
},
"third_party_security_mode": {
"$ref": "#/components/schemas/ClientThirdPartySecurityModeEnum",
"x-release-lifecycle": "GA"
},
"redirection_policy": {
"$ref": "#/components/schemas/ClientRedirectionPolicyEnum",
"x-release-lifecycle": "GA"
}
}
},
"UpdateClientResponseContent": {
"type": "object",
"additionalProperties": true,
"properties": {
"client_id": {
"type": "string",
"description": "ID of this client.",
"default": "AaiyAPdpYdesoKnqjj8HJqRn4T5titww"
},
"tenant": {
"type": "string",
"description": "Name of the tenant this client belongs to.",
"default": ""
},
"name": {
"type": "string",
"description": "Name of this client (min length: 1 character, does not allow `<` or `>`).",
"default": "My application"
},
"description": {
"type": "string",
"description": "Free text description of this client (max length: 140 characters).",
"default": ""
},
"global": {
"type": "boolean",
"description": "Whether this is your global 'All Applications' client representing legacy tenant settings (true) or a regular client (false).",
"default": false
},
"client_secret": {
"type": "string",
"description": "Client secret (which you must not make public).",
"default": "MG_TNT2ver-SylNat-_VeMmd-4m0Waba0jr1troztBniSChEw0glxEmgEi2Kw40H"
},
"app_type": {
"$ref": "#/components/schemas/ClientAppTypeEnum"
},
"logo_uri": {
"type": "string",
"description": "URL of the logo to display for this client. Recommended size is 150x150 pixels."
},
"is_first_party": {
"type": "boolean",
"description": "Whether this client a first party client (true) or not (false).",
"default": false
},
"oidc_conformant": {
"type": "boolean",
"description": "Whether this client conforms to strict OIDC specifications (true) or uses legacy features (false).",
"default": false
},
"callbacks": {
"type": "array",
"description": "Comma-separated list of URLs whitelisted for Auth0 to use as a callback to the client after authentication.",
"items": {
"type": "string"
}
},
"allowed_origins": {
"type": "array",
"description": "Comma-separated list of URLs allowed to make requests from JavaScript to Auth0 API (typically used with CORS). By default, all your callback URLs will be allowed. This field allows you to enter other origins if necessary. You can also use wildcards at the subdomain level (e.g., https://*.contoso.com). Query strings and hash information are not taken into account when validating these URLs.",
"items": {
"type": "string"
}
},
"web_origins": {
"type": "array",
"description": "Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode.",
"items": {
"type": "string"
}
},
"client_aliases": {
"type": "array",
"description": "List of audiences/realms for SAML protocol. Used by the wsfed addon.",
"items": {
"type": "string"
}
},
"allowed_clients": {
"type": "array",
"description": "List of allow clients and API ids that are allowed to make delegation requests. Empty means all all your clients are allowed.",
"items": {
"type": "string"
}
},
"allowed_logout_urls": {
"type": "array",
"description": "Comma-separated list of URLs that are valid to redirect to after logout from Auth0. Wildcards are allowed for subdomains.",
"items": {
"type": "string"
}
},
"session_transfer": {
"$ref": "#/components/schemas/ClientSessionTransferConfiguration"
},
"oidc_logout": {
"$ref": "#/components/schemas/ClientOIDCBackchannelLogoutSettings"
},
"grant_types": {
"type": "array",
"description": "List of grant types supported for this application. Can include `authorization_code`, `implicit`, `refresh_token`, `client_credentials`, `password`, `http://auth0.com/oauth/grant-type/password-realm`, `http://auth0.com/oauth/grant-type/mfa-oob`, `http://auth0.com/oauth/grant-type/mfa-otp`, `http://auth0.com/oauth/grant-type/mfa-recovery-code`, `urn:openid:params:grant-type:ciba`, `urn:ietf:params:oauth:grant-type:device_code`, and `urn:auth0:params:oauth:grant-type:token-exchange:federated-connection-access-token`.",
"items": {
"type": "string"
}
},
"jwt_configuration": {
"$ref": "#/components/schemas/ClientJwtConfiguration"
},
"signing_keys": {
"$ref": "#/components/schemas/ClientSigningKeys"
},
"encryption_key": {
"$ref": "#/components/schemas/ClientEncryptionKey"
},
"sso": {
"type": "boolean",
"description": "Applies only to SSO clients and determines whether Auth0 will handle Single Sign On (true) or whether the Identity Provider will (false).",
"default": false
},
"sso_disabled": {
"type": "boolean",
"description": "Whether Single Sign On is disabled (true) or enabled (true). Defaults to true.",
"default": false
},
"cross_origin_authentication": {
"type": "boolean",
"description": "Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false)."
},
"cross_origin_loc": {
"type": "string",
"description": "URL of the location in your site where the cross origin verification takes place for the cross-origin auth flow when performing Auth in your own domain instead of Auth0 hosted login page.",
"format": "url"
},
"custom_login_page_on": {
"type": "boolean",
"description": "Whether a custom login page is to be used (true) or the default provided login page (false).",
"default": true
},
"custom_login_page": {
"type": "string",
"description": "The content (HTML, CSS, JS) of the custom login page.",
"default": ""
},
"custom_login_page_preview": {
"type": "string",
"description": "The content (HTML, CSS, JS) of the custom login page. (Used on Previews)",
"default": ""
},
"form_template": {
"type": "string",
"description": "HTML form template to be used for WS-Federation.",
"default": ""
},
"addons": {
"$ref": "#/components/schemas/ClientAddons"
},
"token_endpoint_auth_method": {
"$ref": "#/components/schemas/ClientTokenEndpointAuthMethodEnum"
},
"is_token_endpoint_ip_header_trusted": {
"type": "boolean",
"description": "If true, trust that the IP specified in the `auth0-forwarded-for` header is the end-user's IP for brute-force-protection on token endpoint.",
"default": false
},
"client_metadata": {
"$ref": "#/components/schemas/ClientMetadata"
},
"mobile": {
"$ref": "#/components/schemas/ClientMobile"
},
"initiate_login_uri": {
"type": "string",
"description": "Initiate login uri, must be https",
"format": "absolute-https-uri-with-placeholders-or-empty"
},
"native_social_login": {},
"refresh_token": {
"$ref": "#/components/schemas/ClientRefreshTokenConfiguration"
},
"default_organization": {
"$ref": "#/components/schemas/ClientDefaultOrganization"
},
"organization_usage": {
"$ref": "#/components/schemas/ClientOrganizationUsageEnum"
},
"organization_require_behavior": {
"$ref": "#/components/schemas/ClientOrganizationRequireBehaviorEnum"
},
"organization_discovery_methods": {
"type": "array",
"description": "Defines the available methods for organization discovery during the `pre_login_prompt`. Users can discover their organization either by `email`, `organization_name` or both.",
"minItems": 1,
"x-release-lifecycle": "EA",
"items": {
"$ref": "#/components/schemas/ClientOrganizationDiscoveryEnum"
}
},
"client_authentication_methods": {
"$ref": "#/components/schemas/ClientAuthenticationMethod"
},
"require_pushed_authorization_requests": {
"type": "boolean",
"description": "Makes the use of Pushed Authorization Requests mandatory for this client",
"default": false
},
"require_proof_of_possession": {
"type": "boolean",
"description": "Makes the use of Proof-of-Possession mandatory for this client",
"default": false
},
"signed_request_object": {
"$ref": "#/components/schemas/ClientSignedRequestObjectWithCredentialId"
},
"compliance_level": {
"$ref": "#/components/schemas/ClientComplianceLevelEnum"
},
"skip_non_verifiable_callback_uri_confirmation_prompt": {
"type": "boolean",
"description": "Controls whether a confirmation prompt is shown during login flows when the redirect URI uses non-verifiable callback URIs (for example, a custom URI schema such as `myapp://`, or `localhost`).\nIf set to true, a confirmation prompt will not be shown. We recommend that this is set to false for improved protection from malicious apps.\nSee https://auth0.com/docs/secure/security-guidance/measures-against-app-impersonation for more information."
},
"token_exchange": {
"$ref": "#/components/schemas/ClientTokenExchangeConfiguration",
"x-release-lifecycle": "GA"
},
"par_request_expiry": {
"type": [
"integer",
"null"
],
"description": "Specifies how long, in seconds, a Pushed Authorization Request URI remains valid",
"minimum": 10,
"maximum": 600
},
"token_quota": {
"$ref": "#/components/schemas/TokenQuota",
"x-release-lifecycle": "EA"
},
"express_configuration": {
"$ref": "#/components/schemas/ExpressConfiguration"
},
"my_organization_configuration": {
"$ref": "#/components/schemas/ClientMyOrganizationResponseConfiguration",
"x-release-lifecycle": "EA"
},
"third_party_security_mode": {
"$ref": "#/components/schemas/ClientThirdPartySecurityModeEnum",
"x-release-lifecycle": "GA"
},
"redirection_policy": {
"$ref": "#/components/schemas/ClientRedirectionPolicyEnum",
"x-release-lifecycle": "GA"
},
"resource_server_identifier": {
"type": "string",
"description": "The identifier of the resource server that this client is linked to."
},
"async_approval_notification_channels": {
"$ref": "#/components/schemas/ClientAsyncApprovalNotificationsChannelsAPIPostConfiguration"
},
"external_metadata_type": {
"$ref": "#/components/schemas/ClientExternalMetadataTypeEnum"
},
"external_metadata_created_by": {
"$ref": "#/components/schemas/ClientExternalMetadataCreatedByEnum"
},
"external_client_id": {
"type": "string",
"description": "An alternate client identifier to be used during authorization flows. Only supports CIMD-based client identifiers.",
"format": "absolute-https-uri-or-empty"
},
"jwks_uri": {
"type": "string",
"description": "URL for the JSON Web Key Set (JWKS) containing the public keys used for private_key_jwt authentication. Only present for CIMD clients using private_key_jwt authentication.",
"format": "absolute-https-uri-or-empty"
}
}
},
"UpdateConnectionOptions": {
"type": [
"object",
"null"
],
"description": "The connection's options (depend on the connection strategy). To update these options, the `update:connections_options` scope must be present. To verify your changes, also include the `read:connections_options` scope. If this scope is not specified, you will not be able to review the updated object.",
"additionalProperties": true,
"properties": {
"validation": {
"$ref": "#/components/schemas/ConnectionValidationOptions"
},
"non_persistent_attrs": {
"type": [
"array",
"null"
],
"description": "An array of user fields that should not be stored in the Auth0 database (https://auth0.com/docs/security/data-security/denylist)",
"items": {
"type": "string"
}
},
"precedence": {
"type": "array",
"description": "Order of precedence for attribute types. If the property is not specified, the default precedence of attributes will be used.",
"minItems": 3,
"items": {
"$ref": "#/components/schemas/ConnectionIdentifierPrecedenceEnum"
}
},
"attributes": {
"$ref": "#/components/schemas/ConnectionAttributes"
},
"enable_script_context": {
"type": "boolean",
"description": "Set to true to inject context into custom DB scripts (warning: cannot be disabled once enabled)"
},
"enabledDatabaseCustomization": {
"type": "boolean",
"description": "Set to true to use a legacy user store"
},
"import_mode": {
"type": "boolean",
"description": "Enable this if you have a legacy user store and you want to gradually migrate those users to the Auth0 user store"
},
"configuration": {
"type": [
"object",
"null"
],
"description": "Stores encrypted string only configurations for connections",
"additionalProperties": {
"type": [
"string",
"null"
]
}
},
"customScripts": {
"$ref": "#/components/schemas/ConnectionCustomScripts"
},
"authentication_methods": {
"$ref": "#/components/schemas/ConnectionAuthenticationMethods"
},
"passkey_options": {
"$ref": "#/components/schemas/ConnectionPasskeyOptions"
},
"passwordPolicy": {
"$ref": "#/components/schemas/ConnectionPasswordPolicyEnum"
},
"password_complexity_options": {
"$ref": "#/components/schemas/ConnectionPasswordComplexityOptions"
},
"password_history": {
"$ref": "#/components/schemas/ConnectionPasswordHistoryOptions"
},
"password_no_personal_info": {
"$ref": "#/components/schemas/ConnectionPasswordNoPersonalInfoOptions"
},
"password_dictionary": {
"$ref": "#/components/schemas/ConnectionPasswordDictionaryOptions"
},
"api_enable_users": {
"type": "boolean"
},
"api_enable_groups": {
"type": "boolean",
"x-release-lifecycle": "EA"
},
"basic_profile": {
"type": "boolean"
},
"ext_admin": {
"type": "boolean"
},
"ext_is_suspended": {
"type": "boolean"
},
"ext_agreed_terms": {
"type": "boolean"
},
"ext_groups": {
"type": "boolean"
},
"ext_assigned_plans": {
"type": "boolean"
},
"ext_profile": {
"type": "boolean"
},
"disable_self_service_change_password": {
"type": "boolean"
},
"upstream_params": {
"$ref": "#/components/schemas/ConnectionUpstreamParams"
},
"set_user_root_attributes": {
"$ref": "#/components/schemas/ConnectionSetUserRootAttributesEnum"
},
"gateway_authentication": {
"$ref": "#/components/schemas/ConnectionGatewayAuthentication"
},
"federated_connections_access_tokens": {
"$ref": "#/components/schemas/ConnectionFederatedConnectionsAccessTokens"
},
"password_options": {
"$ref": "#/components/schemas/ConnectionPasswordOptions",
"x-release-lifecycle": "EA"
},
"assertion_decryption_settings": {
"$ref": "#/components/schemas/ConnectionAssertionDecryptionSettings"
},
"id_token_signed_response_algs": {
"$ref": "#/components/schemas/ConnectionIdTokenSignedResponseAlgs"
},
"token_endpoint_auth_method": {
"$ref": "#/components/schemas/ConnectionTokenEndpointAuthMethodEnum"
},
"token_endpoint_auth_signing_alg": {
"$ref": "#/components/schemas/ConnectionTokenEndpointAuthSigningAlgEnum"
},
"token_endpoint_jwtca_aud_format": {
"$ref": "#/components/schemas/ConnectionTokenEndpointJwtcaAudFormatEnumOIDC"
}
}
},
"UpdateConnectionProfileRequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"name": {
"$ref": "#/components/schemas/ConnectionProfileName"
},
"organization": {
"$ref": "#/components/schemas/ConnectionProfileOrganization"
},
"connection_name_prefix_template": {
"$ref": "#/components/schemas/ConnectionNamePrefixTemplate"
},
"enabled_features": {
"$ref": "#/components/schemas/ConnectionProfileEnabledFeatures"
},
"connection_config": {
"$ref": "#/components/schemas/ConnectionProfileConfig"
},
"strategy_overrides": {
"$ref": "#/components/schemas/ConnectionProfileStrategyOverrides"
}
}
},
"UpdateConnectionProfileResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"$ref": "#/components/schemas/ConnectionProfileId"
},
"name": {
"$ref": "#/components/schemas/ConnectionProfileName"
},
"organization": {
"$ref": "#/components/schemas/ConnectionProfileOrganization"
},
"connection_name_prefix_template": {
"$ref": "#/components/schemas/ConnectionNamePrefixTemplate"
},
"enabled_features": {
"$ref": "#/components/schemas/ConnectionProfileEnabledFeatures"
},
"connection_config": {
"$ref": "#/components/schemas/ConnectionProfileConfig"
},
"strategy_overrides": {
"$ref": "#/components/schemas/ConnectionProfileStrategyOverrides"
}
}
},
"UpdateConnectionRequestContent": {
"type": "object",
"additionalProperties": false,
"minProperties": 1,
"properties": {
"display_name": {
"type": "string",
"description": "The connection name used in the new universal login experience. If display_name is not included in the request, the field will be overwritten with the name value.",
"maxLength": 128
},
"options": {
"$ref": "#/components/schemas/UpdateConnectionOptions"
},
"enabled_clients": {
"type": [
"array",
"null"
],
"description": "DEPRECATED property. Use the PATCH /v2/connections/{id}/clients endpoint to enable or disable the connection for any clients.",
"x-release-lifecycle": "deprecated",
"items": {
"type": "string",
"description": "The client_id of the client to for which the connection is to be enabled",
"format": "client-id"
}
},
"is_domain_connection": {
"type": "boolean",
"description": "true promotes to a domain-level connection so that third-party applications can use it. false does not promote the connection, so only first-party applications with the connection enabled can use it. (Defaults to false.)"
},
"show_as_button": {
"type": "boolean",
"description": "Enables showing a button for the connection in the login page (new experience only). If false, it will be usable only by HRD. (Defaults to false.)"
},
"realms": {
"type": "array",
"description": "Defines the realms for which the connection will be used (ie: email domains). If the array is empty or the property is not specified, the connection name will be added as realm.",
"items": {
"type": "string",
"description": "The realm where this connection belongs",
"format": "connection-realm"
}
},
"metadata": {
"$ref": "#/components/schemas/ConnectionsMetadata"
},
"authentication": {
"$ref": "#/components/schemas/ConnectionAuthenticationPurpose",
"x-release-lifecycle": "GA"
},
"connected_accounts": {
"$ref": "#/components/schemas/ConnectionConnectedAccountsPurpose",
"x-release-lifecycle": "GA"
}
}
},
"UpdateConnectionRequestContentAD": {
"description": "Update a connection with strategy=ad",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsAD"
}
}
}
]
},
"UpdateConnectionRequestContentADFS": {
"description": "Update a connection with strategy=adfs",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsADFS"
},
"show_as_button": {
"$ref": "#/components/schemas/ConnectionShowAsButton"
}
}
}
]
},
"UpdateConnectionRequestContentAmazon": {
"description": "Update a connection with strategy=amazon",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsAmazon"
}
}
}
]
},
"UpdateConnectionRequestContentApple": {
"description": "Update a connection with strategy=apple",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsApple"
}
}
}
]
},
"UpdateConnectionRequestContentAuth0": {
"description": "Update a connection with strategy=auth0",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsAuth0"
},
"realms": {
"$ref": "#/components/schemas/ConnectionRealms"
}
}
}
]
},
"UpdateConnectionRequestContentAuth0OIDC": {
"description": "Update a connection with strategy=auth0-oidc",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsAuth0OIDC"
}
}
}
]
},
"UpdateConnectionRequestContentAzureAD": {
"description": "Update a connection with strategy=waad",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsAzureAD"
},
"show_as_button": {
"$ref": "#/components/schemas/ConnectionShowAsButton"
}
}
}
]
},
"UpdateConnectionRequestContentBaidu": {
"description": "Update a connection with strategy=baidu",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsBaidu"
}
}
}
]
},
"UpdateConnectionRequestContentBitbucket": {
"description": "Update a connection with strategy=bitbucket",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsBitbucket"
}
}
}
]
},
"UpdateConnectionRequestContentBitly": {
"description": "Update a connection with strategy=bitly",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsBitly"
}
}
}
]
},
"UpdateConnectionRequestContentBox": {
"description": "Update a connection with strategy=box",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsBox"
}
}
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
}
]
},
"UpdateConnectionRequestContentCustom": {
"description": "Update a connection with strategy=custom",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsCustom"
}
}
}
]
},
"UpdateConnectionRequestContentDaccount": {
"description": "Update a connection with strategy=daccount",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsDaccount"
}
}
}
]
},
"UpdateConnectionRequestContentDropbox": {
"description": "Update a connection with strategy=dropbox",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsDropbox"
}
}
}
]
},
"UpdateConnectionRequestContentDwolla": {
"description": "Update a connection with strategy=dwolla",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsDwolla"
}
}
}
]
},
"UpdateConnectionRequestContentEmail": {
"description": "Update a connection with strategy=email",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsEmail"
}
}
}
]
},
"UpdateConnectionRequestContentEvernote": {
"description": "Update a connection with strategy=evernote",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsEvernote"
}
}
}
]
},
"UpdateConnectionRequestContentEvernoteSandbox": {
"description": "Update a connection with strategy=evernote-sandbox",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsEvernote"
}
}
}
]
},
"UpdateConnectionRequestContentExact": {
"description": "Update a connection with strategy=exact",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsExact"
}
}
}
]
},
"UpdateConnectionRequestContentFacebook": {
"description": "Update a connection with strategy=facebook",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsFacebook"
}
}
}
]
},
"UpdateConnectionRequestContentFitbit": {
"description": "Update a connection with strategy=fitbit",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsFitbit"
}
}
}
]
},
"UpdateConnectionRequestContentGitHub": {
"description": "Update a connection with strategy=github",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsGitHub"
}
}
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
}
]
},
"UpdateConnectionRequestContentGoogleApps": {
"description": "Update a connection with strategy=google-apps",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsGoogleApps"
},
"show_as_button": {
"$ref": "#/components/schemas/ConnectionShowAsButton"
}
}
}
]
},
"UpdateConnectionRequestContentGoogleOAuth2": {
"description": "Update a connection with strategy=google-oauth2",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsGoogleOAuth2"
}
}
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
}
]
},
"UpdateConnectionRequestContentIP": {
"description": "Update a connection with strategy=ip",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsIP"
},
"show_as_button": {
"$ref": "#/components/schemas/ConnectionShowAsButton"
}
}
}
]
},
"UpdateConnectionRequestContentInstagram": {
"description": "Update a connection with strategy=instagram",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsInstagram"
}
}
}
]
},
"UpdateConnectionRequestContentLine": {
"description": "Update a connection with strategy=line",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsLine"
}
}
}
]
},
"UpdateConnectionRequestContentLinkedin": {
"description": "Update a connection with strategy=linkedin",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsLinkedin"
}
}
}
]
},
"UpdateConnectionRequestContentOAuth1": {
"description": "Update a connection with strategy=oauth1",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsOAuth1"
}
}
}
]
},
"UpdateConnectionRequestContentOAuth2": {
"description": "Update a connection with strategy=oauth2",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsOAuth2"
}
}
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
}
]
},
"UpdateConnectionRequestContentOIDC": {
"description": "Update a connection with strategy=oidc",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsOIDC"
},
"authentication": {
"$ref": "#/components/schemas/ConnectionAuthenticationPurpose"
},
"connected_accounts": {
"$ref": "#/components/schemas/ConnectionConnectedAccountsPurposeXAA"
},
"show_as_button": {
"$ref": "#/components/schemas/ConnectionShowAsButton"
}
}
}
]
},
"UpdateConnectionRequestContentOffice365": {
"description": "Update a connection with strategy=office365",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsOffice365"
},
"show_as_button": {
"$ref": "#/components/schemas/ConnectionShowAsButton"
}
}
}
]
},
"UpdateConnectionRequestContentOkta": {
"description": "Update a connection with strategy=okta",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsOkta"
},
"show_as_button": {
"$ref": "#/components/schemas/ConnectionShowAsButton"
}
}
}
]
},
"UpdateConnectionRequestContentPaypal": {
"description": "Update a connection with strategy=paypal",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsPaypal"
}
}
}
]
},
"UpdateConnectionRequestContentPaypalSandbox": {
"description": "Update a connection with strategy=paypal-sandbox",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsPaypal"
}
}
}
]
},
"UpdateConnectionRequestContentPingFederate": {
"description": "Update a connection with strategy=pingfederate",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsPingFederate"
},
"show_as_button": {
"$ref": "#/components/schemas/ConnectionShowAsButton"
}
}
}
]
},
"UpdateConnectionRequestContentPlanningCenter": {
"description": "Update a connection with strategy=planningcenter",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsPlanningCenter"
}
}
}
]
},
"UpdateConnectionRequestContentSAML": {
"description": "Update a connection with strategy=samlp",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsSAML"
},
"show_as_button": {
"$ref": "#/components/schemas/ConnectionShowAsButton"
}
}
}
]
},
"UpdateConnectionRequestContentSMS": {
"description": "Update a connection with strategy=sms",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsSMS"
}
}
}
]
},
"UpdateConnectionRequestContentSalesforce": {
"description": "Update a connection with strategy=salesforce",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsSalesforce"
}
}
}
]
},
"UpdateConnectionRequestContentSalesforceCommunity": {
"description": "Update a connection with strategy=salesforce-community",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsSalesforceCommunity"
}
}
}
]
},
"UpdateConnectionRequestContentSalesforceSandbox": {
"description": "Update a connection with strategy=salesforce-sandbox",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsSalesforce"
}
}
}
]
},
"UpdateConnectionRequestContentSharepoint": {
"description": "Update a connection with strategy=sharepoint",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsSharepoint"
},
"show_as_button": {
"$ref": "#/components/schemas/ConnectionShowAsButton"
}
}
}
]
},
"UpdateConnectionRequestContentShop": {
"description": "Update a connection with strategy=shop",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsShop"
}
}
}
]
},
"UpdateConnectionRequestContentShopify": {
"description": "Update a connection with strategy=shopify",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsShopify"
}
}
}
]
},
"UpdateConnectionRequestContentSoundcloud": {
"description": "Update a connection with strategy=soundcloud",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsSoundcloud"
}
}
}
]
},
"UpdateConnectionRequestContentThirtySevenSignals": {
"description": "Update a connection with strategy=thirtysevensignals",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsThirtySevenSignals"
}
}
}
]
},
"UpdateConnectionRequestContentTwitter": {
"description": "Update a connection with strategy=twitter",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsTwitter"
}
}
}
]
},
"UpdateConnectionRequestContentUntappd": {
"description": "Update a connection with strategy=untappd",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsUntappd"
}
}
}
]
},
"UpdateConnectionRequestContentVkontakte": {
"description": "Update a connection with strategy=vkontakte",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsVkontakte"
}
}
}
]
},
"UpdateConnectionRequestContentWeibo": {
"description": "Update a connection with strategy=weibo",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsWeibo"
}
}
}
]
},
"UpdateConnectionRequestContentWindowsLive": {
"description": "Update a connection with strategy=windowslive",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsWindowsLive"
}
}
},
{
"$ref": "#/components/schemas/ConnectionPurposes"
}
]
},
"UpdateConnectionRequestContentWordpress": {
"description": "Update a connection with strategy=wordpress",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsWordpress"
}
}
}
]
},
"UpdateConnectionRequestContentYahoo": {
"description": "Update a connection with strategy=yahoo",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsYahoo"
}
}
}
]
},
"UpdateConnectionRequestContentYandex": {
"description": "Update a connection with strategy=yandex",
"allOf": [
{
"$ref": "#/components/schemas/ConnectionCommon"
},
{
"type": "object",
"properties": {
"options": {
"$ref": "#/components/schemas/ConnectionOptionsYandex"
}
}
}
]
},
"UpdateConnectionResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"name": {
"type": "string",
"description": "The name of the connection",
"default": "My connection"
},
"display_name": {
"type": "string",
"description": "Connection name used in login screen"
},
"options": {
"$ref": "#/components/schemas/ConnectionOptions"
},
"id": {
"type": "string",
"description": "The connection's identifier",
"default": "con_0000000000000001"
},
"strategy": {
"type": "string",
"description": "The type of the connection, related to the identity provider",
"default": "auth0"
},
"realms": {
"type": "array",
"description": "Defines the realms for which the connection will be used (ie: email domains). If the array is empty or the property is not specified, the connection name will be added as realm.",
"items": {
"type": "string",
"description": "The realm where this connection belongs",
"format": "connection-realm"
}
},
"enabled_clients": {
"type": "array",
"description": "DEPRECATED property. Use the GET /connections/:id/clients endpoint to get the ids of the clients for which the connection is enabled",
"x-release-lifecycle": "deprecated",
"items": {
"type": "string",
"description": "The client id"
}
},
"is_domain_connection": {
"type": "boolean",
"description": "True if the connection is domain level"
},
"show_as_button": {
"type": "boolean",
"description": "Enables showing a button for the connection in the login page (new experience only). If false, it will be usable only by HRD."
},
"metadata": {
"$ref": "#/components/schemas/ConnectionsMetadata"
},
"authentication": {
"$ref": "#/components/schemas/ConnectionAuthenticationPurpose",
"x-release-lifecycle": "GA"
},
"connected_accounts": {
"$ref": "#/components/schemas/ConnectionConnectedAccountsPurpose",
"x-release-lifecycle": "GA"
}
}
},
"UpdateCustomDomainRequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"tls_policy": {
"$ref": "#/components/schemas/CustomDomainTlsPolicyEnum",
"description": "recommended includes TLS 1.2"
},
"custom_client_ip_header": {
"$ref": "#/components/schemas/CustomDomainCustomClientIpHeader"
},
"domain_metadata": {
"$ref": "#/components/schemas/DomainMetadata"
},
"relying_party_identifier": {
"type": [
"string",
"null"
],
"description": "Relying Party ID (rpId) to be used for Passkeys on this custom domain. Set to null to remove the rpId and fall back to using the full domain.",
"maxLength": 255,
"format": "hostname"
}
}
},
"UpdateCustomDomainResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"custom_domain_id",
"domain",
"primary",
"status",
"type",
"verification"
],
"properties": {
"custom_domain_id": {
"type": "string",
"description": "ID of the custom domain.",
"default": "cd_0000000000000001"
},
"domain": {
"type": "string",
"description": "Domain name.",
"default": "login.mycompany.com"
},
"primary": {
"type": "boolean",
"description": "Whether this is a primary domain (true) or not (false).",
"default": false
},
"is_default": {
"type": "boolean",
"description": "Whether this is the default custom domain (true) or not (false).",
"default": false
},
"status": {
"$ref": "#/components/schemas/CustomDomainStatusFilterEnum"
},
"type": {
"$ref": "#/components/schemas/CustomDomainTypeEnum"
},
"verification": {
"$ref": "#/components/schemas/DomainVerification"
},
"custom_client_ip_header": {
"type": [
"string",
"null"
],
"description": "The HTTP header to fetch the client's IP address"
},
"tls_policy": {
"type": "string",
"description": "The TLS version policy",
"default": "recommended"
},
"domain_metadata": {
"$ref": "#/components/schemas/DomainMetadata"
},
"certificate": {
"$ref": "#/components/schemas/DomainCertificate"
},
"relying_party_identifier": {
"type": "string",
"description": "Relying Party ID (rpId) to be used for Passkeys on this custom domain. If not present, the full domain will be used.",
"format": "hostname"
}
}
},
"UpdateDefaultCanonicalDomainResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"domain"
],
"properties": {
"domain": {
"type": "string",
"description": "Domain name.",
"default": "login.mycompany.com"
}
}
},
"UpdateDefaultCustomDomainResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"custom_domain_id",
"domain",
"primary",
"status",
"type"
],
"properties": {
"custom_domain_id": {
"type": "string",
"description": "ID of the custom domain.",
"default": "cd_0000000000000001"
},
"domain": {
"type": "string",
"description": "Domain name.",
"default": "login.mycompany.com"
},
"primary": {
"type": "boolean",
"description": "Whether this is a primary domain (true) or not (false).",
"default": false
},
"is_default": {
"type": "boolean",
"description": "Whether this is the default custom domain (true) or not (false).",
"default": false
},
"status": {
"$ref": "#/components/schemas/CustomDomainStatusFilterEnum"
},
"type": {
"$ref": "#/components/schemas/CustomDomainTypeEnum"
},
"origin_domain_name": {
"type": "string",
"description": "Intermediate address.",
"default": "mycompany_cd_0000000000000001.edge.tenants.auth0.com"
},
"verification": {
"$ref": "#/components/schemas/DomainVerification"
},
"custom_client_ip_header": {
"type": [
"string",
"null"
],
"description": "The HTTP header to fetch the client's IP address"
},
"tls_policy": {
"type": "string",
"description": "The TLS version policy",
"default": "recommended"
},
"domain_metadata": {
"$ref": "#/components/schemas/DomainMetadata"
},
"certificate": {
"$ref": "#/components/schemas/DomainCertificate"
},
"relying_party_identifier": {
"type": "string",
"description": "Relying Party ID (rpId) to be used for Passkeys on this custom domain. If not present, the full domain will be used.",
"format": "hostname"
}
}
},
"UpdateDefaultDomainResponseContent": {
"oneOf": [
{
"$ref": "#/components/schemas/UpdateDefaultCustomDomainResponseContent"
},
{
"$ref": "#/components/schemas/UpdateDefaultCanonicalDomainResponseContent"
}
]
},
"UpdateDirectoryProvisioningRequestContent": {
"type": [
"object",
"null"
],
"additionalProperties": false,
"properties": {
"mapping": {
"type": "array",
"description": "The mapping between Auth0 and IDP user attributes",
"minItems": 1,
"items": {
"$ref": "#/components/schemas/DirectoryProvisioningMappingItem"
}
},
"synchronize_automatically": {
"type": "boolean",
"description": "Whether periodic automatic synchronization is enabled"
},
"synchronize_groups": {
"$ref": "#/components/schemas/SynchronizeGroupsEnum",
"x-release-lifecycle": "EA"
}
}
},
"UpdateDirectoryProvisioningResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"connection_id",
"connection_name",
"strategy",
"mapping",
"synchronize_automatically",
"created_at",
"updated_at"
],
"properties": {
"connection_id": {
"type": "string",
"description": "The connection's identifier"
},
"connection_name": {
"type": "string",
"description": "The connection's name"
},
"strategy": {
"type": "string",
"description": "The connection's strategy"
},
"mapping": {
"type": "array",
"description": "The mapping between Auth0 and IDP user attributes",
"minItems": 1,
"items": {
"$ref": "#/components/schemas/DirectoryProvisioningMappingItem"
}
},
"synchronize_automatically": {
"type": "boolean",
"description": "Whether periodic automatic synchronization is enabled"
},
"synchronize_groups": {
"$ref": "#/components/schemas/SynchronizeGroupsEnum",
"x-release-lifecycle": "EA"
},
"created_at": {
"type": "string",
"description": "The timestamp at which the directory provisioning configuration was created",
"format": "date-time"
},
"updated_at": {
"type": "string",
"description": "The timestamp at which the directory provisioning configuration was last updated",
"format": "date-time"
},
"last_synchronization_at": {
"type": "string",
"description": "The timestamp at which the connection was last synchronized",
"format": "date-time"
},
"last_synchronization_status": {
"type": "string",
"description": "The status of the last synchronization"
},
"last_synchronization_error": {
"type": "string",
"description": "The error message of the last synchronization, if any"
}
}
},
"UpdateEmailProviderRequestContent": {
"type": "object",
"additionalProperties": false,
"minProperties": 1,
"properties": {
"name": {
"$ref": "#/components/schemas/EmailProviderNameEnum"
},
"enabled": {
"type": "boolean",
"description": "Whether the provider is enabled (true) or disabled (false)."
},
"default_from_address": {
"type": "string",
"description": "Email address to use as \"from\" when no other address specified."
},
"credentials": {
"$ref": "#/components/schemas/EmailProviderCredentialsSchema"
},
"settings": {
"$ref": "#/components/schemas/EmailSpecificProviderSettingsWithAdditionalProperties"
}
}
},
"UpdateEmailProviderResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"name": {
"type": "string",
"description": "Name of the email provider. Can be `mailgun`, `mandrill`, `sendgrid`, `resend`, `ses`, `sparkpost`, `smtp`, `azure_cs`, `ms365`, or `custom`.",
"default": "sendgrid"
},
"enabled": {
"type": "boolean",
"description": "Whether the provider is enabled (true) or disabled (false).",
"default": true
},
"default_from_address": {
"type": "string",
"description": "Email address to use as \"from\" when no other address specified."
},
"credentials": {
"$ref": "#/components/schemas/EmailProviderCredentials"
},
"settings": {
"$ref": "#/components/schemas/EmailProviderSettings"
}
}
},
"UpdateEmailTemplateRequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"template": {
"$ref": "#/components/schemas/EmailTemplateNameEnum"
},
"body": {
"type": [
"string",
"null"
],
"description": "Body of the email template."
},
"from": {
"type": [
"string",
"null"
],
"description": "Senders `from` email address.",
"default": "sender@auth0.com"
},
"resultUrl": {
"type": [
"string",
"null"
],
"description": "URL to redirect the user to after a successful action."
},
"subject": {
"type": [
"string",
"null"
],
"description": "Subject line of the email."
},
"syntax": {
"type": [
"string",
"null"
],
"description": "Syntax of the template body.",
"default": "liquid"
},
"urlLifetimeInSeconds": {
"type": [
"number",
"null"
],
"description": "Lifetime in seconds that the link within the email will be valid for.",
"minimum": 0
},
"includeEmailInRedirect": {
"type": "boolean",
"description": "Whether the `reset_email` and `verify_email` templates should include the user's email address as the `email` parameter in the returnUrl (true) or whether no email address should be included in the redirect (false). Defaults to true."
},
"enabled": {
"type": [
"boolean",
"null"
],
"description": "Whether the template is enabled (true) or disabled (false)."
}
}
},
"UpdateEmailTemplateResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"template": {
"$ref": "#/components/schemas/EmailTemplateNameEnum"
},
"body": {
"type": [
"string",
"null"
],
"description": "Body of the email template."
},
"from": {
"type": [
"string",
"null"
],
"description": "Senders `from` email address.",
"default": "sender@auth0.com"
},
"resultUrl": {
"type": [
"string",
"null"
],
"description": "URL to redirect the user to after a successful action."
},
"subject": {
"type": [
"string",
"null"
],
"description": "Subject line of the email."
},
"syntax": {
"type": [
"string",
"null"
],
"description": "Syntax of the template body.",
"default": "liquid"
},
"urlLifetimeInSeconds": {
"type": [
"number",
"null"
],
"description": "Lifetime in seconds that the link within the email will be valid for.",
"minimum": 0
},
"includeEmailInRedirect": {
"type": "boolean",
"description": "Whether the `reset_email` and `verify_email` templates should include the user's email address as the `email` parameter in the returnUrl (true) or whether no email address should be included in the redirect (false). Defaults to true."
},
"enabled": {
"type": [
"boolean",
"null"
],
"description": "Whether the template is enabled (true) or disabled (false)."
}
}
},
"UpdateEnabledClientConnectionsRequestContent": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"additionalProperties": false,
"required": [
"client_id",
"status"
],
"properties": {
"client_id": {
"type": "string",
"description": "The client_id of the client whose status will be changed. Note that the limit per PATCH request is 50 clients.",
"format": "client-id"
},
"status": {
"type": "boolean",
"description": "Whether the connection is enabled or not for this client_id"
}
}
}
},
"UpdateEventStreamRequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"name": {
"type": "string",
"description": "Name of the event stream.",
"minLength": 1,
"maxLength": 128
},
"subscriptions": {
"type": "array",
"description": "List of event types subscribed to in this stream.",
"items": {
"$ref": "#/components/schemas/EventStreamSubscription"
}
},
"destination": {
"$ref": "#/components/schemas/EventStreamDestinationPatch"
},
"status": {
"$ref": "#/components/schemas/EventStreamStatusEnum"
}
}
},
"UpdateEventStreamResponseContent": {
"oneOf": [
{
"$ref": "#/components/schemas/EventStreamWebhookResponseContent"
},
{
"$ref": "#/components/schemas/EventStreamEventBridgeResponseContent"
},
{
"$ref": "#/components/schemas/EventStreamActionResponseContent"
}
]
},
"UpdateFlowRequestContent": {
"type": "object",
"additionalProperties": false,
"x-release-lifecycle": "GA",
"properties": {
"name": {
"type": "string",
"minLength": 1,
"maxLength": 150
},
"actions": {
"type": [
"array",
"null"
],
"minItems": 0,
"items": {
"$ref": "#/components/schemas/FlowAction"
}
}
}
},
"UpdateFlowResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"id",
"name",
"created_at",
"updated_at"
],
"x-release-lifecycle": "GA",
"properties": {
"id": {
"type": "string",
"maxLength": 30,
"format": "flow-id"
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 150
},
"actions": {
"type": "array",
"minItems": 0,
"items": {
"$ref": "#/components/schemas/FlowAction"
}
},
"created_at": {
"type": "string",
"format": "date-time"
},
"updated_at": {
"type": "string",
"format": "date-time"
},
"executed_at": {
"type": "string",
"format": "date"
}
}
},
"UpdateFlowsVaultConnectionRequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"setup": {
"$ref": "#/components/schemas/UpdateFlowsVaultConnectionSetup"
}
}
},
"UpdateFlowsVaultConnectionResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"id",
"app_id",
"name",
"ready",
"created_at",
"updated_at",
"fingerprint"
],
"properties": {
"id": {
"type": "string",
"description": "Flows Vault Connection identifier.",
"maxLength": 30,
"format": "flows-vault-connections-id"
},
"app_id": {
"type": "string",
"description": "Flows Vault Connection app identifier.",
"minLength": 1,
"maxLength": 55
},
"environment": {
"type": "string",
"description": "Flows Vault Connection environment.",
"minLength": 1,
"maxLength": 55
},
"name": {
"type": "string",
"description": "Flows Vault Connection name.",
"minLength": 1,
"maxLength": 150
},
"account_name": {
"type": "string",
"description": "Flows Vault Connection custom account name.",
"minLength": 1,
"maxLength": 150
},
"ready": {
"type": "boolean",
"description": "Whether the Flows Vault Connection is configured."
},
"created_at": {
"type": "string",
"description": "The ISO 8601 formatted date when this Flows Vault Connection was created.",
"format": "date-time"
},
"updated_at": {
"type": "string",
"description": "The ISO 8601 formatted date when this Flows Vault Connection was updated.",
"format": "date-time"
},
"refreshed_at": {
"type": "string",
"description": "The ISO 8601 formatted date when this Flows Vault Connection was refreshed.",
"format": "date-time"
},
"fingerprint": {
"type": "string",
"minLength": 1
}
}
},
"UpdateFlowsVaultConnectionSetup": {
"type": "object",
"description": "Flows Vault Connection configuration.",
"oneOf": [
{
"$ref": "#/components/schemas/FlowsVaultConnectioSetupApiKeyWithBaseUrl"
},
{
"$ref": "#/components/schemas/FlowsVaultConnectioSetupApiKey"
},
{
"$ref": "#/components/schemas/FlowsVaultConnectioSetupOauthApp"
},
{
"$ref": "#/components/schemas/FlowsVaultConnectioSetupBigqueryOauthJwt"
},
{
"$ref": "#/components/schemas/FlowsVaultConnectioSetupSecretApiKey"
},
{
"$ref": "#/components/schemas/FlowsVaultConnectioSetupOauthCode"
},
{
"$ref": "#/components/schemas/FlowsVaultConnectioSetupHttpBearer"
},
{
"$ref": "#/components/schemas/FlowsVaultConnectionHttpBasicAuthSetup"
},
{
"$ref": "#/components/schemas/FlowsVaultConnectionHttpApiKeySetup"
},
{
"$ref": "#/components/schemas/FlowsVaultConnectionHttpOauthClientCredentialsSetup"
},
{
"$ref": "#/components/schemas/FlowsVaultConnectioSetupJwt"
},
{
"$ref": "#/components/schemas/FlowsVaultConnectioSetupMailjetApiKey"
},
{
"$ref": "#/components/schemas/FlowsVaultConnectioSetupToken"
},
{
"$ref": "#/components/schemas/FlowsVaultConnectioSetupWebhook"
},
{
"$ref": "#/components/schemas/FlowsVaultConnectioSetupStripeKeyPair"
},
{
"$ref": "#/components/schemas/FlowsVaultConnectioSetupOauthCode"
},
{
"$ref": "#/components/schemas/FlowsVaultConnectioSetupTwilioApiKey"
}
]
},
"UpdateFormRequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"name": {
"type": "string",
"minLength": 1,
"maxLength": 150
},
"messages": {
"$ref": "#/components/schemas/FormMessagesNullable"
},
"languages": {
"$ref": "#/components/schemas/FormLanguagesNullable"
},
"translations": {
"$ref": "#/components/schemas/FormTranslationsNullable"
},
"nodes": {
"$ref": "#/components/schemas/FormNodeListNullable"
},
"start": {
"$ref": "#/components/schemas/FormStartNodeNullable"
},
"ending": {
"$ref": "#/components/schemas/FormEndingNodeNullable"
},
"style": {
"$ref": "#/components/schemas/FormStyleNullable"
}
}
},
"UpdateFormResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"id",
"name",
"created_at",
"updated_at"
],
"properties": {
"id": {
"type": "string",
"maxLength": 30,
"format": "form-id"
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 150
},
"messages": {
"$ref": "#/components/schemas/FormMessages"
},
"languages": {
"$ref": "#/components/schemas/FormLanguages"
},
"translations": {
"$ref": "#/components/schemas/FormTranslations"
},
"nodes": {
"$ref": "#/components/schemas/FormNodeList"
},
"start": {
"$ref": "#/components/schemas/FormStartNode"
},
"ending": {
"$ref": "#/components/schemas/FormEndingNode"
},
"style": {
"$ref": "#/components/schemas/FormStyle"
},
"created_at": {
"type": "string",
"format": "date-time"
},
"updated_at": {
"type": "string",
"format": "date-time"
},
"embedded_at": {
"type": "string",
"format": "date"
},
"submitted_at": {
"type": "string",
"format": "date"
}
}
},
"UpdateGuardianFactorDuoSettingsRequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"ikey": {
"type": "string",
"maxLength": 10000
},
"skey": {
"type": "string",
"maxLength": 10000,
"format": "non-empty-string"
},
"host": {
"type": "string",
"maxLength": 10000
}
}
},
"UpdateGuardianFactorDuoSettingsResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"ikey": {
"type": "string",
"maxLength": 10000
},
"skey": {
"type": "string",
"maxLength": 10000,
"format": "non-empty-string"
},
"host": {
"type": "string",
"maxLength": 10000
}
}
},
"UpdateGuardianFactorsProviderPushNotificationApnsRequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"sandbox": {
"type": "boolean"
},
"bundle_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 1000
},
"p12": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 10000
}
}
},
"UpdateGuardianFactorsProviderPushNotificationApnsResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"sandbox": {
"type": "boolean"
},
"bundle_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 1000
}
}
},
"UpdateGuardianFactorsProviderPushNotificationFcmRequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"server_key": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 152
}
}
},
"UpdateGuardianFactorsProviderPushNotificationFcmResponseContent": {
"type": "object",
"additionalProperties": true,
"minProperties": 0,
"maxProperties": 0
},
"UpdateGuardianFactorsProviderPushNotificationFcmv1RequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"server_credentials": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 10000
}
}
},
"UpdateGuardianFactorsProviderPushNotificationFcmv1ResponseContent": {
"type": "object",
"additionalProperties": true,
"minProperties": 0,
"maxProperties": 0
},
"UpdateGuardianFactorsProviderPushNotificationSnsRequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"aws_access_key_id": {
"type": [
"string",
"null"
],
"default": "wywA2BH4VqTpfywiDuyDAYZL3xQjoO40",
"minLength": 1,
"maxLength": 1000
},
"aws_secret_access_key": {
"type": [
"string",
"null"
],
"default": "B1ER5JHDGJL3C4sVAKK7SBsq806R3IpL",
"minLength": 1,
"maxLength": 1000
},
"aws_region": {
"type": [
"string",
"null"
],
"default": "us-west-1",
"minLength": 1,
"maxLength": 1000,
"pattern": "^(?:us-east-[0-9]{1,2}|us-west-[0-9]{1,2}|ap-southeast-[0-9]{1,2}|ap-northeast-[0-9]{1,2}|ap-central-[0-9]{1,2}|eu-west-[0-9]{1,2}|eu-central-[0-9]{1,2})$"
},
"sns_apns_platform_application_arn": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 1000
},
"sns_gcm_platform_application_arn": {
"type": [
"string",
"null"
],
"default": "urn://yRMeBxgcCXh8MeTXPBAxhQnm6gP6f5nP",
"minLength": 1,
"maxLength": 1000
}
}
},
"UpdateGuardianFactorsProviderPushNotificationSnsResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"aws_access_key_id": {
"type": [
"string",
"null"
],
"default": "wywA2BH4VqTpfywiDuyDAYZL3xQjoO40",
"minLength": 1,
"maxLength": 1000
},
"aws_secret_access_key": {
"type": [
"string",
"null"
],
"default": "B1ER5JHDGJL3C4sVAKK7SBsq806R3IpL",
"minLength": 1,
"maxLength": 1000
},
"aws_region": {
"type": [
"string",
"null"
],
"default": "us-west-1",
"minLength": 1,
"maxLength": 1000,
"pattern": "^(?:us-east-[0-9]{1,2}|us-west-[0-9]{1,2}|ap-southeast-[0-9]{1,2}|ap-northeast-[0-9]{1,2}|ap-central-[0-9]{1,2}|eu-west-[0-9]{1,2}|eu-central-[0-9]{1,2})$"
},
"sns_apns_platform_application_arn": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 1000
},
"sns_gcm_platform_application_arn": {
"type": [
"string",
"null"
],
"default": "urn://yRMeBxgcCXh8MeTXPBAxhQnm6gP6f5nP",
"minLength": 1,
"maxLength": 1000
}
}
},
"UpdateHookRequestContent": {
"type": "object",
"additionalProperties": false,
"minProperties": 1,
"properties": {
"name": {
"type": "string",
"description": "Name of this hook.",
"default": "my-hook",
"pattern": "^[a-zA-Z0-9]([ \\-a-zA-Z0-9]*[a-zA-Z0-9])?$"
},
"script": {
"type": "string",
"description": "Code to be executed when this hook runs.",
"default": "module.exports = function(client, scope, audience, context, cb) cb(null, access_token); };",
"minLength": 1
},
"enabled": {
"type": "boolean",
"description": "Whether this hook will be executed (true) or ignored (false).",
"default": false
},
"dependencies": {
"$ref": "#/components/schemas/HookDependencies"
}
}
},
"UpdateHookResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"triggerId": {
"type": "string",
"description": "Trigger ID"
},
"id": {
"type": "string",
"description": "ID of this hook.",
"default": "00001"
},
"name": {
"type": "string",
"description": "Name of this hook.",
"default": "hook"
},
"enabled": {
"type": "boolean",
"description": "Whether this hook will be executed (true) or ignored (false).",
"default": true
},
"script": {
"type": "string",
"description": "Code to be executed when this hook runs.",
"default": "module.exports = function(client, scope, audience, context, cb) cb(null, access_token); };"
},
"dependencies": {
"$ref": "#/components/schemas/HookDependencies"
}
}
},
"UpdateHookSecretRequestContent": {
"type": "object",
"description": "Hashmap of key-value pairs where the value must be a string.",
"additionalProperties": {
"type": "string"
},
"minProperties": 1,
"maxProperties": 20
},
"UpdateLogStreamRequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"name": {
"type": "string",
"description": "log stream name"
},
"status": {
"$ref": "#/components/schemas/LogStreamStatusEnum"
},
"isPriority": {
"type": "boolean",
"description": "True for priority log streams, false for non-priority"
},
"filters": {
"type": "array",
"description": "Only logs events matching these filters will be delivered by the stream. If omitted or empty, all events will be delivered.",
"items": {
"$ref": "#/components/schemas/LogStreamFilter"
}
},
"pii_config": {
"$ref": "#/components/schemas/LogStreamPiiConfig"
},
"sink": {
"$ref": "#/components/schemas/LogStreamSinkPatch"
}
}
},
"UpdateLogStreamResponseContent": {
"oneOf": [
{
"$ref": "#/components/schemas/LogStreamHttpResponseSchema"
},
{
"$ref": "#/components/schemas/LogStreamEventBridgeResponseSchema"
},
{
"$ref": "#/components/schemas/LogStreamEventGridResponseSchema"
},
{
"$ref": "#/components/schemas/LogStreamDatadogResponseSchema"
},
{
"$ref": "#/components/schemas/LogStreamSplunkResponseSchema"
},
{
"$ref": "#/components/schemas/LogStreamSumoResponseSchema"
},
{
"$ref": "#/components/schemas/LogStreamSegmentResponseSchema"
},
{
"$ref": "#/components/schemas/LogStreamMixpanelResponseSchema"
}
]
},
"UpdateNetworkAclRequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"description": {
"type": "string",
"maxLength": 255
},
"active": {
"type": "boolean",
"description": "Indicates whether or not this access control list is actively being used"
},
"priority": {
"type": "number",
"description": "Indicates the order in which the ACL will be evaluated relative to other ACL rules.",
"minimum": 1,
"maximum": 100
},
"rule": {
"$ref": "#/components/schemas/NetworkAclRule"
}
}
},
"UpdateNetworkAclResponseContent": {
"type": "object",
"additionalProperties": true,
"properties": {
"id": {
"type": "string"
},
"description": {
"type": "string"
},
"active": {
"type": "boolean"
},
"priority": {
"type": "number",
"minimum": 1,
"maximum": 100
},
"rule": {
"$ref": "#/components/schemas/NetworkAclRule"
},
"created_at": {
"type": "string",
"description": "The timestamp when the Network ACL Configuration was created"
},
"updated_at": {
"type": "string",
"description": "The timestamp when the Network ACL Configuration was last updated"
}
}
},
"UpdateOrganizationAllConnectionRequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"organization_connection_name": {
"type": [
"string",
"null"
],
"description": "Name of the connection in the scope of this organization.",
"minLength": 1,
"maxLength": 50,
"pattern": "^[^\u0000]*$"
},
"assign_membership_on_login": {
"type": "boolean",
"description": "When true, all users that log in with this connection will be automatically granted membership in the organization. When false, users must be granted membership in the organization before logging in with this connection."
},
"show_as_button": {
"type": "boolean",
"description": "Determines whether a connection should be displayed on this organization’s login prompt. Only applicable for enterprise connections. Default: true."
},
"is_signup_enabled": {
"type": "boolean",
"description": "Determines whether organization signup should be enabled for this organization connection. Only applicable for database connections. Default: false."
},
"organization_access_level": {
"$ref": "#/components/schemas/OrganizationAccessLevelEnumWithNull"
},
"is_enabled": {
"type": [
"boolean",
"null"
],
"description": "Whether the connection is enabled for the organization."
}
}
},
"UpdateOrganizationAllConnectionResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"connection_id"
],
"properties": {
"organization_connection_name": {
"type": "string",
"description": "Name of the connection in the scope of this organization.",
"minLength": 1,
"maxLength": 50,
"pattern": "^[^\u0000]*$"
},
"assign_membership_on_login": {
"type": "boolean",
"description": "When true, all users that log in with this connection will be automatically granted membership in the organization. When false, users must be granted membership in the organization before logging in with this connection."
},
"show_as_button": {
"type": "boolean",
"description": "Determines whether a connection should be displayed on this organization’s login prompt. Only applicable for enterprise connections. Default: true."
},
"is_signup_enabled": {
"type": "boolean",
"description": "Determines whether organization signup should be enabled for this organization connection. Only applicable for database connections. Default: false."
},
"organization_access_level": {
"$ref": "#/components/schemas/OrganizationAccessLevelEnum"
},
"is_enabled": {
"type": "boolean",
"description": "Whether the connection is enabled for the organization."
},
"connection_id": {
"type": "string",
"description": "Connection identifier.",
"minLength": 1,
"maxLength": 50,
"format": "connection-id"
},
"connection": {
"$ref": "#/components/schemas/OrganizationConnectionInformation"
}
}
},
"UpdateOrganizationConnectionRequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"assign_membership_on_login": {
"type": "boolean",
"description": "When true, all users that log in with this connection will be automatically granted membership in the organization. When false, users must be granted membership in the organization before logging in with this connection."
},
"is_signup_enabled": {
"type": "boolean",
"description": "Determines whether organization signup should be enabled for this organization connection. Only applicable for database connections. Default: false."
},
"show_as_button": {
"type": "boolean",
"description": "Determines whether a connection should be displayed on this organization’s login prompt. Only applicable for enterprise connections. Default: true."
}
}
},
"UpdateOrganizationConnectionResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"connection_id": {
"type": "string",
"description": "ID of the connection."
},
"assign_membership_on_login": {
"type": "boolean",
"description": "When true, all users that log in with this connection will be automatically granted membership in the organization. When false, users must be granted membership in the organization before logging in with this connection."
},
"show_as_button": {
"type": "boolean",
"description": "Determines whether a connection should be displayed on this organization’s login prompt. Only applicable for enterprise connections. Default: true."
},
"is_signup_enabled": {
"type": "boolean",
"description": "Determines whether organization signup should be enabled for this organization connection. Only applicable for database connections. Default: false."
},
"connection": {
"$ref": "#/components/schemas/OrganizationConnectionInformation"
}
}
},
"UpdateOrganizationDiscoveryDomainRequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"status": {
"$ref": "#/components/schemas/OrganizationDiscoveryDomainStatus"
},
"use_for_organization_discovery": {
"type": "boolean",
"description": "Indicates whether this domain should be used for organization discovery."
}
}
},
"UpdateOrganizationDiscoveryDomainResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"id",
"domain",
"status",
"verification_host",
"verification_txt"
],
"properties": {
"id": {
"type": "string",
"description": "Organization discovery domain identifier.",
"format": "organization-discovery-domain-id"
},
"domain": {
"type": "string",
"description": "The domain name to associate with the organization e.g. acme.com.",
"minLength": 3,
"maxLength": 255,
"pattern": "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9-]*[A-Za-z0-9])$"
},
"status": {
"$ref": "#/components/schemas/OrganizationDiscoveryDomainStatus"
},
"use_for_organization_discovery": {
"type": "boolean",
"description": "Indicates whether this domain should be used for organization discovery."
},
"verification_txt": {
"type": "string",
"description": "A unique token generated for the discovery domain. This must be placed in a DNS TXT record at the location specified by the verification_host field to prove domain ownership."
},
"verification_host": {
"type": "string",
"description": "The full domain where the TXT record should be added."
}
}
},
"UpdateOrganizationRequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"display_name": {
"type": "string",
"description": "Friendly name of this organization.",
"default": "Acme Users",
"minLength": 1,
"maxLength": 255
},
"name": {
"type": "string",
"description": "The name of this organization.",
"default": "organization-1",
"minLength": 1,
"maxLength": 50,
"format": "organization-name"
},
"branding": {
"$ref": "#/components/schemas/OrganizationBranding"
},
"metadata": {
"$ref": "#/components/schemas/OrganizationMetadata"
},
"token_quota": {
"$ref": "#/components/schemas/UpdateTokenQuota",
"x-release-lifecycle": "EA"
}
}
},
"UpdateOrganizationResponseContent": {
"type": "object",
"additionalProperties": true,
"properties": {
"id": {
"type": "string",
"description": "Organization identifier.",
"maxLength": 50,
"format": "organization-id"
},
"name": {
"type": "string",
"description": "The name of this organization.",
"default": "organization-1",
"minLength": 1,
"maxLength": 50,
"format": "organization-name"
},
"display_name": {
"type": "string",
"description": "Friendly name of this organization.",
"default": "Acme Users",
"minLength": 1,
"maxLength": 255
},
"branding": {
"$ref": "#/components/schemas/OrganizationBranding"
},
"metadata": {
"$ref": "#/components/schemas/OrganizationMetadata"
},
"token_quota": {
"$ref": "#/components/schemas/TokenQuota",
"x-release-lifecycle": "EA"
}
}
},
"UpdatePhoneTemplateRequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"content": {
"$ref": "#/components/schemas/PartialPhoneTemplateContent"
},
"disabled": {
"type": "boolean",
"description": "Whether the template is enabled (false) or disabled (true).",
"default": false
}
}
},
"UpdatePhoneTemplateResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"content",
"disabled",
"id",
"type"
],
"properties": {
"id": {
"type": "string",
"minLength": 1,
"maxLength": 255
},
"channel": {
"type": "string"
},
"customizable": {
"type": "boolean"
},
"tenant": {
"type": "string",
"minLength": 1,
"maxLength": 255
},
"content": {
"$ref": "#/components/schemas/PhoneTemplateContent"
},
"type": {
"$ref": "#/components/schemas/PhoneTemplateNotificationTypeEnum"
},
"disabled": {
"type": "boolean",
"description": "Whether the template is enabled (false) or disabled (true).",
"default": false
}
}
},
"UpdateRefreshTokenRequestContent": {
"type": "object",
"additionalProperties": false,
"minProperties": 1,
"properties": {
"refresh_token_metadata": {
"$ref": "#/components/schemas/RefreshTokenMetadata",
"description": "Metadata associated with the refresh token. Pass null or {} to remove all metadata."
}
}
},
"UpdateRefreshTokenResponseContent": {
"type": "object",
"additionalProperties": true,
"properties": {
"id": {
"type": "string",
"description": "The ID of the refresh token"
},
"user_id": {
"type": "string",
"description": "ID of the user which can be used when interacting with other APIs.",
"default": "auth0|507f1f77bcf86cd799439020"
},
"created_at": {
"$ref": "#/components/schemas/RefreshTokenDate"
},
"idle_expires_at": {
"$ref": "#/components/schemas/RefreshTokenDate"
},
"expires_at": {
"$ref": "#/components/schemas/RefreshTokenDate"
},
"device": {
"$ref": "#/components/schemas/RefreshTokenDevice"
},
"client_id": {
"type": "string",
"description": "ID of the client application granted with this refresh token"
},
"session_id": {
"$ref": "#/components/schemas/RefreshTokenSessionId"
},
"rotating": {
"type": "boolean",
"description": "True if the token is a rotating refresh token"
},
"resource_servers": {
"type": "array",
"description": "A list of the resource server IDs associated to this refresh-token and their granted scopes",
"items": {
"$ref": "#/components/schemas/RefreshTokenResourceServer"
}
},
"refresh_token_metadata": {
"$ref": "#/components/schemas/RefreshTokenMetadata"
},
"last_exchanged_at": {
"$ref": "#/components/schemas/RefreshTokenDate"
}
}
},
"UpdateResourceServerRequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"name": {
"type": "string",
"description": "Friendly name for this resource server. Can not contain `<` or `>` characters.",
"maxLength": 200,
"pattern": "^[^<>]+$"
},
"scopes": {
"type": "array",
"description": "List of permissions (scopes) that this API uses.",
"items": {
"$ref": "#/components/schemas/ResourceServerScope"
}
},
"signing_alg": {
"$ref": "#/components/schemas/SigningAlgorithmEnum"
},
"signing_secret": {
"type": "string",
"description": "Secret used to sign tokens when using symmetric algorithms (HS256).",
"minLength": 16
},
"skip_consent_for_verifiable_first_party_clients": {
"type": "boolean",
"description": "Whether to skip user consent for applications flagged as first party (true) or not (false)."
},
"allow_offline_access": {
"type": "boolean",
"description": "Whether refresh tokens can be issued for this API (true) or not (false)."
},
"allow_online_access": {
"type": "boolean",
"description": "Whether Online Refresh Tokens can be issued for this API (true) or not (false)."
},
"token_lifetime": {
"type": "integer",
"description": "Expiration value (in seconds) for access tokens issued for this API from the token endpoint.",
"minimum": 0,
"maximum": 2592000
},
"token_dialect": {
"$ref": "#/components/schemas/ResourceServerTokenDialectSchemaEnum"
},
"enforce_policies": {
"type": "boolean",
"description": "Whether authorization policies are enforced (true) or not enforced (false)."
},
"token_encryption": {
"$ref": "#/components/schemas/ResourceServerTokenEncryption"
},
"consent_policy": {
"$ref": "#/components/schemas/ResourceServerConsentPolicyEnum"
},
"authorization_details": {
"type": [
"array",
"null"
],
"items": {}
},
"proof_of_possession": {
"$ref": "#/components/schemas/ResourceServerProofOfPossession"
},
"subject_type_authorization": {
"$ref": "#/components/schemas/ResourceServerSubjectTypeAuthorization"
},
"authorization_policy": {
"$ref": "#/components/schemas/ResourceServerAuthorizationPolicy",
"x-release-lifecycle": "EA"
}
}
},
"UpdateResourceServerResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"type": "string",
"description": "ID of the API (resource server)."
},
"name": {
"type": "string",
"description": "Friendly name for this resource server. Can not contain `<` or `>` characters."
},
"is_system": {
"type": "boolean",
"description": "Whether this is an Auth0 system API (true) or a custom API (false)."
},
"identifier": {
"type": "string",
"description": "Unique identifier for the API used as the audience parameter on authorization calls. Can not be changed once set."
},
"scopes": {
"type": "array",
"description": "List of permissions (scopes) that this API uses.",
"items": {
"$ref": "#/components/schemas/ResourceServerScope"
}
},
"signing_alg": {
"$ref": "#/components/schemas/SigningAlgorithmEnum"
},
"signing_secret": {
"type": "string",
"description": "Secret used to sign tokens when using symmetric algorithms (HS256).",
"minLength": 16
},
"allow_offline_access": {
"type": "boolean",
"description": "Whether refresh tokens can be issued for this API (true) or not (false)."
},
"allow_online_access": {
"type": "boolean",
"description": "Whether Online Refresh Tokens can be issued for this API (true) or not (false)."
},
"skip_consent_for_verifiable_first_party_clients": {
"type": "boolean",
"description": "Whether to skip user consent for applications flagged as first party (true) or not (false)."
},
"token_lifetime": {
"type": "integer",
"description": "Expiration value (in seconds) for access tokens issued for this API from the token endpoint."
},
"token_lifetime_for_web": {
"type": "integer",
"description": "Expiration value (in seconds) for access tokens issued for this API via Implicit or Hybrid Flows. Cannot be greater than the `token_lifetime` value."
},
"enforce_policies": {
"type": "boolean",
"description": "Whether authorization polices are enforced (true) or unenforced (false)."
},
"token_dialect": {
"$ref": "#/components/schemas/ResourceServerTokenDialectResponseEnum"
},
"token_encryption": {
"$ref": "#/components/schemas/ResourceServerTokenEncryption"
},
"consent_policy": {
"$ref": "#/components/schemas/ResourceServerConsentPolicyEnum"
},
"authorization_details": {
"type": [
"array",
"null"
],
"items": {}
},
"proof_of_possession": {
"$ref": "#/components/schemas/ResourceServerProofOfPossession"
},
"subject_type_authorization": {
"$ref": "#/components/schemas/ResourceServerSubjectTypeAuthorization"
},
"authorization_policy": {
"$ref": "#/components/schemas/ResourceServerAuthorizationPolicy",
"x-release-lifecycle": "EA"
},
"client_id": {
"type": "string",
"description": "The client ID of the client that this resource server is linked to",
"format": "client-id"
}
}
},
"UpdateRiskAssessmentsSettingsNewDeviceRequestContent": {
"type": "object",
"additionalProperties": false,
"required": [
"remember_for"
],
"properties": {
"remember_for": {
"type": "integer",
"description": "Length of time to remember devices for, in days.",
"minimum": 1,
"maximum": 365
}
}
},
"UpdateRiskAssessmentsSettingsNewDeviceResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"remember_for"
],
"properties": {
"remember_for": {
"type": "integer",
"description": "Length of time to remember devices for, in days.",
"minimum": 1,
"maximum": 365
}
}
},
"UpdateRiskAssessmentsSettingsRequestContent": {
"type": "object",
"additionalProperties": false,
"required": [
"enabled"
],
"properties": {
"enabled": {
"type": "boolean",
"description": "Whether or not risk assessment is enabled."
}
}
},
"UpdateRiskAssessmentsSettingsResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"enabled"
],
"properties": {
"enabled": {
"type": "boolean",
"description": "Whether or not risk assessment is enabled."
}
}
},
"UpdateRoleRequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"name": {
"type": "string",
"description": "Name of this role."
},
"description": {
"type": "string",
"description": "Description of this role."
}
}
},
"UpdateRoleResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"type": "string",
"description": "ID for this role."
},
"name": {
"type": "string",
"description": "Name of this role."
},
"description": {
"type": "string",
"description": "Description of this role."
}
}
},
"UpdateRuleRequestContent": {
"type": "object",
"additionalProperties": false,
"minProperties": 1,
"properties": {
"script": {
"type": "string",
"description": "Code to be executed when this rule runs.",
"default": "function (user, context, callback) {\n callback(null, user, context);\n}",
"minLength": 1
},
"name": {
"type": "string",
"description": "Name of this rule.",
"default": "my-rule",
"pattern": "^[a-zA-Z0-9]([ \\-a-zA-Z0-9]*[a-zA-Z0-9])?$"
},
"order": {
"type": "number",
"description": "Order that this rule should execute in relative to other rules. Lower-valued rules execute first.",
"default": 2,
"minimum": 0
},
"enabled": {
"type": "boolean",
"description": "Whether the rule is enabled (true), or disabled (false).",
"default": true
}
}
},
"UpdateRuleResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"name": {
"type": "string",
"description": "Name of this rule.",
"default": "rule_1"
},
"id": {
"type": "string",
"description": "ID of this rule.",
"default": "con_0000000000000001"
},
"enabled": {
"type": "boolean",
"description": "Whether the rule is enabled (true), or disabled (false).",
"default": true
},
"script": {
"type": "string",
"description": "Code to be executed when this rule runs.",
"default": "function (user, context, callback) {\n callback(null, user, context);\n}"
},
"order": {
"type": "number",
"description": "Order that this rule should execute in relative to other rules. Lower-valued rules execute first.",
"default": 1
},
"stage": {
"type": "string",
"description": "Execution stage of this rule. Can be `login_success`, `login_failure`, or `pre_authorize`.",
"default": "login_success"
}
}
},
"UpdateScimConfigurationRequestContent": {
"type": "object",
"additionalProperties": false,
"required": [
"user_id_attribute",
"mapping"
],
"properties": {
"user_id_attribute": {
"type": "string",
"description": "User ID attribute for generating unique user ids"
},
"mapping": {
"type": "array",
"description": "The mapping between auth0 and SCIM",
"items": {
"$ref": "#/components/schemas/ScimMappingItem"
}
}
}
},
"UpdateScimConfigurationResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"tenant_name",
"connection_id",
"connection_name",
"strategy",
"created_at",
"updated_on",
"mapping",
"user_id_attribute"
],
"properties": {
"connection_id": {
"type": "string",
"description": "The connection's identifier"
},
"connection_name": {
"type": "string",
"description": "The connection's name"
},
"strategy": {
"type": "string",
"description": "The connection's strategy"
},
"tenant_name": {
"type": "string",
"description": "The tenant's name"
},
"user_id_attribute": {
"type": "string",
"description": "User ID attribute for generating unique user ids"
},
"mapping": {
"type": "array",
"description": "The mapping between auth0 and SCIM",
"items": {
"$ref": "#/components/schemas/ScimMappingItem"
}
},
"created_at": {
"type": "string",
"description": "The ISO 8601 date and time the SCIM configuration was created at",
"format": "date-time"
},
"updated_on": {
"type": "string",
"description": "The ISO 8601 date and time the SCIM configuration was last updated on",
"format": "date-time"
}
}
},
"UpdateSelfServiceProfileRequestContent": {
"type": "object",
"additionalProperties": false,
"minProperties": 0,
"properties": {
"name": {
"type": "string",
"description": "The name of the self-service Profile.",
"minLength": 1,
"maxLength": 100
},
"description": {
"$ref": "#/components/schemas/SelfServiceProfileDescription"
},
"branding": {
"$ref": "#/components/schemas/SelfServiceProfileBranding"
},
"allowed_strategies": {
"type": "array",
"description": "List of IdP strategies that will be shown to users during the Self-Service Enterprise Configuration flow. Possible values: [`oidc`, `samlp`, `waad`, `google-apps`, `adfs`, `okta`, `auth0-samlp`, `okta-samlp`, `keycloak-samlp`, `pingfederate`]",
"minItems": 1,
"items": {
"$ref": "#/components/schemas/SelfServiceProfileAllowedStrategyEnum"
}
},
"user_attributes": {
"$ref": "#/components/schemas/SelfServiceProfileUserAttributes"
},
"user_attribute_profile_id": {
"type": [
"string",
"null"
],
"description": "ID of the user-attribute-profile to associate with this self-service profile.",
"format": "user-attribute-profile-id",
"x-release-lifecycle": "EA"
}
}
},
"UpdateSelfServiceProfileResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"type": "string",
"description": "The unique ID of the self-service Profile.",
"default": "ssp_n7SNCL8seoyV1TuSTCnAeo"
},
"name": {
"type": "string",
"description": "The name of the self-service Profile."
},
"description": {
"type": "string",
"description": "The description of the self-service Profile."
},
"user_attributes": {
"type": "array",
"description": "List of attributes to be mapped that will be shown to the user during the Self-Service Enterprise Configuration flow.",
"items": {
"$ref": "#/components/schemas/SelfServiceProfileUserAttribute"
}
},
"created_at": {
"type": "string",
"description": "The time when this self-service Profile was created.",
"default": "2021-01-01T00:00:00.000Z",
"format": "date-time"
},
"updated_at": {
"type": "string",
"description": "The time when this self-service Profile was updated.",
"default": "2021-01-01T00:00:00.000Z",
"format": "date-time"
},
"branding": {
"$ref": "#/components/schemas/SelfServiceProfileBrandingProperties"
},
"allowed_strategies": {
"type": "array",
"description": "List of IdP strategies that will be shown to users during the Self-Service Enterprise Configuration flow. Possible values: [`oidc`, `samlp`, `waad`, `google-apps`, `adfs`, `okta`, `auth0-samlp`, `okta-samlp`, `keycloak-samlp`, `pingfederate`]",
"minItems": 1,
"items": {
"$ref": "#/components/schemas/SelfServiceProfileAllowedStrategyEnum"
}
},
"user_attribute_profile_id": {
"type": "string",
"description": "ID of the user-attribute-profile to associate with this self-service profile.",
"format": "user-attribute-profile-id",
"x-release-lifecycle": "EA"
}
}
},
"UpdateSessionRequestContent": {
"type": "object",
"additionalProperties": false,
"minProperties": 1,
"properties": {
"session_metadata": {
"$ref": "#/components/schemas/SessionMetadata",
"description": "Metadata associated with the session. Pass null or {} to remove all session_metadata."
}
}
},
"UpdateSessionResponseContent": {
"type": "object",
"additionalProperties": true,
"properties": {
"id": {
"type": "string",
"description": "The ID of the session"
},
"user_id": {
"type": "string",
"description": "ID of the user which can be used when interacting with other APIs."
},
"created_at": {
"$ref": "#/components/schemas/SessionDate"
},
"updated_at": {
"$ref": "#/components/schemas/SessionDate"
},
"authenticated_at": {
"$ref": "#/components/schemas/SessionDate"
},
"idle_expires_at": {
"$ref": "#/components/schemas/SessionDate"
},
"expires_at": {
"$ref": "#/components/schemas/SessionDate"
},
"last_interacted_at": {
"$ref": "#/components/schemas/SessionDate"
},
"device": {
"$ref": "#/components/schemas/SessionDeviceMetadata"
},
"clients": {
"type": "array",
"description": "List of client details for the session",
"items": {
"$ref": "#/components/schemas/SessionClientMetadata"
}
},
"authentication": {
"$ref": "#/components/schemas/SessionAuthenticationSignals"
},
"cookie": {
"$ref": "#/components/schemas/SessionCookieMetadata"
},
"session_metadata": {
"$ref": "#/components/schemas/SessionMetadata"
}
}
},
"UpdateSettingsRequestContent": {
"type": "object",
"description": "Prompts settings",
"additionalProperties": false,
"minProperties": 1,
"properties": {
"universal_login_experience": {
"$ref": "#/components/schemas/UniversalLoginExperienceEnum"
},
"identifier_first": {
"type": [
"boolean",
"null"
],
"description": "Whether identifier first is enabled or not"
},
"webauthn_platform_first_factor": {
"type": [
"boolean",
"null"
],
"description": "Use WebAuthn with Device Biometrics as the first authentication factor"
}
}
},
"UpdateSettingsResponseContent": {
"type": "object",
"additionalProperties": true,
"properties": {
"universal_login_experience": {
"$ref": "#/components/schemas/UniversalLoginExperienceEnum"
},
"identifier_first": {
"type": "boolean",
"description": "Whether identifier first is enabled or not"
},
"webauthn_platform_first_factor": {
"type": "boolean",
"description": "Use WebAuthn with Device Biometrics as the first authentication factor"
}
}
},
"UpdateSupplementalSignalsRequestContent": {
"type": "object",
"additionalProperties": false,
"required": [
"akamai_enabled"
],
"properties": {
"akamai_enabled": {
"type": "boolean",
"description": "Indicates if incoming Akamai Headers should be processed"
}
}
},
"UpdateSuspiciousIPThrottlingSettingsRequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"enabled": {
"type": "boolean",
"description": "Whether or not suspicious IP throttling attack protections are active."
},
"shields": {
"type": "array",
"description": "Action to take when a suspicious IP throttling threshold is violated.\n Possible values: block, admin_notification.",
"items": {
"$ref": "#/components/schemas/SuspiciousIPThrottlingShieldsEnum"
}
},
"allowlist": {
"$ref": "#/components/schemas/SuspiciousIPThrottlingAllowlist"
},
"stage": {
"$ref": "#/components/schemas/SuspiciousIPThrottlingStage"
}
}
},
"UpdateSuspiciousIPThrottlingSettingsResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"enabled": {
"type": "boolean",
"description": "Whether or not suspicious IP throttling attack protections are active."
},
"shields": {
"type": "array",
"description": "Action to take when a suspicious IP throttling threshold is violated.\n Possible values: block, admin_notification.",
"items": {
"$ref": "#/components/schemas/SuspiciousIPThrottlingShieldsEnum"
}
},
"allowlist": {
"$ref": "#/components/schemas/SuspiciousIPThrottlingAllowlist"
},
"stage": {
"$ref": "#/components/schemas/SuspiciousIPThrottlingStage"
}
}
},
"UpdateTenantSettingsRequestContent": {
"type": "object",
"additionalProperties": false,
"minProperties": 1,
"properties": {
"change_password": {
"$ref": "#/components/schemas/TenantSettingsPasswordPage"
},
"device_flow": {
"$ref": "#/components/schemas/TenantSettingsDeviceFlow",
"description": "Device Flow configuration."
},
"guardian_mfa_page": {
"$ref": "#/components/schemas/TenantSettingsGuardianPage"
},
"default_audience": {
"type": "string",
"description": "Default audience for API Authorization.",
"default": ""
},
"default_directory": {
"type": "string",
"description": "Name of connection used for password grants at the `/token` endpoint. The following connection types are supported: LDAP, AD, Database Connections, Passwordless, Windows Azure Active Directory, ADFS.",
"default": ""
},
"error_page": {
"$ref": "#/components/schemas/TenantSettingsErrorPage"
},
"default_token_quota": {
"$ref": "#/components/schemas/DefaultTokenQuota",
"x-release-lifecycle": "EA"
},
"flags": {
"$ref": "#/components/schemas/TenantSettingsFlags"
},
"friendly_name": {
"type": "string",
"description": "Friendly name for this tenant.",
"default": "My Company"
},
"picture_url": {
"type": "string",
"description": "URL of logo to be shown for this tenant (recommended size: 150x150)",
"default": "https://mycompany.org/logo.png",
"format": "absolute-uri-or-empty"
},
"support_email": {
"type": "string",
"description": "End-user support email.",
"default": "support@mycompany.org",
"format": "email-or-empty"
},
"support_url": {
"type": "string",
"description": "End-user support url.",
"default": "https://mycompany.org/support",
"format": "absolute-uri-or-empty"
},
"allowed_logout_urls": {
"type": "array",
"description": "URLs that are valid to redirect to after logout from Auth0.",
"items": {
"type": "string",
"format": "url-with-placeholders"
}
},
"session_lifetime": {
"type": "integer",
"description": "Number of hours a session will stay valid.",
"default": 168,
"minimum": 1
},
"idle_session_lifetime": {
"type": "integer",
"description": "Number of hours for which a session can be inactive before the user must log in again.",
"default": 72,
"minimum": 1
},
"ephemeral_session_lifetime": {
"type": "integer",
"description": "Number of hours an ephemeral (non-persistent) session will stay valid.",
"default": 72,
"minimum": 1
},
"idle_ephemeral_session_lifetime": {
"type": "integer",
"description": "Number of hours for which an ephemeral (non-persistent) session can be inactive before the user must log in again.",
"default": 24,
"minimum": 1
},
"sandbox_version": {
"type": "string",
"description": "Selected sandbox version for the extensibility environment",
"default": "22",
"maxLength": 8
},
"legacy_sandbox_version": {
"type": "string",
"description": "Selected legacy sandbox version for the extensibility environment",
"maxLength": 8
},
"default_redirection_uri": {
"type": "string",
"description": "The default absolute redirection uri, must be https",
"format": "absolute-https-uri-or-empty"
},
"enabled_locales": {
"type": "array",
"description": "Supported locales for the user interface",
"minItems": 1,
"items": {
"$ref": "#/components/schemas/TenantSettingsSupportedLocalesEnum"
}
},
"session_cookie": {
"$ref": "#/components/schemas/SessionCookieSchema"
},
"sessions": {
"$ref": "#/components/schemas/TenantSettingsSessions"
},
"oidc_logout": {
"$ref": "#/components/schemas/TenantOIDCLogoutSettings"
},
"customize_mfa_in_postlogin_action": {
"type": [
"boolean",
"null"
],
"description": "Whether to enable flexible factors for MFA in the PostLogin action",
"default": false
},
"allow_organization_name_in_authentication_api": {
"type": [
"boolean",
"null"
],
"description": "Whether to accept an organization name instead of an ID on auth endpoints",
"default": false
},
"acr_values_supported": {
"type": [
"array",
"null"
],
"description": "Supported ACR values",
"minItems": 0,
"items": {
"type": "string",
"format": "acr"
}
},
"mtls": {
"$ref": "#/components/schemas/TenantSettingsMTLS"
},
"pushed_authorization_requests_supported": {
"type": [
"boolean",
"null"
],
"description": "Enables the use of Pushed Authorization Requests",
"default": false
},
"authorization_response_iss_parameter_supported": {
"type": [
"boolean",
"null"
],
"description": "Supports iss parameter in authorization responses",
"default": false
},
"skip_non_verifiable_callback_uri_confirmation_prompt": {
"type": [
"boolean",
"null"
],
"description": "Controls whether a confirmation prompt is shown during login flows when the redirect URI uses non-verifiable callback URIs (for example, a custom URI schema such as `myapp://`, or `localhost`).\nIf set to true, a confirmation prompt will not be shown. We recommend that this is set to false for improved protection from malicious apps.\nSee https://auth0.com/docs/secure/security-guidance/measures-against-app-impersonation for more information."
},
"resource_parameter_profile": {
"$ref": "#/components/schemas/TenantSettingsResourceParameterProfile",
"x-release-lifecycle": "GA"
},
"client_id_metadata_document_supported": {
"type": "boolean",
"description": "Whether the authorization server supports retrieving client metadata from a client_id URL.",
"default": false,
"x-release-lifecycle": "EA"
},
"enable_ai_guide": {
"type": "boolean",
"description": "Whether Auth0 Guide (AI-powered assistance) is enabled for this tenant."
},
"phone_consolidated_experience": {
"type": "boolean",
"description": "Whether Phone Consolidated Experience is enabled for this tenant."
},
"dynamic_client_registration_security_mode": {
"$ref": "#/components/schemas/TenantSettingsDynamicClientRegistrationSecurityMode",
"x-release-lifecycle": "GA"
}
}
},
"UpdateTenantSettingsResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"change_password": {
"$ref": "#/components/schemas/TenantSettingsPasswordPage"
},
"guardian_mfa_page": {
"$ref": "#/components/schemas/TenantSettingsGuardianPage"
},
"default_audience": {
"type": "string",
"description": "Default audience for API authorization.",
"default": ""
},
"default_directory": {
"type": "string",
"description": "Name of connection used for password grants at the `/token`endpoint. The following connection types are supported: LDAP, AD, Database Connections, Passwordless, Windows Azure Active Directory, ADFS.",
"default": ""
},
"error_page": {
"$ref": "#/components/schemas/TenantSettingsErrorPage"
},
"device_flow": {
"$ref": "#/components/schemas/TenantSettingsDeviceFlow"
},
"default_token_quota": {
"$ref": "#/components/schemas/DefaultTokenQuota",
"x-release-lifecycle": "EA"
},
"flags": {
"$ref": "#/components/schemas/TenantSettingsFlags"
},
"friendly_name": {
"type": "string",
"description": "Friendly name for this tenant.",
"default": "My Company"
},
"picture_url": {
"type": "string",
"description": "URL of logo to be shown for this tenant (recommended size: 150x150)",
"default": "https://mycompany.org/logo.png",
"format": "absolute-uri-or-empty"
},
"support_email": {
"type": "string",
"description": "End-user support email address.",
"default": "support@mycompany.org",
"format": "email-or-empty"
},
"support_url": {
"type": "string",
"description": "End-user support URL.",
"default": "https://mycompany.org/support",
"format": "absolute-uri-or-empty"
},
"allowed_logout_urls": {
"type": "array",
"description": "URLs that are valid to redirect to after logout from Auth0.",
"items": {
"type": "string",
"format": "url"
}
},
"session_lifetime": {
"type": "number",
"description": "Number of hours a session will stay valid.",
"default": 168
},
"idle_session_lifetime": {
"type": "number",
"description": "Number of hours for which a session can be inactive before the user must log in again.",
"default": 72
},
"ephemeral_session_lifetime": {
"type": "number",
"description": "Number of hours an ephemeral (non-persistent) session will stay valid.",
"default": 72,
"minimum": 1
},
"idle_ephemeral_session_lifetime": {
"type": "number",
"description": "Number of hours for which an ephemeral (non-persistent) session can be inactive before the user must log in again.",
"default": 24,
"minimum": 1
},
"sandbox_version": {
"type": "string",
"description": "Selected sandbox version for the extensibility environment.",
"default": "22"
},
"legacy_sandbox_version": {
"type": "string",
"description": "Selected sandbox version for rules and hooks extensibility.",
"default": ""
},
"sandbox_versions_available": {
"type": "array",
"description": "Available sandbox versions for the extensibility environment.",
"items": {
"type": "string"
}
},
"default_redirection_uri": {
"type": "string",
"description": "The default absolute redirection uri, must be https"
},
"enabled_locales": {
"type": "array",
"description": "Supported locales for the user interface.",
"items": {
"$ref": "#/components/schemas/SupportedLocales"
}
},
"session_cookie": {
"$ref": "#/components/schemas/SessionCookieSchema"
},
"sessions": {
"$ref": "#/components/schemas/TenantSettingsSessions"
},
"oidc_logout": {
"$ref": "#/components/schemas/TenantOIDCLogoutSettings"
},
"allow_organization_name_in_authentication_api": {
"type": "boolean",
"description": "Whether to accept an organization name instead of an ID on auth endpoints",
"default": false
},
"customize_mfa_in_postlogin_action": {
"type": "boolean",
"description": "Whether to enable flexible factors for MFA in the PostLogin action",
"default": false
},
"acr_values_supported": {
"type": [
"array",
"null"
],
"description": "Supported ACR values",
"minItems": 0,
"items": {
"type": "string",
"format": "acr"
}
},
"mtls": {
"$ref": "#/components/schemas/TenantSettingsMTLS"
},
"pushed_authorization_requests_supported": {
"type": "boolean",
"description": "Enables the use of Pushed Authorization Requests",
"default": false
},
"authorization_response_iss_parameter_supported": {
"type": [
"boolean",
"null"
],
"description": "Supports iss parameter in authorization responses",
"default": false
},
"skip_non_verifiable_callback_uri_confirmation_prompt": {
"type": [
"boolean",
"null"
],
"description": "Controls whether a confirmation prompt is shown during login flows when the redirect URI uses non-verifiable callback URIs (for example, a custom URI schema such as `myapp://`, or `localhost`).\nIf set to true, a confirmation prompt will not be shown. We recommend that this is set to false for improved protection from malicious apps.\nSee https://auth0.com/docs/secure/security-guidance/measures-against-app-impersonation for more information."
},
"resource_parameter_profile": {
"$ref": "#/components/schemas/TenantSettingsResourceParameterProfile",
"x-release-lifecycle": "GA"
},
"client_id_metadata_document_supported": {
"type": "boolean",
"description": "Whether the authorization server supports retrieving client metadata from a client_id URL.",
"default": false,
"x-release-lifecycle": "EA"
},
"phone_consolidated_experience": {
"type": "boolean",
"description": "Whether Phone Consolidated Experience is enabled for this tenant."
},
"enable_ai_guide": {
"type": "boolean",
"description": "Whether Auth0 Guide (AI-powered assistance) is enabled for this tenant."
},
"dynamic_client_registration_security_mode": {
"$ref": "#/components/schemas/TenantSettingsDynamicClientRegistrationSecurityMode",
"x-release-lifecycle": "GA"
}
}
},
"UpdateTokenExchangeProfileRequestContent": {
"type": "object",
"additionalProperties": false,
"minProperties": 1,
"properties": {
"name": {
"type": "string",
"description": "Friendly name of this profile.",
"default": "Token Exchange Profile 1",
"minLength": 3,
"maxLength": 50
},
"subject_token_type": {
"type": "string",
"description": "Subject token type for this profile. When receiving a token exchange request on the Authentication API, the corresponding token exchange profile with a matching subject_token_type will be executed. This must be a URI.",
"minLength": 8,
"maxLength": 100,
"format": "url"
}
}
},
"UpdateTokenQuota": {
"type": [
"object",
"null"
],
"additionalProperties": false,
"required": [
"client_credentials"
],
"x-release-lifecycle": "EA",
"properties": {
"client_credentials": {
"$ref": "#/components/schemas/TokenQuotaClientCredentials"
}
}
},
"UpdateUniversalLoginTemplateRequestContent": {
"oneOf": [
{
"type": "string",
"maxLength": 102400
},
{
"type": "object",
"additionalProperties": false,
"required": [
"template"
],
"properties": {
"template": {
"type": "string",
"maxLength": 102400
}
}
}
]
},
"UpdateUserAttributeProfileRequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"name": {
"$ref": "#/components/schemas/UserAttributeProfileName"
},
"user_id": {
"$ref": "#/components/schemas/UserAttributeProfilePatchUserId"
},
"user_attributes": {
"$ref": "#/components/schemas/UserAttributeProfileUserAttributes"
}
}
},
"UpdateUserAttributeProfileResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"$ref": "#/components/schemas/UserAttributeProfileId"
},
"name": {
"$ref": "#/components/schemas/UserAttributeProfileName"
},
"user_id": {
"$ref": "#/components/schemas/UserAttributeProfileUserId"
},
"user_attributes": {
"$ref": "#/components/schemas/UserAttributeProfileUserAttributes"
}
}
},
"UpdateUserAuthenticationMethodRequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"name": {
"type": "string",
"description": "A human-readable label to identify the authentication method."
},
"preferred_authentication_method": {
"$ref": "#/components/schemas/PreferredAuthenticationMethodEnum",
"description": "Preferred phone authentication method"
}
}
},
"UpdateUserAuthenticationMethodResponseContent": {
"type": "object",
"description": "The successfully created authentication method.",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"id": {
"type": "string",
"description": "The ID of the newly created authentication method (automatically generated by the application)",
"format": "authenticator-id"
},
"type": {
"$ref": "#/components/schemas/CreatedAuthenticationMethodTypeEnum"
},
"name": {
"type": "string",
"description": "A human-readable label to identify the authentication method."
},
"totp_secret": {
"type": "string",
"description": "Base32 encoded secret for TOTP generation"
},
"phone_number": {
"type": "string",
"description": "Applies to phone authentication methods only. The destination phone number used to send verification codes via text and voice.",
"minLength": 2,
"maxLength": 30
},
"email": {
"type": "string",
"description": "Applies to email authentication methods only. The email address used to send verification messages."
},
"authentication_methods": {
"type": "array",
"items": {
"$ref": "#/components/schemas/UserAuthenticationMethodProperties"
}
},
"preferred_authentication_method": {
"$ref": "#/components/schemas/PreferredAuthenticationMethodEnum"
},
"key_id": {
"type": "string",
"description": "Applies to webauthn authentication methods only. The id of the credential."
},
"public_key": {
"type": "string",
"description": "Applies to webauthn authentication methods only. The public key."
},
"aaguid": {
"type": "string",
"description": "Applies to passkey authentication methods only. Authenticator Attestation Globally Unique Identifier."
},
"relying_party_identifier": {
"type": "string",
"description": "Applies to webauthn authentication methods only. The relying party identifier."
},
"confirmed": {
"type": "boolean",
"description": "Whether the authentication method has been confirmed."
},
"created_at": {
"type": "string",
"description": "Authentication method creation date",
"format": "date-time"
}
}
},
"UpdateUserRequestContent": {
"type": "object",
"additionalProperties": true,
"properties": {
"blocked": {
"type": "boolean",
"description": "Whether this user was blocked by an administrator (true) or not (false).",
"default": false
},
"email_verified": {
"type": "boolean",
"description": "Whether this email address is verified (true) or unverified (false). If set to false the user will not receive a verification email unless `verify_email` is set to true.",
"default": false
},
"email": {
"type": [
"string",
"null"
],
"description": "Email address of this user.",
"default": "john.doe@gmail.com",
"format": "email"
},
"phone_number": {
"type": [
"string",
"null"
],
"description": "The user's phone number (following the E.164 recommendation).",
"default": "+199999999999999",
"pattern": "^\\+[0-9]{1,15}$"
},
"phone_verified": {
"type": "boolean",
"description": "Whether this phone number has been verified (true) or not (false).",
"default": false
},
"user_metadata": {
"$ref": "#/components/schemas/UserMetadata",
"description": "User metadata to which this user has read/write access."
},
"app_metadata": {
"$ref": "#/components/schemas/AppMetadata",
"description": "User metadata to which this user has read-only access."
},
"given_name": {
"type": [
"string",
"null"
],
"description": "Given name/first name/forename of this user.",
"default": "John",
"minLength": 1,
"maxLength": 150
},
"family_name": {
"type": [
"string",
"null"
],
"description": "Family name/last name/surname of this user.",
"default": "Doe",
"minLength": 1,
"maxLength": 150
},
"name": {
"type": [
"string",
"null"
],
"description": "Name of this user.",
"default": "John Doe",
"minLength": 1,
"maxLength": 300
},
"nickname": {
"type": [
"string",
"null"
],
"description": "Preferred nickname or alias of this user.",
"default": "Johnny",
"minLength": 1,
"maxLength": 300
},
"picture": {
"type": [
"string",
"null"
],
"description": "URL to picture, photo, or avatar of this user.",
"default": "https://secure.gravatar.com/avatar/15626c5e0c749cb912f9d1ad48dba440?s=480&r=pg&d=https%3A%2F%2Fssl.gstatic.com%2Fs2%2Fprofiles%2Fimages%2Fsilhouette80.png",
"format": "strict-uri"
},
"verify_email": {
"type": "boolean",
"description": "Whether this user will receive a verification email after creation (true) or no email (false). Overrides behavior of `email_verified` parameter.",
"default": false
},
"verify_phone_number": {
"type": "boolean",
"description": "Whether this user will receive a text after changing the phone number (true) or no text (false). Only valid when changing phone number for SMS connections.",
"default": false
},
"password": {
"type": [
"string",
"null"
],
"description": "New password for this user. Only valid for database connections.",
"default": "secret",
"minLength": 1
},
"connection": {
"type": "string",
"description": "Name of the connection to target for this user update.",
"default": "Initial-Connection",
"minLength": 1
},
"client_id": {
"type": "string",
"description": "Auth0 client ID. Only valid when updating email address.",
"default": "DaM8bokEXBWrTUFCiJjWn50jei6ardyX",
"minLength": 1
},
"username": {
"type": [
"string",
"null"
],
"description": "The user's username. Only valid if the connection requires a username.",
"default": "johndoe",
"minLength": 1,
"maxLength": 128
}
}
},
"UpdateUserResponseContent": {
"type": "object",
"additionalProperties": true,
"properties": {
"user_id": {
"type": "string",
"description": "ID of the user which can be used when interacting with other APIs.",
"default": "auth0|507f1f77bcf86cd799439020"
},
"email": {
"type": "string",
"description": "Email address of this user.",
"default": "john.doe@gmail.com",
"format": "email"
},
"email_verified": {
"type": "boolean",
"description": "Whether this email address is verified (true) or unverified (false).",
"default": false
},
"username": {
"type": "string",
"description": "Username of this user.",
"default": "johndoe"
},
"phone_number": {
"type": "string",
"description": "Phone number for this user. Follows the E.164 recommendation.",
"default": "+199999999999999"
},
"phone_verified": {
"type": "boolean",
"description": "Whether this phone number has been verified (true) or not (false).",
"default": false
},
"created_at": {
"$ref": "#/components/schemas/UserDateSchema"
},
"updated_at": {
"$ref": "#/components/schemas/UserDateSchema"
},
"identities": {
"type": "array",
"description": "Array of user identity objects when accounts are linked.",
"items": {
"$ref": "#/components/schemas/UserIdentitySchema"
}
},
"app_metadata": {
"$ref": "#/components/schemas/UserAppMetadataSchema"
},
"user_metadata": {
"$ref": "#/components/schemas/UserMetadataSchema"
},
"picture": {
"type": "string",
"description": "URL to picture, photo, or avatar of this user."
},
"name": {
"type": "string",
"description": "Name of this user."
},
"nickname": {
"type": "string",
"description": "Preferred nickname or alias of this user."
},
"multifactor": {
"type": "array",
"description": "List of multi-factor authentication providers with which this user has enrolled.",
"items": {
"type": "string"
}
},
"last_ip": {
"type": "string",
"description": "Last IP address from which this user logged in."
},
"last_login": {
"$ref": "#/components/schemas/UserDateSchema"
},
"logins_count": {
"type": "integer",
"description": "Total number of logins this user has performed."
},
"blocked": {
"type": "boolean",
"description": "Whether this user was blocked by an administrator (true) or is not (false)."
},
"given_name": {
"type": "string",
"description": "Given name/first name/forename of this user."
},
"family_name": {
"type": "string",
"description": "Family name/last name/surname of this user."
}
}
},
"UpdateVerifiableCredentialTemplateRequestContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"name": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 255
},
"type": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 255
},
"dialect": {
"type": [
"string",
"null"
],
"maxLength": 255,
"pattern": "^simplified/1.0$"
},
"presentation": {
"$ref": "#/components/schemas/MdlPresentationRequest"
},
"well_known_trusted_issuers": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 255,
"pattern": "^aamva$"
},
"version": {
"type": [
"number",
"null"
]
}
}
},
"UpdateVerifiableCredentialTemplateResponseContent": {
"type": "object",
"additionalProperties": true,
"properties": {
"id": {
"type": "string",
"description": "The id of the template.",
"default": "vct_0000000000000001"
},
"name": {
"type": "string",
"description": "The name of the template."
},
"type": {
"type": "string",
"description": "The type of the template.",
"default": "mdl"
},
"dialect": {
"type": "string",
"description": "The dialect of the template.",
"default": "simplified/1.0",
"maxLength": 255
},
"presentation": {
"$ref": "#/components/schemas/MdlPresentationRequest"
},
"custom_certificate_authority": {
"type": [
"string",
"null"
],
"description": "The custom certificate authority.",
"minLength": 1,
"maxLength": 4096
},
"well_known_trusted_issuers": {
"type": [
"string",
"null"
],
"description": "The well-known trusted issuers, comma separated.",
"minLength": 1,
"maxLength": 255
},
"created_at": {
"type": "string",
"description": "The date and time the template was created.",
"default": "2021-01-01T00:00:00Z",
"format": "date-time"
},
"updated_at": {
"type": "string",
"description": "The date and time the template was created.",
"default": "2021-01-01T00:00:00Z",
"format": "date-time"
}
}
},
"UserAppMetadataSchema": {
"type": "object",
"description": "User metadata to which this user has read-only access.",
"additionalProperties": true,
"properties": {}
},
"UserAttributeProfile": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"$ref": "#/components/schemas/UserAttributeProfileId"
},
"name": {
"$ref": "#/components/schemas/UserAttributeProfileName"
},
"user_id": {
"$ref": "#/components/schemas/UserAttributeProfileUserId"
},
"user_attributes": {
"$ref": "#/components/schemas/UserAttributeProfileUserAttributes"
}
}
},
"UserAttributeProfileId": {
"type": "string",
"description": "User Attribute Profile identifier.",
"format": "user-attribute-profile-id"
},
"UserAttributeProfileName": {
"type": "string",
"description": "The name of the user attribute profile.",
"minLength": 1,
"maxLength": 128
},
"UserAttributeProfileOidcMapping": {
"type": "object",
"description": "OIDC mapping for this attribute",
"additionalProperties": false,
"required": [
"mapping"
],
"properties": {
"mapping": {
"type": "string",
"description": "OIDC mapping field",
"minLength": 1,
"maxLength": 50
},
"display_name": {
"type": "string",
"description": "Display name for the OIDC mapping",
"minLength": 1,
"maxLength": 50
}
}
},
"UserAttributeProfilePatchUserId": {
"oneOf": [
{
"$ref": "#/components/schemas/UserAttributeProfileUserId"
},
{
"type": "null"
}
]
},
"UserAttributeProfileSamlMapping": {
"type": "array",
"description": "SAML mapping override for this strategy",
"minItems": 1,
"items": {
"type": "string",
"description": "SAML mapping field",
"minLength": 1,
"maxLength": 128
}
},
"UserAttributeProfileStrategyOverrides": {
"type": "object",
"description": "Strategy-specific overrides for this attribute",
"additionalProperties": false,
"properties": {
"pingfederate": {
"$ref": "#/components/schemas/UserAttributeProfileStrategyOverridesMapping"
},
"ad": {
"$ref": "#/components/schemas/UserAttributeProfileStrategyOverridesMapping"
},
"adfs": {
"$ref": "#/components/schemas/UserAttributeProfileStrategyOverridesMapping"
},
"waad": {
"$ref": "#/components/schemas/UserAttributeProfileStrategyOverridesMapping"
},
"google-apps": {
"$ref": "#/components/schemas/UserAttributeProfileStrategyOverridesMapping"
},
"okta": {
"$ref": "#/components/schemas/UserAttributeProfileStrategyOverridesMapping"
},
"oidc": {
"$ref": "#/components/schemas/UserAttributeProfileStrategyOverridesMapping"
},
"samlp": {
"$ref": "#/components/schemas/UserAttributeProfileStrategyOverridesMapping"
}
}
},
"UserAttributeProfileStrategyOverridesMapping": {
"type": "object",
"additionalProperties": false,
"properties": {
"oidc_mapping": {
"$ref": "#/components/schemas/UserAttributeProfileOidcMapping",
"description": "OIDC mapping override for this strategy"
},
"saml_mapping": {
"$ref": "#/components/schemas/UserAttributeProfileSamlMapping"
},
"scim_mapping": {
"type": "string",
"description": "SCIM mapping override for this strategy",
"minLength": 1,
"maxLength": 128
}
}
},
"UserAttributeProfileStrategyOverridesUserId": {
"type": "object",
"description": "Strategy-specific overrides for user ID",
"additionalProperties": false,
"properties": {
"pingfederate": {
"$ref": "#/components/schemas/UserAttributeProfileStrategyOverridesUserIdMapping"
},
"ad": {
"$ref": "#/components/schemas/UserAttributeProfileStrategyOverridesUserIdMapping"
},
"adfs": {
"$ref": "#/components/schemas/UserAttributeProfileStrategyOverridesUserIdMapping"
},
"waad": {
"$ref": "#/components/schemas/UserAttributeProfileStrategyOverridesUserIdMapping"
},
"google-apps": {
"$ref": "#/components/schemas/UserAttributeProfileStrategyOverridesUserIdMapping"
},
"okta": {
"$ref": "#/components/schemas/UserAttributeProfileStrategyOverridesUserIdMapping"
},
"oidc": {
"$ref": "#/components/schemas/UserAttributeProfileStrategyOverridesUserIdMapping"
},
"samlp": {
"$ref": "#/components/schemas/UserAttributeProfileStrategyOverridesUserIdMapping"
}
}
},
"UserAttributeProfileStrategyOverridesUserIdMapping": {
"type": "object",
"additionalProperties": false,
"properties": {
"oidc_mapping": {
"$ref": "#/components/schemas/UserAttributeProfileUserIdOidcStrategyOverrideMapping"
},
"saml_mapping": {
"$ref": "#/components/schemas/UserAttributeProfileSamlMapping"
},
"scim_mapping": {
"type": "string",
"description": "SCIM mapping override for this strategy",
"minLength": 1,
"maxLength": 128
}
}
},
"UserAttributeProfileTemplate": {
"type": "object",
"description": "The structure of the template, which can be used as the payload for creating or updating a User Attribute Profile.",
"additionalProperties": false,
"properties": {
"name": {
"$ref": "#/components/schemas/UserAttributeProfileName"
},
"user_id": {
"$ref": "#/components/schemas/UserAttributeProfileUserId"
},
"user_attributes": {
"$ref": "#/components/schemas/UserAttributeProfileUserAttributes"
}
}
},
"UserAttributeProfileTemplateItem": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"type": "string",
"description": "The id of the template."
},
"display_name": {
"type": "string",
"description": "The user-friendly name of the template displayed in the UI."
},
"template": {
"$ref": "#/components/schemas/UserAttributeProfileTemplate"
}
}
},
"UserAttributeProfileUserAttributeAdditionalProperties": {
"type": "object",
"additionalProperties": false,
"required": [
"description",
"label",
"profile_required",
"auth0_mapping"
],
"properties": {
"description": {
"type": "string",
"description": "Description of this attribute",
"minLength": 1,
"maxLength": 128
},
"label": {
"type": "string",
"description": "Display label for this attribute",
"minLength": 1,
"maxLength": 128
},
"profile_required": {
"type": "boolean",
"description": "Whether this attribute is required in the profile"
},
"auth0_mapping": {
"type": "string",
"description": "Auth0 mapping for this attribute",
"minLength": 1,
"maxLength": 50
},
"oidc_mapping": {
"$ref": "#/components/schemas/UserAttributeProfileOidcMapping"
},
"saml_mapping": {
"$ref": "#/components/schemas/UserAttributeProfileSamlMapping",
"description": "SAML mapping for this attribute"
},
"scim_mapping": {
"type": "string",
"description": "SCIM mapping for this attribute",
"minLength": 1,
"maxLength": 128
},
"strategy_overrides": {
"$ref": "#/components/schemas/UserAttributeProfileStrategyOverrides"
}
}
},
"UserAttributeProfileUserAttributes": {
"type": "object",
"description": "User attributes configuration map. Keys are attribute names, values are the mapping configuration for each attribute.",
"additionalProperties": {
"$ref": "#/components/schemas/UserAttributeProfileUserAttributeAdditionalProperties"
},
"minProperties": 1,
"maxProperties": 64
},
"UserAttributeProfileUserId": {
"type": "object",
"description": "User ID mapping configuration",
"additionalProperties": false,
"properties": {
"oidc_mapping": {
"$ref": "#/components/schemas/UserAttributeProfileUserIdOidcMappingEnum"
},
"saml_mapping": {
"$ref": "#/components/schemas/UserAttributeProfileUserIdSamlMapping"
},
"scim_mapping": {
"type": "string",
"description": "SCIM mapping for user ID",
"minLength": 1,
"maxLength": 128
},
"strategy_overrides": {
"$ref": "#/components/schemas/UserAttributeProfileStrategyOverridesUserId"
}
}
},
"UserAttributeProfileUserIdOidcMappingEnum": {
"type": "string",
"description": "OIDC mapping for user ID",
"minLength": 1,
"maxLength": 50,
"enum": [
"sub"
]
},
"UserAttributeProfileUserIdOidcStrategyOverrideMapping": {
"type": "string",
"description": "OIDC mapping override for this strategy",
"minLength": 1,
"maxLength": 50,
"enum": [
"sub",
"oid",
"email"
]
},
"UserAttributeProfileUserIdSamlMapping": {
"type": "array",
"description": "SAML mapping for user ID",
"minItems": 1,
"items": {
"type": "string",
"description": "SAML mapping field",
"minLength": 1,
"maxLength": 128
}
},
"UserAuthenticationMethod": {
"type": "object",
"additionalProperties": false,
"required": [
"id",
"type",
"created_at"
],
"properties": {
"id": {
"type": "string",
"description": "The ID of the authentication method (auto generated)"
},
"type": {
"$ref": "#/components/schemas/AuthenticationMethodTypeEnum"
},
"confirmed": {
"type": "boolean",
"description": "The authentication method status"
},
"name": {
"type": "string",
"description": "A human-readable label to identify the authentication method",
"maxLength": 20
},
"authentication_methods": {
"type": "array",
"items": {
"$ref": "#/components/schemas/UserAuthenticationMethodProperties"
}
},
"preferred_authentication_method": {
"$ref": "#/components/schemas/PreferredAuthenticationMethodEnum"
},
"link_id": {
"type": "string",
"description": "The ID of a linked authentication method. Linked authentication methods will be deleted together."
},
"phone_number": {
"type": "string",
"description": "Applies to phone authentication methods only. The destination phone number used to send verification codes via text and voice."
},
"email": {
"type": "string",
"description": "Applies to email and email-verification authentication methods only. The email address used to send verification messages."
},
"key_id": {
"type": "string",
"description": "Applies to webauthn authentication methods only. The ID of the generated credential."
},
"public_key": {
"type": "string",
"description": "Applies to webauthn authentication methods only. The public key."
},
"created_at": {
"type": "string",
"description": "Authenticator creation date",
"format": "date-time"
},
"enrolled_at": {
"type": "string",
"description": "Enrollment date",
"format": "date-time"
},
"last_auth_at": {
"type": "string",
"description": "Last authentication",
"format": "date-time"
},
"credential_device_type": {
"type": "string",
"description": "Applies to passkeys only. The kind of device the credential is stored on as defined by backup eligibility. \"single_device\" credentials cannot be backed up and synced to another device, \"multi_device\" credentials can be backed up if enabled by the end-user."
},
"credential_backed_up": {
"type": "boolean",
"description": "Applies to passkeys only. Whether the credential was backed up."
},
"identity_user_id": {
"type": "string",
"description": "Applies to passkeys only. The ID of the user identity linked with the authentication method."
},
"user_agent": {
"type": "string",
"description": "Applies to passkeys only. The user-agent of the browser used to create the passkey."
},
"aaguid": {
"type": "string",
"description": "Applies to passkey authentication methods only. Authenticator Attestation Globally Unique Identifier."
},
"relying_party_identifier": {
"type": "string",
"description": "Applies to webauthn/passkey authentication methods only. The credential's relying party identifier."
}
}
},
"UserAuthenticationMethodProperties": {
"type": "object",
"additionalProperties": true,
"properties": {
"type": {
"$ref": "#/components/schemas/UserAuthenticationMethodPropertiesEnum"
},
"id": {
"type": "string",
"format": "authenticator-id"
}
}
},
"UserAuthenticationMethodPropertiesEnum": {
"type": "string",
"enum": [
"totp",
"push",
"sms",
"voice"
]
},
"UserBlockIdentifier": {
"type": "object",
"additionalProperties": true,
"properties": {
"identifier": {
"type": "string",
"description": "Identifier (should be any of an `email`, `username`, or `phone_number`)",
"default": "john.doe@gmail.com"
},
"ip": {
"type": "string",
"description": "IP Address",
"default": "10.0.0.1"
},
"connection": {
"type": "string",
"description": "Connection identifier"
}
}
},
"UserDateSchema": {
"oneOf": [
{
"type": "string",
"description": "Date and time when this user was created (ISO_8601 format)."
},
{
"type": "object",
"description": "Date and time when this user was created (ISO_8601 format).",
"additionalProperties": true
}
]
},
"UserEnrollmentAuthMethodEnum": {
"type": "string",
"description": "Authentication method for this enrollment. Can be `authenticator`, `guardian`, `sms`, `webauthn-roaming`, or `webauthn-platform`.",
"enum": [
"authenticator",
"guardian",
"sms",
"webauthn-platform",
"webauthn-roaming"
]
},
"UserEnrollmentStatusEnum": {
"type": "string",
"description": "Status of this enrollment. Can be `pending` or `confirmed`.",
"enum": [
"pending",
"confirmed"
]
},
"UserGrant": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"type": "string",
"description": "ID of the grant."
},
"clientID": {
"type": "string",
"description": "ID of the client."
},
"user_id": {
"type": "string",
"description": "ID of the user."
},
"audience": {
"type": "string",
"description": "Audience of the grant."
},
"scope": {
"type": "array",
"description": "Scopes included in this grant.",
"items": {
"type": "string",
"minLength": 1
}
}
}
},
"UserGroupsResponseSchema": {
"allOf": [
{
"$ref": "#/components/schemas/Group"
},
{
"type": "object",
"additionalProperties": true,
"properties": {
"membership_created_at": {
"type": "string",
"description": "Timestamp of when the group membership was added.",
"format": "date-time"
}
}
}
]
},
"UserId": {
"description": "user_id of the secondary user account being linked.",
"oneOf": [
{
"type": "string",
"default": "abc",
"minLength": 1
},
{
"type": "integer",
"default": 191919191
}
]
},
"UserIdentity": {
"type": "object",
"additionalProperties": false,
"required": [
"provider",
"user_id",
"connection"
],
"properties": {
"connection": {
"type": "string",
"description": "Connection name of this identity.",
"default": "twitter"
},
"user_id": {
"$ref": "#/components/schemas/UserId",
"description": "user_id of this identity."
},
"provider": {
"type": "string",
"description": "Type of identity provider.",
"default": "twitter"
},
"profileData": {
"$ref": "#/components/schemas/UserProfileData"
},
"isSocial": {
"type": "boolean",
"description": "Whether the identity provider is a social provider (true) or not (false)."
},
"access_token": {
"type": "string",
"description": "IDP access token returned if scope `read:user_idp_tokens` is defined."
},
"access_token_secret": {
"type": "string",
"description": "IDP access token secret returned only if `scope read:user_idp_tokens` is defined."
},
"refresh_token": {
"type": "string",
"description": "IDP refresh token returned only if scope `read:user_idp_tokens` is defined."
}
}
},
"UserIdentityProviderEnum": {
"type": "string",
"description": "The type of identity provider",
"enum": [
"ad",
"adfs",
"amazon",
"apple",
"dropbox",
"bitbucket",
"auth0-oidc",
"auth0",
"baidu",
"bitly",
"box",
"custom",
"daccount",
"dwolla",
"email",
"evernote-sandbox",
"evernote",
"exact",
"facebook",
"fitbit",
"github",
"google-apps",
"google-oauth2",
"instagram",
"ip",
"line",
"linkedin",
"oauth1",
"oauth2",
"office365",
"oidc",
"okta",
"paypal",
"paypal-sandbox",
"pingfederate",
"planningcenter",
"salesforce-community",
"salesforce-sandbox",
"salesforce",
"samlp",
"sharepoint",
"shopify",
"shop",
"sms",
"soundcloud",
"thirtysevensignals",
"twitter",
"untappd",
"vkontakte",
"waad",
"weibo",
"windowslive",
"wordpress",
"yahoo",
"yandex"
]
},
"UserIdentitySchema": {
"type": "object",
"additionalProperties": false,
"properties": {
"connection": {
"type": "string",
"description": "Name of the connection containing this identity."
},
"user_id": {
"type": "string",
"description": "Unique identifier of the user user for this identity."
},
"provider": {
"$ref": "#/components/schemas/UserIdentityProviderEnum"
},
"isSocial": {
"type": "boolean",
"description": "Whether this identity is from a social provider (true) or not (false)."
},
"access_token": {
"type": "string",
"description": "IDP access token returned only if scope read:user_idp_tokens is defined."
},
"access_token_secret": {
"type": "string",
"description": "IDP access token secret returned only if scope read:user_idp_tokens is defined."
},
"refresh_token": {
"type": "string",
"description": "IDP refresh token returned only if scope read:user_idp_tokens is defined."
},
"profileData": {
"$ref": "#/components/schemas/UserProfileData"
}
}
},
"UserListLogOffsetPaginatedResponseContent": {
"type": "object",
"additionalProperties": false,
"properties": {
"start": {
"type": "number"
},
"limit": {
"type": "number"
},
"length": {
"type": "number"
},
"total": {
"type": "number"
},
"logs": {
"type": "array",
"items": {
"$ref": "#/components/schemas/Log"
}
}
}
},
"UserListLogResponseContent": {
"oneOf": [
{
"type": "array",
"items": {
"$ref": "#/components/schemas/Log"
}
},
{
"$ref": "#/components/schemas/UserListLogOffsetPaginatedResponseContent"
}
]
},
"UserMetadata": {
"type": "object",
"description": "Data related to the user that does not affect the application's core functionality.",
"additionalProperties": true
},
"UserMetadataSchema": {
"type": "object",
"description": "User metadata to which this user has read/write access.",
"additionalProperties": true
},
"UserMultifactorProviderEnum": {
"type": "string",
"enum": [
"duo",
"google-authenticator"
],
"description": "The multi-factor provider. Supported values 'duo' or 'google-authenticator'"
},
"UserPermissionSchema": {
"type": "object",
"additionalProperties": false,
"properties": {
"sources": {},
"resource_server_identifier": {
"type": "string",
"description": "Resource server (API) identifier that this permission is for."
},
"permission_name": {
"type": "string",
"description": "Name of this permission."
},
"resource_server_name": {
"type": "string",
"description": "Resource server (API) name this permission is for."
},
"description": {
"type": "string",
"description": "Description of this permission."
}
}
},
"UserProfileData": {
"type": "object",
"additionalProperties": true,
"properties": {
"email": {
"type": "string",
"description": "Email address of this user."
},
"email_verified": {
"type": "boolean",
"description": "Whether this email address is verified (true) or unverified (false)."
},
"name": {
"type": "string",
"description": "Name of this user."
},
"username": {
"type": "string",
"description": "Username of this user.",
"default": "johndoe"
},
"given_name": {
"type": "string",
"description": "Given name/first name/forename of this user."
},
"phone_number": {
"type": "string",
"description": "Phone number for this user."
},
"phone_verified": {
"type": "boolean",
"description": "Whether this phone number is verified (true) or unverified (false)."
},
"family_name": {
"type": "string",
"description": "Family name/last name/surname of this user."
}
}
},
"UserResponseSchema": {
"type": "object",
"additionalProperties": true,
"properties": {
"user_id": {
"type": "string",
"description": "ID of the user which can be used when interacting with other APIs.",
"default": "auth0|507f1f77bcf86cd799439020"
},
"email": {
"type": "string",
"description": "Email address of this user.",
"default": "john.doe@gmail.com",
"format": "email"
},
"email_verified": {
"type": "boolean",
"description": "Whether this email address is verified (true) or unverified (false).",
"default": false
},
"username": {
"type": "string",
"description": "Username of this user.",
"default": "johndoe"
},
"phone_number": {
"type": "string",
"description": "Phone number for this user. Follows the E.164 recommendation.",
"default": "+199999999999999"
},
"phone_verified": {
"type": "boolean",
"description": "Whether this phone number has been verified (true) or not (false).",
"default": false
},
"created_at": {
"$ref": "#/components/schemas/UserDateSchema"
},
"updated_at": {
"$ref": "#/components/schemas/UserDateSchema"
},
"identities": {
"type": "array",
"description": "Array of user identity objects when accounts are linked.",
"items": {
"$ref": "#/components/schemas/UserIdentitySchema"
}
},
"app_metadata": {
"$ref": "#/components/schemas/UserAppMetadataSchema"
},
"user_metadata": {
"$ref": "#/components/schemas/UserMetadataSchema"
},
"picture": {
"type": "string",
"description": "URL to picture, photo, or avatar of this user."
},
"name": {
"type": "string",
"description": "Name of this user."
},
"nickname": {
"type": "string",
"description": "Preferred nickname or alias of this user."
},
"multifactor": {
"type": "array",
"description": "List of multi-factor authentication providers with which this user has enrolled.",
"items": {
"type": "string"
}
},
"last_ip": {
"type": "string",
"description": "Last IP address from which this user logged in."
},
"last_login": {
"$ref": "#/components/schemas/UserDateSchema"
},
"logins_count": {
"type": "integer",
"description": "Total number of logins this user has performed."
},
"blocked": {
"type": "boolean",
"description": "Whether this user was blocked by an administrator (true) or is not (false)."
},
"given_name": {
"type": "string",
"description": "Given name/first name/forename of this user."
},
"family_name": {
"type": "string",
"description": "Family name/last name/surname of this user."
}
}
},
"UsernameAllowedTypes": {
"type": "object",
"additionalProperties": false,
"properties": {
"email": {
"type": "boolean"
},
"phone_number": {
"type": "boolean"
}
}
},
"UsernameAttribute": {
"type": "object",
"description": "Configuration for the username attribute for users.",
"additionalProperties": false,
"properties": {
"identifier": {
"$ref": "#/components/schemas/ConnectionAttributeIdentifier"
},
"profile_required": {
"type": "boolean",
"description": "Determines if property should be required for users"
},
"signup": {
"$ref": "#/components/schemas/SignupSchema"
},
"validation": {
"$ref": "#/components/schemas/UsernameValidation"
}
}
},
"UsernameValidation": {
"type": "object",
"additionalProperties": false,
"properties": {
"min_length": {
"type": "number",
"description": "Minimum allowed length",
"minimum": 1,
"maximum": 128
},
"max_length": {
"type": "number",
"description": "Maximum allowed length",
"minimum": 1,
"maximum": 128
},
"allowed_types": {
"$ref": "#/components/schemas/UsernameAllowedTypes"
}
}
},
"UsersEnrollment": {
"type": "object",
"additionalProperties": true,
"properties": {
"id": {
"type": "string",
"description": "ID of this enrollment."
},
"status": {
"$ref": "#/components/schemas/UserEnrollmentStatusEnum"
},
"type": {
"type": "string",
"description": "Type of enrollment."
},
"name": {
"type": "string",
"description": "Name of enrollment (usually phone number).",
"maxLength": 20
},
"identifier": {
"type": "string",
"description": "Device identifier (usually phone identifier) of this enrollment."
},
"phone_number": {
"type": "string",
"description": "Phone number for this enrollment."
},
"auth_method": {
"$ref": "#/components/schemas/UserEnrollmentAuthMethodEnum"
},
"enrolled_at": {
"type": "string",
"description": "Start date and time of this enrollment.",
"format": "date-time"
},
"last_auth": {
"type": "string",
"description": "Last authentication date and time of this enrollment.",
"format": "date-time"
}
}
},
"VerifiableCredentialTemplateResponse": {
"type": "object",
"additionalProperties": true,
"properties": {
"id": {
"type": "string",
"description": "The id of the template.",
"default": "vct_0000000000000001"
},
"name": {
"type": "string",
"description": "The name of the template."
},
"type": {
"type": "string",
"description": "The type of the template.",
"default": "mdl"
},
"dialect": {
"type": "string",
"description": "The dialect of the template.",
"default": "simplified/1.0",
"maxLength": 255
},
"presentation": {
"$ref": "#/components/schemas/MdlPresentationRequest"
},
"custom_certificate_authority": {
"type": [
"string",
"null"
],
"description": "The custom certificate authority.",
"minLength": 1,
"maxLength": 4096
},
"well_known_trusted_issuers": {
"type": [
"string",
"null"
],
"description": "The well-known trusted issuers, comma separated.",
"minLength": 1,
"maxLength": 255
},
"created_at": {
"type": "string",
"description": "The date and time the template was created.",
"default": "2021-01-01T00:00:00Z",
"format": "date-time"
},
"updated_at": {
"type": "string",
"description": "The date and time the template was created.",
"default": "2021-01-01T00:00:00Z",
"format": "date-time"
}
}
},
"VerificationMethodEnum": {
"type": "string",
"enum": [
"link",
"otp"
]
},
"VerifyCustomDomainResponseContent": {
"type": "object",
"additionalProperties": false,
"required": [
"custom_domain_id",
"domain",
"primary",
"status",
"type"
],
"properties": {
"custom_domain_id": {
"type": "string",
"description": "ID of the custom domain.",
"default": "cd_0000000000000001"
},
"domain": {
"type": "string",
"description": "Domain name.",
"default": "login.mycompany.com"
},
"primary": {
"type": "boolean",
"description": "Whether this is a primary domain (true) or not (false).",
"default": false
},
"status": {
"$ref": "#/components/schemas/CustomDomainStatusFilterEnum"
},
"type": {
"$ref": "#/components/schemas/CustomDomainTypeEnum"
},
"cname_api_key": {
"type": "string",
"description": "CNAME API key header.",
"default": "d4feca..."
},
"origin_domain_name": {
"type": "string",
"description": "Intermediate address.",
"default": "mycompany_cd_0000000000000001.edge.tenants.auth0.com"
},
"verification": {
"$ref": "#/components/schemas/DomainVerification"
},
"custom_client_ip_header": {
"type": [
"string",
"null"
],
"description": "The HTTP header to fetch the client's IP address"
},
"tls_policy": {
"type": "string",
"description": "The TLS version policy",
"default": "recommended"
},
"domain_metadata": {
"$ref": "#/components/schemas/DomainMetadata"
},
"certificate": {
"$ref": "#/components/schemas/DomainCertificate"
}
}
},
"VerifyEmailTicketRequestContent": {
"type": "object",
"additionalProperties": false,
"required": [
"user_id"
],
"properties": {
"result_url": {
"type": "string",
"description": "URL the user will be redirected to in the classic Universal Login experience once the ticket is used. Cannot be specified when using client_id or organization_id.",
"default": "http://myapp.com/callback",
"format": "url"
},
"user_id": {
"type": "string",
"description": "user_id of for whom the ticket should be created.",
"format": "user-id"
},
"client_id": {
"type": "string",
"description": "ID of the client (application). If provided for tenants using the New Universal Login experience, the email template and UI displays application details, and the user is prompted to redirect to the application's default login route after the ticket is used. client_id is required to use the Password Reset Post Challenge trigger.",
"default": "DaM8bokEXBWrTUFCiJjWn50jei6ardyX",
"format": "client-id"
},
"organization_id": {
"type": "string",
"description": "(Optional) Organization ID – the ID of the Organization. If provided, organization parameters will be made available to the email template and organization branding will be applied to the prompt. In addition, the redirect link in the prompt will include organization_id and organization_name query string parameters.",
"default": "org_2eondWoxcMIpaLQc",
"format": "organization-id"
},
"ttl_sec": {
"type": "integer",
"description": "Number of seconds for which the ticket is valid before expiration. If unspecified or set to 0, this value defaults to 432000 seconds (5 days).",
"minimum": 0
},
"includeEmailInRedirect": {
"type": "boolean",
"description": "Whether to include the email address as part of the returnUrl in the reset_email (true), or not (false)."
},
"identity": {
"$ref": "#/components/schemas/Identity"
}
}
},
"VerifyEmailTicketResponseContent": {
"type": "object",
"additionalProperties": true,
"required": [
"ticket"
],
"properties": {
"ticket": {
"type": "string",
"description": "URL representing the ticket.",
"default": "https://login.auth0.com/lo/verify_email?client_id=nsaPS2p3cargoFy82WT7betaOPOt3qSh&tenant=mdocs&bewit=bmNlR01CcDNOUE1GeXVzODJXVDdyY1RUT1BPdDNxU2hcMTQzMDY2MjE4MVxuRTcxM0RSeUNlbEpzUUJmaFVaS3A1NEdJbWFzSUZMYzRTdEFtY2NMMXhZPVx7ImVtYWloojoiZGFtaWtww2NoQGhvdG1haWwuY29tIiwidGVuYW50IjoiZHNjaGVua2tjwWFuIiwiY2xpZW50X2lkIjoibmNlR01CcDNOUE1GeXVzODJXVDdyY1RUT1BPiiqxU2giLCJjb25uZWN0aW9uIjoiRGFtaWmsdiwicmVzdWx0VXJsIjoiIn0",
"format": "url"
}
}
},
"X509CertificateCredential": {
"type": "object",
"additionalProperties": false,
"required": [
"credential_type",
"pem"
],
"properties": {
"credential_type": {
"$ref": "#/components/schemas/X509CertificateCredentialTypeEnum"
},
"name": {
"type": "string",
"description": "Friendly name for a credential.",
"default": "",
"maxLength": 128
},
"pem": {
"type": "string",
"description": "PEM-formatted X509 certificate. Must be JSON escaped.",
"default": "-----BEGIN CERTIFICATE-----\r\nMIIBIjANBg...\r\n-----END CERTIFICATE-----\r\n",
"minLength": 1,
"maxLength": 4096
}
}
},
"X509CertificateCredentialTypeEnum": {
"type": "string",
"enum": [
"x509_cert"
]
}
},
"securitySchemes": {
"bearerAuth": {
"type": "http",
"scheme": "bearer",
"bearerFormat": "jwt"
},
"oAuth2ClientCredentials": {
"type": "oauth2",
"flows": {
"clientCredentials": {
"tokenUrl": "/oauth/token/",
"x-form-parameters": {
"audience": "/api/v2/"
},
"scopes": {
"create:actions": "Create Actions",
"read:actions": "Read Actions",
"update:actions": "Update Actions",
"delete:actions": "Delete Actions",
"read:anomaly_blocks": "Read Anomaly Blocks",
"delete:anomaly_blocks": "Delete Anomaly Blocks",
"read:attack_protection": "Read Attack Protection",
"update:attack_protection": "Update Attack Protection",
"create:authentication_methods": "Create Authentication Methods",
"read:authentication_methods": "Read Authentication Methods",
"update:authentication_methods": "Update Authentication Methods",
"delete:authentication_methods": "Delete Authentication Methods",
"read:branding": "Read Branding",
"update:branding": "Update Branding",
"delete:branding": "Delete Branding",
"create:client_credentials": "Create Client Credentials",
"read:client_credentials": "Read Client Credentials",
"update:client_credentials": "Update Client Credentials",
"delete:client_credentials": "Delete Client Credentials",
"create:client_grants": "Create Client Grants",
"read:client_grants": "Read Client Grants",
"update:client_grants": "Update Client Grants",
"delete:client_grants": "Delete Client Grants",
"read:client_keys": "Read Client Keys",
"update:client_keys": "Update Client Keys",
"read:client_summary": "Read Client Summary",
"update:client_token_vault_privileged_access": "Update Client Token Vault Privileged Access",
"create:clients": "Create Clients",
"read:clients": "Read Clients",
"update:clients": "Update Clients",
"delete:clients": "Delete Clients",
"create:connection_profiles": "Create Connection Profiles",
"read:connection_profiles": "Read Connection Profiles",
"update:connection_profiles": "Update Connection Profiles",
"delete:connection_profiles": "Delete Connection Profiles",
"create:connections": "Create Connections",
"read:connections": "Read Connections",
"update:connections": "Update Connections",
"delete:connections": "Delete Connections",
"create:connections_keys": "Create Connections Keys",
"read:connections_keys": "Read Connections Keys",
"update:connections_keys": "Update Connections Keys",
"read:current_user": "Read Current User",
"delete:current_user": "Delete Current User",
"create:current_user_device_credentials": "Create Current User Device Credentials",
"delete:current_user_device_credentials": "Delete Current User Device Credentials",
"update:current_user_identities": "Update Current User Identities",
"update:current_user_metadata": "Update Current User Metadata",
"create:custom_domains": "Create Custom Domains",
"read:custom_domains": "Read Custom Domains",
"update:custom_domains": "Update Custom Domains",
"delete:custom_domains": "Delete Custom Domains",
"create:custom_signing_keys": "Create Custom Signing Keys",
"read:custom_signing_keys": "Read Custom Signing Keys",
"update:custom_signing_keys": "Update Custom Signing Keys",
"delete:custom_signing_keys": "Delete Custom Signing Keys",
"read:device_credentials": "Read Device Credentials",
"delete:device_credentials": "Delete Device Credentials",
"create:directory_provisionings": "Create Directory Provisionings",
"read:directory_provisionings": "Read Directory Provisionings",
"update:directory_provisionings": "Update Directory Provisionings",
"delete:directory_provisionings": "Delete Directory Provisionings",
"create:email_provider": "Create Email Provider",
"read:email_provider": "Read Email Provider",
"update:email_provider": "Update Email Provider",
"delete:email_provider": "Delete Email Provider",
"create:email_templates": "Create Email Templates",
"read:email_templates": "Read Email Templates",
"update:email_templates": "Update Email Templates",
"create:encryption_keys": "Create Encryption Keys",
"read:encryption_keys": "Read Encryption Keys",
"update:encryption_keys": "Update Encryption Keys",
"delete:encryption_keys": "Delete Encryption Keys",
"read:event_deliveries": "Read Event Deliveries",
"update:event_deliveries": "Update Event Deliveries",
"create:event_streams": "Create Event Streams",
"read:event_streams": "Read Event Streams",
"update:event_streams": "Update Event Streams",
"delete:event_streams": "Delete Event Streams",
"read:events": "Read Events",
"read:federated_connections_tokens": "Read Federated Connections Tokens",
"delete:federated_connections_tokens": "Delete Federated Connections Tokens",
"create:flows": "Create Flows",
"read:flows": "Read Flows",
"update:flows": "Update Flows",
"delete:flows": "Delete Flows",
"read:flows_executions": "Read Flows Executions",
"delete:flows_executions": "Delete Flows Executions",
"create:flows_vault_connections": "Create Flows Vault Connections",
"read:flows_vault_connections": "Read Flows Vault Connections",
"update:flows_vault_connections": "Update Flows Vault Connections",
"delete:flows_vault_connections": "Delete Flows Vault Connections",
"create:forms": "Create Forms",
"read:forms": "Read Forms",
"update:forms": "Update Forms",
"delete:forms": "Delete Forms",
"read:grants": "Read Grants",
"delete:grants": "Delete Grants",
"read:group_members": "Read Group Members",
"read:groups": "Read Groups",
"delete:groups": "Delete Groups",
"create:guardian_enrollment_tickets": "Create Guardian Enrollment Tickets",
"read:guardian_enrollments": "Read Guardian Enrollments",
"delete:guardian_enrollments": "Delete Guardian Enrollments",
"read:guardian_factors": "Read Guardian Factors",
"update:guardian_factors": "Update Guardian Factors",
"create:hooks": "Create Hooks",
"read:hooks": "Read Hooks",
"update:hooks": "Update Hooks",
"delete:hooks": "Delete Hooks",
"create:log_streams": "Create Log Streams",
"read:log_streams": "Read Log Streams",
"update:log_streams": "Update Log Streams",
"delete:log_streams": "Delete Log Streams",
"read:logs": "Read Logs",
"read:logs_users": "Read Logs Users",
"read:mfa_policies": "Read Mfa Policies",
"update:mfa_policies": "Update Mfa Policies",
"create:network_acls": "Create Network Acls",
"read:network_acls": "Read Network Acls",
"update:network_acls": "Update Network Acls",
"delete:network_acls": "Delete Network Acls",
"create:organization_client_grants": "Create Organization Client Grants",
"read:organization_client_grants": "Read Organization Client Grants",
"delete:organization_client_grants": "Delete Organization Client Grants",
"create:organization_connections": "Create Organization Connections",
"read:organization_connections": "Read Organization Connections",
"update:organization_connections": "Update Organization Connections",
"delete:organization_connections": "Delete Organization Connections",
"create:organization_discovery_domains": "Create Organization Discovery Domains",
"read:organization_discovery_domains": "Read Organization Discovery Domains",
"update:organization_discovery_domains": "Update Organization Discovery Domains",
"delete:organization_discovery_domains": "Delete Organization Discovery Domains",
"create:organization_invitations": "Create Organization Invitations",
"read:organization_invitations": "Read Organization Invitations",
"delete:organization_invitations": "Delete Organization Invitations",
"create:organization_member_roles": "Create Organization Member Roles",
"read:organization_member_roles": "Read Organization Member Roles",
"delete:organization_member_roles": "Delete Organization Member Roles",
"create:organization_members": "Create Organization Members",
"read:organization_members": "Read Organization Members",
"delete:organization_members": "Delete Organization Members",
"create:organizations": "Create Organizations",
"read:organizations": "Read Organizations",
"update:organizations": "Update Organizations",
"delete:organizations": "Delete Organizations",
"read:organizations_summary": "Read Organizations Summary",
"create:phone_providers": "Create Phone Providers",
"read:phone_providers": "Read Phone Providers",
"update:phone_providers": "Update Phone Providers",
"delete:phone_providers": "Delete Phone Providers",
"create:phone_templates": "Create Phone Templates",
"read:phone_templates": "Read Phone Templates",
"update:phone_templates": "Update Phone Templates",
"delete:phone_templates": "Delete Phone Templates",
"read:prompts": "Read Prompts",
"update:prompts": "Update Prompts",
"read:refresh_tokens": "Read Refresh Tokens",
"update:refresh_tokens": "Update Refresh Tokens",
"delete:refresh_tokens": "Delete Refresh Tokens",
"create:resource_servers": "Create Resource Servers",
"read:resource_servers": "Read Resource Servers",
"update:resource_servers": "Update Resource Servers",
"delete:resource_servers": "Delete Resource Servers",
"create:role_members": "Create Role Members",
"read:role_members": "Read Role Members",
"delete:role_members": "Delete Role Members",
"create:roles": "Create Roles",
"read:roles": "Read Roles",
"update:roles": "Update Roles",
"delete:roles": "Delete Roles",
"create:rules": "Create Rules",
"read:rules": "Read Rules",
"update:rules": "Update Rules",
"delete:rules": "Delete Rules",
"read:rules_configs": "Read Rules Configs",
"update:rules_configs": "Update Rules Configs",
"delete:rules_configs": "Delete Rules Configs",
"create:scim_config": "Create Scim Config",
"read:scim_config": "Read Scim Config",
"update:scim_config": "Update Scim Config",
"delete:scim_config": "Delete Scim Config",
"create:scim_token": "Create Scim Token",
"read:scim_token": "Read Scim Token",
"delete:scim_token": "Delete Scim Token",
"read:self_service_profile_custom_texts": "Read Self Service Profile Custom Texts",
"update:self_service_profile_custom_texts": "Update Self Service Profile Custom Texts",
"create:self_service_profiles": "Create Self Service Profiles",
"read:self_service_profiles": "Read Self Service Profiles",
"update:self_service_profiles": "Update Self Service Profiles",
"delete:self_service_profiles": "Delete Self Service Profiles",
"read:sessions": "Read Sessions",
"update:sessions": "Update Sessions",
"delete:sessions": "Delete Sessions",
"create:signing_keys": "Create Signing Keys",
"read:signing_keys": "Read Signing Keys",
"update:signing_keys": "Update Signing Keys",
"create:sso_access_tickets": "Create Sso Access Tickets",
"delete:sso_access_tickets": "Delete Sso Access Tickets",
"read:stats": "Read Stats",
"read:tenant_settings": "Read Tenant Settings",
"update:tenant_settings": "Update Tenant Settings",
"create:token_exchange_profiles": "Create Token Exchange Profiles",
"read:token_exchange_profiles": "Read Token Exchange Profiles",
"update:token_exchange_profiles": "Update Token Exchange Profiles",
"delete:token_exchange_profiles": "Delete Token Exchange Profiles",
"create:user_attribute_profiles": "Create User Attribute Profiles",
"read:user_attribute_profiles": "Read User Attribute Profiles",
"update:user_attribute_profiles": "Update User Attribute Profiles",
"delete:user_attribute_profiles": "Delete User Attribute Profiles",
"read:user_idp_tokens": "Read User Idp Tokens",
"create:user_tickets": "Create User Tickets",
"create:users": "Create Users",
"read:users": "Read Users",
"update:users": "Update Users",
"delete:users": "Delete Users",
"update:users_app_metadata": "Update Users App Metadata",
"create:vdcs_templates": "Create Vdcs Templates",
"read:vdcs_templates": "Read Vdcs Templates",
"update:vdcs_templates": "Update Vdcs Templates",
"delete:vdcs_templates": "Delete Vdcs Templates"
}
}
}
}
}
}
}