Skip to main content

API Browser

authentik (2024.4.4)

Download OpenAPI specification:Download

E-mail: hello@goauthentik.io License: MIT

Making authentication simple.

admin

admin_apps_list

Read-only view list all installed apps

Authorizations:
authentik

Responses

Response samples

Content type
application/json
[
  • {
    }
]

admin_metrics_retrieve

Login Metrics per 1h

Authorizations:
authentik

Responses

Response samples

Content type
application/json
{
  • "logins": [
    ],
  • "logins_failed": [
    ],
  • "authorizations": [
    ]
}

admin_models_list

Read-only view list all installed models

Authorizations:
authentik

Responses

Response samples

Content type
application/json
[
  • {
    }
]

admin_settings_retrieve

Settings view

Authorizations:
authentik

Responses

Response samples

Content type
application/json
{
  • "avatars": "string",
  • "default_user_change_name": true,
  • "default_user_change_email": true,
  • "default_user_change_username": true,
  • "event_retention": "string",
  • "footer_links": null,
  • "gdpr_compliance": true,
  • "impersonation": true,
  • "default_token_duration": "string",
  • "default_token_length": 1
}

admin_settings_update

Settings view

Authorizations:
authentik
Request Body schema: application/json
avatars
string non-empty

Configure how authentik should show avatars for users.

default_user_change_name
boolean

Enable the ability for users to change their name.

default_user_change_email
boolean

Enable the ability for users to change their email address.

default_user_change_username
boolean

Enable the ability for users to change their username.

event_retention
string non-empty

Events will be deleted after this duration.(Format: weeks=3;days=2;hours=3,seconds=2).

footer_links
any

The option configures the footer links on the flow executor pages.

gdpr_compliance
boolean

When enabled, all the events caused by a user will be deleted upon the user's deletion.

impersonation
boolean

Globally enable/disable impersonation.

default_token_duration
string non-empty

Default token duration

default_token_length
integer [ 1 .. 2147483647 ]

Default token length

Responses

Request samples

Content type
application/json
{
  • "avatars": "string",
  • "default_user_change_name": true,
  • "default_user_change_email": true,
  • "default_user_change_username": true,
  • "event_retention": "string",
  • "footer_links": null,
  • "gdpr_compliance": true,
  • "impersonation": true,
  • "default_token_duration": "string",
  • "default_token_length": 1
}

Response samples

Content type
application/json
{
  • "avatars": "string",
  • "default_user_change_name": true,
  • "default_user_change_email": true,
  • "default_user_change_username": true,
  • "event_retention": "string",
  • "footer_links": null,
  • "gdpr_compliance": true,
  • "impersonation": true,
  • "default_token_duration": "string",
  • "default_token_length": 1
}

admin_settings_partial_update

Settings view

Authorizations:
authentik
Request Body schema: application/json
avatars
string non-empty

Configure how authentik should show avatars for users.

default_user_change_name
boolean

Enable the ability for users to change their name.

default_user_change_email
boolean

Enable the ability for users to change their email address.

default_user_change_username
boolean

Enable the ability for users to change their username.

event_retention
string non-empty

Events will be deleted after this duration.(Format: weeks=3;days=2;hours=3,seconds=2).

footer_links
any

The option configures the footer links on the flow executor pages.

gdpr_compliance
boolean

When enabled, all the events caused by a user will be deleted upon the user's deletion.

impersonation
boolean

Globally enable/disable impersonation.

default_token_duration
string non-empty

Default token duration

default_token_length
integer [ 1 .. 2147483647 ]

Default token length

Responses

Request samples

Content type
application/json
{
  • "avatars": "string",
  • "default_user_change_name": true,
  • "default_user_change_email": true,
  • "default_user_change_username": true,
  • "event_retention": "string",
  • "footer_links": null,
  • "gdpr_compliance": true,
  • "impersonation": true,
  • "default_token_duration": "string",
  • "default_token_length": 1
}

Response samples

Content type
application/json
{
  • "avatars": "string",
  • "default_user_change_name": true,
  • "default_user_change_email": true,
  • "default_user_change_username": true,
  • "event_retention": "string",
  • "footer_links": null,
  • "gdpr_compliance": true,
  • "impersonation": true,
  • "default_token_duration": "string",
  • "default_token_length": 1
}

admin_system_retrieve

Get system information.

Authorizations:
authentik

Responses

Response samples

Content type
application/json
{
  • "http_headers": {
    },
  • "http_host": "string",
  • "http_is_secure": true,
  • "runtime": {
    },
  • "brand": "string",
  • "server_time": "2019-08-24T14:15:22Z",
  • "embedded_outpost_disabled": true,
  • "embedded_outpost_host": "string"
}

admin_system_create

Get system information.

Authorizations:
authentik

Responses

Response samples

Content type
application/json
{
  • "http_headers": {
    },
  • "http_host": "string",
  • "http_is_secure": true,
  • "runtime": {
    },
  • "brand": "string",
  • "server_time": "2019-08-24T14:15:22Z",
  • "embedded_outpost_disabled": true,
  • "embedded_outpost_host": "string"
}

admin_version_retrieve

Get running and latest version.

Authorizations:
authentik

Responses

Response samples

Content type
application/json
{
  • "version_current": "string",
  • "version_latest": "string",
  • "version_latest_valid": true,
  • "build_hash": "string",
  • "outdated": true
}

admin_workers_retrieve

Get currently connected worker count.

Authorizations:
authentik

Responses

Response samples

Content type
application/json
{
  • "count": 0
}

authenticators

authenticators_admin_all_list

Get all devices for current user

Authorizations:
authentik
query Parameters
user
integer

Responses

Response samples

Content type
application/json
[
  • {
    }
]

authenticators_admin_duo_list

Viewset for Duo authenticator devices (for admins)

Authorizations:
authentik
query Parameters
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

authenticators_admin_duo_create

Viewset for Duo authenticator devices (for admins)

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string [ 1 .. 64 ] characters

The human-readable name of this device.

Responses

Request samples

Content type
application/json
{
  • "name": "string"
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string"
}

authenticators_admin_duo_retrieve

Viewset for Duo authenticator devices (for admins)

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this Duo Device.

Responses

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string"
}

authenticators_admin_duo_update

Viewset for Duo authenticator devices (for admins)

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this Duo Device.

Request Body schema: application/json
required
name
required
string [ 1 .. 64 ] characters

The human-readable name of this device.

Responses

Request samples

Content type
application/json
{
  • "name": "string"
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string"
}

authenticators_admin_duo_partial_update

Viewset for Duo authenticator devices (for admins)

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this Duo Device.

Request Body schema: application/json
name
string [ 1 .. 64 ] characters

The human-readable name of this device.

Responses

Request samples

Content type
application/json
{
  • "name": "string"
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string"
}

authenticators_admin_duo_destroy

Viewset for Duo authenticator devices (for admins)

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this Duo Device.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

authenticators_admin_sms_list

Viewset for sms authenticator devices (for admins)

Authorizations:
authentik
query Parameters
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

authenticators_admin_sms_create

Viewset for sms authenticator devices (for admins)

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string [ 1 .. 64 ] characters

The human-readable name of this device.

Responses

Request samples

Content type
application/json
{
  • "name": "string"
}

Response samples

Content type
application/json
{
  • "name": "string",
  • "pk": 0,
  • "phone_number": "string"
}

authenticators_admin_sms_retrieve

Viewset for sms authenticator devices (for admins)

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this SMS Device.

Responses

Response samples

Content type
application/json
{
  • "name": "string",
  • "pk": 0,
  • "phone_number": "string"
}

authenticators_admin_sms_update

Viewset for sms authenticator devices (for admins)

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this SMS Device.

Request Body schema: application/json
required
name
required
string [ 1 .. 64 ] characters

The human-readable name of this device.

Responses

Request samples

Content type
application/json
{
  • "name": "string"
}

Response samples

Content type
application/json
{
  • "name": "string",
  • "pk": 0,
  • "phone_number": "string"
}

authenticators_admin_sms_partial_update

Viewset for sms authenticator devices (for admins)

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this SMS Device.

Request Body schema: application/json
name
string [ 1 .. 64 ] characters

The human-readable name of this device.

Responses

Request samples

Content type
application/json
{
  • "name": "string"
}

Response samples

Content type
application/json
{
  • "name": "string",
  • "pk": 0,
  • "phone_number": "string"
}

authenticators_admin_sms_destroy

Viewset for sms authenticator devices (for admins)

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this SMS Device.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

authenticators_admin_static_list

Viewset for static authenticator devices (for admins)

Authorizations:
authentik
query Parameters
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

authenticators_admin_static_create

Viewset for static authenticator devices (for admins)

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string [ 1 .. 64 ] characters

The human-readable name of this device.

Responses

Request samples

Content type
application/json
{
  • "name": "string"
}

Response samples

Content type
application/json
{
  • "name": "string",
  • "token_set": [
    ],
  • "pk": 0
}

authenticators_admin_static_retrieve

Viewset for static authenticator devices (for admins)

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this Static Device.

Responses

Response samples

Content type
application/json
{
  • "name": "string",
  • "token_set": [
    ],
  • "pk": 0
}

authenticators_admin_static_update

Viewset for static authenticator devices (for admins)

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this Static Device.

Request Body schema: application/json
required
name
required
string [ 1 .. 64 ] characters

The human-readable name of this device.

Responses

Request samples

Content type
application/json
{
  • "name": "string"
}

Response samples

Content type
application/json
{
  • "name": "string",
  • "token_set": [
    ],
  • "pk": 0
}

authenticators_admin_static_partial_update

Viewset for static authenticator devices (for admins)

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this Static Device.

Request Body schema: application/json
name
string [ 1 .. 64 ] characters

The human-readable name of this device.

Responses

Request samples

Content type
application/json
{
  • "name": "string"
}

Response samples

Content type
application/json
{
  • "name": "string",
  • "token_set": [
    ],
  • "pk": 0
}

authenticators_admin_static_destroy

Viewset for static authenticator devices (for admins)

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this Static Device.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

authenticators_admin_totp_list

Viewset for totp authenticator devices (for admins)

Authorizations:
authentik
query Parameters
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

authenticators_admin_totp_create

Viewset for totp authenticator devices (for admins)

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string [ 1 .. 64 ] characters

The human-readable name of this device.

Responses

Request samples

Content type
application/json
{
  • "name": "string"
}

Response samples

Content type
application/json
{
  • "name": "string",
  • "pk": 0
}

authenticators_admin_totp_retrieve

Viewset for totp authenticator devices (for admins)

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this TOTP Device.

Responses

Response samples

Content type
application/json
{
  • "name": "string",
  • "pk": 0
}

authenticators_admin_totp_update

Viewset for totp authenticator devices (for admins)

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this TOTP Device.

Request Body schema: application/json
required
name
required
string [ 1 .. 64 ] characters

The human-readable name of this device.

Responses

Request samples

Content type
application/json
{
  • "name": "string"
}

Response samples

Content type
application/json
{
  • "name": "string",
  • "pk": 0
}

authenticators_admin_totp_partial_update

Viewset for totp authenticator devices (for admins)

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this TOTP Device.

Request Body schema: application/json
name
string [ 1 .. 64 ] characters

The human-readable name of this device.

Responses

Request samples

Content type
application/json
{
  • "name": "string"
}

Response samples

Content type
application/json
{
  • "name": "string",
  • "pk": 0
}

authenticators_admin_totp_destroy

Viewset for totp authenticator devices (for admins)

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this TOTP Device.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

authenticators_admin_webauthn_list

Viewset for WebAuthn authenticator devices (for admins)

Authorizations:
authentik
query Parameters
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

authenticators_admin_webauthn_create

Viewset for WebAuthn authenticator devices (for admins)

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string [ 1 .. 200 ] characters

Responses

Request samples

Content type
application/json
{
  • "name": "string"
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "created_on": "2019-08-24T14:15:22Z",
  • "device_type": {
    },
  • "aaguid": "string"
}

authenticators_admin_webauthn_retrieve

Viewset for WebAuthn authenticator devices (for admins)

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this WebAuthn Device.

Responses

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "created_on": "2019-08-24T14:15:22Z",
  • "device_type": {
    },
  • "aaguid": "string"
}

authenticators_admin_webauthn_update

Viewset for WebAuthn authenticator devices (for admins)

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this WebAuthn Device.

Request Body schema: application/json
required
name
required
string [ 1 .. 200 ] characters

Responses

Request samples

Content type
application/json
{
  • "name": "string"
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "created_on": "2019-08-24T14:15:22Z",
  • "device_type": {
    },
  • "aaguid": "string"
}

authenticators_admin_webauthn_partial_update

Viewset for WebAuthn authenticator devices (for admins)

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this WebAuthn Device.

Request Body schema: application/json
name
string [ 1 .. 200 ] characters

Responses

Request samples

Content type
application/json
{
  • "name": "string"
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "created_on": "2019-08-24T14:15:22Z",
  • "device_type": {
    },
  • "aaguid": "string"
}

authenticators_admin_webauthn_destroy

Viewset for WebAuthn authenticator devices (for admins)

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this WebAuthn Device.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

authenticators_all_list

Get all devices for current user

Authorizations:
authentik

Responses

Response samples

Content type
application/json
[
  • {
    }
]

authenticators_duo_list

Viewset for Duo authenticator devices

Authorizations:
authentik
query Parameters
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

authenticators_duo_retrieve

Viewset for Duo authenticator devices

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this Duo Device.

Responses

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string"
}

authenticators_duo_update

Viewset for Duo authenticator devices

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this Duo Device.

Request Body schema: application/json
required
name
required
string [ 1 .. 64 ] characters

The human-readable name of this device.

Responses

Request samples

Content type
application/json
{
  • "name": "string"
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string"
}

authenticators_duo_partial_update

Viewset for Duo authenticator devices

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this Duo Device.

Request Body schema: application/json
name
string [ 1 .. 64 ] characters

The human-readable name of this device.

Responses

Request samples

Content type
application/json
{
  • "name": "string"
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string"
}

authenticators_duo_destroy

Viewset for Duo authenticator devices

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this Duo Device.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

authenticators_duo_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this Duo Device.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

authenticators_sms_list

Viewset for sms authenticator devices

Authorizations:
authentik
query Parameters
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

authenticators_sms_retrieve

Viewset for sms authenticator devices

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this SMS Device.

Responses

Response samples

Content type
application/json
{
  • "name": "string",
  • "pk": 0,
  • "phone_number": "string"
}

authenticators_sms_update

Viewset for sms authenticator devices

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this SMS Device.

Request Body schema: application/json
required
name
required
string [ 1 .. 64 ] characters

The human-readable name of this device.

Responses

Request samples

Content type
application/json
{
  • "name": "string"
}

Response samples

Content type
application/json
{
  • "name": "string",
  • "pk": 0,
  • "phone_number": "string"
}

authenticators_sms_partial_update

Viewset for sms authenticator devices

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this SMS Device.

Request Body schema: application/json
name
string [ 1 .. 64 ] characters

The human-readable name of this device.

Responses

Request samples

Content type
application/json
{
  • "name": "string"
}

Response samples

Content type
application/json
{
  • "name": "string",
  • "pk": 0,
  • "phone_number": "string"
}

authenticators_sms_destroy

Viewset for sms authenticator devices

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this SMS Device.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

authenticators_sms_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this SMS Device.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

authenticators_static_list

Viewset for static authenticator devices

Authorizations:
authentik
query Parameters
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

authenticators_static_retrieve

Viewset for static authenticator devices

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this Static Device.

Responses

Response samples

Content type
application/json
{
  • "name": "string",
  • "token_set": [
    ],
  • "pk": 0
}

authenticators_static_update

Viewset for static authenticator devices

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this Static Device.

Request Body schema: application/json
required
name
required
string [ 1 .. 64 ] characters

The human-readable name of this device.

Responses

Request samples

Content type
application/json
{
  • "name": "string"
}

Response samples

Content type
application/json
{
  • "name": "string",
  • "token_set": [
    ],
  • "pk": 0
}

authenticators_static_partial_update

Viewset for static authenticator devices

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this Static Device.

Request Body schema: application/json
name
string [ 1 .. 64 ] characters

The human-readable name of this device.

Responses

Request samples

Content type
application/json
{
  • "name": "string"
}

Response samples

Content type
application/json
{
  • "name": "string",
  • "token_set": [
    ],
  • "pk": 0
}

authenticators_static_destroy

Viewset for static authenticator devices

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this Static Device.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

authenticators_static_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this Static Device.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

authenticators_totp_list

Viewset for totp authenticator devices

Authorizations:
authentik
query Parameters
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

authenticators_totp_retrieve

Viewset for totp authenticator devices

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this TOTP Device.

Responses

Response samples

Content type
application/json
{
  • "name": "string",
  • "pk": 0
}

authenticators_totp_update

Viewset for totp authenticator devices

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this TOTP Device.

Request Body schema: application/json
required
name
required
string [ 1 .. 64 ] characters

The human-readable name of this device.

Responses

Request samples

Content type
application/json
{
  • "name": "string"
}

Response samples

Content type
application/json
{
  • "name": "string",
  • "pk": 0
}

authenticators_totp_partial_update

Viewset for totp authenticator devices

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this TOTP Device.

Request Body schema: application/json
name
string [ 1 .. 64 ] characters

The human-readable name of this device.

Responses

Request samples

Content type
application/json
{
  • "name": "string"
}

Response samples

Content type
application/json
{
  • "name": "string",
  • "pk": 0
}

authenticators_totp_destroy

Viewset for totp authenticator devices

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this TOTP Device.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

authenticators_totp_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this TOTP Device.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

authenticators_webauthn_list

Viewset for WebAuthn authenticator devices

Authorizations:
authentik
query Parameters
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

authenticators_webauthn_retrieve

Viewset for WebAuthn authenticator devices

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this WebAuthn Device.

Responses

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "created_on": "2019-08-24T14:15:22Z",
  • "device_type": {
    },
  • "aaguid": "string"
}

authenticators_webauthn_update

Viewset for WebAuthn authenticator devices

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this WebAuthn Device.

Request Body schema: application/json
required
name
required
string [ 1 .. 200 ] characters

Responses

Request samples

Content type
application/json
{
  • "name": "string"
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "created_on": "2019-08-24T14:15:22Z",
  • "device_type": {
    },
  • "aaguid": "string"
}

authenticators_webauthn_partial_update

Viewset for WebAuthn authenticator devices

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this WebAuthn Device.

Request Body schema: application/json
name
string [ 1 .. 200 ] characters

Responses

Request samples

Content type
application/json
{
  • "name": "string"
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "created_on": "2019-08-24T14:15:22Z",
  • "device_type": {
    },
  • "aaguid": "string"
}

authenticators_webauthn_destroy

Viewset for WebAuthn authenticator devices

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this WebAuthn Device.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

authenticators_webauthn_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this WebAuthn Device.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

core

core_applications_list

Custom list method that checks Policy based access instead of guardian

Authorizations:
authentik
query Parameters
for_user
integer
group
string
meta_description
string
meta_launch_url
string
meta_publisher
string
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

slug
string
superuser_full_list
boolean

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

core_applications_create

Application Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty

Application's display Name.

slug
required
string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$

Internal application name, used in URLs.

provider
integer or null
backchannel_providers
Array of integers
open_in_new_tab
boolean

Open launch URL in a new browser tab or window.

meta_launch_url
string <uri>
meta_description
string
meta_publisher
string
policy_engine_mode
string (PolicyEngineMode)
Enum: "all" "any"
group
string

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "slug": "string",
  • "provider": 0,
  • "backchannel_providers": [
    ],
  • "open_in_new_tab": true,
  • "meta_launch_url": "http://example.com",
  • "meta_description": "string",
  • "meta_publisher": "string",
  • "policy_engine_mode": "all",
  • "group": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "slug": "string",
  • "provider": 0,
  • "provider_obj": {
    },
  • "backchannel_providers": [
    ],
  • "backchannel_providers_obj": [
    ],
  • "launch_url": "string",
  • "open_in_new_tab": true,
  • "meta_launch_url": "http://example.com",
  • "meta_icon": "string",
  • "meta_description": "string",
  • "meta_publisher": "string",
  • "policy_engine_mode": "all",
  • "group": "string"
}

core_applications_retrieve

Application Viewset

Authorizations:
authentik
path Parameters
slug
required
string

Internal application name, used in URLs.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "slug": "string",
  • "provider": 0,
  • "provider_obj": {
    },
  • "backchannel_providers": [
    ],
  • "backchannel_providers_obj": [
    ],
  • "launch_url": "string",
  • "open_in_new_tab": true,
  • "meta_launch_url": "http://example.com",
  • "meta_icon": "string",
  • "meta_description": "string",
  • "meta_publisher": "string",
  • "policy_engine_mode": "all",
  • "group": "string"
}

core_applications_update

Application Viewset

Authorizations:
authentik
path Parameters
slug
required
string

Internal application name, used in URLs.

Request Body schema: application/json
required
name
required
string non-empty

Application's display Name.

slug
required
string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$

Internal application name, used in URLs.

provider
integer or null
backchannel_providers
Array of integers
open_in_new_tab
boolean

Open launch URL in a new browser tab or window.

meta_launch_url
string <uri>
meta_description
string
meta_publisher
string
policy_engine_mode
string (PolicyEngineMode)
Enum: "all" "any"
group
string

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "slug": "string",
  • "provider": 0,
  • "backchannel_providers": [
    ],
  • "open_in_new_tab": true,
  • "meta_launch_url": "http://example.com",
  • "meta_description": "string",
  • "meta_publisher": "string",
  • "policy_engine_mode": "all",
  • "group": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "slug": "string",
  • "provider": 0,
  • "provider_obj": {
    },
  • "backchannel_providers": [
    ],
  • "backchannel_providers_obj": [
    ],
  • "launch_url": "string",
  • "open_in_new_tab": true,
  • "meta_launch_url": "http://example.com",
  • "meta_icon": "string",
  • "meta_description": "string",
  • "meta_publisher": "string",
  • "policy_engine_mode": "all",
  • "group": "string"
}

core_applications_partial_update

Application Viewset

Authorizations:
authentik
path Parameters
slug
required
string

Internal application name, used in URLs.

Request Body schema: application/json
name
string non-empty

Application's display Name.

slug
string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$

Internal application name, used in URLs.

provider
integer or null
backchannel_providers
Array of integers
open_in_new_tab
boolean

Open launch URL in a new browser tab or window.

meta_launch_url
string <uri>
meta_description
string
meta_publisher
string
policy_engine_mode
string (PolicyEngineMode)
Enum: "all" "any"
group
string

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "slug": "string",
  • "provider": 0,
  • "backchannel_providers": [
    ],
  • "open_in_new_tab": true,
  • "meta_launch_url": "http://example.com",
  • "meta_description": "string",
  • "meta_publisher": "string",
  • "policy_engine_mode": "all",
  • "group": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "slug": "string",
  • "provider": 0,
  • "provider_obj": {
    },
  • "backchannel_providers": [
    ],
  • "backchannel_providers_obj": [
    ],
  • "launch_url": "string",
  • "open_in_new_tab": true,
  • "meta_launch_url": "http://example.com",
  • "meta_icon": "string",
  • "meta_description": "string",
  • "meta_publisher": "string",
  • "policy_engine_mode": "all",
  • "group": "string"
}

core_applications_destroy

Application Viewset

Authorizations:
authentik
path Parameters
slug
required
string

Internal application name, used in URLs.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

core_applications_check_access_retrieve

Check access to a single application by slug

Authorizations:
authentik
path Parameters
slug
required
string

Internal application name, used in URLs.

query Parameters
for_user
integer

Responses

Response samples

Content type
application/json
{
  • "passing": true,
  • "messages": [
    ],
  • "log_messages": [
    ]
}

core_applications_metrics_list

Metrics for application logins

Authorizations:
authentik
path Parameters
slug
required
string

Internal application name, used in URLs.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

core_applications_set_icon_create

Set application icon

Authorizations:
authentik
path Parameters
slug
required
string

Internal application name, used in URLs.

Request Body schema: multipart/form-data
file
string <binary>
clear
boolean
Default: false

Responses

Response samples

Content type
application/json
{
  • "detail": "string",
  • "code": "string"
}

core_applications_set_icon_url_create

Set application icon (as URL)

Authorizations:
authentik
path Parameters
slug
required
string

Internal application name, used in URLs.

Request Body schema: application/json
required
url
required
string non-empty

Responses

Request samples

Content type
application/json
{
  • "url": "string"
}

Response samples

Content type
application/json
{
  • "detail": "string",
  • "code": "string"
}

core_applications_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
slug
required
string

Internal application name, used in URLs.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

core_authenticated_sessions_list

AuthenticatedSession Viewset

Authorizations:
authentik
query Parameters
last_ip
string
last_user_agent
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

user__username
string

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

core_authenticated_sessions_retrieve

AuthenticatedSession Viewset

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Authenticated Session.

Responses

Response samples

Content type
application/json
{
  • "uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f",
  • "current": true,
  • "user_agent": {
    },
  • "geo_ip": {
    },
  • "asn": {
    },
  • "user": 0,
  • "last_ip": "string",
  • "last_user_agent": "string",
  • "last_used": "2019-08-24T14:15:22Z",
  • "expires": "2019-08-24T14:15:22Z"
}

core_authenticated_sessions_destroy

AuthenticatedSession Viewset

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Authenticated Session.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

core_authenticated_sessions_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Authenticated Session.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

core_brands_list

Brand Viewset

Authorizations:
authentik
query Parameters
brand_uuid
string <uuid>
branding_favicon
string
branding_logo
string
branding_title
string
default
boolean
domain
string
flow_authentication
string <uuid>
flow_device_code
string <uuid>
flow_invalidation
string <uuid>
flow_recovery
string <uuid>
flow_unenrollment
string <uuid>
flow_user_settings
string <uuid>
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

web_certificate
string <uuid>

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

core_brands_create

Brand Viewset

Authorizations:
authentik
Request Body schema: application/json
required
domain
required
string non-empty

Domain that activates this brand. Can be a superset, i.e. a.b for aa.b and ba.b

default
boolean
branding_title
string non-empty
branding_logo
string non-empty
branding_favicon
string non-empty
flow_authentication
string or null <uuid>
flow_invalidation
string or null <uuid>
flow_recovery
string or null <uuid>
flow_unenrollment
string or null <uuid>
flow_user_settings
string or null <uuid>
flow_device_code
string or null <uuid>
web_certificate
string or null <uuid>

Web Certificate used by the authentik Core webserver.

attributes
any

Responses

Request samples

Content type
application/json
{
  • "domain": "string",
  • "default": true,
  • "branding_title": "string",
  • "branding_logo": "string",
  • "branding_favicon": "string",
  • "flow_authentication": "1ad204c6-64ed-4148-88d3-2c349124578b",
  • "flow_invalidation": "205c8147-903b-44bb-85e1-35de3cbc64a1",
  • "flow_recovery": "88f38245-c03d-49bd-8648-bcbdec3a3b20",
  • "flow_unenrollment": "3ebb01c8-3633-48f7-8455-78e343470248",
  • "flow_user_settings": "791d2034-5fea-479f-b369-1c8dbaaacaef",
  • "flow_device_code": "9a66effa-a041-4736-ba23-30fc6acc1aa0",
  • "web_certificate": "797a487b-f516-4568-8e75-3bbca477e2a3",
  • "attributes": null
}

Response samples

Content type
application/json
{
  • "brand_uuid": "609591e0-6f26-457f-b94a-6b6e0ada8cbd",
  • "domain": "string",
  • "default": true,
  • "branding_title": "string",
  • "branding_logo": "string",
  • "branding_favicon": "string",
  • "flow_authentication": "1ad204c6-64ed-4148-88d3-2c349124578b",
  • "flow_invalidation": "205c8147-903b-44bb-85e1-35de3cbc64a1",
  • "flow_recovery": "88f38245-c03d-49bd-8648-bcbdec3a3b20",
  • "flow_unenrollment": "3ebb01c8-3633-48f7-8455-78e343470248",
  • "flow_user_settings": "791d2034-5fea-479f-b369-1c8dbaaacaef",
  • "flow_device_code": "9a66effa-a041-4736-ba23-30fc6acc1aa0",
  • "web_certificate": "797a487b-f516-4568-8e75-3bbca477e2a3",
  • "attributes": null
}

core_brands_retrieve

Brand Viewset

Authorizations:
authentik
path Parameters
brand_uuid
required
string <uuid>

A UUID string identifying this Brand.

Responses

Response samples

Content type
application/json
{
  • "brand_uuid": "609591e0-6f26-457f-b94a-6b6e0ada8cbd",
  • "domain": "string",
  • "default": true,
  • "branding_title": "string",
  • "branding_logo": "string",
  • "branding_favicon": "string",
  • "flow_authentication": "1ad204c6-64ed-4148-88d3-2c349124578b",
  • "flow_invalidation": "205c8147-903b-44bb-85e1-35de3cbc64a1",
  • "flow_recovery": "88f38245-c03d-49bd-8648-bcbdec3a3b20",
  • "flow_unenrollment": "3ebb01c8-3633-48f7-8455-78e343470248",
  • "flow_user_settings": "791d2034-5fea-479f-b369-1c8dbaaacaef",
  • "flow_device_code": "9a66effa-a041-4736-ba23-30fc6acc1aa0",
  • "web_certificate": "797a487b-f516-4568-8e75-3bbca477e2a3",
  • "attributes": null
}

core_brands_update

Brand Viewset

Authorizations:
authentik
path Parameters
brand_uuid
required
string <uuid>

A UUID string identifying this Brand.

Request Body schema: application/json
required
domain
required
string non-empty

Domain that activates this brand. Can be a superset, i.e. a.b for aa.b and ba.b

default
boolean
branding_title
string non-empty
branding_logo
string non-empty
branding_favicon
string non-empty
flow_authentication
string or null <uuid>
flow_invalidation
string or null <uuid>
flow_recovery
string or null <uuid>
flow_unenrollment
string or null <uuid>
flow_user_settings
string or null <uuid>
flow_device_code
string or null <uuid>
web_certificate
string or null <uuid>

Web Certificate used by the authentik Core webserver.

attributes
any

Responses

Request samples

Content type
application/json
{
  • "domain": "string",
  • "default": true,
  • "branding_title": "string",
  • "branding_logo": "string",
  • "branding_favicon": "string",
  • "flow_authentication": "1ad204c6-64ed-4148-88d3-2c349124578b",
  • "flow_invalidation": "205c8147-903b-44bb-85e1-35de3cbc64a1",
  • "flow_recovery": "88f38245-c03d-49bd-8648-bcbdec3a3b20",
  • "flow_unenrollment": "3ebb01c8-3633-48f7-8455-78e343470248",
  • "flow_user_settings": "791d2034-5fea-479f-b369-1c8dbaaacaef",
  • "flow_device_code": "9a66effa-a041-4736-ba23-30fc6acc1aa0",
  • "web_certificate": "797a487b-f516-4568-8e75-3bbca477e2a3",
  • "attributes": null
}

Response samples

Content type
application/json
{
  • "brand_uuid": "609591e0-6f26-457f-b94a-6b6e0ada8cbd",
  • "domain": "string",
  • "default": true,
  • "branding_title": "string",
  • "branding_logo": "string",
  • "branding_favicon": "string",
  • "flow_authentication": "1ad204c6-64ed-4148-88d3-2c349124578b",
  • "flow_invalidation": "205c8147-903b-44bb-85e1-35de3cbc64a1",
  • "flow_recovery": "88f38245-c03d-49bd-8648-bcbdec3a3b20",
  • "flow_unenrollment": "3ebb01c8-3633-48f7-8455-78e343470248",
  • "flow_user_settings": "791d2034-5fea-479f-b369-1c8dbaaacaef",
  • "flow_device_code": "9a66effa-a041-4736-ba23-30fc6acc1aa0",
  • "web_certificate": "797a487b-f516-4568-8e75-3bbca477e2a3",
  • "attributes": null
}

core_brands_partial_update

Brand Viewset

Authorizations:
authentik
path Parameters
brand_uuid
required
string <uuid>

A UUID string identifying this Brand.

Request Body schema: application/json
domain
string non-empty

Domain that activates this brand. Can be a superset, i.e. a.b for aa.b and ba.b

default
boolean
branding_title
string non-empty
branding_logo
string non-empty
branding_favicon
string non-empty
flow_authentication
string or null <uuid>
flow_invalidation
string or null <uuid>
flow_recovery
string or null <uuid>
flow_unenrollment
string or null <uuid>
flow_user_settings
string or null <uuid>
flow_device_code
string or null <uuid>
web_certificate
string or null <uuid>

Web Certificate used by the authentik Core webserver.

attributes
any

Responses

Request samples

Content type
application/json
{
  • "domain": "string",
  • "default": true,
  • "branding_title": "string",
  • "branding_logo": "string",
  • "branding_favicon": "string",
  • "flow_authentication": "1ad204c6-64ed-4148-88d3-2c349124578b",
  • "flow_invalidation": "205c8147-903b-44bb-85e1-35de3cbc64a1",
  • "flow_recovery": "88f38245-c03d-49bd-8648-bcbdec3a3b20",
  • "flow_unenrollment": "3ebb01c8-3633-48f7-8455-78e343470248",
  • "flow_user_settings": "791d2034-5fea-479f-b369-1c8dbaaacaef",
  • "flow_device_code": "9a66effa-a041-4736-ba23-30fc6acc1aa0",
  • "web_certificate": "797a487b-f516-4568-8e75-3bbca477e2a3",
  • "attributes": null
}

Response samples

Content type
application/json
{
  • "brand_uuid": "609591e0-6f26-457f-b94a-6b6e0ada8cbd",
  • "domain": "string",
  • "default": true,
  • "branding_title": "string",
  • "branding_logo": "string",
  • "branding_favicon": "string",
  • "flow_authentication": "1ad204c6-64ed-4148-88d3-2c349124578b",
  • "flow_invalidation": "205c8147-903b-44bb-85e1-35de3cbc64a1",
  • "flow_recovery": "88f38245-c03d-49bd-8648-bcbdec3a3b20",
  • "flow_unenrollment": "3ebb01c8-3633-48f7-8455-78e343470248",
  • "flow_user_settings": "791d2034-5fea-479f-b369-1c8dbaaacaef",
  • "flow_device_code": "9a66effa-a041-4736-ba23-30fc6acc1aa0",
  • "web_certificate": "797a487b-f516-4568-8e75-3bbca477e2a3",
  • "attributes": null
}

core_brands_destroy

Brand Viewset

Authorizations:
authentik
path Parameters
brand_uuid
required
string <uuid>

A UUID string identifying this Brand.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

core_brands_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
brand_uuid
required
string <uuid>

A UUID string identifying this Brand.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

core_brands_current_retrieve

Get current brand

Authorizations:
authentikNone

Responses

Response samples

Content type
application/json
{
  • "matched_domain": "string",
  • "branding_title": "string",
  • "branding_logo": "string",
  • "branding_favicon": "string",
  • "ui_footer_links": [
    ],
  • "ui_theme": "automatic",
  • "flow_authentication": "string",
  • "flow_invalidation": "string",
  • "flow_recovery": "string",
  • "flow_unenrollment": "string",
  • "flow_user_settings": "string",
  • "flow_device_code": "string",
  • "default_locale": "string"
}

core_groups_list

Group Viewset

Authorizations:
authentik
query Parameters
attributes
string

Attributes

include_users
boolean
Default: true
is_superuser
boolean
members_by_pk
Array of integers
members_by_username
Array of strings

Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only.

name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

core_groups_create

Group Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string [ 1 .. 80 ] characters
is_superuser
boolean

Users added to this group will be superusers.

parent
string or null <uuid>
users
Array of integers
object
roles
Array of strings <uuid> [ items <uuid > ]

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "is_superuser": true,
  • "parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
  • "users": [
    ],
  • "attributes": {
    },
  • "roles": [
    ]
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "num_pk": 0,
  • "name": "string",
  • "is_superuser": true,
  • "parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
  • "parent_name": "string",
  • "users": [
    ],
  • "users_obj": [
    ],
  • "attributes": {
    },
  • "roles": [
    ],
  • "roles_obj": [
    ]
}

core_groups_retrieve

Group Viewset

Authorizations:
authentik
path Parameters
group_uuid
required
string <uuid>

A UUID string identifying this Group.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "num_pk": 0,
  • "name": "string",
  • "is_superuser": true,
  • "parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
  • "parent_name": "string",
  • "users": [
    ],
  • "users_obj": [
    ],
  • "attributes": {
    },
  • "roles": [
    ],
  • "roles_obj": [
    ]
}

core_groups_update

Group Viewset

Authorizations:
authentik
path Parameters
group_uuid
required
string <uuid>

A UUID string identifying this Group.

Request Body schema: application/json
required
name
required
string [ 1 .. 80 ] characters
is_superuser
boolean

Users added to this group will be superusers.

parent
string or null <uuid>
users
Array of integers
object
roles
Array of strings <uuid> [ items <uuid > ]

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "is_superuser": true,
  • "parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
  • "users": [
    ],
  • "attributes": {
    },
  • "roles": [
    ]
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "num_pk": 0,
  • "name": "string",
  • "is_superuser": true,
  • "parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
  • "parent_name": "string",
  • "users": [
    ],
  • "users_obj": [
    ],
  • "attributes": {
    },
  • "roles": [
    ],
  • "roles_obj": [
    ]
}

core_groups_partial_update

Group Viewset

Authorizations:
authentik
path Parameters
group_uuid
required
string <uuid>

A UUID string identifying this Group.

Request Body schema: application/json
name
string [ 1 .. 80 ] characters
is_superuser
boolean

Users added to this group will be superusers.

parent
string or null <uuid>
users
Array of integers
object
roles
Array of strings <uuid> [ items <uuid > ]

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "is_superuser": true,
  • "parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
  • "users": [
    ],
  • "attributes": {
    },
  • "roles": [
    ]
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "num_pk": 0,
  • "name": "string",
  • "is_superuser": true,
  • "parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
  • "parent_name": "string",
  • "users": [
    ],
  • "users_obj": [
    ],
  • "attributes": {
    },
  • "roles": [
    ],
  • "roles_obj": [
    ]
}

core_groups_destroy

Group Viewset

Authorizations:
authentik
path Parameters
group_uuid
required
string <uuid>

A UUID string identifying this Group.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

core_groups_add_user_create

Add user to group

Authorizations:
authentik
path Parameters
group_uuid
required
string <uuid>

A UUID string identifying this Group.

Request Body schema: application/json
required
pk
required
integer

Responses

Request samples

Content type
application/json
{
  • "pk": 0
}

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

core_groups_remove_user_create

Add user to group

Authorizations:
authentik
path Parameters
group_uuid
required
string <uuid>

A UUID string identifying this Group.

Request Body schema: application/json
required
pk
required
integer

Responses

Request samples

Content type
application/json
{
  • "pk": 0
}

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

core_groups_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
group_uuid
required
string <uuid>

A UUID string identifying this Group.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

core_tokens_list

Token Viewset

Authorizations:
authentik
query Parameters
description
string
expires
string <date-time>
expiring
boolean
identifier
string
intent
string
Enum: "api" "app_password" "recovery" "verification"
managed
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

user__username
string

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

core_tokens_create

Token Viewset

Authorizations:
authentik
Request Body schema: application/json
required
managed
string or null (Managed by authentik) non-empty

Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.

identifier
required
string [ 1 .. 255 ] characters ^[-a-zA-Z0-9_]+$
intent
string (IntentEnum)
Enum: "verification" "api" "recovery" "app_password"
user
integer
description
string
expires
string or null <date-time>
expiring
boolean

Responses

Request samples

Content type
application/json
{
  • "managed": "string",
  • "identifier": "string",
  • "intent": "verification",
  • "user": 0,
  • "description": "string",
  • "expires": "2019-08-24T14:15:22Z",
  • "expiring": true
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "managed": "string",
  • "identifier": "string",
  • "intent": "verification",
  • "user": 0,
  • "user_obj": {
    },
  • "description": "string",
  • "expires": "2019-08-24T14:15:22Z",
  • "expiring": true
}

core_tokens_retrieve

Token Viewset

Authorizations:
authentik
path Parameters
identifier
required
string

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "managed": "string",
  • "identifier": "string",
  • "intent": "verification",
  • "user": 0,
  • "user_obj": {
    },
  • "description": "string",
  • "expires": "2019-08-24T14:15:22Z",
  • "expiring": true
}

core_tokens_update

Token Viewset

Authorizations:
authentik
path Parameters
identifier
required
string
Request Body schema: application/json
required
managed
string or null (Managed by authentik) non-empty

Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.

identifier
required
string [ 1 .. 255 ] characters ^[-a-zA-Z0-9_]+$
intent
string (IntentEnum)
Enum: "verification" "api" "recovery" "app_password"
user
integer
description
string
expires
string or null <date-time>
expiring
boolean

Responses

Request samples

Content type
application/json
{
  • "managed": "string",
  • "identifier": "string",
  • "intent": "verification",
  • "user": 0,
  • "description": "string",
  • "expires": "2019-08-24T14:15:22Z",
  • "expiring": true
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "managed": "string",
  • "identifier": "string",
  • "intent": "verification",
  • "user": 0,
  • "user_obj": {
    },
  • "description": "string",
  • "expires": "2019-08-24T14:15:22Z",
  • "expiring": true
}

core_tokens_partial_update

Token Viewset

Authorizations:
authentik
path Parameters
identifier
required
string
Request Body schema: application/json
managed
string or null (Managed by authentik) non-empty

Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.

identifier
string [ 1 .. 255 ] characters ^[-a-zA-Z0-9_]+$
intent
string (IntentEnum)
Enum: "verification" "api" "recovery" "app_password"
user
integer
description
string
expires
string or null <date-time>
expiring
boolean

Responses

Request samples

Content type
application/json
{
  • "managed": "string",
  • "identifier": "string",
  • "intent": "verification",
  • "user": 0,
  • "description": "string",
  • "expires": "2019-08-24T14:15:22Z",
  • "expiring": true
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "managed": "string",
  • "identifier": "string",
  • "intent": "verification",
  • "user": 0,
  • "user_obj": {
    },
  • "description": "string",
  • "expires": "2019-08-24T14:15:22Z",
  • "expiring": true
}

core_tokens_destroy

Token Viewset

Authorizations:
authentik
path Parameters
identifier
required
string

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

core_tokens_set_key_create

Set token key. Action is logged as event. authentik_core.set_token_key permission is required.

Authorizations:
authentik
path Parameters
identifier
required
string
Request Body schema: application/json
required
key
required
string non-empty

Responses

Request samples

Content type
application/json
{
  • "key": "string"
}

Response samples

Content type
application/json
{
  • "detail": "string",
  • "code": "string"
}

core_tokens_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
identifier
required
string

Responses

Response samples

Content type
application/json
[
  • {
    }
]

core_tokens_view_key_retrieve

Return token key and log access

Authorizations:
authentik
path Parameters
identifier
required
string

Responses

Response samples

Content type
application/json
{
  • "key": "string"
}

core_transactional_applications_update

Convert data into a blueprint, validate it and apply it

Authorizations:
authentik
Request Body schema: application/json
required
required
object (ApplicationRequest)

Application Serializer

provider_model
required
string (ProviderModelEnum)
Enum: "authentik_providers_ldap.ldapprovider" "authentik_providers_oauth2.oauth2provider" "authentik_providers_proxy.proxyprovider" "authentik_providers_rac.racprovider" "authentik_providers_radius.radiusprovider" "authentik_providers_saml.samlprovider" "authentik_providers_scim.scimprovider"
required
any (modelRequest)

Responses

Request samples

Content type
application/json
{
  • "app": {
    },
  • "provider_model": "authentik_providers_ldap.ldapprovider",
  • "provider": {
    }
}

Response samples

Content type
application/json
{
  • "applied": true,
  • "logs": [
    ]
}

core_users_list

User Viewset

Authorizations:
authentik
query Parameters
attributes
string

Attributes

email
string
groups_by_name
Array of strings
groups_by_pk
Array of strings <uuid> [ items <uuid > ]
include_groups
boolean
Default: true
is_active
boolean
is_superuser
boolean
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

path
string
path_startswith
string
search
string

A search term.

type
Array of strings
Items Enum: "external" "internal" "internal_service_account" "service_account"
username
string
uuid
string <uuid>

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

core_users_create

User Viewset

Authorizations:
authentik
Request Body schema: application/json
required
username
required
string [ 1 .. 150 ] characters
name
required
string

User's display name.

is_active
boolean (Active)

Designates whether this user should be treated as active. Unselect this instead of deleting accounts.

last_login
string or null <date-time>
groups
Array of strings <uuid> [ items <uuid > ]
email
string <email> (Email address) <= 254 characters
object
path
string non-empty
type
string (UserTypeEnum)
Enum: "internal" "external" "service_account" "internal_service_account"

Responses

Request samples

Content type
application/json
{
  • "username": "string",
  • "name": "string",
  • "is_active": true,
  • "last_login": "2019-08-24T14:15:22Z",
  • "groups": [
    ],
  • "email": "user@example.com",
  • "attributes": {
    },
  • "path": "string",
  • "type": "internal"
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "username": "string",
  • "name": "string",
  • "is_active": true,
  • "last_login": "2019-08-24T14:15:22Z",
  • "is_superuser": true,
  • "groups": [
    ],
  • "groups_obj": [
    ],
  • "email": "user@example.com",
  • "avatar": "string",
  • "attributes": {
    },
  • "uid": "string",
  • "path": "string",
  • "type": "internal",
  • "uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f"
}

core_users_retrieve

User Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this User.

Responses

Response samples

Content type
application/json
{
  • "pk": 0,
  • "username": "string",
  • "name": "string",
  • "is_active": true,
  • "last_login": "2019-08-24T14:15:22Z",
  • "is_superuser": true,
  • "groups": [
    ],
  • "groups_obj": [
    ],
  • "email": "user@example.com",
  • "avatar": "string",
  • "attributes": {
    },
  • "uid": "string",
  • "path": "string",
  • "type": "internal",
  • "uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f"
}

core_users_update

User Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this User.

Request Body schema: application/json
required
username
required
string [ 1 .. 150 ] characters
name
required
string

User's display name.

is_active
boolean (Active)

Designates whether this user should be treated as active. Unselect this instead of deleting accounts.

last_login
string or null <date-time>
groups
Array of strings <uuid> [ items <uuid > ]
email
string <email> (Email address) <= 254 characters
object
path
string non-empty
type
string (UserTypeEnum)
Enum: "internal" "external" "service_account" "internal_service_account"

Responses

Request samples

Content type
application/json
{
  • "username": "string",
  • "name": "string",
  • "is_active": true,
  • "last_login": "2019-08-24T14:15:22Z",
  • "groups": [
    ],
  • "email": "user@example.com",
  • "attributes": {
    },
  • "path": "string",
  • "type": "internal"
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "username": "string",
  • "name": "string",
  • "is_active": true,
  • "last_login": "2019-08-24T14:15:22Z",
  • "is_superuser": true,
  • "groups": [
    ],
  • "groups_obj": [
    ],
  • "email": "user@example.com",
  • "avatar": "string",
  • "attributes": {
    },
  • "uid": "string",
  • "path": "string",
  • "type": "internal",
  • "uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f"
}

core_users_partial_update

User Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this User.

Request Body schema: application/json
username
string [ 1 .. 150 ] characters
name
string

User's display name.

is_active
boolean (Active)

Designates whether this user should be treated as active. Unselect this instead of deleting accounts.

last_login
string or null <date-time>
groups
Array of strings <uuid> [ items <uuid > ]
email
string <email> (Email address) <= 254 characters
object
path
string non-empty
type
string (UserTypeEnum)
Enum: "internal" "external" "service_account" "internal_service_account"

Responses

Request samples

Content type
application/json
{
  • "username": "string",
  • "name": "string",
  • "is_active": true,
  • "last_login": "2019-08-24T14:15:22Z",
  • "groups": [
    ],
  • "email": "user@example.com",
  • "attributes": {
    },
  • "path": "string",
  • "type": "internal"
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "username": "string",
  • "name": "string",
  • "is_active": true,
  • "last_login": "2019-08-24T14:15:22Z",
  • "is_superuser": true,
  • "groups": [
    ],
  • "groups_obj": [
    ],
  • "email": "user@example.com",
  • "avatar": "string",
  • "attributes": {
    },
  • "uid": "string",
  • "path": "string",
  • "type": "internal",
  • "uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f"
}

core_users_destroy

User Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this User.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

core_users_impersonate_create

Impersonate a user

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this User.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

core_users_metrics_retrieve

User metrics per 1h

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this User.

Responses

Response samples

Content type
application/json
{
  • "logins": [
    ],
  • "logins_failed": [
    ],
  • "authorizations": [
    ]
}

core_users_recovery_create

Create a temporary link that a user can use to recover their accounts

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this User.

Responses

Response samples

Content type
application/json
{
  • "link": "string"
}

core_users_recovery_email_create

Create a temporary link that a user can use to recover their accounts

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this User.

query Parameters
email_stage
required
string

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

core_users_set_password_create

Set password for user

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this User.

Request Body schema: application/json
required
password
required
string non-empty

Responses

Request samples

Content type
application/json
{
  • "password": "string"
}

Response samples

Content type
application/json
{
  • "detail": "string",
  • "code": "string"
}

core_users_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this User.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

core_users_impersonate_end_retrieve

End Impersonation a user

Authorizations:
authentik

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

core_users_me_retrieve

Get information about current user

Authorizations:
authentik

Responses

Response samples

Content type
application/json
{
  • "user": {
    },
  • "original": {
    }
}

core_users_paths_retrieve

Get all user paths

Authorizations:
authentik
query Parameters
search
string

Responses

Response samples

Content type
application/json
{
  • "paths": [
    ]
}

core_users_service_account_create

Create a new user account that is marked as a service account

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
create_group
boolean
Default: false
expiring
boolean
Default: true
expires
string <date-time>

If not provided, valid for 360 days

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "create_group": false,
  • "expiring": true,
  • "expires": "2019-08-24T14:15:22Z"
}

Response samples

Content type
application/json
{
  • "username": "string",
  • "token": "string",
  • "user_uid": "string",
  • "user_pk": 0,
  • "group_pk": "string"
}

crypto

crypto_certificatekeypairs_list

CertificateKeyPair Viewset

Authorizations:
authentik
query Parameters
has_key
boolean

Only return certificate-key pairs with keys

include_details
boolean
Default: true
managed
string
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

crypto_certificatekeypairs_create

CertificateKeyPair Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
certificate_data
required
string non-empty

PEM-encoded Certificate data

key_data
string

Optional Private Key. If this is set, you can use this keypair for encryption.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "certificate_data": "string",
  • "key_data": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "fingerprint_sha256": "string",
  • "fingerprint_sha1": "string",
  • "cert_expiry": "2019-08-24T14:15:22Z",
  • "cert_subject": "string",
  • "private_key_available": true,
  • "private_key_type": "string",
  • "certificate_download_url": "string",
  • "private_key_download_url": "string",
  • "managed": "string"
}

crypto_certificatekeypairs_retrieve

CertificateKeyPair Viewset

Authorizations:
authentik
path Parameters
kp_uuid
required
string <uuid>

A UUID string identifying this Certificate-Key Pair.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "fingerprint_sha256": "string",
  • "fingerprint_sha1": "string",
  • "cert_expiry": "2019-08-24T14:15:22Z",
  • "cert_subject": "string",
  • "private_key_available": true,
  • "private_key_type": "string",
  • "certificate_download_url": "string",
  • "private_key_download_url": "string",
  • "managed": "string"
}

crypto_certificatekeypairs_update

CertificateKeyPair Viewset

Authorizations:
authentik
path Parameters
kp_uuid
required
string <uuid>

A UUID string identifying this Certificate-Key Pair.

Request Body schema: application/json
required
name
required
string non-empty
certificate_data
required
string non-empty

PEM-encoded Certificate data

key_data
string

Optional Private Key. If this is set, you can use this keypair for encryption.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "certificate_data": "string",
  • "key_data": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "fingerprint_sha256": "string",
  • "fingerprint_sha1": "string",
  • "cert_expiry": "2019-08-24T14:15:22Z",
  • "cert_subject": "string",
  • "private_key_available": true,
  • "private_key_type": "string",
  • "certificate_download_url": "string",
  • "private_key_download_url": "string",
  • "managed": "string"
}

crypto_certificatekeypairs_partial_update

CertificateKeyPair Viewset

Authorizations:
authentik
path Parameters
kp_uuid
required
string <uuid>

A UUID string identifying this Certificate-Key Pair.

Request Body schema: application/json
name
string non-empty
certificate_data
string non-empty

PEM-encoded Certificate data

key_data
string

Optional Private Key. If this is set, you can use this keypair for encryption.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "certificate_data": "string",
  • "key_data": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "fingerprint_sha256": "string",
  • "fingerprint_sha1": "string",
  • "cert_expiry": "2019-08-24T14:15:22Z",
  • "cert_subject": "string",
  • "private_key_available": true,
  • "private_key_type": "string",
  • "certificate_download_url": "string",
  • "private_key_download_url": "string",
  • "managed": "string"
}

crypto_certificatekeypairs_destroy

CertificateKeyPair Viewset

Authorizations:
authentik
path Parameters
kp_uuid
required
string <uuid>

A UUID string identifying this Certificate-Key Pair.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

crypto_certificatekeypairs_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
kp_uuid
required
string <uuid>

A UUID string identifying this Certificate-Key Pair.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

crypto_certificatekeypairs_view_certificate_retrieve

Return certificate-key pairs certificate and log access

Authorizations:
authentik
path Parameters
kp_uuid
required
string <uuid>

A UUID string identifying this Certificate-Key Pair.

query Parameters
download
boolean

Responses

Response samples

Content type
application/json
{
  • "data": "string"
}

crypto_certificatekeypairs_view_private_key_retrieve

Return certificate-key pairs private key and log access

Authorizations:
authentik
path Parameters
kp_uuid
required
string <uuid>

A UUID string identifying this Certificate-Key Pair.

query Parameters
download
boolean

Responses

Response samples

Content type
application/json
{
  • "data": "string"
}

crypto_certificatekeypairs_generate_create

Generate a new, self-signed certificate-key pair

Authorizations:
authentik
Request Body schema: application/json
required
common_name
required
string non-empty
subject_alt_name
string
validity_days
required
integer
alg
string
Default: "rsa"
Enum: "rsa" "ecdsa"

Responses

Request samples

Content type
application/json
{
  • "common_name": "string",
  • "subject_alt_name": "string",
  • "validity_days": 0,
  • "alg": "rsa"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "fingerprint_sha256": "string",
  • "fingerprint_sha1": "string",
  • "cert_expiry": "2019-08-24T14:15:22Z",
  • "cert_subject": "string",
  • "private_key_available": true,
  • "private_key_type": "string",
  • "certificate_download_url": "string",
  • "private_key_download_url": "string",
  • "managed": "string"
}

enterprise

enterprise_license_list

License Viewset

Authorizations:
authentik
query Parameters
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

enterprise_license_create

License Viewset

Authorizations:
authentik
Request Body schema: application/json
required
key
required
string non-empty

Responses

Request samples

Content type
application/json
{
  • "key": "string"
}

Response samples

Content type
application/json
{
  • "license_uuid": "c1f3b8e8-1ed0-4f1f-8b9a-d3c1e906f280",
  • "name": "string",
  • "key": "string",
  • "expiry": "2019-08-24T14:15:22Z",
  • "internal_users": 0,
  • "external_users": 0
}

enterprise_license_retrieve

License Viewset

Authorizations:
authentik
path Parameters
license_uuid
required
string <uuid>

A UUID string identifying this License.

Responses

Response samples

Content type
application/json
{
  • "license_uuid": "c1f3b8e8-1ed0-4f1f-8b9a-d3c1e906f280",
  • "name": "string",
  • "key": "string",
  • "expiry": "2019-08-24T14:15:22Z",
  • "internal_users": 0,
  • "external_users": 0
}

enterprise_license_update

License Viewset

Authorizations:
authentik
path Parameters
license_uuid
required
string <uuid>

A UUID string identifying this License.

Request Body schema: application/json
required
key
required
string non-empty

Responses

Request samples

Content type
application/json
{
  • "key": "string"
}

Response samples

Content type
application/json
{
  • "license_uuid": "c1f3b8e8-1ed0-4f1f-8b9a-d3c1e906f280",
  • "name": "string",
  • "key": "string",
  • "expiry": "2019-08-24T14:15:22Z",
  • "internal_users": 0,
  • "external_users": 0
}

enterprise_license_partial_update

License Viewset

Authorizations:
authentik
path Parameters
license_uuid
required
string <uuid>

A UUID string identifying this License.

Request Body schema: application/json
key
string non-empty

Responses

Request samples

Content type
application/json
{
  • "key": "string"
}

Response samples

Content type
application/json
{
  • "license_uuid": "c1f3b8e8-1ed0-4f1f-8b9a-d3c1e906f280",
  • "name": "string",
  • "key": "string",
  • "expiry": "2019-08-24T14:15:22Z",
  • "internal_users": 0,
  • "external_users": 0
}

enterprise_license_destroy

License Viewset

Authorizations:
authentik
path Parameters
license_uuid
required
string <uuid>

A UUID string identifying this License.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

enterprise_license_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
license_uuid
required
string <uuid>

A UUID string identifying this License.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

enterprise_license_forecast_retrieve

Forecast how many users will be required in a year

Authorizations:
authentik

Responses

Response samples

Content type
application/json
{
  • "internal_users": 0,
  • "external_users": 0,
  • "forecasted_internal_users": 0,
  • "forecasted_external_users": 0
}

enterprise_license_get_install_id_retrieve

Get install_id

Authorizations:
authentik

Responses

Response samples

Content type
application/json
{
  • "install_id": "string"
}

enterprise_license_summary_retrieve

Get the total license status

Authorizations:
authentik

Responses

Response samples

Content type
application/json
{
  • "internal_users": 0,
  • "external_users": 0,
  • "valid": true,
  • "show_admin_warning": true,
  • "show_user_warning": true,
  • "read_only": true,
  • "latest_valid": "2019-08-24T14:15:22Z",
  • "has_license": true
}

events

events_events_list

Event Read-Only Viewset

Authorizations:
authentik
query Parameters
action
string
brand_name
string

Brand name

client_ip
string
context_authorized_app
string

Context Authorized application

context_model_app
string

Context Model App

context_model_name
string

Context Model Name

context_model_pk
string

Context Model Primary Key

ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

username
string

Username

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

events_events_create

Event Read-Only Viewset

Authorizations:
authentik
Request Body schema: application/json
required
user
any
action
required
string (EventActions)
Enum: "login" "login_failed" "logout" "user_write" "suspicious_request" "password_set" "secret_view" "secret_rotate" "invitation_used" "authorize_application" "source_linked" "impersonation_started" "impersonation_ended" "flow_execution" "policy_execution" "policy_exception" "property_mapping_exception" "system_task_execution" "system_task_exception" "system_exception" "configuration_error" "model_created" "model_updated" "model_deleted" "email_sent" "update_available" "custom_"
app
required
string non-empty
context
any
client_ip
string or null non-empty
expires
string <date-time>
brand
any

Responses

Request samples

Content type
application/json
{
  • "user": null,
  • "action": "login",
  • "app": "string",
  • "context": null,
  • "client_ip": "string",
  • "expires": "2019-08-24T14:15:22Z",
  • "brand": null
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "user": null,
  • "action": "login",
  • "app": "string",
  • "context": null,
  • "client_ip": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "expires": "2019-08-24T14:15:22Z",
  • "brand": null
}

events_events_retrieve

Event Read-Only Viewset

Authorizations:
authentik
path Parameters
event_uuid
required
string <uuid>

A UUID string identifying this Event.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "user": null,
  • "action": "login",
  • "app": "string",
  • "context": null,
  • "client_ip": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "expires": "2019-08-24T14:15:22Z",
  • "brand": null
}

events_events_update

Event Read-Only Viewset

Authorizations:
authentik
path Parameters
event_uuid
required
string <uuid>

A UUID string identifying this Event.

Request Body schema: application/json
required
user
any
action
required
string (EventActions)
Enum: "login" "login_failed" "logout" "user_write" "suspicious_request" "password_set" "secret_view" "secret_rotate" "invitation_used" "authorize_application" "source_linked" "impersonation_started" "impersonation_ended" "flow_execution" "policy_execution" "policy_exception" "property_mapping_exception" "system_task_execution" "system_task_exception" "system_exception" "configuration_error" "model_created" "model_updated" "model_deleted" "email_sent" "update_available" "custom_"
app
required
string non-empty
context
any
client_ip
string or null non-empty
expires
string <date-time>
brand
any

Responses

Request samples

Content type
application/json
{
  • "user": null,
  • "action": "login",
  • "app": "string",
  • "context": null,
  • "client_ip": "string",
  • "expires": "2019-08-24T14:15:22Z",
  • "brand": null
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "user": null,
  • "action": "login",
  • "app": "string",
  • "context": null,
  • "client_ip": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "expires": "2019-08-24T14:15:22Z",
  • "brand": null
}

events_events_partial_update

Event Read-Only Viewset

Authorizations:
authentik
path Parameters
event_uuid
required
string <uuid>

A UUID string identifying this Event.

Request Body schema: application/json
user
any
action
string (EventActions)
Enum: "login" "login_failed" "logout" "user_write" "suspicious_request" "password_set" "secret_view" "secret_rotate" "invitation_used" "authorize_application" "source_linked" "impersonation_started" "impersonation_ended" "flow_execution" "policy_execution" "policy_exception" "property_mapping_exception" "system_task_execution" "system_task_exception" "system_exception" "configuration_error" "model_created" "model_updated" "model_deleted" "email_sent" "update_available" "custom_"
app
string non-empty
context
any
client_ip
string or null non-empty
expires
string <date-time>
brand
any

Responses

Request samples

Content type
application/json
{
  • "user": null,
  • "action": "login",
  • "app": "string",
  • "context": null,
  • "client_ip": "string",
  • "expires": "2019-08-24T14:15:22Z",
  • "brand": null
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "user": null,
  • "action": "login",
  • "app": "string",
  • "context": null,
  • "client_ip": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "expires": "2019-08-24T14:15:22Z",
  • "brand": null
}

events_events_destroy

Event Read-Only Viewset

Authorizations:
authentik
path Parameters
event_uuid
required
string <uuid>

A UUID string identifying this Event.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

events_events_actions_list

Get all actions

Authorizations:
authentik

Responses

Response samples

Content type
application/json
[
  • {
    }
]

events_events_per_month_list

Get the count of events per month

Authorizations:
authentik
query Parameters
action
string
query
string

Responses

Response samples

Content type
application/json
[
  • {
    }
]

events_events_top_per_user_list

Get the top_n events grouped by user count

Authorizations:
authentik
query Parameters
action
string
top_n
integer

Responses

Response samples

Content type
application/json
[
  • {
    }
]

events_events_volume_list

Get event volume for specified filters and timeframe

Authorizations:
authentik
query Parameters
action
string
brand_name
string

Brand name

client_ip
string
context_authorized_app
string

Context Authorized application

context_model_app
string

Context Model App

context_model_name
string

Context Model Name

context_model_pk
string

Context Model Primary Key

ordering
string

Which field to use when ordering the results.

search
string

A search term.

username
string

Username

Responses

Response samples

Content type
application/json
[
  • {
    }
]

events_notifications_list

Notification Viewset

Authorizations:
authentik
query Parameters
body
string
created
string <date-time>
event
string <uuid>
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

seen
boolean
severity
string
Enum: "alert" "notice" "warning"
user
integer

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

events_notifications_retrieve

Notification Viewset

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Notification.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "severity": "notice",
  • "body": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "event": {
    },
  • "seen": true
}

events_notifications_update

Notification Viewset

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Notification.

Request Body schema: application/json
object (EventRequest)

Event Serializer

seen
boolean

Responses

Request samples

Content type
application/json
{
  • "event": {
    },
  • "seen": true
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "severity": "notice",
  • "body": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "event": {
    },
  • "seen": true
}

events_notifications_partial_update

Notification Viewset

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Notification.

Request Body schema: application/json
object (EventRequest)

Event Serializer

seen
boolean

Responses

Request samples

Content type
application/json
{
  • "event": {
    },
  • "seen": true
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "severity": "notice",
  • "body": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "event": {
    },
  • "seen": true
}

events_notifications_destroy

Notification Viewset

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Notification.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

events_notifications_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Notification.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

events_notifications_mark_all_seen_create

Mark all the user's notifications as seen

Authorizations:
authentik

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

events_rules_list

NotificationRule Viewset

Authorizations:
authentik
query Parameters
group__name
string
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

severity
string
Enum: "alert" "notice" "warning"

Controls which severity level the created notifications will have.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

events_rules_create

NotificationRule Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
transports
Array of strings <uuid> [ items <uuid > ]

Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI.

severity
string
Enum: "notice" "warning" "alert"

Controls which severity level the created notifications will have.

group
string or null <uuid>

Define which group of users this notification should be sent and shown to. If left empty, Notification won't ben sent.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "transports": [
    ],
  • "severity": "notice",
  • "group": "fbd899a6-8a66-4f51-a95d-68668de198ae"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "transports": [
    ],
  • "severity": "notice",
  • "group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
  • "group_obj": {
    }
}

events_rules_retrieve

NotificationRule Viewset

Authorizations:
authentik
path Parameters
pbm_uuid
required
string <uuid>

A UUID string identifying this Notification Rule.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "transports": [
    ],
  • "severity": "notice",
  • "group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
  • "group_obj": {
    }
}

events_rules_update

NotificationRule Viewset

Authorizations:
authentik
path Parameters
pbm_uuid
required
string <uuid>

A UUID string identifying this Notification Rule.

Request Body schema: application/json
required
name
required
string non-empty
transports
Array of strings <uuid> [ items <uuid > ]

Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI.

severity
string
Enum: "notice" "warning" "alert"

Controls which severity level the created notifications will have.

group
string or null <uuid>

Define which group of users this notification should be sent and shown to. If left empty, Notification won't ben sent.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "transports": [
    ],
  • "severity": "notice",
  • "group": "fbd899a6-8a66-4f51-a95d-68668de198ae"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "transports": [
    ],
  • "severity": "notice",
  • "group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
  • "group_obj": {
    }
}

events_rules_partial_update

NotificationRule Viewset

Authorizations:
authentik
path Parameters
pbm_uuid
required
string <uuid>

A UUID string identifying this Notification Rule.

Request Body schema: application/json
name
string non-empty
transports
Array of strings <uuid> [ items <uuid > ]

Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI.

severity
string
Enum: "notice" "warning" "alert"

Controls which severity level the created notifications will have.

group
string or null <uuid>

Define which group of users this notification should be sent and shown to. If left empty, Notification won't ben sent.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "transports": [
    ],
  • "severity": "notice",
  • "group": "fbd899a6-8a66-4f51-a95d-68668de198ae"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "transports": [
    ],
  • "severity": "notice",
  • "group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
  • "group_obj": {
    }
}

events_rules_destroy

NotificationRule Viewset

Authorizations:
authentik
path Parameters
pbm_uuid
required
string <uuid>

A UUID string identifying this Notification Rule.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

events_rules_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
pbm_uuid
required
string <uuid>

A UUID string identifying this Notification Rule.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

events_system_tasks_list

Read-only view set that returns all background tasks

Authorizations:
authentik
query Parameters
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

status
string
Enum: "error" "successful" "unknown" "warning"
uid
string

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

events_system_tasks_retrieve

Read-only view set that returns all background tasks

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this System Task.

Responses

Response samples

Content type
application/json
{
  • "uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f",
  • "name": "string",
  • "full_name": "string",
  • "uid": "string",
  • "description": "string",
  • "start_timestamp": "2019-08-24T14:15:22Z",
  • "finish_timestamp": "2019-08-24T14:15:22Z",
  • "duration": 0.1,
  • "status": "unknown",
  • "messages": [
    ]
}

events_system_tasks_run_create

Run task

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this System Task.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

events_transports_list

NotificationTransport Viewset

Authorizations:
authentik
query Parameters
mode
string
Enum: "email" "local" "webhook" "webhook_slack"
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

send_once
boolean
webhook_url
string

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

events_transports_create

NotificationTransport Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
mode
string (NotificationTransportModeEnum)
Enum: "local" "webhook" "webhook_slack" "email"
webhook_url
string <uri>
webhook_mapping
string or null <uuid>
send_once
boolean

Only send notification once, for example when sending a webhook into a chat channel.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "mode": "local",
  • "webhook_url": "http://example.com",
  • "webhook_mapping": "65dec373-04ee-4418-80af-c31796cda1c4",
  • "send_once": true
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "mode": "local",
  • "mode_verbose": "string",
  • "webhook_url": "http://example.com",
  • "webhook_mapping": "65dec373-04ee-4418-80af-c31796cda1c4",
  • "send_once": true
}

events_transports_retrieve

NotificationTransport Viewset

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Notification Transport.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "mode": "local",
  • "mode_verbose": "string",
  • "webhook_url": "http://example.com",
  • "webhook_mapping": "65dec373-04ee-4418-80af-c31796cda1c4",
  • "send_once": true
}

events_transports_update

NotificationTransport Viewset

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Notification Transport.

Request Body schema: application/json
required
name
required
string non-empty
mode
string (NotificationTransportModeEnum)
Enum: "local" "webhook" "webhook_slack" "email"
webhook_url
string <uri>
webhook_mapping
string or null <uuid>
send_once
boolean

Only send notification once, for example when sending a webhook into a chat channel.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "mode": "local",
  • "webhook_url": "http://example.com",
  • "webhook_mapping": "65dec373-04ee-4418-80af-c31796cda1c4",
  • "send_once": true
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "mode": "local",
  • "mode_verbose": "string",
  • "webhook_url": "http://example.com",
  • "webhook_mapping": "65dec373-04ee-4418-80af-c31796cda1c4",
  • "send_once": true
}

events_transports_partial_update

NotificationTransport Viewset

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Notification Transport.

Request Body schema: application/json
name
string non-empty
mode
string (NotificationTransportModeEnum)
Enum: "local" "webhook" "webhook_slack" "email"
webhook_url
string <uri>
webhook_mapping
string or null <uuid>
send_once
boolean

Only send notification once, for example when sending a webhook into a chat channel.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "mode": "local",
  • "webhook_url": "http://example.com",
  • "webhook_mapping": "65dec373-04ee-4418-80af-c31796cda1c4",
  • "send_once": true
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "mode": "local",
  • "mode_verbose": "string",
  • "webhook_url": "http://example.com",
  • "webhook_mapping": "65dec373-04ee-4418-80af-c31796cda1c4",
  • "send_once": true
}

events_transports_destroy

NotificationTransport Viewset

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Notification Transport.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

events_transports_test_create

Send example notification using selected transport. Requires Modify permissions.

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Notification Transport.

Responses

Response samples

Content type
application/json
{
  • "messages": [
    ]
}

events_transports_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Notification Transport.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

flows

flows_bindings_list

FlowStageBinding Viewset

Authorizations:
authentik
query Parameters
evaluate_on_plan
boolean
fsb_uuid
string <uuid>
invalid_response_action
string
Enum: "restart" "restart_with_context" "retry"

Configure how the flow executor should handle an invalid response to a challenge. RETRY returns the error message and a similar challenge to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT restarts the flow while keeping the current context.

order
integer
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

pbm_uuid
string <uuid>
policies
Array of strings <uuid> [ items <uuid > ]
policy_engine_mode
string
Enum: "all" "any"
re_evaluate_policies
boolean
search
string

A search term.

stage
string <uuid>
target
string <uuid>

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

flows_bindings_create

FlowStageBinding Viewset

Authorizations:
authentik
Request Body schema: application/json
required
target
required
string <uuid>
stage
required
string <uuid>
evaluate_on_plan
boolean

Evaluate policies during the Flow planning process.

re_evaluate_policies
boolean

Evaluate policies when the Stage is present to the user.

order
required
integer [ -2147483648 .. 2147483647 ]
policy_engine_mode
string (PolicyEngineMode)
Enum: "all" "any"
invalid_response_action
string
Enum: "retry" "restart" "restart_with_context"

Configure how the flow executor should handle an invalid response to a challenge. RETRY returns the error message and a similar challenge to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT restarts the flow while keeping the current context.

Responses

Request samples

Content type
application/json
{
  • "target": "65a17d54-9c67-4477-8b80-d3f97e165aa5",
  • "stage": "9f09bdb0-89bd-4a1a-b468-0312474f1023",
  • "evaluate_on_plan": true,
  • "re_evaluate_policies": true,
  • "order": -2147483648,
  • "policy_engine_mode": "all",
  • "invalid_response_action": "retry"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
  • "target": "65a17d54-9c67-4477-8b80-d3f97e165aa5",
  • "stage": "9f09bdb0-89bd-4a1a-b468-0312474f1023",
  • "stage_obj": {
    },
  • "evaluate_on_plan": true,
  • "re_evaluate_policies": true,
  • "order": -2147483648,
  • "policy_engine_mode": "all",
  • "invalid_response_action": "retry"
}

flows_bindings_retrieve

FlowStageBinding Viewset

Authorizations:
authentik
path Parameters
fsb_uuid
required
string <uuid>

A UUID string identifying this Flow Stage Binding.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
  • "target": "65a17d54-9c67-4477-8b80-d3f97e165aa5",
  • "stage": "9f09bdb0-89bd-4a1a-b468-0312474f1023",
  • "stage_obj": {
    },
  • "evaluate_on_plan": true,
  • "re_evaluate_policies": true,
  • "order": -2147483648,
  • "policy_engine_mode": "all",
  • "invalid_response_action": "retry"
}

flows_bindings_update

FlowStageBinding Viewset

Authorizations:
authentik
path Parameters
fsb_uuid
required
string <uuid>

A UUID string identifying this Flow Stage Binding.

Request Body schema: application/json
required
target
required
string <uuid>
stage
required
string <uuid>
evaluate_on_plan
boolean

Evaluate policies during the Flow planning process.

re_evaluate_policies
boolean

Evaluate policies when the Stage is present to the user.

order
required
integer [ -2147483648 .. 2147483647 ]
policy_engine_mode
string (PolicyEngineMode)
Enum: "all" "any"
invalid_response_action
string
Enum: "retry" "restart" "restart_with_context"

Configure how the flow executor should handle an invalid response to a challenge. RETRY returns the error message and a similar challenge to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT restarts the flow while keeping the current context.

Responses

Request samples

Content type
application/json
{
  • "target": "65a17d54-9c67-4477-8b80-d3f97e165aa5",
  • "stage": "9f09bdb0-89bd-4a1a-b468-0312474f1023",
  • "evaluate_on_plan": true,
  • "re_evaluate_policies": true,
  • "order": -2147483648,
  • "policy_engine_mode": "all",
  • "invalid_response_action": "retry"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
  • "target": "65a17d54-9c67-4477-8b80-d3f97e165aa5",
  • "stage": "9f09bdb0-89bd-4a1a-b468-0312474f1023",
  • "stage_obj": {
    },
  • "evaluate_on_plan": true,
  • "re_evaluate_policies": true,
  • "order": -2147483648,
  • "policy_engine_mode": "all",
  • "invalid_response_action": "retry"
}

flows_bindings_partial_update

FlowStageBinding Viewset

Authorizations:
authentik
path Parameters
fsb_uuid
required
string <uuid>

A UUID string identifying this Flow Stage Binding.

Request Body schema: application/json
target
string <uuid>
stage
string <uuid>
evaluate_on_plan
boolean

Evaluate policies during the Flow planning process.

re_evaluate_policies
boolean

Evaluate policies when the Stage is present to the user.

order
integer [ -2147483648 .. 2147483647 ]
policy_engine_mode
string (PolicyEngineMode)
Enum: "all" "any"
invalid_response_action
string
Enum: "retry" "restart" "restart_with_context"

Configure how the flow executor should handle an invalid response to a challenge. RETRY returns the error message and a similar challenge to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT restarts the flow while keeping the current context.

Responses

Request samples

Content type
application/json
{
  • "target": "65a17d54-9c67-4477-8b80-d3f97e165aa5",
  • "stage": "9f09bdb0-89bd-4a1a-b468-0312474f1023",
  • "evaluate_on_plan": true,
  • "re_evaluate_policies": true,
  • "order": -2147483648,
  • "policy_engine_mode": "all",
  • "invalid_response_action": "retry"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
  • "target": "65a17d54-9c67-4477-8b80-d3f97e165aa5",
  • "stage": "9f09bdb0-89bd-4a1a-b468-0312474f1023",
  • "stage_obj": {
    },
  • "evaluate_on_plan": true,
  • "re_evaluate_policies": true,
  • "order": -2147483648,
  • "policy_engine_mode": "all",
  • "invalid_response_action": "retry"
}

flows_bindings_destroy

FlowStageBinding Viewset

Authorizations:
authentik
path Parameters
fsb_uuid
required
string <uuid>

A UUID string identifying this Flow Stage Binding.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

flows_bindings_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
fsb_uuid
required
string <uuid>

A UUID string identifying this Flow Stage Binding.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

flows_executor_get

Get the next pending challenge from the currently active flow.

Authorizations:
authentikNone
path Parameters
flow_slug
required
string
query Parameters
query
required
string

Querystring as received

Responses

Response samples

Content type
application/json
Example
{
  • "type": "native",
  • "flow_info": {
    },
  • "component": "ak-stage-access-denied",
  • "response_errors": {
    },
  • "pending_user": "string",
  • "pending_user_avatar": "string",
  • "error_message": "string"
}

flows_executor_solve

Solve the previously retrieved challenge and advanced to the next stage.

Authorizations:
authentikNone
path Parameters
flow_slug
required
string
query Parameters
query
required
string

Querystring as received

Request Body schema: application/json
component
string non-empty
Default: "ak-source-oauth-apple"

Responses

Request samples

Content type
application/json
Example
{
  • "component": "ak-source-oauth-apple"
}

Response samples

Content type
application/json
Example
{
  • "type": "native",
  • "flow_info": {
    },
  • "component": "ak-stage-access-denied",
  • "response_errors": {
    },
  • "pending_user": "string",
  • "pending_user_avatar": "string",
  • "error_message": "string"
}

flows_inspector_get

Get current flow state and record it

Authorizations:
authentik
path Parameters
flow_slug
required
string

Responses

Response samples

Content type
application/json
{
  • "plans": [
    ],
  • "current_plan": {
    },
  • "is_completed": true
}

flows_instances_list

Flow Viewset

Authorizations:
authentik
query Parameters
denied_action
string
Enum: "continue" "message" "message_continue"

Configure what should happen when a flow denies access to a user.

designation
string
Enum: "authentication" "authorization" "enrollment" "invalidation" "recovery" "stage_configuration" "unenrollment"

Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik.

flow_uuid
string <uuid>
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

slug
string

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

flows_instances_create

Flow Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
slug
required
string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$

Visible in the URL.

title
required
string non-empty

Shown as the Title in Flow pages.

designation
required
string
Enum: "authentication" "authorization" "invalidation" "enrollment" "unenrollment" "recovery" "stage_configuration"

Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik.

policy_engine_mode
string (PolicyEngineMode)
Enum: "all" "any"
compatibility_mode
boolean

Enable compatibility mode, increases compatibility with password managers on mobile devices.

layout
string (FlowLayoutEnum)
Enum: "stacked" "content_left" "content_right" "sidebar_left" "sidebar_right"
denied_action
string
Enum: "message_continue" "message" "continue"

Configure what should happen when a flow denies access to a user.

authentication
string
Enum: "none" "require_authenticated" "require_unauthenticated" "require_superuser" "require_outpost"

Required level of authentication and authorization to access a flow.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "slug": "string",
  • "title": "string",
  • "designation": "authentication",
  • "policy_engine_mode": "all",
  • "compatibility_mode": true,
  • "layout": "stacked",
  • "denied_action": "message_continue",
  • "authentication": "none"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
  • "name": "string",
  • "slug": "string",
  • "title": "string",
  • "designation": "authentication",
  • "background": "string",
  • "stages": [
    ],
  • "policies": [
    ],
  • "cache_count": 0,
  • "policy_engine_mode": "all",
  • "compatibility_mode": true,
  • "export_url": "string",
  • "layout": "stacked",
  • "denied_action": "message_continue",
  • "authentication": "none"
}

flows_instances_retrieve

Flow Viewset

Authorizations:
authentik
path Parameters
slug
required
string

Visible in the URL.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
  • "name": "string",
  • "slug": "string",
  • "title": "string",
  • "designation": "authentication",
  • "background": "string",
  • "stages": [
    ],
  • "policies": [
    ],
  • "cache_count": 0,
  • "policy_engine_mode": "all",
  • "compatibility_mode": true,
  • "export_url": "string",
  • "layout": "stacked",
  • "denied_action": "message_continue",
  • "authentication": "none"
}

flows_instances_update

Flow Viewset

Authorizations:
authentik
path Parameters
slug
required
string

Visible in the URL.

Request Body schema: application/json
required
name
required
string non-empty
slug
required
string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$

Visible in the URL.

title
required
string non-empty

Shown as the Title in Flow pages.

designation
required
string
Enum: "authentication" "authorization" "invalidation" "enrollment" "unenrollment" "recovery" "stage_configuration"

Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik.

policy_engine_mode
string (PolicyEngineMode)
Enum: "all" "any"
compatibility_mode
boolean

Enable compatibility mode, increases compatibility with password managers on mobile devices.

layout
string (FlowLayoutEnum)
Enum: "stacked" "content_left" "content_right" "sidebar_left" "sidebar_right"
denied_action
string
Enum: "message_continue" "message" "continue"

Configure what should happen when a flow denies access to a user.

authentication
string
Enum: "none" "require_authenticated" "require_unauthenticated" "require_superuser" "require_outpost"

Required level of authentication and authorization to access a flow.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "slug": "string",
  • "title": "string",
  • "designation": "authentication",
  • "policy_engine_mode": "all",
  • "compatibility_mode": true,
  • "layout": "stacked",
  • "denied_action": "message_continue",
  • "authentication": "none"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
  • "name": "string",
  • "slug": "string",
  • "title": "string",
  • "designation": "authentication",
  • "background": "string",
  • "stages": [
    ],
  • "policies": [
    ],
  • "cache_count": 0,
  • "policy_engine_mode": "all",
  • "compatibility_mode": true,
  • "export_url": "string",
  • "layout": "stacked",
  • "denied_action": "message_continue",
  • "authentication": "none"
}

flows_instances_partial_update

Flow Viewset

Authorizations:
authentik
path Parameters
slug
required
string

Visible in the URL.

Request Body schema: application/json
name
string non-empty
slug
string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$

Visible in the URL.

title
string non-empty

Shown as the Title in Flow pages.

designation
string
Enum: "authentication" "authorization" "invalidation" "enrollment" "unenrollment" "recovery" "stage_configuration"

Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik.

policy_engine_mode
string (PolicyEngineMode)
Enum: "all" "any"
compatibility_mode
boolean

Enable compatibility mode, increases compatibility with password managers on mobile devices.

layout
string (FlowLayoutEnum)
Enum: "stacked" "content_left" "content_right" "sidebar_left" "sidebar_right"
denied_action
string
Enum: "message_continue" "message" "continue"

Configure what should happen when a flow denies access to a user.

authentication
string
Enum: "none" "require_authenticated" "require_unauthenticated" "require_superuser" "require_outpost"

Required level of authentication and authorization to access a flow.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "slug": "string",
  • "title": "string",
  • "designation": "authentication",
  • "policy_engine_mode": "all",
  • "compatibility_mode": true,
  • "layout": "stacked",
  • "denied_action": "message_continue",
  • "authentication": "none"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
  • "name": "string",
  • "slug": "string",
  • "title": "string",
  • "designation": "authentication",
  • "background": "string",
  • "stages": [
    ],
  • "policies": [
    ],
  • "cache_count": 0,
  • "policy_engine_mode": "all",
  • "compatibility_mode": true,
  • "export_url": "string",
  • "layout": "stacked",
  • "denied_action": "message_continue",
  • "authentication": "none"
}

flows_instances_destroy

Flow Viewset

Authorizations:
authentik
path Parameters
slug
required
string

Visible in the URL.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

flows_instances_diagram_retrieve

Return diagram for flow with slug slug, in the format used by flowchart.js

Authorizations:
authentik
path Parameters
slug
required
string

Visible in the URL.

Responses

Response samples

Content type
application/json
{
  • "diagram": "string"
}

flows_instances_execute_retrieve

Execute flow for current user

Authorizations:
authentik
path Parameters
slug
required
string

Visible in the URL.

Responses

Response samples

Content type
application/json
{
  • "link": "string"
}

flows_instances_export_retrieve

Export flow to .yaml file

Authorizations:
authentik
path Parameters
slug
required
string

Visible in the URL.

Responses

Response samples

Content type
application/json
"string"

flows_instances_set_background_create

Set Flow background

Authorizations:
authentik
path Parameters
slug
required
string

Visible in the URL.

Request Body schema: multipart/form-data
file
string <binary>
clear
boolean
Default: false

Responses

Response samples

Content type
application/json
{
  • "detail": "string",
  • "code": "string"
}

flows_instances_set_background_url_create

Set Flow background (as URL)

Authorizations:
authentik
path Parameters
slug
required
string

Visible in the URL.

Request Body schema: application/json
required
url
required
string non-empty

Responses

Request samples

Content type
application/json
{
  • "url": "string"
}

Response samples

Content type
application/json
{
  • "detail": "string",
  • "code": "string"
}

flows_instances_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
slug
required
string

Visible in the URL.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

flows_instances_cache_clear_create

Clear flow cache

Authorizations:
authentik

Responses

Response samples

Content type
application/json
{
  • "detail": "string",
  • "code": "string"
}

flows_instances_cache_info_retrieve

Info about cached flows

Authorizations:
authentik

Responses

Response samples

Content type
application/json
{
  • "count": 0
}

flows_instances_import_create

Import flow from .yaml file

Authorizations:
authentik
Request Body schema: multipart/form-data
file
string <binary>
clear
boolean
Default: false

Responses

Response samples

Content type
application/json
{
  • "logs": [
    ],
  • "success": true
}

managed

managed_blueprints_list

Blueprint instances

Authorizations:
authentik
query Parameters
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

path
string
search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

managed_blueprints_create

Blueprint instances

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
path
string
Default: ""
context
any
enabled
boolean
content
string

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "path": "",
  • "context": null,
  • "enabled": true,
  • "content": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "path": "",
  • "context": null,
  • "last_applied": "2019-08-24T14:15:22Z",
  • "last_applied_hash": "string",
  • "status": "successful",
  • "enabled": true,
  • "managed_models": [
    ],
  • "metadata": null,
  • "content": "string"
}

managed_blueprints_retrieve

Blueprint instances

Authorizations:
authentik
path Parameters
instance_uuid
required
string <uuid>

A UUID string identifying this Blueprint Instance.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "path": "",
  • "context": null,
  • "last_applied": "2019-08-24T14:15:22Z",
  • "last_applied_hash": "string",
  • "status": "successful",
  • "enabled": true,
  • "managed_models": [
    ],
  • "metadata": null,
  • "content": "string"
}

managed_blueprints_update

Blueprint instances

Authorizations:
authentik
path Parameters
instance_uuid
required
string <uuid>

A UUID string identifying this Blueprint Instance.

Request Body schema: application/json
required
name
required
string non-empty
path
string
Default: ""
context
any
enabled
boolean
content
string

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "path": "",
  • "context": null,
  • "enabled": true,
  • "content": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "path": "",
  • "context": null,
  • "last_applied": "2019-08-24T14:15:22Z",
  • "last_applied_hash": "string",
  • "status": "successful",
  • "enabled": true,
  • "managed_models": [
    ],
  • "metadata": null,
  • "content": "string"
}

managed_blueprints_partial_update

Blueprint instances

Authorizations:
authentik
path Parameters
instance_uuid
required
string <uuid>

A UUID string identifying this Blueprint Instance.

Request Body schema: application/json
name
string non-empty
path
string
Default: ""
context
any
enabled
boolean
content
string

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "path": "",
  • "context": null,
  • "enabled": true,
  • "content": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "path": "",
  • "context": null,
  • "last_applied": "2019-08-24T14:15:22Z",
  • "last_applied_hash": "string",
  • "status": "successful",
  • "enabled": true,
  • "managed_models": [
    ],
  • "metadata": null,
  • "content": "string"
}

managed_blueprints_destroy

Blueprint instances

Authorizations:
authentik
path Parameters
instance_uuid
required
string <uuid>

A UUID string identifying this Blueprint Instance.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

managed_blueprints_apply_create

Apply a blueprint

Authorizations:
authentik
path Parameters
instance_uuid
required
string <uuid>

A UUID string identifying this Blueprint Instance.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "path": "",
  • "context": null,
  • "last_applied": "2019-08-24T14:15:22Z",
  • "last_applied_hash": "string",
  • "status": "successful",
  • "enabled": true,
  • "managed_models": [
    ],
  • "metadata": null,
  • "content": "string"
}

managed_blueprints_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
instance_uuid
required
string <uuid>

A UUID string identifying this Blueprint Instance.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

managed_blueprints_available_list

Get blueprints

Authorizations:
authentik

Responses

Response samples

Content type
application/json
[
  • {
    }
]

oauth2

oauth2_access_tokens_list

AccessToken Viewset

Authorizations:
authentik
query Parameters
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

provider
integer
search
string

A search term.

user
integer

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

oauth2_access_tokens_retrieve

AccessToken Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this OAuth2 Access Token.

Responses

Response samples

Content type
application/json
{
  • "pk": 0,
  • "provider": {
    },
  • "user": {
    },
  • "is_expired": true,
  • "expires": "2019-08-24T14:15:22Z",
  • "scope": [
    ],
  • "id_token": "string",
  • "revoked": true
}

oauth2_access_tokens_destroy

AccessToken Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this OAuth2 Access Token.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

oauth2_access_tokens_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this OAuth2 Access Token.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

oauth2_authorization_codes_list

AuthorizationCode Viewset

Authorizations:
authentik
query Parameters
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

provider
integer
search
string

A search term.

user
integer

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

oauth2_authorization_codes_retrieve

AuthorizationCode Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this Authorization Code.

Responses

Response samples

Content type
application/json
{
  • "pk": 0,
  • "provider": {
    },
  • "user": {
    },
  • "is_expired": true,
  • "expires": "2019-08-24T14:15:22Z",
  • "scope": [
    ]
}

oauth2_authorization_codes_destroy

AuthorizationCode Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this Authorization Code.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

oauth2_authorization_codes_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this Authorization Code.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

oauth2_refresh_tokens_list

RefreshToken Viewset

Authorizations:
authentik
query Parameters
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

provider
integer
search
string

A search term.

user
integer

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

oauth2_refresh_tokens_retrieve

RefreshToken Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this OAuth2 Refresh Token.

Responses

Response samples

Content type
application/json
{
  • "pk": 0,
  • "provider": {
    },
  • "user": {
    },
  • "is_expired": true,
  • "expires": "2019-08-24T14:15:22Z",
  • "scope": [
    ],
  • "id_token": "string",
  • "revoked": true
}

oauth2_refresh_tokens_destroy

RefreshToken Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this OAuth2 Refresh Token.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

oauth2_refresh_tokens_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this OAuth2 Refresh Token.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

outposts

outposts_instances_list

Outpost Viewset

Authorizations:
authentik
query Parameters
managed__icontains
string
managed__iexact
string
name__icontains
string
name__iexact
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

providers__isnull
boolean
providers_by_pk
Array of integers
search
string

A search term.

service_connection__name__icontains
string
service_connection__name__iexact
string

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

outposts_instances_create

Outpost Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
type
required
string (OutpostTypeEnum)
Enum: "proxy" "ldap" "radius" "rac"
providers
required
Array of integers
service_connection
string or null <uuid>

Select Service-Connection authentik should use to manage this outpost. Leave empty if authentik should not handle the deployment.

required
object
managed
string or null (Managed by authentik) non-empty

Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "type": "proxy",
  • "providers": [
    ],
  • "service_connection": "42d1f606-386d-44d6-8d5c-96a6d96e0cfa",
  • "config": {
    },
  • "managed": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "type": "proxy",
  • "providers": [
    ],
  • "providers_obj": [
    ],
  • "service_connection": "42d1f606-386d-44d6-8d5c-96a6d96e0cfa",
  • "service_connection_obj": {
    },
  • "token_identifier": "string",
  • "config": {
    },
  • "managed": "string"
}

outposts_instances_retrieve

Outpost Viewset

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Outpost.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "type": "proxy",
  • "providers": [
    ],
  • "providers_obj": [
    ],
  • "service_connection": "42d1f606-386d-44d6-8d5c-96a6d96e0cfa",
  • "service_connection_obj": {
    },
  • "token_identifier": "string",
  • "config": {
    },
  • "managed": "string"
}

outposts_instances_update

Outpost Viewset

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Outpost.

Request Body schema: application/json
required
name
required
string non-empty
type
required
string (OutpostTypeEnum)
Enum: "proxy" "ldap" "radius" "rac"
providers
required
Array of integers
service_connection
string or null <uuid>

Select Service-Connection authentik should use to manage this outpost. Leave empty if authentik should not handle the deployment.

required
object
managed
string or null (Managed by authentik) non-empty

Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "type": "proxy",
  • "providers": [
    ],
  • "service_connection": "42d1f606-386d-44d6-8d5c-96a6d96e0cfa",
  • "config": {
    },
  • "managed": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "type": "proxy",
  • "providers": [
    ],
  • "providers_obj": [
    ],
  • "service_connection": "42d1f606-386d-44d6-8d5c-96a6d96e0cfa",
  • "service_connection_obj": {
    },
  • "token_identifier": "string",
  • "config": {
    },
  • "managed": "string"
}

outposts_instances_partial_update

Outpost Viewset

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Outpost.

Request Body schema: application/json
name
string non-empty
type
string (OutpostTypeEnum)
Enum: "proxy" "ldap" "radius" "rac"
providers
Array of integers
service_connection
string or null <uuid>

Select Service-Connection authentik should use to manage this outpost. Leave empty if authentik should not handle the deployment.

object
managed
string or null (Managed by authentik) non-empty

Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "type": "proxy",
  • "providers": [
    ],
  • "service_connection": "42d1f606-386d-44d6-8d5c-96a6d96e0cfa",
  • "config": {
    },
  • "managed": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "type": "proxy",
  • "providers": [
    ],
  • "providers_obj": [
    ],
  • "service_connection": "42d1f606-386d-44d6-8d5c-96a6d96e0cfa",
  • "service_connection_obj": {
    },
  • "token_identifier": "string",
  • "config": {
    },
  • "managed": "string"
}

outposts_instances_destroy

Outpost Viewset

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Outpost.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

outposts_instances_health_list

Get outposts current health

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Outpost.

query Parameters
managed__icontains
string
managed__iexact
string
name__icontains
string
name__iexact
string
ordering
string

Which field to use when ordering the results.

providers__isnull
boolean
providers_by_pk
Array of integers
search
string

A search term.

service_connection__name__icontains
string
service_connection__name__iexact
string

Responses

Response samples

Content type
application/json
[
  • {
    }
]

outposts_instances_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Outpost.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

outposts_instances_default_settings_retrieve

Global default outpost config

Authorizations:
authentik

Responses

Response samples

Content type
application/json
{
  • "config": {
    }
}

outposts_ldap_list

LDAPProvider Viewset

Authorizations:
authentik
query Parameters
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

outposts_ldap_retrieve

LDAPProvider Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this LDAP Provider.

Responses

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "base_dn": "string",
  • "bind_flow_slug": "string",
  • "application_slug": "string",
  • "search_group": "bfbd661e-4d78-456a-b020-3a3c48f6db9b",
  • "certificate": "b7dc5fd8-9c23-4dd8-a5cb-7431da1854eb",
  • "tls_server_name": "string",
  • "uid_start_number": -2147483648,
  • "gid_start_number": -2147483648,
  • "search_mode": "direct",
  • "bind_mode": "direct",
  • "mfa_support": true
}

outposts_proxy_list

ProxyProvider Viewset

Authorizations:
authentik
query Parameters
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

outposts_proxy_retrieve

ProxyProvider Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this Proxy Provider.

Responses

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "internal_host": "http://example.com",
  • "external_host": "http://example.com",
  • "internal_host_ssl_validation": true,
  • "client_id": "string",
  • "client_secret": "string",
  • "oidc_configuration": {
    },
  • "cookie_secret": "string",
  • "certificate": "b7dc5fd8-9c23-4dd8-a5cb-7431da1854eb",
  • "skip_path_regex": "string",
  • "basic_auth_enabled": true,
  • "basic_auth_password_attribute": "string",
  • "basic_auth_user_attribute": "string",
  • "mode": "proxy",
  • "cookie_domain": "string",
  • "access_token_validity": 0.1,
  • "intercept_header_auth": true,
  • "scopes_to_request": [
    ],
  • "assigned_application_slug": "string",
  • "assigned_application_name": "string"
}

outposts_radius_list

RadiusProvider Viewset

Authorizations:
authentik
query Parameters
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

outposts_radius_retrieve

RadiusProvider Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this Radius Provider.

Responses

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "application_slug": "string",
  • "auth_flow_slug": "string",
  • "client_networks": "string",
  • "shared_secret": "string",
  • "mfa_support": true
}

outposts_service_connections_all_list

ServiceConnection Viewset

Authorizations:
authentik
query Parameters
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

outposts_service_connections_all_retrieve

ServiceConnection Viewset

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Outpost Service-Connection.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "local": true,
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string"
}

outposts_service_connections_all_destroy

ServiceConnection Viewset

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Outpost Service-Connection.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

outposts_service_connections_all_state_retrieve

Get the service connection's state

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Outpost Service-Connection.

Responses

Response samples

Content type
application/json
{
  • "healthy": true,
  • "version": "string"
}

outposts_service_connections_all_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Outpost Service-Connection.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

outposts_service_connections_all_types_list

Get all creatable service connection types

Authorizations:
authentik

Responses

Response samples

Content type
application/json
[
  • {
    }
]

outposts_service_connections_docker_list

DockerServiceConnection Viewset

Authorizations:
authentik
query Parameters
local
boolean
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

tls_authentication
string <uuid>
tls_verification
string <uuid>
url
string

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

outposts_service_connections_docker_create

DockerServiceConnection Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
local
boolean

If enabled, use the local connection. Required Docker socket/Kubernetes Integration

url
required
string non-empty

Can be in the format of 'unix://' when connecting to a local docker daemon, or 'https://:2376' when connecting to a remote system.

tls_verification
string or null <uuid>

CA which the endpoint's Certificate is verified against. Can be left empty for no validation.

tls_authentication
string or null <uuid>

Certificate/Key used for authentication. Can be left empty for no authentication.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "local": true,
  • "url": "string",
  • "tls_verification": "abfc60cf-b788-497b-90cf-de579831c7f7",
  • "tls_authentication": "cc841068-7173-4529-9560-50b021d00610"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "local": true,
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "url": "string",
  • "tls_verification": "abfc60cf-b788-497b-90cf-de579831c7f7",
  • "tls_authentication": "cc841068-7173-4529-9560-50b021d00610"
}

outposts_service_connections_docker_retrieve

DockerServiceConnection Viewset

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Docker Service-Connection.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "local": true,
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "url": "string",
  • "tls_verification": "abfc60cf-b788-497b-90cf-de579831c7f7",
  • "tls_authentication": "cc841068-7173-4529-9560-50b021d00610"
}

outposts_service_connections_docker_update

DockerServiceConnection Viewset

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Docker Service-Connection.

Request Body schema: application/json
required
name
required
string non-empty
local
boolean

If enabled, use the local connection. Required Docker socket/Kubernetes Integration

url
required
string non-empty

Can be in the format of 'unix://' when connecting to a local docker daemon, or 'https://:2376' when connecting to a remote system.

tls_verification
string or null <uuid>

CA which the endpoint's Certificate is verified against. Can be left empty for no validation.

tls_authentication
string or null <uuid>

Certificate/Key used for authentication. Can be left empty for no authentication.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "local": true,
  • "url": "string",
  • "tls_verification": "abfc60cf-b788-497b-90cf-de579831c7f7",
  • "tls_authentication": "cc841068-7173-4529-9560-50b021d00610"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "local": true,
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "url": "string",
  • "tls_verification": "abfc60cf-b788-497b-90cf-de579831c7f7",
  • "tls_authentication": "cc841068-7173-4529-9560-50b021d00610"
}

outposts_service_connections_docker_partial_update

DockerServiceConnection Viewset

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Docker Service-Connection.

Request Body schema: application/json
name
string non-empty
local
boolean

If enabled, use the local connection. Required Docker socket/Kubernetes Integration

url
string non-empty

Can be in the format of 'unix://' when connecting to a local docker daemon, or 'https://:2376' when connecting to a remote system.

tls_verification
string or null <uuid>

CA which the endpoint's Certificate is verified against. Can be left empty for no validation.

tls_authentication
string or null <uuid>

Certificate/Key used for authentication. Can be left empty for no authentication.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "local": true,
  • "url": "string",
  • "tls_verification": "abfc60cf-b788-497b-90cf-de579831c7f7",
  • "tls_authentication": "cc841068-7173-4529-9560-50b021d00610"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "local": true,
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "url": "string",
  • "tls_verification": "abfc60cf-b788-497b-90cf-de579831c7f7",
  • "tls_authentication": "cc841068-7173-4529-9560-50b021d00610"
}

outposts_service_connections_docker_destroy

DockerServiceConnection Viewset

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Docker Service-Connection.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

outposts_service_connections_docker_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Docker Service-Connection.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

outposts_service_connections_kubernetes_list

KubernetesServiceConnection Viewset

Authorizations:
authentik
query Parameters
local
boolean
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

outposts_service_connections_kubernetes_create

KubernetesServiceConnection Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
local
boolean

If enabled, use the local connection. Required Docker socket/Kubernetes Integration

kubeconfig
any

Paste your kubeconfig here. authentik will automatically use the currently selected context.

verify_ssl
boolean

Verify SSL Certificates of the Kubernetes API endpoint

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "local": true,
  • "kubeconfig": null,
  • "verify_ssl": true
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "local": true,
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "kubeconfig": null,
  • "verify_ssl": true
}

outposts_service_connections_kubernetes_retrieve

KubernetesServiceConnection Viewset

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Kubernetes Service-Connection.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "local": true,
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "kubeconfig": null,
  • "verify_ssl": true
}

outposts_service_connections_kubernetes_update

KubernetesServiceConnection Viewset

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Kubernetes Service-Connection.

Request Body schema: application/json
required
name
required
string non-empty
local
boolean

If enabled, use the local connection. Required Docker socket/Kubernetes Integration

kubeconfig
any

Paste your kubeconfig here. authentik will automatically use the currently selected context.

verify_ssl
boolean

Verify SSL Certificates of the Kubernetes API endpoint

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "local": true,
  • "kubeconfig": null,
  • "verify_ssl": true
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "local": true,
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "kubeconfig": null,
  • "verify_ssl": true
}

outposts_service_connections_kubernetes_partial_update

KubernetesServiceConnection Viewset

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Kubernetes Service-Connection.

Request Body schema: application/json
name
string non-empty
local
boolean

If enabled, use the local connection. Required Docker socket/Kubernetes Integration

kubeconfig
any

Paste your kubeconfig here. authentik will automatically use the currently selected context.

verify_ssl
boolean

Verify SSL Certificates of the Kubernetes API endpoint

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "local": true,
  • "kubeconfig": null,
  • "verify_ssl": true
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "local": true,
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "kubeconfig": null,
  • "verify_ssl": true
}

outposts_service_connections_kubernetes_destroy

KubernetesServiceConnection Viewset

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Kubernetes Service-Connection.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

outposts_service_connections_kubernetes_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Kubernetes Service-Connection.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

policies

policies_all_list

Policy Viewset

Authorizations:
authentik
query Parameters
bindings__isnull
boolean
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

promptstage__isnull
boolean
search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

policies_all_retrieve

Policy Viewset

Authorizations:
authentik
path Parameters
policy_uuid
required
string <uuid>

A UUID string identifying this Policy.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "execution_logging": true,
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "bound_to": 0
}

policies_all_destroy

Policy Viewset

Authorizations:
authentik
path Parameters
policy_uuid
required
string <uuid>

A UUID string identifying this Policy.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

policies_all_test_create

Test policy

Authorizations:
authentik
path Parameters
policy_uuid
required
string <uuid>

A UUID string identifying this Policy.

Request Body schema: application/json
required
user
required
integer
object

Responses

Request samples

Content type
application/json
{
  • "user": 0,
  • "context": {
    }
}

Response samples

Content type
application/json
{
  • "passing": true,
  • "messages": [
    ],
  • "log_messages": [
    ]
}

policies_all_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
policy_uuid
required
string <uuid>

A UUID string identifying this Policy.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

policies_all_cache_clear_create

Clear policy cache

Authorizations:
authentik

Responses

Response samples

Content type
application/json
{
  • "detail": "string",
  • "code": "string"
}

policies_all_cache_info_retrieve

Info about cached policies

Authorizations:
authentik

Responses

Response samples

Content type
application/json
{
  • "count": 0
}

policies_all_types_list

Get all creatable policy types

Authorizations:
authentik

Responses

Response samples

Content type
application/json
[
  • {
    }
]

policies_bindings_list

PolicyBinding Viewset

Authorizations:
authentik
query Parameters
enabled
boolean
order
integer
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

policy
string <uuid>
policy__isnull
boolean
search
string

A search term.

target
string <uuid>
target_in
Array of strings <uuid> [ items <uuid > ]
timeout
integer

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

policies_bindings_create

PolicyBinding Viewset

Authorizations:
authentik
Request Body schema: application/json
required
policy
string or null <uuid>
group
string or null <uuid>
user
integer or null
target
required
string <uuid>
negate
boolean

Negates the outcome of the policy. Messages are unaffected.

enabled
boolean
order
required
integer [ -2147483648 .. 2147483647 ]
timeout
integer [ 0 .. 2147483647 ]

Timeout after which Policy execution is terminated.

failure_result
boolean

Result if the Policy execution fails.

Responses

Request samples

Content type
application/json
{
  • "policy": "b98582cd-72b0-4e39-98a9-ede64030e4c6",
  • "group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
  • "user": 0,
  • "target": "65a17d54-9c67-4477-8b80-d3f97e165aa5",
  • "negate": true,
  • "enabled": true,
  • "order": -2147483648,
  • "timeout": 2147483647,
  • "failure_result": true
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "policy": "b98582cd-72b0-4e39-98a9-ede64030e4c6",
  • "group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
  • "user": 0,
  • "policy_obj": {
    },
  • "group_obj": {
    },
  • "user_obj": {
    },
  • "target": "65a17d54-9c67-4477-8b80-d3f97e165aa5",
  • "negate": true,
  • "enabled": true,
  • "order": -2147483648,
  • "timeout": 2147483647,
  • "failure_result": true
}

policies_bindings_retrieve

PolicyBinding Viewset

Authorizations:
authentik
path Parameters
policy_binding_uuid
required
string <uuid>

A UUID string identifying this Policy Binding.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "policy": "b98582cd-72b0-4e39-98a9-ede64030e4c6",
  • "group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
  • "user": 0,
  • "policy_obj": {
    },
  • "group_obj": {
    },
  • "user_obj": {
    },
  • "target": "65a17d54-9c67-4477-8b80-d3f97e165aa5",
  • "negate": true,
  • "enabled": true,
  • "order": -2147483648,
  • "timeout": 2147483647,
  • "failure_result": true
}

policies_bindings_update

PolicyBinding Viewset

Authorizations:
authentik
path Parameters
policy_binding_uuid
required
string <uuid>

A UUID string identifying this Policy Binding.

Request Body schema: application/json
required
policy
string or null <uuid>
group
string or null <uuid>
user
integer or null
target
required
string <uuid>
negate
boolean

Negates the outcome of the policy. Messages are unaffected.

enabled
boolean
order
required
integer [ -2147483648 .. 2147483647 ]
timeout
integer [ 0 .. 2147483647 ]

Timeout after which Policy execution is terminated.

failure_result
boolean

Result if the Policy execution fails.

Responses

Request samples

Content type
application/json
{
  • "policy": "b98582cd-72b0-4e39-98a9-ede64030e4c6",
  • "group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
  • "user": 0,
  • "target": "65a17d54-9c67-4477-8b80-d3f97e165aa5",
  • "negate": true,
  • "enabled": true,
  • "order": -2147483648,
  • "timeout": 2147483647,
  • "failure_result": true
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "policy": "b98582cd-72b0-4e39-98a9-ede64030e4c6",
  • "group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
  • "user": 0,
  • "policy_obj": {
    },
  • "group_obj": {
    },
  • "user_obj": {
    },
  • "target": "65a17d54-9c67-4477-8b80-d3f97e165aa5",
  • "negate": true,
  • "enabled": true,
  • "order": -2147483648,
  • "timeout": 2147483647,
  • "failure_result": true
}

policies_bindings_partial_update

PolicyBinding Viewset

Authorizations:
authentik
path Parameters
policy_binding_uuid
required
string <uuid>

A UUID string identifying this Policy Binding.

Request Body schema: application/json
policy
string or null <uuid>
group
string or null <uuid>
user
integer or null
target
string <uuid>
negate
boolean

Negates the outcome of the policy. Messages are unaffected.

enabled
boolean
order
integer [ -2147483648 .. 2147483647 ]
timeout
integer [ 0 .. 2147483647 ]

Timeout after which Policy execution is terminated.

failure_result
boolean

Result if the Policy execution fails.

Responses

Request samples

Content type
application/json
{
  • "policy": "b98582cd-72b0-4e39-98a9-ede64030e4c6",
  • "group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
  • "user": 0,
  • "target": "65a17d54-9c67-4477-8b80-d3f97e165aa5",
  • "negate": true,
  • "enabled": true,
  • "order": -2147483648,
  • "timeout": 2147483647,
  • "failure_result": true
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "policy": "b98582cd-72b0-4e39-98a9-ede64030e4c6",
  • "group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
  • "user": 0,
  • "policy_obj": {
    },
  • "group_obj": {
    },
  • "user_obj": {
    },
  • "target": "65a17d54-9c67-4477-8b80-d3f97e165aa5",
  • "negate": true,
  • "enabled": true,
  • "order": -2147483648,
  • "timeout": 2147483647,
  • "failure_result": true
}

policies_bindings_destroy

PolicyBinding Viewset

Authorizations:
authentik
path Parameters
policy_binding_uuid
required
string <uuid>

A UUID string identifying this Policy Binding.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

policies_bindings_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
policy_binding_uuid
required
string <uuid>

A UUID string identifying this Policy Binding.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

policies_dummy_list

Dummy Viewset

Authorizations:
authentik
query Parameters
created
string <date-time>
execution_logging
boolean
last_updated
string <date-time>
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

policy_uuid
string <uuid>
result
boolean
search
string

A search term.

wait_max
integer
wait_min
integer

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

policies_dummy_create

Dummy Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
execution_logging
boolean

When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.

result
boolean
wait_min
integer [ -2147483648 .. 2147483647 ]
wait_max
integer [ -2147483648 .. 2147483647 ]

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "execution_logging": true,
  • "result": true,
  • "wait_min": -2147483648,
  • "wait_max": -2147483648
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "execution_logging": true,
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "bound_to": 0,
  • "result": true,
  • "wait_min": -2147483648,
  • "wait_max": -2147483648
}

policies_dummy_retrieve

Dummy Viewset

Authorizations:
authentik
path Parameters
policy_uuid
required
string <uuid>

A UUID string identifying this Dummy Policy.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "execution_logging": true,
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "bound_to": 0,
  • "result": true,
  • "wait_min": -2147483648,
  • "wait_max": -2147483648
}

policies_dummy_update

Dummy Viewset

Authorizations:
authentik
path Parameters
policy_uuid
required
string <uuid>

A UUID string identifying this Dummy Policy.

Request Body schema: application/json
required
name
required
string non-empty
execution_logging
boolean

When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.

result
boolean
wait_min
integer [ -2147483648 .. 2147483647 ]
wait_max
integer [ -2147483648 .. 2147483647 ]

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "execution_logging": true,
  • "result": true,
  • "wait_min": -2147483648,
  • "wait_max": -2147483648
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "execution_logging": true,
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "bound_to": 0,
  • "result": true,
  • "wait_min": -2147483648,
  • "wait_max": -2147483648
}

policies_dummy_partial_update

Dummy Viewset

Authorizations:
authentik
path Parameters
policy_uuid
required
string <uuid>

A UUID string identifying this Dummy Policy.

Request Body schema: application/json
name
string non-empty
execution_logging
boolean

When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.

result
boolean
wait_min
integer [ -2147483648 .. 2147483647 ]
wait_max
integer [ -2147483648 .. 2147483647 ]

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "execution_logging": true,
  • "result": true,
  • "wait_min": -2147483648,
  • "wait_max": -2147483648
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "execution_logging": true,
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "bound_to": 0,
  • "result": true,
  • "wait_min": -2147483648,
  • "wait_max": -2147483648
}

policies_dummy_destroy

Dummy Viewset

Authorizations:
authentik
path Parameters
policy_uuid
required
string <uuid>

A UUID string identifying this Dummy Policy.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

policies_dummy_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
policy_uuid
required
string <uuid>

A UUID string identifying this Dummy Policy.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

policies_event_matcher_list

Event Matcher Policy Viewset

Authorizations:
authentik
query Parameters
action
string or null
Enum: "authorize_application" "configuration_error" "custom_" "email_sent" "flow_execution" "impersonation_ended" "impersonation_started" "invitation_used" "login" "login_failed" "logout" "model_created" "model_deleted" "model_updated" "password_set" "policy_exception" "policy_execution" "property_mapping_exception" "secret_rotate" "secret_view" "source_linked" "suspicious_request" "system_exception" "system_task_exception" "system_task_execution" "update_available" "user_write"

Match created events with this action type. When left empty, all action types will be matched.

app
string
client_ip
string
created
string <date-time>
execution_logging
boolean
last_updated
string <date-time>
model
string
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

policy_uuid
string <uuid>
search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

policies_event_matcher_create

Event Matcher Policy Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
execution_logging
boolean

When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.

action
string or null
Enum: "login" "login_failed" "logout" "user_write" "suspicious_request" "password_set" "secret_view" "secret_rotate" "invitation_used" "authorize_application" "source_linked" "impersonation_started" "impersonation_ended" "flow_execution" "policy_execution" "policy_exception" "property_mapping_exception" "system_task_execution" "system_task_exception" "system_exception" "configuration_error" "model_created" "model_updated" "model_deleted" "email_sent" "update_available" "custom_"

Match created events with this action type. When left empty, all action types will be matched.

client_ip
string or null non-empty

Matches Event's Client IP (strict matching, for network matching use an Expression Policy)

app
string or null
Enum: "authentik.tenants" "authentik.admin" "authentik.api" "authentik.crypto" "authentik.flows" "authentik.outposts" "authentik.policies.dummy" "authentik.policies.event_matcher" "authentik.policies.expiry" "authentik.policies.expression" "authentik.policies.password" "authentik.policies.reputation" "authentik.policies" "authentik.providers.ldap" "authentik.providers.oauth2" "authentik.providers.proxy" "authentik.providers.radius" "authentik.providers.saml" "authentik.providers.scim" "authentik.rbac" "authentik.recovery" "authentik.sources.ldap" "authentik.sources.oauth" "authentik.sources.plex" "authentik.sources.saml" "authentik.sources.scim" "authentik.stages.authenticator" "authentik.stages.authenticator_duo" "authentik.stages.authenticator_sms" "authentik.stages.authenticator_static" "authentik.stages.authenticator_totp" "authentik.stages.authenticator_validate" "authentik.stages.authenticator_webauthn" "authentik.stages.captcha" "authentik.stages.consent" "authentik.stages.deny" "authentik.stages.dummy" "authentik.stages.email" "authentik.stages.identification" "authentik.stages.invitation" "authentik.stages.password" "authentik.stages.prompt" "authentik.stages.user_delete" "authentik.stages.user_login" "authentik.stages.user_logout" "authentik.stages.user_write" "authentik.brands" "authentik.blueprints" "authentik.core" "authentik.enterprise" "authentik.enterprise.audit" "authentik.enterprise.providers.rac" "authentik.enterprise.stages.source" "authentik.events"

Match events created by selected application. When left empty, all applications are matched.

model
string or null
Enum: "authentik_tenants.domain" "authentik_crypto.certificatekeypair" "authentik_flows.flow" "authentik_flows.flowstagebinding" "authentik_outposts.dockerserviceconnection" "authentik_outposts.kubernetesserviceconnection" "authentik_outposts.outpost" "authentik_policies_dummy.dummypolicy" "authentik_policies_event_matcher.eventmatcherpolicy" "authentik_policies_expiry.passwordexpirypolicy" "authentik_policies_expression.expressionpolicy" "authentik_policies_password.passwordpolicy" "authentik_policies_reputation.reputationpolicy" "authentik_policies.policybinding" "authentik_providers_ldap.ldapprovider" "authentik_providers_oauth2.scopemapping" "authentik_providers_oauth2.oauth2provider" "authentik_providers_proxy.proxyprovider" "authentik_providers_radius.radiusprovider" "authentik_providers_saml.samlprovider" "authentik_providers_saml.samlpropertymapping" "authentik_providers_scim.scimprovider" "authentik_providers_scim.scimmapping" "authentik_rbac.role" "authentik_sources_ldap.ldapsource" "authentik_sources_ldap.ldappropertymapping" "authentik_sources_oauth.oauthsource" "authentik_sources_oauth.useroauthsourceconnection" "authentik_sources_plex.plexsource" "authentik_sources_plex.plexsourceconnection" "authentik_sources_saml.samlsource" "authentik_sources_saml.usersamlsourceconnection" "authentik_sources_scim.scimsource" "authentik_stages_authenticator_duo.authenticatorduostage" "authentik_stages_authenticator_duo.duodevice" "authentik_stages_authenticator_sms.authenticatorsmsstage" "authentik_stages_authenticator_sms.smsdevice" "authentik_stages_authenticator_static.authenticatorstaticstage" "authentik_stages_authenticator_static.staticdevice" "authentik_stages_authenticator_totp.authenticatortotpstage" "authentik_stages_authenticator_totp.totpdevice" "authentik_stages_authenticator_validate.authenticatorvalidatestage" "authentik_stages_authenticator_webauthn.authenticatorwebauthnstage" "authentik_stages_authenticator_webauthn.webauthndevice" "authentik_stages_captcha.captchastage" "authentik_stages_consent.consentstage" "authentik_stages_consent.userconsent" "authentik_stages_deny.denystage" "authentik_stages_dummy.dummystage" "authentik_stages_email.emailstage" "authentik_stages_identification.identificationstage" "authentik_stages_invitation.invitationstage" "authentik_stages_invitation.invitation" "authentik_stages_password.passwordstage" "authentik_stages_prompt.prompt" "authentik_stages_prompt.promptstage" "authentik_stages_user_delete.userdeletestage" "authentik_stages_user_login.userloginstage" "authentik_stages_user_logout.userlogoutstage" "authentik_stages_user_write.userwritestage" "authentik_brands.brand" "authentik_blueprints.blueprintinstance" "authentik_core.group" "authentik_core.user" "authentik_core.application" "authentik_core.token" "authentik_enterprise.license" "authentik_providers_rac.racprovider" "authentik_providers_rac.endpoint" "authentik_providers_rac.racpropertymapping" "authentik_stages_source.sourcestage" "authentik_events.event" "authentik_events.notificationtransport" "authentik_events.notification" "authentik_events.notificationrule" "authentik_events.notificationwebhookmapping"

Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "execution_logging": true,
  • "action": "login",
  • "client_ip": "string",
  • "app": "authentik.tenants",
  • "model": "authentik_tenants.domain"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "execution_logging": true,
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "bound_to": 0,
  • "action": "login",
  • "client_ip": "string",
  • "app": "authentik.tenants",
  • "model": "authentik_tenants.domain"
}

policies_event_matcher_retrieve

Event Matcher Policy Viewset

Authorizations:
authentik
path Parameters
policy_uuid
required
string <uuid>

A UUID string identifying this Event Matcher Policy.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "execution_logging": true,
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "bound_to": 0,
  • "action": "login",
  • "client_ip": "string",
  • "app": "authentik.tenants",
  • "model": "authentik_tenants.domain"
}

policies_event_matcher_update

Event Matcher Policy Viewset

Authorizations:
authentik
path Parameters
policy_uuid
required
string <uuid>

A UUID string identifying this Event Matcher Policy.

Request Body schema: application/json
required
name
required
string non-empty
execution_logging
boolean

When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.

action
string or null
Enum: "login" "login_failed" "logout" "user_write" "suspicious_request" "password_set" "secret_view" "secret_rotate" "invitation_used" "authorize_application" "source_linked" "impersonation_started" "impersonation_ended" "flow_execution" "policy_execution" "policy_exception" "property_mapping_exception" "system_task_execution" "system_task_exception" "system_exception" "configuration_error" "model_created" "model_updated" "model_deleted" "email_sent" "update_available" "custom_"

Match created events with this action type. When left empty, all action types will be matched.

client_ip
string or null non-empty

Matches Event's Client IP (strict matching, for network matching use an Expression Policy)

app
string or null
Enum: "authentik.tenants" "authentik.admin" "authentik.api" "authentik.crypto" "authentik.flows" "authentik.outposts" "authentik.policies.dummy" "authentik.policies.event_matcher" "authentik.policies.expiry" "authentik.policies.expression" "authentik.policies.password" "authentik.policies.reputation" "authentik.policies" "authentik.providers.ldap" "authentik.providers.oauth2" "authentik.providers.proxy" "authentik.providers.radius" "authentik.providers.saml" "authentik.providers.scim" "authentik.rbac" "authentik.recovery" "authentik.sources.ldap" "authentik.sources.oauth" "authentik.sources.plex" "authentik.sources.saml" "authentik.sources.scim" "authentik.stages.authenticator" "authentik.stages.authenticator_duo" "authentik.stages.authenticator_sms" "authentik.stages.authenticator_static" "authentik.stages.authenticator_totp" "authentik.stages.authenticator_validate" "authentik.stages.authenticator_webauthn" "authentik.stages.captcha" "authentik.stages.consent" "authentik.stages.deny" "authentik.stages.dummy" "authentik.stages.email" "authentik.stages.identification" "authentik.stages.invitation" "authentik.stages.password" "authentik.stages.prompt" "authentik.stages.user_delete" "authentik.stages.user_login" "authentik.stages.user_logout" "authentik.stages.user_write" "authentik.brands" "authentik.blueprints" "authentik.core" "authentik.enterprise" "authentik.enterprise.audit" "authentik.enterprise.providers.rac" "authentik.enterprise.stages.source" "authentik.events"

Match events created by selected application. When left empty, all applications are matched.

model
string or null
Enum: "authentik_tenants.domain" "authentik_crypto.certificatekeypair" "authentik_flows.flow" "authentik_flows.flowstagebinding" "authentik_outposts.dockerserviceconnection" "authentik_outposts.kubernetesserviceconnection" "authentik_outposts.outpost" "authentik_policies_dummy.dummypolicy" "authentik_policies_event_matcher.eventmatcherpolicy" "authentik_policies_expiry.passwordexpirypolicy" "authentik_policies_expression.expressionpolicy" "authentik_policies_password.passwordpolicy" "authentik_policies_reputation.reputationpolicy" "authentik_policies.policybinding" "authentik_providers_ldap.ldapprovider" "authentik_providers_oauth2.scopemapping" "authentik_providers_oauth2.oauth2provider" "authentik_providers_proxy.proxyprovider" "authentik_providers_radius.radiusprovider" "authentik_providers_saml.samlprovider" "authentik_providers_saml.samlpropertymapping" "authentik_providers_scim.scimprovider" "authentik_providers_scim.scimmapping" "authentik_rbac.role" "authentik_sources_ldap.ldapsource" "authentik_sources_ldap.ldappropertymapping" "authentik_sources_oauth.oauthsource" "authentik_sources_oauth.useroauthsourceconnection" "authentik_sources_plex.plexsource" "authentik_sources_plex.plexsourceconnection" "authentik_sources_saml.samlsource" "authentik_sources_saml.usersamlsourceconnection" "authentik_sources_scim.scimsource" "authentik_stages_authenticator_duo.authenticatorduostage" "authentik_stages_authenticator_duo.duodevice" "authentik_stages_authenticator_sms.authenticatorsmsstage" "authentik_stages_authenticator_sms.smsdevice" "authentik_stages_authenticator_static.authenticatorstaticstage" "authentik_stages_authenticator_static.staticdevice" "authentik_stages_authenticator_totp.authenticatortotpstage" "authentik_stages_authenticator_totp.totpdevice" "authentik_stages_authenticator_validate.authenticatorvalidatestage" "authentik_stages_authenticator_webauthn.authenticatorwebauthnstage" "authentik_stages_authenticator_webauthn.webauthndevice" "authentik_stages_captcha.captchastage" "authentik_stages_consent.consentstage" "authentik_stages_consent.userconsent" "authentik_stages_deny.denystage" "authentik_stages_dummy.dummystage" "authentik_stages_email.emailstage" "authentik_stages_identification.identificationstage" "authentik_stages_invitation.invitationstage" "authentik_stages_invitation.invitation" "authentik_stages_password.passwordstage" "authentik_stages_prompt.prompt" "authentik_stages_prompt.promptstage" "authentik_stages_user_delete.userdeletestage" "authentik_stages_user_login.userloginstage" "authentik_stages_user_logout.userlogoutstage" "authentik_stages_user_write.userwritestage" "authentik_brands.brand" "authentik_blueprints.blueprintinstance" "authentik_core.group" "authentik_core.user" "authentik_core.application" "authentik_core.token" "authentik_enterprise.license" "authentik_providers_rac.racprovider" "authentik_providers_rac.endpoint" "authentik_providers_rac.racpropertymapping" "authentik_stages_source.sourcestage" "authentik_events.event" "authentik_events.notificationtransport" "authentik_events.notification" "authentik_events.notificationrule" "authentik_events.notificationwebhookmapping"

Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "execution_logging": true,
  • "action": "login",
  • "client_ip": "string",
  • "app": "authentik.tenants",
  • "model": "authentik_tenants.domain"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "execution_logging": true,
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "bound_to": 0,
  • "action": "login",
  • "client_ip": "string",
  • "app": "authentik.tenants",
  • "model": "authentik_tenants.domain"
}

policies_event_matcher_partial_update

Event Matcher Policy Viewset

Authorizations:
authentik
path Parameters
policy_uuid
required
string <uuid>

A UUID string identifying this Event Matcher Policy.

Request Body schema: application/json
name
string non-empty
execution_logging
boolean

When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.

action
string or null
Enum: "login" "login_failed" "logout" "user_write" "suspicious_request" "password_set" "secret_view" "secret_rotate" "invitation_used" "authorize_application" "source_linked" "impersonation_started" "impersonation_ended" "flow_execution" "policy_execution" "policy_exception" "property_mapping_exception" "system_task_execution" "system_task_exception" "system_exception" "configuration_error" "model_created" "model_updated" "model_deleted" "email_sent" "update_available" "custom_"

Match created events with this action type. When left empty, all action types will be matched.

client_ip
string or null non-empty

Matches Event's Client IP (strict matching, for network matching use an Expression Policy)

app
string or null
Enum: "authentik.tenants" "authentik.admin" "authentik.api" "authentik.crypto" "authentik.flows" "authentik.outposts" "authentik.policies.dummy" "authentik.policies.event_matcher" "authentik.policies.expiry" "authentik.policies.expression" "authentik.policies.password" "authentik.policies.reputation" "authentik.policies" "authentik.providers.ldap" "authentik.providers.oauth2" "authentik.providers.proxy" "authentik.providers.radius" "authentik.providers.saml" "authentik.providers.scim" "authentik.rbac" "authentik.recovery" "authentik.sources.ldap" "authentik.sources.oauth" "authentik.sources.plex" "authentik.sources.saml" "authentik.sources.scim" "authentik.stages.authenticator" "authentik.stages.authenticator_duo" "authentik.stages.authenticator_sms" "authentik.stages.authenticator_static" "authentik.stages.authenticator_totp" "authentik.stages.authenticator_validate" "authentik.stages.authenticator_webauthn" "authentik.stages.captcha" "authentik.stages.consent" "authentik.stages.deny" "authentik.stages.dummy" "authentik.stages.email" "authentik.stages.identification" "authentik.stages.invitation" "authentik.stages.password" "authentik.stages.prompt" "authentik.stages.user_delete" "authentik.stages.user_login" "authentik.stages.user_logout" "authentik.stages.user_write" "authentik.brands" "authentik.blueprints" "authentik.core" "authentik.enterprise" "authentik.enterprise.audit" "authentik.enterprise.providers.rac" "authentik.enterprise.stages.source" "authentik.events"

Match events created by selected application. When left empty, all applications are matched.

model
string or null
Enum: "authentik_tenants.domain" "authentik_crypto.certificatekeypair" "authentik_flows.flow" "authentik_flows.flowstagebinding" "authentik_outposts.dockerserviceconnection" "authentik_outposts.kubernetesserviceconnection" "authentik_outposts.outpost" "authentik_policies_dummy.dummypolicy" "authentik_policies_event_matcher.eventmatcherpolicy" "authentik_policies_expiry.passwordexpirypolicy" "authentik_policies_expression.expressionpolicy" "authentik_policies_password.passwordpolicy" "authentik_policies_reputation.reputationpolicy" "authentik_policies.policybinding" "authentik_providers_ldap.ldapprovider" "authentik_providers_oauth2.scopemapping" "authentik_providers_oauth2.oauth2provider" "authentik_providers_proxy.proxyprovider" "authentik_providers_radius.radiusprovider" "authentik_providers_saml.samlprovider" "authentik_providers_saml.samlpropertymapping" "authentik_providers_scim.scimprovider" "authentik_providers_scim.scimmapping" "authentik_rbac.role" "authentik_sources_ldap.ldapsource" "authentik_sources_ldap.ldappropertymapping" "authentik_sources_oauth.oauthsource" "authentik_sources_oauth.useroauthsourceconnection" "authentik_sources_plex.plexsource" "authentik_sources_plex.plexsourceconnection" "authentik_sources_saml.samlsource" "authentik_sources_saml.usersamlsourceconnection" "authentik_sources_scim.scimsource" "authentik_stages_authenticator_duo.authenticatorduostage" "authentik_stages_authenticator_duo.duodevice" "authentik_stages_authenticator_sms.authenticatorsmsstage" "authentik_stages_authenticator_sms.smsdevice" "authentik_stages_authenticator_static.authenticatorstaticstage" "authentik_stages_authenticator_static.staticdevice" "authentik_stages_authenticator_totp.authenticatortotpstage" "authentik_stages_authenticator_totp.totpdevice" "authentik_stages_authenticator_validate.authenticatorvalidatestage" "authentik_stages_authenticator_webauthn.authenticatorwebauthnstage" "authentik_stages_authenticator_webauthn.webauthndevice" "authentik_stages_captcha.captchastage" "authentik_stages_consent.consentstage" "authentik_stages_consent.userconsent" "authentik_stages_deny.denystage" "authentik_stages_dummy.dummystage" "authentik_stages_email.emailstage" "authentik_stages_identification.identificationstage" "authentik_stages_invitation.invitationstage" "authentik_stages_invitation.invitation" "authentik_stages_password.passwordstage" "authentik_stages_prompt.prompt" "authentik_stages_prompt.promptstage" "authentik_stages_user_delete.userdeletestage" "authentik_stages_user_login.userloginstage" "authentik_stages_user_logout.userlogoutstage" "authentik_stages_user_write.userwritestage" "authentik_brands.brand" "authentik_blueprints.blueprintinstance" "authentik_core.group" "authentik_core.user" "authentik_core.application" "authentik_core.token" "authentik_enterprise.license" "authentik_providers_rac.racprovider" "authentik_providers_rac.endpoint" "authentik_providers_rac.racpropertymapping" "authentik_stages_source.sourcestage" "authentik_events.event" "authentik_events.notificationtransport" "authentik_events.notification" "authentik_events.notificationrule" "authentik_events.notificationwebhookmapping"

Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "execution_logging": true,
  • "action": "login",
  • "client_ip": "string",
  • "app": "authentik.tenants",
  • "model": "authentik_tenants.domain"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "execution_logging": true,
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "bound_to": 0,
  • "action": "login",
  • "client_ip": "string",
  • "app": "authentik.tenants",
  • "model": "authentik_tenants.domain"
}

policies_event_matcher_destroy

Event Matcher Policy Viewset

Authorizations:
authentik
path Parameters
policy_uuid
required
string <uuid>

A UUID string identifying this Event Matcher Policy.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

policies_event_matcher_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
policy_uuid
required
string <uuid>

A UUID string identifying this Event Matcher Policy.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

policies_expression_list

Source Viewset

Authorizations:
authentik
query Parameters
created
string <date-time>
execution_logging
boolean
expression
string
last_updated
string <date-time>
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

policy_uuid
string <uuid>
search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

policies_expression_create

Source Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
execution_logging
boolean

When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.

expression
required
string non-empty

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "execution_logging": true,
  • "expression": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "execution_logging": true,
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "bound_to": 0,
  • "expression": "string"
}

policies_expression_retrieve

Source Viewset

Authorizations:
authentik
path Parameters
policy_uuid
required
string <uuid>

A UUID string identifying this Expression Policy.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "execution_logging": true,
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "bound_to": 0,
  • "expression": "string"
}

policies_expression_update

Source Viewset

Authorizations:
authentik
path Parameters
policy_uuid
required
string <uuid>

A UUID string identifying this Expression Policy.

Request Body schema: application/json
required
name
required
string non-empty
execution_logging
boolean

When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.

expression
required
string non-empty

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "execution_logging": true,
  • "expression": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "execution_logging": true,
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "bound_to": 0,
  • "expression": "string"
}

policies_expression_partial_update

Source Viewset

Authorizations:
authentik
path Parameters
policy_uuid
required
string <uuid>

A UUID string identifying this Expression Policy.

Request Body schema: application/json
name
string non-empty
execution_logging
boolean

When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.

expression
string non-empty

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "execution_logging": true,
  • "expression": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "execution_logging": true,
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "bound_to": 0,
  • "expression": "string"
}

policies_expression_destroy

Source Viewset

Authorizations:
authentik
path Parameters
policy_uuid
required
string <uuid>

A UUID string identifying this Expression Policy.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

policies_expression_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
policy_uuid
required
string <uuid>

A UUID string identifying this Expression Policy.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

policies_password_list

Password Policy Viewset

Authorizations:
authentik
query Parameters
amount_digits
integer
amount_lowercase
integer
amount_symbols
integer
amount_uppercase
integer
check_have_i_been_pwned
boolean
check_static_rules
boolean
check_zxcvbn
boolean
created
string <date-time>
error_message
string
execution_logging
boolean
hibp_allowed_count
integer
last_updated
string <date-time>
length_min
integer
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

password_field
string
policy_uuid
string <uuid>
search
string

A search term.

symbol_charset
string
zxcvbn_score_threshold
integer

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

policies_password_create

Password Policy Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
execution_logging
boolean

When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.

password_field
string non-empty

Field key to check, field keys defined in Prompt stages are available.

amount_digits
integer [ 0 .. 2147483647 ]
amount_uppercase
integer [ 0 .. 2147483647 ]
amount_lowercase
integer [ 0 .. 2147483647 ]
amount_symbols
integer [ 0 .. 2147483647 ]
length_min
integer [ 0 .. 2147483647 ]
symbol_charset
string non-empty
error_message
string
check_static_rules
boolean
check_have_i_been_pwned
boolean
check_zxcvbn
boolean
hibp_allowed_count
integer [ 0 .. 2147483647 ]

How many times the password hash is allowed to be on haveibeenpwned

zxcvbn_score_threshold
integer [ 0 .. 2147483647 ]

If the zxcvbn score is equal or less than this value, the policy will fail.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "execution_logging": true,
  • "password_field": "string",
  • "amount_digits": 2147483647,
  • "amount_uppercase": 2147483647,
  • "amount_lowercase": 2147483647,
  • "amount_symbols": 2147483647,
  • "length_min": 2147483647,
  • "symbol_charset": "string",
  • "error_message": "string",
  • "check_static_rules": true,
  • "check_have_i_been_pwned": true,
  • "check_zxcvbn": true,
  • "hibp_allowed_count": 2147483647,
  • "zxcvbn_score_threshold": 2147483647
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "execution_logging": true,
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "bound_to": 0,
  • "password_field": "string",
  • "amount_digits": 2147483647,
  • "amount_uppercase": 2147483647,
  • "amount_lowercase": 2147483647,
  • "amount_symbols": 2147483647,
  • "length_min": 2147483647,
  • "symbol_charset": "string",
  • "error_message": "string",
  • "check_static_rules": true,
  • "check_have_i_been_pwned": true,
  • "check_zxcvbn": true,
  • "hibp_allowed_count": 2147483647,
  • "zxcvbn_score_threshold": 2147483647
}

policies_password_retrieve

Password Policy Viewset

Authorizations:
authentik
path Parameters
policy_uuid
required
string <uuid>

A UUID string identifying this Password Policy.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "execution_logging": true,
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "bound_to": 0,
  • "password_field": "string",
  • "amount_digits": 2147483647,
  • "amount_uppercase": 2147483647,
  • "amount_lowercase": 2147483647,
  • "amount_symbols": 2147483647,
  • "length_min": 2147483647,
  • "symbol_charset": "string",
  • "error_message": "string",
  • "check_static_rules": true,
  • "check_have_i_been_pwned": true,
  • "check_zxcvbn": true,
  • "hibp_allowed_count": 2147483647,
  • "zxcvbn_score_threshold": 2147483647
}

policies_password_update

Password Policy Viewset

Authorizations:
authentik
path Parameters
policy_uuid
required
string <uuid>

A UUID string identifying this Password Policy.

Request Body schema: application/json
required
name
required
string non-empty
execution_logging
boolean

When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.

password_field
string non-empty

Field key to check, field keys defined in Prompt stages are available.

amount_digits
integer [ 0 .. 2147483647 ]
amount_uppercase
integer [ 0 .. 2147483647 ]
amount_lowercase
integer [ 0 .. 2147483647 ]
amount_symbols
integer [ 0 .. 2147483647 ]
length_min
integer [ 0 .. 2147483647 ]
symbol_charset
string non-empty
error_message
string
check_static_rules
boolean
check_have_i_been_pwned
boolean
check_zxcvbn
boolean
hibp_allowed_count
integer [ 0 .. 2147483647 ]

How many times the password hash is allowed to be on haveibeenpwned

zxcvbn_score_threshold
integer [ 0 .. 2147483647 ]

If the zxcvbn score is equal or less than this value, the policy will fail.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "execution_logging": true,
  • "password_field": "string",
  • "amount_digits": 2147483647,
  • "amount_uppercase": 2147483647,
  • "amount_lowercase": 2147483647,
  • "amount_symbols": 2147483647,
  • "length_min": 2147483647,
  • "symbol_charset": "string",
  • "error_message": "string",
  • "check_static_rules": true,
  • "check_have_i_been_pwned": true,
  • "check_zxcvbn": true,
  • "hibp_allowed_count": 2147483647,
  • "zxcvbn_score_threshold": 2147483647
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "execution_logging": true,
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "bound_to": 0,
  • "password_field": "string",
  • "amount_digits": 2147483647,
  • "amount_uppercase": 2147483647,
  • "amount_lowercase": 2147483647,
  • "amount_symbols": 2147483647,
  • "length_min": 2147483647,
  • "symbol_charset": "string",
  • "error_message": "string",
  • "check_static_rules": true,
  • "check_have_i_been_pwned": true,
  • "check_zxcvbn": true,
  • "hibp_allowed_count": 2147483647,
  • "zxcvbn_score_threshold": 2147483647
}

policies_password_partial_update

Password Policy Viewset

Authorizations:
authentik
path Parameters
policy_uuid
required
string <uuid>

A UUID string identifying this Password Policy.

Request Body schema: application/json
name
string non-empty
execution_logging
boolean

When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.

password_field
string non-empty

Field key to check, field keys defined in Prompt stages are available.

amount_digits
integer [ 0 .. 2147483647 ]
amount_uppercase
integer [ 0 .. 2147483647 ]
amount_lowercase
integer [ 0 .. 2147483647 ]
amount_symbols
integer [ 0 .. 2147483647 ]
length_min
integer [ 0 .. 2147483647 ]
symbol_charset
string non-empty
error_message
string
check_static_rules
boolean
check_have_i_been_pwned
boolean
check_zxcvbn
boolean
hibp_allowed_count
integer [ 0 .. 2147483647 ]

How many times the password hash is allowed to be on haveibeenpwned

zxcvbn_score_threshold
integer [ 0 .. 2147483647 ]

If the zxcvbn score is equal or less than this value, the policy will fail.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "execution_logging": true,
  • "password_field": "string",
  • "amount_digits": 2147483647,
  • "amount_uppercase": 2147483647,
  • "amount_lowercase": 2147483647,
  • "amount_symbols": 2147483647,
  • "length_min": 2147483647,
  • "symbol_charset": "string",
  • "error_message": "string",
  • "check_static_rules": true,
  • "check_have_i_been_pwned": true,
  • "check_zxcvbn": true,
  • "hibp_allowed_count": 2147483647,
  • "zxcvbn_score_threshold": 2147483647
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "execution_logging": true,
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "bound_to": 0,
  • "password_field": "string",
  • "amount_digits": 2147483647,
  • "amount_uppercase": 2147483647,
  • "amount_lowercase": 2147483647,
  • "amount_symbols": 2147483647,
  • "length_min": 2147483647,
  • "symbol_charset": "string",
  • "error_message": "string",
  • "check_static_rules": true,
  • "check_have_i_been_pwned": true,
  • "check_zxcvbn": true,
  • "hibp_allowed_count": 2147483647,
  • "zxcvbn_score_threshold": 2147483647
}

policies_password_destroy

Password Policy Viewset

Authorizations:
authentik
path Parameters
policy_uuid
required
string <uuid>

A UUID string identifying this Password Policy.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

policies_password_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
policy_uuid
required
string <uuid>

A UUID string identifying this Password Policy.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

policies_password_expiry_list

Password Expiry Viewset

Authorizations:
authentik
query Parameters
created
string <date-time>
days
integer
deny_only
boolean
execution_logging
boolean
last_updated
string <date-time>
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

policy_uuid
string <uuid>
search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

policies_password_expiry_create

Password Expiry Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
execution_logging
boolean

When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.

days
required
integer [ -2147483648 .. 2147483647 ]
deny_only
boolean

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "execution_logging": true,
  • "days": -2147483648,
  • "deny_only": true
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "execution_logging": true,
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "bound_to": 0,
  • "days": -2147483648,
  • "deny_only": true
}

policies_password_expiry_retrieve

Password Expiry Viewset

Authorizations:
authentik
path Parameters
policy_uuid
required
string <uuid>

A UUID string identifying this Password Expiry Policy.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "execution_logging": true,
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "bound_to": 0,
  • "days": -2147483648,
  • "deny_only": true
}

policies_password_expiry_update

Password Expiry Viewset

Authorizations:
authentik
path Parameters
policy_uuid
required
string <uuid>

A UUID string identifying this Password Expiry Policy.

Request Body schema: application/json
required
name
required
string non-empty
execution_logging
boolean

When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.

days
required
integer [ -2147483648 .. 2147483647 ]
deny_only
boolean

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "execution_logging": true,
  • "days": -2147483648,
  • "deny_only": true
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "execution_logging": true,
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "bound_to": 0,
  • "days": -2147483648,
  • "deny_only": true
}

policies_password_expiry_partial_update

Password Expiry Viewset

Authorizations:
authentik
path Parameters
policy_uuid
required
string <uuid>

A UUID string identifying this Password Expiry Policy.

Request Body schema: application/json
name
string non-empty
execution_logging
boolean

When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.

days
integer [ -2147483648 .. 2147483647 ]
deny_only
boolean

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "execution_logging": true,
  • "days": -2147483648,
  • "deny_only": true
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "execution_logging": true,
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "bound_to": 0,
  • "days": -2147483648,
  • "deny_only": true
}

policies_password_expiry_destroy

Password Expiry Viewset

Authorizations:
authentik
path Parameters
policy_uuid
required
string <uuid>

A UUID string identifying this Password Expiry Policy.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

policies_password_expiry_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
policy_uuid
required
string <uuid>

A UUID string identifying this Password Expiry Policy.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

policies_reputation_list

Reputation Policy Viewset

Authorizations:
authentik
query Parameters
check_ip
boolean
check_username
boolean
created
string <date-time>
execution_logging
boolean
last_updated
string <date-time>
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

policy_uuid
string <uuid>
search
string

A search term.

threshold
integer

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

policies_reputation_create

Reputation Policy Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
execution_logging
boolean

When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.

check_ip
boolean
check_username
boolean
threshold
integer [ -2147483648 .. 2147483647 ]

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "execution_logging": true,
  • "check_ip": true,
  • "check_username": true,
  • "threshold": -2147483648
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "execution_logging": true,
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "bound_to": 0,
  • "check_ip": true,
  • "check_username": true,
  • "threshold": -2147483648
}

policies_reputation_retrieve

Reputation Policy Viewset

Authorizations:
authentik
path Parameters
policy_uuid
required
string <uuid>

A UUID string identifying this Reputation Policy.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "execution_logging": true,
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "bound_to": 0,
  • "check_ip": true,
  • "check_username": true,
  • "threshold": -2147483648
}

policies_reputation_update

Reputation Policy Viewset

Authorizations:
authentik
path Parameters
policy_uuid
required
string <uuid>

A UUID string identifying this Reputation Policy.

Request Body schema: application/json
required
name
required
string non-empty
execution_logging
boolean

When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.

check_ip
boolean
check_username
boolean
threshold
integer [ -2147483648 .. 2147483647 ]

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "execution_logging": true,
  • "check_ip": true,
  • "check_username": true,
  • "threshold": -2147483648
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "execution_logging": true,
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "bound_to": 0,
  • "check_ip": true,
  • "check_username": true,
  • "threshold": -2147483648
}

policies_reputation_partial_update

Reputation Policy Viewset

Authorizations:
authentik
path Parameters
policy_uuid
required
string <uuid>

A UUID string identifying this Reputation Policy.

Request Body schema: application/json
name
string non-empty
execution_logging
boolean

When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.

check_ip
boolean
check_username
boolean
threshold
integer [ -2147483648 .. 2147483647 ]

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "execution_logging": true,
  • "check_ip": true,
  • "check_username": true,
  • "threshold": -2147483648
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "execution_logging": true,
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "bound_to": 0,
  • "check_ip": true,
  • "check_username": true,
  • "threshold": -2147483648
}

policies_reputation_destroy

Reputation Policy Viewset

Authorizations:
authentik
path Parameters
policy_uuid
required
string <uuid>

A UUID string identifying this Reputation Policy.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

policies_reputation_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
policy_uuid
required
string <uuid>

A UUID string identifying this Reputation Policy.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

policies_reputation_scores_list

Reputation Viewset

Authorizations:
authentik
query Parameters
identifier
string
ip
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

score
integer
search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

policies_reputation_scores_retrieve

Reputation Viewset

Authorizations:
authentik
path Parameters
reputation_uuid
required
string <uuid>

A UUID string identifying this Reputation Score.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "identifier": "string",
  • "ip": "string",
  • "ip_geo_data": null,
  • "ip_asn_data": null,
  • "score": -9223372036854776000,
  • "updated": "2019-08-24T14:15:22Z"
}

policies_reputation_scores_destroy

Reputation Viewset

Authorizations:
authentik
path Parameters
reputation_uuid
required
string <uuid>

A UUID string identifying this Reputation Score.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

policies_reputation_scores_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
reputation_uuid
required
string <uuid>

A UUID string identifying this Reputation Score.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

propertymappings

propertymappings_all_list

PropertyMapping Viewset

Authorizations:
authentik
query Parameters
managed__isnull
boolean
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

propertymappings_all_retrieve

PropertyMapping Viewset

Authorizations:
authentik
path Parameters
pm_uuid
required
string <uuid>

A UUID string identifying this Property Mapping.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "managed": "string",
  • "name": "string",
  • "expression": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string"
}

propertymappings_all_destroy

PropertyMapping Viewset

Authorizations:
authentik
path Parameters
pm_uuid
required
string <uuid>

A UUID string identifying this Property Mapping.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

propertymappings_all_test_create

Test Property Mapping

Authorizations:
authentik
path Parameters
pm_uuid
required
string <uuid>

A UUID string identifying this Property Mapping.

query Parameters
format_result
boolean
Request Body schema: application/json
required
user
required
integer
object

Responses

Request samples

Content type
application/json
{
  • "user": 0,
  • "context": {
    }
}

Response samples

Content type
application/json
{
  • "result": "string",
  • "successful": true
}

propertymappings_all_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
pm_uuid
required
string <uuid>

A UUID string identifying this Property Mapping.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

propertymappings_all_types_list

Get all creatable property-mapping types

Authorizations:
authentik

Responses

Response samples

Content type
application/json
[
  • {
    }
]

propertymappings_ldap_list

LDAP PropertyMapping Viewset

Authorizations:
authentik
query Parameters
expression
string
managed
Array of strings
name
string
object_field
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

pm_uuid
string <uuid>
search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

propertymappings_ldap_create

LDAP PropertyMapping Viewset

Authorizations:
authentik
Request Body schema: application/json
required
managed
string or null (Managed by authentik) non-empty

Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.

name
required
string non-empty
expression
required
string non-empty
object_field
required
string non-empty

Responses

Request samples

Content type
application/json
{
  • "managed": "string",
  • "name": "string",
  • "expression": "string",
  • "object_field": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "managed": "string",
  • "name": "string",
  • "expression": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "object_field": "string"
}

propertymappings_ldap_retrieve

LDAP PropertyMapping Viewset

Authorizations:
authentik
path Parameters
pm_uuid
required
string <uuid>

A UUID string identifying this LDAP Property Mapping.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "managed": "string",
  • "name": "string",
  • "expression": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "object_field": "string"
}

propertymappings_ldap_update

LDAP PropertyMapping Viewset

Authorizations:
authentik
path Parameters
pm_uuid
required
string <uuid>

A UUID string identifying this LDAP Property Mapping.

Request Body schema: application/json
required
managed
string or null (Managed by authentik) non-empty

Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.

name
required
string non-empty
expression
required
string non-empty
object_field
required
string non-empty

Responses

Request samples

Content type
application/json
{
  • "managed": "string",
  • "name": "string",
  • "expression": "string",
  • "object_field": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "managed": "string",
  • "name": "string",
  • "expression": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "object_field": "string"
}

propertymappings_ldap_partial_update

LDAP PropertyMapping Viewset

Authorizations:
authentik
path Parameters
pm_uuid
required
string <uuid>

A UUID string identifying this LDAP Property Mapping.

Request Body schema: application/json
managed
string or null (Managed by authentik) non-empty

Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.

name
string non-empty
expression
string non-empty
object_field
string non-empty

Responses

Request samples

Content type
application/json
{
  • "managed": "string",
  • "name": "string",
  • "expression": "string",
  • "object_field": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "managed": "string",
  • "name": "string",
  • "expression": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "object_field": "string"
}

propertymappings_ldap_destroy

LDAP PropertyMapping Viewset

Authorizations:
authentik
path Parameters
pm_uuid
required
string <uuid>

A UUID string identifying this LDAP Property Mapping.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

propertymappings_ldap_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
pm_uuid
required
string <uuid>

A UUID string identifying this LDAP Property Mapping.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

propertymappings_notification_list

NotificationWebhookMapping Viewset

Authorizations:
authentik
query Parameters
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

propertymappings_notification_create

NotificationWebhookMapping Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
expression
required
string non-empty

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "expression": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "expression": "string"
}

propertymappings_notification_retrieve

NotificationWebhookMapping Viewset

Authorizations:
authentik
path Parameters
pm_uuid
required
string <uuid>

A UUID string identifying this Webhook Mapping.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "expression": "string"
}

propertymappings_notification_update

NotificationWebhookMapping Viewset

Authorizations:
authentik
path Parameters
pm_uuid
required
string <uuid>

A UUID string identifying this Webhook Mapping.

Request Body schema: application/json
required
name
required
string non-empty
expression
required
string non-empty

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "expression": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "expression": "string"
}

propertymappings_notification_partial_update

NotificationWebhookMapping Viewset

Authorizations:
authentik
path Parameters
pm_uuid
required
string <uuid>

A UUID string identifying this Webhook Mapping.

Request Body schema: application/json
name
string non-empty
expression
string non-empty

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "expression": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "expression": "string"
}

propertymappings_notification_destroy

NotificationWebhookMapping Viewset

Authorizations:
authentik
path Parameters
pm_uuid
required
string <uuid>

A UUID string identifying this Webhook Mapping.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

propertymappings_notification_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
pm_uuid
required
string <uuid>

A UUID string identifying this Webhook Mapping.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

propertymappings_rac_list

RACPropertyMapping Viewset

Authorizations:
authentik
query Parameters
managed
Array of strings
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

propertymappings_rac_create

RACPropertyMapping Viewset

Authorizations:
authentik
Request Body schema: application/json
required
managed
string or null (Managed by authentik) non-empty

Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.

name
required
string non-empty
expression
string
required
object

Responses

Request samples

Content type
application/json
{
  • "managed": "string",
  • "name": "string",
  • "expression": "string",
  • "static_settings": {
    }
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "managed": "string",
  • "name": "string",
  • "expression": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "static_settings": {
    }
}

propertymappings_rac_retrieve

RACPropertyMapping Viewset

Authorizations:
authentik
path Parameters
pm_uuid
required
string <uuid>

A UUID string identifying this RAC Property Mapping.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "managed": "string",
  • "name": "string",
  • "expression": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "static_settings": {
    }
}

propertymappings_rac_update

RACPropertyMapping Viewset

Authorizations:
authentik
path Parameters
pm_uuid
required
string <uuid>

A UUID string identifying this RAC Property Mapping.

Request Body schema: application/json
required
managed
string or null (Managed by authentik) non-empty

Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.

name
required
string non-empty
expression
string
required
object

Responses

Request samples

Content type
application/json
{
  • "managed": "string",
  • "name": "string",
  • "expression": "string",
  • "static_settings": {
    }
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "managed": "string",
  • "name": "string",
  • "expression": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "static_settings": {
    }
}

propertymappings_rac_partial_update

RACPropertyMapping Viewset

Authorizations:
authentik
path Parameters
pm_uuid
required
string <uuid>

A UUID string identifying this RAC Property Mapping.

Request Body schema: application/json
managed
string or null (Managed by authentik) non-empty

Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.

name
string non-empty
expression
string
object

Responses

Request samples

Content type
application/json
{
  • "managed": "string",
  • "name": "string",
  • "expression": "string",
  • "static_settings": {
    }
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "managed": "string",
  • "name": "string",
  • "expression": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "static_settings": {
    }
}

propertymappings_rac_destroy

RACPropertyMapping Viewset

Authorizations:
authentik
path Parameters
pm_uuid
required
string <uuid>

A UUID string identifying this RAC Property Mapping.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

propertymappings_rac_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
pm_uuid
required
string <uuid>

A UUID string identifying this RAC Property Mapping.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

propertymappings_saml_list

SAMLPropertyMapping Viewset

Authorizations:
authentik
query Parameters
expression
string
friendly_name
string
managed
Array of strings
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

pm_uuid
string <uuid>
saml_name
string
search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

propertymappings_saml_create

SAMLPropertyMapping Viewset

Authorizations:
authentik
Request Body schema: application/json
required
managed
string or null (Managed by authentik) non-empty

Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.

name
required
string non-empty
expression
required
string non-empty
saml_name
required
string non-empty
friendly_name
string or null

Responses

Request samples

Content type
application/json
{
  • "managed": "string",
  • "name": "string",
  • "expression": "string",
  • "saml_name": "string",
  • "friendly_name": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "managed": "string",
  • "name": "string",
  • "expression": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "saml_name": "string",
  • "friendly_name": "string"
}

propertymappings_saml_retrieve

SAMLPropertyMapping Viewset

Authorizations:
authentik
path Parameters
pm_uuid
required
string <uuid>

A UUID string identifying this SAML Property Mapping.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "managed": "string",
  • "name": "string",
  • "expression": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "saml_name": "string",
  • "friendly_name": "string"
}

propertymappings_saml_update

SAMLPropertyMapping Viewset

Authorizations:
authentik
path Parameters
pm_uuid
required
string <uuid>

A UUID string identifying this SAML Property Mapping.

Request Body schema: application/json
required
managed
string or null (Managed by authentik) non-empty

Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.

name
required
string non-empty
expression
required
string non-empty
saml_name
required
string non-empty
friendly_name
string or null

Responses

Request samples

Content type
application/json
{
  • "managed": "string",
  • "name": "string",
  • "expression": "string",
  • "saml_name": "string",
  • "friendly_name": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "managed": "string",
  • "name": "string",
  • "expression": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "saml_name": "string",
  • "friendly_name": "string"
}

propertymappings_saml_partial_update

SAMLPropertyMapping Viewset

Authorizations:
authentik
path Parameters
pm_uuid
required
string <uuid>

A UUID string identifying this SAML Property Mapping.

Request Body schema: application/json
managed
string or null (Managed by authentik) non-empty

Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.

name
string non-empty
expression
string non-empty
saml_name
string non-empty
friendly_name
string or null

Responses

Request samples

Content type
application/json
{
  • "managed": "string",
  • "name": "string",
  • "expression": "string",
  • "saml_name": "string",
  • "friendly_name": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "managed": "string",
  • "name": "string",
  • "expression": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "saml_name": "string",
  • "friendly_name": "string"
}

propertymappings_saml_destroy

SAMLPropertyMapping Viewset

Authorizations:
authentik
path Parameters
pm_uuid
required
string <uuid>

A UUID string identifying this SAML Property Mapping.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

propertymappings_saml_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
pm_uuid
required
string <uuid>

A UUID string identifying this SAML Property Mapping.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

propertymappings_scim_list

SCIMMapping Viewset

Authorizations:
authentik
query Parameters
expression
string
managed
Array of strings
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

pm_uuid
string <uuid>
search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

propertymappings_scim_create

SCIMMapping Viewset

Authorizations:
authentik
Request Body schema: application/json
required
managed
string or null (Managed by authentik) non-empty

Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.

name
required
string non-empty
expression
required
string non-empty

Responses

Request samples

Content type
application/json
{
  • "managed": "string",
  • "name": "string",
  • "expression": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "managed": "string",
  • "name": "string",
  • "expression": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string"
}

propertymappings_scim_retrieve

SCIMMapping Viewset

Authorizations:
authentik
path Parameters
pm_uuid
required
string <uuid>

A UUID string identifying this SCIM Mapping.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "managed": "string",
  • "name": "string",
  • "expression": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string"
}

propertymappings_scim_update

SCIMMapping Viewset

Authorizations:
authentik
path Parameters
pm_uuid
required
string <uuid>

A UUID string identifying this SCIM Mapping.

Request Body schema: application/json
required
managed
string or null (Managed by authentik) non-empty

Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.

name
required
string non-empty
expression
required
string non-empty

Responses

Request samples

Content type
application/json
{
  • "managed": "string",
  • "name": "string",
  • "expression": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "managed": "string",
  • "name": "string",
  • "expression": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string"
}

propertymappings_scim_partial_update

SCIMMapping Viewset

Authorizations:
authentik
path Parameters
pm_uuid
required
string <uuid>

A UUID string identifying this SCIM Mapping.

Request Body schema: application/json
managed
string or null (Managed by authentik) non-empty

Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.

name
string non-empty
expression
string non-empty

Responses

Request samples

Content type
application/json
{
  • "managed": "string",
  • "name": "string",
  • "expression": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "managed": "string",
  • "name": "string",
  • "expression": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string"
}

propertymappings_scim_destroy

SCIMMapping Viewset

Authorizations:
authentik
path Parameters
pm_uuid
required
string <uuid>

A UUID string identifying this SCIM Mapping.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

propertymappings_scim_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
pm_uuid
required
string <uuid>

A UUID string identifying this SCIM Mapping.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

propertymappings_scope_list

ScopeMapping Viewset

Authorizations:
authentik
query Parameters
managed
Array of strings
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

scope_name
string
search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

propertymappings_scope_create

ScopeMapping Viewset

Authorizations:
authentik
Request Body schema: application/json
required
managed
string or null (Managed by authentik) non-empty

Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.

name
required
string non-empty
expression
required
string non-empty
scope_name
required
string non-empty

Scope name requested by the client

description
string

Description shown to the user when consenting. If left empty, the user won't be informed.

Responses

Request samples

Content type
application/json
{
  • "managed": "string",
  • "name": "string",
  • "expression": "string",
  • "scope_name": "string",
  • "description": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "managed": "string",
  • "name": "string",
  • "expression": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "scope_name": "string",
  • "description": "string"
}

propertymappings_scope_retrieve

ScopeMapping Viewset

Authorizations:
authentik
path Parameters
pm_uuid
required
string <uuid>

A UUID string identifying this Scope Mapping.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "managed": "string",
  • "name": "string",
  • "expression": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "scope_name": "string",
  • "description": "string"
}

propertymappings_scope_update

ScopeMapping Viewset

Authorizations:
authentik
path Parameters
pm_uuid
required
string <uuid>

A UUID string identifying this Scope Mapping.

Request Body schema: application/json
required
managed
string or null (Managed by authentik) non-empty

Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.

name
required
string non-empty
expression
required
string non-empty
scope_name
required
string non-empty

Scope name requested by the client

description
string

Description shown to the user when consenting. If left empty, the user won't be informed.

Responses

Request samples

Content type
application/json
{
  • "managed": "string",
  • "name": "string",
  • "expression": "string",
  • "scope_name": "string",
  • "description": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "managed": "string",
  • "name": "string",
  • "expression": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "scope_name": "string",
  • "description": "string"
}

propertymappings_scope_partial_update

ScopeMapping Viewset

Authorizations:
authentik
path Parameters
pm_uuid
required
string <uuid>

A UUID string identifying this Scope Mapping.

Request Body schema: application/json
managed
string or null (Managed by authentik) non-empty

Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.

name
string non-empty
expression
string non-empty
scope_name
string non-empty

Scope name requested by the client

description
string

Description shown to the user when consenting. If left empty, the user won't be informed.

Responses

Request samples

Content type
application/json
{
  • "managed": "string",
  • "name": "string",
  • "expression": "string",
  • "scope_name": "string",
  • "description": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "managed": "string",
  • "name": "string",
  • "expression": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "scope_name": "string",
  • "description": "string"
}

propertymappings_scope_destroy

ScopeMapping Viewset

Authorizations:
authentik
path Parameters
pm_uuid
required
string <uuid>

A UUID string identifying this Scope Mapping.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

propertymappings_scope_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
pm_uuid
required
string <uuid>

A UUID string identifying this Scope Mapping.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

providers

providers_all_list

Provider Viewset

Authorizations:
authentik
query Parameters
application__isnull
boolean
backchannel_only
boolean
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

providers_all_retrieve

Provider Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this provider.

Responses

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "component": "string",
  • "assigned_application_slug": "string",
  • "assigned_application_name": "string",
  • "assigned_backchannel_application_slug": "string",
  • "assigned_backchannel_application_name": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string"
}

providers_all_destroy

Provider Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this provider.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

providers_all_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this provider.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

providers_all_types_list

Get all creatable provider types

Authorizations:
authentik

Responses

Response samples

Content type
application/json
[
  • {
    }
]

providers_ldap_list

LDAPProvider Viewset

Authorizations:
authentik
query Parameters
application__isnull
boolean
authorization_flow__slug__iexact
string
base_dn__iexact
string
certificate__kp_uuid__iexact
string <uuid>
certificate__name__iexact
string
gid_start_number__iexact
integer
name__iexact
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

search_group__group_uuid__iexact
string <uuid>
search_group__name__iexact
string
tls_server_name__iexact
string
uid_start_number__iexact
integer

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

providers_ldap_create

LDAPProvider Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
authentication_flow
string or null <uuid>

Flow used for authentication when the associated application is accessed by an un-authenticated user.

authorization_flow
required
string <uuid>

Flow used when authorizing this provider.

property_mappings
Array of strings <uuid> [ items <uuid > ]
base_dn
string non-empty

DN under which objects are accessible.

search_group
string or null <uuid>

Users in this group can do search queries. If not set, every user can execute search queries.

certificate
string or null <uuid>
tls_server_name
string
uid_start_number
integer [ -2147483648 .. 2147483647 ]

The start for uidNumbers, this number is added to the user.pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber

gid_start_number
integer [ -2147483648 .. 2147483647 ]

The start for gidNumbers, this number is added to a number generated from the group.pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber

search_mode
string (LDAPAPIAccessMode)
Enum: "direct" "cached"
bind_mode
string (LDAPAPIAccessMode)
Enum: "direct" "cached"
mfa_support
boolean

When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "base_dn": "string",
  • "search_group": "bfbd661e-4d78-456a-b020-3a3c48f6db9b",
  • "certificate": "b7dc5fd8-9c23-4dd8-a5cb-7431da1854eb",
  • "tls_server_name": "string",
  • "uid_start_number": -2147483648,
  • "gid_start_number": -2147483648,
  • "search_mode": "direct",
  • "bind_mode": "direct",
  • "mfa_support": true
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "component": "string",
  • "assigned_application_slug": "string",
  • "assigned_application_name": "string",
  • "assigned_backchannel_application_slug": "string",
  • "assigned_backchannel_application_name": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "base_dn": "string",
  • "search_group": "bfbd661e-4d78-456a-b020-3a3c48f6db9b",
  • "certificate": "b7dc5fd8-9c23-4dd8-a5cb-7431da1854eb",
  • "tls_server_name": "string",
  • "uid_start_number": -2147483648,
  • "gid_start_number": -2147483648,
  • "outpost_set": [
    ],
  • "search_mode": "direct",
  • "bind_mode": "direct",
  • "mfa_support": true
}

providers_ldap_retrieve

LDAPProvider Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this LDAP Provider.

Responses

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "component": "string",
  • "assigned_application_slug": "string",
  • "assigned_application_name": "string",
  • "assigned_backchannel_application_slug": "string",
  • "assigned_backchannel_application_name": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "base_dn": "string",
  • "search_group": "bfbd661e-4d78-456a-b020-3a3c48f6db9b",
  • "certificate": "b7dc5fd8-9c23-4dd8-a5cb-7431da1854eb",
  • "tls_server_name": "string",
  • "uid_start_number": -2147483648,
  • "gid_start_number": -2147483648,
  • "outpost_set": [
    ],
  • "search_mode": "direct",
  • "bind_mode": "direct",
  • "mfa_support": true
}

providers_ldap_update

LDAPProvider Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this LDAP Provider.

Request Body schema: application/json
required
name
required
string non-empty
authentication_flow
string or null <uuid>

Flow used for authentication when the associated application is accessed by an un-authenticated user.

authorization_flow
required
string <uuid>

Flow used when authorizing this provider.

property_mappings
Array of strings <uuid> [ items <uuid > ]
base_dn
string non-empty

DN under which objects are accessible.

search_group
string or null <uuid>

Users in this group can do search queries. If not set, every user can execute search queries.

certificate
string or null <uuid>
tls_server_name
string
uid_start_number
integer [ -2147483648 .. 2147483647 ]

The start for uidNumbers, this number is added to the user.pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber

gid_start_number
integer [ -2147483648 .. 2147483647 ]

The start for gidNumbers, this number is added to a number generated from the group.pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber

search_mode
string (LDAPAPIAccessMode)
Enum: "direct" "cached"
bind_mode
string (LDAPAPIAccessMode)
Enum: "direct" "cached"
mfa_support
boolean

When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "base_dn": "string",
  • "search_group": "bfbd661e-4d78-456a-b020-3a3c48f6db9b",
  • "certificate": "b7dc5fd8-9c23-4dd8-a5cb-7431da1854eb",
  • "tls_server_name": "string",
  • "uid_start_number": -2147483648,
  • "gid_start_number": -2147483648,
  • "search_mode": "direct",
  • "bind_mode": "direct",
  • "mfa_support": true
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "component": "string",
  • "assigned_application_slug": "string",
  • "assigned_application_name": "string",
  • "assigned_backchannel_application_slug": "string",
  • "assigned_backchannel_application_name": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "base_dn": "string",
  • "search_group": "bfbd661e-4d78-456a-b020-3a3c48f6db9b",
  • "certificate": "b7dc5fd8-9c23-4dd8-a5cb-7431da1854eb",
  • "tls_server_name": "string",
  • "uid_start_number": -2147483648,
  • "gid_start_number": -2147483648,
  • "outpost_set": [
    ],
  • "search_mode": "direct",
  • "bind_mode": "direct",
  • "mfa_support": true
}

providers_ldap_partial_update

LDAPProvider Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this LDAP Provider.

Request Body schema: application/json
name
string non-empty
authentication_flow
string or null <uuid>

Flow used for authentication when the associated application is accessed by an un-authenticated user.

authorization_flow
string <uuid>

Flow used when authorizing this provider.

property_mappings
Array of strings <uuid> [ items <uuid > ]
base_dn
string non-empty

DN under which objects are accessible.

search_group
string or null <uuid>

Users in this group can do search queries. If not set, every user can execute search queries.

certificate
string or null <uuid>
tls_server_name
string
uid_start_number
integer [ -2147483648 .. 2147483647 ]

The start for uidNumbers, this number is added to the user.pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber

gid_start_number
integer [ -2147483648 .. 2147483647 ]

The start for gidNumbers, this number is added to a number generated from the group.pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber

search_mode
string (LDAPAPIAccessMode)
Enum: "direct" "cached"
bind_mode
string (LDAPAPIAccessMode)
Enum: "direct" "cached"
mfa_support
boolean

When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "base_dn": "string",
  • "search_group": "bfbd661e-4d78-456a-b020-3a3c48f6db9b",
  • "certificate": "b7dc5fd8-9c23-4dd8-a5cb-7431da1854eb",
  • "tls_server_name": "string",
  • "uid_start_number": -2147483648,
  • "gid_start_number": -2147483648,
  • "search_mode": "direct",
  • "bind_mode": "direct",
  • "mfa_support": true
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "component": "string",
  • "assigned_application_slug": "string",
  • "assigned_application_name": "string",
  • "assigned_backchannel_application_slug": "string",
  • "assigned_backchannel_application_name": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "base_dn": "string",
  • "search_group": "bfbd661e-4d78-456a-b020-3a3c48f6db9b",
  • "certificate": "b7dc5fd8-9c23-4dd8-a5cb-7431da1854eb",
  • "tls_server_name": "string",
  • "uid_start_number": -2147483648,
  • "gid_start_number": -2147483648,
  • "outpost_set": [
    ],
  • "search_mode": "direct",
  • "bind_mode": "direct",
  • "mfa_support": true
}

providers_ldap_destroy

LDAPProvider Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this LDAP Provider.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

providers_ldap_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this LDAP Provider.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

providers_oauth2_list

OAuth2Provider Viewset

Authorizations:
authentik
query Parameters
access_code_validity
string
access_token_validity
string
application
string <uuid>
authorization_flow
string <uuid>
client_id
string
client_type
string
Enum: "confidential" "public"

Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable

include_claims_in_id_token
boolean
issuer_mode
string
Enum: "global" "per_provider"

Configure how the issuer field of the ID Token should be filled.

name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

property_mappings
Array of strings <uuid> [ items <uuid > ]
redirect_uris
string
refresh_token_validity
string
search
string

A search term.

signing_key
string <uuid>
sub_mode
string
Enum: "hashed_user_id" "user_email" "user_id" "user_upn" "user_username" "user_uuid"

Configure what data should be used as unique User Identifier. For most cases, the default should be fine.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

providers_oauth2_create

OAuth2Provider Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
authentication_flow
string or null <uuid>

Flow used for authentication when the associated application is accessed by an un-authenticated user.

authorization_flow
required
string <uuid>

Flow used when authorizing this provider.

property_mappings
Array of strings <uuid> [ items <uuid > ]
client_type
string
Enum: "confidential" "public"

Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable

client_id
string [ 1 .. 255 ] characters
client_secret
string <= 255 characters
access_code_validity
string non-empty

Access codes not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).

access_token_validity
string non-empty

Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).

refresh_token_validity
string non-empty

Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).

include_claims_in_id_token
boolean

Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint.

signing_key
string or null <uuid>

Key used to sign the tokens. Only required when JWT Algorithm is set to RS256.

redirect_uris
string

Enter each URI on a new line.

sub_mode
string
Enum: "hashed_user_id" "user_id" "user_uuid" "user_username" "user_email" "user_upn"

Configure what data should be used as unique User Identifier. For most cases, the default should be fine.

issuer_mode
string
Enum: "global" "per_provider"

Configure how the issuer field of the ID Token should be filled.

jwks_sources
Array of strings <uuid> (Any JWT signed by the JWK of the selected source can be used to authenticate.) [ items <uuid > ]

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "client_type": "confidential",
  • "client_id": "string",
  • "client_secret": "string",
  • "access_code_validity": "string",
  • "access_token_validity": "string",
  • "refresh_token_validity": "string",
  • "include_claims_in_id_token": true,
  • "signing_key": "e956740a-6ddf-4402-92f0-0d8f6b97c243",
  • "redirect_uris": "string",
  • "sub_mode": "hashed_user_id",
  • "issuer_mode": "global",
  • "jwks_sources": [
    ]
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "component": "string",
  • "assigned_application_slug": "string",
  • "assigned_application_name": "string",
  • "assigned_backchannel_application_slug": "string",
  • "assigned_backchannel_application_name": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "client_type": "confidential",
  • "client_id": "string",
  • "client_secret": "string",
  • "access_code_validity": "string",
  • "access_token_validity": "string",
  • "refresh_token_validity": "string",
  • "include_claims_in_id_token": true,
  • "signing_key": "e956740a-6ddf-4402-92f0-0d8f6b97c243",
  • "redirect_uris": "string",
  • "sub_mode": "hashed_user_id",
  • "issuer_mode": "global",
  • "jwks_sources": [
    ]
}

providers_oauth2_retrieve

OAuth2Provider Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this OAuth2/OpenID Provider.

Responses

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "component": "string",
  • "assigned_application_slug": "string",
  • "assigned_application_name": "string",
  • "assigned_backchannel_application_slug": "string",
  • "assigned_backchannel_application_name": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "client_type": "confidential",
  • "client_id": "string",
  • "client_secret": "string",
  • "access_code_validity": "string",
  • "access_token_validity": "string",
  • "refresh_token_validity": "string",
  • "include_claims_in_id_token": true,
  • "signing_key": "e956740a-6ddf-4402-92f0-0d8f6b97c243",
  • "redirect_uris": "string",
  • "sub_mode": "hashed_user_id",
  • "issuer_mode": "global",
  • "jwks_sources": [
    ]
}

providers_oauth2_update

OAuth2Provider Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this OAuth2/OpenID Provider.

Request Body schema: application/json
required
name
required
string non-empty
authentication_flow
string or null <uuid>

Flow used for authentication when the associated application is accessed by an un-authenticated user.

authorization_flow
required
string <uuid>

Flow used when authorizing this provider.

property_mappings
Array of strings <uuid> [ items <uuid > ]
client_type
string
Enum: "confidential" "public"

Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable

client_id
string [ 1 .. 255 ] characters
client_secret
string <= 255 characters
access_code_validity
string non-empty

Access codes not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).

access_token_validity
string non-empty

Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).

refresh_token_validity
string non-empty

Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).

include_claims_in_id_token
boolean

Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint.

signing_key
string or null <uuid>

Key used to sign the tokens. Only required when JWT Algorithm is set to RS256.

redirect_uris
string

Enter each URI on a new line.

sub_mode
string
Enum: "hashed_user_id" "user_id" "user_uuid" "user_username" "user_email" "user_upn"

Configure what data should be used as unique User Identifier. For most cases, the default should be fine.

issuer_mode
string
Enum: "global" "per_provider"

Configure how the issuer field of the ID Token should be filled.

jwks_sources
Array of strings <uuid> (Any JWT signed by the JWK of the selected source can be used to authenticate.) [ items <uuid > ]

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "client_type": "confidential",
  • "client_id": "string",
  • "client_secret": "string",
  • "access_code_validity": "string",
  • "access_token_validity": "string",
  • "refresh_token_validity": "string",
  • "include_claims_in_id_token": true,
  • "signing_key": "e956740a-6ddf-4402-92f0-0d8f6b97c243",
  • "redirect_uris": "string",
  • "sub_mode": "hashed_user_id",
  • "issuer_mode": "global",
  • "jwks_sources": [
    ]
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "component": "string",
  • "assigned_application_slug": "string",
  • "assigned_application_name": "string",
  • "assigned_backchannel_application_slug": "string",
  • "assigned_backchannel_application_name": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "client_type": "confidential",
  • "client_id": "string",
  • "client_secret": "string",
  • "access_code_validity": "string",
  • "access_token_validity": "string",
  • "refresh_token_validity": "string",
  • "include_claims_in_id_token": true,
  • "signing_key": "e956740a-6ddf-4402-92f0-0d8f6b97c243",
  • "redirect_uris": "string",
  • "sub_mode": "hashed_user_id",
  • "issuer_mode": "global",
  • "jwks_sources": [
    ]
}

providers_oauth2_partial_update

OAuth2Provider Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this OAuth2/OpenID Provider.

Request Body schema: application/json
name
string non-empty
authentication_flow
string or null <uuid>

Flow used for authentication when the associated application is accessed by an un-authenticated user.

authorization_flow
string <uuid>

Flow used when authorizing this provider.

property_mappings
Array of strings <uuid> [ items <uuid > ]
client_type
string
Enum: "confidential" "public"

Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable

client_id
string [ 1 .. 255 ] characters
client_secret
string <= 255 characters
access_code_validity
string non-empty

Access codes not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).

access_token_validity
string non-empty

Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).

refresh_token_validity
string non-empty

Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).

include_claims_in_id_token
boolean

Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint.

signing_key
string or null <uuid>

Key used to sign the tokens. Only required when JWT Algorithm is set to RS256.

redirect_uris
string

Enter each URI on a new line.

sub_mode
string
Enum: "hashed_user_id" "user_id" "user_uuid" "user_username" "user_email" "user_upn"

Configure what data should be used as unique User Identifier. For most cases, the default should be fine.

issuer_mode
string
Enum: "global" "per_provider"

Configure how the issuer field of the ID Token should be filled.

jwks_sources
Array of strings <uuid> (Any JWT signed by the JWK of the selected source can be used to authenticate.) [ items <uuid > ]

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "client_type": "confidential",
  • "client_id": "string",
  • "client_secret": "string",
  • "access_code_validity": "string",
  • "access_token_validity": "string",
  • "refresh_token_validity": "string",
  • "include_claims_in_id_token": true,
  • "signing_key": "e956740a-6ddf-4402-92f0-0d8f6b97c243",
  • "redirect_uris": "string",
  • "sub_mode": "hashed_user_id",
  • "issuer_mode": "global",
  • "jwks_sources": [
    ]
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "component": "string",
  • "assigned_application_slug": "string",
  • "assigned_application_name": "string",
  • "assigned_backchannel_application_slug": "string",
  • "assigned_backchannel_application_name": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "client_type": "confidential",
  • "client_id": "string",
  • "client_secret": "string",
  • "access_code_validity": "string",
  • "access_token_validity": "string",
  • "refresh_token_validity": "string",
  • "include_claims_in_id_token": true,
  • "signing_key": "e956740a-6ddf-4402-92f0-0d8f6b97c243",
  • "redirect_uris": "string",
  • "sub_mode": "hashed_user_id",
  • "issuer_mode": "global",
  • "jwks_sources": [
    ]
}

providers_oauth2_destroy

OAuth2Provider Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this OAuth2/OpenID Provider.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

providers_oauth2_preview_user_retrieve

Preview user data for provider

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this OAuth2/OpenID Provider.

query Parameters
for_user
integer

Responses

Response samples

Content type
application/json
{
  • "preview": {
    }
}

providers_oauth2_setup_urls_retrieve

Get Providers setup URLs

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this OAuth2/OpenID Provider.

Responses

Response samples

Content type
application/json
{
  • "issuer": "string",
  • "authorize": "string",
  • "token": "string",
  • "user_info": "string",
  • "provider_info": "string",
  • "logout": "string",
  • "jwks": "string"
}

providers_oauth2_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this OAuth2/OpenID Provider.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

providers_proxy_list

ProxyProvider Viewset

Authorizations:
authentik
query Parameters
application__isnull
boolean
authorization_flow__slug__iexact
string
basic_auth_enabled__iexact
boolean
basic_auth_password_attribute__iexact
string
basic_auth_user_attribute__iexact
string
certificate__kp_uuid__iexact
string <uuid>
certificate__name__iexact
string
cookie_domain__iexact
string
external_host__iexact
string
internal_host__iexact
string
internal_host_ssl_validation__iexact
boolean
mode__iexact
string
name__iexact
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

property_mappings__iexact
Array of strings <uuid> [ items <uuid > ]
redirect_uris__iexact
string
search
string

A search term.

skip_path_regex__iexact
string

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

providers_proxy_create

ProxyProvider Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
authentication_flow
string or null <uuid>

Flow used for authentication when the associated application is accessed by an un-authenticated user.

authorization_flow
required
string <uuid>

Flow used when authorizing this provider.

property_mappings
Array of strings <uuid> [ items <uuid > ]
internal_host
string <uri>
external_host
required
string <uri> non-empty
internal_host_ssl_validation
boolean

Validate SSL Certificates of upstream servers

certificate
string or null <uuid>
skip_path_regex
string

Regular expressions for which authentication is not required. Each new line is interpreted as a new Regular Expression.

basic_auth_enabled
boolean (Set HTTP-Basic Authentication)

Set a custom HTTP-Basic Authentication header based on values from authentik.

basic_auth_password_attribute
string (HTTP-Basic Password Key)

User/Group Attribute used for the password part of the HTTP-Basic Header.

basic_auth_user_attribute
string (HTTP-Basic Username Key)

User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used.

mode
string
Enum: "proxy" "forward_single" "forward_domain"

Enable support for forwardAuth in traefik and nginx auth_request. Exclusive with internal_host.

intercept_header_auth
boolean

When enabled, this provider will intercept the authorization header and authenticate requests based on its value.

cookie_domain
string
jwks_sources
Array of strings <uuid> (Any JWT signed by the JWK of the selected source can be used to authenticate.) [ items <uuid > ]
access_token_validity
string non-empty

Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).

refresh_token_validity
string non-empty

Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "internal_host": "http://example.com",
  • "external_host": "http://example.com",
  • "internal_host_ssl_validation": true,
  • "certificate": "b7dc5fd8-9c23-4dd8-a5cb-7431da1854eb",
  • "skip_path_regex": "string",
  • "basic_auth_enabled": true,
  • "basic_auth_password_attribute": "string",
  • "basic_auth_user_attribute": "string",
  • "mode": "proxy",
  • "intercept_header_auth": true,
  • "cookie_domain": "string",
  • "jwks_sources": [
    ],
  • "access_token_validity": "string",
  • "refresh_token_validity": "string"
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "component": "string",
  • "assigned_application_slug": "string",
  • "assigned_application_name": "string",
  • "assigned_backchannel_application_slug": "string",
  • "assigned_backchannel_application_name": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "client_id": "string",
  • "internal_host": "http://example.com",
  • "external_host": "http://example.com",
  • "internal_host_ssl_validation": true,
  • "certificate": "b7dc5fd8-9c23-4dd8-a5cb-7431da1854eb",
  • "skip_path_regex": "string",
  • "basic_auth_enabled": true,
  • "basic_auth_password_attribute": "string",
  • "basic_auth_user_attribute": "string",
  • "mode": "proxy",
  • "intercept_header_auth": true,
  • "redirect_uris": "string",
  • "cookie_domain": "string",
  • "jwks_sources": [
    ],
  • "access_token_validity": "string",
  • "refresh_token_validity": "string",
  • "outpost_set": [
    ]
}

providers_proxy_retrieve

ProxyProvider Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this Proxy Provider.

Responses

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "component": "string",
  • "assigned_application_slug": "string",
  • "assigned_application_name": "string",
  • "assigned_backchannel_application_slug": "string",
  • "assigned_backchannel_application_name": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "client_id": "string",
  • "internal_host": "http://example.com",
  • "external_host": "http://example.com",
  • "internal_host_ssl_validation": true,
  • "certificate": "b7dc5fd8-9c23-4dd8-a5cb-7431da1854eb",
  • "skip_path_regex": "string",
  • "basic_auth_enabled": true,
  • "basic_auth_password_attribute": "string",
  • "basic_auth_user_attribute": "string",
  • "mode": "proxy",
  • "intercept_header_auth": true,
  • "redirect_uris": "string",
  • "cookie_domain": "string",
  • "jwks_sources": [
    ],
  • "access_token_validity": "string",
  • "refresh_token_validity": "string",
  • "outpost_set": [
    ]
}

providers_proxy_update

ProxyProvider Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this Proxy Provider.

Request Body schema: application/json
required
name
required
string non-empty
authentication_flow
string or null <uuid>

Flow used for authentication when the associated application is accessed by an un-authenticated user.

authorization_flow
required
string <uuid>

Flow used when authorizing this provider.

property_mappings
Array of strings <uuid> [ items <uuid > ]
internal_host
string <uri>
external_host
required
string <uri> non-empty
internal_host_ssl_validation
boolean

Validate SSL Certificates of upstream servers

certificate
string or null <uuid>
skip_path_regex
string

Regular expressions for which authentication is not required. Each new line is interpreted as a new Regular Expression.

basic_auth_enabled
boolean (Set HTTP-Basic Authentication)

Set a custom HTTP-Basic Authentication header based on values from authentik.

basic_auth_password_attribute
string (HTTP-Basic Password Key)

User/Group Attribute used for the password part of the HTTP-Basic Header.

basic_auth_user_attribute
string (HTTP-Basic Username Key)

User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used.

mode
string
Enum: "proxy" "forward_single" "forward_domain"

Enable support for forwardAuth in traefik and nginx auth_request. Exclusive with internal_host.

intercept_header_auth
boolean

When enabled, this provider will intercept the authorization header and authenticate requests based on its value.

cookie_domain
string
jwks_sources
Array of strings <uuid> (Any JWT signed by the JWK of the selected source can be used to authenticate.) [ items <uuid > ]
access_token_validity
string non-empty

Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).

refresh_token_validity
string non-empty

Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "internal_host": "http://example.com",
  • "external_host": "http://example.com",
  • "internal_host_ssl_validation": true,
  • "certificate": "b7dc5fd8-9c23-4dd8-a5cb-7431da1854eb",
  • "skip_path_regex": "string",
  • "basic_auth_enabled": true,
  • "basic_auth_password_attribute": "string",
  • "basic_auth_user_attribute": "string",
  • "mode": "proxy",
  • "intercept_header_auth": true,
  • "cookie_domain": "string",
  • "jwks_sources": [
    ],
  • "access_token_validity": "string",
  • "refresh_token_validity": "string"
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "component": "string",
  • "assigned_application_slug": "string",
  • "assigned_application_name": "string",
  • "assigned_backchannel_application_slug": "string",
  • "assigned_backchannel_application_name": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "client_id": "string",
  • "internal_host": "http://example.com",
  • "external_host": "http://example.com",
  • "internal_host_ssl_validation": true,
  • "certificate": "b7dc5fd8-9c23-4dd8-a5cb-7431da1854eb",
  • "skip_path_regex": "string",
  • "basic_auth_enabled": true,
  • "basic_auth_password_attribute": "string",
  • "basic_auth_user_attribute": "string",
  • "mode": "proxy",
  • "intercept_header_auth": true,
  • "redirect_uris": "string",
  • "cookie_domain": "string",
  • "jwks_sources": [
    ],
  • "access_token_validity": "string",
  • "refresh_token_validity": "string",
  • "outpost_set": [
    ]
}

providers_proxy_partial_update

ProxyProvider Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this Proxy Provider.

Request Body schema: application/json
name
string non-empty
authentication_flow
string or null <uuid>

Flow used for authentication when the associated application is accessed by an un-authenticated user.

authorization_flow
string <uuid>

Flow used when authorizing this provider.

property_mappings
Array of strings <uuid> [ items <uuid > ]
internal_host
string <uri>
external_host
string <uri> non-empty
internal_host_ssl_validation
boolean

Validate SSL Certificates of upstream servers

certificate
string or null <uuid>
skip_path_regex
string

Regular expressions for which authentication is not required. Each new line is interpreted as a new Regular Expression.

basic_auth_enabled
boolean (Set HTTP-Basic Authentication)

Set a custom HTTP-Basic Authentication header based on values from authentik.

basic_auth_password_attribute
string (HTTP-Basic Password Key)

User/Group Attribute used for the password part of the HTTP-Basic Header.

basic_auth_user_attribute
string (HTTP-Basic Username Key)

User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used.

mode
string
Enum: "proxy" "forward_single" "forward_domain"

Enable support for forwardAuth in traefik and nginx auth_request. Exclusive with internal_host.

intercept_header_auth
boolean

When enabled, this provider will intercept the authorization header and authenticate requests based on its value.

cookie_domain
string
jwks_sources
Array of strings <uuid> (Any JWT signed by the JWK of the selected source can be used to authenticate.) [ items <uuid > ]
access_token_validity
string non-empty

Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).

refresh_token_validity
string non-empty

Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "internal_host": "http://example.com",
  • "external_host": "http://example.com",
  • "internal_host_ssl_validation": true,
  • "certificate": "b7dc5fd8-9c23-4dd8-a5cb-7431da1854eb",
  • "skip_path_regex": "string",
  • "basic_auth_enabled": true,
  • "basic_auth_password_attribute": "string",
  • "basic_auth_user_attribute": "string",
  • "mode": "proxy",
  • "intercept_header_auth": true,
  • "cookie_domain": "string",
  • "jwks_sources": [
    ],
  • "access_token_validity": "string",
  • "refresh_token_validity": "string"
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "component": "string",
  • "assigned_application_slug": "string",
  • "assigned_application_name": "string",
  • "assigned_backchannel_application_slug": "string",
  • "assigned_backchannel_application_name": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "client_id": "string",
  • "internal_host": "http://example.com",
  • "external_host": "http://example.com",
  • "internal_host_ssl_validation": true,
  • "certificate": "b7dc5fd8-9c23-4dd8-a5cb-7431da1854eb",
  • "skip_path_regex": "string",
  • "basic_auth_enabled": true,
  • "basic_auth_password_attribute": "string",
  • "basic_auth_user_attribute": "string",
  • "mode": "proxy",
  • "intercept_header_auth": true,
  • "redirect_uris": "string",
  • "cookie_domain": "string",
  • "jwks_sources": [
    ],
  • "access_token_validity": "string",
  • "refresh_token_validity": "string",
  • "outpost_set": [
    ]
}

providers_proxy_destroy

ProxyProvider Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this Proxy Provider.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

providers_proxy_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this Proxy Provider.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

providers_rac_list

RACProvider Viewset

Authorizations:
authentik
query Parameters
application__isnull
boolean
name__iexact
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

providers_rac_create

RACProvider Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
authentication_flow
string or null <uuid>

Flow used for authentication when the associated application is accessed by an un-authenticated user.

authorization_flow
required
string <uuid>

Flow used when authorizing this provider.

property_mappings
Array of strings <uuid> [ items <uuid > ]
settings
any
connection_expiry
string non-empty

Determines how long a session lasts. Default of 0 means that the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)

delete_token_on_disconnect
boolean

When set to true, connection tokens will be deleted upon disconnect.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "settings": null,
  • "connection_expiry": "string",
  • "delete_token_on_disconnect": true
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "component": "string",
  • "assigned_application_slug": "string",
  • "assigned_application_name": "string",
  • "assigned_backchannel_application_slug": "string",
  • "assigned_backchannel_application_name": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "settings": null,
  • "outpost_set": [
    ],
  • "connection_expiry": "string",
  • "delete_token_on_disconnect": true
}

providers_rac_retrieve

RACProvider Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this RAC Provider.

Responses

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "component": "string",
  • "assigned_application_slug": "string",
  • "assigned_application_name": "string",
  • "assigned_backchannel_application_slug": "string",
  • "assigned_backchannel_application_name": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "settings": null,
  • "outpost_set": [
    ],
  • "connection_expiry": "string",
  • "delete_token_on_disconnect": true
}

providers_rac_update

RACProvider Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this RAC Provider.

Request Body schema: application/json
required
name
required
string non-empty
authentication_flow
string or null <uuid>

Flow used for authentication when the associated application is accessed by an un-authenticated user.

authorization_flow
required
string <uuid>

Flow used when authorizing this provider.

property_mappings
Array of strings <uuid> [ items <uuid > ]
settings
any
connection_expiry
string non-empty

Determines how long a session lasts. Default of 0 means that the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)

delete_token_on_disconnect
boolean

When set to true, connection tokens will be deleted upon disconnect.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "settings": null,
  • "connection_expiry": "string",
  • "delete_token_on_disconnect": true
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "component": "string",
  • "assigned_application_slug": "string",
  • "assigned_application_name": "string",
  • "assigned_backchannel_application_slug": "string",
  • "assigned_backchannel_application_name": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "settings": null,
  • "outpost_set": [
    ],
  • "connection_expiry": "string",
  • "delete_token_on_disconnect": true
}

providers_rac_partial_update

RACProvider Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this RAC Provider.

Request Body schema: application/json
name
string non-empty
authentication_flow
string or null <uuid>

Flow used for authentication when the associated application is accessed by an un-authenticated user.

authorization_flow
string <uuid>

Flow used when authorizing this provider.

property_mappings
Array of strings <uuid> [ items <uuid > ]
settings
any
connection_expiry
string non-empty

Determines how long a session lasts. Default of 0 means that the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)

delete_token_on_disconnect
boolean

When set to true, connection tokens will be deleted upon disconnect.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "settings": null,
  • "connection_expiry": "string",
  • "delete_token_on_disconnect": true
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "component": "string",
  • "assigned_application_slug": "string",
  • "assigned_application_name": "string",
  • "assigned_backchannel_application_slug": "string",
  • "assigned_backchannel_application_name": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "settings": null,
  • "outpost_set": [
    ],
  • "connection_expiry": "string",
  • "delete_token_on_disconnect": true
}

providers_rac_destroy

RACProvider Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this RAC Provider.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

providers_rac_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this RAC Provider.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

providers_radius_list

RadiusProvider Viewset

Authorizations:
authentik
query Parameters
application__isnull
boolean
authorization_flow__slug__iexact
string
client_networks__iexact
string
name__iexact
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

providers_radius_create

RadiusProvider Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
authentication_flow
string or null <uuid>

Flow used for authentication when the associated application is accessed by an un-authenticated user.

authorization_flow
required
string <uuid>

Flow used when authorizing this provider.

property_mappings
Array of strings <uuid> [ items <uuid > ]
client_networks
string non-empty

List of CIDRs (comma-separated) that clients can connect from. A more specific CIDR will match before a looser one. Clients connecting from a non-specified CIDR will be dropped.

shared_secret
string non-empty

Shared secret between clients and server to hash packets.

mfa_support
boolean

When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "client_networks": "string",
  • "shared_secret": "string",
  • "mfa_support": true
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "component": "string",
  • "assigned_application_slug": "string",
  • "assigned_application_name": "string",
  • "assigned_backchannel_application_slug": "string",
  • "assigned_backchannel_application_name": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "client_networks": "string",
  • "shared_secret": "string",
  • "outpost_set": [
    ],
  • "mfa_support": true
}

providers_radius_retrieve

RadiusProvider Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this Radius Provider.

Responses

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "component": "string",
  • "assigned_application_slug": "string",
  • "assigned_application_name": "string",
  • "assigned_backchannel_application_slug": "string",
  • "assigned_backchannel_application_name": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "client_networks": "string",
  • "shared_secret": "string",
  • "outpost_set": [
    ],
  • "mfa_support": true
}

providers_radius_update

RadiusProvider Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this Radius Provider.

Request Body schema: application/json
required
name
required
string non-empty
authentication_flow
string or null <uuid>

Flow used for authentication when the associated application is accessed by an un-authenticated user.

authorization_flow
required
string <uuid>

Flow used when authorizing this provider.

property_mappings
Array of strings <uuid> [ items <uuid > ]
client_networks
string non-empty

List of CIDRs (comma-separated) that clients can connect from. A more specific CIDR will match before a looser one. Clients connecting from a non-specified CIDR will be dropped.

shared_secret
string non-empty

Shared secret between clients and server to hash packets.

mfa_support
boolean

When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "client_networks": "string",
  • "shared_secret": "string",
  • "mfa_support": true
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "component": "string",
  • "assigned_application_slug": "string",
  • "assigned_application_name": "string",
  • "assigned_backchannel_application_slug": "string",
  • "assigned_backchannel_application_name": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "client_networks": "string",
  • "shared_secret": "string",
  • "outpost_set": [
    ],
  • "mfa_support": true
}

providers_radius_partial_update

RadiusProvider Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this Radius Provider.

Request Body schema: application/json
name
string non-empty
authentication_flow
string or null <uuid>

Flow used for authentication when the associated application is accessed by an un-authenticated user.

authorization_flow
string <uuid>

Flow used when authorizing this provider.

property_mappings
Array of strings <uuid> [ items <uuid > ]
client_networks
string non-empty

List of CIDRs (comma-separated) that clients can connect from. A more specific CIDR will match before a looser one. Clients connecting from a non-specified CIDR will be dropped.

shared_secret
string non-empty

Shared secret between clients and server to hash packets.

mfa_support
boolean

When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "client_networks": "string",
  • "shared_secret": "string",
  • "mfa_support": true
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "component": "string",
  • "assigned_application_slug": "string",
  • "assigned_application_name": "string",
  • "assigned_backchannel_application_slug": "string",
  • "assigned_backchannel_application_name": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "client_networks": "string",
  • "shared_secret": "string",
  • "outpost_set": [
    ],
  • "mfa_support": true
}

providers_radius_destroy

RadiusProvider Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this Radius Provider.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

providers_radius_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this Radius Provider.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

providers_saml_list

SAMLProvider Viewset

Authorizations:
authentik
query Parameters
acs_url
string
assertion_valid_not_before
string
assertion_valid_not_on_or_after
string
audience
string
authentication_flow
string <uuid>
authorization_flow
string <uuid>
backchannel_application
string <uuid>
default_relay_state
string
digest_algorithm
string
Enum: "http://www.w3.org/2000/09/xmldsig#sha1" "http://www.w3.org/2001/04/xmldsig-more#sha384" "http://www.w3.org/2001/04/xmlenc#sha256" "http://www.w3.org/2001/04/xmlenc#sha512"
is_backchannel
boolean
issuer
string
name
string
name_id_mapping
string <uuid>
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

property_mappings
Array of strings <uuid> [ items <uuid > ]
search
string

A search term.

session_valid_not_on_or_after
string
signature_algorithm
string
Enum: "http://www.w3.org/2000/09/xmldsig#dsa-sha1" "http://www.w3.org/2000/09/xmldsig#rsa-sha1" "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1" "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256" "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384" "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"
signing_kp
string <uuid>
sp_binding
string (Service Provider Binding)
Enum: "post" "redirect"

This determines how authentik sends the response back to the Service Provider.

verification_kp
string <uuid>

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

providers_saml_create

SAMLProvider Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
authentication_flow
string or null <uuid>

Flow used for authentication when the associated application is accessed by an un-authenticated user.

authorization_flow
required
string <uuid>

Flow used when authorizing this provider.

property_mappings
Array of strings <uuid> [ items <uuid > ]
acs_url
required
string <uri> [ 1 .. 200 ] characters
audience
string

Value of the audience restriction field of the assertion. When left empty, no audience restriction will be added.

issuer
string non-empty

Also known as EntityID

assertion_valid_not_before
string non-empty

Assertion valid not before current time + this value (Format: hours=-1;minutes=-2;seconds=-3).

assertion_valid_not_on_or_after
string non-empty

Assertion not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).

session_valid_not_on_or_after
string non-empty

Session not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).

name_id_mapping
string or null <uuid> (NameID Property Mapping)

Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be considered

digest_algorithm
string (DigestAlgorithmEnum)
Enum: "http://www.w3.org/2000/09/xmldsig#sha1" "http://www.w3.org/2001/04/xmlenc#sha256" "http://www.w3.org/2001/04/xmldsig-more#sha384" "http://www.w3.org/2001/04/xmlenc#sha512"
signature_algorithm
string (SignatureAlgorithmEnum)
Enum: "http://www.w3.org/2000/09/xmldsig#rsa-sha1" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1" "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256" "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384" "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512" "http://www.w3.org/2000/09/xmldsig#dsa-sha1"
signing_kp
string or null <uuid> (Signing Keypair)

Keypair used to sign outgoing Responses going to the Service Provider.

verification_kp
string or null <uuid> (Verification Certificate)

When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default.

sp_binding
string (Service Provider Binding)
Enum: "redirect" "post"

This determines how authentik sends the response back to the Service Provider.

default_relay_state
string

Default relay_state value for IDP-initiated logins

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "acs_url": "http://example.com",
  • "audience": "string",
  • "issuer": "string",
  • "assertion_valid_not_before": "string",
  • "assertion_valid_not_on_or_after": "string",
  • "session_valid_not_on_or_after": "string",
  • "name_id_mapping": "1c831206-4e81-4ce0-bcd7-e2c9213ab800",
  • "signing_kp": "b97ed510-ac46-447f-91e4-3a014dd2e993",
  • "verification_kp": "01673228-a4bf-408e-99ea-d26a2859b762",
  • "sp_binding": "redirect",
  • "default_relay_state": "string"
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "component": "string",
  • "assigned_application_slug": "string",
  • "assigned_application_name": "string",
  • "assigned_backchannel_application_slug": "string",
  • "assigned_backchannel_application_name": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "acs_url": "http://example.com",
  • "audience": "string",
  • "issuer": "string",
  • "assertion_valid_not_before": "string",
  • "assertion_valid_not_on_or_after": "string",
  • "session_valid_not_on_or_after": "string",
  • "name_id_mapping": "1c831206-4e81-4ce0-bcd7-e2c9213ab800",
  • "signing_kp": "b97ed510-ac46-447f-91e4-3a014dd2e993",
  • "verification_kp": "01673228-a4bf-408e-99ea-d26a2859b762",
  • "sp_binding": "redirect",
  • "default_relay_state": "string",
  • "url_download_metadata": "string",
  • "url_sso_post": "string",
  • "url_sso_redirect": "string",
  • "url_sso_init": "string",
  • "url_slo_post": "string",
  • "url_slo_redirect": "string"
}

providers_saml_retrieve

SAMLProvider Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this SAML Provider.

Responses

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "component": "string",
  • "assigned_application_slug": "string",
  • "assigned_application_name": "string",
  • "assigned_backchannel_application_slug": "string",
  • "assigned_backchannel_application_name": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "acs_url": "http://example.com",
  • "audience": "string",
  • "issuer": "string",
  • "assertion_valid_not_before": "string",
  • "assertion_valid_not_on_or_after": "string",
  • "session_valid_not_on_or_after": "string",
  • "name_id_mapping": "1c831206-4e81-4ce0-bcd7-e2c9213ab800",
  • "signing_kp": "b97ed510-ac46-447f-91e4-3a014dd2e993",
  • "verification_kp": "01673228-a4bf-408e-99ea-d26a2859b762",
  • "sp_binding": "redirect",
  • "default_relay_state": "string",
  • "url_download_metadata": "string",
  • "url_sso_post": "string",
  • "url_sso_redirect": "string",
  • "url_sso_init": "string",
  • "url_slo_post": "string",
  • "url_slo_redirect": "string"
}

providers_saml_update

SAMLProvider Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this SAML Provider.

Request Body schema: application/json
required
name
required
string non-empty
authentication_flow
string or null <uuid>

Flow used for authentication when the associated application is accessed by an un-authenticated user.

authorization_flow
required
string <uuid>

Flow used when authorizing this provider.

property_mappings
Array of strings <uuid> [ items <uuid > ]
acs_url
required
string <uri> [ 1 .. 200 ] characters
audience
string

Value of the audience restriction field of the assertion. When left empty, no audience restriction will be added.

issuer
string non-empty

Also known as EntityID

assertion_valid_not_before
string non-empty

Assertion valid not before current time + this value (Format: hours=-1;minutes=-2;seconds=-3).

assertion_valid_not_on_or_after
string non-empty

Assertion not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).

session_valid_not_on_or_after
string non-empty

Session not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).

name_id_mapping
string or null <uuid> (NameID Property Mapping)

Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be considered

digest_algorithm
string (DigestAlgorithmEnum)
Enum: "http://www.w3.org/2000/09/xmldsig#sha1" "http://www.w3.org/2001/04/xmlenc#sha256" "http://www.w3.org/2001/04/xmldsig-more#sha384" "http://www.w3.org/2001/04/xmlenc#sha512"
signature_algorithm
string (SignatureAlgorithmEnum)
Enum: "http://www.w3.org/2000/09/xmldsig#rsa-sha1" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1" "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256" "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384" "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512" "http://www.w3.org/2000/09/xmldsig#dsa-sha1"
signing_kp
string or null <uuid> (Signing Keypair)

Keypair used to sign outgoing Responses going to the Service Provider.

verification_kp
string or null <uuid> (Verification Certificate)

When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default.

sp_binding
string (Service Provider Binding)
Enum: "redirect" "post"

This determines how authentik sends the response back to the Service Provider.

default_relay_state
string

Default relay_state value for IDP-initiated logins

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "acs_url": "http://example.com",
  • "audience": "string",
  • "issuer": "string",
  • "assertion_valid_not_before": "string",
  • "assertion_valid_not_on_or_after": "string",
  • "session_valid_not_on_or_after": "string",
  • "name_id_mapping": "1c831206-4e81-4ce0-bcd7-e2c9213ab800",
  • "signing_kp": "b97ed510-ac46-447f-91e4-3a014dd2e993",
  • "verification_kp": "01673228-a4bf-408e-99ea-d26a2859b762",
  • "sp_binding": "redirect",
  • "default_relay_state": "string"
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "component": "string",
  • "assigned_application_slug": "string",
  • "assigned_application_name": "string",
  • "assigned_backchannel_application_slug": "string",
  • "assigned_backchannel_application_name": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "acs_url": "http://example.com",
  • "audience": "string",
  • "issuer": "string",
  • "assertion_valid_not_before": "string",
  • "assertion_valid_not_on_or_after": "string",
  • "session_valid_not_on_or_after": "string",
  • "name_id_mapping": "1c831206-4e81-4ce0-bcd7-e2c9213ab800",
  • "signing_kp": "b97ed510-ac46-447f-91e4-3a014dd2e993",
  • "verification_kp": "01673228-a4bf-408e-99ea-d26a2859b762",
  • "sp_binding": "redirect",
  • "default_relay_state": "string",
  • "url_download_metadata": "string",
  • "url_sso_post": "string",
  • "url_sso_redirect": "string",
  • "url_sso_init": "string",
  • "url_slo_post": "string",
  • "url_slo_redirect": "string"
}

providers_saml_partial_update

SAMLProvider Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this SAML Provider.

Request Body schema: application/json
name
string non-empty
authentication_flow
string or null <uuid>

Flow used for authentication when the associated application is accessed by an un-authenticated user.

authorization_flow
string <uuid>

Flow used when authorizing this provider.

property_mappings
Array of strings <uuid> [ items <uuid > ]
acs_url
string <uri> [ 1 .. 200 ] characters
audience
string

Value of the audience restriction field of the assertion. When left empty, no audience restriction will be added.

issuer
string non-empty

Also known as EntityID

assertion_valid_not_before
string non-empty

Assertion valid not before current time + this value (Format: hours=-1;minutes=-2;seconds=-3).

assertion_valid_not_on_or_after
string non-empty

Assertion not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).

session_valid_not_on_or_after
string non-empty

Session not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).

name_id_mapping
string or null <uuid> (NameID Property Mapping)

Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be considered

digest_algorithm
string (DigestAlgorithmEnum)
Enum: "http://www.w3.org/2000/09/xmldsig#sha1" "http://www.w3.org/2001/04/xmlenc#sha256" "http://www.w3.org/2001/04/xmldsig-more#sha384" "http://www.w3.org/2001/04/xmlenc#sha512"
signature_algorithm
string (SignatureAlgorithmEnum)
Enum: "http://www.w3.org/2000/09/xmldsig#rsa-sha1" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1" "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256" "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384" "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512" "http://www.w3.org/2000/09/xmldsig#dsa-sha1"
signing_kp
string or null <uuid> (Signing Keypair)

Keypair used to sign outgoing Responses going to the Service Provider.

verification_kp
string or null <uuid> (Verification Certificate)

When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default.

sp_binding
string (Service Provider Binding)
Enum: "redirect" "post"

This determines how authentik sends the response back to the Service Provider.

default_relay_state
string

Default relay_state value for IDP-initiated logins

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "acs_url": "http://example.com",
  • "audience": "string",
  • "issuer": "string",
  • "assertion_valid_not_before": "string",
  • "assertion_valid_not_on_or_after": "string",
  • "session_valid_not_on_or_after": "string",
  • "name_id_mapping": "1c831206-4e81-4ce0-bcd7-e2c9213ab800",
  • "signing_kp": "b97ed510-ac46-447f-91e4-3a014dd2e993",
  • "verification_kp": "01673228-a4bf-408e-99ea-d26a2859b762",
  • "sp_binding": "redirect",
  • "default_relay_state": "string"
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
  • "property_mappings": [
    ],
  • "component": "string",
  • "assigned_application_slug": "string",
  • "assigned_application_name": "string",
  • "assigned_backchannel_application_slug": "string",
  • "assigned_backchannel_application_name": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "acs_url": "http://example.com",
  • "audience": "string",
  • "issuer": "string",
  • "assertion_valid_not_before": "string",
  • "assertion_valid_not_on_or_after": "string",
  • "session_valid_not_on_or_after": "string",
  • "name_id_mapping": "1c831206-4e81-4ce0-bcd7-e2c9213ab800",
  • "signing_kp": "b97ed510-ac46-447f-91e4-3a014dd2e993",
  • "verification_kp": "01673228-a4bf-408e-99ea-d26a2859b762",
  • "sp_binding": "redirect",
  • "default_relay_state": "string",
  • "url_download_metadata": "string",
  • "url_sso_post": "string",
  • "url_sso_redirect": "string",
  • "url_sso_init": "string",
  • "url_slo_post": "string",
  • "url_slo_redirect": "string"
}

providers_saml_destroy

SAMLProvider Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this SAML Provider.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

providers_saml_metadata_retrieve

Return metadata as XML string

Authorizations:
authentikNone
path Parameters
id
required
integer

A unique integer value identifying this SAML Provider.

query Parameters
download
boolean
force_binding
string
Enum: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"

Optionally force the metadata to only include one binding.

Responses

Response samples

Content type
application/json
{
  • "metadata": "string",
  • "download_url": "string"
}

providers_saml_preview_user_retrieve

Preview user data for provider

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this SAML Provider.

query Parameters
for_user
integer

Responses

Response samples

Content type
application/json
{
  • "preview": {
    }
}

providers_saml_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this SAML Provider.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

providers_saml_import_metadata_create

Create provider from SAML Metadata

Authorizations:
authentik
Request Body schema: multipart/form-data
required
name
required
string non-empty
authorization_flow
required
string <uuid>
file
required
string <binary>

Responses

Response samples

Content type
application/json
{
  • "detail": "string",
  • "code": "string"
}

providers_scim_list

SCIMProvider Viewset

Authorizations:
authentik
query Parameters
exclude_users_service_account
boolean
filter_group
string <uuid>
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

url
string

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

providers_scim_create

SCIMProvider Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
property_mappings
Array of strings <uuid> [ items <uuid > ]
property_mappings_group
Array of strings <uuid> [ items <uuid > ]

Property mappings used for group creation/updating.

url
required
string non-empty

Base URL to SCIM requests, usually ends in /v2

token
required
string non-empty

Authentication token

exclude_users_service_account
boolean
filter_group
string or null <uuid>

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "property_mappings": [
    ],
  • "property_mappings_group": [
    ],
  • "url": "string",
  • "token": "string",
  • "exclude_users_service_account": true,
  • "filter_group": "93f2be05-578f-4002-929e-5fb2cd5b9c97"
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "property_mappings": [
    ],
  • "property_mappings_group": [
    ],
  • "component": "string",
  • "assigned_backchannel_application_slug": "string",
  • "assigned_backchannel_application_name": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "url": "string",
  • "token": "string",
  • "exclude_users_service_account": true,
  • "filter_group": "93f2be05-578f-4002-929e-5fb2cd5b9c97"
}

providers_scim_retrieve

SCIMProvider Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this SCIM Provider.

Responses

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "property_mappings": [
    ],
  • "property_mappings_group": [
    ],
  • "component": "string",
  • "assigned_backchannel_application_slug": "string",
  • "assigned_backchannel_application_name": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "url": "string",
  • "token": "string",
  • "exclude_users_service_account": true,
  • "filter_group": "93f2be05-578f-4002-929e-5fb2cd5b9c97"
}

providers_scim_update

SCIMProvider Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this SCIM Provider.

Request Body schema: application/json
required
name
required
string non-empty
property_mappings
Array of strings <uuid> [ items <uuid > ]
property_mappings_group
Array of strings <uuid> [ items <uuid > ]

Property mappings used for group creation/updating.

url
required
string non-empty

Base URL to SCIM requests, usually ends in /v2

token
required
string non-empty

Authentication token

exclude_users_service_account
boolean
filter_group
string or null <uuid>

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "property_mappings": [
    ],
  • "property_mappings_group": [
    ],
  • "url": "string",
  • "token": "string",
  • "exclude_users_service_account": true,
  • "filter_group": "93f2be05-578f-4002-929e-5fb2cd5b9c97"
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "property_mappings": [
    ],
  • "property_mappings_group": [
    ],
  • "component": "string",
  • "assigned_backchannel_application_slug": "string",
  • "assigned_backchannel_application_name": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "url": "string",
  • "token": "string",
  • "exclude_users_service_account": true,
  • "filter_group": "93f2be05-578f-4002-929e-5fb2cd5b9c97"
}

providers_scim_partial_update

SCIMProvider Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this SCIM Provider.

Request Body schema: application/json
name
string non-empty
property_mappings
Array of strings <uuid> [ items <uuid > ]
property_mappings_group
Array of strings <uuid> [ items <uuid > ]

Property mappings used for group creation/updating.

url
string non-empty

Base URL to SCIM requests, usually ends in /v2

token
string non-empty

Authentication token

exclude_users_service_account
boolean
filter_group
string or null <uuid>

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "property_mappings": [
    ],
  • "property_mappings_group": [
    ],
  • "url": "string",
  • "token": "string",
  • "exclude_users_service_account": true,
  • "filter_group": "93f2be05-578f-4002-929e-5fb2cd5b9c97"
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "name": "string",
  • "property_mappings": [
    ],
  • "property_mappings_group": [
    ],
  • "component": "string",
  • "assigned_backchannel_application_slug": "string",
  • "assigned_backchannel_application_name": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "url": "string",
  • "token": "string",
  • "exclude_users_service_account": true,
  • "filter_group": "93f2be05-578f-4002-929e-5fb2cd5b9c97"
}

providers_scim_destroy

SCIMProvider Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this SCIM Provider.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

providers_scim_sync_status_retrieve

Get provider's sync status

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this SCIM Provider.

Responses

Response samples

Content type
application/json
{
  • "is_running": true,
  • "tasks": [
    ]
}

providers_scim_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this SCIM Provider.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

rac

rac_connection_tokens_list

ConnectionToken Viewset

Authorizations:
authentik
query Parameters
endpoint
string <uuid>
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

provider
integer
search
string

A search term.

session__user
integer

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

rac_connection_tokens_retrieve

ConnectionToken Viewset

Authorizations:
authentik
path Parameters
connection_token_uuid
required
string <uuid>

A UUID string identifying this RAC Connection token.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "provider": 0,
  • "provider_obj": {
    },
  • "endpoint": "1dc4441f-38d5-42b5-a705-81958f928462",
  • "endpoint_obj": {
    },
  • "user": {
    }
}

rac_connection_tokens_update

ConnectionToken Viewset

Authorizations:
authentik
path Parameters
connection_token_uuid
required
string <uuid>

A UUID string identifying this RAC Connection token.

Request Body schema: application/json
required
pk
string <uuid> (Connection token uuid)
provider
required
integer
endpoint
required
string <uuid>

Responses

Request samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "provider": 0,
  • "endpoint": "1dc4441f-38d5-42b5-a705-81958f928462"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "provider": 0,
  • "provider_obj": {
    },
  • "endpoint": "1dc4441f-38d5-42b5-a705-81958f928462",
  • "endpoint_obj": {
    },
  • "user": {
    }
}

rac_connection_tokens_partial_update

ConnectionToken Viewset

Authorizations:
authentik
path Parameters
connection_token_uuid
required
string <uuid>

A UUID string identifying this RAC Connection token.

Request Body schema: application/json
pk
string <uuid> (Connection token uuid)
provider
integer
endpoint
string <uuid>

Responses

Request samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "provider": 0,
  • "endpoint": "1dc4441f-38d5-42b5-a705-81958f928462"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "provider": 0,
  • "provider_obj": {
    },
  • "endpoint": "1dc4441f-38d5-42b5-a705-81958f928462",
  • "endpoint_obj": {
    },
  • "user": {
    }
}

rac_connection_tokens_destroy

ConnectionToken Viewset

Authorizations:
authentik
path Parameters
connection_token_uuid
required
string <uuid>

A UUID string identifying this RAC Connection token.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

rac_connection_tokens_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
connection_token_uuid
required
string <uuid>

A UUID string identifying this RAC Connection token.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

rac_endpoints_list

List accessible endpoints

Authorizations:
authentik
query Parameters
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

provider
integer
search
string
superuser_full_list
boolean

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

rac_endpoints_create

Endpoint Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
provider
required
integer
protocol
required
string (ProtocolEnum)
Enum: "rdp" "vnc" "ssh"
host
required
string non-empty
settings
any
property_mappings
Array of strings <uuid> [ items <uuid > ]
auth_mode
required
string (AuthModeEnum)
Enum: "static" "prompt"
maximum_connections
integer [ -2147483648 .. 2147483647 ]

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "provider": 0,
  • "protocol": "rdp",
  • "host": "string",
  • "settings": null,
  • "property_mappings": [
    ],
  • "auth_mode": "static",
  • "maximum_connections": -2147483648
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "provider": 0,
  • "provider_obj": {
    },
  • "protocol": "rdp",
  • "host": "string",
  • "settings": null,
  • "property_mappings": [
    ],
  • "auth_mode": "static",
  • "launch_url": "string",
  • "maximum_connections": -2147483648
}

rac_endpoints_retrieve

Endpoint Viewset

Authorizations:
authentik
path Parameters
pbm_uuid
required
string <uuid>

A UUID string identifying this RAC Endpoint.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "provider": 0,
  • "provider_obj": {
    },
  • "protocol": "rdp",
  • "host": "string",
  • "settings": null,
  • "property_mappings": [
    ],
  • "auth_mode": "static",
  • "launch_url": "string",
  • "maximum_connections": -2147483648
}

rac_endpoints_update

Endpoint Viewset

Authorizations:
authentik
path Parameters
pbm_uuid
required
string <uuid>

A UUID string identifying this RAC Endpoint.

Request Body schema: application/json
required
name
required
string non-empty
provider
required
integer
protocol
required
string (ProtocolEnum)
Enum: "rdp" "vnc" "ssh"
host
required
string non-empty
settings
any
property_mappings
Array of strings <uuid> [ items <uuid > ]
auth_mode
required
string (AuthModeEnum)
Enum: "static" "prompt"
maximum_connections
integer [ -2147483648 .. 2147483647 ]

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "provider": 0,
  • "protocol": "rdp",
  • "host": "string",
  • "settings": null,
  • "property_mappings": [
    ],
  • "auth_mode": "static",
  • "maximum_connections": -2147483648
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "provider": 0,
  • "provider_obj": {
    },
  • "protocol": "rdp",
  • "host": "string",
  • "settings": null,
  • "property_mappings": [
    ],
  • "auth_mode": "static",
  • "launch_url": "string",
  • "maximum_connections": -2147483648
}

rac_endpoints_partial_update

Endpoint Viewset

Authorizations:
authentik
path Parameters
pbm_uuid
required
string <uuid>

A UUID string identifying this RAC Endpoint.

Request Body schema: application/json
name
string non-empty
provider
integer
protocol
string (ProtocolEnum)
Enum: "rdp" "vnc" "ssh"
host
string non-empty
settings
any
property_mappings
Array of strings <uuid> [ items <uuid > ]
auth_mode
string (AuthModeEnum)
Enum: "static" "prompt"
maximum_connections
integer [ -2147483648 .. 2147483647 ]

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "provider": 0,
  • "protocol": "rdp",
  • "host": "string",
  • "settings": null,
  • "property_mappings": [
    ],
  • "auth_mode": "static",
  • "maximum_connections": -2147483648
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "provider": 0,
  • "provider_obj": {
    },
  • "protocol": "rdp",
  • "host": "string",
  • "settings": null,
  • "property_mappings": [
    ],
  • "auth_mode": "static",
  • "launch_url": "string",
  • "maximum_connections": -2147483648
}

rac_endpoints_destroy

Endpoint Viewset

Authorizations:
authentik
path Parameters
pbm_uuid
required
string <uuid>

A UUID string identifying this RAC Endpoint.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

rac_endpoints_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
pbm_uuid
required
string <uuid>

A UUID string identifying this RAC Endpoint.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

rbac

rbac_permissions_list

Read-only list of all permissions, filterable by model and app

Authorizations:
authentik
query Parameters
codename
string
content_type__app_label
string
content_type__model
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

role
string
search
string

A search term.

user
integer

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

rbac_permissions_retrieve

Read-only list of all permissions, filterable by model and app

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this permission.

Responses

Response samples

Content type
application/json
{
  • "id": 0,
  • "name": "string",
  • "codename": "string",
  • "model": "string",
  • "app_label": "string",
  • "app_label_verbose": "string",
  • "model_verbose": "string"
}

rbac_permissions_assigned_by_roles_list

Get assigned object permissions for a single object

Authorizations:
authentik
query Parameters
model
required
string
Enum: "authentik_blueprints.blueprintinstance" "authentik_brands.brand" "authentik_core.application" "authentik_core.group" "authentik_core.token" "authentik_core.user" "authentik_crypto.certificatekeypair" "authentik_enterprise.license" "authentik_events.event" "authentik_events.notification" "authentik_events.notificationrule" "authentik_events.notificationtransport" "authentik_events.notificationwebhookmapping" "authentik_flows.flow" "authentik_flows.flowstagebinding" "authentik_outposts.dockerserviceconnection" "authentik_outposts.kubernetesserviceconnection" "authentik_outposts.outpost" "authentik_policies.policybinding" "authentik_policies_dummy.dummypolicy" "authentik_policies_event_matcher.eventmatcherpolicy" "authentik_policies_expiry.passwordexpirypolicy" "authentik_policies_expression.expressionpolicy" "authentik_policies_password.passwordpolicy" "authentik_policies_reputation.reputationpolicy" "authentik_providers_ldap.ldapprovider" "authentik_providers_oauth2.oauth2provider" "authentik_providers_oauth2.scopemapping" "authentik_providers_proxy.proxyprovider" "authentik_providers_rac.endpoint" "authentik_providers_rac.racpropertymapping" "authentik_providers_rac.racprovider" "authentik_providers_radius.radiusprovider" "authentik_providers_saml.samlpropertymapping" "authentik_providers_saml.samlprovider" "authentik_providers_scim.scimmapping" "authentik_providers_scim.scimprovider" "authentik_rbac.role" "authentik_sources_ldap.ldappropertymapping" "authentik_sources_ldap.ldapsource" "authentik_sources_oauth.oauthsource" "authentik_sources_oauth.useroauthsourceconnection" "authentik_sources_plex.plexsource" "authentik_sources_plex.plexsourceconnection" "authentik_sources_saml.samlsource" "authentik_sources_saml.usersamlsourceconnection" "authentik_sources_scim.scimsource" "authentik_stages_authenticator_duo.authenticatorduostage" "authentik_stages_authenticator_duo.duodevice" "authentik_stages_authenticator_sms.authenticatorsmsstage" "authentik_stages_authenticator_sms.smsdevice" "authentik_stages_authenticator_static.authenticatorstaticstage" "authentik_stages_authenticator_static.staticdevice" "authentik_stages_authenticator_totp.authenticatortotpstage" "authentik_stages_authenticator_totp.totpdevice" "authentik_stages_authenticator_validate.authenticatorvalidatestage" "authentik_stages_authenticator_webauthn.authenticatorwebauthnstage" "authentik_stages_authenticator_webauthn.webauthndevice" "authentik_stages_captcha.captchastage" "authentik_stages_consent.consentstage" "authentik_stages_consent.userconsent" "authentik_stages_deny.denystage" "authentik_stages_dummy.dummystage" "authentik_stages_email.emailstage" "authentik_stages_identification.identificationstage" "authentik_stages_invitation.invitation" "authentik_stages_invitation.invitationstage" "authentik_stages_password.passwordstage" "authentik_stages_prompt.prompt" "authentik_stages_prompt.promptstage" "authentik_stages_source.sourcestage" "authentik_stages_user_delete.userdeletestage" "authentik_stages_user_login.userloginstage" "authentik_stages_user_logout.userlogoutstage" "authentik_stages_user_write.userwritestage" "authentik_tenants.domain"
object_pk
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

rbac_permissions_assigned_by_roles_assign_create

Assign permission(s) to role. When object_pk is set, the permissions are only assigned to the specific object, otherwise they are assigned globally.

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Role.

Request Body schema: application/json
required
permissions
required
Array of strings[ items non-empty ]
model
string (ModelEnum)
Enum: "authentik_tenants.domain" "authentik_crypto.certificatekeypair" "authentik_flows.flow" "authentik_flows.flowstagebinding" "authentik_outposts.dockerserviceconnection" "authentik_outposts.kubernetesserviceconnection" "authentik_outposts.outpost" "authentik_policies_dummy.dummypolicy" "authentik_policies_event_matcher.eventmatcherpolicy" "authentik_policies_expiry.passwordexpirypolicy" "authentik_policies_expression.expressionpolicy" "authentik_policies_password.passwordpolicy" "authentik_policies_reputation.reputationpolicy" "authentik_policies.policybinding" "authentik_providers_ldap.ldapprovider" "authentik_providers_oauth2.scopemapping" "authentik_providers_oauth2.oauth2provider" "authentik_providers_proxy.proxyprovider" "authentik_providers_radius.radiusprovider" "authentik_providers_saml.samlprovider" "authentik_providers_saml.samlpropertymapping" "authentik_providers_scim.scimprovider" "authentik_providers_scim.scimmapping" "authentik_rbac.role" "authentik_sources_ldap.ldapsource" "authentik_sources_ldap.ldappropertymapping" "authentik_sources_oauth.oauthsource" "authentik_sources_oauth.useroauthsourceconnection" "authentik_sources_plex.plexsource" "authentik_sources_plex.plexsourceconnection" "authentik_sources_saml.samlsource" "authentik_sources_saml.usersamlsourceconnection" "authentik_sources_scim.scimsource" "authentik_stages_authenticator_duo.authenticatorduostage" "authentik_stages_authenticator_duo.duodevice" "authentik_stages_authenticator_sms.authenticatorsmsstage" "authentik_stages_authenticator_sms.smsdevice" "authentik_stages_authenticator_static.authenticatorstaticstage" "authentik_stages_authenticator_static.staticdevice" "authentik_stages_authenticator_totp.authenticatortotpstage" "authentik_stages_authenticator_totp.totpdevice" "authentik_stages_authenticator_validate.authenticatorvalidatestage" "authentik_stages_authenticator_webauthn.authenticatorwebauthnstage" "authentik_stages_authenticator_webauthn.webauthndevice" "authentik_stages_captcha.captchastage" "authentik_stages_consent.consentstage" "authentik_stages_consent.userconsent" "authentik_stages_deny.denystage" "authentik_stages_dummy.dummystage" "authentik_stages_email.emailstage" "authentik_stages_identification.identificationstage" "authentik_stages_invitation.invitationstage" "authentik_stages_invitation.invitation" "authentik_stages_password.passwordstage" "authentik_stages_prompt.prompt" "authentik_stages_prompt.promptstage" "authentik_stages_user_delete.userdeletestage" "authentik_stages_user_login.userloginstage" "authentik_stages_user_logout.userlogoutstage" "authentik_stages_user_write.userwritestage" "authentik_brands.brand" "authentik_blueprints.blueprintinstance" "authentik_core.group" "authentik_core.user" "authentik_core.application" "authentik_core.token" "authentik_enterprise.license" "authentik_providers_rac.racprovider" "authentik_providers_rac.endpoint" "authentik_providers_rac.racpropertymapping" "authentik_stages_source.sourcestage" "authentik_events.event" "authentik_events.notificationtransport" "authentik_events.notification" "authentik_events.notificationrule" "authentik_events.notificationwebhookmapping"
object_pk
string non-empty

Responses

Request samples

Content type
application/json
{
  • "permissions": [
    ],
  • "model": "authentik_tenants.domain",
  • "object_pk": "string"
}

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

rbac_permissions_assigned_by_roles_unassign_partial_update

Unassign permission(s) to role. When object_pk is set, the permissions are only assigned to the specific object, otherwise they are assigned globally.

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Role.

Request Body schema: application/json
permissions
Array of strings[ items non-empty ]
model
string (ModelEnum)
Enum: "authentik_tenants.domain" "authentik_crypto.certificatekeypair" "authentik_flows.flow" "authentik_flows.flowstagebinding" "authentik_outposts.dockerserviceconnection" "authentik_outposts.kubernetesserviceconnection" "authentik_outposts.outpost" "authentik_policies_dummy.dummypolicy" "authentik_policies_event_matcher.eventmatcherpolicy" "authentik_policies_expiry.passwordexpirypolicy" "authentik_policies_expression.expressionpolicy" "authentik_policies_password.passwordpolicy" "authentik_policies_reputation.reputationpolicy" "authentik_policies.policybinding" "authentik_providers_ldap.ldapprovider" "authentik_providers_oauth2.scopemapping" "authentik_providers_oauth2.oauth2provider" "authentik_providers_proxy.proxyprovider" "authentik_providers_radius.radiusprovider" "authentik_providers_saml.samlprovider" "authentik_providers_saml.samlpropertymapping" "authentik_providers_scim.scimprovider" "authentik_providers_scim.scimmapping" "authentik_rbac.role" "authentik_sources_ldap.ldapsource" "authentik_sources_ldap.ldappropertymapping" "authentik_sources_oauth.oauthsource" "authentik_sources_oauth.useroauthsourceconnection" "authentik_sources_plex.plexsource" "authentik_sources_plex.plexsourceconnection" "authentik_sources_saml.samlsource" "authentik_sources_saml.usersamlsourceconnection" "authentik_sources_scim.scimsource" "authentik_stages_authenticator_duo.authenticatorduostage" "authentik_stages_authenticator_duo.duodevice" "authentik_stages_authenticator_sms.authenticatorsmsstage" "authentik_stages_authenticator_sms.smsdevice" "authentik_stages_authenticator_static.authenticatorstaticstage" "authentik_stages_authenticator_static.staticdevice" "authentik_stages_authenticator_totp.authenticatortotpstage" "authentik_stages_authenticator_totp.totpdevice" "authentik_stages_authenticator_validate.authenticatorvalidatestage" "authentik_stages_authenticator_webauthn.authenticatorwebauthnstage" "authentik_stages_authenticator_webauthn.webauthndevice" "authentik_stages_captcha.captchastage" "authentik_stages_consent.consentstage" "authentik_stages_consent.userconsent" "authentik_stages_deny.denystage" "authentik_stages_dummy.dummystage" "authentik_stages_email.emailstage" "authentik_stages_identification.identificationstage" "authentik_stages_invitation.invitationstage" "authentik_stages_invitation.invitation" "authentik_stages_password.passwordstage" "authentik_stages_prompt.prompt" "authentik_stages_prompt.promptstage" "authentik_stages_user_delete.userdeletestage" "authentik_stages_user_login.userloginstage" "authentik_stages_user_logout.userlogoutstage" "authentik_stages_user_write.userwritestage" "authentik_brands.brand" "authentik_blueprints.blueprintinstance" "authentik_core.group" "authentik_core.user" "authentik_core.application" "authentik_core.token" "authentik_enterprise.license" "authentik_providers_rac.racprovider" "authentik_providers_rac.endpoint" "authentik_providers_rac.racpropertymapping" "authentik_stages_source.sourcestage" "authentik_events.event" "authentik_events.notificationtransport" "authentik_events.notification" "authentik_events.notificationrule" "authentik_events.notificationwebhookmapping"
object_pk
string non-empty

Responses

Request samples

Content type
application/json
{
  • "permissions": [
    ],
  • "model": "authentik_tenants.domain",
  • "object_pk": "string"
}

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

rbac_permissions_assigned_by_users_list

Get assigned object permissions for a single object

Authorizations:
authentik
query Parameters
model
required
string
Enum: "authentik_blueprints.blueprintinstance" "authentik_brands.brand" "authentik_core.application" "authentik_core.group" "authentik_core.token" "authentik_core.user" "authentik_crypto.certificatekeypair" "authentik_enterprise.license" "authentik_events.event" "authentik_events.notification" "authentik_events.notificationrule" "authentik_events.notificationtransport" "authentik_events.notificationwebhookmapping" "authentik_flows.flow" "authentik_flows.flowstagebinding" "authentik_outposts.dockerserviceconnection" "authentik_outposts.kubernetesserviceconnection" "authentik_outposts.outpost" "authentik_policies.policybinding" "authentik_policies_dummy.dummypolicy" "authentik_policies_event_matcher.eventmatcherpolicy" "authentik_policies_expiry.passwordexpirypolicy" "authentik_policies_expression.expressionpolicy" "authentik_policies_password.passwordpolicy" "authentik_policies_reputation.reputationpolicy" "authentik_providers_ldap.ldapprovider" "authentik_providers_oauth2.oauth2provider" "authentik_providers_oauth2.scopemapping" "authentik_providers_proxy.proxyprovider" "authentik_providers_rac.endpoint" "authentik_providers_rac.racpropertymapping" "authentik_providers_rac.racprovider" "authentik_providers_radius.radiusprovider" "authentik_providers_saml.samlpropertymapping" "authentik_providers_saml.samlprovider" "authentik_providers_scim.scimmapping" "authentik_providers_scim.scimprovider" "authentik_rbac.role" "authentik_sources_ldap.ldappropertymapping" "authentik_sources_ldap.ldapsource" "authentik_sources_oauth.oauthsource" "authentik_sources_oauth.useroauthsourceconnection" "authentik_sources_plex.plexsource" "authentik_sources_plex.plexsourceconnection" "authentik_sources_saml.samlsource" "authentik_sources_saml.usersamlsourceconnection" "authentik_sources_scim.scimsource" "authentik_stages_authenticator_duo.authenticatorduostage" "authentik_stages_authenticator_duo.duodevice" "authentik_stages_authenticator_sms.authenticatorsmsstage" "authentik_stages_authenticator_sms.smsdevice" "authentik_stages_authenticator_static.authenticatorstaticstage" "authentik_stages_authenticator_static.staticdevice" "authentik_stages_authenticator_totp.authenticatortotpstage" "authentik_stages_authenticator_totp.totpdevice" "authentik_stages_authenticator_validate.authenticatorvalidatestage" "authentik_stages_authenticator_webauthn.authenticatorwebauthnstage" "authentik_stages_authenticator_webauthn.webauthndevice" "authentik_stages_captcha.captchastage" "authentik_stages_consent.consentstage" "authentik_stages_consent.userconsent" "authentik_stages_deny.denystage" "authentik_stages_dummy.dummystage" "authentik_stages_email.emailstage" "authentik_stages_identification.identificationstage" "authentik_stages_invitation.invitation" "authentik_stages_invitation.invitationstage" "authentik_stages_password.passwordstage" "authentik_stages_prompt.prompt" "authentik_stages_prompt.promptstage" "authentik_stages_source.sourcestage" "authentik_stages_user_delete.userdeletestage" "authentik_stages_user_login.userloginstage" "authentik_stages_user_logout.userlogoutstage" "authentik_stages_user_write.userwritestage" "authentik_tenants.domain"
object_pk
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

rbac_permissions_assigned_by_users_assign_create

Assign permission(s) to user

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this User.

Request Body schema: application/json
required
permissions
required
Array of strings[ items non-empty ]
model
string (ModelEnum)
Enum: "authentik_tenants.domain" "authentik_crypto.certificatekeypair" "authentik_flows.flow" "authentik_flows.flowstagebinding" "authentik_outposts.dockerserviceconnection" "authentik_outposts.kubernetesserviceconnection" "authentik_outposts.outpost" "authentik_policies_dummy.dummypolicy" "authentik_policies_event_matcher.eventmatcherpolicy" "authentik_policies_expiry.passwordexpirypolicy" "authentik_policies_expression.expressionpolicy" "authentik_policies_password.passwordpolicy" "authentik_policies_reputation.reputationpolicy" "authentik_policies.policybinding" "authentik_providers_ldap.ldapprovider" "authentik_providers_oauth2.scopemapping" "authentik_providers_oauth2.oauth2provider" "authentik_providers_proxy.proxyprovider" "authentik_providers_radius.radiusprovider" "authentik_providers_saml.samlprovider" "authentik_providers_saml.samlpropertymapping" "authentik_providers_scim.scimprovider" "authentik_providers_scim.scimmapping" "authentik_rbac.role" "authentik_sources_ldap.ldapsource" "authentik_sources_ldap.ldappropertymapping" "authentik_sources_oauth.oauthsource" "authentik_sources_oauth.useroauthsourceconnection" "authentik_sources_plex.plexsource" "authentik_sources_plex.plexsourceconnection" "authentik_sources_saml.samlsource" "authentik_sources_saml.usersamlsourceconnection" "authentik_sources_scim.scimsource" "authentik_stages_authenticator_duo.authenticatorduostage" "authentik_stages_authenticator_duo.duodevice" "authentik_stages_authenticator_sms.authenticatorsmsstage" "authentik_stages_authenticator_sms.smsdevice" "authentik_stages_authenticator_static.authenticatorstaticstage" "authentik_stages_authenticator_static.staticdevice" "authentik_stages_authenticator_totp.authenticatortotpstage" "authentik_stages_authenticator_totp.totpdevice" "authentik_stages_authenticator_validate.authenticatorvalidatestage" "authentik_stages_authenticator_webauthn.authenticatorwebauthnstage" "authentik_stages_authenticator_webauthn.webauthndevice" "authentik_stages_captcha.captchastage" "authentik_stages_consent.consentstage" "authentik_stages_consent.userconsent" "authentik_stages_deny.denystage" "authentik_stages_dummy.dummystage" "authentik_stages_email.emailstage" "authentik_stages_identification.identificationstage" "authentik_stages_invitation.invitationstage" "authentik_stages_invitation.invitation" "authentik_stages_password.passwordstage" "authentik_stages_prompt.prompt" "authentik_stages_prompt.promptstage" "authentik_stages_user_delete.userdeletestage" "authentik_stages_user_login.userloginstage" "authentik_stages_user_logout.userlogoutstage" "authentik_stages_user_write.userwritestage" "authentik_brands.brand" "authentik_blueprints.blueprintinstance" "authentik_core.group" "authentik_core.user" "authentik_core.application" "authentik_core.token" "authentik_enterprise.license" "authentik_providers_rac.racprovider" "authentik_providers_rac.endpoint" "authentik_providers_rac.racpropertymapping" "authentik_stages_source.sourcestage" "authentik_events.event" "authentik_events.notificationtransport" "authentik_events.notification" "authentik_events.notificationrule" "authentik_events.notificationwebhookmapping"
object_pk
string non-empty

Responses

Request samples

Content type
application/json
{
  • "permissions": [
    ],
  • "model": "authentik_tenants.domain",
  • "object_pk": "string"
}

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

rbac_permissions_assigned_by_users_unassign_partial_update

Unassign permission(s) to user. When object_pk is set, the permissions are only assigned to the specific object, otherwise they are assigned globally.

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this User.

Request Body schema: application/json
permissions
Array of strings[ items non-empty ]
model
string (ModelEnum)
Enum: "authentik_tenants.domain" "authentik_crypto.certificatekeypair" "authentik_flows.flow" "authentik_flows.flowstagebinding" "authentik_outposts.dockerserviceconnection" "authentik_outposts.kubernetesserviceconnection" "authentik_outposts.outpost" "authentik_policies_dummy.dummypolicy" "authentik_policies_event_matcher.eventmatcherpolicy" "authentik_policies_expiry.passwordexpirypolicy" "authentik_policies_expression.expressionpolicy" "authentik_policies_password.passwordpolicy" "authentik_policies_reputation.reputationpolicy" "authentik_policies.policybinding" "authentik_providers_ldap.ldapprovider" "authentik_providers_oauth2.scopemapping" "authentik_providers_oauth2.oauth2provider" "authentik_providers_proxy.proxyprovider" "authentik_providers_radius.radiusprovider" "authentik_providers_saml.samlprovider" "authentik_providers_saml.samlpropertymapping" "authentik_providers_scim.scimprovider" "authentik_providers_scim.scimmapping" "authentik_rbac.role" "authentik_sources_ldap.ldapsource" "authentik_sources_ldap.ldappropertymapping" "authentik_sources_oauth.oauthsource" "authentik_sources_oauth.useroauthsourceconnection" "authentik_sources_plex.plexsource" "authentik_sources_plex.plexsourceconnection" "authentik_sources_saml.samlsource" "authentik_sources_saml.usersamlsourceconnection" "authentik_sources_scim.scimsource" "authentik_stages_authenticator_duo.authenticatorduostage" "authentik_stages_authenticator_duo.duodevice" "authentik_stages_authenticator_sms.authenticatorsmsstage" "authentik_stages_authenticator_sms.smsdevice" "authentik_stages_authenticator_static.authenticatorstaticstage" "authentik_stages_authenticator_static.staticdevice" "authentik_stages_authenticator_totp.authenticatortotpstage" "authentik_stages_authenticator_totp.totpdevice" "authentik_stages_authenticator_validate.authenticatorvalidatestage" "authentik_stages_authenticator_webauthn.authenticatorwebauthnstage" "authentik_stages_authenticator_webauthn.webauthndevice" "authentik_stages_captcha.captchastage" "authentik_stages_consent.consentstage" "authentik_stages_consent.userconsent" "authentik_stages_deny.denystage" "authentik_stages_dummy.dummystage" "authentik_stages_email.emailstage" "authentik_stages_identification.identificationstage" "authentik_stages_invitation.invitationstage" "authentik_stages_invitation.invitation" "authentik_stages_password.passwordstage" "authentik_stages_prompt.prompt" "authentik_stages_prompt.promptstage" "authentik_stages_user_delete.userdeletestage" "authentik_stages_user_login.userloginstage" "authentik_stages_user_logout.userlogoutstage" "authentik_stages_user_write.userwritestage" "authentik_brands.brand" "authentik_blueprints.blueprintinstance" "authentik_core.group" "authentik_core.user" "authentik_core.application" "authentik_core.token" "authentik_enterprise.license" "authentik_providers_rac.racprovider" "authentik_providers_rac.endpoint" "authentik_providers_rac.racpropertymapping" "authentik_stages_source.sourcestage" "authentik_events.event" "authentik_events.notificationtransport" "authentik_events.notification" "authentik_events.notificationrule" "authentik_events.notificationwebhookmapping"
object_pk
string non-empty

Responses

Request samples

Content type
application/json
{
  • "permissions": [
    ],
  • "model": "authentik_tenants.domain",
  • "object_pk": "string"
}

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

rbac_permissions_roles_list

Get a role's assigned object permissions

Authorizations:
authentik
query Parameters
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

uuid
required
string <uuid>

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

rbac_permissions_users_list

Get a users's assigned object permissions

Authorizations:
authentik
query Parameters
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

user_id
required
integer

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

rbac_roles_list

Role viewset

Authorizations:
authentik
query Parameters
group__name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

rbac_roles_create

Role viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string [ 1 .. 150 ] characters

Responses

Request samples

Content type
application/json
{
  • "name": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string"
}

rbac_roles_retrieve

Role viewset

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Role.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string"
}

rbac_roles_update

Role viewset

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Role.

Request Body schema: application/json
required
name
required
string [ 1 .. 150 ] characters

Responses

Request samples

Content type
application/json
{
  • "name": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string"
}

rbac_roles_partial_update

Role viewset

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Role.

Request Body schema: application/json
name
string [ 1 .. 150 ] characters

Responses

Request samples

Content type
application/json
{
  • "name": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string"
}

rbac_roles_destroy

Role viewset

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Role.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

rbac_roles_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
uuid
required
string <uuid>

A UUID string identifying this Role.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

root

root_config_retrieve

Retrieve public configuration options

Authorizations:
authentikNone

Responses

Response samples

Content type
application/json
{
  • "error_reporting": {
    },
  • "capabilities": [
    ],
  • "cache_timeout": 0,
  • "cache_timeout_flows": 0,
  • "cache_timeout_policies": 0,
  • "cache_timeout_reputation": 0
}

schema

schema_retrieve

OpenApi3 schema for this API. Format can be selected via content negotiation.

  • YAML: application/vnd.oai.openapi
  • JSON: application/vnd.oai.openapi+json
Authorizations:
authentikNone
query Parameters
format
string
Enum: "json" "yaml"
lang
string
Enum: "af" "ar" "ar-dz" "ast" "az" "be" "bg" "bn" "br" "bs" "ca" "ckb" "cs" "cy" "da" "de" "dsb" "el" "en" "en-au" "en-gb" "eo" "es" "es-ar" "es-co" "es-mx" "es-ni" "es-ve" "et" "eu" "fa" "fi" "fr" "fy" "ga" "gd" "gl" "he" "hi" "hr" "hsb" "hu" "hy" "ia" "id" "ig" "io" "is" "it" "ja" "ka" "kab" "kk" "km" "kn" "ko" "ky" "lb" "lt" "lv" "mk" "ml" "mn" "mr" "ms" "my" "nb" "ne" "nl" "nn" "os" "pa" "pl" "pt" "pt-br" "ro" "ru" "sk" "sl" "sq" "sr" "sr-latn" "sv" "sw" "ta" "te" "tg" "th" "tk" "tr" "tt" "udm" "ug" "uk" "ur" "uz" "vi" "zh-hans" "zh-hant"

Responses

Response samples

Content type
No sample

sources

sources_all_list

Source Viewset

Authorizations:
authentik
query Parameters
managed
string
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

slug
string

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

sources_all_retrieve

Source Viewset

Authorizations:
authentik
path Parameters
slug
required
string

Internal source name, used in URLs.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "slug": "string",
  • "enabled": true,
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "policy_engine_mode": "all",
  • "user_matching_mode": "identifier",
  • "managed": "string",
  • "user_path_template": "string",
  • "icon": "string"
}

sources_all_destroy

Source Viewset

Authorizations:
authentik
path Parameters
slug
required
string

Internal source name, used in URLs.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

sources_all_set_icon_create

Set source icon

Authorizations:
authentik
path Parameters
slug
required
string

Internal source name, used in URLs.

Request Body schema: multipart/form-data
file
string <binary>
clear
boolean
Default: false

Responses

Response samples

Content type
application/json
{
  • "detail": "string",
  • "code": "string"
}

sources_all_set_icon_url_create

Set source icon (as URL)

Authorizations:
authentik
path Parameters
slug
required
string

Internal source name, used in URLs.

Request Body schema: application/json
required
url
required
string non-empty

Responses

Request samples

Content type
application/json
{
  • "url": "string"
}

Response samples

Content type
application/json
{
  • "detail": "string",
  • "code": "string"
}

sources_all_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
slug
required
string

Internal source name, used in URLs.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

sources_all_types_list

Get all creatable source types

Authorizations:
authentik

Responses

Response samples

Content type
application/json
[
  • {
    }
]

sources_all_user_settings_list

Get all sources the user can configure

Authorizations:
authentik

Responses

Response samples

Content type
application/json
[
  • {
    }
]

sources_ldap_list

LDAP Source Viewset

Authorizations:
authentik
query Parameters
additional_group_dn
string
additional_user_dn
string
base_dn
string
bind_cn
string
client_certificate
string <uuid>
enabled
boolean
group_membership_field
string
group_object_filter
string
name
string
object_uniqueness_field
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

password_login_update_internal_password
boolean
peer_certificate
string <uuid>
property_mappings
Array of strings <uuid> [ items <uuid > ]
property_mappings_group
Array of strings <uuid> [ items <uuid > ]
search
string

A search term.

server_uri
string
slug
string
sni
boolean
start_tls
boolean
sync_groups
boolean
sync_parent_group
string <uuid>
sync_users
boolean
sync_users_password
boolean
user_object_filter
string

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

sources_ldap_create

LDAP Source Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty

Source's display Name.

slug
required
string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$

Internal source name, used in URLs.

enabled
boolean
authentication_flow
string or null <uuid>

Flow to use when authenticating existing users.

enrollment_flow
string or null <uuid>

Flow to use when enrolling new users.

policy_engine_mode
string (PolicyEngineMode)
Enum: "all" "any"
user_matching_mode
string
Enum: "identifier" "email_link" "email_deny" "username_link" "username_deny"

How the source determines if an existing user should be authenticated or a new user enrolled.

user_path_template
string non-empty
server_uri
required
string <uri> non-empty
peer_certificate
string or null <uuid>

Optionally verify the LDAP Server's Certificate against the CA Chain in this keypair.

client_certificate
string or null <uuid>

Client certificate to authenticate against the LDAP Server's Certificate.

bind_cn
string
bind_password
string
start_tls
boolean (Enable Start TLS)
sni
boolean (Use Server URI for SNI verification)
base_dn
required
string non-empty
additional_user_dn
string (Addition User DN)

Prepended to Base DN for User-queries.

additional_group_dn
string (Addition Group DN)

Prepended to Base DN for Group-queries.

user_object_filter
string non-empty

Consider Objects matching this filter to be Users.

group_object_filter
string non-empty

Consider Objects matching this filter to be Groups.

group_membership_field
string non-empty

Field which contains members of a group.

object_uniqueness_field
string non-empty

Field which contains a unique Identifier.

password_login_update_internal_password
boolean

Update internal authentik password when login succeeds with LDAP

sync_users
boolean
sync_users_password
boolean

When a user changes their password, sync it back to LDAP. This can only be enabled on a single LDAP source.

sync_groups
boolean
sync_parent_group
string or null <uuid>
property_mappings
Array of strings <uuid> [ items <uuid > ]
property_mappings_group
Array of strings <uuid> [ items <uuid > ]

Property mappings used for group creation/updating.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "slug": "string",
  • "enabled": true,
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
  • "policy_engine_mode": "all",
  • "user_matching_mode": "identifier",
  • "user_path_template": "string",
  • "server_uri": "http://example.com",
  • "peer_certificate": "c7d691e9-2e1b-4056-8d98-41cfb97738a9",
  • "client_certificate": "5ccdc3a5-2005-4740-9e5f-d47c3a0bb418",
  • "bind_cn": "string",
  • "bind_password": "string",
  • "start_tls": true,
  • "sni": true,
  • "base_dn": "string",
  • "additional_user_dn": "string",
  • "additional_group_dn": "string",
  • "user_object_filter": "string",
  • "group_object_filter": "string",
  • "group_membership_field": "string",
  • "object_uniqueness_field": "string",
  • "password_login_update_internal_password": true,
  • "sync_users": true,
  • "sync_users_password": true,
  • "sync_groups": true,
  • "sync_parent_group": "45e76c5d-d86c-4b68-9230-81ee95bc199a",
  • "property_mappings": [
    ],
  • "property_mappings_group": [
    ]
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "slug": "string",
  • "enabled": true,
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "policy_engine_mode": "all",
  • "user_matching_mode": "identifier",
  • "managed": "string",
  • "user_path_template": "string",
  • "icon": "string",
  • "server_uri": "http://example.com",
  • "peer_certificate": "c7d691e9-2e1b-4056-8d98-41cfb97738a9",
  • "client_certificate": "5ccdc3a5-2005-4740-9e5f-d47c3a0bb418",
  • "bind_cn": "string",
  • "start_tls": true,
  • "sni": true,
  • "base_dn": "string",
  • "additional_user_dn": "string",
  • "additional_group_dn": "string",
  • "user_object_filter": "string",
  • "group_object_filter": "string",
  • "group_membership_field": "string",
  • "object_uniqueness_field": "string",
  • "password_login_update_internal_password": true,
  • "sync_users": true,
  • "sync_users_password": true,
  • "sync_groups": true,
  • "sync_parent_group": "45e76c5d-d86c-4b68-9230-81ee95bc199a",
  • "property_mappings": [
    ],
  • "property_mappings_group": [
    ],
  • "connectivity": {
    }
}

sources_ldap_retrieve

LDAP Source Viewset

Authorizations:
authentik
path Parameters
slug
required
string

Internal source name, used in URLs.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "slug": "string",
  • "enabled": true,
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "policy_engine_mode": "all",
  • "user_matching_mode": "identifier",
  • "managed": "string",
  • "user_path_template": "string",
  • "icon": "string",
  • "server_uri": "http://example.com",
  • "peer_certificate": "c7d691e9-2e1b-4056-8d98-41cfb97738a9",
  • "client_certificate": "5ccdc3a5-2005-4740-9e5f-d47c3a0bb418",
  • "bind_cn": "string",
  • "start_tls": true,
  • "sni": true,
  • "base_dn": "string",
  • "additional_user_dn": "string",
  • "additional_group_dn": "string",
  • "user_object_filter": "string",
  • "group_object_filter": "string",
  • "group_membership_field": "string",
  • "object_uniqueness_field": "string",
  • "password_login_update_internal_password": true,
  • "sync_users": true,
  • "sync_users_password": true,
  • "sync_groups": true,
  • "sync_parent_group": "45e76c5d-d86c-4b68-9230-81ee95bc199a",
  • "property_mappings": [
    ],
  • "property_mappings_group": [
    ],
  • "connectivity": {
    }
}

sources_ldap_update

LDAP Source Viewset

Authorizations:
authentik
path Parameters
slug
required
string

Internal source name, used in URLs.

Request Body schema: application/json
required
name
required
string non-empty

Source's display Name.

slug
required
string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$

Internal source name, used in URLs.

enabled
boolean
authentication_flow
string or null <uuid>

Flow to use when authenticating existing users.

enrollment_flow
string or null <uuid>

Flow to use when enrolling new users.

policy_engine_mode
string (PolicyEngineMode)
Enum: "all" "any"
user_matching_mode
string
Enum: "identifier" "email_link" "email_deny" "username_link" "username_deny"

How the source determines if an existing user should be authenticated or a new user enrolled.

user_path_template
string non-empty
server_uri
required
string <uri> non-empty
peer_certificate
string or null <uuid>

Optionally verify the LDAP Server's Certificate against the CA Chain in this keypair.

client_certificate
string or null <uuid>

Client certificate to authenticate against the LDAP Server's Certificate.

bind_cn
string
bind_password
string
start_tls
boolean (Enable Start TLS)
sni
boolean (Use Server URI for SNI verification)
base_dn
required
string non-empty
additional_user_dn
string (Addition User DN)

Prepended to Base DN for User-queries.

additional_group_dn
string (Addition Group DN)

Prepended to Base DN for Group-queries.

user_object_filter
string non-empty

Consider Objects matching this filter to be Users.

group_object_filter
string non-empty

Consider Objects matching this filter to be Groups.

group_membership_field
string non-empty

Field which contains members of a group.

object_uniqueness_field
string non-empty

Field which contains a unique Identifier.

password_login_update_internal_password
boolean

Update internal authentik password when login succeeds with LDAP

sync_users
boolean
sync_users_password
boolean

When a user changes their password, sync it back to LDAP. This can only be enabled on a single LDAP source.

sync_groups
boolean
sync_parent_group
string or null <uuid>
property_mappings
Array of strings <uuid> [ items <uuid > ]
property_mappings_group
Array of strings <uuid> [ items <uuid > ]

Property mappings used for group creation/updating.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "slug": "string",
  • "enabled": true,
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
  • "policy_engine_mode": "all",
  • "user_matching_mode": "identifier",
  • "user_path_template": "string",
  • "server_uri": "http://example.com",
  • "peer_certificate": "c7d691e9-2e1b-4056-8d98-41cfb97738a9",
  • "client_certificate": "5ccdc3a5-2005-4740-9e5f-d47c3a0bb418",
  • "bind_cn": "string",
  • "bind_password": "string",
  • "start_tls": true,
  • "sni": true,
  • "base_dn": "string",
  • "additional_user_dn": "string",
  • "additional_group_dn": "string",
  • "user_object_filter": "string",
  • "group_object_filter": "string",
  • "group_membership_field": "string",
  • "object_uniqueness_field": "string",
  • "password_login_update_internal_password": true,
  • "sync_users": true,
  • "sync_users_password": true,
  • "sync_groups": true,
  • "sync_parent_group": "45e76c5d-d86c-4b68-9230-81ee95bc199a",
  • "property_mappings": [
    ],
  • "property_mappings_group": [
    ]
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "slug": "string",
  • "enabled": true,
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "policy_engine_mode": "all",
  • "user_matching_mode": "identifier",
  • "managed": "string",
  • "user_path_template": "string",
  • "icon": "string",
  • "server_uri": "http://example.com",
  • "peer_certificate": "c7d691e9-2e1b-4056-8d98-41cfb97738a9",
  • "client_certificate": "5ccdc3a5-2005-4740-9e5f-d47c3a0bb418",
  • "bind_cn": "string",
  • "start_tls": true,
  • "sni": true,
  • "base_dn": "string",
  • "additional_user_dn": "string",
  • "additional_group_dn": "string",
  • "user_object_filter": "string",
  • "group_object_filter": "string",
  • "group_membership_field": "string",
  • "object_uniqueness_field": "string",
  • "password_login_update_internal_password": true,
  • "sync_users": true,
  • "sync_users_password": true,
  • "sync_groups": true,
  • "sync_parent_group": "45e76c5d-d86c-4b68-9230-81ee95bc199a",
  • "property_mappings": [
    ],
  • "property_mappings_group": [
    ],
  • "connectivity": {
    }
}

sources_ldap_partial_update

LDAP Source Viewset

Authorizations:
authentik
path Parameters
slug
required
string

Internal source name, used in URLs.

Request Body schema: application/json
name
string non-empty

Source's display Name.

slug
string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$

Internal source name, used in URLs.

enabled
boolean
authentication_flow
string or null <uuid>

Flow to use when authenticating existing users.

enrollment_flow
string or null <uuid>

Flow to use when enrolling new users.

policy_engine_mode
string (PolicyEngineMode)
Enum: "all" "any"
user_matching_mode
string
Enum: "identifier" "email_link" "email_deny" "username_link" "username_deny"

How the source determines if an existing user should be authenticated or a new user enrolled.

user_path_template
string non-empty
server_uri
string <uri> non-empty
peer_certificate
string or null <uuid>

Optionally verify the LDAP Server's Certificate against the CA Chain in this keypair.

client_certificate
string or null <uuid>

Client certificate to authenticate against the LDAP Server's Certificate.

bind_cn
string
bind_password
string
start_tls
boolean (Enable Start TLS)
sni
boolean (Use Server URI for SNI verification)
base_dn
string non-empty
additional_user_dn
string (Addition User DN)

Prepended to Base DN for User-queries.

additional_group_dn
string (Addition Group DN)

Prepended to Base DN for Group-queries.

user_object_filter
string non-empty

Consider Objects matching this filter to be Users.

group_object_filter
string non-empty

Consider Objects matching this filter to be Groups.

group_membership_field
string non-empty

Field which contains members of a group.

object_uniqueness_field
string non-empty

Field which contains a unique Identifier.

password_login_update_internal_password
boolean

Update internal authentik password when login succeeds with LDAP

sync_users
boolean
sync_users_password
boolean

When a user changes their password, sync it back to LDAP. This can only be enabled on a single LDAP source.

sync_groups
boolean
sync_parent_group
string or null <uuid>
property_mappings
Array of strings <uuid> [ items <uuid > ]
property_mappings_group
Array of strings <uuid> [ items <uuid > ]

Property mappings used for group creation/updating.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "slug": "string",
  • "enabled": true,
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
  • "policy_engine_mode": "all",
  • "user_matching_mode": "identifier",
  • "user_path_template": "string",
  • "server_uri": "http://example.com",
  • "peer_certificate": "c7d691e9-2e1b-4056-8d98-41cfb97738a9",
  • "client_certificate": "5ccdc3a5-2005-4740-9e5f-d47c3a0bb418",
  • "bind_cn": "string",
  • "bind_password": "string",
  • "start_tls": true,
  • "sni": true,
  • "base_dn": "string",
  • "additional_user_dn": "string",
  • "additional_group_dn": "string",
  • "user_object_filter": "string",
  • "group_object_filter": "string",
  • "group_membership_field": "string",
  • "object_uniqueness_field": "string",
  • "password_login_update_internal_password": true,
  • "sync_users": true,
  • "sync_users_password": true,
  • "sync_groups": true,
  • "sync_parent_group": "45e76c5d-d86c-4b68-9230-81ee95bc199a",
  • "property_mappings": [
    ],
  • "property_mappings_group": [
    ]
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "slug": "string",
  • "enabled": true,
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "policy_engine_mode": "all",
  • "user_matching_mode": "identifier",
  • "managed": "string",
  • "user_path_template": "string",
  • "icon": "string",
  • "server_uri": "http://example.com",
  • "peer_certificate": "c7d691e9-2e1b-4056-8d98-41cfb97738a9",
  • "client_certificate": "5ccdc3a5-2005-4740-9e5f-d47c3a0bb418",
  • "bind_cn": "string",
  • "start_tls": true,
  • "sni": true,
  • "base_dn": "string",
  • "additional_user_dn": "string",
  • "additional_group_dn": "string",
  • "user_object_filter": "string",
  • "group_object_filter": "string",
  • "group_membership_field": "string",
  • "object_uniqueness_field": "string",
  • "password_login_update_internal_password": true,
  • "sync_users": true,
  • "sync_users_password": true,
  • "sync_groups": true,
  • "sync_parent_group": "45e76c5d-d86c-4b68-9230-81ee95bc199a",
  • "property_mappings": [
    ],
  • "property_mappings_group": [
    ],
  • "connectivity": {
    }
}

sources_ldap_destroy

LDAP Source Viewset

Authorizations:
authentik
path Parameters
slug
required
string

Internal source name, used in URLs.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

sources_ldap_debug_retrieve

Get raw LDAP data to debug

Authorizations:
authentik
path Parameters
slug
required
string

Internal source name, used in URLs.

Responses

Response samples

Content type
application/json
{
  • "user": [
    ],
  • "group": [
    ],
  • "membership": [
    ]
}

sources_ldap_sync_status_retrieve

Get source's sync status

Authorizations:
authentik
path Parameters
slug
required
string

Internal source name, used in URLs.

Responses

Response samples

Content type
application/json
{
  • "is_running": true,
  • "tasks": [
    ]
}

sources_ldap_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
slug
required
string

Internal source name, used in URLs.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

sources_oauth_list

Source Viewset

Authorizations:
authentik
query Parameters
access_token_url
string
additional_scopes
string
authentication_flow
string <uuid>
authorization_url
string
consumer_key
string
enabled
boolean
enrollment_flow
string <uuid>
has_jwks
boolean

Only return sources with JWKS data

name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

policy_engine_mode
string
Enum: "all" "any"
profile_url
string
provider_type
string
request_token_url
string
search
string

A search term.

slug
string
user_matching_mode
string
Enum: "email_deny" "email_link" "identifier" "username_deny" "username_link"

How the source determines if an existing user should be authenticated or a new user enrolled.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

sources_oauth_create

Source Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty

Source's display Name.

slug
required
string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$

Internal source name, used in URLs.

enabled
boolean
authentication_flow
string or null <uuid>

Flow to use when authenticating existing users.

enrollment_flow
string or null <uuid>

Flow to use when enrolling new users.

policy_engine_mode
string (PolicyEngineMode)
Enum: "all" "any"
user_matching_mode
string
Enum: "identifier" "email_link" "email_deny" "username_link" "username_deny"

How the source determines if an existing user should be authenticated or a new user enrolled.

user_path_template
string non-empty
provider_type
required
string (ProviderTypeEnum)
Enum: "apple" "openidconnect" "azuread" "discord" "facebook" "github" "gitlab" "google" "mailcow" "okta" "patreon" "reddit" "twitch" "twitter"
request_token_url
string or null <= 255 characters

URL used to request the initial token. This URL is only required for OAuth 1.

authorization_url
string or null <= 255 characters

URL the user is redirect to to conest the flow.

access_token_url
string or null <= 255 characters

URL used by authentik to retrieve tokens.

profile_url
string or null <= 255 characters

URL used by authentik to get user information.

consumer_key
required
string non-empty
consumer_secret
required
string non-empty
additional_scopes
string
oidc_well_known_url
string
oidc_jwks_url
string
oidc_jwks
any

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "slug": "string",
  • "enabled": true,
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
  • "policy_engine_mode": "all",
  • "user_matching_mode": "identifier",
  • "user_path_template": "string",
  • "provider_type": "apple",
  • "request_token_url": "string",
  • "authorization_url": "string",
  • "access_token_url": "string",
  • "profile_url": "string",
  • "consumer_key": "string",
  • "consumer_secret": "string",
  • "additional_scopes": "string",
  • "oidc_well_known_url": "string",
  • "oidc_jwks_url": "string",
  • "oidc_jwks": null
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "slug": "string",
  • "enabled": true,
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "policy_engine_mode": "all",
  • "user_matching_mode": "identifier",
  • "managed": "string",
  • "user_path_template": "string",
  • "icon": "string",
  • "provider_type": "apple",
  • "request_token_url": "string",
  • "authorization_url": "string",
  • "access_token_url": "string",
  • "profile_url": "string",
  • "consumer_key": "string",
  • "callback_url": "string",
  • "additional_scopes": "string",
  • "type": {
    },
  • "oidc_well_known_url": "string",
  • "oidc_jwks_url": "string",
  • "oidc_jwks": null
}

sources_oauth_retrieve

Source Viewset

Authorizations:
authentik
path Parameters
slug
required
string

Internal source name, used in URLs.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "slug": "string",
  • "enabled": true,
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "policy_engine_mode": "all",
  • "user_matching_mode": "identifier",
  • "managed": "string",
  • "user_path_template": "string",
  • "icon": "string",
  • "provider_type": "apple",
  • "request_token_url": "string",
  • "authorization_url": "string",
  • "access_token_url": "string",
  • "profile_url": "string",
  • "consumer_key": "string",
  • "callback_url": "string",
  • "additional_scopes": "string",
  • "type": {
    },
  • "oidc_well_known_url": "string",
  • "oidc_jwks_url": "string",
  • "oidc_jwks": null
}

sources_oauth_update

Source Viewset

Authorizations:
authentik
path Parameters
slug
required
string

Internal source name, used in URLs.

Request Body schema: application/json
required
name
required
string non-empty

Source's display Name.

slug
required
string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$

Internal source name, used in URLs.

enabled
boolean
authentication_flow
string or null <uuid>

Flow to use when authenticating existing users.

enrollment_flow
string or null <uuid>

Flow to use when enrolling new users.

policy_engine_mode
string (PolicyEngineMode)
Enum: "all" "any"
user_matching_mode
string
Enum: "identifier" "email_link" "email_deny" "username_link" "username_deny"

How the source determines if an existing user should be authenticated or a new user enrolled.

user_path_template
string non-empty
provider_type
required
string (ProviderTypeEnum)
Enum: "apple" "openidconnect" "azuread" "discord" "facebook" "github" "gitlab" "google" "mailcow" "okta" "patreon" "reddit" "twitch" "twitter"
request_token_url
string or null <= 255 characters

URL used to request the initial token. This URL is only required for OAuth 1.

authorization_url
string or null <= 255 characters

URL the user is redirect to to conest the flow.

access_token_url
string or null <= 255 characters

URL used by authentik to retrieve tokens.

profile_url
string or null <= 255 characters

URL used by authentik to get user information.

consumer_key
required
string non-empty
consumer_secret
required
string non-empty
additional_scopes
string
oidc_well_known_url
string
oidc_jwks_url
string
oidc_jwks
any

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "slug": "string",
  • "enabled": true,
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
  • "policy_engine_mode": "all",
  • "user_matching_mode": "identifier",
  • "user_path_template": "string",
  • "provider_type": "apple",
  • "request_token_url": "string",
  • "authorization_url": "string",
  • "access_token_url": "string",
  • "profile_url": "string",
  • "consumer_key": "string",
  • "consumer_secret": "string",
  • "additional_scopes": "string",
  • "oidc_well_known_url": "string",
  • "oidc_jwks_url": "string",
  • "oidc_jwks": null
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "slug": "string",
  • "enabled": true,
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "policy_engine_mode": "all",
  • "user_matching_mode": "identifier",
  • "managed": "string",
  • "user_path_template": "string",
  • "icon": "string",
  • "provider_type": "apple",
  • "request_token_url": "string",
  • "authorization_url": "string",
  • "access_token_url": "string",
  • "profile_url": "string",
  • "consumer_key": "string",
  • "callback_url": "string",
  • "additional_scopes": "string",
  • "type": {
    },
  • "oidc_well_known_url": "string",
  • "oidc_jwks_url": "string",
  • "oidc_jwks": null
}

sources_oauth_partial_update

Source Viewset

Authorizations:
authentik
path Parameters
slug
required
string

Internal source name, used in URLs.

Request Body schema: application/json
name
string non-empty

Source's display Name.

slug
string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$

Internal source name, used in URLs.

enabled
boolean
authentication_flow
string or null <uuid>

Flow to use when authenticating existing users.

enrollment_flow
string or null <uuid>

Flow to use when enrolling new users.

policy_engine_mode
string (PolicyEngineMode)
Enum: "all" "any"
user_matching_mode
string
Enum: "identifier" "email_link" "email_deny" "username_link" "username_deny"

How the source determines if an existing user should be authenticated or a new user enrolled.

user_path_template
string non-empty
provider_type
string (ProviderTypeEnum)
Enum: "apple" "openidconnect" "azuread" "discord" "facebook" "github" "gitlab" "google" "mailcow" "okta" "patreon" "reddit" "twitch" "twitter"
request_token_url
string or null <= 255 characters

URL used to request the initial token. This URL is only required for OAuth 1.

authorization_url
string or null <= 255 characters

URL the user is redirect to to conest the flow.

access_token_url
string or null <= 255 characters

URL used by authentik to retrieve tokens.

profile_url
string or null <= 255 characters

URL used by authentik to get user information.

consumer_key
string non-empty
consumer_secret
string non-empty
additional_scopes
string
oidc_well_known_url
string
oidc_jwks_url
string
oidc_jwks
any

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "slug": "string",
  • "enabled": true,
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
  • "policy_engine_mode": "all",
  • "user_matching_mode": "identifier",
  • "user_path_template": "string",
  • "provider_type": "apple",
  • "request_token_url": "string",
  • "authorization_url": "string",
  • "access_token_url": "string",
  • "profile_url": "string",
  • "consumer_key": "string",
  • "consumer_secret": "string",
  • "additional_scopes": "string",
  • "oidc_well_known_url": "string",
  • "oidc_jwks_url": "string",
  • "oidc_jwks": null
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "slug": "string",
  • "enabled": true,
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "policy_engine_mode": "all",
  • "user_matching_mode": "identifier",
  • "managed": "string",
  • "user_path_template": "string",
  • "icon": "string",
  • "provider_type": "apple",
  • "request_token_url": "string",
  • "authorization_url": "string",
  • "access_token_url": "string",
  • "profile_url": "string",
  • "consumer_key": "string",
  • "callback_url": "string",
  • "additional_scopes": "string",
  • "type": {
    },
  • "oidc_well_known_url": "string",
  • "oidc_jwks_url": "string",
  • "oidc_jwks": null
}

sources_oauth_destroy

Source Viewset

Authorizations:
authentik
path Parameters
slug
required
string

Internal source name, used in URLs.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

sources_oauth_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
slug
required
string

Internal source name, used in URLs.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

sources_oauth_source_types_list

Get all creatable source types. If ?name is set, only returns the type for . If isn't found, returns the default type.

Authorizations:
authentik
query Parameters
name
string

Responses

Response samples

Content type
application/json
[
  • {
    }
]

sources_plex_list

Plex source Viewset

Authorizations:
authentik
query Parameters
allow_friends
boolean
authentication_flow
string <uuid>
client_id
string
enabled
boolean
enrollment_flow
string <uuid>
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

policy_engine_mode
string
Enum: "all" "any"
search
string

A search term.

slug
string
user_matching_mode
string
Enum: "email_deny" "email_link" "identifier" "username_deny" "username_link"

How the source determines if an existing user should be authenticated or a new user enrolled.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

sources_plex_create

Plex source Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty

Source's display Name.

slug
required
string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$

Internal source name, used in URLs.

enabled
boolean
authentication_flow
string or null <uuid>

Flow to use when authenticating existing users.

enrollment_flow
string or null <uuid>

Flow to use when enrolling new users.

policy_engine_mode
string (PolicyEngineMode)
Enum: "all" "any"
user_matching_mode
string
Enum: "identifier" "email_link" "email_deny" "username_link" "username_deny"

How the source determines if an existing user should be authenticated or a new user enrolled.

user_path_template
string non-empty
client_id
string non-empty

Client identifier used to talk to Plex.

allowed_servers
Array of strings[ items non-empty ]

Which servers a user has to be a member of to be granted access. Empty list allows every server.

allow_friends
boolean

Allow friends to authenticate, even if you don't share a server.

plex_token
required
string non-empty

Plex token used to check friends

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "slug": "string",
  • "enabled": true,
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
  • "policy_engine_mode": "all",
  • "user_matching_mode": "identifier",
  • "user_path_template": "string",
  • "client_id": "string",
  • "allowed_servers": [
    ],
  • "allow_friends": true,
  • "plex_token": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "slug": "string",
  • "enabled": true,
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "policy_engine_mode": "all",
  • "user_matching_mode": "identifier",
  • "managed": "string",
  • "user_path_template": "string",
  • "icon": "string",
  • "client_id": "string",
  • "allowed_servers": [
    ],
  • "allow_friends": true,
  • "plex_token": "string"
}

sources_plex_retrieve

Plex source Viewset

Authorizations:
authentik
path Parameters
slug
required
string

Internal source name, used in URLs.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "slug": "string",
  • "enabled": true,
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "policy_engine_mode": "all",
  • "user_matching_mode": "identifier",
  • "managed": "string",
  • "user_path_template": "string",
  • "icon": "string",
  • "client_id": "string",
  • "allowed_servers": [
    ],
  • "allow_friends": true,
  • "plex_token": "string"
}

sources_plex_update

Plex source Viewset

Authorizations:
authentik
path Parameters
slug
required
string

Internal source name, used in URLs.

Request Body schema: application/json
required
name
required
string non-empty

Source's display Name.

slug
required
string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$

Internal source name, used in URLs.

enabled
boolean
authentication_flow
string or null <uuid>

Flow to use when authenticating existing users.

enrollment_flow
string or null <uuid>

Flow to use when enrolling new users.

policy_engine_mode
string (PolicyEngineMode)
Enum: "all" "any"
user_matching_mode
string
Enum: "identifier" "email_link" "email_deny" "username_link" "username_deny"

How the source determines if an existing user should be authenticated or a new user enrolled.

user_path_template
string non-empty
client_id
string non-empty

Client identifier used to talk to Plex.

allowed_servers
Array of strings[ items non-empty ]

Which servers a user has to be a member of to be granted access. Empty list allows every server.

allow_friends
boolean

Allow friends to authenticate, even if you don't share a server.

plex_token
required
string non-empty

Plex token used to check friends

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "slug": "string",
  • "enabled": true,
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
  • "policy_engine_mode": "all",
  • "user_matching_mode": "identifier",
  • "user_path_template": "string",
  • "client_id": "string",
  • "allowed_servers": [
    ],
  • "allow_friends": true,
  • "plex_token": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "slug": "string",
  • "enabled": true,
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "policy_engine_mode": "all",
  • "user_matching_mode": "identifier",
  • "managed": "string",
  • "user_path_template": "string",
  • "icon": "string",
  • "client_id": "string",
  • "allowed_servers": [
    ],
  • "allow_friends": true,
  • "plex_token": "string"
}

sources_plex_partial_update

Plex source Viewset

Authorizations:
authentik
path Parameters
slug
required
string

Internal source name, used in URLs.

Request Body schema: application/json
name
string non-empty

Source's display Name.

slug
string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$

Internal source name, used in URLs.

enabled
boolean
authentication_flow
string or null <uuid>

Flow to use when authenticating existing users.

enrollment_flow
string or null <uuid>

Flow to use when enrolling new users.

policy_engine_mode
string (PolicyEngineMode)
Enum: "all" "any"
user_matching_mode
string
Enum: "identifier" "email_link" "email_deny" "username_link" "username_deny"

How the source determines if an existing user should be authenticated or a new user enrolled.

user_path_template
string non-empty
client_id
string non-empty

Client identifier used to talk to Plex.

allowed_servers
Array of strings[ items non-empty ]

Which servers a user has to be a member of to be granted access. Empty list allows every server.

allow_friends
boolean

Allow friends to authenticate, even if you don't share a server.

plex_token
string non-empty

Plex token used to check friends

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "slug": "string",
  • "enabled": true,
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
  • "policy_engine_mode": "all",
  • "user_matching_mode": "identifier",
  • "user_path_template": "string",
  • "client_id": "string",
  • "allowed_servers": [
    ],
  • "allow_friends": true,
  • "plex_token": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "slug": "string",
  • "enabled": true,
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "policy_engine_mode": "all",
  • "user_matching_mode": "identifier",
  • "managed": "string",
  • "user_path_template": "string",
  • "icon": "string",
  • "client_id": "string",
  • "allowed_servers": [
    ],
  • "allow_friends": true,
  • "plex_token": "string"
}

sources_plex_destroy

Plex source Viewset

Authorizations:
authentik
path Parameters
slug
required
string

Internal source name, used in URLs.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

sources_plex_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
slug
required
string

Internal source name, used in URLs.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

sources_plex_redeem_token_create

Redeem a plex token, check it's access to resources against what's allowed for the source, and redirect to an authentication/enrollment flow.

Authorizations:
authentikNone
query Parameters
slug
string
Request Body schema: application/json
required
plex_token
required
string non-empty

Responses

Request samples

Content type
application/json
{
  • "plex_token": "string"
}

Response samples

Content type
application/json
{
  • "type": "native",
  • "flow_info": {
    },
  • "component": "xak-flow-redirect",
  • "response_errors": {
    },
  • "to": "string"
}

sources_plex_redeem_token_authenticated_create

Redeem a plex token for an authenticated user, creating a connection

Authorizations:
authentik
query Parameters
slug
string
Request Body schema: application/json
required
plex_token
required
string non-empty

Responses

Request samples

Content type
application/json
{
  • "plex_token": "string"
}

sources_saml_list

SAMLSource Viewset

Authorizations:
authentik
query Parameters
allow_idp_initiated
boolean
authentication_flow
string <uuid>
binding_type
string
Enum: "POST" "POST_AUTO" "REDIRECT"
digest_algorithm
string
Enum: "http://www.w3.org/2000/09/xmldsig#sha1" "http://www.w3.org/2001/04/xmldsig-more#sha384" "http://www.w3.org/2001/04/xmlenc#sha256" "http://www.w3.org/2001/04/xmlenc#sha512"
enabled
boolean
enrollment_flow
string <uuid>
issuer
string
managed
string
name
string
name_id_policy
string
Enum: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" "urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName" "urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName" "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"

NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.

ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

policy_engine_mode
string
Enum: "all" "any"
pre_authentication_flow
string <uuid>
search
string

A search term.

signature_algorithm
string
Enum: "http://www.w3.org/2000/09/xmldsig#dsa-sha1" "http://www.w3.org/2000/09/xmldsig#rsa-sha1" "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1" "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256" "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384" "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"
signing_kp
string <uuid>
slo_url
string
slug
string
sso_url
string
temporary_user_delete_after
string
user_matching_mode
string
Enum: "email_deny" "email_link" "identifier" "username_deny" "username_link"

How the source determines if an existing user should be authenticated or a new user enrolled.

verification_kp
string <uuid>

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

sources_saml_create

SAMLSource Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty

Source's display Name.

slug
required
string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$

Internal source name, used in URLs.

enabled
boolean
authentication_flow
string or null <uuid>

Flow to use when authenticating existing users.

enrollment_flow
string or null <uuid>

Flow to use when enrolling new users.

policy_engine_mode
string (PolicyEngineMode)
Enum: "all" "any"
user_matching_mode
string
Enum: "identifier" "email_link" "email_deny" "username_link" "username_deny"

How the source determines if an existing user should be authenticated or a new user enrolled.

user_path_template
string non-empty
pre_authentication_flow
required
string <uuid>

Flow used before authentication.

issuer
string

Also known as Entity ID. Defaults the Metadata URL.

sso_url
required
string <uri> [ 1 .. 200 ] characters

URL that the initial Login request is sent to.

slo_url
string or null <uri> <= 200 characters

Optional URL if your IDP supports Single-Logout.

allow_idp_initiated
boolean

Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done.

name_id_policy
string
Enum: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" "urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName" "urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName" "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"

NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.

binding_type
string (BindingTypeEnum)
Enum: "REDIRECT" "POST" "POST_AUTO"
verification_kp
string or null <uuid> (Verification Certificate)

When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default.

signing_kp
string or null <uuid> (Signing Keypair)

Keypair used to sign outgoing Responses going to the Identity Provider.

digest_algorithm
string (DigestAlgorithmEnum)
Enum: "http://www.w3.org/2000/09/xmldsig#sha1" "http://www.w3.org/2001/04/xmlenc#sha256" "http://www.w3.org/2001/04/xmldsig-more#sha384" "http://www.w3.org/2001/04/xmlenc#sha512"
signature_algorithm
string (SignatureAlgorithmEnum)
Enum: "http://www.w3.org/2000/09/xmldsig#rsa-sha1" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1" "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256" "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384" "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512" "http://www.w3.org/2000/09/xmldsig#dsa-sha1"
temporary_user_delete_after
string (Delete temporary users after) non-empty

Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. (Format: hours=1;minutes=2;seconds=3).

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "slug": "string",
  • "enabled": true,
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
  • "policy_engine_mode": "all",
  • "user_matching_mode": "identifier",
  • "user_path_template": "string",
  • "pre_authentication_flow": "c300ea9b-d659-4a88-87fa-cd5accf202fa",
  • "issuer": "string",
  • "sso_url": "http://example.com",
  • "slo_url": "http://example.com",
  • "allow_idp_initiated": true,
  • "name_id_policy": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
  • "binding_type": "REDIRECT",
  • "verification_kp": "01673228-a4bf-408e-99ea-d26a2859b762",
  • "signing_kp": "b97ed510-ac46-447f-91e4-3a014dd2e993",
  • "temporary_user_delete_after": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "slug": "string",
  • "enabled": true,
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "policy_engine_mode": "all",
  • "user_matching_mode": "identifier",
  • "managed": "string",
  • "user_path_template": "string",
  • "icon": "string",
  • "pre_authentication_flow": "c300ea9b-d659-4a88-87fa-cd5accf202fa",
  • "issuer": "string",
  • "sso_url": "http://example.com",
  • "slo_url": "http://example.com",
  • "allow_idp_initiated": true,
  • "name_id_policy": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
  • "binding_type": "REDIRECT",
  • "verification_kp": "01673228-a4bf-408e-99ea-d26a2859b762",
  • "signing_kp": "b97ed510-ac46-447f-91e4-3a014dd2e993",
  • "temporary_user_delete_after": "string"
}

sources_saml_retrieve

SAMLSource Viewset

Authorizations:
authentik
path Parameters
slug
required
string

Internal source name, used in URLs.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "slug": "string",
  • "enabled": true,
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "policy_engine_mode": "all",
  • "user_matching_mode": "identifier",
  • "managed": "string",
  • "user_path_template": "string",
  • "icon": "string",
  • "pre_authentication_flow": "c300ea9b-d659-4a88-87fa-cd5accf202fa",
  • "issuer": "string",
  • "sso_url": "http://example.com",
  • "slo_url": "http://example.com",
  • "allow_idp_initiated": true,
  • "name_id_policy": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
  • "binding_type": "REDIRECT",
  • "verification_kp": "01673228-a4bf-408e-99ea-d26a2859b762",
  • "signing_kp": "b97ed510-ac46-447f-91e4-3a014dd2e993",
  • "temporary_user_delete_after": "string"
}

sources_saml_update

SAMLSource Viewset

Authorizations:
authentik
path Parameters
slug
required
string

Internal source name, used in URLs.

Request Body schema: application/json
required
name
required
string non-empty

Source's display Name.

slug
required
string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$

Internal source name, used in URLs.

enabled
boolean
authentication_flow
string or null <uuid>

Flow to use when authenticating existing users.

enrollment_flow
string or null <uuid>

Flow to use when enrolling new users.

policy_engine_mode
string (PolicyEngineMode)
Enum: "all" "any"
user_matching_mode
string
Enum: "identifier" "email_link" "email_deny" "username_link" "username_deny"

How the source determines if an existing user should be authenticated or a new user enrolled.

user_path_template
string non-empty
pre_authentication_flow
required
string <uuid>

Flow used before authentication.

issuer
string

Also known as Entity ID. Defaults the Metadata URL.

sso_url
required
string <uri> [ 1 .. 200 ] characters

URL that the initial Login request is sent to.

slo_url
string or null <uri> <= 200 characters

Optional URL if your IDP supports Single-Logout.

allow_idp_initiated
boolean

Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done.

name_id_policy
string
Enum: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" "urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName" "urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName" "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"

NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.

binding_type
string (BindingTypeEnum)
Enum: "REDIRECT" "POST" "POST_AUTO"
verification_kp
string or null <uuid> (Verification Certificate)

When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default.

signing_kp
string or null <uuid> (Signing Keypair)

Keypair used to sign outgoing Responses going to the Identity Provider.

digest_algorithm
string (DigestAlgorithmEnum)
Enum: "http://www.w3.org/2000/09/xmldsig#sha1" "http://www.w3.org/2001/04/xmlenc#sha256" "http://www.w3.org/2001/04/xmldsig-more#sha384" "http://www.w3.org/2001/04/xmlenc#sha512"
signature_algorithm
string (SignatureAlgorithmEnum)
Enum: "http://www.w3.org/2000/09/xmldsig#rsa-sha1" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1" "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256" "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384" "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512" "http://www.w3.org/2000/09/xmldsig#dsa-sha1"
temporary_user_delete_after
string (Delete temporary users after) non-empty

Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. (Format: hours=1;minutes=2;seconds=3).

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "slug": "string",
  • "enabled": true,
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
  • "policy_engine_mode": "all",
  • "user_matching_mode": "identifier",
  • "user_path_template": "string",
  • "pre_authentication_flow": "c300ea9b-d659-4a88-87fa-cd5accf202fa",
  • "issuer": "string",
  • "sso_url": "http://example.com",
  • "slo_url": "http://example.com",
  • "allow_idp_initiated": true,
  • "name_id_policy": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
  • "binding_type": "REDIRECT",
  • "verification_kp": "01673228-a4bf-408e-99ea-d26a2859b762",
  • "signing_kp": "b97ed510-ac46-447f-91e4-3a014dd2e993",
  • "temporary_user_delete_after": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "slug": "string",
  • "enabled": true,
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "policy_engine_mode": "all",
  • "user_matching_mode": "identifier",
  • "managed": "string",
  • "user_path_template": "string",
  • "icon": "string",
  • "pre_authentication_flow": "c300ea9b-d659-4a88-87fa-cd5accf202fa",
  • "issuer": "string",
  • "sso_url": "http://example.com",
  • "slo_url": "http://example.com",
  • "allow_idp_initiated": true,
  • "name_id_policy": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
  • "binding_type": "REDIRECT",
  • "verification_kp": "01673228-a4bf-408e-99ea-d26a2859b762",
  • "signing_kp": "b97ed510-ac46-447f-91e4-3a014dd2e993",
  • "temporary_user_delete_after": "string"
}

sources_saml_partial_update

SAMLSource Viewset

Authorizations:
authentik
path Parameters
slug
required
string

Internal source name, used in URLs.

Request Body schema: application/json
name
string non-empty

Source's display Name.

slug
string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$

Internal source name, used in URLs.

enabled
boolean
authentication_flow
string or null <uuid>

Flow to use when authenticating existing users.

enrollment_flow
string or null <uuid>

Flow to use when enrolling new users.

policy_engine_mode
string (PolicyEngineMode)
Enum: "all" "any"
user_matching_mode
string
Enum: "identifier" "email_link" "email_deny" "username_link" "username_deny"

How the source determines if an existing user should be authenticated or a new user enrolled.

user_path_template
string non-empty
pre_authentication_flow
string <uuid>

Flow used before authentication.

issuer
string

Also known as Entity ID. Defaults the Metadata URL.

sso_url
string <uri> [ 1 .. 200 ] characters

URL that the initial Login request is sent to.

slo_url
string or null <uri> <= 200 characters

Optional URL if your IDP supports Single-Logout.

allow_idp_initiated
boolean

Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done.

name_id_policy
string
Enum: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" "urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName" "urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName" "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"

NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.

binding_type
string (BindingTypeEnum)
Enum: "REDIRECT" "POST" "POST_AUTO"
verification_kp
string or null <uuid> (Verification Certificate)

When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default.

signing_kp
string or null <uuid> (Signing Keypair)

Keypair used to sign outgoing Responses going to the Identity Provider.

digest_algorithm
string (DigestAlgorithmEnum)
Enum: "http://www.w3.org/2000/09/xmldsig#sha1" "http://www.w3.org/2001/04/xmlenc#sha256" "http://www.w3.org/2001/04/xmldsig-more#sha384" "http://www.w3.org/2001/04/xmlenc#sha512"
signature_algorithm
string (SignatureAlgorithmEnum)
Enum: "http://www.w3.org/2000/09/xmldsig#rsa-sha1" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1" "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256" "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384" "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512" "http://www.w3.org/2000/09/xmldsig#dsa-sha1"
temporary_user_delete_after
string (Delete temporary users after) non-empty

Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. (Format: hours=1;minutes=2;seconds=3).

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "slug": "string",
  • "enabled": true,
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
  • "policy_engine_mode": "all",
  • "user_matching_mode": "identifier",
  • "user_path_template": "string",
  • "pre_authentication_flow": "c300ea9b-d659-4a88-87fa-cd5accf202fa",
  • "issuer": "string",
  • "sso_url": "http://example.com",
  • "slo_url": "http://example.com",
  • "allow_idp_initiated": true,
  • "name_id_policy": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
  • "binding_type": "REDIRECT",
  • "verification_kp": "01673228-a4bf-408e-99ea-d26a2859b762",
  • "signing_kp": "b97ed510-ac46-447f-91e4-3a014dd2e993",
  • "temporary_user_delete_after": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "slug": "string",
  • "enabled": true,
  • "authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
  • "enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "policy_engine_mode": "all",
  • "user_matching_mode": "identifier",
  • "managed": "string",
  • "user_path_template": "string",
  • "icon": "string",
  • "pre_authentication_flow": "c300ea9b-d659-4a88-87fa-cd5accf202fa",
  • "issuer": "string",
  • "sso_url": "http://example.com",
  • "slo_url": "http://example.com",
  • "allow_idp_initiated": true,
  • "name_id_policy": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
  • "binding_type": "REDIRECT",
  • "verification_kp": "01673228-a4bf-408e-99ea-d26a2859b762",
  • "signing_kp": "b97ed510-ac46-447f-91e4-3a014dd2e993",
  • "temporary_user_delete_after": "string"
}

sources_saml_destroy

SAMLSource Viewset

Authorizations:
authentik
path Parameters
slug
required
string

Internal source name, used in URLs.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

sources_saml_metadata_retrieve

Return metadata as XML string

Authorizations:
authentik
path Parameters
slug
required
string

Internal source name, used in URLs.

Responses

Response samples

Content type
application/json
{
  • "metadata": "string",
  • "download_url": "string"
}

sources_saml_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
slug
required
string

Internal source name, used in URLs.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

sources_scim_list

SCIMSource Viewset

Authorizations:
authentik
query Parameters
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

slug
string

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

sources_scim_create

SCIMSource Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty

Source's display Name.

slug
required
string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$

Internal source name, used in URLs.

enabled
boolean
user_matching_mode
string
Enum: "identifier" "email_link" "email_deny" "username_link" "username_deny"

How the source determines if an existing user should be authenticated or a new user enrolled.

user_path_template
string non-empty

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "slug": "string",
  • "enabled": true,
  • "user_matching_mode": "identifier",
  • "user_path_template": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "slug": "string",
  • "enabled": true,
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "user_matching_mode": "identifier",
  • "managed": "string",
  • "user_path_template": "string",
  • "root_url": "string",
  • "token_obj": {
    }
}

sources_scim_retrieve

SCIMSource Viewset

Authorizations:
authentik
path Parameters
slug
required
string

Internal source name, used in URLs.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "slug": "string",
  • "enabled": true,
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "user_matching_mode": "identifier",
  • "managed": "string",
  • "user_path_template": "string",
  • "root_url": "string",
  • "token_obj": {
    }
}

sources_scim_update

SCIMSource Viewset

Authorizations:
authentik
path Parameters
slug
required
string

Internal source name, used in URLs.

Request Body schema: application/json
required
name
required
string non-empty

Source's display Name.

slug
required
string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$

Internal source name, used in URLs.

enabled
boolean
user_matching_mode
string
Enum: "identifier" "email_link" "email_deny" "username_link" "username_deny"

How the source determines if an existing user should be authenticated or a new user enrolled.

user_path_template
string non-empty

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "slug": "string",
  • "enabled": true,
  • "user_matching_mode": "identifier",
  • "user_path_template": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "slug": "string",
  • "enabled": true,
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "user_matching_mode": "identifier",
  • "managed": "string",
  • "user_path_template": "string",
  • "root_url": "string",
  • "token_obj": {
    }
}

sources_scim_partial_update

SCIMSource Viewset

Authorizations:
authentik
path Parameters
slug
required
string

Internal source name, used in URLs.

Request Body schema: application/json
name
string non-empty

Source's display Name.

slug
string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$

Internal source name, used in URLs.

enabled
boolean
user_matching_mode
string
Enum: "identifier" "email_link" "email_deny" "username_link" "username_deny"

How the source determines if an existing user should be authenticated or a new user enrolled.

user_path_template
string non-empty

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "slug": "string",
  • "enabled": true,
  • "user_matching_mode": "identifier",
  • "user_path_template": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "slug": "string",
  • "enabled": true,
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "user_matching_mode": "identifier",
  • "managed": "string",
  • "user_path_template": "string",
  • "root_url": "string",
  • "token_obj": {
    }
}

sources_scim_destroy

SCIMSource Viewset

Authorizations:
authentik
path Parameters
slug
required
string

Internal source name, used in URLs.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

sources_scim_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
slug
required
string

Internal source name, used in URLs.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

sources_scim_groups_list

SCIMSourceGroup Viewset

Authorizations:
authentik
query Parameters
group__group_uuid
string <uuid>
group__name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

source__slug
string

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

sources_scim_groups_create

SCIMSourceGroup Viewset

Authorizations:
authentik
Request Body schema: application/json
required
id
required
string non-empty
group
required
string <uuid>
source
required
string <uuid>
attributes
any

Responses

Request samples

Content type
application/json
{
  • "id": "string",
  • "group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
  • "source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
  • "attributes": null
}

Response samples

Content type
application/json
{
  • "id": "string",
  • "group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
  • "group_obj": {
    },
  • "source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
  • "attributes": null
}

sources_scim_groups_retrieve

SCIMSourceGroup Viewset

Authorizations:
authentik
path Parameters
id
required
string

A unique value identifying this scim source group.

Responses

Response samples

Content type
application/json
{
  • "id": "string",
  • "group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
  • "group_obj": {
    },
  • "source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
  • "attributes": null
}

sources_scim_groups_update

SCIMSourceGroup Viewset

Authorizations:
authentik
path Parameters
id
required
string

A unique value identifying this scim source group.

Request Body schema: application/json
required
id
required
string non-empty
group
required
string <uuid>
source
required
string <uuid>
attributes
any

Responses

Request samples

Content type
application/json
{
  • "id": "string",
  • "group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
  • "source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
  • "attributes": null
}

Response samples

Content type
application/json
{
  • "id": "string",
  • "group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
  • "group_obj": {
    },
  • "source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
  • "attributes": null
}

sources_scim_groups_partial_update

SCIMSourceGroup Viewset

Authorizations:
authentik
path Parameters
id
required
string

A unique value identifying this scim source group.

Request Body schema: application/json
id
string non-empty
group
string <uuid>
source
string <uuid>
attributes
any

Responses

Request samples

Content type
application/json
{
  • "id": "string",
  • "group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
  • "source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
  • "attributes": null
}

Response samples

Content type
application/json
{
  • "id": "string",
  • "group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
  • "group_obj": {
    },
  • "source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
  • "attributes": null
}

sources_scim_groups_destroy

SCIMSourceGroup Viewset

Authorizations:
authentik
path Parameters
id
required
string

A unique value identifying this scim source group.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

sources_scim_groups_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
id
required
string

A unique value identifying this scim source group.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

sources_scim_users_list

SCIMSourceUser Viewset

Authorizations:
authentik
query Parameters
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

source__slug
string
user__id
integer
user__username
string

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

sources_scim_users_create

SCIMSourceUser Viewset

Authorizations:
authentik
Request Body schema: application/json
required
id
required
string non-empty
user
required
integer
source
required
string <uuid>
attributes
any

Responses

Request samples

Content type
application/json
{
  • "id": "string",
  • "user": 0,
  • "source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
  • "attributes": null
}

Response samples

Content type
application/json
{
  • "id": "string",
  • "user": 0,
  • "user_obj": {
    },
  • "source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
  • "attributes": null
}

sources_scim_users_retrieve

SCIMSourceUser Viewset

Authorizations:
authentik
path Parameters
id
required
string

A unique value identifying this scim source user.

Responses

Response samples

Content type
application/json
{
  • "id": "string",
  • "user": 0,
  • "user_obj": {
    },
  • "source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
  • "attributes": null
}

sources_scim_users_update

SCIMSourceUser Viewset

Authorizations:
authentik
path Parameters
id
required
string

A unique value identifying this scim source user.

Request Body schema: application/json
required
id
required
string non-empty
user
required
integer
source
required
string <uuid>
attributes
any

Responses

Request samples

Content type
application/json
{
  • "id": "string",
  • "user": 0,
  • "source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
  • "attributes": null
}

Response samples

Content type
application/json
{
  • "id": "string",
  • "user": 0,
  • "user_obj": {
    },
  • "source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
  • "attributes": null
}

sources_scim_users_partial_update

SCIMSourceUser Viewset

Authorizations:
authentik
path Parameters
id
required
string

A unique value identifying this scim source user.

Request Body schema: application/json
id
string non-empty
user
integer
source
string <uuid>
attributes
any

Responses

Request samples

Content type
application/json
{
  • "id": "string",
  • "user": 0,
  • "source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
  • "attributes": null
}

Response samples

Content type
application/json
{
  • "id": "string",
  • "user": 0,
  • "user_obj": {
    },
  • "source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
  • "attributes": null
}

sources_scim_users_destroy

SCIMSourceUser Viewset

Authorizations:
authentik
path Parameters
id
required
string

A unique value identifying this scim source user.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

sources_scim_users_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
id
required
string

A unique value identifying this scim source user.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

sources_user_connections_all_list

User-source connection Viewset

Authorizations:
authentik
query Parameters
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

user
integer

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

sources_user_connections_all_retrieve

User-source connection Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this user source connection.

Responses

Response samples

Content type
application/json
{
  • "pk": 0,
  • "user": 0,
  • "source": {
    },
  • "created": "2019-08-24T14:15:22Z"
}

sources_user_connections_all_update

User-source connection Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this user source connection.

Responses

Response samples

Content type
application/json
{
  • "pk": 0,
  • "user": 0,
  • "source": {
    },
  • "created": "2019-08-24T14:15:22Z"
}

sources_user_connections_all_partial_update

User-source connection Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this user source connection.

Responses

Response samples

Content type
application/json
{
  • "pk": 0,
  • "user": 0,
  • "source": {
    },
  • "created": "2019-08-24T14:15:22Z"
}

sources_user_connections_all_destroy

User-source connection Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this user source connection.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

sources_user_connections_all_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this user source connection.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

sources_user_connections_oauth_list

Source Viewset

Authorizations:
authentik
query Parameters
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

source__slug
string

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

sources_user_connections_oauth_create

Source Viewset

Authorizations:
authentik
Request Body schema: application/json
required
user
required
integer
identifier
required
string [ 1 .. 255 ] characters
access_token
string or null

Responses

Request samples

Content type
application/json
{
  • "user": 0,
  • "identifier": "string",
  • "access_token": "string"
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "user": 0,
  • "source": {
    },
  • "identifier": "string"
}

sources_user_connections_oauth_retrieve

Source Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this User OAuth Source Connection.

Responses

Response samples

Content type
application/json
{
  • "pk": 0,
  • "user": 0,
  • "source": {
    },
  • "identifier": "string"
}

sources_user_connections_oauth_update

Source Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this User OAuth Source Connection.

Request Body schema: application/json
required
user
required
integer
identifier
required
string [ 1 .. 255 ] characters
access_token
string or null

Responses

Request samples

Content type
application/json
{
  • "user": 0,
  • "identifier": "string",
  • "access_token": "string"
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "user": 0,
  • "source": {
    },
  • "identifier": "string"
}

sources_user_connections_oauth_partial_update

Source Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this User OAuth Source Connection.

Request Body schema: application/json
user
integer
identifier
string [ 1 .. 255 ] characters
access_token
string or null

Responses

Request samples

Content type
application/json
{
  • "user": 0,
  • "identifier": "string",
  • "access_token": "string"
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "user": 0,
  • "source": {
    },
  • "identifier": "string"
}

sources_user_connections_oauth_destroy

Source Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this User OAuth Source Connection.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

sources_user_connections_oauth_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this User OAuth Source Connection.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

sources_user_connections_plex_list

Plex Source connection Serializer

Authorizations:
authentik
query Parameters
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

source__slug
string

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

sources_user_connections_plex_create

Plex Source connection Serializer

Authorizations:
authentik
Request Body schema: application/json
required
identifier
required
string non-empty
plex_token
required
string non-empty

Responses

Request samples

Content type
application/json
{
  • "identifier": "string",
  • "plex_token": "string"
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "user": 0,
  • "source": {
    },
  • "identifier": "string",
  • "plex_token": "string"
}

sources_user_connections_plex_retrieve

Plex Source connection Serializer

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this User Plex Source Connection.

Responses

Response samples

Content type
application/json
{
  • "pk": 0,
  • "user": 0,
  • "source": {
    },
  • "identifier": "string",
  • "plex_token": "string"
}

sources_user_connections_plex_update

Plex Source connection Serializer

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this User Plex Source Connection.

Request Body schema: application/json
required
identifier
required
string non-empty
plex_token
required
string non-empty

Responses

Request samples

Content type
application/json
{
  • "identifier": "string",
  • "plex_token": "string"
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "user": 0,
  • "source": {
    },
  • "identifier": "string",
  • "plex_token": "string"
}

sources_user_connections_plex_partial_update

Plex Source connection Serializer

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this User Plex Source Connection.

Request Body schema: application/json
identifier
string non-empty
plex_token
string non-empty

Responses

Request samples

Content type
application/json
{
  • "identifier": "string",
  • "plex_token": "string"
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "user": 0,
  • "source": {
    },
  • "identifier": "string",
  • "plex_token": "string"
}

sources_user_connections_plex_destroy

Plex Source connection Serializer

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this User Plex Source Connection.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

sources_user_connections_plex_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this User Plex Source Connection.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

sources_user_connections_saml_list

Source Viewset

Authorizations:
authentik
query Parameters
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

source__slug
string

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

sources_user_connections_saml_create

Source Viewset

Authorizations:
authentik
Request Body schema: application/json
required
user
required
integer
identifier
required
string non-empty

Responses

Request samples

Content type
application/json
{
  • "user": 0,
  • "identifier": "string"
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "user": 0,
  • "source": {
    },
  • "identifier": "string"
}

sources_user_connections_saml_retrieve

Source Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this User SAML Source Connection.

Responses

Response samples

Content type
application/json
{
  • "pk": 0,
  • "user": 0,
  • "source": {
    },
  • "identifier": "string"
}

sources_user_connections_saml_update

Source Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this User SAML Source Connection.

Request Body schema: application/json
required
user
required
integer
identifier
required
string non-empty

Responses

Request samples

Content type
application/json
{
  • "user": 0,
  • "identifier": "string"
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "user": 0,
  • "source": {
    },
  • "identifier": "string"
}

sources_user_connections_saml_partial_update

Source Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this User SAML Source Connection.

Request Body schema: application/json
user
integer
identifier
string non-empty

Responses

Request samples

Content type
application/json
{
  • "user": 0,
  • "identifier": "string"
}

Response samples

Content type
application/json
{
  • "pk": 0,
  • "user": 0,
  • "source": {
    },
  • "identifier": "string"
}

sources_user_connections_saml_destroy

Source Viewset

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this User SAML Source Connection.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

sources_user_connections_saml_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
id
required
integer

A unique integer value identifying this User SAML Source Connection.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

stages

stages_all_list

Stage Viewset

Authorizations:
authentik
query Parameters
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

stages_all_retrieve

Stage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this stage.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ]
}

stages_all_destroy

Stage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this stage.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

stages_all_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this stage.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

stages_all_types_list

Get all creatable stage types

Authorizations:
authentik

Responses

Response samples

Content type
application/json
[
  • {
    }
]

stages_all_user_settings_list

Get all stages the user can configure

Authorizations:
authentik

Responses

Response samples

Content type
application/json
[
  • {
    }
]

stages_authenticator_duo_list

AuthenticatorDuoStage Viewset

Authorizations:
authentik
query Parameters
api_hostname
string
client_id
string
configure_flow
string <uuid>
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

stages_authenticator_duo_create

AuthenticatorDuoStage Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
Array of objects (FlowSetRequest)
configure_flow
string or null <uuid>

Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage.

friendly_name
string or null non-empty
client_id
required
string non-empty
client_secret
required
string non-empty
api_hostname
required
string non-empty
admin_integration_key
string
admin_secret_key
string

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "friendly_name": "string",
  • "client_id": "string",
  • "client_secret": "string",
  • "api_hostname": "string",
  • "admin_integration_key": "string",
  • "admin_secret_key": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "friendly_name": "string",
  • "client_id": "string",
  • "api_hostname": "string",
  • "admin_integration_key": "string"
}

stages_authenticator_duo_retrieve

AuthenticatorDuoStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Duo Authenticator Setup Stage.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "friendly_name": "string",
  • "client_id": "string",
  • "api_hostname": "string",
  • "admin_integration_key": "string"
}

stages_authenticator_duo_update

AuthenticatorDuoStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Duo Authenticator Setup Stage.

Request Body schema: application/json
required
name
required
string non-empty
Array of objects (FlowSetRequest)
configure_flow
string or null <uuid>

Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage.

friendly_name
string or null non-empty
client_id
required
string non-empty
client_secret
required
string non-empty
api_hostname
required
string non-empty
admin_integration_key
string
admin_secret_key
string

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "friendly_name": "string",
  • "client_id": "string",
  • "client_secret": "string",
  • "api_hostname": "string",
  • "admin_integration_key": "string",
  • "admin_secret_key": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "friendly_name": "string",
  • "client_id": "string",
  • "api_hostname": "string",
  • "admin_integration_key": "string"
}

stages_authenticator_duo_partial_update

AuthenticatorDuoStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Duo Authenticator Setup Stage.

Request Body schema: application/json
name
string non-empty
Array of objects (FlowSetRequest)
configure_flow
string or null <uuid>

Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage.

friendly_name
string or null non-empty
client_id
string non-empty
client_secret
string non-empty
api_hostname
string non-empty
admin_integration_key
string
admin_secret_key
string

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "friendly_name": "string",
  • "client_id": "string",
  • "client_secret": "string",
  • "api_hostname": "string",
  • "admin_integration_key": "string",
  • "admin_secret_key": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "friendly_name": "string",
  • "client_id": "string",
  • "api_hostname": "string",
  • "admin_integration_key": "string"
}

stages_authenticator_duo_destroy

AuthenticatorDuoStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Duo Authenticator Setup Stage.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

stages_authenticator_duo_enrollment_status_create

Check enrollment status of user details in current session

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Duo Authenticator Setup Stage.

Responses

Response samples

Content type
application/json
{
  • "duo_response": "success"
}

stages_authenticator_duo_import_device_manual_create

Import duo devices into authentik

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Duo Authenticator Setup Stage.

Request Body schema: application/json
required
duo_user_id
required
string non-empty
username
required
string non-empty

Responses

Request samples

Content type
application/json
{
  • "duo_user_id": "string",
  • "username": "string"
}

Response samples

Content type
application/json
{
  • "detail": "string",
  • "code": "string"
}

stages_authenticator_duo_import_devices_automatic_create

Import duo devices into authentik

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Duo Authenticator Setup Stage.

Responses

Response samples

Content type
application/json
{
  • "count": 0,
  • "error": "string"
}

stages_authenticator_duo_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Duo Authenticator Setup Stage.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

stages_authenticator_sms_list

AuthenticatorSMSStage Viewset

Authorizations:
authentik
query Parameters
account_sid
string
auth
string
auth_password
string
auth_type
string
Enum: "basic" "bearer"
configure_flow
string <uuid>
friendly_name
string
from_number
string
mapping
string <uuid>
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

provider
string
Enum: "generic" "twilio"
search
string

A search term.

stage_uuid
string <uuid>
verify_only
boolean

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

stages_authenticator_sms_create

AuthenticatorSMSStage Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
Array of objects (FlowSetRequest)
configure_flow
string or null <uuid>

Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage.

friendly_name
string or null non-empty
provider
required
string (ProviderEnum)
Enum: "twilio" "generic"
from_number
required
string non-empty
account_sid
required
string non-empty
auth
required
string non-empty
auth_password
string
auth_type
string (AuthTypeEnum)
Enum: "basic" "bearer"
verify_only
boolean

When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future.

mapping
string or null <uuid>

Optionally modify the payload being sent to custom providers.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "friendly_name": "string",
  • "provider": "twilio",
  • "from_number": "string",
  • "account_sid": "string",
  • "auth": "string",
  • "auth_password": "string",
  • "auth_type": "basic",
  • "verify_only": true,
  • "mapping": "cd845aba-a2ed-4c77-84a2-7d3ad6b8b9af"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "friendly_name": "string",
  • "provider": "twilio",
  • "from_number": "string",
  • "account_sid": "string",
  • "auth": "string",
  • "auth_password": "string",
  • "auth_type": "basic",
  • "verify_only": true,
  • "mapping": "cd845aba-a2ed-4c77-84a2-7d3ad6b8b9af"
}

stages_authenticator_sms_retrieve

AuthenticatorSMSStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this SMS Authenticator Setup Stage.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "friendly_name": "string",
  • "provider": "twilio",
  • "from_number": "string",
  • "account_sid": "string",
  • "auth": "string",
  • "auth_password": "string",
  • "auth_type": "basic",
  • "verify_only": true,
  • "mapping": "cd845aba-a2ed-4c77-84a2-7d3ad6b8b9af"
}

stages_authenticator_sms_update

AuthenticatorSMSStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this SMS Authenticator Setup Stage.

Request Body schema: application/json
required
name
required
string non-empty
Array of objects (FlowSetRequest)
configure_flow
string or null <uuid>

Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage.

friendly_name
string or null non-empty
provider
required
string (ProviderEnum)
Enum: "twilio" "generic"
from_number
required
string non-empty
account_sid
required
string non-empty
auth
required
string non-empty
auth_password
string
auth_type
string (AuthTypeEnum)
Enum: "basic" "bearer"
verify_only
boolean

When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future.

mapping
string or null <uuid>

Optionally modify the payload being sent to custom providers.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "friendly_name": "string",
  • "provider": "twilio",
  • "from_number": "string",
  • "account_sid": "string",
  • "auth": "string",
  • "auth_password": "string",
  • "auth_type": "basic",
  • "verify_only": true,
  • "mapping": "cd845aba-a2ed-4c77-84a2-7d3ad6b8b9af"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "friendly_name": "string",
  • "provider": "twilio",
  • "from_number": "string",
  • "account_sid": "string",
  • "auth": "string",
  • "auth_password": "string",
  • "auth_type": "basic",
  • "verify_only": true,
  • "mapping": "cd845aba-a2ed-4c77-84a2-7d3ad6b8b9af"
}

stages_authenticator_sms_partial_update

AuthenticatorSMSStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this SMS Authenticator Setup Stage.

Request Body schema: application/json
name
string non-empty
Array of objects (FlowSetRequest)
configure_flow
string or null <uuid>

Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage.

friendly_name
string or null non-empty
provider
string (ProviderEnum)
Enum: "twilio" "generic"
from_number
string non-empty
account_sid
string non-empty
auth
string non-empty
auth_password
string
auth_type
string (AuthTypeEnum)
Enum: "basic" "bearer"
verify_only
boolean

When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future.

mapping
string or null <uuid>

Optionally modify the payload being sent to custom providers.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "friendly_name": "string",
  • "provider": "twilio",
  • "from_number": "string",
  • "account_sid": "string",
  • "auth": "string",
  • "auth_password": "string",
  • "auth_type": "basic",
  • "verify_only": true,
  • "mapping": "cd845aba-a2ed-4c77-84a2-7d3ad6b8b9af"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "friendly_name": "string",
  • "provider": "twilio",
  • "from_number": "string",
  • "account_sid": "string",
  • "auth": "string",
  • "auth_password": "string",
  • "auth_type": "basic",
  • "verify_only": true,
  • "mapping": "cd845aba-a2ed-4c77-84a2-7d3ad6b8b9af"
}

stages_authenticator_sms_destroy

AuthenticatorSMSStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this SMS Authenticator Setup Stage.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

stages_authenticator_sms_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this SMS Authenticator Setup Stage.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

stages_authenticator_static_list

AuthenticatorStaticStage Viewset

Authorizations:
authentik
query Parameters
configure_flow
string <uuid>
friendly_name
string
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

stage_uuid
string <uuid>
token_count
integer
token_length
integer

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

stages_authenticator_static_create

AuthenticatorStaticStage Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
Array of objects (FlowSetRequest)
configure_flow
string or null <uuid>

Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage.

friendly_name
string or null non-empty
token_count
integer [ 0 .. 2147483647 ]
token_length
integer [ 0 .. 2147483647 ]

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "friendly_name": "string",
  • "token_count": 2147483647,
  • "token_length": 2147483647
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "friendly_name": "string",
  • "token_count": 2147483647,
  • "token_length": 2147483647
}

stages_authenticator_static_retrieve

AuthenticatorStaticStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Static Authenticator Setup Stage.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "friendly_name": "string",
  • "token_count": 2147483647,
  • "token_length": 2147483647
}

stages_authenticator_static_update

AuthenticatorStaticStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Static Authenticator Setup Stage.

Request Body schema: application/json
required
name
required
string non-empty
Array of objects (FlowSetRequest)
configure_flow
string or null <uuid>

Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage.

friendly_name
string or null non-empty
token_count
integer [ 0 .. 2147483647 ]
token_length
integer [ 0 .. 2147483647 ]

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "friendly_name": "string",
  • "token_count": 2147483647,
  • "token_length": 2147483647
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "friendly_name": "string",
  • "token_count": 2147483647,
  • "token_length": 2147483647
}

stages_authenticator_static_partial_update

AuthenticatorStaticStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Static Authenticator Setup Stage.

Request Body schema: application/json
name
string non-empty
Array of objects (FlowSetRequest)
configure_flow
string or null <uuid>

Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage.

friendly_name
string or null non-empty
token_count
integer [ 0 .. 2147483647 ]
token_length
integer [ 0 .. 2147483647 ]

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "friendly_name": "string",
  • "token_count": 2147483647,
  • "token_length": 2147483647
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "friendly_name": "string",
  • "token_count": 2147483647,
  • "token_length": 2147483647
}

stages_authenticator_static_destroy

AuthenticatorStaticStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Static Authenticator Setup Stage.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

stages_authenticator_static_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Static Authenticator Setup Stage.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

stages_authenticator_totp_list

AuthenticatorTOTPStage Viewset

Authorizations:
authentik
query Parameters
configure_flow
string <uuid>
digits
string
Enum: "6" "8"
friendly_name
string
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

stage_uuid
string <uuid>

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

stages_authenticator_totp_create

AuthenticatorTOTPStage Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
Array of objects (FlowSetRequest)
configure_flow
string or null <uuid>

Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage.

friendly_name
string or null non-empty
digits
required
string (DigitsEnum)
Enum: "6" "8"

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "friendly_name": "string",
  • "digits": "6"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "friendly_name": "string",
  • "digits": "6"
}

stages_authenticator_totp_retrieve

AuthenticatorTOTPStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this TOTP Authenticator Setup Stage.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "friendly_name": "string",
  • "digits": "6"
}

stages_authenticator_totp_update

AuthenticatorTOTPStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this TOTP Authenticator Setup Stage.

Request Body schema: application/json
required
name
required
string non-empty
Array of objects (FlowSetRequest)
configure_flow
string or null <uuid>

Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage.

friendly_name
string or null non-empty
digits
required
string (DigitsEnum)
Enum: "6" "8"

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "friendly_name": "string",
  • "digits": "6"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "friendly_name": "string",
  • "digits": "6"
}

stages_authenticator_totp_partial_update

AuthenticatorTOTPStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this TOTP Authenticator Setup Stage.

Request Body schema: application/json
name
string non-empty
Array of objects (FlowSetRequest)
configure_flow
string or null <uuid>

Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage.

friendly_name
string or null non-empty
digits
string (DigitsEnum)
Enum: "6" "8"

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "friendly_name": "string",
  • "digits": "6"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "friendly_name": "string",
  • "digits": "6"
}

stages_authenticator_totp_destroy

AuthenticatorTOTPStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this TOTP Authenticator Setup Stage.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

stages_authenticator_totp_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this TOTP Authenticator Setup Stage.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

stages_authenticator_validate_list

AuthenticatorValidateStage Viewset

Authorizations:
authentik
query Parameters
configuration_stages
Array of strings <uuid> [ items <uuid > ]
name
string
not_configured_action
string
Enum: "configure" "deny" "skip"
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

stages_authenticator_validate_create

AuthenticatorValidateStage Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
Array of objects (FlowSetRequest)
not_configured_action
string (NotConfiguredActionEnum)
Enum: "skip" "deny" "configure"
device_classes
Array of strings (DeviceClassesEnum)
Items Enum: "static" "totp" "webauthn" "duo" "sms"

Device classes which can be used to authenticate

configuration_stages
Array of strings <uuid> [ items <uuid > ]

Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again.

last_auth_threshold
string non-empty

If any of the user's device has been used within this threshold, this stage will be skipped

webauthn_user_verification
string
Enum: "required" "preferred" "discouraged"

Enforce user verification for WebAuthn devices.

webauthn_allowed_device_types
Array of strings <uuid> [ items <uuid > ]

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "not_configured_action": "skip",
  • "device_classes": [
    ],
  • "configuration_stages": [
    ],
  • "last_auth_threshold": "string",
  • "webauthn_user_verification": "required",
  • "webauthn_allowed_device_types": [
    ]
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "not_configured_action": "skip",
  • "device_classes": [
    ],
  • "configuration_stages": [
    ],
  • "last_auth_threshold": "string",
  • "webauthn_user_verification": "required",
  • "webauthn_allowed_device_types": [
    ],
  • "webauthn_allowed_device_types_obj": [
    ]
}

stages_authenticator_validate_retrieve

AuthenticatorValidateStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Authenticator Validation Stage.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "not_configured_action": "skip",
  • "device_classes": [
    ],
  • "configuration_stages": [
    ],
  • "last_auth_threshold": "string",
  • "webauthn_user_verification": "required",
  • "webauthn_allowed_device_types": [
    ],
  • "webauthn_allowed_device_types_obj": [
    ]
}

stages_authenticator_validate_update

AuthenticatorValidateStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Authenticator Validation Stage.

Request Body schema: application/json
required
name
required
string non-empty
Array of objects (FlowSetRequest)
not_configured_action
string (NotConfiguredActionEnum)
Enum: "skip" "deny" "configure"
device_classes
Array of strings (DeviceClassesEnum)
Items Enum: "static" "totp" "webauthn" "duo" "sms"

Device classes which can be used to authenticate

configuration_stages
Array of strings <uuid> [ items <uuid > ]

Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again.

last_auth_threshold
string non-empty

If any of the user's device has been used within this threshold, this stage will be skipped

webauthn_user_verification
string
Enum: "required" "preferred" "discouraged"

Enforce user verification for WebAuthn devices.

webauthn_allowed_device_types
Array of strings <uuid> [ items <uuid > ]

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "not_configured_action": "skip",
  • "device_classes": [
    ],
  • "configuration_stages": [
    ],
  • "last_auth_threshold": "string",
  • "webauthn_user_verification": "required",
  • "webauthn_allowed_device_types": [
    ]
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "not_configured_action": "skip",
  • "device_classes": [
    ],
  • "configuration_stages": [
    ],
  • "last_auth_threshold": "string",
  • "webauthn_user_verification": "required",
  • "webauthn_allowed_device_types": [
    ],
  • "webauthn_allowed_device_types_obj": [
    ]
}

stages_authenticator_validate_partial_update

AuthenticatorValidateStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Authenticator Validation Stage.

Request Body schema: application/json
name
string non-empty
Array of objects (FlowSetRequest)
not_configured_action
string (NotConfiguredActionEnum)
Enum: "skip" "deny" "configure"
device_classes
Array of strings (DeviceClassesEnum)
Items Enum: "static" "totp" "webauthn" "duo" "sms"

Device classes which can be used to authenticate

configuration_stages
Array of strings <uuid> [ items <uuid > ]

Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again.

last_auth_threshold
string non-empty

If any of the user's device has been used within this threshold, this stage will be skipped

webauthn_user_verification
string
Enum: "required" "preferred" "discouraged"

Enforce user verification for WebAuthn devices.

webauthn_allowed_device_types
Array of strings <uuid> [ items <uuid > ]

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "not_configured_action": "skip",
  • "device_classes": [
    ],
  • "configuration_stages": [
    ],
  • "last_auth_threshold": "string",
  • "webauthn_user_verification": "required",
  • "webauthn_allowed_device_types": [
    ]
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "not_configured_action": "skip",
  • "device_classes": [
    ],
  • "configuration_stages": [
    ],
  • "last_auth_threshold": "string",
  • "webauthn_user_verification": "required",
  • "webauthn_allowed_device_types": [
    ],
  • "webauthn_allowed_device_types_obj": [
    ]
}

stages_authenticator_validate_destroy

AuthenticatorValidateStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Authenticator Validation Stage.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

stages_authenticator_validate_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Authenticator Validation Stage.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

stages_authenticator_webauthn_list

AuthenticatorWebAuthnStage Viewset

Authorizations:
authentik
query Parameters
authenticator_attachment
string or null
Enum: "cross-platform" "platform"
configure_flow
string <uuid>
device_type_restrictions
Array of strings <uuid> [ items <uuid > ]
friendly_name
string
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

resident_key_requirement
string
Enum: "discouraged" "preferred" "required"
search
string

A search term.

stage_uuid
string <uuid>
user_verification
string
Enum: "discouraged" "preferred" "required"

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

stages_authenticator_webauthn_create

AuthenticatorWebAuthnStage Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
Array of objects (FlowSetRequest)
configure_flow
string or null <uuid>

Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage.

friendly_name
string or null non-empty
user_verification
string (UserVerificationEnum)
Enum: "required" "preferred" "discouraged"
authenticator_attachment
string or null
Enum: "platform" "cross-platform"
resident_key_requirement
string (ResidentKeyRequirementEnum)
Enum: "discouraged" "preferred" "required"
device_type_restrictions
Array of strings <uuid> [ items <uuid > ]

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "friendly_name": "string",
  • "user_verification": "required",
  • "authenticator_attachment": "platform",
  • "resident_key_requirement": "discouraged",
  • "device_type_restrictions": [
    ]
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "friendly_name": "string",
  • "user_verification": "required",
  • "authenticator_attachment": "platform",
  • "resident_key_requirement": "discouraged",
  • "device_type_restrictions": [
    ],
  • "device_type_restrictions_obj": [
    ]
}

stages_authenticator_webauthn_retrieve

AuthenticatorWebAuthnStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this WebAuthn Authenticator Setup Stage.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "friendly_name": "string",
  • "user_verification": "required",
  • "authenticator_attachment": "platform",
  • "resident_key_requirement": "discouraged",
  • "device_type_restrictions": [
    ],
  • "device_type_restrictions_obj": [
    ]
}

stages_authenticator_webauthn_update

AuthenticatorWebAuthnStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this WebAuthn Authenticator Setup Stage.

Request Body schema: application/json
required
name
required
string non-empty
Array of objects (FlowSetRequest)
configure_flow
string or null <uuid>

Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage.

friendly_name
string or null non-empty
user_verification
string (UserVerificationEnum)
Enum: "required" "preferred" "discouraged"
authenticator_attachment
string or null
Enum: "platform" "cross-platform"
resident_key_requirement
string (ResidentKeyRequirementEnum)
Enum: "discouraged" "preferred" "required"
device_type_restrictions
Array of strings <uuid> [ items <uuid > ]

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "friendly_name": "string",
  • "user_verification": "required",
  • "authenticator_attachment": "platform",
  • "resident_key_requirement": "discouraged",
  • "device_type_restrictions": [
    ]
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "friendly_name": "string",
  • "user_verification": "required",
  • "authenticator_attachment": "platform",
  • "resident_key_requirement": "discouraged",
  • "device_type_restrictions": [
    ],
  • "device_type_restrictions_obj": [
    ]
}

stages_authenticator_webauthn_partial_update

AuthenticatorWebAuthnStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this WebAuthn Authenticator Setup Stage.

Request Body schema: application/json
name
string non-empty
Array of objects (FlowSetRequest)
configure_flow
string or null <uuid>

Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage.

friendly_name
string or null non-empty
user_verification
string (UserVerificationEnum)
Enum: "required" "preferred" "discouraged"
authenticator_attachment
string or null
Enum: "platform" "cross-platform"
resident_key_requirement
string (ResidentKeyRequirementEnum)
Enum: "discouraged" "preferred" "required"
device_type_restrictions
Array of strings <uuid> [ items <uuid > ]

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "friendly_name": "string",
  • "user_verification": "required",
  • "authenticator_attachment": "platform",
  • "resident_key_requirement": "discouraged",
  • "device_type_restrictions": [
    ]
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "friendly_name": "string",
  • "user_verification": "required",
  • "authenticator_attachment": "platform",
  • "resident_key_requirement": "discouraged",
  • "device_type_restrictions": [
    ],
  • "device_type_restrictions_obj": [
    ]
}

stages_authenticator_webauthn_destroy

AuthenticatorWebAuthnStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this WebAuthn Authenticator Setup Stage.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

stages_authenticator_webauthn_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this WebAuthn Authenticator Setup Stage.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

stages_authenticator_webauthn_device_types_list

WebAuthnDeviceType Viewset

Authorizations:
authentik
query Parameters
aaguid
string <uuid>
description
string
icon
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

stages_authenticator_webauthn_device_types_retrieve

WebAuthnDeviceType Viewset

Authorizations:
authentik
path Parameters
aaguid
required
string <uuid>

A UUID string identifying this WebAuthn Device type.

Responses

Response samples

Content type
application/json
{
  • "aaguid": "e263c88c-bd50-489e-aacd-e4ea31523281",
  • "description": "string"
}

stages_captcha_list

CaptchaStage Viewset

Authorizations:
authentik
query Parameters
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

public_key
string
search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

stages_captcha_create

CaptchaStage Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
Array of objects (FlowSetRequest)
public_key
required
string non-empty

Public key, acquired your captcha Provider.

private_key
required
string non-empty

Private key, acquired your captcha Provider.

js_url
string non-empty
api_url
string non-empty

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "public_key": "string",
  • "private_key": "string",
  • "js_url": "string",
  • "api_url": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "public_key": "string",
  • "js_url": "string",
  • "api_url": "string"
}

stages_captcha_retrieve

CaptchaStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Captcha Stage.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "public_key": "string",
  • "js_url": "string",
  • "api_url": "string"
}

stages_captcha_update

CaptchaStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Captcha Stage.

Request Body schema: application/json
required
name
required
string non-empty
Array of objects (FlowSetRequest)
public_key
required
string non-empty

Public key, acquired your captcha Provider.

private_key
required
string non-empty

Private key, acquired your captcha Provider.

js_url
string non-empty
api_url
string non-empty

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "public_key": "string",
  • "private_key": "string",
  • "js_url": "string",
  • "api_url": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "public_key": "string",
  • "js_url": "string",
  • "api_url": "string"
}

stages_captcha_partial_update

CaptchaStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Captcha Stage.

Request Body schema: application/json
name
string non-empty
Array of objects (FlowSetRequest)
public_key
string non-empty

Public key, acquired your captcha Provider.

private_key
string non-empty

Private key, acquired your captcha Provider.

js_url
string non-empty
api_url
string non-empty

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "public_key": "string",
  • "private_key": "string",
  • "js_url": "string",
  • "api_url": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "public_key": "string",
  • "js_url": "string",
  • "api_url": "string"
}

stages_captcha_destroy

CaptchaStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Captcha Stage.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

stages_captcha_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Captcha Stage.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

stages_deny_list

DenyStage Viewset

Authorizations:
authentik
query Parameters
deny_message
string
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

stage_uuid
string <uuid>

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

stages_deny_create

DenyStage Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
Array of objects (FlowSetRequest)
deny_message
string

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "deny_message": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "deny_message": "string"
}

stages_deny_retrieve

DenyStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Deny Stage.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "deny_message": "string"
}

stages_deny_update

DenyStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Deny Stage.

Request Body schema: application/json
required
name
required
string non-empty
Array of objects (FlowSetRequest)
deny_message
string

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "deny_message": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "deny_message": "string"
}

stages_deny_partial_update

DenyStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Deny Stage.

Request Body schema: application/json
name
string non-empty
Array of objects (FlowSetRequest)
deny_message
string

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "deny_message": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "deny_message": "string"
}

stages_deny_destroy

DenyStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Deny Stage.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

stages_deny_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Deny Stage.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

stages_dummy_list

DummyStage Viewset

Authorizations:
authentik
query Parameters
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

stage_uuid
string <uuid>
throw_error
boolean

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

stages_dummy_create

DummyStage Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
Array of objects (FlowSetRequest)
throw_error
boolean

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "throw_error": true
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "throw_error": true
}

stages_dummy_retrieve

DummyStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Dummy Stage.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "throw_error": true
}

stages_dummy_update

DummyStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Dummy Stage.

Request Body schema: application/json
required
name
required
string non-empty
Array of objects (FlowSetRequest)
throw_error
boolean

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "throw_error": true
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "throw_error": true
}

stages_dummy_partial_update

DummyStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Dummy Stage.

Request Body schema: application/json
name
string non-empty
Array of objects (FlowSetRequest)
throw_error
boolean

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "throw_error": true
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "throw_error": true
}

stages_dummy_destroy

DummyStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Dummy Stage.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

stages_dummy_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Dummy Stage.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

stages_email_list

EmailStage Viewset

Authorizations:
authentik
query Parameters
activate_user_on_success
boolean
from_address
string
host
string
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

port
integer
search
string

A search term.

subject
string
template
string
timeout
integer
token_expiry
integer
use_global_settings
boolean
use_ssl
boolean
use_tls
boolean
username
string

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

stages_email_create

EmailStage Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
Array of objects (FlowSetRequest)
use_global_settings
boolean

When enabled, global Email connection settings will be used and connection settings below will be ignored.

host
string non-empty
port
integer [ -2147483648 .. 2147483647 ]
username
string
password
string
use_tls
boolean
use_ssl
boolean
timeout
integer [ -2147483648 .. 2147483647 ]
from_address
string <email> [ 1 .. 254 ] characters
token_expiry
integer [ -2147483648 .. 2147483647 ]

Time in minutes the token sent is valid.

subject
string non-empty
template
string non-empty
activate_user_on_success
boolean

Activate users upon completion of stage.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "use_global_settings": true,
  • "host": "string",
  • "port": -2147483648,
  • "username": "string",
  • "password": "string",
  • "use_tls": true,
  • "use_ssl": true,
  • "timeout": -2147483648,
  • "from_address": "user@example.com",
  • "token_expiry": -2147483648,
  • "subject": "string",
  • "template": "string",
  • "activate_user_on_success": true
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "use_global_settings": true,
  • "host": "string",
  • "port": -2147483648,
  • "username": "string",
  • "use_tls": true,
  • "use_ssl": true,
  • "timeout": -2147483648,
  • "from_address": "user@example.com",
  • "token_expiry": -2147483648,
  • "subject": "string",
  • "template": "string",
  • "activate_user_on_success": true
}

stages_email_retrieve

EmailStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Email Stage.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "use_global_settings": true,
  • "host": "string",
  • "port": -2147483648,
  • "username": "string",
  • "use_tls": true,
  • "use_ssl": true,
  • "timeout": -2147483648,
  • "from_address": "user@example.com",
  • "token_expiry": -2147483648,
  • "subject": "string",
  • "template": "string",
  • "activate_user_on_success": true
}

stages_email_update

EmailStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Email Stage.

Request Body schema: application/json
required
name
required
string non-empty
Array of objects (FlowSetRequest)
use_global_settings
boolean

When enabled, global Email connection settings will be used and connection settings below will be ignored.

host
string non-empty
port
integer [ -2147483648 .. 2147483647 ]
username
string
password
string
use_tls
boolean
use_ssl
boolean
timeout
integer [ -2147483648 .. 2147483647 ]
from_address
string <email> [ 1 .. 254 ] characters
token_expiry
integer [ -2147483648 .. 2147483647 ]

Time in minutes the token sent is valid.

subject
string non-empty
template
string non-empty
activate_user_on_success
boolean

Activate users upon completion of stage.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "use_global_settings": true,
  • "host": "string",
  • "port": -2147483648,
  • "username": "string",
  • "password": "string",
  • "use_tls": true,
  • "use_ssl": true,
  • "timeout": -2147483648,
  • "from_address": "user@example.com",
  • "token_expiry": -2147483648,
  • "subject": "string",
  • "template": "string",
  • "activate_user_on_success": true
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "use_global_settings": true,
  • "host": "string",
  • "port": -2147483648,
  • "username": "string",
  • "use_tls": true,
  • "use_ssl": true,
  • "timeout": -2147483648,
  • "from_address": "user@example.com",
  • "token_expiry": -2147483648,
  • "subject": "string",
  • "template": "string",
  • "activate_user_on_success": true
}

stages_email_partial_update

EmailStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Email Stage.

Request Body schema: application/json
name
string non-empty
Array of objects (FlowSetRequest)
use_global_settings
boolean

When enabled, global Email connection settings will be used and connection settings below will be ignored.

host
string non-empty
port
integer [ -2147483648 .. 2147483647 ]
username
string
password
string
use_tls
boolean
use_ssl
boolean
timeout
integer [ -2147483648 .. 2147483647 ]
from_address
string <email> [ 1 .. 254 ] characters
token_expiry
integer [ -2147483648 .. 2147483647 ]

Time in minutes the token sent is valid.

subject
string non-empty
template
string non-empty
activate_user_on_success
boolean

Activate users upon completion of stage.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "use_global_settings": true,
  • "host": "string",
  • "port": -2147483648,
  • "username": "string",
  • "password": "string",
  • "use_tls": true,
  • "use_ssl": true,
  • "timeout": -2147483648,
  • "from_address": "user@example.com",
  • "token_expiry": -2147483648,
  • "subject": "string",
  • "template": "string",
  • "activate_user_on_success": true
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "use_global_settings": true,
  • "host": "string",
  • "port": -2147483648,
  • "username": "string",
  • "use_tls": true,
  • "use_ssl": true,
  • "timeout": -2147483648,
  • "from_address": "user@example.com",
  • "token_expiry": -2147483648,
  • "subject": "string",
  • "template": "string",
  • "activate_user_on_success": true
}

stages_email_destroy

EmailStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Email Stage.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

stages_email_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Email Stage.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

stages_email_templates_list

Get all available templates, including custom templates

Authorizations:
authentik

Responses

Response samples

Content type
application/json
[
  • {
    }
]

stages_identification_list

IdentificationStage Viewset

Authorizations:
authentik
query Parameters
case_insensitive_matching
boolean
enrollment_flow
string <uuid>
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

password_stage
string <uuid>
passwordless_flow
string <uuid>
recovery_flow
string <uuid>
search
string

A search term.

show_matched_user
boolean
show_source_labels
boolean

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

stages_identification_create

IdentificationStage Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
Array of objects (FlowSetRequest)
user_fields
Array of strings (UserFieldsEnum)
Items Enum: "email" "username" "upn"

Fields of the user object to match against. (Hold shift to select multiple options)

password_stage
string or null <uuid>

When set, shows a password field, instead of showing the password field as seaprate step.

case_insensitive_matching
boolean

When enabled, user fields are matched regardless of their casing.

show_matched_user
boolean

When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown

enrollment_flow
string or null <uuid>

Optional enrollment flow, which is linked at the bottom of the page.

recovery_flow
string or null <uuid>

Optional recovery flow, which is linked at the bottom of the page.

passwordless_flow
string or null <uuid>

Optional passwordless flow, which is linked at the bottom of the page.

sources
Array of strings <uuid> [ items <uuid > ]

Specify which sources should be shown.

show_source_labels
boolean
pretend_user_exists
boolean

When enabled, the stage will succeed and continue even when incorrect user info is entered.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "user_fields": [
    ],
  • "password_stage": "9f1c379e-f684-4b6b-9554-f71e3c11c4fc",
  • "case_insensitive_matching": true,
  • "show_matched_user": true,
  • "enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
  • "recovery_flow": "d2d6cb9a-8e0c-444c-bb4e-99e6fbff3606",
  • "passwordless_flow": "c61e78c5-7666-4552-85c3-fe055dbe7ea9",
  • "sources": [
    ],
  • "show_source_labels": true,
  • "pretend_user_exists": true
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "user_fields": [
    ],
  • "password_stage": "9f1c379e-f684-4b6b-9554-f71e3c11c4fc",
  • "case_insensitive_matching": true,
  • "show_matched_user": true,
  • "enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
  • "recovery_flow": "d2d6cb9a-8e0c-444c-bb4e-99e6fbff3606",
  • "passwordless_flow": "c61e78c5-7666-4552-85c3-fe055dbe7ea9",
  • "sources": [
    ],
  • "show_source_labels": true,
  • "pretend_user_exists": true
}

stages_identification_retrieve

IdentificationStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Identification Stage.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "user_fields": [
    ],
  • "password_stage": "9f1c379e-f684-4b6b-9554-f71e3c11c4fc",
  • "case_insensitive_matching": true,
  • "show_matched_user": true,
  • "enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
  • "recovery_flow": "d2d6cb9a-8e0c-444c-bb4e-99e6fbff3606",
  • "passwordless_flow": "c61e78c5-7666-4552-85c3-fe055dbe7ea9",
  • "sources": [
    ],
  • "show_source_labels": true,
  • "pretend_user_exists": true
}

stages_identification_update

IdentificationStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Identification Stage.

Request Body schema: application/json
required
name
required
string non-empty
Array of objects (FlowSetRequest)
user_fields
Array of strings (UserFieldsEnum)
Items Enum: "email" "username" "upn"

Fields of the user object to match against. (Hold shift to select multiple options)

password_stage
string or null <uuid>

When set, shows a password field, instead of showing the password field as seaprate step.

case_insensitive_matching
boolean

When enabled, user fields are matched regardless of their casing.

show_matched_user
boolean

When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown

enrollment_flow
string or null <uuid>

Optional enrollment flow, which is linked at the bottom of the page.

recovery_flow
string or null <uuid>

Optional recovery flow, which is linked at the bottom of the page.

passwordless_flow
string or null <uuid>

Optional passwordless flow, which is linked at the bottom of the page.

sources
Array of strings <uuid> [ items <uuid > ]

Specify which sources should be shown.

show_source_labels
boolean
pretend_user_exists
boolean

When enabled, the stage will succeed and continue even when incorrect user info is entered.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "user_fields": [
    ],
  • "password_stage": "9f1c379e-f684-4b6b-9554-f71e3c11c4fc",
  • "case_insensitive_matching": true,
  • "show_matched_user": true,
  • "enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
  • "recovery_flow": "d2d6cb9a-8e0c-444c-bb4e-99e6fbff3606",
  • "passwordless_flow": "c61e78c5-7666-4552-85c3-fe055dbe7ea9",
  • "sources": [
    ],
  • "show_source_labels": true,
  • "pretend_user_exists": true
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "user_fields": [
    ],
  • "password_stage": "9f1c379e-f684-4b6b-9554-f71e3c11c4fc",
  • "case_insensitive_matching": true,
  • "show_matched_user": true,
  • "enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
  • "recovery_flow": "d2d6cb9a-8e0c-444c-bb4e-99e6fbff3606",
  • "passwordless_flow": "c61e78c5-7666-4552-85c3-fe055dbe7ea9",
  • "sources": [
    ],
  • "show_source_labels": true,
  • "pretend_user_exists": true
}

stages_identification_partial_update

IdentificationStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Identification Stage.

Request Body schema: application/json
name
string non-empty
Array of objects (FlowSetRequest)
user_fields
Array of strings (UserFieldsEnum)
Items Enum: "email" "username" "upn"

Fields of the user object to match against. (Hold shift to select multiple options)

password_stage
string or null <uuid>

When set, shows a password field, instead of showing the password field as seaprate step.

case_insensitive_matching
boolean

When enabled, user fields are matched regardless of their casing.

show_matched_user
boolean

When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown

enrollment_flow
string or null <uuid>

Optional enrollment flow, which is linked at the bottom of the page.

recovery_flow
string or null <uuid>

Optional recovery flow, which is linked at the bottom of the page.

passwordless_flow
string or null <uuid>

Optional passwordless flow, which is linked at the bottom of the page.

sources
Array of strings <uuid> [ items <uuid > ]

Specify which sources should be shown.

show_source_labels
boolean
pretend_user_exists
boolean

When enabled, the stage will succeed and continue even when incorrect user info is entered.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "user_fields": [
    ],
  • "password_stage": "9f1c379e-f684-4b6b-9554-f71e3c11c4fc",
  • "case_insensitive_matching": true,
  • "show_matched_user": true,
  • "enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
  • "recovery_flow": "d2d6cb9a-8e0c-444c-bb4e-99e6fbff3606",
  • "passwordless_flow": "c61e78c5-7666-4552-85c3-fe055dbe7ea9",
  • "sources": [
    ],
  • "show_source_labels": true,
  • "pretend_user_exists": true
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "user_fields": [
    ],
  • "password_stage": "9f1c379e-f684-4b6b-9554-f71e3c11c4fc",
  • "case_insensitive_matching": true,
  • "show_matched_user": true,
  • "enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
  • "recovery_flow": "d2d6cb9a-8e0c-444c-bb4e-99e6fbff3606",
  • "passwordless_flow": "c61e78c5-7666-4552-85c3-fe055dbe7ea9",
  • "sources": [
    ],
  • "show_source_labels": true,
  • "pretend_user_exists": true
}

stages_identification_destroy

IdentificationStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Identification Stage.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

stages_identification_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Identification Stage.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

stages_invitation_invitations_list

Invitation Viewset

Authorizations:
authentik
query Parameters
created_by__username
string
expires
string <date-time>
flow__slug
string
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

stages_invitation_invitations_create

Invitation Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$
expires
string or null <date-time>
object
single_use
boolean

When enabled, the invitation will be deleted after usage.

flow
string or null <uuid>

When set, only the configured flow can use this invitation.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "expires": "2019-08-24T14:15:22Z",
  • "fixed_data": {
    },
  • "single_use": true,
  • "flow": "92fe31c9-39b9-47ea-906d-cf09a4c3fa9a"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "expires": "2019-08-24T14:15:22Z",
  • "fixed_data": {
    },
  • "created_by": {
    },
  • "single_use": true,
  • "flow": "92fe31c9-39b9-47ea-906d-cf09a4c3fa9a",
  • "flow_obj": {
    }
}

stages_invitation_invitations_retrieve

Invitation Viewset

Authorizations:
authentik
path Parameters
invite_uuid
required
string <uuid>

A UUID string identifying this Invitation.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "expires": "2019-08-24T14:15:22Z",
  • "fixed_data": {
    },
  • "created_by": {
    },
  • "single_use": true,
  • "flow": "92fe31c9-39b9-47ea-906d-cf09a4c3fa9a",
  • "flow_obj": {
    }
}

stages_invitation_invitations_update

Invitation Viewset

Authorizations:
authentik
path Parameters
invite_uuid
required
string <uuid>

A UUID string identifying this Invitation.

Request Body schema: application/json
required
name
required
string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$
expires
string or null <date-time>
object
single_use
boolean

When enabled, the invitation will be deleted after usage.

flow
string or null <uuid>

When set, only the configured flow can use this invitation.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "expires": "2019-08-24T14:15:22Z",
  • "fixed_data": {
    },
  • "single_use": true,
  • "flow": "92fe31c9-39b9-47ea-906d-cf09a4c3fa9a"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "expires": "2019-08-24T14:15:22Z",
  • "fixed_data": {
    },
  • "created_by": {
    },
  • "single_use": true,
  • "flow": "92fe31c9-39b9-47ea-906d-cf09a4c3fa9a",
  • "flow_obj": {
    }
}

stages_invitation_invitations_partial_update

Invitation Viewset

Authorizations:
authentik
path Parameters
invite_uuid
required
string <uuid>

A UUID string identifying this Invitation.

Request Body schema: application/json
name
string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$
expires
string or null <date-time>
object
single_use
boolean

When enabled, the invitation will be deleted after usage.

flow
string or null <uuid>

When set, only the configured flow can use this invitation.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "expires": "2019-08-24T14:15:22Z",
  • "fixed_data": {
    },
  • "single_use": true,
  • "flow": "92fe31c9-39b9-47ea-906d-cf09a4c3fa9a"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "expires": "2019-08-24T14:15:22Z",
  • "fixed_data": {
    },
  • "created_by": {
    },
  • "single_use": true,
  • "flow": "92fe31c9-39b9-47ea-906d-cf09a4c3fa9a",
  • "flow_obj": {
    }
}

stages_invitation_invitations_destroy

Invitation Viewset

Authorizations:
authentik
path Parameters
invite_uuid
required
string <uuid>

A UUID string identifying this Invitation.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

stages_invitation_invitations_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
invite_uuid
required
string <uuid>

A UUID string identifying this Invitation.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

stages_invitation_stages_list

InvitationStage Viewset

Authorizations:
authentik
query Parameters
continue_flow_without_invitation
boolean
name
string
no_flows
boolean
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

stage_uuid
string <uuid>

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

stages_invitation_stages_create

InvitationStage Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
Array of objects (FlowSetRequest)
continue_flow_without_invitation
boolean

If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "continue_flow_without_invitation": true
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "continue_flow_without_invitation": true
}

stages_invitation_stages_retrieve

InvitationStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Invitation Stage.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "continue_flow_without_invitation": true
}

stages_invitation_stages_update

InvitationStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Invitation Stage.

Request Body schema: application/json
required
name
required
string non-empty
Array of objects (FlowSetRequest)
continue_flow_without_invitation
boolean

If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "continue_flow_without_invitation": true
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "continue_flow_without_invitation": true
}

stages_invitation_stages_partial_update

InvitationStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Invitation Stage.

Request Body schema: application/json
name
string non-empty
Array of objects (FlowSetRequest)
continue_flow_without_invitation
boolean

If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "continue_flow_without_invitation": true
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "continue_flow_without_invitation": true
}

stages_invitation_stages_destroy

InvitationStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Invitation Stage.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

stages_invitation_stages_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Invitation Stage.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

stages_password_list

PasswordStage Viewset

Authorizations:
authentik
query Parameters
configure_flow
string <uuid>
failed_attempts_before_cancel
integer
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

stages_password_create

PasswordStage Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
Array of objects (FlowSetRequest)
backends
required
Array of strings (BackendsEnum)
Items Enum: "authentik.core.auth.InbuiltBackend" "authentik.core.auth.TokenBackend" "authentik.sources.ldap.auth.LDAPBackend"

Selection of backends to test the password against.

configure_flow
string or null <uuid>

Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage.

failed_attempts_before_cancel
integer [ -2147483648 .. 2147483647 ]

How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "backends": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "failed_attempts_before_cancel": -2147483648
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "backends": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "failed_attempts_before_cancel": -2147483648
}

stages_password_retrieve

PasswordStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Password Stage.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "backends": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "failed_attempts_before_cancel": -2147483648
}

stages_password_update

PasswordStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Password Stage.

Request Body schema: application/json
required
name
required
string non-empty
Array of objects (FlowSetRequest)
backends
required
Array of strings (BackendsEnum)
Items Enum: "authentik.core.auth.InbuiltBackend" "authentik.core.auth.TokenBackend" "authentik.sources.ldap.auth.LDAPBackend"

Selection of backends to test the password against.

configure_flow
string or null <uuid>

Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage.

failed_attempts_before_cancel
integer [ -2147483648 .. 2147483647 ]

How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "backends": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "failed_attempts_before_cancel": -2147483648
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "backends": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "failed_attempts_before_cancel": -2147483648
}

stages_password_partial_update

PasswordStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Password Stage.

Request Body schema: application/json
name
string non-empty
Array of objects (FlowSetRequest)
backends
Array of strings (BackendsEnum)
Items Enum: "authentik.core.auth.InbuiltBackend" "authentik.core.auth.TokenBackend" "authentik.sources.ldap.auth.LDAPBackend"

Selection of backends to test the password against.

configure_flow
string or null <uuid>

Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage.

failed_attempts_before_cancel
integer [ -2147483648 .. 2147483647 ]

How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "backends": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "failed_attempts_before_cancel": -2147483648
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "backends": [
    ],
  • "configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
  • "failed_attempts_before_cancel": -2147483648
}

stages_password_destroy

PasswordStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Password Stage.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

stages_password_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Password Stage.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

stages_prompt_prompts_list

Prompt Viewset

Authorizations:
authentik
query Parameters
field_key
string
label
string
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

placeholder
string
search
string

A search term.

type
string
Enum: "ak-locale" "checkbox" "date" "date-time" "dropdown" "email" "file" "hidden" "number" "password" "radio-button-group" "separator" "static" "text" "text_area" "text_area_read_only" "text_read_only" "username"

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

stages_prompt_prompts_create

Prompt Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
field_key
required
string non-empty

Name of the form field, also used to store the value

label
required
string non-empty
type
required
string (PromptTypeEnum)
Enum: "text" "text_area" "text_read_only" "text_area_read_only" "username" "email" "password" "number" "checkbox" "radio-button-group" "dropdown" "date" "date-time" "file" "separator" "hidden" "static" "ak-locale"
required
boolean
placeholder
string

Optionally provide a short hint that describes the expected input value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple choices.

initial_value
string

Optionally pre-fill the input with an initial value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple default choices.

order
integer [ -2147483648 .. 2147483647 ]
Array of objects (StageRequest)
sub_text
string
placeholder_expression
boolean
initial_value_expression
boolean

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "field_key": "string",
  • "label": "string",
  • "type": "text",
  • "required": true,
  • "placeholder": "string",
  • "initial_value": "string",
  • "order": -2147483648,
  • "promptstage_set": [
    ],
  • "sub_text": "string",
  • "placeholder_expression": true,
  • "initial_value_expression": true
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "field_key": "string",
  • "label": "string",
  • "type": "text",
  • "required": true,
  • "placeholder": "string",
  • "initial_value": "string",
  • "order": -2147483648,
  • "promptstage_set": [
    ],
  • "sub_text": "string",
  • "placeholder_expression": true,
  • "initial_value_expression": true
}

stages_prompt_prompts_retrieve

Prompt Viewset

Authorizations:
authentik
path Parameters
prompt_uuid
required
string <uuid>

A UUID string identifying this Prompt.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "field_key": "string",
  • "label": "string",
  • "type": "text",
  • "required": true,
  • "placeholder": "string",
  • "initial_value": "string",
  • "order": -2147483648,
  • "promptstage_set": [
    ],
  • "sub_text": "string",
  • "placeholder_expression": true,
  • "initial_value_expression": true
}

stages_prompt_prompts_update

Prompt Viewset

Authorizations:
authentik
path Parameters
prompt_uuid
required
string <uuid>

A UUID string identifying this Prompt.

Request Body schema: application/json
required
name
required
string non-empty
field_key
required
string non-empty

Name of the form field, also used to store the value

label
required
string non-empty
type
required
string (PromptTypeEnum)
Enum: "text" "text_area" "text_read_only" "text_area_read_only" "username" "email" "password" "number" "checkbox" "radio-button-group" "dropdown" "date" "date-time" "file" "separator" "hidden" "static" "ak-locale"
required
boolean
placeholder
string

Optionally provide a short hint that describes the expected input value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple choices.

initial_value
string

Optionally pre-fill the input with an initial value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple default choices.

order
integer [ -2147483648 .. 2147483647 ]
Array of objects (StageRequest)
sub_text
string
placeholder_expression
boolean
initial_value_expression
boolean

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "field_key": "string",
  • "label": "string",
  • "type": "text",
  • "required": true,
  • "placeholder": "string",
  • "initial_value": "string",
  • "order": -2147483648,
  • "promptstage_set": [
    ],
  • "sub_text": "string",
  • "placeholder_expression": true,
  • "initial_value_expression": true
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "field_key": "string",
  • "label": "string",
  • "type": "text",
  • "required": true,
  • "placeholder": "string",
  • "initial_value": "string",
  • "order": -2147483648,
  • "promptstage_set": [
    ],
  • "sub_text": "string",
  • "placeholder_expression": true,
  • "initial_value_expression": true
}

stages_prompt_prompts_partial_update

Prompt Viewset

Authorizations:
authentik
path Parameters
prompt_uuid
required
string <uuid>

A UUID string identifying this Prompt.

Request Body schema: application/json
name
string non-empty
field_key
string non-empty

Name of the form field, also used to store the value

label
string non-empty
type
string (PromptTypeEnum)
Enum: "text" "text_area" "text_read_only" "text_area_read_only" "username" "email" "password" "number" "checkbox" "radio-button-group" "dropdown" "date" "date-time" "file" "separator" "hidden" "static" "ak-locale"
required
boolean
placeholder
string

Optionally provide a short hint that describes the expected input value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple choices.

initial_value
string

Optionally pre-fill the input with an initial value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple default choices.

order
integer [ -2147483648 .. 2147483647 ]
Array of objects (StageRequest)
sub_text
string
placeholder_expression
boolean
initial_value_expression
boolean

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "field_key": "string",
  • "label": "string",
  • "type": "text",
  • "required": true,
  • "placeholder": "string",
  • "initial_value": "string",
  • "order": -2147483648,
  • "promptstage_set": [
    ],
  • "sub_text": "string",
  • "placeholder_expression": true,
  • "initial_value_expression": true
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "field_key": "string",
  • "label": "string",
  • "type": "text",
  • "required": true,
  • "placeholder": "string",
  • "initial_value": "string",
  • "order": -2147483648,
  • "promptstage_set": [
    ],
  • "sub_text": "string",
  • "placeholder_expression": true,
  • "initial_value_expression": true
}

stages_prompt_prompts_destroy

Prompt Viewset

Authorizations:
authentik
path Parameters
prompt_uuid
required
string <uuid>

A UUID string identifying this Prompt.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

stages_prompt_prompts_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
prompt_uuid
required
string <uuid>

A UUID string identifying this Prompt.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

stages_prompt_prompts_preview_create

Preview a prompt as a challenge, just like a flow would receive

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
field_key
required
string non-empty

Name of the form field, also used to store the value

label
required
string non-empty
type
required
string (PromptTypeEnum)
Enum: "text" "text_area" "text_read_only" "text_area_read_only" "username" "email" "password" "number" "checkbox" "radio-button-group" "dropdown" "date" "date-time" "file" "separator" "hidden" "static" "ak-locale"
required
boolean
placeholder
string

Optionally provide a short hint that describes the expected input value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple choices.

initial_value
string

Optionally pre-fill the input with an initial value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple default choices.

order
integer [ -2147483648 .. 2147483647 ]
Array of objects (StageRequest)
sub_text
string
placeholder_expression
boolean
initial_value_expression
boolean

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "field_key": "string",
  • "label": "string",
  • "type": "text",
  • "required": true,
  • "placeholder": "string",
  • "initial_value": "string",
  • "order": -2147483648,
  • "promptstage_set": [
    ],
  • "sub_text": "string",
  • "placeholder_expression": true,
  • "initial_value_expression": true
}

Response samples

Content type
application/json
{
  • "type": "native",
  • "flow_info": {
    },
  • "component": "ak-stage-prompt",
  • "response_errors": {
    },
  • "fields": [
    ]
}

stages_prompt_stages_list

PromptStage Viewset

Authorizations:
authentik
query Parameters
fields
Array of strings <uuid> [ items <uuid > ]
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

stage_uuid
string <uuid>
validation_policies
Array of strings <uuid> [ items <uuid > ]

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

stages_prompt_stages_create

PromptStage Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
Array of objects (FlowSetRequest)
fields
required
Array of strings <uuid> [ items <uuid > ]
validation_policies
Array of strings <uuid> [ items <uuid > ]

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "fields": [
    ],
  • "validation_policies": [
    ]
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "fields": [
    ],
  • "validation_policies": [
    ]
}

stages_prompt_stages_retrieve

PromptStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Prompt Stage.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "fields": [
    ],
  • "validation_policies": [
    ]
}

stages_prompt_stages_update

PromptStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Prompt Stage.

Request Body schema: application/json
required
name
required
string non-empty
Array of objects (FlowSetRequest)
fields
required
Array of strings <uuid> [ items <uuid > ]
validation_policies
Array of strings <uuid> [ items <uuid > ]

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "fields": [
    ],
  • "validation_policies": [
    ]
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "fields": [
    ],
  • "validation_policies": [
    ]
}

stages_prompt_stages_partial_update

PromptStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Prompt Stage.

Request Body schema: application/json
name
string non-empty
Array of objects (FlowSetRequest)
fields
Array of strings <uuid> [ items <uuid > ]
validation_policies
Array of strings <uuid> [ items <uuid > ]

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "fields": [
    ],
  • "validation_policies": [
    ]
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "fields": [
    ],
  • "validation_policies": [
    ]
}

stages_prompt_stages_destroy

PromptStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Prompt Stage.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

stages_prompt_stages_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Prompt Stage.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

stages_source_list

SourceStage Viewset

Authorizations:
authentik
query Parameters
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

resume_timeout
string
search
string

A search term.

source
string <uuid>
stage_uuid
string <uuid>

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

stages_source_create

SourceStage Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
Array of objects (FlowSetRequest)
source
required
string <uuid>
resume_timeout
string non-empty

Amount of time a user can take to return from the source to continue the flow (Format: hours=-1;minutes=-2;seconds=-3)

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
  • "resume_timeout": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
  • "resume_timeout": "string"
}

stages_source_retrieve

SourceStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Source Stage.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
  • "resume_timeout": "string"
}

stages_source_update

SourceStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Source Stage.

Request Body schema: application/json
required
name
required
string non-empty
Array of objects (FlowSetRequest)
source
required
string <uuid>
resume_timeout
string non-empty

Amount of time a user can take to return from the source to continue the flow (Format: hours=-1;minutes=-2;seconds=-3)

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
  • "resume_timeout": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
  • "resume_timeout": "string"
}

stages_source_partial_update

SourceStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Source Stage.

Request Body schema: application/json
name
string non-empty
Array of objects (FlowSetRequest)
source
string <uuid>
resume_timeout
string non-empty

Amount of time a user can take to return from the source to continue the flow (Format: hours=-1;minutes=-2;seconds=-3)

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
  • "resume_timeout": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
  • "resume_timeout": "string"
}

stages_source_destroy

SourceStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Source Stage.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

stages_source_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this Source Stage.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

stages_user_delete_list

UserDeleteStage Viewset

Authorizations:
authentik
query Parameters
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

stage_uuid
string <uuid>

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

stages_user_delete_create

UserDeleteStage Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
Array of objects (FlowSetRequest)

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ]
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ]
}

stages_user_delete_retrieve

UserDeleteStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this User Delete Stage.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ]
}

stages_user_delete_update

UserDeleteStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this User Delete Stage.

Request Body schema: application/json
required
name
required
string non-empty
Array of objects (FlowSetRequest)

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ]
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ]
}

stages_user_delete_partial_update

UserDeleteStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this User Delete Stage.

Request Body schema: application/json
name
string non-empty
Array of objects (FlowSetRequest)

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ]
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ]
}

stages_user_delete_destroy

UserDeleteStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this User Delete Stage.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

stages_user_delete_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this User Delete Stage.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

stages_user_login_list

UserLoginStage Viewset

Authorizations:
authentik
query Parameters
geoip_binding
string
Enum: "bind_continent" "bind_continent_country" "bind_continent_country_city" "no_binding"

Bind sessions created by this stage to the configured GeoIP location

name
string
network_binding
string
Enum: "bind_asn" "bind_asn_network" "bind_asn_network_ip" "no_binding"

Bind sessions created by this stage to the configured network

ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

remember_me_offset
string
search
string

A search term.

session_duration
string
stage_uuid
string <uuid>
terminate_other_sessions
boolean

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

stages_user_login_create

UserLoginStage Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
Array of objects (FlowSetRequest)
session_duration
string non-empty

Determines how long a session lasts. Default of 0 means that the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)

terminate_other_sessions
boolean

Terminate all other sessions of the user logging in.

remember_me_offset
string non-empty

Offset the session will be extended by when the user picks the remember me option. Default of 0 means that the remember me option will not be shown. (Format: hours=-1;minutes=-2;seconds=-3)

network_binding
string
Enum: "no_binding" "bind_asn" "bind_asn_network" "bind_asn_network_ip"

Bind sessions created by this stage to the configured network

geoip_binding
string
Enum: "no_binding" "bind_continent" "bind_continent_country" "bind_continent_country_city"

Bind sessions created by this stage to the configured GeoIP location

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "session_duration": "string",
  • "terminate_other_sessions": true,
  • "remember_me_offset": "string",
  • "network_binding": "no_binding",
  • "geoip_binding": "no_binding"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "session_duration": "string",
  • "terminate_other_sessions": true,
  • "remember_me_offset": "string",
  • "network_binding": "no_binding",
  • "geoip_binding": "no_binding"
}

stages_user_login_retrieve

UserLoginStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this User Login Stage.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "session_duration": "string",
  • "terminate_other_sessions": true,
  • "remember_me_offset": "string",
  • "network_binding": "no_binding",
  • "geoip_binding": "no_binding"
}

stages_user_login_update

UserLoginStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this User Login Stage.

Request Body schema: application/json
required
name
required
string non-empty
Array of objects (FlowSetRequest)
session_duration
string non-empty

Determines how long a session lasts. Default of 0 means that the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)

terminate_other_sessions
boolean

Terminate all other sessions of the user logging in.

remember_me_offset
string non-empty

Offset the session will be extended by when the user picks the remember me option. Default of 0 means that the remember me option will not be shown. (Format: hours=-1;minutes=-2;seconds=-3)

network_binding
string
Enum: "no_binding" "bind_asn" "bind_asn_network" "bind_asn_network_ip"

Bind sessions created by this stage to the configured network

geoip_binding
string
Enum: "no_binding" "bind_continent" "bind_continent_country" "bind_continent_country_city"

Bind sessions created by this stage to the configured GeoIP location

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "session_duration": "string",
  • "terminate_other_sessions": true,
  • "remember_me_offset": "string",
  • "network_binding": "no_binding",
  • "geoip_binding": "no_binding"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "session_duration": "string",
  • "terminate_other_sessions": true,
  • "remember_me_offset": "string",
  • "network_binding": "no_binding",
  • "geoip_binding": "no_binding"
}

stages_user_login_partial_update

UserLoginStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this User Login Stage.

Request Body schema: application/json
name
string non-empty
Array of objects (FlowSetRequest)
session_duration
string non-empty

Determines how long a session lasts. Default of 0 means that the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)

terminate_other_sessions
boolean

Terminate all other sessions of the user logging in.

remember_me_offset
string non-empty

Offset the session will be extended by when the user picks the remember me option. Default of 0 means that the remember me option will not be shown. (Format: hours=-1;minutes=-2;seconds=-3)

network_binding
string
Enum: "no_binding" "bind_asn" "bind_asn_network" "bind_asn_network_ip"

Bind sessions created by this stage to the configured network

geoip_binding
string
Enum: "no_binding" "bind_continent" "bind_continent_country" "bind_continent_country_city"

Bind sessions created by this stage to the configured GeoIP location

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "session_duration": "string",
  • "terminate_other_sessions": true,
  • "remember_me_offset": "string",
  • "network_binding": "no_binding",
  • "geoip_binding": "no_binding"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "session_duration": "string",
  • "terminate_other_sessions": true,
  • "remember_me_offset": "string",
  • "network_binding": "no_binding",
  • "geoip_binding": "no_binding"
}

stages_user_login_destroy

UserLoginStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this User Login Stage.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

stages_user_login_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this User Login Stage.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

stages_user_logout_list

UserLogoutStage Viewset

Authorizations:
authentik
query Parameters
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

stage_uuid
string <uuid>

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

stages_user_logout_create

UserLogoutStage Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
Array of objects (FlowSetRequest)

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ]
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ]
}

stages_user_logout_retrieve

UserLogoutStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this User Logout Stage.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ]
}

stages_user_logout_update

UserLogoutStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this User Logout Stage.

Request Body schema: application/json
required
name
required
string non-empty
Array of objects (FlowSetRequest)

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ]
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ]
}

stages_user_logout_partial_update

UserLogoutStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this User Logout Stage.

Request Body schema: application/json
name
string non-empty
Array of objects (FlowSetRequest)

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ]
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ]
}

stages_user_logout_destroy

UserLogoutStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this User Logout Stage.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

stages_user_logout_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this User Logout Stage.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

stages_user_write_list

UserWriteStage Viewset

Authorizations:
authentik
query Parameters
create_users_as_inactive
boolean
create_users_group
string <uuid>
name
string
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

stage_uuid
string <uuid>
user_creation_mode
string
Enum: "always_create" "create_when_required" "never_create"
user_path_template
string
user_type
string
Enum: "external" "internal" "internal_service_account" "service_account"

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

stages_user_write_create

UserWriteStage Viewset

Authorizations:
authentik
Request Body schema: application/json
required
name
required
string non-empty
Array of objects (FlowSetRequest)
user_creation_mode
string (UserCreationModeEnum)
Enum: "never_create" "create_when_required" "always_create"
create_users_as_inactive
boolean

When set, newly created users are inactive and cannot login.

create_users_group
string or null <uuid>

Optionally add newly created users to this group.

user_type
string (UserTypeEnum)
Enum: "internal" "external" "service_account" "internal_service_account"
user_path_template
string

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "user_creation_mode": "never_create",
  • "create_users_as_inactive": true,
  • "create_users_group": "8ffb4ba8-5616-421c-9560-a1092d18578f",
  • "user_type": "internal",
  • "user_path_template": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "user_creation_mode": "never_create",
  • "create_users_as_inactive": true,
  • "create_users_group": "8ffb4ba8-5616-421c-9560-a1092d18578f",
  • "user_type": "internal",
  • "user_path_template": "string"
}

stages_user_write_retrieve

UserWriteStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this User Write Stage.

Responses

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "user_creation_mode": "never_create",
  • "create_users_as_inactive": true,
  • "create_users_group": "8ffb4ba8-5616-421c-9560-a1092d18578f",
  • "user_type": "internal",
  • "user_path_template": "string"
}

stages_user_write_update

UserWriteStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this User Write Stage.

Request Body schema: application/json
required
name
required
string non-empty
Array of objects (FlowSetRequest)
user_creation_mode
string (UserCreationModeEnum)
Enum: "never_create" "create_when_required" "always_create"
create_users_as_inactive
boolean

When set, newly created users are inactive and cannot login.

create_users_group
string or null <uuid>

Optionally add newly created users to this group.

user_type
string (UserTypeEnum)
Enum: "internal" "external" "service_account" "internal_service_account"
user_path_template
string

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "user_creation_mode": "never_create",
  • "create_users_as_inactive": true,
  • "create_users_group": "8ffb4ba8-5616-421c-9560-a1092d18578f",
  • "user_type": "internal",
  • "user_path_template": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "user_creation_mode": "never_create",
  • "create_users_as_inactive": true,
  • "create_users_group": "8ffb4ba8-5616-421c-9560-a1092d18578f",
  • "user_type": "internal",
  • "user_path_template": "string"
}

stages_user_write_partial_update

UserWriteStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this User Write Stage.

Request Body schema: application/json
name
string non-empty
Array of objects (FlowSetRequest)
user_creation_mode
string (UserCreationModeEnum)
Enum: "never_create" "create_when_required" "always_create"
create_users_as_inactive
boolean

When set, newly created users are inactive and cannot login.

create_users_group
string or null <uuid>

Optionally add newly created users to this group.

user_type
string (UserTypeEnum)
Enum: "internal" "external" "service_account" "internal_service_account"
user_path_template
string

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "flow_set": [
    ],
  • "user_creation_mode": "never_create",
  • "create_users_as_inactive": true,
  • "create_users_group": "8ffb4ba8-5616-421c-9560-a1092d18578f",
  • "user_type": "internal",
  • "user_path_template": "string"
}

Response samples

Content type
application/json
{
  • "pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
  • "name": "string",
  • "component": "string",
  • "verbose_name": "string",
  • "verbose_name_plural": "string",
  • "meta_model_name": "string",
  • "flow_set": [
    ],
  • "user_creation_mode": "never_create",
  • "create_users_as_inactive": true,
  • "create_users_group": "8ffb4ba8-5616-421c-9560-a1092d18578f",
  • "user_type": "internal",
  • "user_path_template": "string"
}

stages_user_write_destroy

UserWriteStage Viewset

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this User Write Stage.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

stages_user_write_used_by_list

Get a list of all objects that use this object

Authorizations:
authentik
path Parameters
stage_uuid
required
string <uuid>

A UUID string identifying this User Write Stage.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

tenants

tenants_domains_list

Domain ViewSet

query Parameters
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

tenants_domains_create

Domain ViewSet

Request Body schema: application/json
required
domain
required
string [ 1 .. 253 ] characters
is_primary
boolean
tenant
required
string <uuid>

Responses

Request samples

Content type
application/json
{
  • "domain": "string",
  • "is_primary": true,
  • "tenant": "93360892-48a4-4f76-a117-3304c9c61771"
}

Response samples

Content type
application/json
{
  • "id": 0,
  • "domain": "string",
  • "is_primary": true,
  • "tenant": "93360892-48a4-4f76-a117-3304c9c61771"
}

tenants_domains_retrieve

Domain ViewSet

path Parameters
id
required
integer

A unique integer value identifying this Domain.

Responses

Response samples

Content type
application/json
{
  • "id": 0,
  • "domain": "string",
  • "is_primary": true,
  • "tenant": "93360892-48a4-4f76-a117-3304c9c61771"
}

tenants_domains_update

Domain ViewSet

path Parameters
id
required
integer

A unique integer value identifying this Domain.

Request Body schema: application/json
required
domain
required
string [ 1 .. 253 ] characters
is_primary
boolean
tenant
required
string <uuid>

Responses

Request samples

Content type
application/json
{
  • "domain": "string",
  • "is_primary": true,
  • "tenant": "93360892-48a4-4f76-a117-3304c9c61771"
}

Response samples

Content type
application/json
{
  • "id": 0,
  • "domain": "string",
  • "is_primary": true,
  • "tenant": "93360892-48a4-4f76-a117-3304c9c61771"
}

tenants_domains_partial_update

Domain ViewSet

path Parameters
id
required
integer

A unique integer value identifying this Domain.

Request Body schema: application/json
domain
string [ 1 .. 253 ] characters
is_primary
boolean
tenant
string <uuid>

Responses

Request samples

Content type
application/json
{
  • "domain": "string",
  • "is_primary": true,
  • "tenant": "93360892-48a4-4f76-a117-3304c9c61771"
}

Response samples

Content type
application/json
{
  • "id": 0,
  • "domain": "string",
  • "is_primary": true,
  • "tenant": "93360892-48a4-4f76-a117-3304c9c61771"
}

tenants_domains_destroy

Domain ViewSet

path Parameters
id
required
integer

A unique integer value identifying this Domain.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

tenants_tenants_list

Tenant Viewset

query Parameters
ordering
string

Which field to use when ordering the results.

page
integer

A page number within the paginated result set.

page_size
integer

Number of results to return per page.

search
string

A search term.

Responses

Response samples

Content type
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

tenants_tenants_create

Tenant Viewset

Request Body schema: application/json
required
schema_name
required
string [ 1 .. 63 ] characters
name
required
string non-empty
ready
boolean

Responses

Request samples

Content type
application/json
{
  • "schema_name": "string",
  • "name": "string",
  • "ready": true
}

Response samples

Content type
application/json
{
  • "tenant_uuid": "3467989a-e428-43d0-b560-aedbbec33ae0",
  • "schema_name": "string",
  • "name": "string",
  • "ready": true
}

tenants_tenants_retrieve

Tenant Viewset

path Parameters
tenant_uuid
required
string <uuid>

A UUID string identifying this Tenant.

Responses

Response samples

Content type
application/json
{
  • "tenant_uuid": "3467989a-e428-43d0-b560-aedbbec33ae0",
  • "schema_name": "string",
  • "name": "string",
  • "ready": true
}

tenants_tenants_update

Tenant Viewset

path Parameters
tenant_uuid
required
string <uuid>

A UUID string identifying this Tenant.

Request Body schema: application/json
required
schema_name
required
string [ 1 .. 63 ] characters
name
required
string non-empty
ready
boolean

Responses

Request samples

Content type
application/json
{
  • "schema_name": "string",
  • "name": "string",
  • "ready": true
}

Response samples

Content type
application/json
{
  • "tenant_uuid": "3467989a-e428-43d0-b560-aedbbec33ae0",
  • "schema_name": "string",
  • "name": "string",
  • "ready": true
}

tenants_tenants_partial_update

Tenant Viewset

path Parameters
tenant_uuid
required
string <uuid>

A UUID string identifying this Tenant.

Request Body schema: application/json
schema_name
string [ 1 .. 63 ] characters
name
string non-empty
ready
boolean

Responses

Request samples

Content type
application/json
{
  • "schema_name": "string",
  • "name": "string",
  • "ready": true
}

Response samples

Content type
application/json
{
  • "tenant_uuid": "3467989a-e428-43d0-b560-aedbbec33ae0",
  • "schema_name": "string",
  • "name": "string",
  • "ready": true
}

tenants_tenants_destroy

Tenant Viewset

path Parameters
tenant_uuid
required
string <uuid>

A UUID string identifying this Tenant.

Responses

Response samples

Content type
application/json
{
  • "non_field_errors": [
    ],
  • "code": "string",
  • "property1": null,
  • "property2": null
}

tenants_tenants_create_admin_group_create

Create admin group and add user to it.

path Parameters
tenant_uuid
required
string <uuid>

A UUID string identifying this Tenant.

Request Body schema: application/json
required
user
required
string non-empty

Responses

Request samples

Content type
application/json
{
  • "user": "string"
}

Response samples

Content type
application/json
{
  • "detail": "string",
  • "code": "string"
}

tenants_tenants_create_recovery_key_create

Create recovery key for user.

path Parameters
tenant_uuid
required
string <uuid>

A UUID string identifying this Tenant.

Request Body schema: application/json
required
user
required
string non-empty
duration_days
required
integer

Responses

Request samples

Content type
application/json
{
  • "user": "string",
  • "duration_days": 0
}

Response samples

Content type
application/json
{
  • "expiry": "2019-08-24T14:15:22Z",
  • "url": "string"
}