openapi: 3.0.3 info: title: authentik version: 2023.10.4 description: Making authentication simple. contact: email: hello@goauthentik.io license: name: MIT url: https://github.com/goauthentik/authentik/blob/main/LICENSE paths: /admin/apps/: get: operationId: admin_apps_list description: Read-only view list all installed apps tags: - admin security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/App' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /admin/metrics/: get: operationId: admin_metrics_retrieve description: Login Metrics per 1h tags: - admin security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/LoginMetrics' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /admin/models/: get: operationId: admin_models_list description: Read-only view list all installed models tags: - admin security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/App' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /admin/settings/: get: operationId: admin_settings_retrieve description: Settings view tags: - admin security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Settings' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: admin_settings_update description: Settings view tags: - admin requestBody: content: application/json: schema: $ref: '#/components/schemas/SettingsRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Settings' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: admin_settings_partial_update description: Settings view tags: - admin requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedSettingsRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Settings' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /admin/system/: get: operationId: admin_system_retrieve description: Get system information. tags: - admin security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SystemInfo' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: admin_system_create description: Get system information. tags: - admin security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SystemInfo' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /admin/system_tasks/: get: operationId: admin_system_tasks_list description: List system tasks tags: - admin security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/Task' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /admin/system_tasks/{id}/: get: operationId: admin_system_tasks_retrieve description: Get a single system task parameters: - in: path name: id schema: type: string required: true tags: - admin security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Task' description: '' '404': description: Task not found '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /admin/system_tasks/{id}/retry/: post: operationId: admin_system_tasks_retry_create description: Retry task parameters: - in: path name: id schema: type: string required: true tags: - admin security: - authentik: [] responses: '204': description: Task retried successfully '404': description: Task not found '500': description: Failed to retry task '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /admin/version/: get: operationId: admin_version_retrieve description: Get running and latest version. tags: - admin security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Version' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /admin/workers/: get: operationId: admin_workers_retrieve description: Get currently connected worker count. tags: - admin security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Workers' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /authenticators/admin/all/: get: operationId: authenticators_admin_all_list description: Get all devices for current user parameters: - in: query name: user schema: type: integer tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/Device' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /authenticators/admin/duo/: get: operationId: authenticators_admin_duo_list description: Viewset for Duo authenticator devices (for admins) parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedDuoDeviceList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: authenticators_admin_duo_create description: Viewset for Duo authenticator devices (for admins) tags: - authenticators requestBody: content: application/json: schema: $ref: '#/components/schemas/DuoDeviceRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/DuoDevice' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /authenticators/admin/duo/{id}/: get: operationId: authenticators_admin_duo_retrieve description: Viewset for Duo authenticator devices (for admins) parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Duo Device. required: true tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/DuoDevice' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: authenticators_admin_duo_update description: Viewset for Duo authenticator devices (for admins) parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Duo Device. required: true tags: - authenticators requestBody: content: application/json: schema: $ref: '#/components/schemas/DuoDeviceRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/DuoDevice' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: authenticators_admin_duo_partial_update description: Viewset for Duo authenticator devices (for admins) parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Duo Device. required: true tags: - authenticators requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedDuoDeviceRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/DuoDevice' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: authenticators_admin_duo_destroy description: Viewset for Duo authenticator devices (for admins) parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Duo Device. required: true tags: - authenticators security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /authenticators/admin/sms/: get: operationId: authenticators_admin_sms_list description: Viewset for sms authenticator devices (for admins) parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedSMSDeviceList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: authenticators_admin_sms_create description: Viewset for sms authenticator devices (for admins) tags: - authenticators requestBody: content: application/json: schema: $ref: '#/components/schemas/SMSDeviceRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/SMSDevice' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /authenticators/admin/sms/{id}/: get: operationId: authenticators_admin_sms_retrieve description: Viewset for sms authenticator devices (for admins) parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this SMS Device. required: true tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SMSDevice' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: authenticators_admin_sms_update description: Viewset for sms authenticator devices (for admins) parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this SMS Device. required: true tags: - authenticators requestBody: content: application/json: schema: $ref: '#/components/schemas/SMSDeviceRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SMSDevice' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: authenticators_admin_sms_partial_update description: Viewset for sms authenticator devices (for admins) parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this SMS Device. required: true tags: - authenticators requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedSMSDeviceRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SMSDevice' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: authenticators_admin_sms_destroy description: Viewset for sms authenticator devices (for admins) parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this SMS Device. required: true tags: - authenticators security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /authenticators/admin/static/: get: operationId: authenticators_admin_static_list description: Viewset for static authenticator devices (for admins) parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedStaticDeviceList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: authenticators_admin_static_create description: Viewset for static authenticator devices (for admins) tags: - authenticators requestBody: content: application/json: schema: $ref: '#/components/schemas/StaticDeviceRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/StaticDevice' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /authenticators/admin/static/{id}/: get: operationId: authenticators_admin_static_retrieve description: Viewset for static authenticator devices (for admins) parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Static Device. required: true tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/StaticDevice' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: authenticators_admin_static_update description: Viewset for static authenticator devices (for admins) parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Static Device. required: true tags: - authenticators requestBody: content: application/json: schema: $ref: '#/components/schemas/StaticDeviceRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/StaticDevice' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: authenticators_admin_static_partial_update description: Viewset for static authenticator devices (for admins) parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Static Device. required: true tags: - authenticators requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedStaticDeviceRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/StaticDevice' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: authenticators_admin_static_destroy description: Viewset for static authenticator devices (for admins) parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Static Device. required: true tags: - authenticators security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /authenticators/admin/totp/: get: operationId: authenticators_admin_totp_list description: Viewset for totp authenticator devices (for admins) parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedTOTPDeviceList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: authenticators_admin_totp_create description: Viewset for totp authenticator devices (for admins) tags: - authenticators requestBody: content: application/json: schema: $ref: '#/components/schemas/TOTPDeviceRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/TOTPDevice' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /authenticators/admin/totp/{id}/: get: operationId: authenticators_admin_totp_retrieve description: Viewset for totp authenticator devices (for admins) parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this TOTP Device. required: true tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/TOTPDevice' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: authenticators_admin_totp_update description: Viewset for totp authenticator devices (for admins) parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this TOTP Device. required: true tags: - authenticators requestBody: content: application/json: schema: $ref: '#/components/schemas/TOTPDeviceRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/TOTPDevice' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: authenticators_admin_totp_partial_update description: Viewset for totp authenticator devices (for admins) parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this TOTP Device. required: true tags: - authenticators requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedTOTPDeviceRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/TOTPDevice' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: authenticators_admin_totp_destroy description: Viewset for totp authenticator devices (for admins) parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this TOTP Device. required: true tags: - authenticators security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /authenticators/admin/webauthn/: get: operationId: authenticators_admin_webauthn_list description: Viewset for WebAuthn authenticator devices (for admins) parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedWebAuthnDeviceList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: authenticators_admin_webauthn_create description: Viewset for WebAuthn authenticator devices (for admins) tags: - authenticators requestBody: content: application/json: schema: $ref: '#/components/schemas/WebAuthnDeviceRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/WebAuthnDevice' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /authenticators/admin/webauthn/{id}/: get: operationId: authenticators_admin_webauthn_retrieve description: Viewset for WebAuthn authenticator devices (for admins) parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this WebAuthn Device. required: true tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/WebAuthnDevice' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: authenticators_admin_webauthn_update description: Viewset for WebAuthn authenticator devices (for admins) parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this WebAuthn Device. required: true tags: - authenticators requestBody: content: application/json: schema: $ref: '#/components/schemas/WebAuthnDeviceRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/WebAuthnDevice' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: authenticators_admin_webauthn_partial_update description: Viewset for WebAuthn authenticator devices (for admins) parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this WebAuthn Device. required: true tags: - authenticators requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedWebAuthnDeviceRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/WebAuthnDevice' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: authenticators_admin_webauthn_destroy description: Viewset for WebAuthn authenticator devices (for admins) parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this WebAuthn Device. required: true tags: - authenticators security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /authenticators/all/: get: operationId: authenticators_all_list description: Get all devices for current user tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/Device' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /authenticators/duo/: get: operationId: authenticators_duo_list description: Viewset for Duo authenticator devices parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedDuoDeviceList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /authenticators/duo/{id}/: get: operationId: authenticators_duo_retrieve description: Viewset for Duo authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Duo Device. required: true tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/DuoDevice' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: authenticators_duo_update description: Viewset for Duo authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Duo Device. required: true tags: - authenticators requestBody: content: application/json: schema: $ref: '#/components/schemas/DuoDeviceRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/DuoDevice' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: authenticators_duo_partial_update description: Viewset for Duo authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Duo Device. required: true tags: - authenticators requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedDuoDeviceRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/DuoDevice' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: authenticators_duo_destroy description: Viewset for Duo authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Duo Device. required: true tags: - authenticators security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /authenticators/duo/{id}/used_by/: get: operationId: authenticators_duo_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Duo Device. required: true tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /authenticators/sms/: get: operationId: authenticators_sms_list description: Viewset for sms authenticator devices parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedSMSDeviceList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /authenticators/sms/{id}/: get: operationId: authenticators_sms_retrieve description: Viewset for sms authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this SMS Device. required: true tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SMSDevice' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: authenticators_sms_update description: Viewset for sms authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this SMS Device. required: true tags: - authenticators requestBody: content: application/json: schema: $ref: '#/components/schemas/SMSDeviceRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SMSDevice' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: authenticators_sms_partial_update description: Viewset for sms authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this SMS Device. required: true tags: - authenticators requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedSMSDeviceRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SMSDevice' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: authenticators_sms_destroy description: Viewset for sms authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this SMS Device. required: true tags: - authenticators security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /authenticators/sms/{id}/used_by/: get: operationId: authenticators_sms_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this SMS Device. required: true tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /authenticators/static/: get: operationId: authenticators_static_list description: Viewset for static authenticator devices parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedStaticDeviceList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /authenticators/static/{id}/: get: operationId: authenticators_static_retrieve description: Viewset for static authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Static Device. required: true tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/StaticDevice' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: authenticators_static_update description: Viewset for static authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Static Device. required: true tags: - authenticators requestBody: content: application/json: schema: $ref: '#/components/schemas/StaticDeviceRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/StaticDevice' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: authenticators_static_partial_update description: Viewset for static authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Static Device. required: true tags: - authenticators requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedStaticDeviceRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/StaticDevice' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: authenticators_static_destroy description: Viewset for static authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Static Device. required: true tags: - authenticators security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /authenticators/static/{id}/used_by/: get: operationId: authenticators_static_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Static Device. required: true tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /authenticators/totp/: get: operationId: authenticators_totp_list description: Viewset for totp authenticator devices parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedTOTPDeviceList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /authenticators/totp/{id}/: get: operationId: authenticators_totp_retrieve description: Viewset for totp authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this TOTP Device. required: true tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/TOTPDevice' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: authenticators_totp_update description: Viewset for totp authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this TOTP Device. required: true tags: - authenticators requestBody: content: application/json: schema: $ref: '#/components/schemas/TOTPDeviceRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/TOTPDevice' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: authenticators_totp_partial_update description: Viewset for totp authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this TOTP Device. required: true tags: - authenticators requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedTOTPDeviceRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/TOTPDevice' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: authenticators_totp_destroy description: Viewset for totp authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this TOTP Device. required: true tags: - authenticators security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /authenticators/totp/{id}/used_by/: get: operationId: authenticators_totp_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this TOTP Device. required: true tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /authenticators/webauthn/: get: operationId: authenticators_webauthn_list description: Viewset for WebAuthn authenticator devices parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedWebAuthnDeviceList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /authenticators/webauthn/{id}/: get: operationId: authenticators_webauthn_retrieve description: Viewset for WebAuthn authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this WebAuthn Device. required: true tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/WebAuthnDevice' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: authenticators_webauthn_update description: Viewset for WebAuthn authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this WebAuthn Device. required: true tags: - authenticators requestBody: content: application/json: schema: $ref: '#/components/schemas/WebAuthnDeviceRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/WebAuthnDevice' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: authenticators_webauthn_partial_update description: Viewset for WebAuthn authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this WebAuthn Device. required: true tags: - authenticators requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedWebAuthnDeviceRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/WebAuthnDevice' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: authenticators_webauthn_destroy description: Viewset for WebAuthn authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this WebAuthn Device. required: true tags: - authenticators security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /authenticators/webauthn/{id}/used_by/: get: operationId: authenticators_webauthn_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this WebAuthn Device. required: true tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/applications/: get: operationId: core_applications_list description: Custom list method that checks Policy based access instead of guardian parameters: - in: query name: group schema: type: string - in: query name: meta_description schema: type: string - in: query name: meta_launch_url schema: type: string - in: query name: meta_publisher schema: type: string - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: slug schema: type: string - in: query name: superuser_full_list schema: type: boolean tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedApplicationList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: core_applications_create description: Application Viewset tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/ApplicationRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/Application' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/applications/{slug}/: get: operationId: core_applications_retrieve description: Application Viewset parameters: - in: path name: slug schema: type: string description: Internal application name, used in URLs. required: true tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Application' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: core_applications_update description: Application Viewset parameters: - in: path name: slug schema: type: string description: Internal application name, used in URLs. required: true tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/ApplicationRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Application' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: core_applications_partial_update description: Application Viewset parameters: - in: path name: slug schema: type: string description: Internal application name, used in URLs. required: true tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedApplicationRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Application' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: core_applications_destroy description: Application Viewset parameters: - in: path name: slug schema: type: string description: Internal application name, used in URLs. required: true tags: - core security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/applications/{slug}/check_access/: get: operationId: core_applications_check_access_retrieve description: Check access to a single application by slug parameters: - in: query name: for_user schema: type: integer - in: path name: slug schema: type: string description: Internal application name, used in URLs. required: true tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PolicyTestResult' description: '' '404': description: for_user user not found '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/applications/{slug}/metrics/: get: operationId: core_applications_metrics_list description: Metrics for application logins parameters: - in: path name: slug schema: type: string description: Internal application name, used in URLs. required: true tags: - core security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/Coordinate' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/applications/{slug}/set_icon/: post: operationId: core_applications_set_icon_create description: Set application icon parameters: - in: path name: slug schema: type: string description: Internal application name, used in URLs. required: true tags: - core requestBody: content: multipart/form-data: schema: $ref: '#/components/schemas/FileUploadRequest' security: - authentik: [] responses: '200': description: Success '400': description: Bad request '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/applications/{slug}/set_icon_url/: post: operationId: core_applications_set_icon_url_create description: Set application icon (as URL) parameters: - in: path name: slug schema: type: string description: Internal application name, used in URLs. required: true tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/FilePathRequest' required: true security: - authentik: [] responses: '200': description: Success '400': description: Bad request '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/applications/{slug}/used_by/: get: operationId: core_applications_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: slug schema: type: string description: Internal application name, used in URLs. required: true tags: - core security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/authenticated_sessions/: get: operationId: core_authenticated_sessions_list description: AuthenticatedSession Viewset parameters: - in: query name: last_ip schema: type: string - in: query name: last_user_agent schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: user__username schema: type: string tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedAuthenticatedSessionList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/authenticated_sessions/{uuid}/: get: operationId: core_authenticated_sessions_retrieve description: AuthenticatedSession Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Authenticated Session. required: true tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticatedSession' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: core_authenticated_sessions_destroy description: AuthenticatedSession Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Authenticated Session. required: true tags: - core security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/authenticated_sessions/{uuid}/used_by/: get: operationId: core_authenticated_sessions_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Authenticated Session. required: true tags: - core security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/brands/: get: operationId: core_brands_list description: Brand Viewset parameters: - in: query name: brand_uuid schema: type: string format: uuid - in: query name: branding_favicon schema: type: string - in: query name: branding_logo schema: type: string - in: query name: branding_title schema: type: string - in: query name: default schema: type: boolean - in: query name: domain schema: type: string - in: query name: event_retention schema: type: string - in: query name: flow_authentication schema: type: string format: uuid - in: query name: flow_device_code schema: type: string format: uuid - in: query name: flow_invalidation schema: type: string format: uuid - in: query name: flow_recovery schema: type: string format: uuid - in: query name: flow_unenrollment schema: type: string format: uuid - in: query name: flow_user_settings schema: type: string format: uuid - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: web_certificate schema: type: string format: uuid tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedBrandList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: core_brands_create description: Brand Viewset tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/BrandRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/Brand' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/brands/{brand_uuid}/: get: operationId: core_brands_retrieve description: Brand Viewset parameters: - in: path name: brand_uuid schema: type: string format: uuid description: A UUID string identifying this Brand. required: true tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Brand' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: core_brands_update description: Brand Viewset parameters: - in: path name: brand_uuid schema: type: string format: uuid description: A UUID string identifying this Brand. required: true tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/BrandRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Brand' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: core_brands_partial_update description: Brand Viewset parameters: - in: path name: brand_uuid schema: type: string format: uuid description: A UUID string identifying this Brand. required: true tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedBrandRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Brand' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: core_brands_destroy description: Brand Viewset parameters: - in: path name: brand_uuid schema: type: string format: uuid description: A UUID string identifying this Brand. required: true tags: - core security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/brands/{brand_uuid}/used_by/: get: operationId: core_brands_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: brand_uuid schema: type: string format: uuid description: A UUID string identifying this Brand. required: true tags: - core security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/brands/current/: get: operationId: core_brands_current_retrieve description: Get current brand tags: - core security: - authentik: [] - {} responses: '200': content: application/json: schema: $ref: '#/components/schemas/CurrentBrand' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/groups/: get: operationId: core_groups_list description: Group Viewset parameters: - in: query name: attributes schema: type: string description: Attributes - in: query name: is_superuser schema: type: boolean - in: query name: members_by_pk schema: type: array items: type: integer explode: true style: form - in: query name: members_by_username schema: type: array items: type: string description: Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only. explode: true style: form - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedGroupList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: core_groups_create description: Group Viewset tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/GroupRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/Group' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/groups/{group_uuid}/: get: operationId: core_groups_retrieve description: Group Viewset parameters: - in: path name: group_uuid schema: type: string format: uuid description: A UUID string identifying this Group. required: true tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Group' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: core_groups_update description: Group Viewset parameters: - in: path name: group_uuid schema: type: string format: uuid description: A UUID string identifying this Group. required: true tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/GroupRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Group' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: core_groups_partial_update description: Group Viewset parameters: - in: path name: group_uuid schema: type: string format: uuid description: A UUID string identifying this Group. required: true tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedGroupRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Group' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: core_groups_destroy description: Group Viewset parameters: - in: path name: group_uuid schema: type: string format: uuid description: A UUID string identifying this Group. required: true tags: - core security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/groups/{group_uuid}/add_user/: post: operationId: core_groups_add_user_create description: Add user to group parameters: - in: path name: group_uuid schema: type: string format: uuid description: A UUID string identifying this Group. required: true tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/UserAccountRequest' required: true security: - authentik: [] responses: '204': description: User added '404': description: User not found '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/groups/{group_uuid}/remove_user/: post: operationId: core_groups_remove_user_create description: Add user to group parameters: - in: path name: group_uuid schema: type: string format: uuid description: A UUID string identifying this Group. required: true tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/UserAccountRequest' required: true security: - authentik: [] responses: '204': description: User added '404': description: User not found '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/groups/{group_uuid}/used_by/: get: operationId: core_groups_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: group_uuid schema: type: string format: uuid description: A UUID string identifying this Group. required: true tags: - core security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/tokens/: get: operationId: core_tokens_list description: Token Viewset parameters: - in: query name: description schema: type: string - in: query name: expires schema: type: string format: date-time - in: query name: expiring schema: type: boolean - in: query name: identifier schema: type: string - in: query name: intent schema: type: string enum: - api - app_password - recovery - verification description: |- * `verification` - Intent Verification * `api` - Intent Api * `recovery` - Intent Recovery * `app_password` - Intent App Password - in: query name: managed schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: user__username schema: type: string tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedTokenList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: core_tokens_create description: Token Viewset tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/TokenRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/Token' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/tokens/{identifier}/: get: operationId: core_tokens_retrieve description: Token Viewset parameters: - in: path name: identifier schema: type: string required: true tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Token' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: core_tokens_update description: Token Viewset parameters: - in: path name: identifier schema: type: string required: true tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/TokenRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Token' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: core_tokens_partial_update description: Token Viewset parameters: - in: path name: identifier schema: type: string required: true tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedTokenRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Token' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: core_tokens_destroy description: Token Viewset parameters: - in: path name: identifier schema: type: string required: true tags: - core security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/tokens/{identifier}/set_key/: post: operationId: core_tokens_set_key_create description: |- Set token key. Action is logged as event. `authentik_core.set_token_key` permission is required. parameters: - in: path name: identifier schema: type: string required: true tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/TokenSetKeyRequest' required: true security: - authentik: [] responses: '204': description: Successfully changed key '400': description: Missing key '404': description: Token not found or expired '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/tokens/{identifier}/used_by/: get: operationId: core_tokens_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: identifier schema: type: string required: true tags: - core security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/tokens/{identifier}/view_key/: get: operationId: core_tokens_view_key_retrieve description: Return token key and log access parameters: - in: path name: identifier schema: type: string required: true tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/TokenView' description: '' '404': description: Token not found or expired '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/transactional/applications/: put: operationId: core_transactional_applications_update description: Convert data into a blueprint, validate it and apply it tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/TransactionApplicationRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/TransactionApplicationResponse' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/user_consent/: get: operationId: core_user_consent_list description: UserConsent Viewset parameters: - in: query name: application schema: type: string format: uuid - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: user schema: type: integer tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedUserConsentList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/user_consent/{id}/: get: operationId: core_user_consent_retrieve description: UserConsent Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User Consent. required: true tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserConsent' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: core_user_consent_destroy description: UserConsent Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User Consent. required: true tags: - core security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/user_consent/{id}/used_by/: get: operationId: core_user_consent_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User Consent. required: true tags: - core security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/users/: get: operationId: core_users_list description: User Viewset parameters: - in: query name: attributes schema: type: string description: Attributes - in: query name: email schema: type: string - in: query name: groups_by_name schema: type: array items: type: string explode: true style: form - in: query name: groups_by_pk schema: type: array items: type: string format: uuid explode: true style: form - in: query name: is_active schema: type: boolean - in: query name: is_superuser schema: type: boolean - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: path schema: type: string - in: query name: path_startswith schema: type: string - name: search required: false in: query description: A search term. schema: type: string - in: query name: type schema: type: array items: type: string enum: - external - internal - internal_service_account - service_account description: |- * `internal` - Internal * `external` - External * `service_account` - Service Account * `internal_service_account` - Internal Service Account explode: true style: form - in: query name: username schema: type: string - in: query name: uuid schema: type: string format: uuid tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedUserList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: core_users_create description: User Viewset tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/UserRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/User' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/users/{id}/: get: operationId: core_users_retrieve description: User Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User. required: true tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/User' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: core_users_update description: User Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User. required: true tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/UserRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/User' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: core_users_partial_update description: User Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User. required: true tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedUserRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/User' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: core_users_destroy description: User Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User. required: true tags: - core security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/users/{id}/impersonate/: post: operationId: core_users_impersonate_create description: Impersonate a user parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User. required: true tags: - core security: - authentik: [] responses: '204': description: Successfully started impersonation '401': description: Access denied '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/users/{id}/metrics/: get: operationId: core_users_metrics_retrieve description: User metrics per 1h parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User. required: true tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserMetrics' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/users/{id}/recovery/: get: operationId: core_users_recovery_retrieve description: Create a temporary link that a user can use to recover their accounts parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User. required: true tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Link' description: '' '404': content: application/json: schema: $ref: '#/components/schemas/Link' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/users/{id}/recovery_email/: get: operationId: core_users_recovery_email_retrieve description: Create a temporary link that a user can use to recover their accounts parameters: - in: query name: email_stage schema: type: string required: true - in: path name: id schema: type: integer description: A unique integer value identifying this User. required: true tags: - core security: - authentik: [] responses: '204': description: Successfully sent recover email '404': description: Bad request '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/users/{id}/set_password/: post: operationId: core_users_set_password_create description: Set password for user parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User. required: true tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/UserPasswordSetRequest' required: true security: - authentik: [] responses: '204': description: Successfully changed password '400': description: Bad request '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/users/{id}/used_by/: get: operationId: core_users_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User. required: true tags: - core security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/users/impersonate_end/: get: operationId: core_users_impersonate_end_retrieve description: End Impersonation a user tags: - core security: - authentik: [] responses: '204': description: Successfully started impersonation '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/users/me/: get: operationId: core_users_me_retrieve description: Get information about current user tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SessionUser' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/users/paths/: get: operationId: core_users_paths_retrieve description: Get all user paths parameters: - in: query name: search schema: type: string tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserPath' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /core/users/service_account/: post: operationId: core_users_service_account_create description: Create a new user account that is marked as a service account tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/UserServiceAccountRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserServiceAccountResponse' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /crypto/certificatekeypairs/: get: operationId: crypto_certificatekeypairs_list description: CertificateKeyPair Viewset parameters: - in: query name: has_key schema: type: boolean description: Only return certificate-key pairs with keys - in: query name: include_details schema: type: boolean default: true - in: query name: managed schema: type: string - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - crypto security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedCertificateKeyPairList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: crypto_certificatekeypairs_create description: CertificateKeyPair Viewset tags: - crypto requestBody: content: application/json: schema: $ref: '#/components/schemas/CertificateKeyPairRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/CertificateKeyPair' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /crypto/certificatekeypairs/{kp_uuid}/: get: operationId: crypto_certificatekeypairs_retrieve description: CertificateKeyPair Viewset parameters: - in: path name: kp_uuid schema: type: string format: uuid description: A UUID string identifying this Certificate-Key Pair. required: true tags: - crypto security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/CertificateKeyPair' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: crypto_certificatekeypairs_update description: CertificateKeyPair Viewset parameters: - in: path name: kp_uuid schema: type: string format: uuid description: A UUID string identifying this Certificate-Key Pair. required: true tags: - crypto requestBody: content: application/json: schema: $ref: '#/components/schemas/CertificateKeyPairRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/CertificateKeyPair' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: crypto_certificatekeypairs_partial_update description: CertificateKeyPair Viewset parameters: - in: path name: kp_uuid schema: type: string format: uuid description: A UUID string identifying this Certificate-Key Pair. required: true tags: - crypto requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedCertificateKeyPairRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/CertificateKeyPair' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: crypto_certificatekeypairs_destroy description: CertificateKeyPair Viewset parameters: - in: path name: kp_uuid schema: type: string format: uuid description: A UUID string identifying this Certificate-Key Pair. required: true tags: - crypto security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /crypto/certificatekeypairs/{kp_uuid}/used_by/: get: operationId: crypto_certificatekeypairs_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: kp_uuid schema: type: string format: uuid description: A UUID string identifying this Certificate-Key Pair. required: true tags: - crypto security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /crypto/certificatekeypairs/{kp_uuid}/view_certificate/: get: operationId: crypto_certificatekeypairs_view_certificate_retrieve description: Return certificate-key pairs certificate and log access parameters: - in: query name: download schema: type: boolean - in: path name: kp_uuid schema: type: string format: uuid description: A UUID string identifying this Certificate-Key Pair. required: true tags: - crypto security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/CertificateData' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /crypto/certificatekeypairs/{kp_uuid}/view_private_key/: get: operationId: crypto_certificatekeypairs_view_private_key_retrieve description: Return certificate-key pairs private key and log access parameters: - in: query name: download schema: type: boolean - in: path name: kp_uuid schema: type: string format: uuid description: A UUID string identifying this Certificate-Key Pair. required: true tags: - crypto security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/CertificateData' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /crypto/certificatekeypairs/generate/: post: operationId: crypto_certificatekeypairs_generate_create description: Generate a new, self-signed certificate-key pair tags: - crypto requestBody: content: application/json: schema: $ref: '#/components/schemas/CertificateGenerationRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/CertificateKeyPair' description: '' '400': description: Bad request '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /enterprise/license/: get: operationId: enterprise_license_list description: License Viewset parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - enterprise security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedLicenseList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: enterprise_license_create description: License Viewset tags: - enterprise requestBody: content: application/json: schema: $ref: '#/components/schemas/LicenseRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/License' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /enterprise/license/{license_uuid}/: get: operationId: enterprise_license_retrieve description: License Viewset parameters: - in: path name: license_uuid schema: type: string format: uuid description: A UUID string identifying this License. required: true tags: - enterprise security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/License' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: enterprise_license_update description: License Viewset parameters: - in: path name: license_uuid schema: type: string format: uuid description: A UUID string identifying this License. required: true tags: - enterprise requestBody: content: application/json: schema: $ref: '#/components/schemas/LicenseRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/License' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: enterprise_license_partial_update description: License Viewset parameters: - in: path name: license_uuid schema: type: string format: uuid description: A UUID string identifying this License. required: true tags: - enterprise requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedLicenseRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/License' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: enterprise_license_destroy description: License Viewset parameters: - in: path name: license_uuid schema: type: string format: uuid description: A UUID string identifying this License. required: true tags: - enterprise security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /enterprise/license/{license_uuid}/used_by/: get: operationId: enterprise_license_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: license_uuid schema: type: string format: uuid description: A UUID string identifying this License. required: true tags: - enterprise security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /enterprise/license/forecast/: get: operationId: enterprise_license_forecast_retrieve description: Forecast how many users will be required in a year tags: - enterprise security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/LicenseForecast' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /enterprise/license/get_install_id/: get: operationId: enterprise_license_get_install_id_retrieve description: Get install_id tags: - enterprise security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/InstallID' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /enterprise/license/summary/: get: operationId: enterprise_license_summary_retrieve description: Get the total license status tags: - enterprise security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/LicenseSummary' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /events/events/: get: operationId: events_events_list description: Event Read-Only Viewset parameters: - in: query name: action schema: type: string - in: query name: brand_name schema: type: string description: Brand name - in: query name: client_ip schema: type: string - in: query name: context_authorized_app schema: type: string description: Context Authorized application - in: query name: context_model_app schema: type: string description: Context Model App - in: query name: context_model_name schema: type: string description: Context Model Name - in: query name: context_model_pk schema: type: string description: Context Model Primary Key - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: username schema: type: string description: Username tags: - events security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedEventList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: events_events_create description: Event Read-Only Viewset tags: - events requestBody: content: application/json: schema: $ref: '#/components/schemas/EventRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/Event' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /events/events/{event_uuid}/: get: operationId: events_events_retrieve description: Event Read-Only Viewset parameters: - in: path name: event_uuid schema: type: string format: uuid description: A UUID string identifying this Event. required: true tags: - events security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Event' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: events_events_update description: Event Read-Only Viewset parameters: - in: path name: event_uuid schema: type: string format: uuid description: A UUID string identifying this Event. required: true tags: - events requestBody: content: application/json: schema: $ref: '#/components/schemas/EventRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Event' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: events_events_partial_update description: Event Read-Only Viewset parameters: - in: path name: event_uuid schema: type: string format: uuid description: A UUID string identifying this Event. required: true tags: - events requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedEventRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Event' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: events_events_destroy description: Event Read-Only Viewset parameters: - in: path name: event_uuid schema: type: string format: uuid description: A UUID string identifying this Event. required: true tags: - events security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /events/events/actions/: get: operationId: events_events_actions_list description: Get all actions tags: - events security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/TypeCreate' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /events/events/per_month/: get: operationId: events_events_per_month_list description: Get the count of events per month parameters: - in: query name: action schema: type: string - in: query name: query schema: type: string tags: - events security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/Coordinate' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /events/events/top_per_user/: get: operationId: events_events_top_per_user_list description: Get the top_n events grouped by user count parameters: - in: query name: action schema: type: string - in: query name: top_n schema: type: integer tags: - events security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/EventTopPerUser' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /events/events/volume/: get: operationId: events_events_volume_list description: Get event volume for specified filters and timeframe parameters: - in: query name: action schema: type: string - in: query name: brand_name schema: type: string description: Brand name - in: query name: client_ip schema: type: string - in: query name: context_authorized_app schema: type: string description: Context Authorized application - in: query name: context_model_app schema: type: string description: Context Model App - in: query name: context_model_name schema: type: string description: Context Model Name - in: query name: context_model_pk schema: type: string description: Context Model Primary Key - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: search required: false in: query description: A search term. schema: type: string - in: query name: username schema: type: string description: Username tags: - events security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/Coordinate' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /events/notifications/: get: operationId: events_notifications_list description: Notification Viewset parameters: - in: query name: body schema: type: string - in: query name: created schema: type: string format: date-time - in: query name: event schema: type: string format: uuid - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: seen schema: type: boolean - in: query name: severity schema: type: string enum: - alert - notice - warning description: |- * `notice` - Notice * `warning` - Warning * `alert` - Alert - in: query name: user schema: type: integer tags: - events security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedNotificationList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /events/notifications/{uuid}/: get: operationId: events_notifications_retrieve description: Notification Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Notification. required: true tags: - events security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Notification' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: events_notifications_update description: Notification Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Notification. required: true tags: - events requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Notification' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: events_notifications_partial_update description: Notification Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Notification. required: true tags: - events requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedNotificationRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Notification' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: events_notifications_destroy description: Notification Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Notification. required: true tags: - events security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /events/notifications/{uuid}/used_by/: get: operationId: events_notifications_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Notification. required: true tags: - events security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /events/notifications/mark_all_seen/: post: operationId: events_notifications_mark_all_seen_create description: Mark all the user's notifications as seen tags: - events security: - authentik: [] responses: '204': description: Marked tasks as read successfully. '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /events/rules/: get: operationId: events_rules_list description: NotificationRule Viewset parameters: - in: query name: group__name schema: type: string - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: severity schema: type: string enum: - alert - notice - warning description: |- Controls which severity level the created notifications will have. * `notice` - Notice * `warning` - Warning * `alert` - Alert tags: - events security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedNotificationRuleList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: events_rules_create description: NotificationRule Viewset tags: - events requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationRuleRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/NotificationRule' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /events/rules/{pbm_uuid}/: get: operationId: events_rules_retrieve description: NotificationRule Viewset parameters: - in: path name: pbm_uuid schema: type: string format: uuid description: A UUID string identifying this Notification Rule. required: true tags: - events security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/NotificationRule' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: events_rules_update description: NotificationRule Viewset parameters: - in: path name: pbm_uuid schema: type: string format: uuid description: A UUID string identifying this Notification Rule. required: true tags: - events requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationRuleRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/NotificationRule' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: events_rules_partial_update description: NotificationRule Viewset parameters: - in: path name: pbm_uuid schema: type: string format: uuid description: A UUID string identifying this Notification Rule. required: true tags: - events requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedNotificationRuleRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/NotificationRule' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: events_rules_destroy description: NotificationRule Viewset parameters: - in: path name: pbm_uuid schema: type: string format: uuid description: A UUID string identifying this Notification Rule. required: true tags: - events security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /events/rules/{pbm_uuid}/used_by/: get: operationId: events_rules_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: pbm_uuid schema: type: string format: uuid description: A UUID string identifying this Notification Rule. required: true tags: - events security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /events/transports/: get: operationId: events_transports_list description: NotificationTransport Viewset parameters: - in: query name: mode schema: type: string enum: - email - local - webhook - webhook_slack description: |- * `local` - authentik inbuilt notifications * `webhook` - Generic Webhook * `webhook_slack` - Slack Webhook (Slack/Discord) * `email` - Email - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: send_once schema: type: boolean - in: query name: webhook_url schema: type: string tags: - events security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedNotificationTransportList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: events_transports_create description: NotificationTransport Viewset tags: - events requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationTransportRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/NotificationTransport' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /events/transports/{uuid}/: get: operationId: events_transports_retrieve description: NotificationTransport Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Notification Transport. required: true tags: - events security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/NotificationTransport' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: events_transports_update description: NotificationTransport Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Notification Transport. required: true tags: - events requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationTransportRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/NotificationTransport' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: events_transports_partial_update description: NotificationTransport Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Notification Transport. required: true tags: - events requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedNotificationTransportRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/NotificationTransport' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: events_transports_destroy description: NotificationTransport Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Notification Transport. required: true tags: - events security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /events/transports/{uuid}/test/: post: operationId: events_transports_test_create description: |- Send example notification using selected transport. Requires Modify permissions. parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Notification Transport. required: true tags: - events security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/NotificationTransportTest' description: '' '500': description: Failed to test transport '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /events/transports/{uuid}/used_by/: get: operationId: events_transports_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Notification Transport. required: true tags: - events security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /flows/bindings/: get: operationId: flows_bindings_list description: FlowStageBinding Viewset parameters: - in: query name: evaluate_on_plan schema: type: boolean - in: query name: fsb_uuid schema: type: string format: uuid - in: query name: invalid_response_action schema: type: string enum: - restart - restart_with_context - retry description: |- Configure how the flow executor should handle an invalid response to a challenge. RETRY returns the error message and a similar challenge to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT restarts the flow while keeping the current context. * `retry` - Retry * `restart` - Restart * `restart_with_context` - Restart With Context - in: query name: order schema: type: integer - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: pbm_uuid schema: type: string format: uuid - in: query name: policies schema: type: array items: type: string format: uuid explode: true style: form - in: query name: policy_engine_mode schema: type: string enum: - all - any description: |- * `all` - all, all policies must pass * `any` - any, any policy must pass - in: query name: re_evaluate_policies schema: type: boolean - name: search required: false in: query description: A search term. schema: type: string - in: query name: stage schema: type: string format: uuid - in: query name: target schema: type: string format: uuid tags: - flows security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedFlowStageBindingList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: flows_bindings_create description: FlowStageBinding Viewset tags: - flows requestBody: content: application/json: schema: $ref: '#/components/schemas/FlowStageBindingRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/FlowStageBinding' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /flows/bindings/{fsb_uuid}/: get: operationId: flows_bindings_retrieve description: FlowStageBinding Viewset parameters: - in: path name: fsb_uuid schema: type: string format: uuid description: A UUID string identifying this Flow Stage Binding. required: true tags: - flows security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/FlowStageBinding' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: flows_bindings_update description: FlowStageBinding Viewset parameters: - in: path name: fsb_uuid schema: type: string format: uuid description: A UUID string identifying this Flow Stage Binding. required: true tags: - flows requestBody: content: application/json: schema: $ref: '#/components/schemas/FlowStageBindingRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/FlowStageBinding' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: flows_bindings_partial_update description: FlowStageBinding Viewset parameters: - in: path name: fsb_uuid schema: type: string format: uuid description: A UUID string identifying this Flow Stage Binding. required: true tags: - flows requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedFlowStageBindingRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/FlowStageBinding' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: flows_bindings_destroy description: FlowStageBinding Viewset parameters: - in: path name: fsb_uuid schema: type: string format: uuid description: A UUID string identifying this Flow Stage Binding. required: true tags: - flows security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /flows/bindings/{fsb_uuid}/used_by/: get: operationId: flows_bindings_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: fsb_uuid schema: type: string format: uuid description: A UUID string identifying this Flow Stage Binding. required: true tags: - flows security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /flows/executor/{flow_slug}/: get: operationId: flows_executor_get description: Get the next pending challenge from the currently active flow. parameters: - in: path name: flow_slug schema: type: string required: true - in: query name: query schema: type: string description: Querystring as received required: true tags: - flows security: - authentik: [] - {} responses: '200': content: application/json: schema: $ref: '#/components/schemas/ChallengeTypes' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: flows_executor_solve description: Solve the previously retrieved challenge and advanced to the next stage. parameters: - in: path name: flow_slug schema: type: string required: true - in: query name: query schema: type: string description: Querystring as received required: true tags: - flows requestBody: content: application/json: schema: $ref: '#/components/schemas/FlowChallengeResponseRequest' security: - authentik: [] - {} responses: '200': content: application/json: schema: $ref: '#/components/schemas/ChallengeTypes' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /flows/inspector/{flow_slug}/: get: operationId: flows_inspector_get description: Get current flow state and record it parameters: - in: path name: flow_slug schema: type: string required: true tags: - flows security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/FlowInspection' description: '' '400': description: No flow plan in session. '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /flows/instances/: get: operationId: flows_instances_list description: Flow Viewset parameters: - in: query name: denied_action schema: type: string enum: - continue - message - message_continue description: |- Configure what should happen when a flow denies access to a user. * `message_continue` - Message Continue * `message` - Message * `continue` - Continue - in: query name: designation schema: type: string enum: - authentication - authorization - enrollment - invalidation - recovery - stage_configuration - unenrollment description: |- Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik. * `authentication` - Authentication * `authorization` - Authorization * `invalidation` - Invalidation * `enrollment` - Enrollment * `unenrollment` - Unrenollment * `recovery` - Recovery * `stage_configuration` - Stage Configuration - in: query name: flow_uuid schema: type: string format: uuid - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: slug schema: type: string tags: - flows security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedFlowList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: flows_instances_create description: Flow Viewset tags: - flows requestBody: content: application/json: schema: $ref: '#/components/schemas/FlowRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/Flow' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /flows/instances/{slug}/: get: operationId: flows_instances_retrieve description: Flow Viewset parameters: - in: path name: slug schema: type: string description: Visible in the URL. required: true tags: - flows security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Flow' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: flows_instances_update description: Flow Viewset parameters: - in: path name: slug schema: type: string description: Visible in the URL. required: true tags: - flows requestBody: content: application/json: schema: $ref: '#/components/schemas/FlowRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Flow' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: flows_instances_partial_update description: Flow Viewset parameters: - in: path name: slug schema: type: string description: Visible in the URL. required: true tags: - flows requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedFlowRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Flow' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: flows_instances_destroy description: Flow Viewset parameters: - in: path name: slug schema: type: string description: Visible in the URL. required: true tags: - flows security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /flows/instances/{slug}/diagram/: get: operationId: flows_instances_diagram_retrieve description: Return diagram for flow with slug `slug`, in the format used by flowchart.js parameters: - in: path name: slug schema: type: string description: Visible in the URL. required: true tags: - flows security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/FlowDiagram' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /flows/instances/{slug}/execute/: get: operationId: flows_instances_execute_retrieve description: Execute flow for current user parameters: - in: path name: slug schema: type: string description: Visible in the URL. required: true tags: - flows security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Link' description: '' '400': description: Flow not applicable '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /flows/instances/{slug}/export/: get: operationId: flows_instances_export_retrieve description: Export flow to .yaml file parameters: - in: path name: slug schema: type: string description: Visible in the URL. required: true tags: - flows security: - authentik: [] responses: '200': content: application/json: schema: type: string format: binary description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /flows/instances/{slug}/set_background/: post: operationId: flows_instances_set_background_create description: Set Flow background parameters: - in: path name: slug schema: type: string description: Visible in the URL. required: true tags: - flows requestBody: content: multipart/form-data: schema: $ref: '#/components/schemas/FileUploadRequest' security: - authentik: [] responses: '200': description: Success '400': description: Bad request '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /flows/instances/{slug}/set_background_url/: post: operationId: flows_instances_set_background_url_create description: Set Flow background (as URL) parameters: - in: path name: slug schema: type: string description: Visible in the URL. required: true tags: - flows requestBody: content: application/json: schema: $ref: '#/components/schemas/FilePathRequest' required: true security: - authentik: [] responses: '200': description: Success '400': description: Bad request '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /flows/instances/{slug}/used_by/: get: operationId: flows_instances_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: slug schema: type: string description: Visible in the URL. required: true tags: - flows security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /flows/instances/cache_clear/: post: operationId: flows_instances_cache_clear_create description: Clear flow cache tags: - flows security: - authentik: [] responses: '204': description: Successfully cleared cache '400': description: Bad request '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /flows/instances/cache_info/: get: operationId: flows_instances_cache_info_retrieve description: Info about cached flows tags: - flows security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Cache' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /flows/instances/import/: post: operationId: flows_instances_import_create description: Import flow from .yaml file tags: - flows requestBody: content: multipart/form-data: schema: $ref: '#/components/schemas/FileUploadRequest' security: - authentik: [] responses: '204': content: application/json: schema: $ref: '#/components/schemas/FlowImportResult' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/FlowImportResult' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /managed/blueprints/: get: operationId: managed_blueprints_list description: Blueprint instances parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: path schema: type: string - name: search required: false in: query description: A search term. schema: type: string tags: - managed security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedBlueprintInstanceList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: managed_blueprints_create description: Blueprint instances tags: - managed requestBody: content: application/json: schema: $ref: '#/components/schemas/BlueprintInstanceRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/BlueprintInstance' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /managed/blueprints/{instance_uuid}/: get: operationId: managed_blueprints_retrieve description: Blueprint instances parameters: - in: path name: instance_uuid schema: type: string format: uuid description: A UUID string identifying this Blueprint Instance. required: true tags: - managed security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/BlueprintInstance' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: managed_blueprints_update description: Blueprint instances parameters: - in: path name: instance_uuid schema: type: string format: uuid description: A UUID string identifying this Blueprint Instance. required: true tags: - managed requestBody: content: application/json: schema: $ref: '#/components/schemas/BlueprintInstanceRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/BlueprintInstance' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: managed_blueprints_partial_update description: Blueprint instances parameters: - in: path name: instance_uuid schema: type: string format: uuid description: A UUID string identifying this Blueprint Instance. required: true tags: - managed requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedBlueprintInstanceRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/BlueprintInstance' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: managed_blueprints_destroy description: Blueprint instances parameters: - in: path name: instance_uuid schema: type: string format: uuid description: A UUID string identifying this Blueprint Instance. required: true tags: - managed security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /managed/blueprints/{instance_uuid}/apply/: post: operationId: managed_blueprints_apply_create description: Apply a blueprint parameters: - in: path name: instance_uuid schema: type: string format: uuid description: A UUID string identifying this Blueprint Instance. required: true tags: - managed security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/BlueprintInstance' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /managed/blueprints/{instance_uuid}/used_by/: get: operationId: managed_blueprints_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: instance_uuid schema: type: string format: uuid description: A UUID string identifying this Blueprint Instance. required: true tags: - managed security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /managed/blueprints/available/: get: operationId: managed_blueprints_available_list description: Get blueprints tags: - managed security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/BlueprintFile' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /oauth2/access_tokens/: get: operationId: oauth2_access_tokens_list description: AccessToken Viewset parameters: - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: provider schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: user schema: type: integer tags: - oauth2 security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedTokenModelList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /oauth2/access_tokens/{id}/: get: operationId: oauth2_access_tokens_retrieve description: AccessToken Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this OAuth2 Access Token. required: true tags: - oauth2 security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/TokenModel' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: oauth2_access_tokens_destroy description: AccessToken Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this OAuth2 Access Token. required: true tags: - oauth2 security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /oauth2/access_tokens/{id}/used_by/: get: operationId: oauth2_access_tokens_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this OAuth2 Access Token. required: true tags: - oauth2 security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /oauth2/authorization_codes/: get: operationId: oauth2_authorization_codes_list description: AuthorizationCode Viewset parameters: - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: provider schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: user schema: type: integer tags: - oauth2 security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedExpiringBaseGrantModelList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /oauth2/authorization_codes/{id}/: get: operationId: oauth2_authorization_codes_retrieve description: AuthorizationCode Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Authorization Code. required: true tags: - oauth2 security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/ExpiringBaseGrantModel' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: oauth2_authorization_codes_destroy description: AuthorizationCode Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Authorization Code. required: true tags: - oauth2 security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /oauth2/authorization_codes/{id}/used_by/: get: operationId: oauth2_authorization_codes_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Authorization Code. required: true tags: - oauth2 security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /oauth2/refresh_tokens/: get: operationId: oauth2_refresh_tokens_list description: RefreshToken Viewset parameters: - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: provider schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: user schema: type: integer tags: - oauth2 security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedTokenModelList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /oauth2/refresh_tokens/{id}/: get: operationId: oauth2_refresh_tokens_retrieve description: RefreshToken Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this OAuth2 Refresh Token. required: true tags: - oauth2 security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/TokenModel' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: oauth2_refresh_tokens_destroy description: RefreshToken Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this OAuth2 Refresh Token. required: true tags: - oauth2 security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /oauth2/refresh_tokens/{id}/used_by/: get: operationId: oauth2_refresh_tokens_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this OAuth2 Refresh Token. required: true tags: - oauth2 security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /outposts/instances/: get: operationId: outposts_instances_list description: Outpost Viewset parameters: - in: query name: managed__icontains schema: type: string - in: query name: managed__iexact schema: type: string - in: query name: name__icontains schema: type: string - in: query name: name__iexact schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: providers__isnull schema: type: boolean - in: query name: providers_by_pk schema: type: array items: type: integer explode: true style: form - name: search required: false in: query description: A search term. schema: type: string - in: query name: service_connection__name__icontains schema: type: string - in: query name: service_connection__name__iexact schema: type: string tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedOutpostList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: outposts_instances_create description: Outpost Viewset tags: - outposts requestBody: content: application/json: schema: $ref: '#/components/schemas/OutpostRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/Outpost' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /outposts/instances/{uuid}/: get: operationId: outposts_instances_retrieve description: Outpost Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Outpost. required: true tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Outpost' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: outposts_instances_update description: Outpost Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Outpost. required: true tags: - outposts requestBody: content: application/json: schema: $ref: '#/components/schemas/OutpostRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Outpost' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: outposts_instances_partial_update description: Outpost Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Outpost. required: true tags: - outposts requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedOutpostRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Outpost' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: outposts_instances_destroy description: Outpost Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Outpost. required: true tags: - outposts security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /outposts/instances/{uuid}/health/: get: operationId: outposts_instances_health_list description: Get outposts current health parameters: - in: query name: managed__icontains schema: type: string - in: query name: managed__iexact schema: type: string - in: query name: name__icontains schema: type: string - in: query name: name__iexact schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - in: query name: providers__isnull schema: type: boolean - in: query name: providers_by_pk schema: type: array items: type: integer explode: true style: form - name: search required: false in: query description: A search term. schema: type: string - in: query name: service_connection__name__icontains schema: type: string - in: query name: service_connection__name__iexact schema: type: string - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Outpost. required: true tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/OutpostHealth' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /outposts/instances/{uuid}/used_by/: get: operationId: outposts_instances_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Outpost. required: true tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /outposts/instances/default_settings/: get: operationId: outposts_instances_default_settings_retrieve description: Global default outpost config tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/OutpostDefaultConfig' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /outposts/ldap/: get: operationId: outposts_ldap_list description: LDAPProvider Viewset parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedLDAPOutpostConfigList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /outposts/ldap/{id}/: get: operationId: outposts_ldap_retrieve description: LDAPProvider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this LDAP Provider. required: true tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/LDAPOutpostConfig' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /outposts/proxy/: get: operationId: outposts_proxy_list description: ProxyProvider Viewset parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedProxyOutpostConfigList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /outposts/proxy/{id}/: get: operationId: outposts_proxy_retrieve description: ProxyProvider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Proxy Provider. required: true tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/ProxyOutpostConfig' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /outposts/radius/: get: operationId: outposts_radius_list description: RadiusProvider Viewset parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedRadiusOutpostConfigList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /outposts/radius/{id}/: get: operationId: outposts_radius_retrieve description: RadiusProvider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Radius Provider. required: true tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/RadiusOutpostConfig' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /outposts/service_connections/all/: get: operationId: outposts_service_connections_all_list description: ServiceConnection Viewset parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedServiceConnectionList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /outposts/service_connections/all/{uuid}/: get: operationId: outposts_service_connections_all_retrieve description: ServiceConnection Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Outpost Service-Connection. required: true tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/ServiceConnection' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: outposts_service_connections_all_destroy description: ServiceConnection Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Outpost Service-Connection. required: true tags: - outposts security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /outposts/service_connections/all/{uuid}/state/: get: operationId: outposts_service_connections_all_state_retrieve description: Get the service connection's state parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Outpost Service-Connection. required: true tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/ServiceConnectionState' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /outposts/service_connections/all/{uuid}/used_by/: get: operationId: outposts_service_connections_all_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Outpost Service-Connection. required: true tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /outposts/service_connections/all/types/: get: operationId: outposts_service_connections_all_types_list description: Get all creatable service connection types tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/TypeCreate' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /outposts/service_connections/docker/: get: operationId: outposts_service_connections_docker_list description: DockerServiceConnection Viewset parameters: - in: query name: local schema: type: boolean - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: tls_authentication schema: type: string format: uuid - in: query name: tls_verification schema: type: string format: uuid - in: query name: url schema: type: string tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedDockerServiceConnectionList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: outposts_service_connections_docker_create description: DockerServiceConnection Viewset tags: - outposts requestBody: content: application/json: schema: $ref: '#/components/schemas/DockerServiceConnectionRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/DockerServiceConnection' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /outposts/service_connections/docker/{uuid}/: get: operationId: outposts_service_connections_docker_retrieve description: DockerServiceConnection Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Docker Service-Connection. required: true tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/DockerServiceConnection' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: outposts_service_connections_docker_update description: DockerServiceConnection Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Docker Service-Connection. required: true tags: - outposts requestBody: content: application/json: schema: $ref: '#/components/schemas/DockerServiceConnectionRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/DockerServiceConnection' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: outposts_service_connections_docker_partial_update description: DockerServiceConnection Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Docker Service-Connection. required: true tags: - outposts requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedDockerServiceConnectionRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/DockerServiceConnection' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: outposts_service_connections_docker_destroy description: DockerServiceConnection Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Docker Service-Connection. required: true tags: - outposts security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /outposts/service_connections/docker/{uuid}/used_by/: get: operationId: outposts_service_connections_docker_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Docker Service-Connection. required: true tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /outposts/service_connections/kubernetes/: get: operationId: outposts_service_connections_kubernetes_list description: KubernetesServiceConnection Viewset parameters: - in: query name: local schema: type: boolean - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedKubernetesServiceConnectionList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: outposts_service_connections_kubernetes_create description: KubernetesServiceConnection Viewset tags: - outposts requestBody: content: application/json: schema: $ref: '#/components/schemas/KubernetesServiceConnectionRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/KubernetesServiceConnection' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /outposts/service_connections/kubernetes/{uuid}/: get: operationId: outposts_service_connections_kubernetes_retrieve description: KubernetesServiceConnection Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Kubernetes Service-Connection. required: true tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/KubernetesServiceConnection' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: outposts_service_connections_kubernetes_update description: KubernetesServiceConnection Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Kubernetes Service-Connection. required: true tags: - outposts requestBody: content: application/json: schema: $ref: '#/components/schemas/KubernetesServiceConnectionRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/KubernetesServiceConnection' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: outposts_service_connections_kubernetes_partial_update description: KubernetesServiceConnection Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Kubernetes Service-Connection. required: true tags: - outposts requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedKubernetesServiceConnectionRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/KubernetesServiceConnection' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: outposts_service_connections_kubernetes_destroy description: KubernetesServiceConnection Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Kubernetes Service-Connection. required: true tags: - outposts security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /outposts/service_connections/kubernetes/{uuid}/used_by/: get: operationId: outposts_service_connections_kubernetes_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Kubernetes Service-Connection. required: true tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /policies/all/: get: operationId: policies_all_list description: Policy Viewset parameters: - in: query name: bindings__isnull schema: type: boolean - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: promptstage__isnull schema: type: boolean - name: search required: false in: query description: A search term. schema: type: string tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedPolicyList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /policies/all/{policy_uuid}/: get: operationId: policies_all_retrieve description: Policy Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Policy. required: true tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Policy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: policies_all_destroy description: Policy Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Policy. required: true tags: - policies security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /policies/all/{policy_uuid}/test/: post: operationId: policies_all_test_create description: Test policy parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Policy. required: true tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/PolicyTestRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PolicyTestResult' description: '' '400': description: Invalid parameters '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /policies/all/{policy_uuid}/used_by/: get: operationId: policies_all_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Policy. required: true tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /policies/all/cache_clear/: post: operationId: policies_all_cache_clear_create description: Clear policy cache tags: - policies security: - authentik: [] responses: '204': description: Successfully cleared cache '400': description: Bad request '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /policies/all/cache_info/: get: operationId: policies_all_cache_info_retrieve description: Info about cached policies tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Cache' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /policies/all/types/: get: operationId: policies_all_types_list description: Get all creatable policy types tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/TypeCreate' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /policies/bindings/: get: operationId: policies_bindings_list description: PolicyBinding Viewset parameters: - in: query name: enabled schema: type: boolean - in: query name: order schema: type: integer - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: policy schema: type: string format: uuid - in: query name: policy__isnull schema: type: boolean - name: search required: false in: query description: A search term. schema: type: string - in: query name: target schema: type: string format: uuid - in: query name: target_in schema: type: array items: type: string format: uuid explode: true style: form - in: query name: timeout schema: type: integer tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedPolicyBindingList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: policies_bindings_create description: PolicyBinding Viewset tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/PolicyBindingRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/PolicyBinding' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /policies/bindings/{policy_binding_uuid}/: get: operationId: policies_bindings_retrieve description: PolicyBinding Viewset parameters: - in: path name: policy_binding_uuid schema: type: string format: uuid description: A UUID string identifying this Policy Binding. required: true tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PolicyBinding' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: policies_bindings_update description: PolicyBinding Viewset parameters: - in: path name: policy_binding_uuid schema: type: string format: uuid description: A UUID string identifying this Policy Binding. required: true tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/PolicyBindingRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PolicyBinding' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: policies_bindings_partial_update description: PolicyBinding Viewset parameters: - in: path name: policy_binding_uuid schema: type: string format: uuid description: A UUID string identifying this Policy Binding. required: true tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedPolicyBindingRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PolicyBinding' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: policies_bindings_destroy description: PolicyBinding Viewset parameters: - in: path name: policy_binding_uuid schema: type: string format: uuid description: A UUID string identifying this Policy Binding. required: true tags: - policies security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /policies/bindings/{policy_binding_uuid}/used_by/: get: operationId: policies_bindings_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: policy_binding_uuid schema: type: string format: uuid description: A UUID string identifying this Policy Binding. required: true tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /policies/dummy/: get: operationId: policies_dummy_list description: Dummy Viewset parameters: - in: query name: created schema: type: string format: date-time - in: query name: execution_logging schema: type: boolean - in: query name: last_updated schema: type: string format: date-time - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: policy_uuid schema: type: string format: uuid - in: query name: result schema: type: boolean - name: search required: false in: query description: A search term. schema: type: string - in: query name: wait_max schema: type: integer - in: query name: wait_min schema: type: integer tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedDummyPolicyList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: policies_dummy_create description: Dummy Viewset tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/DummyPolicyRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/DummyPolicy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /policies/dummy/{policy_uuid}/: get: operationId: policies_dummy_retrieve description: Dummy Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Dummy Policy. required: true tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/DummyPolicy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: policies_dummy_update description: Dummy Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Dummy Policy. required: true tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/DummyPolicyRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/DummyPolicy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: policies_dummy_partial_update description: Dummy Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Dummy Policy. required: true tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedDummyPolicyRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/DummyPolicy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: policies_dummy_destroy description: Dummy Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Dummy Policy. required: true tags: - policies security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /policies/dummy/{policy_uuid}/used_by/: get: operationId: policies_dummy_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Dummy Policy. required: true tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /policies/event_matcher/: get: operationId: policies_event_matcher_list description: Event Matcher Policy Viewset parameters: - in: query name: action schema: type: string nullable: true enum: - authorize_application - configuration_error - custom_ - email_sent - flow_execution - impersonation_ended - impersonation_started - invitation_used - login - login_failed - logout - model_created - model_deleted - model_updated - password_set - policy_exception - policy_execution - property_mapping_exception - secret_rotate - secret_view - source_linked - suspicious_request - system_exception - system_task_exception - system_task_execution - update_available - user_write description: |- Match created events with this action type. When left empty, all action types will be matched. * `login` - Login * `login_failed` - Login Failed * `logout` - Logout * `user_write` - User Write * `suspicious_request` - Suspicious Request * `password_set` - Password Set * `secret_view` - Secret View * `secret_rotate` - Secret Rotate * `invitation_used` - Invite Used * `authorize_application` - Authorize Application * `source_linked` - Source Linked * `impersonation_started` - Impersonation Started * `impersonation_ended` - Impersonation Ended * `flow_execution` - Flow Execution * `policy_execution` - Policy Execution * `policy_exception` - Policy Exception * `property_mapping_exception` - Property Mapping Exception * `system_task_execution` - System Task Execution * `system_task_exception` - System Task Exception * `system_exception` - System Exception * `configuration_error` - Configuration Error * `model_created` - Model Created * `model_updated` - Model Updated * `model_deleted` - Model Deleted * `email_sent` - Email Sent * `update_available` - Update Available * `custom_` - Custom Prefix - in: query name: app schema: type: string - in: query name: client_ip schema: type: string - in: query name: created schema: type: string format: date-time - in: query name: execution_logging schema: type: boolean - in: query name: last_updated schema: type: string format: date-time - in: query name: model schema: type: string - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: policy_uuid schema: type: string format: uuid - name: search required: false in: query description: A search term. schema: type: string tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedEventMatcherPolicyList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: policies_event_matcher_create description: Event Matcher Policy Viewset tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/EventMatcherPolicyRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/EventMatcherPolicy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /policies/event_matcher/{policy_uuid}/: get: operationId: policies_event_matcher_retrieve description: Event Matcher Policy Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Event Matcher Policy. required: true tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/EventMatcherPolicy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: policies_event_matcher_update description: Event Matcher Policy Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Event Matcher Policy. required: true tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/EventMatcherPolicyRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/EventMatcherPolicy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: policies_event_matcher_partial_update description: Event Matcher Policy Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Event Matcher Policy. required: true tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedEventMatcherPolicyRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/EventMatcherPolicy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: policies_event_matcher_destroy description: Event Matcher Policy Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Event Matcher Policy. required: true tags: - policies security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /policies/event_matcher/{policy_uuid}/used_by/: get: operationId: policies_event_matcher_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Event Matcher Policy. required: true tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /policies/expression/: get: operationId: policies_expression_list description: Source Viewset parameters: - in: query name: created schema: type: string format: date-time - in: query name: execution_logging schema: type: boolean - in: query name: expression schema: type: string - in: query name: last_updated schema: type: string format: date-time - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: policy_uuid schema: type: string format: uuid - name: search required: false in: query description: A search term. schema: type: string tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedExpressionPolicyList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: policies_expression_create description: Source Viewset tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/ExpressionPolicyRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/ExpressionPolicy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /policies/expression/{policy_uuid}/: get: operationId: policies_expression_retrieve description: Source Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Expression Policy. required: true tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/ExpressionPolicy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: policies_expression_update description: Source Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Expression Policy. required: true tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/ExpressionPolicyRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/ExpressionPolicy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: policies_expression_partial_update description: Source Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Expression Policy. required: true tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedExpressionPolicyRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/ExpressionPolicy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: policies_expression_destroy description: Source Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Expression Policy. required: true tags: - policies security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /policies/expression/{policy_uuid}/used_by/: get: operationId: policies_expression_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Expression Policy. required: true tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /policies/password/: get: operationId: policies_password_list description: Password Policy Viewset parameters: - in: query name: amount_digits schema: type: integer - in: query name: amount_lowercase schema: type: integer - in: query name: amount_symbols schema: type: integer - in: query name: amount_uppercase schema: type: integer - in: query name: check_have_i_been_pwned schema: type: boolean - in: query name: check_static_rules schema: type: boolean - in: query name: check_zxcvbn schema: type: boolean - in: query name: created schema: type: string format: date-time - in: query name: error_message schema: type: string - in: query name: execution_logging schema: type: boolean - in: query name: hibp_allowed_count schema: type: integer - in: query name: last_updated schema: type: string format: date-time - in: query name: length_min schema: type: integer - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: password_field schema: type: string - in: query name: policy_uuid schema: type: string format: uuid - name: search required: false in: query description: A search term. schema: type: string - in: query name: symbol_charset schema: type: string - in: query name: zxcvbn_score_threshold schema: type: integer tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedPasswordPolicyList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: policies_password_create description: Password Policy Viewset tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/PasswordPolicyRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/PasswordPolicy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /policies/password/{policy_uuid}/: get: operationId: policies_password_retrieve description: Password Policy Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Password Policy. required: true tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PasswordPolicy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: policies_password_update description: Password Policy Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Password Policy. required: true tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/PasswordPolicyRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PasswordPolicy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: policies_password_partial_update description: Password Policy Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Password Policy. required: true tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedPasswordPolicyRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PasswordPolicy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: policies_password_destroy description: Password Policy Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Password Policy. required: true tags: - policies security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /policies/password/{policy_uuid}/used_by/: get: operationId: policies_password_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Password Policy. required: true tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /policies/password_expiry/: get: operationId: policies_password_expiry_list description: Password Expiry Viewset parameters: - in: query name: created schema: type: string format: date-time - in: query name: days schema: type: integer - in: query name: deny_only schema: type: boolean - in: query name: execution_logging schema: type: boolean - in: query name: last_updated schema: type: string format: date-time - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: policy_uuid schema: type: string format: uuid - name: search required: false in: query description: A search term. schema: type: string tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedPasswordExpiryPolicyList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: policies_password_expiry_create description: Password Expiry Viewset tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/PasswordExpiryPolicyRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/PasswordExpiryPolicy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /policies/password_expiry/{policy_uuid}/: get: operationId: policies_password_expiry_retrieve description: Password Expiry Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Password Expiry Policy. required: true tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PasswordExpiryPolicy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: policies_password_expiry_update description: Password Expiry Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Password Expiry Policy. required: true tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/PasswordExpiryPolicyRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PasswordExpiryPolicy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: policies_password_expiry_partial_update description: Password Expiry Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Password Expiry Policy. required: true tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedPasswordExpiryPolicyRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PasswordExpiryPolicy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: policies_password_expiry_destroy description: Password Expiry Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Password Expiry Policy. required: true tags: - policies security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /policies/password_expiry/{policy_uuid}/used_by/: get: operationId: policies_password_expiry_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Password Expiry Policy. required: true tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /policies/reputation/: get: operationId: policies_reputation_list description: Reputation Policy Viewset parameters: - in: query name: check_ip schema: type: boolean - in: query name: check_username schema: type: boolean - in: query name: created schema: type: string format: date-time - in: query name: execution_logging schema: type: boolean - in: query name: last_updated schema: type: string format: date-time - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: policy_uuid schema: type: string format: uuid - name: search required: false in: query description: A search term. schema: type: string - in: query name: threshold schema: type: integer tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedReputationPolicyList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: policies_reputation_create description: Reputation Policy Viewset tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/ReputationPolicyRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/ReputationPolicy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /policies/reputation/{policy_uuid}/: get: operationId: policies_reputation_retrieve description: Reputation Policy Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Reputation Policy. required: true tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/ReputationPolicy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: policies_reputation_update description: Reputation Policy Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Reputation Policy. required: true tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/ReputationPolicyRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/ReputationPolicy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: policies_reputation_partial_update description: Reputation Policy Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Reputation Policy. required: true tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedReputationPolicyRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/ReputationPolicy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: policies_reputation_destroy description: Reputation Policy Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Reputation Policy. required: true tags: - policies security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /policies/reputation/{policy_uuid}/used_by/: get: operationId: policies_reputation_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Reputation Policy. required: true tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /policies/reputation/scores/: get: operationId: policies_reputation_scores_list description: Reputation Viewset parameters: - in: query name: identifier schema: type: string - in: query name: ip schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: score schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedReputationList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /policies/reputation/scores/{reputation_uuid}/: get: operationId: policies_reputation_scores_retrieve description: Reputation Viewset parameters: - in: path name: reputation_uuid schema: type: string format: uuid description: A UUID string identifying this Reputation Score. required: true tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Reputation' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: policies_reputation_scores_destroy description: Reputation Viewset parameters: - in: path name: reputation_uuid schema: type: string format: uuid description: A UUID string identifying this Reputation Score. required: true tags: - policies security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /policies/reputation/scores/{reputation_uuid}/used_by/: get: operationId: policies_reputation_scores_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: reputation_uuid schema: type: string format: uuid description: A UUID string identifying this Reputation Score. required: true tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /propertymappings/all/: get: operationId: propertymappings_all_list description: PropertyMapping Viewset parameters: - in: query name: managed__isnull schema: type: boolean - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - propertymappings security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedPropertyMappingList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /propertymappings/all/{pm_uuid}/: get: operationId: propertymappings_all_retrieve description: PropertyMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this Property Mapping. required: true tags: - propertymappings security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PropertyMapping' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: propertymappings_all_destroy description: PropertyMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this Property Mapping. required: true tags: - propertymappings security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /propertymappings/all/{pm_uuid}/test/: post: operationId: propertymappings_all_test_create description: Test Property Mapping parameters: - in: query name: format_result schema: type: boolean - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this Property Mapping. required: true tags: - propertymappings requestBody: content: application/json: schema: $ref: '#/components/schemas/PolicyTestRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PropertyMappingTestResult' description: '' '400': description: Invalid parameters '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /propertymappings/all/{pm_uuid}/used_by/: get: operationId: propertymappings_all_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this Property Mapping. required: true tags: - propertymappings security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /propertymappings/all/types/: get: operationId: propertymappings_all_types_list description: Get all creatable property-mapping types tags: - propertymappings security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/TypeCreate' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /propertymappings/ldap/: get: operationId: propertymappings_ldap_list description: LDAP PropertyMapping Viewset parameters: - in: query name: expression schema: type: string - in: query name: managed schema: type: array items: type: string explode: true style: form - in: query name: name schema: type: string - in: query name: object_field schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: pm_uuid schema: type: string format: uuid - name: search required: false in: query description: A search term. schema: type: string tags: - propertymappings security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedLDAPPropertyMappingList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: propertymappings_ldap_create description: LDAP PropertyMapping Viewset tags: - propertymappings requestBody: content: application/json: schema: $ref: '#/components/schemas/LDAPPropertyMappingRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/LDAPPropertyMapping' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /propertymappings/ldap/{pm_uuid}/: get: operationId: propertymappings_ldap_retrieve description: LDAP PropertyMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this LDAP Property Mapping. required: true tags: - propertymappings security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/LDAPPropertyMapping' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: propertymappings_ldap_update description: LDAP PropertyMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this LDAP Property Mapping. required: true tags: - propertymappings requestBody: content: application/json: schema: $ref: '#/components/schemas/LDAPPropertyMappingRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/LDAPPropertyMapping' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: propertymappings_ldap_partial_update description: LDAP PropertyMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this LDAP Property Mapping. required: true tags: - propertymappings requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedLDAPPropertyMappingRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/LDAPPropertyMapping' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: propertymappings_ldap_destroy description: LDAP PropertyMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this LDAP Property Mapping. required: true tags: - propertymappings security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /propertymappings/ldap/{pm_uuid}/used_by/: get: operationId: propertymappings_ldap_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this LDAP Property Mapping. required: true tags: - propertymappings security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /propertymappings/notification/: get: operationId: propertymappings_notification_list description: NotificationWebhookMapping Viewset parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - propertymappings security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedNotificationWebhookMappingList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: propertymappings_notification_create description: NotificationWebhookMapping Viewset tags: - propertymappings requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationWebhookMappingRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/NotificationWebhookMapping' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /propertymappings/notification/{pm_uuid}/: get: operationId: propertymappings_notification_retrieve description: NotificationWebhookMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this Webhook Mapping. required: true tags: - propertymappings security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/NotificationWebhookMapping' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: propertymappings_notification_update description: NotificationWebhookMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this Webhook Mapping. required: true tags: - propertymappings requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationWebhookMappingRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/NotificationWebhookMapping' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: propertymappings_notification_partial_update description: NotificationWebhookMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this Webhook Mapping. required: true tags: - propertymappings requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedNotificationWebhookMappingRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/NotificationWebhookMapping' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: propertymappings_notification_destroy description: NotificationWebhookMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this Webhook Mapping. required: true tags: - propertymappings security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /propertymappings/notification/{pm_uuid}/used_by/: get: operationId: propertymappings_notification_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this Webhook Mapping. required: true tags: - propertymappings security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /propertymappings/saml/: get: operationId: propertymappings_saml_list description: SAMLPropertyMapping Viewset parameters: - in: query name: expression schema: type: string - in: query name: friendly_name schema: type: string - in: query name: managed schema: type: array items: type: string explode: true style: form - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: pm_uuid schema: type: string format: uuid - in: query name: saml_name schema: type: string - name: search required: false in: query description: A search term. schema: type: string tags: - propertymappings security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedSAMLPropertyMappingList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: propertymappings_saml_create description: SAMLPropertyMapping Viewset tags: - propertymappings requestBody: content: application/json: schema: $ref: '#/components/schemas/SAMLPropertyMappingRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/SAMLPropertyMapping' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /propertymappings/saml/{pm_uuid}/: get: operationId: propertymappings_saml_retrieve description: SAMLPropertyMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this SAML Property Mapping. required: true tags: - propertymappings security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SAMLPropertyMapping' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: propertymappings_saml_update description: SAMLPropertyMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this SAML Property Mapping. required: true tags: - propertymappings requestBody: content: application/json: schema: $ref: '#/components/schemas/SAMLPropertyMappingRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SAMLPropertyMapping' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: propertymappings_saml_partial_update description: SAMLPropertyMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this SAML Property Mapping. required: true tags: - propertymappings requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedSAMLPropertyMappingRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SAMLPropertyMapping' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: propertymappings_saml_destroy description: SAMLPropertyMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this SAML Property Mapping. required: true tags: - propertymappings security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /propertymappings/saml/{pm_uuid}/used_by/: get: operationId: propertymappings_saml_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this SAML Property Mapping. required: true tags: - propertymappings security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /propertymappings/scim/: get: operationId: propertymappings_scim_list description: SCIMMapping Viewset parameters: - in: query name: expression schema: type: string - in: query name: managed schema: type: array items: type: string explode: true style: form - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: pm_uuid schema: type: string format: uuid - name: search required: false in: query description: A search term. schema: type: string tags: - propertymappings security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedSCIMMappingList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: propertymappings_scim_create description: SCIMMapping Viewset tags: - propertymappings requestBody: content: application/json: schema: $ref: '#/components/schemas/SCIMMappingRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/SCIMMapping' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /propertymappings/scim/{pm_uuid}/: get: operationId: propertymappings_scim_retrieve description: SCIMMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this SCIM Mapping. required: true tags: - propertymappings security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SCIMMapping' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: propertymappings_scim_update description: SCIMMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this SCIM Mapping. required: true tags: - propertymappings requestBody: content: application/json: schema: $ref: '#/components/schemas/SCIMMappingRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SCIMMapping' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: propertymappings_scim_partial_update description: SCIMMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this SCIM Mapping. required: true tags: - propertymappings requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedSCIMMappingRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SCIMMapping' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: propertymappings_scim_destroy description: SCIMMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this SCIM Mapping. required: true tags: - propertymappings security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /propertymappings/scim/{pm_uuid}/used_by/: get: operationId: propertymappings_scim_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this SCIM Mapping. required: true tags: - propertymappings security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /propertymappings/scope/: get: operationId: propertymappings_scope_list description: ScopeMapping Viewset parameters: - in: query name: managed schema: type: array items: type: string explode: true style: form - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: scope_name schema: type: string - name: search required: false in: query description: A search term. schema: type: string tags: - propertymappings security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedScopeMappingList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: propertymappings_scope_create description: ScopeMapping Viewset tags: - propertymappings requestBody: content: application/json: schema: $ref: '#/components/schemas/ScopeMappingRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/ScopeMapping' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /propertymappings/scope/{pm_uuid}/: get: operationId: propertymappings_scope_retrieve description: ScopeMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this Scope Mapping. required: true tags: - propertymappings security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/ScopeMapping' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: propertymappings_scope_update description: ScopeMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this Scope Mapping. required: true tags: - propertymappings requestBody: content: application/json: schema: $ref: '#/components/schemas/ScopeMappingRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/ScopeMapping' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: propertymappings_scope_partial_update description: ScopeMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this Scope Mapping. required: true tags: - propertymappings requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedScopeMappingRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/ScopeMapping' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: propertymappings_scope_destroy description: ScopeMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this Scope Mapping. required: true tags: - propertymappings security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /propertymappings/scope/{pm_uuid}/used_by/: get: operationId: propertymappings_scope_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this Scope Mapping. required: true tags: - propertymappings security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /providers/all/: get: operationId: providers_all_list description: Provider Viewset parameters: - in: query name: application__isnull schema: type: boolean - in: query name: backchannel_only schema: type: boolean - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedProviderList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /providers/all/{id}/: get: operationId: providers_all_retrieve description: Provider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this provider. required: true tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Provider' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: providers_all_destroy description: Provider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this provider. required: true tags: - providers security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /providers/all/{id}/used_by/: get: operationId: providers_all_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this provider. required: true tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /providers/all/types/: get: operationId: providers_all_types_list description: Get all creatable provider types tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/TypeCreate' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /providers/ldap/: get: operationId: providers_ldap_list description: LDAPProvider Viewset parameters: - in: query name: application__isnull schema: type: boolean - in: query name: authorization_flow__slug__iexact schema: type: string - in: query name: base_dn__iexact schema: type: string - in: query name: certificate__kp_uuid__iexact schema: type: string format: uuid - in: query name: certificate__name__iexact schema: type: string - in: query name: gid_start_number__iexact schema: type: integer - in: query name: name__iexact schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: search_group__group_uuid__iexact schema: type: string format: uuid - in: query name: search_group__name__iexact schema: type: string - in: query name: tls_server_name__iexact schema: type: string - in: query name: uid_start_number__iexact schema: type: integer tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedLDAPProviderList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: providers_ldap_create description: LDAPProvider Viewset tags: - providers requestBody: content: application/json: schema: $ref: '#/components/schemas/LDAPProviderRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/LDAPProvider' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /providers/ldap/{id}/: get: operationId: providers_ldap_retrieve description: LDAPProvider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this LDAP Provider. required: true tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/LDAPProvider' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: providers_ldap_update description: LDAPProvider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this LDAP Provider. required: true tags: - providers requestBody: content: application/json: schema: $ref: '#/components/schemas/LDAPProviderRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/LDAPProvider' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: providers_ldap_partial_update description: LDAPProvider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this LDAP Provider. required: true tags: - providers requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedLDAPProviderRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/LDAPProvider' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: providers_ldap_destroy description: LDAPProvider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this LDAP Provider. required: true tags: - providers security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /providers/ldap/{id}/used_by/: get: operationId: providers_ldap_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this LDAP Provider. required: true tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /providers/oauth2/: get: operationId: providers_oauth2_list description: OAuth2Provider Viewset parameters: - in: query name: access_code_validity schema: type: string - in: query name: access_token_validity schema: type: string - in: query name: application schema: type: string format: uuid - in: query name: authorization_flow schema: type: string format: uuid - in: query name: client_id schema: type: string - in: query name: client_type schema: type: string enum: - confidential - public description: |- Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable * `confidential` - Confidential * `public` - Public - in: query name: include_claims_in_id_token schema: type: boolean - in: query name: issuer_mode schema: type: string enum: - global - per_provider description: |- Configure how the issuer field of the ID Token should be filled. * `global` - Same identifier is used for all providers * `per_provider` - Each provider has a different issuer, based on the application slug. - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: property_mappings schema: type: array items: type: string format: uuid explode: true style: form - in: query name: redirect_uris schema: type: string - in: query name: refresh_token_validity schema: type: string - name: search required: false in: query description: A search term. schema: type: string - in: query name: signing_key schema: type: string format: uuid - in: query name: sub_mode schema: type: string enum: - hashed_user_id - user_email - user_id - user_upn - user_username - user_uuid description: |- Configure what data should be used as unique User Identifier. For most cases, the default should be fine. * `hashed_user_id` - Based on the Hashed User ID * `user_id` - Based on user ID * `user_uuid` - Based on user UUID * `user_username` - Based on the username * `user_email` - Based on the User's Email. This is recommended over the UPN method. * `user_upn` - Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains. tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedOAuth2ProviderList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: providers_oauth2_create description: OAuth2Provider Viewset tags: - providers requestBody: content: application/json: schema: $ref: '#/components/schemas/OAuth2ProviderRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/OAuth2Provider' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /providers/oauth2/{id}/: get: operationId: providers_oauth2_retrieve description: OAuth2Provider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this OAuth2/OpenID Provider. required: true tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/OAuth2Provider' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: providers_oauth2_update description: OAuth2Provider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this OAuth2/OpenID Provider. required: true tags: - providers requestBody: content: application/json: schema: $ref: '#/components/schemas/OAuth2ProviderRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/OAuth2Provider' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: providers_oauth2_partial_update description: OAuth2Provider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this OAuth2/OpenID Provider. required: true tags: - providers requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedOAuth2ProviderRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/OAuth2Provider' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: providers_oauth2_destroy description: OAuth2Provider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this OAuth2/OpenID Provider. required: true tags: - providers security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /providers/oauth2/{id}/preview_user/: get: operationId: providers_oauth2_preview_user_retrieve description: Preview user data for provider parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this OAuth2/OpenID Provider. required: true tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PropertyMappingPreview' description: '' '400': description: Bad request '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /providers/oauth2/{id}/setup_urls/: get: operationId: providers_oauth2_setup_urls_retrieve description: Get Providers setup URLs parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this OAuth2/OpenID Provider. required: true tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/OAuth2ProviderSetupURLs' description: '' '404': description: Provider has no application assigned '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /providers/oauth2/{id}/used_by/: get: operationId: providers_oauth2_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this OAuth2/OpenID Provider. required: true tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /providers/proxy/: get: operationId: providers_proxy_list description: ProxyProvider Viewset parameters: - in: query name: application__isnull schema: type: boolean - in: query name: authorization_flow__slug__iexact schema: type: string - in: query name: basic_auth_enabled__iexact schema: type: boolean - in: query name: basic_auth_password_attribute__iexact schema: type: string - in: query name: basic_auth_user_attribute__iexact schema: type: string - in: query name: certificate__kp_uuid__iexact schema: type: string format: uuid - in: query name: certificate__name__iexact schema: type: string - in: query name: cookie_domain__iexact schema: type: string - in: query name: external_host__iexact schema: type: string - in: query name: internal_host__iexact schema: type: string - in: query name: internal_host_ssl_validation__iexact schema: type: boolean - in: query name: mode__iexact schema: type: string - in: query name: name__iexact schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: property_mappings__iexact schema: type: array items: type: string format: uuid explode: true style: form - in: query name: redirect_uris__iexact schema: type: string - name: search required: false in: query description: A search term. schema: type: string - in: query name: skip_path_regex__iexact schema: type: string tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedProxyProviderList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: providers_proxy_create description: ProxyProvider Viewset tags: - providers requestBody: content: application/json: schema: $ref: '#/components/schemas/ProxyProviderRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/ProxyProvider' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /providers/proxy/{id}/: get: operationId: providers_proxy_retrieve description: ProxyProvider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Proxy Provider. required: true tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/ProxyProvider' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: providers_proxy_update description: ProxyProvider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Proxy Provider. required: true tags: - providers requestBody: content: application/json: schema: $ref: '#/components/schemas/ProxyProviderRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/ProxyProvider' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: providers_proxy_partial_update description: ProxyProvider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Proxy Provider. required: true tags: - providers requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedProxyProviderRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/ProxyProvider' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: providers_proxy_destroy description: ProxyProvider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Proxy Provider. required: true tags: - providers security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /providers/proxy/{id}/used_by/: get: operationId: providers_proxy_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Proxy Provider. required: true tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /providers/radius/: get: operationId: providers_radius_list description: RadiusProvider Viewset parameters: - in: query name: application__isnull schema: type: boolean - in: query name: authorization_flow__slug__iexact schema: type: string - in: query name: client_networks__iexact schema: type: string - in: query name: name__iexact schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedRadiusProviderList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: providers_radius_create description: RadiusProvider Viewset tags: - providers requestBody: content: application/json: schema: $ref: '#/components/schemas/RadiusProviderRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/RadiusProvider' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /providers/radius/{id}/: get: operationId: providers_radius_retrieve description: RadiusProvider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Radius Provider. required: true tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/RadiusProvider' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: providers_radius_update description: RadiusProvider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Radius Provider. required: true tags: - providers requestBody: content: application/json: schema: $ref: '#/components/schemas/RadiusProviderRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/RadiusProvider' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: providers_radius_partial_update description: RadiusProvider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Radius Provider. required: true tags: - providers requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedRadiusProviderRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/RadiusProvider' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: providers_radius_destroy description: RadiusProvider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Radius Provider. required: true tags: - providers security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /providers/radius/{id}/used_by/: get: operationId: providers_radius_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Radius Provider. required: true tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /providers/saml/: get: operationId: providers_saml_list description: SAMLProvider Viewset parameters: - in: query name: acs_url schema: type: string - in: query name: assertion_valid_not_before schema: type: string - in: query name: assertion_valid_not_on_or_after schema: type: string - in: query name: audience schema: type: string - in: query name: authentication_flow schema: type: string format: uuid - in: query name: authorization_flow schema: type: string format: uuid - in: query name: backchannel_application schema: type: string format: uuid - in: query name: default_relay_state schema: type: string - in: query name: digest_algorithm schema: type: string enum: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmlenc#sha512 description: |- * `http://www.w3.org/2000/09/xmldsig#sha1` - SHA1 * `http://www.w3.org/2001/04/xmlenc#sha256` - SHA256 * `http://www.w3.org/2001/04/xmldsig-more#sha384` - SHA384 * `http://www.w3.org/2001/04/xmlenc#sha512` - SHA512 - in: query name: is_backchannel schema: type: boolean - in: query name: issuer schema: type: string - in: query name: name schema: type: string - in: query name: name_id_mapping schema: type: string format: uuid - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: property_mappings schema: type: array items: type: string format: uuid explode: true style: form - name: search required: false in: query description: A search term. schema: type: string - in: query name: session_valid_not_on_or_after schema: type: string - in: query name: signature_algorithm schema: type: string enum: - http://www.w3.org/2000/09/xmldsig#dsa-sha1 - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 description: |- * `http://www.w3.org/2000/09/xmldsig#rsa-sha1` - RSA-SHA1 * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256` - RSA-SHA256 * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384` - RSA-SHA384 * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512` - RSA-SHA512 * `http://www.w3.org/2000/09/xmldsig#dsa-sha1` - DSA-SHA1 - in: query name: signing_kp schema: type: string format: uuid - in: query name: sp_binding schema: type: string title: Service Provider Binding enum: - post - redirect description: |- This determines how authentik sends the response back to the Service Provider. * `redirect` - Redirect * `post` - Post - in: query name: verification_kp schema: type: string format: uuid tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedSAMLProviderList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: providers_saml_create description: SAMLProvider Viewset tags: - providers requestBody: content: application/json: schema: $ref: '#/components/schemas/SAMLProviderRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/SAMLProvider' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /providers/saml/{id}/: get: operationId: providers_saml_retrieve description: SAMLProvider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this SAML Provider. required: true tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SAMLProvider' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: providers_saml_update description: SAMLProvider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this SAML Provider. required: true tags: - providers requestBody: content: application/json: schema: $ref: '#/components/schemas/SAMLProviderRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SAMLProvider' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: providers_saml_partial_update description: SAMLProvider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this SAML Provider. required: true tags: - providers requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedSAMLProviderRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SAMLProvider' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: providers_saml_destroy description: SAMLProvider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this SAML Provider. required: true tags: - providers security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /providers/saml/{id}/metadata/: get: operationId: providers_saml_metadata_retrieve description: Return metadata as XML string parameters: - in: query name: download schema: type: boolean - in: query name: force_binding schema: type: string enum: - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect description: Optionally force the metadata to only include one binding. - in: path name: id schema: type: integer description: A unique integer value identifying this SAML Provider. required: true tags: - providers security: - authentik: [] - {} responses: '200': content: application/json: schema: $ref: '#/components/schemas/SAMLMetadata' description: '' '404': description: Provider has no application assigned '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /providers/saml/{id}/preview_user/: get: operationId: providers_saml_preview_user_retrieve description: Preview user data for provider parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this SAML Provider. required: true tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PropertyMappingPreview' description: '' '400': description: Bad request '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /providers/saml/{id}/used_by/: get: operationId: providers_saml_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this SAML Provider. required: true tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /providers/saml/import_metadata/: post: operationId: providers_saml_import_metadata_create description: Create provider from SAML Metadata tags: - providers requestBody: content: multipart/form-data: schema: $ref: '#/components/schemas/SAMLProviderImportRequest' required: true security: - authentik: [] responses: '204': description: Successfully imported provider '400': description: Bad request '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /providers/scim/: get: operationId: providers_scim_list description: SCIMProvider Viewset parameters: - in: query name: exclude_users_service_account schema: type: boolean - in: query name: filter_group schema: type: string format: uuid - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: url schema: type: string tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedSCIMProviderList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: providers_scim_create description: SCIMProvider Viewset tags: - providers requestBody: content: application/json: schema: $ref: '#/components/schemas/SCIMProviderRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/SCIMProvider' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /providers/scim/{id}/: get: operationId: providers_scim_retrieve description: SCIMProvider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this SCIM Provider. required: true tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SCIMProvider' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: providers_scim_update description: SCIMProvider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this SCIM Provider. required: true tags: - providers requestBody: content: application/json: schema: $ref: '#/components/schemas/SCIMProviderRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SCIMProvider' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: providers_scim_partial_update description: SCIMProvider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this SCIM Provider. required: true tags: - providers requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedSCIMProviderRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SCIMProvider' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: providers_scim_destroy description: SCIMProvider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this SCIM Provider. required: true tags: - providers security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /providers/scim/{id}/sync_status/: get: operationId: providers_scim_sync_status_retrieve description: Get provider's sync status parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this SCIM Provider. required: true tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Task' description: '' '404': description: Task not found '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /providers/scim/{id}/used_by/: get: operationId: providers_scim_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this SCIM Provider. required: true tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /rbac/permissions/: get: operationId: rbac_permissions_list description: Read-only list of all permissions, filterable by model and app parameters: - in: query name: codename schema: type: string - in: query name: content_type__app_label schema: type: string - in: query name: content_type__model schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: role schema: type: string - name: search required: false in: query description: A search term. schema: type: string - in: query name: user schema: type: integer tags: - rbac security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedPermissionList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /rbac/permissions/{id}/: get: operationId: rbac_permissions_retrieve description: Read-only list of all permissions, filterable by model and app parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this permission. required: true tags: - rbac security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Permission' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /rbac/permissions/assigned_by_roles/: get: operationId: rbac_permissions_assigned_by_roles_list description: Get assigned object permissions for a single object parameters: - in: query name: model schema: type: string enum: - authentik_blueprints.blueprintinstance - authentik_brands.brand - authentik_core.application - authentik_core.group - authentik_core.token - authentik_core.user - authentik_crypto.certificatekeypair - authentik_enterprise.license - authentik_events.event - authentik_events.notification - authentik_events.notificationrule - authentik_events.notificationtransport - authentik_events.notificationwebhookmapping - authentik_flows.flow - authentik_flows.flowstagebinding - authentik_outposts.dockerserviceconnection - authentik_outposts.kubernetesserviceconnection - authentik_outposts.outpost - authentik_policies.policybinding - authentik_policies_dummy.dummypolicy - authentik_policies_event_matcher.eventmatcherpolicy - authentik_policies_expiry.passwordexpirypolicy - authentik_policies_expression.expressionpolicy - authentik_policies_password.passwordpolicy - authentik_policies_reputation.reputation - authentik_policies_reputation.reputationpolicy - authentik_providers_ldap.ldapprovider - authentik_providers_oauth2.accesstoken - authentik_providers_oauth2.authorizationcode - authentik_providers_oauth2.oauth2provider - authentik_providers_oauth2.refreshtoken - authentik_providers_oauth2.scopemapping - authentik_providers_proxy.proxyprovider - authentik_providers_radius.radiusprovider - authentik_providers_saml.samlpropertymapping - authentik_providers_saml.samlprovider - authentik_providers_scim.scimmapping - authentik_providers_scim.scimprovider - authentik_rbac.role - authentik_sources_ldap.ldappropertymapping - authentik_sources_ldap.ldapsource - authentik_sources_oauth.oauthsource - authentik_sources_oauth.useroauthsourceconnection - authentik_sources_plex.plexsource - authentik_sources_plex.plexsourceconnection - authentik_sources_saml.samlsource - authentik_sources_saml.usersamlsourceconnection - authentik_stages_authenticator_duo.authenticatorduostage - authentik_stages_authenticator_duo.duodevice - authentik_stages_authenticator_sms.authenticatorsmsstage - authentik_stages_authenticator_sms.smsdevice - authentik_stages_authenticator_static.authenticatorstaticstage - authentik_stages_authenticator_static.staticdevice - authentik_stages_authenticator_totp.authenticatortotpstage - authentik_stages_authenticator_totp.totpdevice - authentik_stages_authenticator_validate.authenticatorvalidatestage - authentik_stages_authenticator_webauthn.authenticatewebauthnstage - authentik_stages_authenticator_webauthn.webauthndevice - authentik_stages_captcha.captchastage - authentik_stages_consent.consentstage - authentik_stages_consent.userconsent - authentik_stages_deny.denystage - authentik_stages_dummy.dummystage - authentik_stages_email.emailstage - authentik_stages_identification.identificationstage - authentik_stages_invitation.invitation - authentik_stages_invitation.invitationstage - authentik_stages_password.passwordstage - authentik_stages_prompt.prompt - authentik_stages_prompt.promptstage - authentik_stages_user_delete.userdeletestage - authentik_stages_user_login.userloginstage - authentik_stages_user_logout.userlogoutstage - authentik_stages_user_write.userwritestage - authentik_tenants.domain - authentik_tenants.tenant description: |- * `authentik_tenants.tenant` - Tenant * `authentik_tenants.domain` - Domain * `authentik_crypto.certificatekeypair` - Certificate-Key Pair * `authentik_events.event` - Event * `authentik_events.notificationtransport` - Notification Transport * `authentik_events.notification` - Notification * `authentik_events.notificationrule` - Notification Rule * `authentik_events.notificationwebhookmapping` - Webhook Mapping * `authentik_flows.flow` - Flow * `authentik_flows.flowstagebinding` - Flow Stage Binding * `authentik_outposts.dockerserviceconnection` - Docker Service-Connection * `authentik_outposts.kubernetesserviceconnection` - Kubernetes Service-Connection * `authentik_outposts.outpost` - Outpost * `authentik_policies_dummy.dummypolicy` - Dummy Policy * `authentik_policies_event_matcher.eventmatcherpolicy` - Event Matcher Policy * `authentik_policies_expiry.passwordexpirypolicy` - Password Expiry Policy * `authentik_policies_expression.expressionpolicy` - Expression Policy * `authentik_policies_password.passwordpolicy` - Password Policy * `authentik_policies_reputation.reputationpolicy` - Reputation Policy * `authentik_policies_reputation.reputation` - Reputation Score * `authentik_policies.policybinding` - Policy Binding * `authentik_providers_ldap.ldapprovider` - LDAP Provider * `authentik_providers_oauth2.scopemapping` - Scope Mapping * `authentik_providers_oauth2.oauth2provider` - OAuth2/OpenID Provider * `authentik_providers_oauth2.authorizationcode` - Authorization Code * `authentik_providers_oauth2.accesstoken` - OAuth2 Access Token * `authentik_providers_oauth2.refreshtoken` - OAuth2 Refresh Token * `authentik_providers_proxy.proxyprovider` - Proxy Provider * `authentik_providers_radius.radiusprovider` - Radius Provider * `authentik_providers_saml.samlprovider` - SAML Provider * `authentik_providers_saml.samlpropertymapping` - SAML Property Mapping * `authentik_providers_scim.scimprovider` - SCIM Provider * `authentik_providers_scim.scimmapping` - SCIM Mapping * `authentik_rbac.role` - Role * `authentik_sources_ldap.ldapsource` - LDAP Source * `authentik_sources_ldap.ldappropertymapping` - LDAP Property Mapping * `authentik_sources_oauth.oauthsource` - OAuth Source * `authentik_sources_oauth.useroauthsourceconnection` - User OAuth Source Connection * `authentik_sources_plex.plexsource` - Plex Source * `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection * `authentik_sources_saml.samlsource` - SAML Source * `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection * `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage * `authentik_stages_authenticator_duo.duodevice` - Duo Device * `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage * `authentik_stages_authenticator_sms.smsdevice` - SMS Device * `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage * `authentik_stages_authenticator_static.staticdevice` - Static Device * `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage * `authentik_stages_authenticator_totp.totpdevice` - TOTP Device * `authentik_stages_authenticator_validate.authenticatorvalidatestage` - Authenticator Validation Stage * `authentik_stages_authenticator_webauthn.authenticatewebauthnstage` - WebAuthn Authenticator Setup Stage * `authentik_stages_authenticator_webauthn.webauthndevice` - WebAuthn Device * `authentik_stages_captcha.captchastage` - Captcha Stage * `authentik_stages_consent.consentstage` - Consent Stage * `authentik_stages_consent.userconsent` - User Consent * `authentik_stages_deny.denystage` - Deny Stage * `authentik_stages_dummy.dummystage` - Dummy Stage * `authentik_stages_email.emailstage` - Email Stage * `authentik_stages_identification.identificationstage` - Identification Stage * `authentik_stages_invitation.invitationstage` - Invitation Stage * `authentik_stages_invitation.invitation` - Invitation * `authentik_stages_password.passwordstage` - Password Stage * `authentik_stages_prompt.prompt` - Prompt * `authentik_stages_prompt.promptstage` - Prompt Stage * `authentik_stages_user_delete.userdeletestage` - User Delete Stage * `authentik_stages_user_login.userloginstage` - User Login Stage * `authentik_stages_user_logout.userlogoutstage` - User Logout Stage * `authentik_stages_user_write.userwritestage` - User Write Stage * `authentik_brands.brand` - Brand * `authentik_blueprints.blueprintinstance` - Blueprint Instance * `authentik_core.group` - Group * `authentik_core.user` - User * `authentik_core.application` - Application * `authentik_core.token` - Token * `authentik_enterprise.license` - License required: true - in: query name: object_pk schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - rbac security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedRoleAssignedObjectPermissionList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /rbac/permissions/assigned_by_roles/{uuid}/assign/: post: operationId: rbac_permissions_assigned_by_roles_assign_create description: |- Assign permission(s) to role. When `object_pk` is set, the permissions are only assigned to the specific object, otherwise they are assigned globally. parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Role. required: true tags: - rbac requestBody: content: application/json: schema: $ref: '#/components/schemas/PermissionAssignRequest' required: true security: - authentik: [] responses: '204': description: Successfully assigned '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /rbac/permissions/assigned_by_roles/{uuid}/unassign/: patch: operationId: rbac_permissions_assigned_by_roles_unassign_partial_update description: |- Unassign permission(s) to role. When `object_pk` is set, the permissions are only assigned to the specific object, otherwise they are assigned globally. parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Role. required: true tags: - rbac requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedPermissionAssignRequest' security: - authentik: [] responses: '204': description: Successfully unassigned '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /rbac/permissions/assigned_by_users/: get: operationId: rbac_permissions_assigned_by_users_list description: Get assigned object permissions for a single object parameters: - in: query name: model schema: type: string enum: - authentik_blueprints.blueprintinstance - authentik_brands.brand - authentik_core.application - authentik_core.group - authentik_core.token - authentik_core.user - authentik_crypto.certificatekeypair - authentik_enterprise.license - authentik_events.event - authentik_events.notification - authentik_events.notificationrule - authentik_events.notificationtransport - authentik_events.notificationwebhookmapping - authentik_flows.flow - authentik_flows.flowstagebinding - authentik_outposts.dockerserviceconnection - authentik_outposts.kubernetesserviceconnection - authentik_outposts.outpost - authentik_policies.policybinding - authentik_policies_dummy.dummypolicy - authentik_policies_event_matcher.eventmatcherpolicy - authentik_policies_expiry.passwordexpirypolicy - authentik_policies_expression.expressionpolicy - authentik_policies_password.passwordpolicy - authentik_policies_reputation.reputation - authentik_policies_reputation.reputationpolicy - authentik_providers_ldap.ldapprovider - authentik_providers_oauth2.accesstoken - authentik_providers_oauth2.authorizationcode - authentik_providers_oauth2.oauth2provider - authentik_providers_oauth2.refreshtoken - authentik_providers_oauth2.scopemapping - authentik_providers_proxy.proxyprovider - authentik_providers_radius.radiusprovider - authentik_providers_saml.samlpropertymapping - authentik_providers_saml.samlprovider - authentik_providers_scim.scimmapping - authentik_providers_scim.scimprovider - authentik_rbac.role - authentik_sources_ldap.ldappropertymapping - authentik_sources_ldap.ldapsource - authentik_sources_oauth.oauthsource - authentik_sources_oauth.useroauthsourceconnection - authentik_sources_plex.plexsource - authentik_sources_plex.plexsourceconnection - authentik_sources_saml.samlsource - authentik_sources_saml.usersamlsourceconnection - authentik_stages_authenticator_duo.authenticatorduostage - authentik_stages_authenticator_duo.duodevice - authentik_stages_authenticator_sms.authenticatorsmsstage - authentik_stages_authenticator_sms.smsdevice - authentik_stages_authenticator_static.authenticatorstaticstage - authentik_stages_authenticator_static.staticdevice - authentik_stages_authenticator_totp.authenticatortotpstage - authentik_stages_authenticator_totp.totpdevice - authentik_stages_authenticator_validate.authenticatorvalidatestage - authentik_stages_authenticator_webauthn.authenticatewebauthnstage - authentik_stages_authenticator_webauthn.webauthndevice - authentik_stages_captcha.captchastage - authentik_stages_consent.consentstage - authentik_stages_consent.userconsent - authentik_stages_deny.denystage - authentik_stages_dummy.dummystage - authentik_stages_email.emailstage - authentik_stages_identification.identificationstage - authentik_stages_invitation.invitation - authentik_stages_invitation.invitationstage - authentik_stages_password.passwordstage - authentik_stages_prompt.prompt - authentik_stages_prompt.promptstage - authentik_stages_user_delete.userdeletestage - authentik_stages_user_login.userloginstage - authentik_stages_user_logout.userlogoutstage - authentik_stages_user_write.userwritestage - authentik_tenants.domain - authentik_tenants.tenant description: |- * `authentik_tenants.tenant` - Tenant * `authentik_tenants.domain` - Domain * `authentik_crypto.certificatekeypair` - Certificate-Key Pair * `authentik_events.event` - Event * `authentik_events.notificationtransport` - Notification Transport * `authentik_events.notification` - Notification * `authentik_events.notificationrule` - Notification Rule * `authentik_events.notificationwebhookmapping` - Webhook Mapping * `authentik_flows.flow` - Flow * `authentik_flows.flowstagebinding` - Flow Stage Binding * `authentik_outposts.dockerserviceconnection` - Docker Service-Connection * `authentik_outposts.kubernetesserviceconnection` - Kubernetes Service-Connection * `authentik_outposts.outpost` - Outpost * `authentik_policies_dummy.dummypolicy` - Dummy Policy * `authentik_policies_event_matcher.eventmatcherpolicy` - Event Matcher Policy * `authentik_policies_expiry.passwordexpirypolicy` - Password Expiry Policy * `authentik_policies_expression.expressionpolicy` - Expression Policy * `authentik_policies_password.passwordpolicy` - Password Policy * `authentik_policies_reputation.reputationpolicy` - Reputation Policy * `authentik_policies_reputation.reputation` - Reputation Score * `authentik_policies.policybinding` - Policy Binding * `authentik_providers_ldap.ldapprovider` - LDAP Provider * `authentik_providers_oauth2.scopemapping` - Scope Mapping * `authentik_providers_oauth2.oauth2provider` - OAuth2/OpenID Provider * `authentik_providers_oauth2.authorizationcode` - Authorization Code * `authentik_providers_oauth2.accesstoken` - OAuth2 Access Token * `authentik_providers_oauth2.refreshtoken` - OAuth2 Refresh Token * `authentik_providers_proxy.proxyprovider` - Proxy Provider * `authentik_providers_radius.radiusprovider` - Radius Provider * `authentik_providers_saml.samlprovider` - SAML Provider * `authentik_providers_saml.samlpropertymapping` - SAML Property Mapping * `authentik_providers_scim.scimprovider` - SCIM Provider * `authentik_providers_scim.scimmapping` - SCIM Mapping * `authentik_rbac.role` - Role * `authentik_sources_ldap.ldapsource` - LDAP Source * `authentik_sources_ldap.ldappropertymapping` - LDAP Property Mapping * `authentik_sources_oauth.oauthsource` - OAuth Source * `authentik_sources_oauth.useroauthsourceconnection` - User OAuth Source Connection * `authentik_sources_plex.plexsource` - Plex Source * `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection * `authentik_sources_saml.samlsource` - SAML Source * `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection * `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage * `authentik_stages_authenticator_duo.duodevice` - Duo Device * `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage * `authentik_stages_authenticator_sms.smsdevice` - SMS Device * `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage * `authentik_stages_authenticator_static.staticdevice` - Static Device * `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage * `authentik_stages_authenticator_totp.totpdevice` - TOTP Device * `authentik_stages_authenticator_validate.authenticatorvalidatestage` - Authenticator Validation Stage * `authentik_stages_authenticator_webauthn.authenticatewebauthnstage` - WebAuthn Authenticator Setup Stage * `authentik_stages_authenticator_webauthn.webauthndevice` - WebAuthn Device * `authentik_stages_captcha.captchastage` - Captcha Stage * `authentik_stages_consent.consentstage` - Consent Stage * `authentik_stages_consent.userconsent` - User Consent * `authentik_stages_deny.denystage` - Deny Stage * `authentik_stages_dummy.dummystage` - Dummy Stage * `authentik_stages_email.emailstage` - Email Stage * `authentik_stages_identification.identificationstage` - Identification Stage * `authentik_stages_invitation.invitationstage` - Invitation Stage * `authentik_stages_invitation.invitation` - Invitation * `authentik_stages_password.passwordstage` - Password Stage * `authentik_stages_prompt.prompt` - Prompt * `authentik_stages_prompt.promptstage` - Prompt Stage * `authentik_stages_user_delete.userdeletestage` - User Delete Stage * `authentik_stages_user_login.userloginstage` - User Login Stage * `authentik_stages_user_logout.userlogoutstage` - User Logout Stage * `authentik_stages_user_write.userwritestage` - User Write Stage * `authentik_brands.brand` - Brand * `authentik_blueprints.blueprintinstance` - Blueprint Instance * `authentik_core.group` - Group * `authentik_core.user` - User * `authentik_core.application` - Application * `authentik_core.token` - Token * `authentik_enterprise.license` - License required: true - in: query name: object_pk schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - rbac security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedUserAssignedObjectPermissionList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /rbac/permissions/assigned_by_users/{id}/assign/: post: operationId: rbac_permissions_assigned_by_users_assign_create description: Assign permission(s) to user parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User. required: true tags: - rbac requestBody: content: application/json: schema: $ref: '#/components/schemas/PermissionAssignRequest' required: true security: - authentik: [] responses: '204': description: Successfully assigned '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /rbac/permissions/assigned_by_users/{id}/unassign/: patch: operationId: rbac_permissions_assigned_by_users_unassign_partial_update description: |- Unassign permission(s) to user. When `object_pk` is set, the permissions are only assigned to the specific object, otherwise they are assigned globally. parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User. required: true tags: - rbac requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedPermissionAssignRequest' security: - authentik: [] responses: '204': description: Successfully unassigned '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /rbac/permissions/roles/: get: operationId: rbac_permissions_roles_list description: Get a role's assigned object permissions parameters: - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: uuid schema: type: string format: uuid required: true tags: - rbac security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedExtraRoleObjectPermissionList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /rbac/permissions/users/: get: operationId: rbac_permissions_users_list description: Get a users's assigned object permissions parameters: - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: user_id schema: type: integer required: true tags: - rbac security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedExtraUserObjectPermissionList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /rbac/roles/: get: operationId: rbac_roles_list description: Role viewset parameters: - in: query name: group__name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - rbac security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedRoleList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: rbac_roles_create description: Role viewset tags: - rbac requestBody: content: application/json: schema: $ref: '#/components/schemas/RoleRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/Role' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /rbac/roles/{uuid}/: get: operationId: rbac_roles_retrieve description: Role viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Role. required: true tags: - rbac security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Role' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: rbac_roles_update description: Role viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Role. required: true tags: - rbac requestBody: content: application/json: schema: $ref: '#/components/schemas/RoleRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Role' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: rbac_roles_partial_update description: Role viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Role. required: true tags: - rbac requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedRoleRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Role' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: rbac_roles_destroy description: Role viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Role. required: true tags: - rbac security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /rbac/roles/{uuid}/used_by/: get: operationId: rbac_roles_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Role. required: true tags: - rbac security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /root/config/: get: operationId: root_config_retrieve description: Retrieve public configuration options tags: - root security: - authentik: [] - {} responses: '200': content: application/json: schema: $ref: '#/components/schemas/Config' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /schema/: get: operationId: schema_retrieve description: |- OpenApi3 schema for this API. Format can be selected via content negotiation. - YAML: application/vnd.oai.openapi - JSON: application/vnd.oai.openapi+json parameters: - in: query name: format schema: type: string enum: - json - yaml - in: query name: lang schema: type: string enum: - af - ar - ar-dz - ast - az - be - bg - bn - br - bs - ca - ckb - cs - cy - da - de - dsb - el - en - en-au - en-gb - eo - es - es-ar - es-co - es-mx - es-ni - es-ve - et - eu - fa - fi - fr - fy - ga - gd - gl - he - hi - hr - hsb - hu - hy - ia - id - ig - io - is - it - ja - ka - kab - kk - km - kn - ko - ky - lb - lt - lv - mk - ml - mn - mr - ms - my - nb - ne - nl - nn - os - pa - pl - pt - pt-br - ro - ru - sk - sl - sq - sr - sr-latn - sv - sw - ta - te - tg - th - tk - tr - tt - udm - uk - ur - uz - vi - zh-hans - zh-hant tags: - schema security: - authentik: [] - {} responses: '200': content: application/vnd.oai.openapi: schema: type: object additionalProperties: {} application/yaml: schema: type: object additionalProperties: {} application/vnd.oai.openapi+json: schema: type: object additionalProperties: {} application/json: schema: type: object additionalProperties: {} description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /sources/all/: get: operationId: sources_all_list description: Source Viewset parameters: - in: query name: managed schema: type: string - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: slug schema: type: string tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedSourceList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /sources/all/{slug}/: get: operationId: sources_all_retrieve description: Source Viewset parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Source' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: sources_all_destroy description: Source Viewset parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /sources/all/{slug}/set_icon/: post: operationId: sources_all_set_icon_create description: Set source icon parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources requestBody: content: multipart/form-data: schema: $ref: '#/components/schemas/FileUploadRequest' security: - authentik: [] responses: '200': description: Success '400': description: Bad request '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /sources/all/{slug}/set_icon_url/: post: operationId: sources_all_set_icon_url_create description: Set source icon (as URL) parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/FilePathRequest' required: true security: - authentik: [] responses: '200': description: Success '400': description: Bad request '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /sources/all/{slug}/used_by/: get: operationId: sources_all_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /sources/all/types/: get: operationId: sources_all_types_list description: Get all creatable source types tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/TypeCreate' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /sources/all/user_settings/: get: operationId: sources_all_user_settings_list description: Get all sources the user can configure tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UserSetting' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /sources/ldap/: get: operationId: sources_ldap_list description: LDAP Source Viewset parameters: - in: query name: additional_group_dn schema: type: string - in: query name: additional_user_dn schema: type: string - in: query name: base_dn schema: type: string - in: query name: bind_cn schema: type: string - in: query name: client_certificate schema: type: string format: uuid - in: query name: enabled schema: type: boolean - in: query name: group_membership_field schema: type: string - in: query name: group_object_filter schema: type: string - in: query name: name schema: type: string - in: query name: object_uniqueness_field schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: peer_certificate schema: type: string format: uuid - in: query name: property_mappings schema: type: array items: type: string format: uuid explode: true style: form - in: query name: property_mappings_group schema: type: array items: type: string format: uuid explode: true style: form - name: search required: false in: query description: A search term. schema: type: string - in: query name: server_uri schema: type: string - in: query name: slug schema: type: string - in: query name: sni schema: type: boolean - in: query name: start_tls schema: type: boolean - in: query name: sync_groups schema: type: boolean - in: query name: sync_parent_group schema: type: string format: uuid - in: query name: sync_users schema: type: boolean - in: query name: sync_users_password schema: type: boolean - in: query name: user_object_filter schema: type: string tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedLDAPSourceList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: sources_ldap_create description: LDAP Source Viewset tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/LDAPSourceRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/LDAPSource' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /sources/ldap/{slug}/: get: operationId: sources_ldap_retrieve description: LDAP Source Viewset parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/LDAPSource' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: sources_ldap_update description: LDAP Source Viewset parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/LDAPSourceRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/LDAPSource' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: sources_ldap_partial_update description: LDAP Source Viewset parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedLDAPSourceRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/LDAPSource' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: sources_ldap_destroy description: LDAP Source Viewset parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /sources/ldap/{slug}/debug/: get: operationId: sources_ldap_debug_retrieve description: Get raw LDAP data to debug parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/LDAPDebug' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /sources/ldap/{slug}/sync_status/: get: operationId: sources_ldap_sync_status_retrieve description: Get source's sync status parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/LDAPSyncStatus' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /sources/ldap/{slug}/used_by/: get: operationId: sources_ldap_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /sources/oauth/: get: operationId: sources_oauth_list description: Source Viewset parameters: - in: query name: access_token_url schema: type: string - in: query name: additional_scopes schema: type: string - in: query name: authentication_flow schema: type: string format: uuid - in: query name: authorization_url schema: type: string - in: query name: consumer_key schema: type: string - in: query name: enabled schema: type: boolean - in: query name: enrollment_flow schema: type: string format: uuid - in: query name: has_jwks schema: type: boolean description: Only return sources with JWKS data - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: policy_engine_mode schema: type: string enum: - all - any description: |- * `all` - all, all policies must pass * `any` - any, any policy must pass - in: query name: profile_url schema: type: string - in: query name: provider_type schema: type: string - in: query name: request_token_url schema: type: string - name: search required: false in: query description: A search term. schema: type: string - in: query name: slug schema: type: string - in: query name: user_matching_mode schema: type: string enum: - email_deny - email_link - identifier - username_deny - username_link description: |- How the source determines if an existing user should be authenticated or a new user enrolled. * `identifier` - Use the source-specific identifier * `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses. * `email_deny` - Use the user's email address, but deny enrollment when the email address already exists. * `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source. * `username_deny` - Use the user's username, but deny enrollment when the username already exists. tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedOAuthSourceList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: sources_oauth_create description: Source Viewset tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/OAuthSourceRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/OAuthSource' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /sources/oauth/{slug}/: get: operationId: sources_oauth_retrieve description: Source Viewset parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/OAuthSource' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: sources_oauth_update description: Source Viewset parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/OAuthSourceRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/OAuthSource' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: sources_oauth_partial_update description: Source Viewset parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedOAuthSourceRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/OAuthSource' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: sources_oauth_destroy description: Source Viewset parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /sources/oauth/{slug}/used_by/: get: operationId: sources_oauth_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /sources/oauth/source_types/: get: operationId: sources_oauth_source_types_list description: |- Get all creatable source types. If ?name is set, only returns the type for . If isn't found, returns the default type. parameters: - in: query name: name schema: type: string tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/SourceType' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /sources/plex/: get: operationId: sources_plex_list description: Plex source Viewset parameters: - in: query name: allow_friends schema: type: boolean - in: query name: authentication_flow schema: type: string format: uuid - in: query name: client_id schema: type: string - in: query name: enabled schema: type: boolean - in: query name: enrollment_flow schema: type: string format: uuid - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: policy_engine_mode schema: type: string enum: - all - any description: |- * `all` - all, all policies must pass * `any` - any, any policy must pass - name: search required: false in: query description: A search term. schema: type: string - in: query name: slug schema: type: string - in: query name: user_matching_mode schema: type: string enum: - email_deny - email_link - identifier - username_deny - username_link description: |- How the source determines if an existing user should be authenticated or a new user enrolled. * `identifier` - Use the source-specific identifier * `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses. * `email_deny` - Use the user's email address, but deny enrollment when the email address already exists. * `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source. * `username_deny` - Use the user's username, but deny enrollment when the username already exists. tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedPlexSourceList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: sources_plex_create description: Plex source Viewset tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/PlexSourceRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/PlexSource' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /sources/plex/{slug}/: get: operationId: sources_plex_retrieve description: Plex source Viewset parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PlexSource' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: sources_plex_update description: Plex source Viewset parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/PlexSourceRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PlexSource' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: sources_plex_partial_update description: Plex source Viewset parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedPlexSourceRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PlexSource' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: sources_plex_destroy description: Plex source Viewset parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /sources/plex/{slug}/used_by/: get: operationId: sources_plex_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /sources/plex/redeem_token/: post: operationId: sources_plex_redeem_token_create description: |- Redeem a plex token, check it's access to resources against what's allowed for the source, and redirect to an authentication/enrollment flow. parameters: - in: query name: slug schema: type: string tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/PlexTokenRedeemRequest' required: true security: - authentik: [] - {} responses: '200': content: application/json: schema: $ref: '#/components/schemas/RedirectChallenge' description: '' '400': description: Token not found '403': description: Access denied /sources/plex/redeem_token_authenticated/: post: operationId: sources_plex_redeem_token_authenticated_create description: Redeem a plex token for an authenticated user, creating a connection parameters: - in: query name: slug schema: type: string tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/PlexTokenRedeemRequest' required: true security: - authentik: [] responses: '204': description: No response body '400': description: Token not found '403': description: Access denied /sources/saml/: get: operationId: sources_saml_list description: SAMLSource Viewset parameters: - in: query name: allow_idp_initiated schema: type: boolean - in: query name: authentication_flow schema: type: string format: uuid - in: query name: binding_type schema: type: string enum: - POST - POST_AUTO - REDIRECT description: |- * `REDIRECT` - Redirect Binding * `POST` - POST Binding * `POST_AUTO` - POST Binding with auto-confirmation - in: query name: digest_algorithm schema: type: string enum: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmlenc#sha512 description: |- * `http://www.w3.org/2000/09/xmldsig#sha1` - SHA1 * `http://www.w3.org/2001/04/xmlenc#sha256` - SHA256 * `http://www.w3.org/2001/04/xmldsig-more#sha384` - SHA384 * `http://www.w3.org/2001/04/xmlenc#sha512` - SHA512 - in: query name: enabled schema: type: boolean - in: query name: enrollment_flow schema: type: string format: uuid - in: query name: issuer schema: type: string - in: query name: managed schema: type: string - in: query name: name schema: type: string - in: query name: name_id_policy schema: type: string enum: - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress - urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName - urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent - urn:oasis:names:tc:SAML:2.0:nameid-format:transient description: |- NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent. * `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress` - Email * `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent` - Persistent * `urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName` - X509 * `urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName` - Windows * `urn:oasis:names:tc:SAML:2.0:nameid-format:transient` - Transient - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: policy_engine_mode schema: type: string enum: - all - any description: |- * `all` - all, all policies must pass * `any` - any, any policy must pass - in: query name: pre_authentication_flow schema: type: string format: uuid - name: search required: false in: query description: A search term. schema: type: string - in: query name: signature_algorithm schema: type: string enum: - http://www.w3.org/2000/09/xmldsig#dsa-sha1 - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 description: |- * `http://www.w3.org/2000/09/xmldsig#rsa-sha1` - RSA-SHA1 * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256` - RSA-SHA256 * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384` - RSA-SHA384 * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512` - RSA-SHA512 * `http://www.w3.org/2000/09/xmldsig#dsa-sha1` - DSA-SHA1 - in: query name: signing_kp schema: type: string format: uuid - in: query name: slo_url schema: type: string - in: query name: slug schema: type: string - in: query name: sso_url schema: type: string - in: query name: temporary_user_delete_after schema: type: string - in: query name: user_matching_mode schema: type: string enum: - email_deny - email_link - identifier - username_deny - username_link description: |- How the source determines if an existing user should be authenticated or a new user enrolled. * `identifier` - Use the source-specific identifier * `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses. * `email_deny` - Use the user's email address, but deny enrollment when the email address already exists. * `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source. * `username_deny` - Use the user's username, but deny enrollment when the username already exists. - in: query name: verification_kp schema: type: string format: uuid tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedSAMLSourceList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: sources_saml_create description: SAMLSource Viewset tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/SAMLSourceRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/SAMLSource' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /sources/saml/{slug}/: get: operationId: sources_saml_retrieve description: SAMLSource Viewset parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SAMLSource' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: sources_saml_update description: SAMLSource Viewset parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/SAMLSourceRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SAMLSource' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: sources_saml_partial_update description: SAMLSource Viewset parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedSAMLSourceRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SAMLSource' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: sources_saml_destroy description: SAMLSource Viewset parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /sources/saml/{slug}/metadata/: get: operationId: sources_saml_metadata_retrieve description: Return metadata as XML string parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SAMLMetadata' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /sources/saml/{slug}/used_by/: get: operationId: sources_saml_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /sources/user_connections/all/: get: operationId: sources_user_connections_all_list description: User-source connection Viewset parameters: - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: user schema: type: integer tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedUserSourceConnectionList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /sources/user_connections/all/{id}/: get: operationId: sources_user_connections_all_retrieve description: User-source connection Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this user source connection. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserSourceConnection' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: sources_user_connections_all_update description: User-source connection Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this user source connection. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserSourceConnection' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: sources_user_connections_all_partial_update description: User-source connection Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this user source connection. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserSourceConnection' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: sources_user_connections_all_destroy description: User-source connection Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this user source connection. required: true tags: - sources security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /sources/user_connections/all/{id}/used_by/: get: operationId: sources_user_connections_all_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this user source connection. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /sources/user_connections/oauth/: get: operationId: sources_user_connections_oauth_list description: Source Viewset parameters: - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: source__slug schema: type: string tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedUserOAuthSourceConnectionList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: sources_user_connections_oauth_create description: Source Viewset tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/UserOAuthSourceConnectionRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/UserOAuthSourceConnection' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /sources/user_connections/oauth/{id}/: get: operationId: sources_user_connections_oauth_retrieve description: Source Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User OAuth Source Connection. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserOAuthSourceConnection' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: sources_user_connections_oauth_update description: Source Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User OAuth Source Connection. required: true tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/UserOAuthSourceConnectionRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserOAuthSourceConnection' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: sources_user_connections_oauth_partial_update description: Source Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User OAuth Source Connection. required: true tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedUserOAuthSourceConnectionRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserOAuthSourceConnection' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: sources_user_connections_oauth_destroy description: Source Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User OAuth Source Connection. required: true tags: - sources security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /sources/user_connections/oauth/{id}/used_by/: get: operationId: sources_user_connections_oauth_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User OAuth Source Connection. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /sources/user_connections/plex/: get: operationId: sources_user_connections_plex_list description: Plex Source connection Serializer parameters: - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: source__slug schema: type: string tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedPlexSourceConnectionList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: sources_user_connections_plex_create description: Plex Source connection Serializer tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/PlexSourceConnectionRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/PlexSourceConnection' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /sources/user_connections/plex/{id}/: get: operationId: sources_user_connections_plex_retrieve description: Plex Source connection Serializer parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User Plex Source Connection. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PlexSourceConnection' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: sources_user_connections_plex_update description: Plex Source connection Serializer parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User Plex Source Connection. required: true tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/PlexSourceConnectionRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PlexSourceConnection' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: sources_user_connections_plex_partial_update description: Plex Source connection Serializer parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User Plex Source Connection. required: true tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedPlexSourceConnectionRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PlexSourceConnection' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: sources_user_connections_plex_destroy description: Plex Source connection Serializer parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User Plex Source Connection. required: true tags: - sources security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /sources/user_connections/plex/{id}/used_by/: get: operationId: sources_user_connections_plex_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User Plex Source Connection. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /sources/user_connections/saml/: get: operationId: sources_user_connections_saml_list description: Source Viewset parameters: - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: source__slug schema: type: string tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedUserSAMLSourceConnectionList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: sources_user_connections_saml_create description: Source Viewset tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/UserSAMLSourceConnectionRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/UserSAMLSourceConnection' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /sources/user_connections/saml/{id}/: get: operationId: sources_user_connections_saml_retrieve description: Source Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User SAML Source Connection. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserSAMLSourceConnection' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: sources_user_connections_saml_update description: Source Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User SAML Source Connection. required: true tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/UserSAMLSourceConnectionRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserSAMLSourceConnection' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: sources_user_connections_saml_partial_update description: Source Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User SAML Source Connection. required: true tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedUserSAMLSourceConnectionRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserSAMLSourceConnection' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: sources_user_connections_saml_destroy description: Source Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User SAML Source Connection. required: true tags: - sources security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /sources/user_connections/saml/{id}/used_by/: get: operationId: sources_user_connections_saml_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User SAML Source Connection. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/all/: get: operationId: stages_all_list description: Stage Viewset parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedStageList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/all/{stage_uuid}/: get: operationId: stages_all_retrieve description: Stage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Stage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: stages_all_destroy description: Stage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/all/{stage_uuid}/used_by/: get: operationId: stages_all_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/all/types/: get: operationId: stages_all_types_list description: Get all creatable stage types tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/TypeCreate' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/all/user_settings/: get: operationId: stages_all_user_settings_list description: Get all stages the user can configure tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UserSetting' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/authenticator/duo/: get: operationId: stages_authenticator_duo_list description: AuthenticatorDuoStage Viewset parameters: - in: query name: api_hostname schema: type: string - in: query name: client_id schema: type: string - in: query name: configure_flow schema: type: string format: uuid - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedAuthenticatorDuoStageList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: stages_authenticator_duo_create description: AuthenticatorDuoStage Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthenticatorDuoStageRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorDuoStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/authenticator/duo/{stage_uuid}/: get: operationId: stages_authenticator_duo_retrieve description: AuthenticatorDuoStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Duo Authenticator Setup Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorDuoStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: stages_authenticator_duo_update description: AuthenticatorDuoStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Duo Authenticator Setup Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthenticatorDuoStageRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorDuoStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: stages_authenticator_duo_partial_update description: AuthenticatorDuoStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Duo Authenticator Setup Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedAuthenticatorDuoStageRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorDuoStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: stages_authenticator_duo_destroy description: AuthenticatorDuoStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Duo Authenticator Setup Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/authenticator/duo/{stage_uuid}/enrollment_status/: post: operationId: stages_authenticator_duo_enrollment_status_create description: Check enrollment status of user details in current session parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Duo Authenticator Setup Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/DuoDeviceEnrollmentStatus' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/authenticator/duo/{stage_uuid}/import_device_manual/: post: operationId: stages_authenticator_duo_import_device_manual_create description: Import duo devices into authentik parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Duo Authenticator Setup Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthenticatorDuoStageManualDeviceImportRequest' required: true security: - authentik: [] responses: '204': description: Enrollment successful '400': description: Bad request '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/authenticator/duo/{stage_uuid}/import_devices_automatic/: post: operationId: stages_authenticator_duo_import_devices_automatic_create description: Import duo devices into authentik parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Duo Authenticator Setup Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorDuoStageDeviceImportResponse' description: '' '400': description: Bad request '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/authenticator/duo/{stage_uuid}/used_by/: get: operationId: stages_authenticator_duo_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Duo Authenticator Setup Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/authenticator/sms/: get: operationId: stages_authenticator_sms_list description: AuthenticatorSMSStage Viewset parameters: - in: query name: account_sid schema: type: string - in: query name: auth schema: type: string - in: query name: auth_password schema: type: string - in: query name: auth_type schema: type: string enum: - basic - bearer description: |- * `basic` - Basic * `bearer` - Bearer - in: query name: configure_flow schema: type: string format: uuid - in: query name: friendly_name schema: type: string - in: query name: from_number schema: type: string - in: query name: mapping schema: type: string format: uuid - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: provider schema: type: string enum: - generic - twilio description: |- * `twilio` - Twilio * `generic` - Generic - name: search required: false in: query description: A search term. schema: type: string - in: query name: stage_uuid schema: type: string format: uuid - in: query name: verify_only schema: type: boolean tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedAuthenticatorSMSStageList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: stages_authenticator_sms_create description: AuthenticatorSMSStage Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthenticatorSMSStageRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorSMSStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/authenticator/sms/{stage_uuid}/: get: operationId: stages_authenticator_sms_retrieve description: AuthenticatorSMSStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this SMS Authenticator Setup Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorSMSStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: stages_authenticator_sms_update description: AuthenticatorSMSStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this SMS Authenticator Setup Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthenticatorSMSStageRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorSMSStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: stages_authenticator_sms_partial_update description: AuthenticatorSMSStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this SMS Authenticator Setup Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedAuthenticatorSMSStageRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorSMSStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: stages_authenticator_sms_destroy description: AuthenticatorSMSStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this SMS Authenticator Setup Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/authenticator/sms/{stage_uuid}/used_by/: get: operationId: stages_authenticator_sms_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this SMS Authenticator Setup Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/authenticator/static/: get: operationId: stages_authenticator_static_list description: AuthenticatorStaticStage Viewset parameters: - in: query name: configure_flow schema: type: string format: uuid - in: query name: friendly_name schema: type: string - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: stage_uuid schema: type: string format: uuid - in: query name: token_count schema: type: integer - in: query name: token_length schema: type: integer tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedAuthenticatorStaticStageList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: stages_authenticator_static_create description: AuthenticatorStaticStage Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthenticatorStaticStageRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorStaticStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/authenticator/static/{stage_uuid}/: get: operationId: stages_authenticator_static_retrieve description: AuthenticatorStaticStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Static Authenticator Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorStaticStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: stages_authenticator_static_update description: AuthenticatorStaticStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Static Authenticator Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthenticatorStaticStageRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorStaticStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: stages_authenticator_static_partial_update description: AuthenticatorStaticStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Static Authenticator Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedAuthenticatorStaticStageRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorStaticStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: stages_authenticator_static_destroy description: AuthenticatorStaticStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Static Authenticator Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/authenticator/static/{stage_uuid}/used_by/: get: operationId: stages_authenticator_static_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Static Authenticator Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/authenticator/totp/: get: operationId: stages_authenticator_totp_list description: AuthenticatorTOTPStage Viewset parameters: - in: query name: configure_flow schema: type: string format: uuid - in: query name: digits schema: type: string enum: - '6' - '8' description: |- * `6` - 6 digits, widely compatible * `8` - 8 digits, not compatible with apps like Google Authenticator - in: query name: friendly_name schema: type: string - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: stage_uuid schema: type: string format: uuid tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedAuthenticatorTOTPStageList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: stages_authenticator_totp_create description: AuthenticatorTOTPStage Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthenticatorTOTPStageRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorTOTPStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/authenticator/totp/{stage_uuid}/: get: operationId: stages_authenticator_totp_retrieve description: AuthenticatorTOTPStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this TOTP Authenticator Setup Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorTOTPStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: stages_authenticator_totp_update description: AuthenticatorTOTPStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this TOTP Authenticator Setup Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthenticatorTOTPStageRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorTOTPStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: stages_authenticator_totp_partial_update description: AuthenticatorTOTPStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this TOTP Authenticator Setup Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedAuthenticatorTOTPStageRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorTOTPStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: stages_authenticator_totp_destroy description: AuthenticatorTOTPStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this TOTP Authenticator Setup Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/authenticator/totp/{stage_uuid}/used_by/: get: operationId: stages_authenticator_totp_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this TOTP Authenticator Setup Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/authenticator/validate/: get: operationId: stages_authenticator_validate_list description: AuthenticatorValidateStage Viewset parameters: - in: query name: configuration_stages schema: type: array items: type: string format: uuid explode: true style: form - in: query name: name schema: type: string - in: query name: not_configured_action schema: type: string enum: - configure - deny - skip description: |- * `skip` - Skip * `deny` - Deny * `configure` - Configure - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedAuthenticatorValidateStageList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: stages_authenticator_validate_create description: AuthenticatorValidateStage Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthenticatorValidateStageRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorValidateStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/authenticator/validate/{stage_uuid}/: get: operationId: stages_authenticator_validate_retrieve description: AuthenticatorValidateStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Authenticator Validation Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorValidateStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: stages_authenticator_validate_update description: AuthenticatorValidateStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Authenticator Validation Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthenticatorValidateStageRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorValidateStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: stages_authenticator_validate_partial_update description: AuthenticatorValidateStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Authenticator Validation Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedAuthenticatorValidateStageRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorValidateStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: stages_authenticator_validate_destroy description: AuthenticatorValidateStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Authenticator Validation Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/authenticator/validate/{stage_uuid}/used_by/: get: operationId: stages_authenticator_validate_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Authenticator Validation Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/authenticator/webauthn/: get: operationId: stages_authenticator_webauthn_list description: AuthenticateWebAuthnStage Viewset parameters: - in: query name: authenticator_attachment schema: type: string nullable: true enum: - cross-platform - platform description: |- * `platform` - Platform * `cross-platform` - Cross Platform - in: query name: configure_flow schema: type: string format: uuid - in: query name: friendly_name schema: type: string - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: resident_key_requirement schema: type: string enum: - discouraged - preferred - required description: |- * `discouraged` - Discouraged * `preferred` - Preferred * `required` - Required - name: search required: false in: query description: A search term. schema: type: string - in: query name: stage_uuid schema: type: string format: uuid - in: query name: user_verification schema: type: string enum: - discouraged - preferred - required description: |- * `required` - Required * `preferred` - Preferred * `discouraged` - Discouraged tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedAuthenticateWebAuthnStageList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: stages_authenticator_webauthn_create description: AuthenticateWebAuthnStage Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthenticateWebAuthnStageRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/AuthenticateWebAuthnStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/authenticator/webauthn/{stage_uuid}/: get: operationId: stages_authenticator_webauthn_retrieve description: AuthenticateWebAuthnStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this WebAuthn Authenticator Setup Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticateWebAuthnStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: stages_authenticator_webauthn_update description: AuthenticateWebAuthnStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this WebAuthn Authenticator Setup Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthenticateWebAuthnStageRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticateWebAuthnStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: stages_authenticator_webauthn_partial_update description: AuthenticateWebAuthnStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this WebAuthn Authenticator Setup Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedAuthenticateWebAuthnStageRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticateWebAuthnStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: stages_authenticator_webauthn_destroy description: AuthenticateWebAuthnStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this WebAuthn Authenticator Setup Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/authenticator/webauthn/{stage_uuid}/used_by/: get: operationId: stages_authenticator_webauthn_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this WebAuthn Authenticator Setup Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/captcha/: get: operationId: stages_captcha_list description: CaptchaStage Viewset parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: public_key schema: type: string - name: search required: false in: query description: A search term. schema: type: string tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedCaptchaStageList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: stages_captcha_create description: CaptchaStage Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/CaptchaStageRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/CaptchaStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/captcha/{stage_uuid}/: get: operationId: stages_captcha_retrieve description: CaptchaStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Captcha Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/CaptchaStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: stages_captcha_update description: CaptchaStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Captcha Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/CaptchaStageRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/CaptchaStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: stages_captcha_partial_update description: CaptchaStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Captcha Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedCaptchaStageRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/CaptchaStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: stages_captcha_destroy description: CaptchaStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Captcha Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/captcha/{stage_uuid}/used_by/: get: operationId: stages_captcha_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Captcha Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/consent/: get: operationId: stages_consent_list description: ConsentStage Viewset parameters: - in: query name: consent_expire_in schema: type: string - in: query name: mode schema: type: string enum: - always_require - expiring - permanent description: |- * `always_require` - Always Require * `permanent` - Permanent * `expiring` - Expiring - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: stage_uuid schema: type: string format: uuid tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedConsentStageList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: stages_consent_create description: ConsentStage Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/ConsentStageRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/ConsentStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/consent/{stage_uuid}/: get: operationId: stages_consent_retrieve description: ConsentStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Consent Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/ConsentStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: stages_consent_update description: ConsentStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Consent Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/ConsentStageRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/ConsentStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: stages_consent_partial_update description: ConsentStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Consent Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedConsentStageRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/ConsentStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: stages_consent_destroy description: ConsentStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Consent Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/consent/{stage_uuid}/used_by/: get: operationId: stages_consent_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Consent Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/deny/: get: operationId: stages_deny_list description: DenyStage Viewset parameters: - in: query name: deny_message schema: type: string - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: stage_uuid schema: type: string format: uuid tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedDenyStageList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: stages_deny_create description: DenyStage Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/DenyStageRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/DenyStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/deny/{stage_uuid}/: get: operationId: stages_deny_retrieve description: DenyStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Deny Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/DenyStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: stages_deny_update description: DenyStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Deny Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/DenyStageRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/DenyStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: stages_deny_partial_update description: DenyStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Deny Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedDenyStageRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/DenyStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: stages_deny_destroy description: DenyStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Deny Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/deny/{stage_uuid}/used_by/: get: operationId: stages_deny_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Deny Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/dummy/: get: operationId: stages_dummy_list description: DummyStage Viewset parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: stage_uuid schema: type: string format: uuid - in: query name: throw_error schema: type: boolean tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedDummyStageList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: stages_dummy_create description: DummyStage Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/DummyStageRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/DummyStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/dummy/{stage_uuid}/: get: operationId: stages_dummy_retrieve description: DummyStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Dummy Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/DummyStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: stages_dummy_update description: DummyStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Dummy Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/DummyStageRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/DummyStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: stages_dummy_partial_update description: DummyStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Dummy Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedDummyStageRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/DummyStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: stages_dummy_destroy description: DummyStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Dummy Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/dummy/{stage_uuid}/used_by/: get: operationId: stages_dummy_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Dummy Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/email/: get: operationId: stages_email_list description: EmailStage Viewset parameters: - in: query name: activate_user_on_success schema: type: boolean - in: query name: from_address schema: type: string - in: query name: host schema: type: string - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: port schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: subject schema: type: string - in: query name: template schema: type: string - in: query name: timeout schema: type: integer - in: query name: token_expiry schema: type: integer - in: query name: use_global_settings schema: type: boolean - in: query name: use_ssl schema: type: boolean - in: query name: use_tls schema: type: boolean - in: query name: username schema: type: string tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedEmailStageList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: stages_email_create description: EmailStage Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/EmailStageRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/EmailStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/email/{stage_uuid}/: get: operationId: stages_email_retrieve description: EmailStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Email Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/EmailStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: stages_email_update description: EmailStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Email Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/EmailStageRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/EmailStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: stages_email_partial_update description: EmailStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Email Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedEmailStageRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/EmailStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: stages_email_destroy description: EmailStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Email Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/email/{stage_uuid}/used_by/: get: operationId: stages_email_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Email Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/email/templates/: get: operationId: stages_email_templates_list description: Get all available templates, including custom templates tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/TypeCreate' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/identification/: get: operationId: stages_identification_list description: IdentificationStage Viewset parameters: - in: query name: case_insensitive_matching schema: type: boolean - in: query name: enrollment_flow schema: type: string format: uuid - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: password_stage schema: type: string format: uuid - in: query name: passwordless_flow schema: type: string format: uuid - in: query name: recovery_flow schema: type: string format: uuid - name: search required: false in: query description: A search term. schema: type: string - in: query name: show_matched_user schema: type: boolean - in: query name: show_source_labels schema: type: boolean tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedIdentificationStageList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: stages_identification_create description: IdentificationStage Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/IdentificationStageRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/IdentificationStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/identification/{stage_uuid}/: get: operationId: stages_identification_retrieve description: IdentificationStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Identification Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/IdentificationStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: stages_identification_update description: IdentificationStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Identification Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/IdentificationStageRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/IdentificationStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: stages_identification_partial_update description: IdentificationStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Identification Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedIdentificationStageRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/IdentificationStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: stages_identification_destroy description: IdentificationStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Identification Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/identification/{stage_uuid}/used_by/: get: operationId: stages_identification_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Identification Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/invitation/invitations/: get: operationId: stages_invitation_invitations_list description: Invitation Viewset parameters: - in: query name: created_by__username schema: type: string - in: query name: expires schema: type: string format: date-time - in: query name: flow__slug schema: type: string - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedInvitationList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: stages_invitation_invitations_create description: Invitation Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/InvitationRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/Invitation' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/invitation/invitations/{invite_uuid}/: get: operationId: stages_invitation_invitations_retrieve description: Invitation Viewset parameters: - in: path name: invite_uuid schema: type: string format: uuid description: A UUID string identifying this Invitation. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Invitation' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: stages_invitation_invitations_update description: Invitation Viewset parameters: - in: path name: invite_uuid schema: type: string format: uuid description: A UUID string identifying this Invitation. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/InvitationRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Invitation' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: stages_invitation_invitations_partial_update description: Invitation Viewset parameters: - in: path name: invite_uuid schema: type: string format: uuid description: A UUID string identifying this Invitation. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedInvitationRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Invitation' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: stages_invitation_invitations_destroy description: Invitation Viewset parameters: - in: path name: invite_uuid schema: type: string format: uuid description: A UUID string identifying this Invitation. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/invitation/invitations/{invite_uuid}/used_by/: get: operationId: stages_invitation_invitations_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: invite_uuid schema: type: string format: uuid description: A UUID string identifying this Invitation. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/invitation/stages/: get: operationId: stages_invitation_stages_list description: InvitationStage Viewset parameters: - in: query name: continue_flow_without_invitation schema: type: boolean - in: query name: name schema: type: string - in: query name: no_flows schema: type: boolean - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: stage_uuid schema: type: string format: uuid tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedInvitationStageList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: stages_invitation_stages_create description: InvitationStage Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/InvitationStageRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/InvitationStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/invitation/stages/{stage_uuid}/: get: operationId: stages_invitation_stages_retrieve description: InvitationStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Invitation Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/InvitationStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: stages_invitation_stages_update description: InvitationStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Invitation Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/InvitationStageRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/InvitationStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: stages_invitation_stages_partial_update description: InvitationStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Invitation Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedInvitationStageRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/InvitationStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: stages_invitation_stages_destroy description: InvitationStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Invitation Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/invitation/stages/{stage_uuid}/used_by/: get: operationId: stages_invitation_stages_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Invitation Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/password/: get: operationId: stages_password_list description: PasswordStage Viewset parameters: - in: query name: configure_flow schema: type: string format: uuid - in: query name: failed_attempts_before_cancel schema: type: integer - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedPasswordStageList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: stages_password_create description: PasswordStage Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PasswordStageRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/PasswordStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/password/{stage_uuid}/: get: operationId: stages_password_retrieve description: PasswordStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Password Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PasswordStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: stages_password_update description: PasswordStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Password Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PasswordStageRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PasswordStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: stages_password_partial_update description: PasswordStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Password Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedPasswordStageRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PasswordStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: stages_password_destroy description: PasswordStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Password Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/password/{stage_uuid}/used_by/: get: operationId: stages_password_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Password Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/prompt/prompts/: get: operationId: stages_prompt_prompts_list description: Prompt Viewset parameters: - in: query name: field_key schema: type: string - in: query name: label schema: type: string - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: placeholder schema: type: string - name: search required: false in: query description: A search term. schema: type: string - in: query name: type schema: type: string enum: - ak-locale - checkbox - date - date-time - dropdown - email - file - hidden - number - password - radio-button-group - separator - static - text - text_area - text_area_read_only - text_read_only - username description: |- * `text` - Text: Simple Text input * `text_area` - Text area: Multiline Text Input. * `text_read_only` - Text (read-only): Simple Text input, but cannot be edited. * `text_area_read_only` - Text area (read-only): Multiline Text input, but cannot be edited. * `username` - Username: Same as Text input, but checks for and prevents duplicate usernames. * `email` - Email: Text field with Email type. * `password` - Password: Masked input, multiple inputs of this type on the same prompt need to be identical. * `number` - Number * `checkbox` - Checkbox * `radio-button-group` - Fixed choice field rendered as a group of radio buttons. * `dropdown` - Fixed choice field rendered as a dropdown. * `date` - Date * `date-time` - Date Time * `file` - File: File upload for arbitrary files. File content will be available in flow context as data-URI * `separator` - Separator: Static Separator Line * `hidden` - Hidden: Hidden field, can be used to insert data into form. * `static` - Static: Static value, displayed as-is. * `ak-locale` - authentik: Selection of locales authentik supports tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedPromptList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: stages_prompt_prompts_create description: Prompt Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PromptRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/Prompt' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/prompt/prompts/{prompt_uuid}/: get: operationId: stages_prompt_prompts_retrieve description: Prompt Viewset parameters: - in: path name: prompt_uuid schema: type: string format: uuid description: A UUID string identifying this Prompt. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Prompt' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: stages_prompt_prompts_update description: Prompt Viewset parameters: - in: path name: prompt_uuid schema: type: string format: uuid description: A UUID string identifying this Prompt. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PromptRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Prompt' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: stages_prompt_prompts_partial_update description: Prompt Viewset parameters: - in: path name: prompt_uuid schema: type: string format: uuid description: A UUID string identifying this Prompt. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedPromptRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Prompt' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: stages_prompt_prompts_destroy description: Prompt Viewset parameters: - in: path name: prompt_uuid schema: type: string format: uuid description: A UUID string identifying this Prompt. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/prompt/prompts/{prompt_uuid}/used_by/: get: operationId: stages_prompt_prompts_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: prompt_uuid schema: type: string format: uuid description: A UUID string identifying this Prompt. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/prompt/prompts/preview/: post: operationId: stages_prompt_prompts_preview_create description: Preview a prompt as a challenge, just like a flow would receive tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PromptRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PromptChallenge' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/prompt/stages/: get: operationId: stages_prompt_stages_list description: PromptStage Viewset parameters: - in: query name: fields schema: type: array items: type: string format: uuid explode: true style: form - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: stage_uuid schema: type: string format: uuid - in: query name: validation_policies schema: type: array items: type: string format: uuid explode: true style: form tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedPromptStageList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: stages_prompt_stages_create description: PromptStage Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PromptStageRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/PromptStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/prompt/stages/{stage_uuid}/: get: operationId: stages_prompt_stages_retrieve description: PromptStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Prompt Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PromptStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: stages_prompt_stages_update description: PromptStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Prompt Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PromptStageRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PromptStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: stages_prompt_stages_partial_update description: PromptStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Prompt Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedPromptStageRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PromptStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: stages_prompt_stages_destroy description: PromptStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Prompt Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/prompt/stages/{stage_uuid}/used_by/: get: operationId: stages_prompt_stages_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Prompt Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/user_delete/: get: operationId: stages_user_delete_list description: UserDeleteStage Viewset parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: stage_uuid schema: type: string format: uuid tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedUserDeleteStageList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: stages_user_delete_create description: UserDeleteStage Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/UserDeleteStageRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/UserDeleteStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/user_delete/{stage_uuid}/: get: operationId: stages_user_delete_retrieve description: UserDeleteStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Delete Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserDeleteStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: stages_user_delete_update description: UserDeleteStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Delete Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/UserDeleteStageRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserDeleteStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: stages_user_delete_partial_update description: UserDeleteStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Delete Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedUserDeleteStageRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserDeleteStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: stages_user_delete_destroy description: UserDeleteStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Delete Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/user_delete/{stage_uuid}/used_by/: get: operationId: stages_user_delete_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Delete Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/user_login/: get: operationId: stages_user_login_list description: UserLoginStage Viewset parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: remember_me_offset schema: type: string - name: search required: false in: query description: A search term. schema: type: string - in: query name: session_duration schema: type: string - in: query name: stage_uuid schema: type: string format: uuid - in: query name: terminate_other_sessions schema: type: boolean tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedUserLoginStageList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: stages_user_login_create description: UserLoginStage Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/UserLoginStageRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/UserLoginStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/user_login/{stage_uuid}/: get: operationId: stages_user_login_retrieve description: UserLoginStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Login Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserLoginStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: stages_user_login_update description: UserLoginStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Login Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/UserLoginStageRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserLoginStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: stages_user_login_partial_update description: UserLoginStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Login Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedUserLoginStageRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserLoginStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: stages_user_login_destroy description: UserLoginStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Login Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/user_login/{stage_uuid}/used_by/: get: operationId: stages_user_login_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Login Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/user_logout/: get: operationId: stages_user_logout_list description: UserLogoutStage Viewset parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: stage_uuid schema: type: string format: uuid tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedUserLogoutStageList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: stages_user_logout_create description: UserLogoutStage Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/UserLogoutStageRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/UserLogoutStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/user_logout/{stage_uuid}/: get: operationId: stages_user_logout_retrieve description: UserLogoutStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Logout Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserLogoutStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: stages_user_logout_update description: UserLogoutStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Logout Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/UserLogoutStageRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserLogoutStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: stages_user_logout_partial_update description: UserLogoutStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Logout Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedUserLogoutStageRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserLogoutStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: stages_user_logout_destroy description: UserLogoutStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Logout Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/user_logout/{stage_uuid}/used_by/: get: operationId: stages_user_logout_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Logout Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/user_write/: get: operationId: stages_user_write_list description: UserWriteStage Viewset parameters: - in: query name: create_users_as_inactive schema: type: boolean - in: query name: create_users_group schema: type: string format: uuid - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: stage_uuid schema: type: string format: uuid - in: query name: user_creation_mode schema: type: string enum: - always_create - create_when_required - never_create description: |- * `never_create` - Never Create * `create_when_required` - Create When Required * `always_create` - Always Create - in: query name: user_path_template schema: type: string - in: query name: user_type schema: type: string enum: - external - internal - internal_service_account - service_account description: |- * `internal` - Internal * `external` - External * `service_account` - Service Account * `internal_service_account` - Internal Service Account tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedUserWriteStageList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: stages_user_write_create description: UserWriteStage Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/UserWriteStageRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/UserWriteStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/user_write/{stage_uuid}/: get: operationId: stages_user_write_retrieve description: UserWriteStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Write Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserWriteStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: stages_user_write_update description: UserWriteStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Write Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/UserWriteStageRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserWriteStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: stages_user_write_partial_update description: UserWriteStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Write Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedUserWriteStageRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserWriteStage' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: stages_user_write_destroy description: UserWriteStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Write Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /stages/user_write/{stage_uuid}/used_by/: get: operationId: stages_user_write_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Write Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /tenants/domains/: get: operationId: tenants_domains_list description: Domain ViewSet parameters: - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - tenants responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedDomainList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: tenants_domains_create description: Domain ViewSet tags: - tenants requestBody: content: application/json: schema: $ref: '#/components/schemas/DomainRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/Domain' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /tenants/domains/{id}/: get: operationId: tenants_domains_retrieve description: Domain ViewSet parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Domain. required: true tags: - tenants responses: '200': content: application/json: schema: $ref: '#/components/schemas/Domain' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: tenants_domains_update description: Domain ViewSet parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Domain. required: true tags: - tenants requestBody: content: application/json: schema: $ref: '#/components/schemas/DomainRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/Domain' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: tenants_domains_partial_update description: Domain ViewSet parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Domain. required: true tags: - tenants requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedDomainRequest' responses: '200': content: application/json: schema: $ref: '#/components/schemas/Domain' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: tenants_domains_destroy description: Domain ViewSet parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Domain. required: true tags: - tenants responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /tenants/tenants/: get: operationId: tenants_tenants_list description: Tenant Viewset parameters: - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - tenants responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedTenantList' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' post: operationId: tenants_tenants_create description: Tenant Viewset tags: - tenants requestBody: content: application/json: schema: $ref: '#/components/schemas/TenantRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/Tenant' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' /tenants/tenants/{tenant_uuid}/: get: operationId: tenants_tenants_retrieve description: Tenant Viewset parameters: - in: path name: tenant_uuid schema: type: string format: uuid description: A UUID string identifying this Tenant. required: true tags: - tenants responses: '200': content: application/json: schema: $ref: '#/components/schemas/Tenant' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' put: operationId: tenants_tenants_update description: Tenant Viewset parameters: - in: path name: tenant_uuid schema: type: string format: uuid description: A UUID string identifying this Tenant. required: true tags: - tenants requestBody: content: application/json: schema: $ref: '#/components/schemas/TenantRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/Tenant' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' patch: operationId: tenants_tenants_partial_update description: Tenant Viewset parameters: - in: path name: tenant_uuid schema: type: string format: uuid description: A UUID string identifying this Tenant. required: true tags: - tenants requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedTenantRequest' responses: '200': content: application/json: schema: $ref: '#/components/schemas/Tenant' description: '' '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' delete: operationId: tenants_tenants_destroy description: Tenant Viewset parameters: - in: path name: tenant_uuid schema: type: string format: uuid description: A UUID string identifying this Tenant. required: true tags: - tenants responses: '204': description: No response body '400': content: application/json: schema: $ref: '#/components/schemas/ValidationError' description: '' '403': content: application/json: schema: $ref: '#/components/schemas/GenericError' description: '' components: schemas: AccessDeniedChallenge: type: object description: Challenge when a flow's active stage calls `stage_invalid()`. properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: ak-stage-access-denied response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' pending_user: type: string pending_user_avatar: type: string error_message: type: string required: - pending_user - pending_user_avatar - type App: type: object description: Serialize Application info properties: name: type: string label: type: string required: - label - name AppEnum: enum: - authentik.tenants - authentik.admin - authentik.api - authentik.crypto - authentik.events - authentik.flows - authentik.outposts - authentik.policies.dummy - authentik.policies.event_matcher - authentik.policies.expiry - authentik.policies.expression - authentik.policies.password - authentik.policies.reputation - authentik.policies - authentik.providers.ldap - authentik.providers.oauth2 - authentik.providers.proxy - authentik.providers.radius - authentik.providers.saml - authentik.providers.scim - authentik.rbac - authentik.recovery - authentik.sources.ldap - authentik.sources.oauth - authentik.sources.plex - authentik.sources.saml - authentik.stages.authenticator - authentik.stages.authenticator_duo - authentik.stages.authenticator_sms - authentik.stages.authenticator_static - authentik.stages.authenticator_totp - authentik.stages.authenticator_validate - authentik.stages.authenticator_webauthn - authentik.stages.captcha - authentik.stages.consent - authentik.stages.deny - authentik.stages.dummy - authentik.stages.email - authentik.stages.identification - authentik.stages.invitation - authentik.stages.password - authentik.stages.prompt - authentik.stages.user_delete - authentik.stages.user_login - authentik.stages.user_logout - authentik.stages.user_write - authentik.brands - authentik.blueprints - authentik.core - authentik.enterprise type: string description: |- * `authentik.tenants` - authentik Tenants * `authentik.admin` - authentik Admin * `authentik.api` - authentik API * `authentik.crypto` - authentik Crypto * `authentik.events` - authentik Events * `authentik.flows` - authentik Flows * `authentik.outposts` - authentik Outpost * `authentik.policies.dummy` - authentik Policies.Dummy * `authentik.policies.event_matcher` - authentik Policies.Event Matcher * `authentik.policies.expiry` - authentik Policies.Expiry * `authentik.policies.expression` - authentik Policies.Expression * `authentik.policies.password` - authentik Policies.Password * `authentik.policies.reputation` - authentik Policies.Reputation * `authentik.policies` - authentik Policies * `authentik.providers.ldap` - authentik Providers.LDAP * `authentik.providers.oauth2` - authentik Providers.OAuth2 * `authentik.providers.proxy` - authentik Providers.Proxy * `authentik.providers.radius` - authentik Providers.Radius * `authentik.providers.saml` - authentik Providers.SAML * `authentik.providers.scim` - authentik Providers.SCIM * `authentik.rbac` - authentik RBAC * `authentik.recovery` - authentik Recovery * `authentik.sources.ldap` - authentik Sources.LDAP * `authentik.sources.oauth` - authentik Sources.OAuth * `authentik.sources.plex` - authentik Sources.Plex * `authentik.sources.saml` - authentik Sources.SAML * `authentik.stages.authenticator` - authentik Stages.Authenticator * `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo * `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS * `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static * `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP * `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate * `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn * `authentik.stages.captcha` - authentik Stages.Captcha * `authentik.stages.consent` - authentik Stages.Consent * `authentik.stages.deny` - authentik Stages.Deny * `authentik.stages.dummy` - authentik Stages.Dummy * `authentik.stages.email` - authentik Stages.Email * `authentik.stages.identification` - authentik Stages.Identification * `authentik.stages.invitation` - authentik Stages.User Invitation * `authentik.stages.password` - authentik Stages.Password * `authentik.stages.prompt` - authentik Stages.Prompt * `authentik.stages.user_delete` - authentik Stages.User Delete * `authentik.stages.user_login` - authentik Stages.User Login * `authentik.stages.user_logout` - authentik Stages.User Logout * `authentik.stages.user_write` - authentik Stages.User Write * `authentik.brands` - authentik Brands * `authentik.blueprints` - authentik Blueprints * `authentik.core` - authentik Core * `authentik.enterprise` - authentik Enterprise AppleChallengeResponseRequest: type: object description: Pseudo class for plex response properties: component: type: string minLength: 1 default: ak-source-oauth-apple AppleLoginChallenge: type: object description: Special challenge for apple-native authentication flow, which happens on the client. properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: ak-source-oauth-apple response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' client_id: type: string scope: type: string redirect_uri: type: string state: type: string required: - client_id - redirect_uri - scope - state - type Application: type: object description: Application Serializer properties: pk: type: string format: uuid readOnly: true title: Pbm uuid name: type: string description: Application's display Name. slug: type: string description: Internal application name, used in URLs. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ provider: type: integer nullable: true provider_obj: allOf: - $ref: '#/components/schemas/Provider' readOnly: true backchannel_providers: type: array items: type: integer backchannel_providers_obj: type: array items: $ref: '#/components/schemas/Provider' readOnly: true launch_url: type: string nullable: true description: Allow formatting of launch URL readOnly: true open_in_new_tab: type: boolean description: Open launch URL in a new browser tab or window. meta_launch_url: type: string format: uri meta_icon: type: string nullable: true description: |- Get the URL to the App Icon image. If the name is /static or starts with http it is returned as-is readOnly: true meta_description: type: string meta_publisher: type: string policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' group: type: string required: - backchannel_providers_obj - launch_url - meta_icon - name - pk - provider_obj - slug ApplicationRequest: type: object description: Application Serializer properties: name: type: string minLength: 1 description: Application's display Name. slug: type: string minLength: 1 description: Internal application name, used in URLs. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ provider: type: integer nullable: true backchannel_providers: type: array items: type: integer open_in_new_tab: type: boolean description: Open launch URL in a new browser tab or window. meta_launch_url: type: string format: uri meta_description: type: string meta_publisher: type: string policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' group: type: string required: - name - slug AuthTypeEnum: enum: - basic - bearer type: string description: |- * `basic` - Basic * `bearer` - Bearer AuthenticateWebAuthnStage: type: object description: AuthenticateWebAuthnStage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string description: Get object type so that we know how to edit the object readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true flow_set: type: array items: $ref: '#/components/schemas/FlowSet' configure_flow: type: string format: uuid nullable: true description: Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. friendly_name: type: string nullable: true user_verification: $ref: '#/components/schemas/UserVerificationEnum' authenticator_attachment: allOf: - $ref: '#/components/schemas/AuthenticatorAttachmentEnum' nullable: true resident_key_requirement: $ref: '#/components/schemas/ResidentKeyRequirementEnum' required: - component - meta_model_name - name - pk - verbose_name - verbose_name_plural AuthenticateWebAuthnStageRequest: type: object description: AuthenticateWebAuthnStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' configure_flow: type: string format: uuid nullable: true description: Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. friendly_name: type: string nullable: true minLength: 1 user_verification: $ref: '#/components/schemas/UserVerificationEnum' authenticator_attachment: allOf: - $ref: '#/components/schemas/AuthenticatorAttachmentEnum' nullable: true resident_key_requirement: $ref: '#/components/schemas/ResidentKeyRequirementEnum' required: - name AuthenticatedSession: type: object description: AuthenticatedSession Serializer properties: uuid: type: string format: uuid current: type: boolean description: Check if session is currently active session readOnly: true user_agent: type: object description: Get parsed user agent properties: device: type: object description: User agent device properties: brand: type: string family: type: string model: type: string required: - brand - family - model os: type: object description: User agent os properties: family: type: string major: type: string minor: type: string patch: type: string patch_minor: type: string required: - family - major - minor - patch - patch_minor user_agent: type: object description: User agent browser properties: family: type: string major: type: string minor: type: string patch: type: string required: - family - major - minor - patch string: type: string required: - device - os - string - user_agent readOnly: true geo_ip: type: object description: Get parsed user agent properties: continent: type: string country: type: string lat: type: number format: double long: type: number format: double city: type: string required: - city - continent - country - lat - long nullable: true readOnly: true user: type: integer last_ip: type: string last_user_agent: type: string last_used: type: string format: date-time readOnly: true expires: type: string format: date-time required: - current - geo_ip - last_ip - last_used - user - user_agent AuthenticationEnum: enum: - none - require_authenticated - require_unauthenticated - require_superuser type: string description: |- * `none` - None * `require_authenticated` - Require Authenticated * `require_unauthenticated` - Require Unauthenticated * `require_superuser` - Require Superuser AuthenticatorAttachmentEnum: enum: - platform - cross-platform type: string description: |- * `platform` - Platform * `cross-platform` - Cross Platform AuthenticatorDuoChallenge: type: object description: Duo Challenge properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: ak-stage-authenticator-duo response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' pending_user: type: string pending_user_avatar: type: string activation_barcode: type: string activation_code: type: string stage_uuid: type: string required: - activation_barcode - activation_code - pending_user - pending_user_avatar - stage_uuid - type AuthenticatorDuoChallengeResponseRequest: type: object description: Pseudo class for duo response properties: component: type: string minLength: 1 default: ak-stage-authenticator-duo AuthenticatorDuoStage: type: object description: AuthenticatorDuoStage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string description: Get object type so that we know how to edit the object readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true flow_set: type: array items: $ref: '#/components/schemas/FlowSet' configure_flow: type: string format: uuid nullable: true description: Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. friendly_name: type: string nullable: true client_id: type: string api_hostname: type: string admin_integration_key: type: string required: - api_hostname - client_id - component - meta_model_name - name - pk - verbose_name - verbose_name_plural AuthenticatorDuoStageDeviceImportResponse: type: object properties: count: type: integer readOnly: true error: type: string readOnly: true required: - count - error AuthenticatorDuoStageManualDeviceImportRequest: type: object properties: duo_user_id: type: string minLength: 1 username: type: string minLength: 1 required: - duo_user_id - username AuthenticatorDuoStageRequest: type: object description: AuthenticatorDuoStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' configure_flow: type: string format: uuid nullable: true description: Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. friendly_name: type: string nullable: true minLength: 1 client_id: type: string minLength: 1 client_secret: type: string writeOnly: true minLength: 1 api_hostname: type: string minLength: 1 admin_integration_key: type: string admin_secret_key: type: string writeOnly: true required: - api_hostname - client_id - client_secret - name AuthenticatorSMSChallenge: type: object description: SMS Setup challenge properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: ak-stage-authenticator-sms response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' pending_user: type: string pending_user_avatar: type: string phone_number_required: type: boolean default: true required: - pending_user - pending_user_avatar - type AuthenticatorSMSChallengeResponseRequest: type: object description: SMS Challenge response, device is set by get_response_instance properties: component: type: string minLength: 1 default: ak-stage-authenticator-sms code: type: integer phone_number: type: string minLength: 1 AuthenticatorSMSStage: type: object description: AuthenticatorSMSStage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string description: Get object type so that we know how to edit the object readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true flow_set: type: array items: $ref: '#/components/schemas/FlowSet' configure_flow: type: string format: uuid nullable: true description: Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. friendly_name: type: string nullable: true provider: $ref: '#/components/schemas/ProviderEnum' from_number: type: string account_sid: type: string auth: type: string auth_password: type: string auth_type: $ref: '#/components/schemas/AuthTypeEnum' verify_only: type: boolean description: When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future. mapping: type: string format: uuid nullable: true description: Optionally modify the payload being sent to custom providers. required: - account_sid - auth - component - from_number - meta_model_name - name - pk - provider - verbose_name - verbose_name_plural AuthenticatorSMSStageRequest: type: object description: AuthenticatorSMSStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' configure_flow: type: string format: uuid nullable: true description: Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. friendly_name: type: string nullable: true minLength: 1 provider: $ref: '#/components/schemas/ProviderEnum' from_number: type: string minLength: 1 account_sid: type: string minLength: 1 auth: type: string minLength: 1 auth_password: type: string auth_type: $ref: '#/components/schemas/AuthTypeEnum' verify_only: type: boolean description: When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future. mapping: type: string format: uuid nullable: true description: Optionally modify the payload being sent to custom providers. required: - account_sid - auth - from_number - name - provider AuthenticatorStaticChallenge: type: object description: Static authenticator challenge properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: ak-stage-authenticator-static response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' pending_user: type: string pending_user_avatar: type: string codes: type: array items: type: string required: - codes - pending_user - pending_user_avatar - type AuthenticatorStaticChallengeResponseRequest: type: object description: Pseudo class for static response properties: component: type: string minLength: 1 default: ak-stage-authenticator-static AuthenticatorStaticStage: type: object description: AuthenticatorStaticStage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string description: Get object type so that we know how to edit the object readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true flow_set: type: array items: $ref: '#/components/schemas/FlowSet' configure_flow: type: string format: uuid nullable: true description: Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. friendly_name: type: string nullable: true token_count: type: integer maximum: 2147483647 minimum: 0 token_length: type: integer maximum: 2147483647 minimum: 0 required: - component - meta_model_name - name - pk - verbose_name - verbose_name_plural AuthenticatorStaticStageRequest: type: object description: AuthenticatorStaticStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' configure_flow: type: string format: uuid nullable: true description: Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. friendly_name: type: string nullable: true minLength: 1 token_count: type: integer maximum: 2147483647 minimum: 0 token_length: type: integer maximum: 2147483647 minimum: 0 required: - name AuthenticatorTOTPChallenge: type: object description: TOTP Setup challenge properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: ak-stage-authenticator-totp response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' pending_user: type: string pending_user_avatar: type: string config_url: type: string required: - config_url - pending_user - pending_user_avatar - type AuthenticatorTOTPChallengeResponseRequest: type: object description: TOTP Challenge response, device is set by get_response_instance properties: component: type: string minLength: 1 default: ak-stage-authenticator-totp code: type: integer required: - code AuthenticatorTOTPStage: type: object description: AuthenticatorTOTPStage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string description: Get object type so that we know how to edit the object readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true flow_set: type: array items: $ref: '#/components/schemas/FlowSet' configure_flow: type: string format: uuid nullable: true description: Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. friendly_name: type: string nullable: true digits: $ref: '#/components/schemas/DigitsEnum' required: - component - digits - meta_model_name - name - pk - verbose_name - verbose_name_plural AuthenticatorTOTPStageRequest: type: object description: AuthenticatorTOTPStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' configure_flow: type: string format: uuid nullable: true description: Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. friendly_name: type: string nullable: true minLength: 1 digits: $ref: '#/components/schemas/DigitsEnum' required: - digits - name AuthenticatorValidateStage: type: object description: AuthenticatorValidateStage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string description: Get object type so that we know how to edit the object readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true flow_set: type: array items: $ref: '#/components/schemas/FlowSet' not_configured_action: $ref: '#/components/schemas/NotConfiguredActionEnum' device_classes: type: array items: $ref: '#/components/schemas/DeviceClassesEnum' description: Device classes which can be used to authenticate configuration_stages: type: array items: type: string format: uuid description: Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again. last_auth_threshold: type: string description: If any of the user's device has been used within this threshold, this stage will be skipped webauthn_user_verification: allOf: - $ref: '#/components/schemas/UserVerificationEnum' description: |- Enforce user verification for WebAuthn devices. * `required` - Required * `preferred` - Preferred * `discouraged` - Discouraged required: - component - meta_model_name - name - pk - verbose_name - verbose_name_plural AuthenticatorValidateStageRequest: type: object description: AuthenticatorValidateStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' not_configured_action: $ref: '#/components/schemas/NotConfiguredActionEnum' device_classes: type: array items: $ref: '#/components/schemas/DeviceClassesEnum' description: Device classes which can be used to authenticate configuration_stages: type: array items: type: string format: uuid description: Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again. last_auth_threshold: type: string minLength: 1 description: If any of the user's device has been used within this threshold, this stage will be skipped webauthn_user_verification: allOf: - $ref: '#/components/schemas/UserVerificationEnum' description: |- Enforce user verification for WebAuthn devices. * `required` - Required * `preferred` - Preferred * `discouraged` - Discouraged required: - name AuthenticatorValidationChallenge: type: object description: Authenticator challenge properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: ak-stage-authenticator-validate response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' pending_user: type: string pending_user_avatar: type: string device_challenges: type: array items: $ref: '#/components/schemas/DeviceChallenge' configuration_stages: type: array items: $ref: '#/components/schemas/SelectableStage' required: - configuration_stages - device_challenges - pending_user - pending_user_avatar - type AuthenticatorValidationChallengeResponseRequest: type: object description: Challenge used for Code-based and WebAuthn authenticators properties: component: type: string minLength: 1 default: ak-stage-authenticator-validate selected_challenge: $ref: '#/components/schemas/DeviceChallengeRequest' selected_stage: type: string minLength: 1 code: type: string minLength: 1 webauthn: type: object additionalProperties: {} duo: type: integer AuthenticatorWebAuthnChallenge: type: object description: WebAuthn Challenge properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: ak-stage-authenticator-webauthn response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' pending_user: type: string pending_user_avatar: type: string registration: type: object additionalProperties: {} required: - pending_user - pending_user_avatar - registration - type AuthenticatorWebAuthnChallengeResponseRequest: type: object description: WebAuthn Challenge response properties: component: type: string minLength: 1 default: ak-stage-authenticator-webauthn response: type: object additionalProperties: {} required: - response AutoSubmitChallengeResponseRequest: type: object description: Pseudo class for autosubmit response properties: component: type: string minLength: 1 default: ak-stage-autosubmit AutosubmitChallenge: type: object description: Autosubmit challenge used to send and navigate a POST request properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: ak-stage-autosubmit response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' url: type: string attrs: type: object additionalProperties: type: string title: type: string required: - attrs - type - url BackendsEnum: enum: - authentik.core.auth.InbuiltBackend - authentik.core.auth.TokenBackend - authentik.sources.ldap.auth.LDAPBackend type: string description: |- * `authentik.core.auth.InbuiltBackend` - User database + standard password * `authentik.core.auth.TokenBackend` - User database + app passwords * `authentik.sources.ldap.auth.LDAPBackend` - User database + LDAP password BindingTypeEnum: enum: - REDIRECT - POST - POST_AUTO type: string description: |- * `REDIRECT` - Redirect Binding * `POST` - POST Binding * `POST_AUTO` - POST Binding with auto-confirmation BlueprintFile: type: object properties: path: type: string last_m: type: string format: date-time hash: type: string meta: allOf: - $ref: '#/components/schemas/Metadata' readOnly: true required: - hash - last_m - meta - path BlueprintInstance: type: object description: Info about a single blueprint instance file properties: pk: type: string format: uuid readOnly: true title: Instance uuid name: type: string path: type: string default: '' context: type: object additionalProperties: {} last_applied: type: string format: date-time readOnly: true last_applied_hash: type: string readOnly: true status: allOf: - $ref: '#/components/schemas/BlueprintInstanceStatusEnum' readOnly: true enabled: type: boolean managed_models: type: array items: type: string readOnly: true metadata: type: object additionalProperties: {} readOnly: true content: type: string required: - last_applied - last_applied_hash - managed_models - metadata - name - pk - status BlueprintInstanceRequest: type: object description: Info about a single blueprint instance file properties: name: type: string minLength: 1 path: type: string default: '' context: type: object additionalProperties: {} enabled: type: boolean content: type: string required: - name BlueprintInstanceStatusEnum: enum: - successful - warning - error - orphaned - unknown type: string description: |- * `successful` - Successful * `warning` - Warning * `error` - Error * `orphaned` - Orphaned * `unknown` - Unknown Brand: type: object description: Brand Serializer properties: brand_uuid: type: string format: uuid readOnly: true domain: type: string description: Domain that activates this brand. Can be a superset, i.e. `a.b` for `aa.b` and `ba.b` default: type: boolean branding_title: type: string branding_logo: type: string branding_favicon: type: string flow_authentication: type: string format: uuid nullable: true flow_invalidation: type: string format: uuid nullable: true flow_recovery: type: string format: uuid nullable: true flow_unenrollment: type: string format: uuid nullable: true flow_user_settings: type: string format: uuid nullable: true flow_device_code: type: string format: uuid nullable: true event_retention: type: string description: 'Events will be deleted after this duration.(Format: weeks=3;days=2;hours=3,seconds=2).' web_certificate: type: string format: uuid nullable: true description: Web Certificate used by the authentik Core webserver. attributes: type: object additionalProperties: {} required: - brand_uuid - domain BrandRequest: type: object description: Brand Serializer properties: domain: type: string minLength: 1 description: Domain that activates this brand. Can be a superset, i.e. `a.b` for `aa.b` and `ba.b` default: type: boolean branding_title: type: string minLength: 1 branding_logo: type: string minLength: 1 branding_favicon: type: string minLength: 1 flow_authentication: type: string format: uuid nullable: true flow_invalidation: type: string format: uuid nullable: true flow_recovery: type: string format: uuid nullable: true flow_unenrollment: type: string format: uuid nullable: true flow_user_settings: type: string format: uuid nullable: true flow_device_code: type: string format: uuid nullable: true event_retention: type: string minLength: 1 description: 'Events will be deleted after this duration.(Format: weeks=3;days=2;hours=3,seconds=2).' web_certificate: type: string format: uuid nullable: true description: Web Certificate used by the authentik Core webserver. attributes: type: object additionalProperties: {} required: - domain Cache: type: object description: Generic cache stats for an object properties: count: type: integer readOnly: true required: - count CapabilitiesEnum: enum: - can_save_media - can_geo_ip - can_impersonate - can_debug - is_enterprise type: string description: |- * `can_save_media` - Can Save Media * `can_geo_ip` - Can Geo Ip * `can_impersonate` - Can Impersonate * `can_debug` - Can Debug * `is_enterprise` - Is Enterprise CaptchaChallenge: type: object description: Site public key properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: ak-stage-captcha response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' pending_user: type: string pending_user_avatar: type: string site_key: type: string js_url: type: string required: - js_url - pending_user - pending_user_avatar - site_key - type CaptchaChallengeResponseRequest: type: object description: Validate captcha token properties: component: type: string minLength: 1 default: ak-stage-captcha token: type: string minLength: 1 required: - token CaptchaStage: type: object description: CaptchaStage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string description: Get object type so that we know how to edit the object readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true flow_set: type: array items: $ref: '#/components/schemas/FlowSet' public_key: type: string description: Public key, acquired your captcha Provider. js_url: type: string api_url: type: string required: - component - meta_model_name - name - pk - public_key - verbose_name - verbose_name_plural CaptchaStageRequest: type: object description: CaptchaStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' public_key: type: string minLength: 1 description: Public key, acquired your captcha Provider. private_key: type: string writeOnly: true minLength: 1 description: Private key, acquired your captcha Provider. js_url: type: string minLength: 1 api_url: type: string minLength: 1 required: - name - private_key - public_key CertificateData: type: object description: Get CertificateKeyPair's data properties: data: type: string readOnly: true required: - data CertificateGenerationRequest: type: object description: Certificate generation parameters properties: common_name: type: string minLength: 1 subject_alt_name: type: string validity_days: type: integer required: - common_name - validity_days CertificateKeyPair: type: object description: CertificateKeyPair Serializer properties: pk: type: string format: uuid readOnly: true title: Kp uuid name: type: string fingerprint_sha256: type: string nullable: true description: Get certificate Hash (SHA256) readOnly: true fingerprint_sha1: type: string nullable: true description: Get certificate Hash (SHA1) readOnly: true cert_expiry: type: string format: date-time nullable: true description: Get certificate expiry readOnly: true cert_subject: type: string nullable: true description: Get certificate subject as full rfc4514 readOnly: true private_key_available: type: boolean description: Show if this keypair has a private key configured or not readOnly: true private_key_type: type: string nullable: true description: Get the private key's type, if set readOnly: true certificate_download_url: type: string description: Get URL to download certificate readOnly: true private_key_download_url: type: string description: Get URL to download private key readOnly: true managed: type: string readOnly: true nullable: true title: Managed by authentik description: Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. required: - cert_expiry - cert_subject - certificate_download_url - fingerprint_sha1 - fingerprint_sha256 - managed - name - pk - private_key_available - private_key_download_url - private_key_type CertificateKeyPairRequest: type: object description: CertificateKeyPair Serializer properties: name: type: string minLength: 1 certificate_data: type: string writeOnly: true minLength: 1 description: PEM-encoded Certificate data key_data: type: string writeOnly: true description: Optional Private Key. If this is set, you can use this keypair for encryption. required: - certificate_data - name ChallengeChoices: enum: - native - shell - redirect type: string description: |- * `native` - NATIVE * `shell` - SHELL * `redirect` - REDIRECT ChallengeTypes: oneOf: - $ref: '#/components/schemas/AccessDeniedChallenge' - $ref: '#/components/schemas/AppleLoginChallenge' - $ref: '#/components/schemas/AuthenticatorDuoChallenge' - $ref: '#/components/schemas/AuthenticatorSMSChallenge' - $ref: '#/components/schemas/AuthenticatorStaticChallenge' - $ref: '#/components/schemas/AuthenticatorTOTPChallenge' - $ref: '#/components/schemas/AuthenticatorValidationChallenge' - $ref: '#/components/schemas/AuthenticatorWebAuthnChallenge' - $ref: '#/components/schemas/AutosubmitChallenge' - $ref: '#/components/schemas/CaptchaChallenge' - $ref: '#/components/schemas/ConsentChallenge' - $ref: '#/components/schemas/DummyChallenge' - $ref: '#/components/schemas/EmailChallenge' - $ref: '#/components/schemas/FlowErrorChallenge' - $ref: '#/components/schemas/IdentificationChallenge' - $ref: '#/components/schemas/OAuthDeviceCodeChallenge' - $ref: '#/components/schemas/OAuthDeviceCodeFinishChallenge' - $ref: '#/components/schemas/PasswordChallenge' - $ref: '#/components/schemas/PlexAuthenticationChallenge' - $ref: '#/components/schemas/PromptChallenge' - $ref: '#/components/schemas/RedirectChallenge' - $ref: '#/components/schemas/ShellChallenge' - $ref: '#/components/schemas/UserLoginChallenge' discriminator: propertyName: component mapping: ak-stage-access-denied: '#/components/schemas/AccessDeniedChallenge' ak-source-oauth-apple: '#/components/schemas/AppleLoginChallenge' ak-stage-authenticator-duo: '#/components/schemas/AuthenticatorDuoChallenge' ak-stage-authenticator-sms: '#/components/schemas/AuthenticatorSMSChallenge' ak-stage-authenticator-static: '#/components/schemas/AuthenticatorStaticChallenge' ak-stage-authenticator-totp: '#/components/schemas/AuthenticatorTOTPChallenge' ak-stage-authenticator-validate: '#/components/schemas/AuthenticatorValidationChallenge' ak-stage-authenticator-webauthn: '#/components/schemas/AuthenticatorWebAuthnChallenge' ak-stage-autosubmit: '#/components/schemas/AutosubmitChallenge' ak-stage-captcha: '#/components/schemas/CaptchaChallenge' ak-stage-consent: '#/components/schemas/ConsentChallenge' ak-stage-dummy: '#/components/schemas/DummyChallenge' ak-stage-email: '#/components/schemas/EmailChallenge' ak-stage-flow-error: '#/components/schemas/FlowErrorChallenge' ak-stage-identification: '#/components/schemas/IdentificationChallenge' ak-provider-oauth2-device-code: '#/components/schemas/OAuthDeviceCodeChallenge' ak-provider-oauth2-device-code-finish: '#/components/schemas/OAuthDeviceCodeFinishChallenge' ak-stage-password: '#/components/schemas/PasswordChallenge' ak-source-plex: '#/components/schemas/PlexAuthenticationChallenge' ak-stage-prompt: '#/components/schemas/PromptChallenge' xak-flow-redirect: '#/components/schemas/RedirectChallenge' xak-flow-shell: '#/components/schemas/ShellChallenge' ak-stage-user-login: '#/components/schemas/UserLoginChallenge' ClientTypeEnum: enum: - confidential - public type: string description: |- * `confidential` - Confidential * `public` - Public Config: type: object description: Serialize authentik Config into DRF Object properties: error_reporting: $ref: '#/components/schemas/ErrorReportingConfig' capabilities: type: array items: $ref: '#/components/schemas/CapabilitiesEnum' cache_timeout: type: integer cache_timeout_flows: type: integer cache_timeout_policies: type: integer cache_timeout_reputation: type: integer required: - cache_timeout - cache_timeout_flows - cache_timeout_policies - cache_timeout_reputation - capabilities - error_reporting ConsentChallenge: type: object description: Challenge info for consent screens properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: ak-stage-consent response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' pending_user: type: string pending_user_avatar: type: string header_text: type: string permissions: type: array items: $ref: '#/components/schemas/ConsentPermission' additional_permissions: type: array items: $ref: '#/components/schemas/ConsentPermission' token: type: string required: - additional_permissions - pending_user - pending_user_avatar - permissions - token - type ConsentChallengeResponseRequest: type: object description: Consent challenge response, any valid response request is valid properties: component: type: string minLength: 1 default: ak-stage-consent token: type: string minLength: 1 required: - token ConsentPermission: type: object description: Permission used for consent properties: name: type: string id: type: string required: - id - name ConsentStage: type: object description: ConsentStage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string description: Get object type so that we know how to edit the object readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true flow_set: type: array items: $ref: '#/components/schemas/FlowSet' mode: $ref: '#/components/schemas/ConsentStageModeEnum' consent_expire_in: type: string title: Consent expires in description: 'Offset after which consent expires. (Format: hours=1;minutes=2;seconds=3).' required: - component - meta_model_name - name - pk - verbose_name - verbose_name_plural ConsentStageModeEnum: enum: - always_require - permanent - expiring type: string description: |- * `always_require` - Always Require * `permanent` - Permanent * `expiring` - Expiring ConsentStageRequest: type: object description: ConsentStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' mode: $ref: '#/components/schemas/ConsentStageModeEnum' consent_expire_in: type: string minLength: 1 title: Consent expires in description: 'Offset after which consent expires. (Format: hours=1;minutes=2;seconds=3).' required: - name ContextualFlowInfo: type: object description: Contextual flow information for a challenge properties: title: type: string background: type: string cancel_url: type: string layout: $ref: '#/components/schemas/LayoutEnum' required: - cancel_url - layout Coordinate: type: object description: Coordinates for diagrams properties: x_cord: type: integer readOnly: true y_cord: type: integer readOnly: true required: - x_cord - y_cord CurrentBrand: type: object description: Partial brand information for styling properties: matched_domain: type: string branding_title: type: string branding_logo: type: string branding_favicon: type: string ui_footer_links: type: array items: $ref: '#/components/schemas/FooterLink' readOnly: true ui_theme: allOf: - $ref: '#/components/schemas/UiThemeEnum' readOnly: true default: automatic flow_authentication: type: string flow_invalidation: type: string flow_recovery: type: string flow_unenrollment: type: string flow_user_settings: type: string flow_device_code: type: string default_locale: type: string readOnly: true required: - branding_favicon - branding_logo - branding_title - default_locale - matched_domain - ui_footer_links - ui_theme DeniedActionEnum: enum: - message_continue - message - continue type: string description: |- * `message_continue` - Message Continue * `message` - Message * `continue` - Continue DenyStage: type: object description: DenyStage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string description: Get object type so that we know how to edit the object readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true flow_set: type: array items: $ref: '#/components/schemas/FlowSet' deny_message: type: string required: - component - meta_model_name - name - pk - verbose_name - verbose_name_plural DenyStageRequest: type: object description: DenyStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' deny_message: type: string required: - name Device: type: object description: Serializer for Duo authenticator devices properties: verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true pk: type: integer name: type: string type: type: string description: Get type of device readOnly: true confirmed: type: boolean required: - confirmed - meta_model_name - name - pk - type - verbose_name - verbose_name_plural DeviceChallenge: type: object description: Single device challenge properties: device_class: type: string device_uid: type: string challenge: type: object additionalProperties: {} required: - challenge - device_class - device_uid DeviceChallengeRequest: type: object description: Single device challenge properties: device_class: type: string minLength: 1 device_uid: type: string minLength: 1 challenge: type: object additionalProperties: {} required: - challenge - device_class - device_uid DeviceClassesEnum: enum: - static - totp - webauthn - duo - sms type: string description: |- * `static` - Static * `totp` - TOTP * `webauthn` - WebAuthn * `duo` - Duo * `sms` - SMS DigestAlgorithmEnum: enum: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha512 type: string description: |- * `http://www.w3.org/2000/09/xmldsig#sha1` - SHA1 * `http://www.w3.org/2001/04/xmlenc#sha256` - SHA256 * `http://www.w3.org/2001/04/xmldsig-more#sha384` - SHA384 * `http://www.w3.org/2001/04/xmlenc#sha512` - SHA512 DigitsEnum: enum: - '6' - '8' type: string description: |- * `6` - 6 digits, widely compatible * `8` - 8 digits, not compatible with apps like Google Authenticator DockerServiceConnection: type: object description: DockerServiceConnection Serializer properties: pk: type: string format: uuid readOnly: true title: Uuid name: type: string local: type: boolean description: If enabled, use the local connection. Required Docker socket/Kubernetes Integration component: type: string readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true url: type: string description: Can be in the format of 'unix://' when connecting to a local docker daemon, or 'https://:2376' when connecting to a remote system. tls_verification: type: string format: uuid nullable: true description: CA which the endpoint's Certificate is verified against. Can be left empty for no validation. tls_authentication: type: string format: uuid nullable: true description: Certificate/Key used for authentication. Can be left empty for no authentication. required: - component - meta_model_name - name - pk - url - verbose_name - verbose_name_plural DockerServiceConnectionRequest: type: object description: DockerServiceConnection Serializer properties: name: type: string minLength: 1 local: type: boolean description: If enabled, use the local connection. Required Docker socket/Kubernetes Integration url: type: string minLength: 1 description: Can be in the format of 'unix://' when connecting to a local docker daemon, or 'https://:2376' when connecting to a remote system. tls_verification: type: string format: uuid nullable: true description: CA which the endpoint's Certificate is verified against. Can be left empty for no validation. tls_authentication: type: string format: uuid nullable: true description: Certificate/Key used for authentication. Can be left empty for no authentication. required: - name - url Domain: type: object description: Domain Serializer properties: id: type: integer readOnly: true domain: type: string maxLength: 253 is_primary: type: boolean tenant: type: string format: uuid required: - domain - id - tenant DomainRequest: type: object description: Domain Serializer properties: domain: type: string minLength: 1 maxLength: 253 is_primary: type: boolean tenant: type: string format: uuid required: - domain - tenant DummyChallenge: type: object description: Dummy challenge properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: ak-stage-dummy response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' required: - type DummyChallengeResponseRequest: type: object description: Dummy challenge response properties: component: type: string minLength: 1 default: ak-stage-dummy DummyPolicy: type: object description: Dummy Policy Serializer properties: pk: type: string format: uuid readOnly: true title: Policy uuid name: type: string execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. component: type: string description: Get object component so that we know how to edit the object readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true bound_to: type: integer description: Return objects policy is bound to readOnly: true result: type: boolean wait_min: type: integer maximum: 2147483647 minimum: -2147483648 wait_max: type: integer maximum: 2147483647 minimum: -2147483648 required: - bound_to - component - meta_model_name - name - pk - verbose_name - verbose_name_plural DummyPolicyRequest: type: object description: Dummy Policy Serializer properties: name: type: string minLength: 1 execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. result: type: boolean wait_min: type: integer maximum: 2147483647 minimum: -2147483648 wait_max: type: integer maximum: 2147483647 minimum: -2147483648 required: - name DummyStage: type: object description: DummyStage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string description: Get object type so that we know how to edit the object readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true flow_set: type: array items: $ref: '#/components/schemas/FlowSet' throw_error: type: boolean required: - component - meta_model_name - name - pk - verbose_name - verbose_name_plural DummyStageRequest: type: object description: DummyStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' throw_error: type: boolean required: - name DuoDevice: type: object description: Serializer for Duo authenticator devices properties: pk: type: integer readOnly: true title: ID name: type: string description: The human-readable name of this device. maxLength: 64 required: - name - pk DuoDeviceEnrollmentStatus: type: object properties: duo_response: $ref: '#/components/schemas/DuoResponseEnum' required: - duo_response DuoDeviceRequest: type: object description: Serializer for Duo authenticator devices properties: name: type: string minLength: 1 description: The human-readable name of this device. maxLength: 64 required: - name DuoResponseEnum: enum: - success - waiting - invalid type: string description: |- * `success` - Success * `waiting` - Waiting * `invalid` - Invalid EmailChallenge: type: object description: Email challenge properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: ak-stage-email response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' required: - type EmailChallengeResponseRequest: type: object description: |- Email challenge resposen. No fields. This challenge is always declared invalid to give the user a chance to retry properties: component: type: string minLength: 1 default: ak-stage-email EmailStage: type: object description: EmailStage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string description: Get object type so that we know how to edit the object readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true flow_set: type: array items: $ref: '#/components/schemas/FlowSet' use_global_settings: type: boolean description: When enabled, global Email connection settings will be used and connection settings below will be ignored. host: type: string port: type: integer maximum: 2147483647 minimum: -2147483648 username: type: string use_tls: type: boolean use_ssl: type: boolean timeout: type: integer maximum: 2147483647 minimum: -2147483648 from_address: type: string format: email maxLength: 254 token_expiry: type: integer maximum: 2147483647 minimum: -2147483648 description: Time in minutes the token sent is valid. subject: type: string template: type: string activate_user_on_success: type: boolean description: Activate users upon completion of stage. required: - component - meta_model_name - name - pk - verbose_name - verbose_name_plural EmailStageRequest: type: object description: EmailStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' use_global_settings: type: boolean description: When enabled, global Email connection settings will be used and connection settings below will be ignored. host: type: string minLength: 1 port: type: integer maximum: 2147483647 minimum: -2147483648 username: type: string password: type: string writeOnly: true use_tls: type: boolean use_ssl: type: boolean timeout: type: integer maximum: 2147483647 minimum: -2147483648 from_address: type: string format: email minLength: 1 maxLength: 254 token_expiry: type: integer maximum: 2147483647 minimum: -2147483648 description: Time in minutes the token sent is valid. subject: type: string minLength: 1 template: type: string minLength: 1 activate_user_on_success: type: boolean description: Activate users upon completion of stage. required: - name ErrorDetail: type: object description: Serializer for rest_framework's error messages properties: string: type: string code: type: string required: - code - string ErrorReportingConfig: type: object description: Config for error reporting properties: enabled: type: boolean readOnly: true sentry_dsn: type: string readOnly: true environment: type: string readOnly: true send_pii: type: boolean readOnly: true traces_sample_rate: type: number format: double readOnly: true required: - enabled - environment - send_pii - sentry_dsn - traces_sample_rate Event: type: object description: Event Serializer properties: pk: type: string format: uuid readOnly: true title: Event uuid user: type: object additionalProperties: {} action: $ref: '#/components/schemas/EventActions' app: type: string context: type: object additionalProperties: {} client_ip: type: string nullable: true created: type: string format: date-time readOnly: true expires: type: string format: date-time brand: type: object additionalProperties: {} required: - action - app - created - pk EventActions: enum: - login - login_failed - logout - user_write - suspicious_request - password_set - secret_view - secret_rotate - invitation_used - authorize_application - source_linked - impersonation_started - impersonation_ended - flow_execution - policy_execution - policy_exception - property_mapping_exception - system_task_execution - system_task_exception - system_exception - configuration_error - model_created - model_updated - model_deleted - email_sent - update_available - custom_ type: string description: |- * `login` - Login * `login_failed` - Login Failed * `logout` - Logout * `user_write` - User Write * `suspicious_request` - Suspicious Request * `password_set` - Password Set * `secret_view` - Secret View * `secret_rotate` - Secret Rotate * `invitation_used` - Invite Used * `authorize_application` - Authorize Application * `source_linked` - Source Linked * `impersonation_started` - Impersonation Started * `impersonation_ended` - Impersonation Ended * `flow_execution` - Flow Execution * `policy_execution` - Policy Execution * `policy_exception` - Policy Exception * `property_mapping_exception` - Property Mapping Exception * `system_task_execution` - System Task Execution * `system_task_exception` - System Task Exception * `system_exception` - System Exception * `configuration_error` - Configuration Error * `model_created` - Model Created * `model_updated` - Model Updated * `model_deleted` - Model Deleted * `email_sent` - Email Sent * `update_available` - Update Available * `custom_` - Custom Prefix EventMatcherPolicy: type: object description: Event Matcher Policy Serializer properties: pk: type: string format: uuid readOnly: true title: Policy uuid name: type: string execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. component: type: string description: Get object component so that we know how to edit the object readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true bound_to: type: integer description: Return objects policy is bound to readOnly: true action: allOf: - $ref: '#/components/schemas/EventActions' nullable: true description: |- Match created events with this action type. When left empty, all action types will be matched. * `login` - Login * `login_failed` - Login Failed * `logout` - Logout * `user_write` - User Write * `suspicious_request` - Suspicious Request * `password_set` - Password Set * `secret_view` - Secret View * `secret_rotate` - Secret Rotate * `invitation_used` - Invite Used * `authorize_application` - Authorize Application * `source_linked` - Source Linked * `impersonation_started` - Impersonation Started * `impersonation_ended` - Impersonation Ended * `flow_execution` - Flow Execution * `policy_execution` - Policy Execution * `policy_exception` - Policy Exception * `property_mapping_exception` - Property Mapping Exception * `system_task_execution` - System Task Execution * `system_task_exception` - System Task Exception * `system_exception` - System Exception * `configuration_error` - Configuration Error * `model_created` - Model Created * `model_updated` - Model Updated * `model_deleted` - Model Deleted * `email_sent` - Email Sent * `update_available` - Update Available * `custom_` - Custom Prefix client_ip: type: string nullable: true description: Matches Event's Client IP (strict matching, for network matching use an Expression Policy) app: allOf: - $ref: '#/components/schemas/AppEnum' nullable: true description: |- Match events created by selected application. When left empty, all applications are matched. * `authentik.tenants` - authentik Tenants * `authentik.admin` - authentik Admin * `authentik.api` - authentik API * `authentik.crypto` - authentik Crypto * `authentik.events` - authentik Events * `authentik.flows` - authentik Flows * `authentik.outposts` - authentik Outpost * `authentik.policies.dummy` - authentik Policies.Dummy * `authentik.policies.event_matcher` - authentik Policies.Event Matcher * `authentik.policies.expiry` - authentik Policies.Expiry * `authentik.policies.expression` - authentik Policies.Expression * `authentik.policies.password` - authentik Policies.Password * `authentik.policies.reputation` - authentik Policies.Reputation * `authentik.policies` - authentik Policies * `authentik.providers.ldap` - authentik Providers.LDAP * `authentik.providers.oauth2` - authentik Providers.OAuth2 * `authentik.providers.proxy` - authentik Providers.Proxy * `authentik.providers.radius` - authentik Providers.Radius * `authentik.providers.saml` - authentik Providers.SAML * `authentik.providers.scim` - authentik Providers.SCIM * `authentik.rbac` - authentik RBAC * `authentik.recovery` - authentik Recovery * `authentik.sources.ldap` - authentik Sources.LDAP * `authentik.sources.oauth` - authentik Sources.OAuth * `authentik.sources.plex` - authentik Sources.Plex * `authentik.sources.saml` - authentik Sources.SAML * `authentik.stages.authenticator` - authentik Stages.Authenticator * `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo * `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS * `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static * `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP * `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate * `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn * `authentik.stages.captcha` - authentik Stages.Captcha * `authentik.stages.consent` - authentik Stages.Consent * `authentik.stages.deny` - authentik Stages.Deny * `authentik.stages.dummy` - authentik Stages.Dummy * `authentik.stages.email` - authentik Stages.Email * `authentik.stages.identification` - authentik Stages.Identification * `authentik.stages.invitation` - authentik Stages.User Invitation * `authentik.stages.password` - authentik Stages.Password * `authentik.stages.prompt` - authentik Stages.Prompt * `authentik.stages.user_delete` - authentik Stages.User Delete * `authentik.stages.user_login` - authentik Stages.User Login * `authentik.stages.user_logout` - authentik Stages.User Logout * `authentik.stages.user_write` - authentik Stages.User Write * `authentik.brands` - authentik Brands * `authentik.blueprints` - authentik Blueprints * `authentik.core` - authentik Core * `authentik.enterprise` - authentik Enterprise model: allOf: - $ref: '#/components/schemas/ModelEnum' nullable: true description: |- Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. * `authentik_tenants.tenant` - Tenant * `authentik_tenants.domain` - Domain * `authentik_crypto.certificatekeypair` - Certificate-Key Pair * `authentik_events.event` - Event * `authentik_events.notificationtransport` - Notification Transport * `authentik_events.notification` - Notification * `authentik_events.notificationrule` - Notification Rule * `authentik_events.notificationwebhookmapping` - Webhook Mapping * `authentik_flows.flow` - Flow * `authentik_flows.flowstagebinding` - Flow Stage Binding * `authentik_outposts.dockerserviceconnection` - Docker Service-Connection * `authentik_outposts.kubernetesserviceconnection` - Kubernetes Service-Connection * `authentik_outposts.outpost` - Outpost * `authentik_policies_dummy.dummypolicy` - Dummy Policy * `authentik_policies_event_matcher.eventmatcherpolicy` - Event Matcher Policy * `authentik_policies_expiry.passwordexpirypolicy` - Password Expiry Policy * `authentik_policies_expression.expressionpolicy` - Expression Policy * `authentik_policies_password.passwordpolicy` - Password Policy * `authentik_policies_reputation.reputationpolicy` - Reputation Policy * `authentik_policies_reputation.reputation` - Reputation Score * `authentik_policies.policybinding` - Policy Binding * `authentik_providers_ldap.ldapprovider` - LDAP Provider * `authentik_providers_oauth2.scopemapping` - Scope Mapping * `authentik_providers_oauth2.oauth2provider` - OAuth2/OpenID Provider * `authentik_providers_oauth2.authorizationcode` - Authorization Code * `authentik_providers_oauth2.accesstoken` - OAuth2 Access Token * `authentik_providers_oauth2.refreshtoken` - OAuth2 Refresh Token * `authentik_providers_proxy.proxyprovider` - Proxy Provider * `authentik_providers_radius.radiusprovider` - Radius Provider * `authentik_providers_saml.samlprovider` - SAML Provider * `authentik_providers_saml.samlpropertymapping` - SAML Property Mapping * `authentik_providers_scim.scimprovider` - SCIM Provider * `authentik_providers_scim.scimmapping` - SCIM Mapping * `authentik_rbac.role` - Role * `authentik_sources_ldap.ldapsource` - LDAP Source * `authentik_sources_ldap.ldappropertymapping` - LDAP Property Mapping * `authentik_sources_oauth.oauthsource` - OAuth Source * `authentik_sources_oauth.useroauthsourceconnection` - User OAuth Source Connection * `authentik_sources_plex.plexsource` - Plex Source * `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection * `authentik_sources_saml.samlsource` - SAML Source * `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection * `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage * `authentik_stages_authenticator_duo.duodevice` - Duo Device * `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage * `authentik_stages_authenticator_sms.smsdevice` - SMS Device * `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage * `authentik_stages_authenticator_static.staticdevice` - Static Device * `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage * `authentik_stages_authenticator_totp.totpdevice` - TOTP Device * `authentik_stages_authenticator_validate.authenticatorvalidatestage` - Authenticator Validation Stage * `authentik_stages_authenticator_webauthn.authenticatewebauthnstage` - WebAuthn Authenticator Setup Stage * `authentik_stages_authenticator_webauthn.webauthndevice` - WebAuthn Device * `authentik_stages_captcha.captchastage` - Captcha Stage * `authentik_stages_consent.consentstage` - Consent Stage * `authentik_stages_consent.userconsent` - User Consent * `authentik_stages_deny.denystage` - Deny Stage * `authentik_stages_dummy.dummystage` - Dummy Stage * `authentik_stages_email.emailstage` - Email Stage * `authentik_stages_identification.identificationstage` - Identification Stage * `authentik_stages_invitation.invitationstage` - Invitation Stage * `authentik_stages_invitation.invitation` - Invitation * `authentik_stages_password.passwordstage` - Password Stage * `authentik_stages_prompt.prompt` - Prompt * `authentik_stages_prompt.promptstage` - Prompt Stage * `authentik_stages_user_delete.userdeletestage` - User Delete Stage * `authentik_stages_user_login.userloginstage` - User Login Stage * `authentik_stages_user_logout.userlogoutstage` - User Logout Stage * `authentik_stages_user_write.userwritestage` - User Write Stage * `authentik_brands.brand` - Brand * `authentik_blueprints.blueprintinstance` - Blueprint Instance * `authentik_core.group` - Group * `authentik_core.user` - User * `authentik_core.application` - Application * `authentik_core.token` - Token * `authentik_enterprise.license` - License required: - bound_to - component - meta_model_name - name - pk - verbose_name - verbose_name_plural EventMatcherPolicyRequest: type: object description: Event Matcher Policy Serializer properties: name: type: string minLength: 1 execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. action: allOf: - $ref: '#/components/schemas/EventActions' nullable: true description: |- Match created events with this action type. When left empty, all action types will be matched. * `login` - Login * `login_failed` - Login Failed * `logout` - Logout * `user_write` - User Write * `suspicious_request` - Suspicious Request * `password_set` - Password Set * `secret_view` - Secret View * `secret_rotate` - Secret Rotate * `invitation_used` - Invite Used * `authorize_application` - Authorize Application * `source_linked` - Source Linked * `impersonation_started` - Impersonation Started * `impersonation_ended` - Impersonation Ended * `flow_execution` - Flow Execution * `policy_execution` - Policy Execution * `policy_exception` - Policy Exception * `property_mapping_exception` - Property Mapping Exception * `system_task_execution` - System Task Execution * `system_task_exception` - System Task Exception * `system_exception` - System Exception * `configuration_error` - Configuration Error * `model_created` - Model Created * `model_updated` - Model Updated * `model_deleted` - Model Deleted * `email_sent` - Email Sent * `update_available` - Update Available * `custom_` - Custom Prefix client_ip: type: string nullable: true minLength: 1 description: Matches Event's Client IP (strict matching, for network matching use an Expression Policy) app: allOf: - $ref: '#/components/schemas/AppEnum' nullable: true description: |- Match events created by selected application. When left empty, all applications are matched. * `authentik.tenants` - authentik Tenants * `authentik.admin` - authentik Admin * `authentik.api` - authentik API * `authentik.crypto` - authentik Crypto * `authentik.events` - authentik Events * `authentik.flows` - authentik Flows * `authentik.outposts` - authentik Outpost * `authentik.policies.dummy` - authentik Policies.Dummy * `authentik.policies.event_matcher` - authentik Policies.Event Matcher * `authentik.policies.expiry` - authentik Policies.Expiry * `authentik.policies.expression` - authentik Policies.Expression * `authentik.policies.password` - authentik Policies.Password * `authentik.policies.reputation` - authentik Policies.Reputation * `authentik.policies` - authentik Policies * `authentik.providers.ldap` - authentik Providers.LDAP * `authentik.providers.oauth2` - authentik Providers.OAuth2 * `authentik.providers.proxy` - authentik Providers.Proxy * `authentik.providers.radius` - authentik Providers.Radius * `authentik.providers.saml` - authentik Providers.SAML * `authentik.providers.scim` - authentik Providers.SCIM * `authentik.rbac` - authentik RBAC * `authentik.recovery` - authentik Recovery * `authentik.sources.ldap` - authentik Sources.LDAP * `authentik.sources.oauth` - authentik Sources.OAuth * `authentik.sources.plex` - authentik Sources.Plex * `authentik.sources.saml` - authentik Sources.SAML * `authentik.stages.authenticator` - authentik Stages.Authenticator * `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo * `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS * `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static * `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP * `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate * `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn * `authentik.stages.captcha` - authentik Stages.Captcha * `authentik.stages.consent` - authentik Stages.Consent * `authentik.stages.deny` - authentik Stages.Deny * `authentik.stages.dummy` - authentik Stages.Dummy * `authentik.stages.email` - authentik Stages.Email * `authentik.stages.identification` - authentik Stages.Identification * `authentik.stages.invitation` - authentik Stages.User Invitation * `authentik.stages.password` - authentik Stages.Password * `authentik.stages.prompt` - authentik Stages.Prompt * `authentik.stages.user_delete` - authentik Stages.User Delete * `authentik.stages.user_login` - authentik Stages.User Login * `authentik.stages.user_logout` - authentik Stages.User Logout * `authentik.stages.user_write` - authentik Stages.User Write * `authentik.brands` - authentik Brands * `authentik.blueprints` - authentik Blueprints * `authentik.core` - authentik Core * `authentik.enterprise` - authentik Enterprise model: allOf: - $ref: '#/components/schemas/ModelEnum' nullable: true description: |- Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. * `authentik_tenants.tenant` - Tenant * `authentik_tenants.domain` - Domain * `authentik_crypto.certificatekeypair` - Certificate-Key Pair * `authentik_events.event` - Event * `authentik_events.notificationtransport` - Notification Transport * `authentik_events.notification` - Notification * `authentik_events.notificationrule` - Notification Rule * `authentik_events.notificationwebhookmapping` - Webhook Mapping * `authentik_flows.flow` - Flow * `authentik_flows.flowstagebinding` - Flow Stage Binding * `authentik_outposts.dockerserviceconnection` - Docker Service-Connection * `authentik_outposts.kubernetesserviceconnection` - Kubernetes Service-Connection * `authentik_outposts.outpost` - Outpost * `authentik_policies_dummy.dummypolicy` - Dummy Policy * `authentik_policies_event_matcher.eventmatcherpolicy` - Event Matcher Policy * `authentik_policies_expiry.passwordexpirypolicy` - Password Expiry Policy * `authentik_policies_expression.expressionpolicy` - Expression Policy * `authentik_policies_password.passwordpolicy` - Password Policy * `authentik_policies_reputation.reputationpolicy` - Reputation Policy * `authentik_policies_reputation.reputation` - Reputation Score * `authentik_policies.policybinding` - Policy Binding * `authentik_providers_ldap.ldapprovider` - LDAP Provider * `authentik_providers_oauth2.scopemapping` - Scope Mapping * `authentik_providers_oauth2.oauth2provider` - OAuth2/OpenID Provider * `authentik_providers_oauth2.authorizationcode` - Authorization Code * `authentik_providers_oauth2.accesstoken` - OAuth2 Access Token * `authentik_providers_oauth2.refreshtoken` - OAuth2 Refresh Token * `authentik_providers_proxy.proxyprovider` - Proxy Provider * `authentik_providers_radius.radiusprovider` - Radius Provider * `authentik_providers_saml.samlprovider` - SAML Provider * `authentik_providers_saml.samlpropertymapping` - SAML Property Mapping * `authentik_providers_scim.scimprovider` - SCIM Provider * `authentik_providers_scim.scimmapping` - SCIM Mapping * `authentik_rbac.role` - Role * `authentik_sources_ldap.ldapsource` - LDAP Source * `authentik_sources_ldap.ldappropertymapping` - LDAP Property Mapping * `authentik_sources_oauth.oauthsource` - OAuth Source * `authentik_sources_oauth.useroauthsourceconnection` - User OAuth Source Connection * `authentik_sources_plex.plexsource` - Plex Source * `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection * `authentik_sources_saml.samlsource` - SAML Source * `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection * `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage * `authentik_stages_authenticator_duo.duodevice` - Duo Device * `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage * `authentik_stages_authenticator_sms.smsdevice` - SMS Device * `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage * `authentik_stages_authenticator_static.staticdevice` - Static Device * `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage * `authentik_stages_authenticator_totp.totpdevice` - TOTP Device * `authentik_stages_authenticator_validate.authenticatorvalidatestage` - Authenticator Validation Stage * `authentik_stages_authenticator_webauthn.authenticatewebauthnstage` - WebAuthn Authenticator Setup Stage * `authentik_stages_authenticator_webauthn.webauthndevice` - WebAuthn Device * `authentik_stages_captcha.captchastage` - Captcha Stage * `authentik_stages_consent.consentstage` - Consent Stage * `authentik_stages_consent.userconsent` - User Consent * `authentik_stages_deny.denystage` - Deny Stage * `authentik_stages_dummy.dummystage` - Dummy Stage * `authentik_stages_email.emailstage` - Email Stage * `authentik_stages_identification.identificationstage` - Identification Stage * `authentik_stages_invitation.invitationstage` - Invitation Stage * `authentik_stages_invitation.invitation` - Invitation * `authentik_stages_password.passwordstage` - Password Stage * `authentik_stages_prompt.prompt` - Prompt * `authentik_stages_prompt.promptstage` - Prompt Stage * `authentik_stages_user_delete.userdeletestage` - User Delete Stage * `authentik_stages_user_login.userloginstage` - User Login Stage * `authentik_stages_user_logout.userlogoutstage` - User Logout Stage * `authentik_stages_user_write.userwritestage` - User Write Stage * `authentik_brands.brand` - Brand * `authentik_blueprints.blueprintinstance` - Blueprint Instance * `authentik_core.group` - Group * `authentik_core.user` - User * `authentik_core.application` - Application * `authentik_core.token` - Token * `authentik_enterprise.license` - License required: - name EventRequest: type: object description: Event Serializer properties: user: type: object additionalProperties: {} action: $ref: '#/components/schemas/EventActions' app: type: string minLength: 1 context: type: object additionalProperties: {} client_ip: type: string nullable: true minLength: 1 expires: type: string format: date-time brand: type: object additionalProperties: {} required: - action - app EventTopPerUser: type: object description: Response object of Event's top_per_user properties: application: type: object additionalProperties: {} counted_events: type: integer unique_users: type: integer required: - application - counted_events - unique_users ExpiringBaseGrantModel: type: object description: Serializer for BaseGrantModel and ExpiringBaseGrant properties: pk: type: integer readOnly: true title: ID provider: $ref: '#/components/schemas/OAuth2Provider' user: $ref: '#/components/schemas/User' is_expired: type: boolean description: Check if token is expired yet. readOnly: true expires: type: string format: date-time scope: type: array items: type: string required: - is_expired - pk - provider - scope - user ExpressionPolicy: type: object description: Group Membership Policy Serializer properties: pk: type: string format: uuid readOnly: true title: Policy uuid name: type: string execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. component: type: string description: Get object component so that we know how to edit the object readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true bound_to: type: integer description: Return objects policy is bound to readOnly: true expression: type: string required: - bound_to - component - expression - meta_model_name - name - pk - verbose_name - verbose_name_plural ExpressionPolicyRequest: type: object description: Group Membership Policy Serializer properties: name: type: string minLength: 1 execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. expression: type: string minLength: 1 required: - expression - name ExtraRoleObjectPermission: type: object description: User permission with additional object-related data properties: id: type: integer readOnly: true codename: type: string readOnly: true model: type: string title: Python model class name readOnly: true app_label: type: string readOnly: true object_pk: type: string title: Object ID readOnly: true name: type: string readOnly: true app_label_verbose: type: string description: Get app label from permission's model readOnly: true model_verbose: type: string description: Get model label from permission's model readOnly: true object_description: type: string nullable: true description: |- Get model description from attached model. This operation takes at least one additional query, and the description is only shown if the user/role has the view_ permission on the object readOnly: true required: - app_label - app_label_verbose - codename - id - model - model_verbose - name - object_description - object_pk ExtraUserObjectPermission: type: object description: User permission with additional object-related data properties: id: type: integer readOnly: true codename: type: string readOnly: true model: type: string title: Python model class name readOnly: true app_label: type: string readOnly: true object_pk: type: string title: Object ID readOnly: true name: type: string readOnly: true app_label_verbose: type: string description: Get app label from permission's model readOnly: true model_verbose: type: string description: Get model label from permission's model readOnly: true object_description: type: string nullable: true description: |- Get model description from attached model. This operation takes at least one additional query, and the description is only shown if the user/role has the view_ permission on the object readOnly: true required: - app_label - app_label_verbose - codename - id - model - model_verbose - name - object_description - object_pk FilePathRequest: type: object description: Serializer to upload file properties: url: type: string minLength: 1 required: - url FileUploadRequest: type: object description: Serializer to upload file properties: file: type: string format: binary clear: type: boolean default: false Flow: type: object description: Flow Serializer properties: pk: type: string format: uuid readOnly: true title: Flow uuid policybindingmodel_ptr_id: type: string format: uuid readOnly: true name: type: string slug: type: string description: Visible in the URL. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ title: type: string description: Shown as the Title in Flow pages. designation: allOf: - $ref: '#/components/schemas/FlowDesignationEnum' description: |- Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik. * `authentication` - Authentication * `authorization` - Authorization * `invalidation` - Invalidation * `enrollment` - Enrollment * `unenrollment` - Unrenollment * `recovery` - Recovery * `stage_configuration` - Stage Configuration background: type: string description: |- Get the URL to the background image. If the name is /static or starts with http it is returned as-is readOnly: true stages: type: array items: type: string format: uuid readOnly: true policies: type: array items: type: string format: uuid readOnly: true cache_count: type: integer description: Get count of cached flows readOnly: true policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' compatibility_mode: type: boolean description: Enable compatibility mode, increases compatibility with password managers on mobile devices. export_url: type: string description: Get export URL for flow readOnly: true layout: $ref: '#/components/schemas/LayoutEnum' denied_action: allOf: - $ref: '#/components/schemas/DeniedActionEnum' description: |- Configure what should happen when a flow denies access to a user. * `message_continue` - Message Continue * `message` - Message * `continue` - Continue authentication: allOf: - $ref: '#/components/schemas/AuthenticationEnum' description: |- Required level of authentication and authorization to access a flow. * `none` - None * `require_authenticated` - Require Authenticated * `require_unauthenticated` - Require Unauthenticated * `require_superuser` - Require Superuser required: - background - cache_count - designation - export_url - name - pk - policies - policybindingmodel_ptr_id - slug - stages - title FlowChallengeResponseRequest: oneOf: - $ref: '#/components/schemas/AppleChallengeResponseRequest' - $ref: '#/components/schemas/AuthenticatorDuoChallengeResponseRequest' - $ref: '#/components/schemas/AuthenticatorSMSChallengeResponseRequest' - $ref: '#/components/schemas/AuthenticatorStaticChallengeResponseRequest' - $ref: '#/components/schemas/AuthenticatorTOTPChallengeResponseRequest' - $ref: '#/components/schemas/AuthenticatorValidationChallengeResponseRequest' - $ref: '#/components/schemas/AuthenticatorWebAuthnChallengeResponseRequest' - $ref: '#/components/schemas/AutoSubmitChallengeResponseRequest' - $ref: '#/components/schemas/CaptchaChallengeResponseRequest' - $ref: '#/components/schemas/ConsentChallengeResponseRequest' - $ref: '#/components/schemas/DummyChallengeResponseRequest' - $ref: '#/components/schemas/EmailChallengeResponseRequest' - $ref: '#/components/schemas/IdentificationChallengeResponseRequest' - $ref: '#/components/schemas/OAuthDeviceCodeChallengeResponseRequest' - $ref: '#/components/schemas/OAuthDeviceCodeFinishChallengeResponseRequest' - $ref: '#/components/schemas/PasswordChallengeResponseRequest' - $ref: '#/components/schemas/PlexAuthenticationChallengeResponseRequest' - $ref: '#/components/schemas/PromptChallengeResponseRequest' - $ref: '#/components/schemas/UserLoginChallengeResponseRequest' discriminator: propertyName: component mapping: ak-source-oauth-apple: '#/components/schemas/AppleChallengeResponseRequest' ak-stage-authenticator-duo: '#/components/schemas/AuthenticatorDuoChallengeResponseRequest' ak-stage-authenticator-sms: '#/components/schemas/AuthenticatorSMSChallengeResponseRequest' ak-stage-authenticator-static: '#/components/schemas/AuthenticatorStaticChallengeResponseRequest' ak-stage-authenticator-totp: '#/components/schemas/AuthenticatorTOTPChallengeResponseRequest' ak-stage-authenticator-validate: '#/components/schemas/AuthenticatorValidationChallengeResponseRequest' ak-stage-authenticator-webauthn: '#/components/schemas/AuthenticatorWebAuthnChallengeResponseRequest' ak-stage-autosubmit: '#/components/schemas/AutoSubmitChallengeResponseRequest' ak-stage-captcha: '#/components/schemas/CaptchaChallengeResponseRequest' ak-stage-consent: '#/components/schemas/ConsentChallengeResponseRequest' ak-stage-dummy: '#/components/schemas/DummyChallengeResponseRequest' ak-stage-email: '#/components/schemas/EmailChallengeResponseRequest' ak-stage-identification: '#/components/schemas/IdentificationChallengeResponseRequest' ak-provider-oauth2-device-code: '#/components/schemas/OAuthDeviceCodeChallengeResponseRequest' ak-provider-oauth2-device-code-finish: '#/components/schemas/OAuthDeviceCodeFinishChallengeResponseRequest' ak-stage-password: '#/components/schemas/PasswordChallengeResponseRequest' ak-source-plex: '#/components/schemas/PlexAuthenticationChallengeResponseRequest' ak-stage-prompt: '#/components/schemas/PromptChallengeResponseRequest' ak-stage-user-login: '#/components/schemas/UserLoginChallengeResponseRequest' FlowDesignationEnum: enum: - authentication - authorization - invalidation - enrollment - unenrollment - recovery - stage_configuration type: string description: |- * `authentication` - Authentication * `authorization` - Authorization * `invalidation` - Invalidation * `enrollment` - Enrollment * `unenrollment` - Unrenollment * `recovery` - Recovery * `stage_configuration` - Stage Configuration FlowDiagram: type: object description: response of the flow's diagram action properties: diagram: type: string readOnly: true required: - diagram FlowErrorChallenge: type: object description: |- Challenge class when an unhandled error occurs during a stage. Normal users are shown an error message, superusers are shown a full stacktrace. properties: type: type: string default: native flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: ak-stage-flow-error response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' request_id: type: string error: type: string traceback: type: string required: - request_id FlowImportResult: type: object description: Logs of an attempted flow import properties: logs: type: array items: type: object additionalProperties: {} readOnly: true success: type: boolean readOnly: true required: - logs - success FlowInspection: type: object description: Serializer for inspect endpoint properties: plans: type: array items: $ref: '#/components/schemas/FlowInspectorPlan' current_plan: $ref: '#/components/schemas/FlowInspectorPlan' is_completed: type: boolean required: - is_completed - plans FlowInspectorPlan: type: object description: Serializer for an active FlowPlan properties: current_stage: allOf: - $ref: '#/components/schemas/FlowStageBinding' readOnly: true next_planned_stage: allOf: - $ref: '#/components/schemas/FlowStageBinding' readOnly: true plan_context: type: object additionalProperties: {} description: Get the plan's context, sanitized readOnly: true session_id: type: string description: Get a unique session ID readOnly: true required: - current_stage - next_planned_stage - plan_context - session_id FlowRequest: type: object description: Flow Serializer properties: name: type: string minLength: 1 slug: type: string minLength: 1 description: Visible in the URL. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ title: type: string minLength: 1 description: Shown as the Title in Flow pages. designation: allOf: - $ref: '#/components/schemas/FlowDesignationEnum' description: |- Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik. * `authentication` - Authentication * `authorization` - Authorization * `invalidation` - Invalidation * `enrollment` - Enrollment * `unenrollment` - Unrenollment * `recovery` - Recovery * `stage_configuration` - Stage Configuration policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' compatibility_mode: type: boolean description: Enable compatibility mode, increases compatibility with password managers on mobile devices. layout: $ref: '#/components/schemas/LayoutEnum' denied_action: allOf: - $ref: '#/components/schemas/DeniedActionEnum' description: |- Configure what should happen when a flow denies access to a user. * `message_continue` - Message Continue * `message` - Message * `continue` - Continue authentication: allOf: - $ref: '#/components/schemas/AuthenticationEnum' description: |- Required level of authentication and authorization to access a flow. * `none` - None * `require_authenticated` - Require Authenticated * `require_unauthenticated` - Require Unauthenticated * `require_superuser` - Require Superuser required: - designation - name - slug - title FlowSet: type: object description: Stripped down flow serializer properties: pk: type: string format: uuid readOnly: true title: Flow uuid policybindingmodel_ptr_id: type: string format: uuid readOnly: true name: type: string slug: type: string description: Visible in the URL. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ title: type: string description: Shown as the Title in Flow pages. designation: allOf: - $ref: '#/components/schemas/FlowDesignationEnum' description: |- Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik. * `authentication` - Authentication * `authorization` - Authorization * `invalidation` - Invalidation * `enrollment` - Enrollment * `unenrollment` - Unrenollment * `recovery` - Recovery * `stage_configuration` - Stage Configuration background: type: string description: |- Get the URL to the background image. If the name is /static or starts with http it is returned as-is readOnly: true policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' compatibility_mode: type: boolean description: Enable compatibility mode, increases compatibility with password managers on mobile devices. export_url: type: string description: Get export URL for flow readOnly: true layout: $ref: '#/components/schemas/LayoutEnum' denied_action: allOf: - $ref: '#/components/schemas/DeniedActionEnum' description: |- Configure what should happen when a flow denies access to a user. * `message_continue` - Message Continue * `message` - Message * `continue` - Continue required: - background - designation - export_url - name - pk - policybindingmodel_ptr_id - slug - title FlowSetRequest: type: object description: Stripped down flow serializer properties: name: type: string minLength: 1 slug: type: string minLength: 1 description: Visible in the URL. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ title: type: string minLength: 1 description: Shown as the Title in Flow pages. designation: allOf: - $ref: '#/components/schemas/FlowDesignationEnum' description: |- Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik. * `authentication` - Authentication * `authorization` - Authorization * `invalidation` - Invalidation * `enrollment` - Enrollment * `unenrollment` - Unrenollment * `recovery` - Recovery * `stage_configuration` - Stage Configuration policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' compatibility_mode: type: boolean description: Enable compatibility mode, increases compatibility with password managers on mobile devices. layout: $ref: '#/components/schemas/LayoutEnum' denied_action: allOf: - $ref: '#/components/schemas/DeniedActionEnum' description: |- Configure what should happen when a flow denies access to a user. * `message_continue` - Message Continue * `message` - Message * `continue` - Continue required: - designation - name - slug - title FlowStageBinding: type: object description: FlowStageBinding Serializer properties: pk: type: string format: uuid readOnly: true title: Fsb uuid policybindingmodel_ptr_id: type: string format: uuid readOnly: true target: type: string format: uuid stage: type: string format: uuid stage_obj: allOf: - $ref: '#/components/schemas/Stage' readOnly: true evaluate_on_plan: type: boolean description: Evaluate policies during the Flow planning process. re_evaluate_policies: type: boolean description: Evaluate policies when the Stage is present to the user. order: type: integer maximum: 2147483647 minimum: -2147483648 policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' invalid_response_action: allOf: - $ref: '#/components/schemas/InvalidResponseActionEnum' description: |- Configure how the flow executor should handle an invalid response to a challenge. RETRY returns the error message and a similar challenge to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT restarts the flow while keeping the current context. * `retry` - Retry * `restart` - Restart * `restart_with_context` - Restart With Context required: - order - pk - policybindingmodel_ptr_id - stage - stage_obj - target FlowStageBindingRequest: type: object description: FlowStageBinding Serializer properties: target: type: string format: uuid stage: type: string format: uuid evaluate_on_plan: type: boolean description: Evaluate policies during the Flow planning process. re_evaluate_policies: type: boolean description: Evaluate policies when the Stage is present to the user. order: type: integer maximum: 2147483647 minimum: -2147483648 policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' invalid_response_action: allOf: - $ref: '#/components/schemas/InvalidResponseActionEnum' description: |- Configure how the flow executor should handle an invalid response to a challenge. RETRY returns the error message and a similar challenge to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT restarts the flow while keeping the current context. * `retry` - Retry * `restart` - Restart * `restart_with_context` - Restart With Context required: - order - stage - target FooterLink: type: object description: Links returned in Config API properties: href: type: string readOnly: true name: type: string readOnly: true required: - href - name GenericError: type: object description: Generic API Error properties: detail: type: string code: type: string required: - detail Group: type: object description: Group Serializer properties: pk: type: string format: uuid readOnly: true title: Group uuid num_pk: type: integer readOnly: true name: type: string maxLength: 80 is_superuser: type: boolean description: Users added to this group will be superusers. parent: type: string format: uuid nullable: true parent_name: type: string readOnly: true nullable: true users: type: array items: type: integer users_obj: type: array items: $ref: '#/components/schemas/GroupMember' readOnly: true attributes: type: object additionalProperties: {} roles: type: array items: type: string format: uuid roles_obj: type: array items: $ref: '#/components/schemas/Role' readOnly: true required: - name - num_pk - parent_name - pk - roles_obj - users_obj GroupMember: type: object description: Stripped down user serializer to show relevant users for groups properties: pk: type: integer readOnly: true title: ID username: type: string description: Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only. pattern: ^[\w.@+-]+$ maxLength: 150 name: type: string description: User's display name. is_active: type: boolean title: Active description: Designates whether this user should be treated as active. Unselect this instead of deleting accounts. last_login: type: string format: date-time nullable: true email: type: string format: email title: Email address maxLength: 254 attributes: type: object additionalProperties: {} uid: type: string readOnly: true required: - name - pk - uid - username GroupMemberRequest: type: object description: Stripped down user serializer to show relevant users for groups properties: username: type: string minLength: 1 description: Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only. pattern: ^[\w.@+-]+$ maxLength: 150 name: type: string minLength: 1 description: User's display name. is_active: type: boolean title: Active description: Designates whether this user should be treated as active. Unselect this instead of deleting accounts. last_login: type: string format: date-time nullable: true email: type: string format: email title: Email address maxLength: 254 attributes: type: object additionalProperties: {} required: - name - username GroupRequest: type: object description: Group Serializer properties: name: type: string minLength: 1 maxLength: 80 is_superuser: type: boolean description: Users added to this group will be superusers. parent: type: string format: uuid nullable: true users: type: array items: type: integer attributes: type: object additionalProperties: {} roles: type: array items: type: string format: uuid required: - name IdentificationChallenge: type: object description: Identification challenges with all UI elements properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: ak-stage-identification response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' user_fields: type: array items: type: string nullable: true password_fields: type: boolean application_pre: type: string enroll_url: type: string recovery_url: type: string passwordless_url: type: string primary_action: type: string sources: type: array items: $ref: '#/components/schemas/LoginSource' show_source_labels: type: boolean required: - password_fields - primary_action - show_source_labels - type - user_fields IdentificationChallengeResponseRequest: type: object description: Identification challenge properties: component: type: string minLength: 1 default: ak-stage-identification uid_field: type: string minLength: 1 password: type: string nullable: true required: - uid_field IdentificationStage: type: object description: IdentificationStage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string description: Get object type so that we know how to edit the object readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true flow_set: type: array items: $ref: '#/components/schemas/FlowSet' user_fields: type: array items: $ref: '#/components/schemas/UserFieldsEnum' description: Fields of the user object to match against. (Hold shift to select multiple options) password_stage: type: string format: uuid nullable: true description: When set, shows a password field, instead of showing the password field as seaprate step. case_insensitive_matching: type: boolean description: When enabled, user fields are matched regardless of their casing. show_matched_user: type: boolean description: When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown enrollment_flow: type: string format: uuid nullable: true description: Optional enrollment flow, which is linked at the bottom of the page. recovery_flow: type: string format: uuid nullable: true description: Optional recovery flow, which is linked at the bottom of the page. passwordless_flow: type: string format: uuid nullable: true description: Optional passwordless flow, which is linked at the bottom of the page. sources: type: array items: type: string format: uuid description: Specify which sources should be shown. show_source_labels: type: boolean pretend_user_exists: type: boolean description: When enabled, the stage will succeed and continue even when incorrect user info is entered. required: - component - meta_model_name - name - pk - verbose_name - verbose_name_plural IdentificationStageRequest: type: object description: IdentificationStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' user_fields: type: array items: $ref: '#/components/schemas/UserFieldsEnum' description: Fields of the user object to match against. (Hold shift to select multiple options) password_stage: type: string format: uuid nullable: true description: When set, shows a password field, instead of showing the password field as seaprate step. case_insensitive_matching: type: boolean description: When enabled, user fields are matched regardless of their casing. show_matched_user: type: boolean description: When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown enrollment_flow: type: string format: uuid nullable: true description: Optional enrollment flow, which is linked at the bottom of the page. recovery_flow: type: string format: uuid nullable: true description: Optional recovery flow, which is linked at the bottom of the page. passwordless_flow: type: string format: uuid nullable: true description: Optional passwordless flow, which is linked at the bottom of the page. sources: type: array items: type: string format: uuid description: Specify which sources should be shown. show_source_labels: type: boolean pretend_user_exists: type: boolean description: When enabled, the stage will succeed and continue even when incorrect user info is entered. required: - name InstallID: type: object properties: install_id: type: string required: - install_id IntentEnum: enum: - verification - api - recovery - app_password type: string description: |- * `verification` - Intent Verification * `api` - Intent Api * `recovery` - Intent Recovery * `app_password` - Intent App Password InvalidResponseActionEnum: enum: - retry - restart - restart_with_context type: string description: |- * `retry` - Retry * `restart` - Restart * `restart_with_context` - Restart With Context Invitation: type: object description: Invitation Serializer properties: pk: type: string format: uuid readOnly: true title: Invite uuid name: type: string maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ expires: type: string format: date-time fixed_data: type: object additionalProperties: {} created_by: allOf: - $ref: '#/components/schemas/GroupMember' readOnly: true single_use: type: boolean description: When enabled, the invitation will be deleted after usage. flow: type: string format: uuid nullable: true description: When set, only the configured flow can use this invitation. flow_obj: allOf: - $ref: '#/components/schemas/Flow' readOnly: true required: - created_by - flow_obj - name - pk InvitationRequest: type: object description: Invitation Serializer properties: name: type: string minLength: 1 maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ expires: type: string format: date-time fixed_data: type: object additionalProperties: {} single_use: type: boolean description: When enabled, the invitation will be deleted after usage. flow: type: string format: uuid nullable: true description: When set, only the configured flow can use this invitation. required: - name InvitationStage: type: object description: InvitationStage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string description: Get object type so that we know how to edit the object readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true flow_set: type: array items: $ref: '#/components/schemas/FlowSet' continue_flow_without_invitation: type: boolean description: If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given. required: - component - meta_model_name - name - pk - verbose_name - verbose_name_plural InvitationStageRequest: type: object description: InvitationStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' continue_flow_without_invitation: type: boolean description: If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given. required: - name IssuerModeEnum: enum: - global - per_provider type: string description: |- * `global` - Same identifier is used for all providers * `per_provider` - Each provider has a different issuer, based on the application slug. KubernetesServiceConnection: type: object description: KubernetesServiceConnection Serializer properties: pk: type: string format: uuid readOnly: true title: Uuid name: type: string local: type: boolean description: If enabled, use the local connection. Required Docker socket/Kubernetes Integration component: type: string readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true kubeconfig: type: object additionalProperties: {} description: Paste your kubeconfig here. authentik will automatically use the currently selected context. verify_ssl: type: boolean description: Verify SSL Certificates of the Kubernetes API endpoint required: - component - meta_model_name - name - pk - verbose_name - verbose_name_plural KubernetesServiceConnectionRequest: type: object description: KubernetesServiceConnection Serializer properties: name: type: string minLength: 1 local: type: boolean description: If enabled, use the local connection. Required Docker socket/Kubernetes Integration kubeconfig: type: object additionalProperties: {} description: Paste your kubeconfig here. authentik will automatically use the currently selected context. verify_ssl: type: boolean description: Verify SSL Certificates of the Kubernetes API endpoint required: - name LDAPAPIAccessMode: enum: - direct - cached type: string description: |- * `direct` - Direct * `cached` - Cached LDAPDebug: type: object properties: user: type: array items: type: object additionalProperties: {} readOnly: true group: type: array items: type: object additionalProperties: {} readOnly: true membership: type: array items: type: object additionalProperties: {} readOnly: true required: - group - membership - user LDAPOutpostConfig: type: object description: LDAPProvider Serializer properties: pk: type: integer readOnly: true title: ID name: type: string base_dn: type: string description: DN under which objects are accessible. bind_flow_slug: type: string application_slug: type: string description: Prioritise backchannel slug over direct application slug readOnly: true search_group: type: string format: uuid nullable: true description: Users in this group can do search queries. If not set, every user can execute search queries. certificate: type: string format: uuid nullable: true tls_server_name: type: string uid_start_number: type: integer maximum: 2147483647 minimum: -2147483648 description: The start for uidNumbers, this number is added to the user.pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber gid_start_number: type: integer maximum: 2147483647 minimum: -2147483648 description: The start for gidNumbers, this number is added to a number generated from the group.pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber search_mode: $ref: '#/components/schemas/LDAPAPIAccessMode' bind_mode: $ref: '#/components/schemas/LDAPAPIAccessMode' mfa_support: type: boolean description: When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. required: - application_slug - bind_flow_slug - name - pk LDAPPropertyMapping: type: object description: LDAP PropertyMapping Serializer properties: pk: type: string format: uuid readOnly: true title: Pm uuid managed: type: string nullable: true title: Managed by authentik description: Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. name: type: string expression: type: string component: type: string description: Get object's component so that we know how to edit the object readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true object_field: type: string required: - component - expression - meta_model_name - name - object_field - pk - verbose_name - verbose_name_plural LDAPPropertyMappingRequest: type: object description: LDAP PropertyMapping Serializer properties: managed: type: string nullable: true minLength: 1 title: Managed by authentik description: Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. name: type: string minLength: 1 expression: type: string minLength: 1 object_field: type: string minLength: 1 required: - expression - name - object_field LDAPProvider: type: object description: LDAPProvider Serializer properties: pk: type: integer readOnly: true title: ID name: type: string authentication_flow: type: string format: uuid nullable: true description: Flow used for authentication when the associated application is accessed by an un-authenticated user. authorization_flow: type: string format: uuid description: Flow used when authorizing this provider. property_mappings: type: array items: type: string format: uuid component: type: string description: Get object component so that we know how to edit the object readOnly: true assigned_application_slug: type: string description: Internal application name, used in URLs. readOnly: true assigned_application_name: type: string description: Application's display Name. readOnly: true assigned_backchannel_application_slug: type: string description: Internal application name, used in URLs. readOnly: true assigned_backchannel_application_name: type: string description: Application's display Name. readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true base_dn: type: string description: DN under which objects are accessible. search_group: type: string format: uuid nullable: true description: Users in this group can do search queries. If not set, every user can execute search queries. certificate: type: string format: uuid nullable: true tls_server_name: type: string uid_start_number: type: integer maximum: 2147483647 minimum: -2147483648 description: The start for uidNumbers, this number is added to the user.pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber gid_start_number: type: integer maximum: 2147483647 minimum: -2147483648 description: The start for gidNumbers, this number is added to a number generated from the group.pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber outpost_set: type: array items: type: string readOnly: true search_mode: $ref: '#/components/schemas/LDAPAPIAccessMode' bind_mode: $ref: '#/components/schemas/LDAPAPIAccessMode' mfa_support: type: boolean description: When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. required: - assigned_application_name - assigned_application_slug - assigned_backchannel_application_name - assigned_backchannel_application_slug - authorization_flow - component - meta_model_name - name - outpost_set - pk - verbose_name - verbose_name_plural LDAPProviderRequest: type: object description: LDAPProvider Serializer properties: name: type: string minLength: 1 authentication_flow: type: string format: uuid nullable: true description: Flow used for authentication when the associated application is accessed by an un-authenticated user. authorization_flow: type: string format: uuid description: Flow used when authorizing this provider. property_mappings: type: array items: type: string format: uuid base_dn: type: string minLength: 1 description: DN under which objects are accessible. search_group: type: string format: uuid nullable: true description: Users in this group can do search queries. If not set, every user can execute search queries. certificate: type: string format: uuid nullable: true tls_server_name: type: string uid_start_number: type: integer maximum: 2147483647 minimum: -2147483648 description: The start for uidNumbers, this number is added to the user.pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber gid_start_number: type: integer maximum: 2147483647 minimum: -2147483648 description: The start for gidNumbers, this number is added to a number generated from the group.pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber search_mode: $ref: '#/components/schemas/LDAPAPIAccessMode' bind_mode: $ref: '#/components/schemas/LDAPAPIAccessMode' mfa_support: type: boolean description: When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. required: - authorization_flow - name LDAPSource: type: object description: LDAP Source Serializer properties: pk: type: string format: uuid readOnly: true title: Pbm uuid name: type: string description: Source's display Name. slug: type: string description: Internal source name, used in URLs. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ enabled: type: boolean authentication_flow: type: string format: uuid nullable: true description: Flow to use when authenticating existing users. enrollment_flow: type: string format: uuid nullable: true description: Flow to use when enrolling new users. component: type: string description: Get object component so that we know how to edit the object readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' user_matching_mode: allOf: - $ref: '#/components/schemas/UserMatchingModeEnum' description: |- How the source determines if an existing user should be authenticated or a new user enrolled. * `identifier` - Use the source-specific identifier * `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses. * `email_deny` - Use the user's email address, but deny enrollment when the email address already exists. * `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source. * `username_deny` - Use the user's username, but deny enrollment when the username already exists. managed: type: string nullable: true title: Managed by authentik description: Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. readOnly: true user_path_template: type: string icon: type: string nullable: true description: |- Get the URL to the Icon. If the name is /static or starts with http it is returned as-is readOnly: true server_uri: type: string format: uri peer_certificate: type: string format: uuid nullable: true description: Optionally verify the LDAP Server's Certificate against the CA Chain in this keypair. client_certificate: type: string format: uuid nullable: true description: Client certificate to authenticate against the LDAP Server's Certificate. bind_cn: type: string start_tls: type: boolean title: Enable Start TLS sni: type: boolean title: Use Server URI for SNI verification base_dn: type: string additional_user_dn: type: string title: Addition User DN description: Prepended to Base DN for User-queries. additional_group_dn: type: string title: Addition Group DN description: Prepended to Base DN for Group-queries. user_object_filter: type: string description: Consider Objects matching this filter to be Users. group_object_filter: type: string description: Consider Objects matching this filter to be Groups. group_membership_field: type: string description: Field which contains members of a group. object_uniqueness_field: type: string description: Field which contains a unique Identifier. sync_users: type: boolean sync_users_password: type: boolean description: When a user changes their password, sync it back to LDAP. This can only be enabled on a single LDAP source. sync_groups: type: boolean sync_parent_group: type: string format: uuid nullable: true property_mappings: type: array items: type: string format: uuid property_mappings_group: type: array items: type: string format: uuid description: Property mappings used for group creation/updating. connectivity: type: object additionalProperties: type: object additionalProperties: type: string nullable: true description: Get cached source connectivity readOnly: true required: - base_dn - component - connectivity - icon - managed - meta_model_name - name - pk - server_uri - slug - verbose_name - verbose_name_plural LDAPSourceRequest: type: object description: LDAP Source Serializer properties: name: type: string minLength: 1 description: Source's display Name. slug: type: string minLength: 1 description: Internal source name, used in URLs. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ enabled: type: boolean authentication_flow: type: string format: uuid nullable: true description: Flow to use when authenticating existing users. enrollment_flow: type: string format: uuid nullable: true description: Flow to use when enrolling new users. policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' user_matching_mode: allOf: - $ref: '#/components/schemas/UserMatchingModeEnum' description: |- How the source determines if an existing user should be authenticated or a new user enrolled. * `identifier` - Use the source-specific identifier * `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses. * `email_deny` - Use the user's email address, but deny enrollment when the email address already exists. * `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source. * `username_deny` - Use the user's username, but deny enrollment when the username already exists. user_path_template: type: string minLength: 1 server_uri: type: string minLength: 1 format: uri peer_certificate: type: string format: uuid nullable: true description: Optionally verify the LDAP Server's Certificate against the CA Chain in this keypair. client_certificate: type: string format: uuid nullable: true description: Client certificate to authenticate against the LDAP Server's Certificate. bind_cn: type: string bind_password: type: string writeOnly: true start_tls: type: boolean title: Enable Start TLS sni: type: boolean title: Use Server URI for SNI verification base_dn: type: string minLength: 1 additional_user_dn: type: string title: Addition User DN description: Prepended to Base DN for User-queries. additional_group_dn: type: string title: Addition Group DN description: Prepended to Base DN for Group-queries. user_object_filter: type: string minLength: 1 description: Consider Objects matching this filter to be Users. group_object_filter: type: string minLength: 1 description: Consider Objects matching this filter to be Groups. group_membership_field: type: string minLength: 1 description: Field which contains members of a group. object_uniqueness_field: type: string minLength: 1 description: Field which contains a unique Identifier. sync_users: type: boolean sync_users_password: type: boolean description: When a user changes their password, sync it back to LDAP. This can only be enabled on a single LDAP source. sync_groups: type: boolean sync_parent_group: type: string format: uuid nullable: true property_mappings: type: array items: type: string format: uuid property_mappings_group: type: array items: type: string format: uuid description: Property mappings used for group creation/updating. required: - base_dn - name - server_uri - slug LDAPSyncStatus: type: object description: LDAP Source sync status properties: is_running: type: boolean readOnly: true tasks: type: array items: $ref: '#/components/schemas/Task' readOnly: true required: - is_running - tasks LayoutEnum: enum: - stacked - content_left - content_right - sidebar_left - sidebar_right type: string description: |- * `stacked` - STACKED * `content_left` - CONTENT_LEFT * `content_right` - CONTENT_RIGHT * `sidebar_left` - SIDEBAR_LEFT * `sidebar_right` - SIDEBAR_RIGHT License: type: object description: License Serializer properties: license_uuid: type: string format: uuid readOnly: true name: type: string readOnly: true key: type: string expiry: type: string format: date-time readOnly: true internal_users: type: integer readOnly: true external_users: type: integer readOnly: true required: - expiry - external_users - internal_users - key - license_uuid - name LicenseForecast: type: object description: Serializer for license forecast properties: internal_users: type: integer external_users: type: integer forecasted_internal_users: type: integer forecasted_external_users: type: integer required: - external_users - forecasted_external_users - forecasted_internal_users - internal_users LicenseRequest: type: object description: License Serializer properties: key: type: string minLength: 1 required: - key LicenseSummary: type: object description: Serializer for license status properties: internal_users: type: integer external_users: type: integer valid: type: boolean show_admin_warning: type: boolean show_user_warning: type: boolean read_only: type: boolean latest_valid: type: string format: date-time has_license: type: boolean required: - external_users - has_license - internal_users - latest_valid - read_only - show_admin_warning - show_user_warning - valid Link: type: object description: Returns a single link properties: link: type: string required: - link LoginChallengeTypes: oneOf: - $ref: '#/components/schemas/RedirectChallenge' - $ref: '#/components/schemas/PlexAuthenticationChallenge' - $ref: '#/components/schemas/AppleLoginChallenge' discriminator: propertyName: component mapping: xak-flow-redirect: '#/components/schemas/RedirectChallenge' ak-source-plex: '#/components/schemas/PlexAuthenticationChallenge' ak-source-oauth-apple: '#/components/schemas/AppleLoginChallenge' LoginMetrics: type: object description: Login Metrics per 1h properties: logins: type: array items: $ref: '#/components/schemas/Coordinate' readOnly: true logins_failed: type: array items: $ref: '#/components/schemas/Coordinate' readOnly: true authorizations: type: array items: $ref: '#/components/schemas/Coordinate' readOnly: true required: - authorizations - logins - logins_failed LoginSource: type: object description: Serializer for Login buttons of sources properties: name: type: string icon_url: type: string nullable: true challenge: $ref: '#/components/schemas/LoginChallengeTypes' required: - challenge - name Metadata: type: object description: Serializer for blueprint metadata properties: name: type: string labels: type: object additionalProperties: {} required: - labels - name ModelEnum: enum: - authentik_tenants.tenant - authentik_tenants.domain - authentik_crypto.certificatekeypair - authentik_events.event - authentik_events.notificationtransport - authentik_events.notification - authentik_events.notificationrule - authentik_events.notificationwebhookmapping - authentik_flows.flow - authentik_flows.flowstagebinding - authentik_outposts.dockerserviceconnection - authentik_outposts.kubernetesserviceconnection - authentik_outposts.outpost - authentik_policies_dummy.dummypolicy - authentik_policies_event_matcher.eventmatcherpolicy - authentik_policies_expiry.passwordexpirypolicy - authentik_policies_expression.expressionpolicy - authentik_policies_password.passwordpolicy - authentik_policies_reputation.reputationpolicy - authentik_policies_reputation.reputation - authentik_policies.policybinding - authentik_providers_ldap.ldapprovider - authentik_providers_oauth2.scopemapping - authentik_providers_oauth2.oauth2provider - authentik_providers_oauth2.authorizationcode - authentik_providers_oauth2.accesstoken - authentik_providers_oauth2.refreshtoken - authentik_providers_proxy.proxyprovider - authentik_providers_radius.radiusprovider - authentik_providers_saml.samlprovider - authentik_providers_saml.samlpropertymapping - authentik_providers_scim.scimprovider - authentik_providers_scim.scimmapping - authentik_rbac.role - authentik_sources_ldap.ldapsource - authentik_sources_ldap.ldappropertymapping - authentik_sources_oauth.oauthsource - authentik_sources_oauth.useroauthsourceconnection - authentik_sources_plex.plexsource - authentik_sources_plex.plexsourceconnection - authentik_sources_saml.samlsource - authentik_sources_saml.usersamlsourceconnection - authentik_stages_authenticator_duo.authenticatorduostage - authentik_stages_authenticator_duo.duodevice - authentik_stages_authenticator_sms.authenticatorsmsstage - authentik_stages_authenticator_sms.smsdevice - authentik_stages_authenticator_static.authenticatorstaticstage - authentik_stages_authenticator_static.staticdevice - authentik_stages_authenticator_totp.authenticatortotpstage - authentik_stages_authenticator_totp.totpdevice - authentik_stages_authenticator_validate.authenticatorvalidatestage - authentik_stages_authenticator_webauthn.authenticatewebauthnstage - authentik_stages_authenticator_webauthn.webauthndevice - authentik_stages_captcha.captchastage - authentik_stages_consent.consentstage - authentik_stages_consent.userconsent - authentik_stages_deny.denystage - authentik_stages_dummy.dummystage - authentik_stages_email.emailstage - authentik_stages_identification.identificationstage - authentik_stages_invitation.invitationstage - authentik_stages_invitation.invitation - authentik_stages_password.passwordstage - authentik_stages_prompt.prompt - authentik_stages_prompt.promptstage - authentik_stages_user_delete.userdeletestage - authentik_stages_user_login.userloginstage - authentik_stages_user_logout.userlogoutstage - authentik_stages_user_write.userwritestage - authentik_brands.brand - authentik_blueprints.blueprintinstance - authentik_core.group - authentik_core.user - authentik_core.application - authentik_core.token - authentik_enterprise.license type: string description: |- * `authentik_tenants.tenant` - Tenant * `authentik_tenants.domain` - Domain * `authentik_crypto.certificatekeypair` - Certificate-Key Pair * `authentik_events.event` - Event * `authentik_events.notificationtransport` - Notification Transport * `authentik_events.notification` - Notification * `authentik_events.notificationrule` - Notification Rule * `authentik_events.notificationwebhookmapping` - Webhook Mapping * `authentik_flows.flow` - Flow * `authentik_flows.flowstagebinding` - Flow Stage Binding * `authentik_outposts.dockerserviceconnection` - Docker Service-Connection * `authentik_outposts.kubernetesserviceconnection` - Kubernetes Service-Connection * `authentik_outposts.outpost` - Outpost * `authentik_policies_dummy.dummypolicy` - Dummy Policy * `authentik_policies_event_matcher.eventmatcherpolicy` - Event Matcher Policy * `authentik_policies_expiry.passwordexpirypolicy` - Password Expiry Policy * `authentik_policies_expression.expressionpolicy` - Expression Policy * `authentik_policies_password.passwordpolicy` - Password Policy * `authentik_policies_reputation.reputationpolicy` - Reputation Policy * `authentik_policies_reputation.reputation` - Reputation Score * `authentik_policies.policybinding` - Policy Binding * `authentik_providers_ldap.ldapprovider` - LDAP Provider * `authentik_providers_oauth2.scopemapping` - Scope Mapping * `authentik_providers_oauth2.oauth2provider` - OAuth2/OpenID Provider * `authentik_providers_oauth2.authorizationcode` - Authorization Code * `authentik_providers_oauth2.accesstoken` - OAuth2 Access Token * `authentik_providers_oauth2.refreshtoken` - OAuth2 Refresh Token * `authentik_providers_proxy.proxyprovider` - Proxy Provider * `authentik_providers_radius.radiusprovider` - Radius Provider * `authentik_providers_saml.samlprovider` - SAML Provider * `authentik_providers_saml.samlpropertymapping` - SAML Property Mapping * `authentik_providers_scim.scimprovider` - SCIM Provider * `authentik_providers_scim.scimmapping` - SCIM Mapping * `authentik_rbac.role` - Role * `authentik_sources_ldap.ldapsource` - LDAP Source * `authentik_sources_ldap.ldappropertymapping` - LDAP Property Mapping * `authentik_sources_oauth.oauthsource` - OAuth Source * `authentik_sources_oauth.useroauthsourceconnection` - User OAuth Source Connection * `authentik_sources_plex.plexsource` - Plex Source * `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection * `authentik_sources_saml.samlsource` - SAML Source * `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection * `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage * `authentik_stages_authenticator_duo.duodevice` - Duo Device * `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage * `authentik_stages_authenticator_sms.smsdevice` - SMS Device * `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage * `authentik_stages_authenticator_static.staticdevice` - Static Device * `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage * `authentik_stages_authenticator_totp.totpdevice` - TOTP Device * `authentik_stages_authenticator_validate.authenticatorvalidatestage` - Authenticator Validation Stage * `authentik_stages_authenticator_webauthn.authenticatewebauthnstage` - WebAuthn Authenticator Setup Stage * `authentik_stages_authenticator_webauthn.webauthndevice` - WebAuthn Device * `authentik_stages_captcha.captchastage` - Captcha Stage * `authentik_stages_consent.consentstage` - Consent Stage * `authentik_stages_consent.userconsent` - User Consent * `authentik_stages_deny.denystage` - Deny Stage * `authentik_stages_dummy.dummystage` - Dummy Stage * `authentik_stages_email.emailstage` - Email Stage * `authentik_stages_identification.identificationstage` - Identification Stage * `authentik_stages_invitation.invitationstage` - Invitation Stage * `authentik_stages_invitation.invitation` - Invitation * `authentik_stages_password.passwordstage` - Password Stage * `authentik_stages_prompt.prompt` - Prompt * `authentik_stages_prompt.promptstage` - Prompt Stage * `authentik_stages_user_delete.userdeletestage` - User Delete Stage * `authentik_stages_user_login.userloginstage` - User Login Stage * `authentik_stages_user_logout.userlogoutstage` - User Logout Stage * `authentik_stages_user_write.userwritestage` - User Write Stage * `authentik_brands.brand` - Brand * `authentik_blueprints.blueprintinstance` - Blueprint Instance * `authentik_core.group` - Group * `authentik_core.user` - User * `authentik_core.application` - Application * `authentik_core.token` - Token * `authentik_enterprise.license` - License NameIdPolicyEnum: enum: - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent - urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName - urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName - urn:oasis:names:tc:SAML:2.0:nameid-format:transient type: string description: |- * `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress` - Email * `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent` - Persistent * `urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName` - X509 * `urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName` - Windows * `urn:oasis:names:tc:SAML:2.0:nameid-format:transient` - Transient NotConfiguredActionEnum: enum: - skip - deny - configure type: string description: |- * `skip` - Skip * `deny` - Deny * `configure` - Configure Notification: type: object description: Notification Serializer properties: pk: type: string format: uuid readOnly: true title: Uuid severity: allOf: - $ref: '#/components/schemas/SeverityEnum' readOnly: true body: type: string readOnly: true created: type: string format: date-time readOnly: true event: $ref: '#/components/schemas/Event' seen: type: boolean required: - body - created - pk - severity NotificationRequest: type: object description: Notification Serializer properties: event: $ref: '#/components/schemas/EventRequest' seen: type: boolean NotificationRule: type: object description: NotificationRule Serializer properties: pk: type: string format: uuid readOnly: true title: Pbm uuid name: type: string transports: type: array items: type: string format: uuid description: Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI. severity: allOf: - $ref: '#/components/schemas/SeverityEnum' description: |- Controls which severity level the created notifications will have. * `notice` - Notice * `warning` - Warning * `alert` - Alert group: type: string format: uuid nullable: true description: Define which group of users this notification should be sent and shown to. If left empty, Notification won't ben sent. group_obj: allOf: - $ref: '#/components/schemas/Group' readOnly: true required: - group_obj - name - pk NotificationRuleRequest: type: object description: NotificationRule Serializer properties: name: type: string minLength: 1 transports: type: array items: type: string format: uuid description: Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI. severity: allOf: - $ref: '#/components/schemas/SeverityEnum' description: |- Controls which severity level the created notifications will have. * `notice` - Notice * `warning` - Warning * `alert` - Alert group: type: string format: uuid nullable: true description: Define which group of users this notification should be sent and shown to. If left empty, Notification won't ben sent. required: - name NotificationTransport: type: object description: NotificationTransport Serializer properties: pk: type: string format: uuid readOnly: true title: Uuid name: type: string mode: $ref: '#/components/schemas/NotificationTransportModeEnum' mode_verbose: type: string description: Return selected mode with a UI Label readOnly: true webhook_url: type: string format: uri webhook_mapping: type: string format: uuid nullable: true send_once: type: boolean description: Only send notification once, for example when sending a webhook into a chat channel. required: - mode_verbose - name - pk NotificationTransportModeEnum: enum: - local - webhook - webhook_slack - email type: string description: |- * `local` - authentik inbuilt notifications * `webhook` - Generic Webhook * `webhook_slack` - Slack Webhook (Slack/Discord) * `email` - Email NotificationTransportRequest: type: object description: NotificationTransport Serializer properties: name: type: string minLength: 1 mode: $ref: '#/components/schemas/NotificationTransportModeEnum' webhook_url: type: string format: uri webhook_mapping: type: string format: uuid nullable: true send_once: type: boolean description: Only send notification once, for example when sending a webhook into a chat channel. required: - name NotificationTransportTest: type: object description: Notification test serializer properties: messages: type: array items: type: string required: - messages NotificationWebhookMapping: type: object description: NotificationWebhookMapping Serializer properties: pk: type: string format: uuid readOnly: true title: Pm uuid name: type: string expression: type: string required: - expression - name - pk NotificationWebhookMappingRequest: type: object description: NotificationWebhookMapping Serializer properties: name: type: string minLength: 1 expression: type: string minLength: 1 required: - expression - name OAuth2Provider: type: object description: OAuth2Provider Serializer properties: pk: type: integer readOnly: true title: ID name: type: string authentication_flow: type: string format: uuid nullable: true description: Flow used for authentication when the associated application is accessed by an un-authenticated user. authorization_flow: type: string format: uuid description: Flow used when authorizing this provider. property_mappings: type: array items: type: string format: uuid component: type: string description: Get object component so that we know how to edit the object readOnly: true assigned_application_slug: type: string description: Internal application name, used in URLs. readOnly: true assigned_application_name: type: string description: Application's display Name. readOnly: true assigned_backchannel_application_slug: type: string description: Internal application name, used in URLs. readOnly: true assigned_backchannel_application_name: type: string description: Application's display Name. readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true client_type: allOf: - $ref: '#/components/schemas/ClientTypeEnum' description: |- Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable * `confidential` - Confidential * `public` - Public client_id: type: string maxLength: 255 client_secret: type: string maxLength: 255 access_code_validity: type: string description: 'Access codes not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).' access_token_validity: type: string description: 'Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).' refresh_token_validity: type: string description: 'Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).' include_claims_in_id_token: type: boolean description: Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint. signing_key: type: string format: uuid nullable: true description: Key used to sign the tokens. Only required when JWT Algorithm is set to RS256. redirect_uris: type: string description: Enter each URI on a new line. sub_mode: allOf: - $ref: '#/components/schemas/SubModeEnum' description: |- Configure what data should be used as unique User Identifier. For most cases, the default should be fine. * `hashed_user_id` - Based on the Hashed User ID * `user_id` - Based on user ID * `user_uuid` - Based on user UUID * `user_username` - Based on the username * `user_email` - Based on the User's Email. This is recommended over the UPN method. * `user_upn` - Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains. issuer_mode: allOf: - $ref: '#/components/schemas/IssuerModeEnum' description: |- Configure how the issuer field of the ID Token should be filled. * `global` - Same identifier is used for all providers * `per_provider` - Each provider has a different issuer, based on the application slug. jwks_sources: type: array items: type: string format: uuid title: Any JWT signed by the JWK of the selected source can be used to authenticate. title: Any JWT signed by the JWK of the selected source can be used to authenticate. required: - assigned_application_name - assigned_application_slug - assigned_backchannel_application_name - assigned_backchannel_application_slug - authorization_flow - component - meta_model_name - name - pk - verbose_name - verbose_name_plural OAuth2ProviderRequest: type: object description: OAuth2Provider Serializer properties: name: type: string minLength: 1 authentication_flow: type: string format: uuid nullable: true description: Flow used for authentication when the associated application is accessed by an un-authenticated user. authorization_flow: type: string format: uuid description: Flow used when authorizing this provider. property_mappings: type: array items: type: string format: uuid client_type: allOf: - $ref: '#/components/schemas/ClientTypeEnum' description: |- Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable * `confidential` - Confidential * `public` - Public client_id: type: string minLength: 1 maxLength: 255 client_secret: type: string maxLength: 255 access_code_validity: type: string minLength: 1 description: 'Access codes not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).' access_token_validity: type: string minLength: 1 description: 'Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).' refresh_token_validity: type: string minLength: 1 description: 'Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).' include_claims_in_id_token: type: boolean description: Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint. signing_key: type: string format: uuid nullable: true description: Key used to sign the tokens. Only required when JWT Algorithm is set to RS256. redirect_uris: type: string description: Enter each URI on a new line. sub_mode: allOf: - $ref: '#/components/schemas/SubModeEnum' description: |- Configure what data should be used as unique User Identifier. For most cases, the default should be fine. * `hashed_user_id` - Based on the Hashed User ID * `user_id` - Based on user ID * `user_uuid` - Based on user UUID * `user_username` - Based on the username * `user_email` - Based on the User's Email. This is recommended over the UPN method. * `user_upn` - Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains. issuer_mode: allOf: - $ref: '#/components/schemas/IssuerModeEnum' description: |- Configure how the issuer field of the ID Token should be filled. * `global` - Same identifier is used for all providers * `per_provider` - Each provider has a different issuer, based on the application slug. jwks_sources: type: array items: type: string format: uuid title: Any JWT signed by the JWK of the selected source can be used to authenticate. title: Any JWT signed by the JWK of the selected source can be used to authenticate. required: - authorization_flow - name OAuth2ProviderSetupURLs: type: object description: OAuth2 Provider Metadata serializer properties: issuer: type: string readOnly: true authorize: type: string readOnly: true token: type: string readOnly: true user_info: type: string readOnly: true provider_info: type: string readOnly: true logout: type: string readOnly: true jwks: type: string readOnly: true required: - authorize - issuer - jwks - logout - provider_info - token - user_info OAuthDeviceCodeChallenge: type: object description: OAuth Device code challenge properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: ak-provider-oauth2-device-code response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' required: - type OAuthDeviceCodeChallengeResponseRequest: type: object description: Response that includes the user-entered device code properties: component: type: string minLength: 1 default: ak-provider-oauth2-device-code code: type: integer required: - code OAuthDeviceCodeFinishChallenge: type: object description: Final challenge after user enters their code properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: ak-provider-oauth2-device-code-finish response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' required: - type OAuthDeviceCodeFinishChallengeResponseRequest: type: object description: Response that device has been authenticated and tab can be closed properties: component: type: string minLength: 1 default: ak-provider-oauth2-device-code-finish OAuthSource: type: object description: OAuth Source Serializer properties: pk: type: string format: uuid readOnly: true title: Pbm uuid name: type: string description: Source's display Name. slug: type: string description: Internal source name, used in URLs. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ enabled: type: boolean authentication_flow: type: string format: uuid nullable: true description: Flow to use when authenticating existing users. enrollment_flow: type: string format: uuid nullable: true description: Flow to use when enrolling new users. component: type: string description: Get object component so that we know how to edit the object readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' user_matching_mode: allOf: - $ref: '#/components/schemas/UserMatchingModeEnum' description: |- How the source determines if an existing user should be authenticated or a new user enrolled. * `identifier` - Use the source-specific identifier * `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses. * `email_deny` - Use the user's email address, but deny enrollment when the email address already exists. * `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source. * `username_deny` - Use the user's username, but deny enrollment when the username already exists. managed: type: string nullable: true title: Managed by authentik description: Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. readOnly: true user_path_template: type: string icon: type: string nullable: true description: |- Get the URL to the Icon. If the name is /static or starts with http it is returned as-is readOnly: true provider_type: $ref: '#/components/schemas/ProviderTypeEnum' request_token_url: type: string nullable: true description: URL used to request the initial token. This URL is only required for OAuth 1. maxLength: 255 authorization_url: type: string nullable: true description: URL the user is redirect to to conest the flow. maxLength: 255 access_token_url: type: string nullable: true description: URL used by authentik to retrieve tokens. maxLength: 255 profile_url: type: string nullable: true description: URL used by authentik to get user information. maxLength: 255 consumer_key: type: string callback_url: type: string description: Get OAuth Callback URL readOnly: true additional_scopes: type: string type: allOf: - $ref: '#/components/schemas/SourceType' readOnly: true oidc_well_known_url: type: string oidc_jwks_url: type: string oidc_jwks: type: object additionalProperties: {} required: - callback_url - component - consumer_key - icon - managed - meta_model_name - name - pk - provider_type - slug - type - verbose_name - verbose_name_plural OAuthSourceRequest: type: object description: OAuth Source Serializer properties: name: type: string minLength: 1 description: Source's display Name. slug: type: string minLength: 1 description: Internal source name, used in URLs. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ enabled: type: boolean authentication_flow: type: string format: uuid nullable: true description: Flow to use when authenticating existing users. enrollment_flow: type: string format: uuid nullable: true description: Flow to use when enrolling new users. policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' user_matching_mode: allOf: - $ref: '#/components/schemas/UserMatchingModeEnum' description: |- How the source determines if an existing user should be authenticated or a new user enrolled. * `identifier` - Use the source-specific identifier * `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses. * `email_deny` - Use the user's email address, but deny enrollment when the email address already exists. * `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source. * `username_deny` - Use the user's username, but deny enrollment when the username already exists. user_path_template: type: string minLength: 1 provider_type: $ref: '#/components/schemas/ProviderTypeEnum' request_token_url: type: string nullable: true minLength: 1 description: URL used to request the initial token. This URL is only required for OAuth 1. maxLength: 255 authorization_url: type: string nullable: true minLength: 1 description: URL the user is redirect to to conest the flow. maxLength: 255 access_token_url: type: string nullable: true minLength: 1 description: URL used by authentik to retrieve tokens. maxLength: 255 profile_url: type: string nullable: true minLength: 1 description: URL used by authentik to get user information. maxLength: 255 consumer_key: type: string minLength: 1 consumer_secret: type: string writeOnly: true minLength: 1 additional_scopes: type: string oidc_well_known_url: type: string oidc_jwks_url: type: string oidc_jwks: type: object additionalProperties: {} required: - consumer_key - consumer_secret - name - provider_type - slug OpenIDConnectConfiguration: type: object description: rest_framework Serializer for OIDC Configuration properties: issuer: type: string authorization_endpoint: type: string token_endpoint: type: string userinfo_endpoint: type: string end_session_endpoint: type: string introspection_endpoint: type: string jwks_uri: type: string response_types_supported: type: array items: type: string id_token_signing_alg_values_supported: type: array items: type: string subject_types_supported: type: array items: type: string token_endpoint_auth_methods_supported: type: array items: type: string required: - authorization_endpoint - end_session_endpoint - id_token_signing_alg_values_supported - introspection_endpoint - issuer - jwks_uri - response_types_supported - subject_types_supported - token_endpoint - token_endpoint_auth_methods_supported - userinfo_endpoint Outpost: type: object description: Outpost Serializer properties: pk: type: string format: uuid readOnly: true title: Uuid name: type: string type: $ref: '#/components/schemas/OutpostTypeEnum' providers: type: array items: type: integer providers_obj: type: array items: $ref: '#/components/schemas/Provider' readOnly: true service_connection: type: string format: uuid nullable: true description: Select Service-Connection authentik should use to manage this outpost. Leave empty if authentik should not handle the deployment. service_connection_obj: allOf: - $ref: '#/components/schemas/ServiceConnection' readOnly: true token_identifier: type: string description: Get Token identifier readOnly: true config: type: object additionalProperties: {} managed: type: string nullable: true title: Managed by authentik description: Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. required: - config - name - pk - providers - providers_obj - service_connection_obj - token_identifier - type OutpostDefaultConfig: type: object description: Global default outpost config properties: config: type: object additionalProperties: {} readOnly: true required: - config OutpostHealth: type: object description: Outpost health status properties: uid: type: string readOnly: true last_seen: type: string format: date-time readOnly: true version: type: string readOnly: true version_should: type: string readOnly: true version_outdated: type: boolean readOnly: true build_hash: type: string readOnly: true build_hash_should: type: string readOnly: true hostname: type: string readOnly: true required: - build_hash - build_hash_should - hostname - last_seen - uid - version - version_outdated - version_should OutpostRequest: type: object description: Outpost Serializer properties: name: type: string minLength: 1 type: $ref: '#/components/schemas/OutpostTypeEnum' providers: type: array items: type: integer service_connection: type: string format: uuid nullable: true description: Select Service-Connection authentik should use to manage this outpost. Leave empty if authentik should not handle the deployment. config: type: object additionalProperties: {} managed: type: string nullable: true minLength: 1 title: Managed by authentik description: Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. required: - config - name - providers - type OutpostTypeEnum: enum: - proxy - ldap - radius type: string description: |- * `proxy` - Proxy * `ldap` - Ldap * `radius` - Radius PaginatedApplicationList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/Application' required: - pagination - results PaginatedAuthenticateWebAuthnStageList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/AuthenticateWebAuthnStage' required: - pagination - results PaginatedAuthenticatedSessionList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/AuthenticatedSession' required: - pagination - results PaginatedAuthenticatorDuoStageList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/AuthenticatorDuoStage' required: - pagination - results PaginatedAuthenticatorSMSStageList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/AuthenticatorSMSStage' required: - pagination - results PaginatedAuthenticatorStaticStageList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/AuthenticatorStaticStage' required: - pagination - results PaginatedAuthenticatorTOTPStageList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/AuthenticatorTOTPStage' required: - pagination - results PaginatedAuthenticatorValidateStageList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/AuthenticatorValidateStage' required: - pagination - results PaginatedBlueprintInstanceList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/BlueprintInstance' required: - pagination - results PaginatedBrandList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/Brand' required: - pagination - results PaginatedCaptchaStageList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/CaptchaStage' required: - pagination - results PaginatedCertificateKeyPairList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/CertificateKeyPair' required: - pagination - results PaginatedConsentStageList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/ConsentStage' required: - pagination - results PaginatedDenyStageList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/DenyStage' required: - pagination - results PaginatedDockerServiceConnectionList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/DockerServiceConnection' required: - pagination - results PaginatedDomainList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/Domain' required: - pagination - results PaginatedDummyPolicyList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/DummyPolicy' required: - pagination - results PaginatedDummyStageList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/DummyStage' required: - pagination - results PaginatedDuoDeviceList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/DuoDevice' required: - pagination - results PaginatedEmailStageList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/EmailStage' required: - pagination - results PaginatedEventList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/Event' required: - pagination - results PaginatedEventMatcherPolicyList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/EventMatcherPolicy' required: - pagination - results PaginatedExpiringBaseGrantModelList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/ExpiringBaseGrantModel' required: - pagination - results PaginatedExpressionPolicyList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/ExpressionPolicy' required: - pagination - results PaginatedExtraRoleObjectPermissionList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/ExtraRoleObjectPermission' required: - pagination - results PaginatedExtraUserObjectPermissionList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/ExtraUserObjectPermission' required: - pagination - results PaginatedFlowList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/Flow' required: - pagination - results PaginatedFlowStageBindingList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/FlowStageBinding' required: - pagination - results PaginatedGroupList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/Group' required: - pagination - results PaginatedIdentificationStageList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/IdentificationStage' required: - pagination - results PaginatedInvitationList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/Invitation' required: - pagination - results PaginatedInvitationStageList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/InvitationStage' required: - pagination - results PaginatedKubernetesServiceConnectionList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/KubernetesServiceConnection' required: - pagination - results PaginatedLDAPOutpostConfigList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/LDAPOutpostConfig' required: - pagination - results PaginatedLDAPPropertyMappingList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/LDAPPropertyMapping' required: - pagination - results PaginatedLDAPProviderList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/LDAPProvider' required: - pagination - results PaginatedLDAPSourceList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/LDAPSource' required: - pagination - results PaginatedLicenseList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/License' required: - pagination - results PaginatedNotificationList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/Notification' required: - pagination - results PaginatedNotificationRuleList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/NotificationRule' required: - pagination - results PaginatedNotificationTransportList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/NotificationTransport' required: - pagination - results PaginatedNotificationWebhookMappingList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/NotificationWebhookMapping' required: - pagination - results PaginatedOAuth2ProviderList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/OAuth2Provider' required: - pagination - results PaginatedOAuthSourceList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/OAuthSource' required: - pagination - results PaginatedOutpostList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/Outpost' required: - pagination - results PaginatedPasswordExpiryPolicyList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/PasswordExpiryPolicy' required: - pagination - results PaginatedPasswordPolicyList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/PasswordPolicy' required: - pagination - results PaginatedPasswordStageList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/PasswordStage' required: - pagination - results PaginatedPermissionList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/Permission' required: - pagination - results PaginatedPlexSourceConnectionList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/PlexSourceConnection' required: - pagination - results PaginatedPlexSourceList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/PlexSource' required: - pagination - results PaginatedPolicyBindingList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/PolicyBinding' required: - pagination - results PaginatedPolicyList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/Policy' required: - pagination - results PaginatedPromptList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/Prompt' required: - pagination - results PaginatedPromptStageList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/PromptStage' required: - pagination - results PaginatedPropertyMappingList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/PropertyMapping' required: - pagination - results PaginatedProviderList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/Provider' required: - pagination - results PaginatedProxyOutpostConfigList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/ProxyOutpostConfig' required: - pagination - results PaginatedProxyProviderList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/ProxyProvider' required: - pagination - results PaginatedRadiusOutpostConfigList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/RadiusOutpostConfig' required: - pagination - results PaginatedRadiusProviderList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/RadiusProvider' required: - pagination - results PaginatedReputationList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/Reputation' required: - pagination - results PaginatedReputationPolicyList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/ReputationPolicy' required: - pagination - results PaginatedRoleAssignedObjectPermissionList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/RoleAssignedObjectPermission' required: - pagination - results PaginatedRoleList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/Role' required: - pagination - results PaginatedSAMLPropertyMappingList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/SAMLPropertyMapping' required: - pagination - results PaginatedSAMLProviderList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/SAMLProvider' required: - pagination - results PaginatedSAMLSourceList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/SAMLSource' required: - pagination - results PaginatedSCIMMappingList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/SCIMMapping' required: - pagination - results PaginatedSCIMProviderList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/SCIMProvider' required: - pagination - results PaginatedSMSDeviceList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/SMSDevice' required: - pagination - results PaginatedScopeMappingList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/ScopeMapping' required: - pagination - results PaginatedServiceConnectionList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/ServiceConnection' required: - pagination - results PaginatedSourceList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/Source' required: - pagination - results PaginatedStageList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/Stage' required: - pagination - results PaginatedStaticDeviceList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/StaticDevice' required: - pagination - results PaginatedTOTPDeviceList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/TOTPDevice' required: - pagination - results PaginatedTenantList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/Tenant' required: - pagination - results PaginatedTokenList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/Token' required: - pagination - results PaginatedTokenModelList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/TokenModel' required: - pagination - results PaginatedUserAssignedObjectPermissionList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/UserAssignedObjectPermission' required: - pagination - results PaginatedUserConsentList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/UserConsent' required: - pagination - results PaginatedUserDeleteStageList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/UserDeleteStage' required: - pagination - results PaginatedUserList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/User' required: - pagination - results PaginatedUserLoginStageList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/UserLoginStage' required: - pagination - results PaginatedUserLogoutStageList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/UserLogoutStage' required: - pagination - results PaginatedUserOAuthSourceConnectionList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/UserOAuthSourceConnection' required: - pagination - results PaginatedUserSAMLSourceConnectionList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/UserSAMLSourceConnection' required: - pagination - results PaginatedUserSourceConnectionList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/UserSourceConnection' required: - pagination - results PaginatedUserWriteStageList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/UserWriteStage' required: - pagination - results PaginatedWebAuthnDeviceList: type: object properties: pagination: $ref: '#/components/schemas/Pagination' results: type: array items: $ref: '#/components/schemas/WebAuthnDevice' required: - pagination - results Pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index PasswordChallenge: type: object description: Password challenge UI fields properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: ak-stage-password response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' pending_user: type: string pending_user_avatar: type: string recovery_url: type: string required: - pending_user - pending_user_avatar - type PasswordChallengeResponseRequest: type: object description: Password challenge response properties: component: type: string minLength: 1 default: ak-stage-password password: type: string minLength: 1 required: - password PasswordExpiryPolicy: type: object description: Password Expiry Policy Serializer properties: pk: type: string format: uuid readOnly: true title: Policy uuid name: type: string execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. component: type: string description: Get object component so that we know how to edit the object readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true bound_to: type: integer description: Return objects policy is bound to readOnly: true days: type: integer maximum: 2147483647 minimum: -2147483648 deny_only: type: boolean required: - bound_to - component - days - meta_model_name - name - pk - verbose_name - verbose_name_plural PasswordExpiryPolicyRequest: type: object description: Password Expiry Policy Serializer properties: name: type: string minLength: 1 execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. days: type: integer maximum: 2147483647 minimum: -2147483648 deny_only: type: boolean required: - days - name PasswordPolicy: type: object description: Password Policy Serializer properties: pk: type: string format: uuid readOnly: true title: Policy uuid name: type: string execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. component: type: string description: Get object component so that we know how to edit the object readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true bound_to: type: integer description: Return objects policy is bound to readOnly: true password_field: type: string description: Field key to check, field keys defined in Prompt stages are available. amount_digits: type: integer maximum: 2147483647 minimum: 0 amount_uppercase: type: integer maximum: 2147483647 minimum: 0 amount_lowercase: type: integer maximum: 2147483647 minimum: 0 amount_symbols: type: integer maximum: 2147483647 minimum: 0 length_min: type: integer maximum: 2147483647 minimum: 0 symbol_charset: type: string error_message: type: string check_static_rules: type: boolean check_have_i_been_pwned: type: boolean check_zxcvbn: type: boolean hibp_allowed_count: type: integer maximum: 2147483647 minimum: 0 description: How many times the password hash is allowed to be on haveibeenpwned zxcvbn_score_threshold: type: integer maximum: 2147483647 minimum: 0 description: If the zxcvbn score is equal or less than this value, the policy will fail. required: - bound_to - component - meta_model_name - name - pk - verbose_name - verbose_name_plural PasswordPolicyRequest: type: object description: Password Policy Serializer properties: name: type: string minLength: 1 execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. password_field: type: string minLength: 1 description: Field key to check, field keys defined in Prompt stages are available. amount_digits: type: integer maximum: 2147483647 minimum: 0 amount_uppercase: type: integer maximum: 2147483647 minimum: 0 amount_lowercase: type: integer maximum: 2147483647 minimum: 0 amount_symbols: type: integer maximum: 2147483647 minimum: 0 length_min: type: integer maximum: 2147483647 minimum: 0 symbol_charset: type: string minLength: 1 error_message: type: string check_static_rules: type: boolean check_have_i_been_pwned: type: boolean check_zxcvbn: type: boolean hibp_allowed_count: type: integer maximum: 2147483647 minimum: 0 description: How many times the password hash is allowed to be on haveibeenpwned zxcvbn_score_threshold: type: integer maximum: 2147483647 minimum: 0 description: If the zxcvbn score is equal or less than this value, the policy will fail. required: - name PasswordStage: type: object description: PasswordStage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string description: Get object type so that we know how to edit the object readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true flow_set: type: array items: $ref: '#/components/schemas/FlowSet' backends: type: array items: $ref: '#/components/schemas/BackendsEnum' description: Selection of backends to test the password against. configure_flow: type: string format: uuid nullable: true description: Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. failed_attempts_before_cancel: type: integer maximum: 2147483647 minimum: -2147483648 description: How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage. required: - backends - component - meta_model_name - name - pk - verbose_name - verbose_name_plural PasswordStageRequest: type: object description: PasswordStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' backends: type: array items: $ref: '#/components/schemas/BackendsEnum' description: Selection of backends to test the password against. configure_flow: type: string format: uuid nullable: true description: Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. failed_attempts_before_cancel: type: integer maximum: 2147483647 minimum: -2147483648 description: How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage. required: - backends - name PatchedApplicationRequest: type: object description: Application Serializer properties: name: type: string minLength: 1 description: Application's display Name. slug: type: string minLength: 1 description: Internal application name, used in URLs. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ provider: type: integer nullable: true backchannel_providers: type: array items: type: integer open_in_new_tab: type: boolean description: Open launch URL in a new browser tab or window. meta_launch_url: type: string format: uri meta_description: type: string meta_publisher: type: string policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' group: type: string PatchedAuthenticateWebAuthnStageRequest: type: object description: AuthenticateWebAuthnStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' configure_flow: type: string format: uuid nullable: true description: Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. friendly_name: type: string nullable: true minLength: 1 user_verification: $ref: '#/components/schemas/UserVerificationEnum' authenticator_attachment: allOf: - $ref: '#/components/schemas/AuthenticatorAttachmentEnum' nullable: true resident_key_requirement: $ref: '#/components/schemas/ResidentKeyRequirementEnum' PatchedAuthenticatorDuoStageRequest: type: object description: AuthenticatorDuoStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' configure_flow: type: string format: uuid nullable: true description: Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. friendly_name: type: string nullable: true minLength: 1 client_id: type: string minLength: 1 client_secret: type: string writeOnly: true minLength: 1 api_hostname: type: string minLength: 1 admin_integration_key: type: string admin_secret_key: type: string writeOnly: true PatchedAuthenticatorSMSStageRequest: type: object description: AuthenticatorSMSStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' configure_flow: type: string format: uuid nullable: true description: Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. friendly_name: type: string nullable: true minLength: 1 provider: $ref: '#/components/schemas/ProviderEnum' from_number: type: string minLength: 1 account_sid: type: string minLength: 1 auth: type: string minLength: 1 auth_password: type: string auth_type: $ref: '#/components/schemas/AuthTypeEnum' verify_only: type: boolean description: When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future. mapping: type: string format: uuid nullable: true description: Optionally modify the payload being sent to custom providers. PatchedAuthenticatorStaticStageRequest: type: object description: AuthenticatorStaticStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' configure_flow: type: string format: uuid nullable: true description: Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. friendly_name: type: string nullable: true minLength: 1 token_count: type: integer maximum: 2147483647 minimum: 0 token_length: type: integer maximum: 2147483647 minimum: 0 PatchedAuthenticatorTOTPStageRequest: type: object description: AuthenticatorTOTPStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' configure_flow: type: string format: uuid nullable: true description: Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. friendly_name: type: string nullable: true minLength: 1 digits: $ref: '#/components/schemas/DigitsEnum' PatchedAuthenticatorValidateStageRequest: type: object description: AuthenticatorValidateStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' not_configured_action: $ref: '#/components/schemas/NotConfiguredActionEnum' device_classes: type: array items: $ref: '#/components/schemas/DeviceClassesEnum' description: Device classes which can be used to authenticate configuration_stages: type: array items: type: string format: uuid description: Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again. last_auth_threshold: type: string minLength: 1 description: If any of the user's device has been used within this threshold, this stage will be skipped webauthn_user_verification: allOf: - $ref: '#/components/schemas/UserVerificationEnum' description: |- Enforce user verification for WebAuthn devices. * `required` - Required * `preferred` - Preferred * `discouraged` - Discouraged PatchedBlueprintInstanceRequest: type: object description: Info about a single blueprint instance file properties: name: type: string minLength: 1 path: type: string default: '' context: type: object additionalProperties: {} enabled: type: boolean content: type: string PatchedBrandRequest: type: object description: Brand Serializer properties: domain: type: string minLength: 1 description: Domain that activates this brand. Can be a superset, i.e. `a.b` for `aa.b` and `ba.b` default: type: boolean branding_title: type: string minLength: 1 branding_logo: type: string minLength: 1 branding_favicon: type: string minLength: 1 flow_authentication: type: string format: uuid nullable: true flow_invalidation: type: string format: uuid nullable: true flow_recovery: type: string format: uuid nullable: true flow_unenrollment: type: string format: uuid nullable: true flow_user_settings: type: string format: uuid nullable: true flow_device_code: type: string format: uuid nullable: true event_retention: type: string minLength: 1 description: 'Events will be deleted after this duration.(Format: weeks=3;days=2;hours=3,seconds=2).' web_certificate: type: string format: uuid nullable: true description: Web Certificate used by the authentik Core webserver. attributes: type: object additionalProperties: {} PatchedCaptchaStageRequest: type: object description: CaptchaStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' public_key: type: string minLength: 1 description: Public key, acquired your captcha Provider. private_key: type: string writeOnly: true minLength: 1 description: Private key, acquired your captcha Provider. js_url: type: string minLength: 1 api_url: type: string minLength: 1 PatchedCertificateKeyPairRequest: type: object description: CertificateKeyPair Serializer properties: name: type: string minLength: 1 certificate_data: type: string writeOnly: true minLength: 1 description: PEM-encoded Certificate data key_data: type: string writeOnly: true description: Optional Private Key. If this is set, you can use this keypair for encryption. PatchedConsentStageRequest: type: object description: ConsentStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' mode: $ref: '#/components/schemas/ConsentStageModeEnum' consent_expire_in: type: string minLength: 1 title: Consent expires in description: 'Offset after which consent expires. (Format: hours=1;minutes=2;seconds=3).' PatchedDenyStageRequest: type: object description: DenyStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' deny_message: type: string PatchedDockerServiceConnectionRequest: type: object description: DockerServiceConnection Serializer properties: name: type: string minLength: 1 local: type: boolean description: If enabled, use the local connection. Required Docker socket/Kubernetes Integration url: type: string minLength: 1 description: Can be in the format of 'unix://' when connecting to a local docker daemon, or 'https://:2376' when connecting to a remote system. tls_verification: type: string format: uuid nullable: true description: CA which the endpoint's Certificate is verified against. Can be left empty for no validation. tls_authentication: type: string format: uuid nullable: true description: Certificate/Key used for authentication. Can be left empty for no authentication. PatchedDomainRequest: type: object description: Domain Serializer properties: domain: type: string minLength: 1 maxLength: 253 is_primary: type: boolean tenant: type: string format: uuid PatchedDummyPolicyRequest: type: object description: Dummy Policy Serializer properties: name: type: string minLength: 1 execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. result: type: boolean wait_min: type: integer maximum: 2147483647 minimum: -2147483648 wait_max: type: integer maximum: 2147483647 minimum: -2147483648 PatchedDummyStageRequest: type: object description: DummyStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' throw_error: type: boolean PatchedDuoDeviceRequest: type: object description: Serializer for Duo authenticator devices properties: name: type: string minLength: 1 description: The human-readable name of this device. maxLength: 64 PatchedEmailStageRequest: type: object description: EmailStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' use_global_settings: type: boolean description: When enabled, global Email connection settings will be used and connection settings below will be ignored. host: type: string minLength: 1 port: type: integer maximum: 2147483647 minimum: -2147483648 username: type: string password: type: string writeOnly: true use_tls: type: boolean use_ssl: type: boolean timeout: type: integer maximum: 2147483647 minimum: -2147483648 from_address: type: string format: email minLength: 1 maxLength: 254 token_expiry: type: integer maximum: 2147483647 minimum: -2147483648 description: Time in minutes the token sent is valid. subject: type: string minLength: 1 template: type: string minLength: 1 activate_user_on_success: type: boolean description: Activate users upon completion of stage. PatchedEventMatcherPolicyRequest: type: object description: Event Matcher Policy Serializer properties: name: type: string minLength: 1 execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. action: allOf: - $ref: '#/components/schemas/EventActions' nullable: true description: |- Match created events with this action type. When left empty, all action types will be matched. * `login` - Login * `login_failed` - Login Failed * `logout` - Logout * `user_write` - User Write * `suspicious_request` - Suspicious Request * `password_set` - Password Set * `secret_view` - Secret View * `secret_rotate` - Secret Rotate * `invitation_used` - Invite Used * `authorize_application` - Authorize Application * `source_linked` - Source Linked * `impersonation_started` - Impersonation Started * `impersonation_ended` - Impersonation Ended * `flow_execution` - Flow Execution * `policy_execution` - Policy Execution * `policy_exception` - Policy Exception * `property_mapping_exception` - Property Mapping Exception * `system_task_execution` - System Task Execution * `system_task_exception` - System Task Exception * `system_exception` - System Exception * `configuration_error` - Configuration Error * `model_created` - Model Created * `model_updated` - Model Updated * `model_deleted` - Model Deleted * `email_sent` - Email Sent * `update_available` - Update Available * `custom_` - Custom Prefix client_ip: type: string nullable: true minLength: 1 description: Matches Event's Client IP (strict matching, for network matching use an Expression Policy) app: allOf: - $ref: '#/components/schemas/AppEnum' nullable: true description: |- Match events created by selected application. When left empty, all applications are matched. * `authentik.tenants` - authentik Tenants * `authentik.admin` - authentik Admin * `authentik.api` - authentik API * `authentik.crypto` - authentik Crypto * `authentik.events` - authentik Events * `authentik.flows` - authentik Flows * `authentik.outposts` - authentik Outpost * `authentik.policies.dummy` - authentik Policies.Dummy * `authentik.policies.event_matcher` - authentik Policies.Event Matcher * `authentik.policies.expiry` - authentik Policies.Expiry * `authentik.policies.expression` - authentik Policies.Expression * `authentik.policies.password` - authentik Policies.Password * `authentik.policies.reputation` - authentik Policies.Reputation * `authentik.policies` - authentik Policies * `authentik.providers.ldap` - authentik Providers.LDAP * `authentik.providers.oauth2` - authentik Providers.OAuth2 * `authentik.providers.proxy` - authentik Providers.Proxy * `authentik.providers.radius` - authentik Providers.Radius * `authentik.providers.saml` - authentik Providers.SAML * `authentik.providers.scim` - authentik Providers.SCIM * `authentik.rbac` - authentik RBAC * `authentik.recovery` - authentik Recovery * `authentik.sources.ldap` - authentik Sources.LDAP * `authentik.sources.oauth` - authentik Sources.OAuth * `authentik.sources.plex` - authentik Sources.Plex * `authentik.sources.saml` - authentik Sources.SAML * `authentik.stages.authenticator` - authentik Stages.Authenticator * `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo * `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS * `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static * `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP * `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate * `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn * `authentik.stages.captcha` - authentik Stages.Captcha * `authentik.stages.consent` - authentik Stages.Consent * `authentik.stages.deny` - authentik Stages.Deny * `authentik.stages.dummy` - authentik Stages.Dummy * `authentik.stages.email` - authentik Stages.Email * `authentik.stages.identification` - authentik Stages.Identification * `authentik.stages.invitation` - authentik Stages.User Invitation * `authentik.stages.password` - authentik Stages.Password * `authentik.stages.prompt` - authentik Stages.Prompt * `authentik.stages.user_delete` - authentik Stages.User Delete * `authentik.stages.user_login` - authentik Stages.User Login * `authentik.stages.user_logout` - authentik Stages.User Logout * `authentik.stages.user_write` - authentik Stages.User Write * `authentik.brands` - authentik Brands * `authentik.blueprints` - authentik Blueprints * `authentik.core` - authentik Core * `authentik.enterprise` - authentik Enterprise model: allOf: - $ref: '#/components/schemas/ModelEnum' nullable: true description: |- Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. * `authentik_tenants.tenant` - Tenant * `authentik_tenants.domain` - Domain * `authentik_crypto.certificatekeypair` - Certificate-Key Pair * `authentik_events.event` - Event * `authentik_events.notificationtransport` - Notification Transport * `authentik_events.notification` - Notification * `authentik_events.notificationrule` - Notification Rule * `authentik_events.notificationwebhookmapping` - Webhook Mapping * `authentik_flows.flow` - Flow * `authentik_flows.flowstagebinding` - Flow Stage Binding * `authentik_outposts.dockerserviceconnection` - Docker Service-Connection * `authentik_outposts.kubernetesserviceconnection` - Kubernetes Service-Connection * `authentik_outposts.outpost` - Outpost * `authentik_policies_dummy.dummypolicy` - Dummy Policy * `authentik_policies_event_matcher.eventmatcherpolicy` - Event Matcher Policy * `authentik_policies_expiry.passwordexpirypolicy` - Password Expiry Policy * `authentik_policies_expression.expressionpolicy` - Expression Policy * `authentik_policies_password.passwordpolicy` - Password Policy * `authentik_policies_reputation.reputationpolicy` - Reputation Policy * `authentik_policies_reputation.reputation` - Reputation Score * `authentik_policies.policybinding` - Policy Binding * `authentik_providers_ldap.ldapprovider` - LDAP Provider * `authentik_providers_oauth2.scopemapping` - Scope Mapping * `authentik_providers_oauth2.oauth2provider` - OAuth2/OpenID Provider * `authentik_providers_oauth2.authorizationcode` - Authorization Code * `authentik_providers_oauth2.accesstoken` - OAuth2 Access Token * `authentik_providers_oauth2.refreshtoken` - OAuth2 Refresh Token * `authentik_providers_proxy.proxyprovider` - Proxy Provider * `authentik_providers_radius.radiusprovider` - Radius Provider * `authentik_providers_saml.samlprovider` - SAML Provider * `authentik_providers_saml.samlpropertymapping` - SAML Property Mapping * `authentik_providers_scim.scimprovider` - SCIM Provider * `authentik_providers_scim.scimmapping` - SCIM Mapping * `authentik_rbac.role` - Role * `authentik_sources_ldap.ldapsource` - LDAP Source * `authentik_sources_ldap.ldappropertymapping` - LDAP Property Mapping * `authentik_sources_oauth.oauthsource` - OAuth Source * `authentik_sources_oauth.useroauthsourceconnection` - User OAuth Source Connection * `authentik_sources_plex.plexsource` - Plex Source * `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection * `authentik_sources_saml.samlsource` - SAML Source * `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection * `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage * `authentik_stages_authenticator_duo.duodevice` - Duo Device * `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage * `authentik_stages_authenticator_sms.smsdevice` - SMS Device * `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage * `authentik_stages_authenticator_static.staticdevice` - Static Device * `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage * `authentik_stages_authenticator_totp.totpdevice` - TOTP Device * `authentik_stages_authenticator_validate.authenticatorvalidatestage` - Authenticator Validation Stage * `authentik_stages_authenticator_webauthn.authenticatewebauthnstage` - WebAuthn Authenticator Setup Stage * `authentik_stages_authenticator_webauthn.webauthndevice` - WebAuthn Device * `authentik_stages_captcha.captchastage` - Captcha Stage * `authentik_stages_consent.consentstage` - Consent Stage * `authentik_stages_consent.userconsent` - User Consent * `authentik_stages_deny.denystage` - Deny Stage * `authentik_stages_dummy.dummystage` - Dummy Stage * `authentik_stages_email.emailstage` - Email Stage * `authentik_stages_identification.identificationstage` - Identification Stage * `authentik_stages_invitation.invitationstage` - Invitation Stage * `authentik_stages_invitation.invitation` - Invitation * `authentik_stages_password.passwordstage` - Password Stage * `authentik_stages_prompt.prompt` - Prompt * `authentik_stages_prompt.promptstage` - Prompt Stage * `authentik_stages_user_delete.userdeletestage` - User Delete Stage * `authentik_stages_user_login.userloginstage` - User Login Stage * `authentik_stages_user_logout.userlogoutstage` - User Logout Stage * `authentik_stages_user_write.userwritestage` - User Write Stage * `authentik_brands.brand` - Brand * `authentik_blueprints.blueprintinstance` - Blueprint Instance * `authentik_core.group` - Group * `authentik_core.user` - User * `authentik_core.application` - Application * `authentik_core.token` - Token * `authentik_enterprise.license` - License PatchedEventRequest: type: object description: Event Serializer properties: user: type: object additionalProperties: {} action: $ref: '#/components/schemas/EventActions' app: type: string minLength: 1 context: type: object additionalProperties: {} client_ip: type: string nullable: true minLength: 1 expires: type: string format: date-time brand: type: object additionalProperties: {} PatchedExpressionPolicyRequest: type: object description: Group Membership Policy Serializer properties: name: type: string minLength: 1 execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. expression: type: string minLength: 1 PatchedFlowRequest: type: object description: Flow Serializer properties: name: type: string minLength: 1 slug: type: string minLength: 1 description: Visible in the URL. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ title: type: string minLength: 1 description: Shown as the Title in Flow pages. designation: allOf: - $ref: '#/components/schemas/FlowDesignationEnum' description: |- Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik. * `authentication` - Authentication * `authorization` - Authorization * `invalidation` - Invalidation * `enrollment` - Enrollment * `unenrollment` - Unrenollment * `recovery` - Recovery * `stage_configuration` - Stage Configuration policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' compatibility_mode: type: boolean description: Enable compatibility mode, increases compatibility with password managers on mobile devices. layout: $ref: '#/components/schemas/LayoutEnum' denied_action: allOf: - $ref: '#/components/schemas/DeniedActionEnum' description: |- Configure what should happen when a flow denies access to a user. * `message_continue` - Message Continue * `message` - Message * `continue` - Continue authentication: allOf: - $ref: '#/components/schemas/AuthenticationEnum' description: |- Required level of authentication and authorization to access a flow. * `none` - None * `require_authenticated` - Require Authenticated * `require_unauthenticated` - Require Unauthenticated * `require_superuser` - Require Superuser PatchedFlowStageBindingRequest: type: object description: FlowStageBinding Serializer properties: target: type: string format: uuid stage: type: string format: uuid evaluate_on_plan: type: boolean description: Evaluate policies during the Flow planning process. re_evaluate_policies: type: boolean description: Evaluate policies when the Stage is present to the user. order: type: integer maximum: 2147483647 minimum: -2147483648 policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' invalid_response_action: allOf: - $ref: '#/components/schemas/InvalidResponseActionEnum' description: |- Configure how the flow executor should handle an invalid response to a challenge. RETRY returns the error message and a similar challenge to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT restarts the flow while keeping the current context. * `retry` - Retry * `restart` - Restart * `restart_with_context` - Restart With Context PatchedGroupRequest: type: object description: Group Serializer properties: name: type: string minLength: 1 maxLength: 80 is_superuser: type: boolean description: Users added to this group will be superusers. parent: type: string format: uuid nullable: true users: type: array items: type: integer attributes: type: object additionalProperties: {} roles: type: array items: type: string format: uuid PatchedIdentificationStageRequest: type: object description: IdentificationStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' user_fields: type: array items: $ref: '#/components/schemas/UserFieldsEnum' description: Fields of the user object to match against. (Hold shift to select multiple options) password_stage: type: string format: uuid nullable: true description: When set, shows a password field, instead of showing the password field as seaprate step. case_insensitive_matching: type: boolean description: When enabled, user fields are matched regardless of their casing. show_matched_user: type: boolean description: When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown enrollment_flow: type: string format: uuid nullable: true description: Optional enrollment flow, which is linked at the bottom of the page. recovery_flow: type: string format: uuid nullable: true description: Optional recovery flow, which is linked at the bottom of the page. passwordless_flow: type: string format: uuid nullable: true description: Optional passwordless flow, which is linked at the bottom of the page. sources: type: array items: type: string format: uuid description: Specify which sources should be shown. show_source_labels: type: boolean pretend_user_exists: type: boolean description: When enabled, the stage will succeed and continue even when incorrect user info is entered. PatchedInvitationRequest: type: object description: Invitation Serializer properties: name: type: string minLength: 1 maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ expires: type: string format: date-time fixed_data: type: object additionalProperties: {} single_use: type: boolean description: When enabled, the invitation will be deleted after usage. flow: type: string format: uuid nullable: true description: When set, only the configured flow can use this invitation. PatchedInvitationStageRequest: type: object description: InvitationStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' continue_flow_without_invitation: type: boolean description: If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given. PatchedKubernetesServiceConnectionRequest: type: object description: KubernetesServiceConnection Serializer properties: name: type: string minLength: 1 local: type: boolean description: If enabled, use the local connection. Required Docker socket/Kubernetes Integration kubeconfig: type: object additionalProperties: {} description: Paste your kubeconfig here. authentik will automatically use the currently selected context. verify_ssl: type: boolean description: Verify SSL Certificates of the Kubernetes API endpoint PatchedLDAPPropertyMappingRequest: type: object description: LDAP PropertyMapping Serializer properties: managed: type: string nullable: true minLength: 1 title: Managed by authentik description: Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. name: type: string minLength: 1 expression: type: string minLength: 1 object_field: type: string minLength: 1 PatchedLDAPProviderRequest: type: object description: LDAPProvider Serializer properties: name: type: string minLength: 1 authentication_flow: type: string format: uuid nullable: true description: Flow used for authentication when the associated application is accessed by an un-authenticated user. authorization_flow: type: string format: uuid description: Flow used when authorizing this provider. property_mappings: type: array items: type: string format: uuid base_dn: type: string minLength: 1 description: DN under which objects are accessible. search_group: type: string format: uuid nullable: true description: Users in this group can do search queries. If not set, every user can execute search queries. certificate: type: string format: uuid nullable: true tls_server_name: type: string uid_start_number: type: integer maximum: 2147483647 minimum: -2147483648 description: The start for uidNumbers, this number is added to the user.pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber gid_start_number: type: integer maximum: 2147483647 minimum: -2147483648 description: The start for gidNumbers, this number is added to a number generated from the group.pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber search_mode: $ref: '#/components/schemas/LDAPAPIAccessMode' bind_mode: $ref: '#/components/schemas/LDAPAPIAccessMode' mfa_support: type: boolean description: When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. PatchedLDAPSourceRequest: type: object description: LDAP Source Serializer properties: name: type: string minLength: 1 description: Source's display Name. slug: type: string minLength: 1 description: Internal source name, used in URLs. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ enabled: type: boolean authentication_flow: type: string format: uuid nullable: true description: Flow to use when authenticating existing users. enrollment_flow: type: string format: uuid nullable: true description: Flow to use when enrolling new users. policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' user_matching_mode: allOf: - $ref: '#/components/schemas/UserMatchingModeEnum' description: |- How the source determines if an existing user should be authenticated or a new user enrolled. * `identifier` - Use the source-specific identifier * `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses. * `email_deny` - Use the user's email address, but deny enrollment when the email address already exists. * `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source. * `username_deny` - Use the user's username, but deny enrollment when the username already exists. user_path_template: type: string minLength: 1 server_uri: type: string minLength: 1 format: uri peer_certificate: type: string format: uuid nullable: true description: Optionally verify the LDAP Server's Certificate against the CA Chain in this keypair. client_certificate: type: string format: uuid nullable: true description: Client certificate to authenticate against the LDAP Server's Certificate. bind_cn: type: string bind_password: type: string writeOnly: true start_tls: type: boolean title: Enable Start TLS sni: type: boolean title: Use Server URI for SNI verification base_dn: type: string minLength: 1 additional_user_dn: type: string title: Addition User DN description: Prepended to Base DN for User-queries. additional_group_dn: type: string title: Addition Group DN description: Prepended to Base DN for Group-queries. user_object_filter: type: string minLength: 1 description: Consider Objects matching this filter to be Users. group_object_filter: type: string minLength: 1 description: Consider Objects matching this filter to be Groups. group_membership_field: type: string minLength: 1 description: Field which contains members of a group. object_uniqueness_field: type: string minLength: 1 description: Field which contains a unique Identifier. sync_users: type: boolean sync_users_password: type: boolean description: When a user changes their password, sync it back to LDAP. This can only be enabled on a single LDAP source. sync_groups: type: boolean sync_parent_group: type: string format: uuid nullable: true property_mappings: type: array items: type: string format: uuid property_mappings_group: type: array items: type: string format: uuid description: Property mappings used for group creation/updating. PatchedLicenseRequest: type: object description: License Serializer properties: key: type: string minLength: 1 PatchedNotificationRequest: type: object description: Notification Serializer properties: event: $ref: '#/components/schemas/EventRequest' seen: type: boolean PatchedNotificationRuleRequest: type: object description: NotificationRule Serializer properties: name: type: string minLength: 1 transports: type: array items: type: string format: uuid description: Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI. severity: allOf: - $ref: '#/components/schemas/SeverityEnum' description: |- Controls which severity level the created notifications will have. * `notice` - Notice * `warning` - Warning * `alert` - Alert group: type: string format: uuid nullable: true description: Define which group of users this notification should be sent and shown to. If left empty, Notification won't ben sent. PatchedNotificationTransportRequest: type: object description: NotificationTransport Serializer properties: name: type: string minLength: 1 mode: $ref: '#/components/schemas/NotificationTransportModeEnum' webhook_url: type: string format: uri webhook_mapping: type: string format: uuid nullable: true send_once: type: boolean description: Only send notification once, for example when sending a webhook into a chat channel. PatchedNotificationWebhookMappingRequest: type: object description: NotificationWebhookMapping Serializer properties: name: type: string minLength: 1 expression: type: string minLength: 1 PatchedOAuth2ProviderRequest: type: object description: OAuth2Provider Serializer properties: name: type: string minLength: 1 authentication_flow: type: string format: uuid nullable: true description: Flow used for authentication when the associated application is accessed by an un-authenticated user. authorization_flow: type: string format: uuid description: Flow used when authorizing this provider. property_mappings: type: array items: type: string format: uuid client_type: allOf: - $ref: '#/components/schemas/ClientTypeEnum' description: |- Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable * `confidential` - Confidential * `public` - Public client_id: type: string minLength: 1 maxLength: 255 client_secret: type: string maxLength: 255 access_code_validity: type: string minLength: 1 description: 'Access codes not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).' access_token_validity: type: string minLength: 1 description: 'Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).' refresh_token_validity: type: string minLength: 1 description: 'Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).' include_claims_in_id_token: type: boolean description: Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint. signing_key: type: string format: uuid nullable: true description: Key used to sign the tokens. Only required when JWT Algorithm is set to RS256. redirect_uris: type: string description: Enter each URI on a new line. sub_mode: allOf: - $ref: '#/components/schemas/SubModeEnum' description: |- Configure what data should be used as unique User Identifier. For most cases, the default should be fine. * `hashed_user_id` - Based on the Hashed User ID * `user_id` - Based on user ID * `user_uuid` - Based on user UUID * `user_username` - Based on the username * `user_email` - Based on the User's Email. This is recommended over the UPN method. * `user_upn` - Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains. issuer_mode: allOf: - $ref: '#/components/schemas/IssuerModeEnum' description: |- Configure how the issuer field of the ID Token should be filled. * `global` - Same identifier is used for all providers * `per_provider` - Each provider has a different issuer, based on the application slug. jwks_sources: type: array items: type: string format: uuid title: Any JWT signed by the JWK of the selected source can be used to authenticate. title: Any JWT signed by the JWK of the selected source can be used to authenticate. PatchedOAuthSourceRequest: type: object description: OAuth Source Serializer properties: name: type: string minLength: 1 description: Source's display Name. slug: type: string minLength: 1 description: Internal source name, used in URLs. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ enabled: type: boolean authentication_flow: type: string format: uuid nullable: true description: Flow to use when authenticating existing users. enrollment_flow: type: string format: uuid nullable: true description: Flow to use when enrolling new users. policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' user_matching_mode: allOf: - $ref: '#/components/schemas/UserMatchingModeEnum' description: |- How the source determines if an existing user should be authenticated or a new user enrolled. * `identifier` - Use the source-specific identifier * `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses. * `email_deny` - Use the user's email address, but deny enrollment when the email address already exists. * `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source. * `username_deny` - Use the user's username, but deny enrollment when the username already exists. user_path_template: type: string minLength: 1 provider_type: $ref: '#/components/schemas/ProviderTypeEnum' request_token_url: type: string nullable: true minLength: 1 description: URL used to request the initial token. This URL is only required for OAuth 1. maxLength: 255 authorization_url: type: string nullable: true minLength: 1 description: URL the user is redirect to to conest the flow. maxLength: 255 access_token_url: type: string nullable: true minLength: 1 description: URL used by authentik to retrieve tokens. maxLength: 255 profile_url: type: string nullable: true minLength: 1 description: URL used by authentik to get user information. maxLength: 255 consumer_key: type: string minLength: 1 consumer_secret: type: string writeOnly: true minLength: 1 additional_scopes: type: string oidc_well_known_url: type: string oidc_jwks_url: type: string oidc_jwks: type: object additionalProperties: {} PatchedOutpostRequest: type: object description: Outpost Serializer properties: name: type: string minLength: 1 type: $ref: '#/components/schemas/OutpostTypeEnum' providers: type: array items: type: integer service_connection: type: string format: uuid nullable: true description: Select Service-Connection authentik should use to manage this outpost. Leave empty if authentik should not handle the deployment. config: type: object additionalProperties: {} managed: type: string nullable: true minLength: 1 title: Managed by authentik description: Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. PatchedPasswordExpiryPolicyRequest: type: object description: Password Expiry Policy Serializer properties: name: type: string minLength: 1 execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. days: type: integer maximum: 2147483647 minimum: -2147483648 deny_only: type: boolean PatchedPasswordPolicyRequest: type: object description: Password Policy Serializer properties: name: type: string minLength: 1 execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. password_field: type: string minLength: 1 description: Field key to check, field keys defined in Prompt stages are available. amount_digits: type: integer maximum: 2147483647 minimum: 0 amount_uppercase: type: integer maximum: 2147483647 minimum: 0 amount_lowercase: type: integer maximum: 2147483647 minimum: 0 amount_symbols: type: integer maximum: 2147483647 minimum: 0 length_min: type: integer maximum: 2147483647 minimum: 0 symbol_charset: type: string minLength: 1 error_message: type: string check_static_rules: type: boolean check_have_i_been_pwned: type: boolean check_zxcvbn: type: boolean hibp_allowed_count: type: integer maximum: 2147483647 minimum: 0 description: How many times the password hash is allowed to be on haveibeenpwned zxcvbn_score_threshold: type: integer maximum: 2147483647 minimum: 0 description: If the zxcvbn score is equal or less than this value, the policy will fail. PatchedPasswordStageRequest: type: object description: PasswordStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' backends: type: array items: $ref: '#/components/schemas/BackendsEnum' description: Selection of backends to test the password against. configure_flow: type: string format: uuid nullable: true description: Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. failed_attempts_before_cancel: type: integer maximum: 2147483647 minimum: -2147483648 description: How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage. PatchedPermissionAssignRequest: type: object description: Request to assign a new permission properties: permissions: type: array items: type: string minLength: 1 model: $ref: '#/components/schemas/ModelEnum' object_pk: type: string minLength: 1 PatchedPlexSourceConnectionRequest: type: object description: Plex Source connection Serializer properties: identifier: type: string minLength: 1 plex_token: type: string minLength: 1 PatchedPlexSourceRequest: type: object description: Plex Source Serializer properties: name: type: string minLength: 1 description: Source's display Name. slug: type: string minLength: 1 description: Internal source name, used in URLs. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ enabled: type: boolean authentication_flow: type: string format: uuid nullable: true description: Flow to use when authenticating existing users. enrollment_flow: type: string format: uuid nullable: true description: Flow to use when enrolling new users. policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' user_matching_mode: allOf: - $ref: '#/components/schemas/UserMatchingModeEnum' description: |- How the source determines if an existing user should be authenticated or a new user enrolled. * `identifier` - Use the source-specific identifier * `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses. * `email_deny` - Use the user's email address, but deny enrollment when the email address already exists. * `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source. * `username_deny` - Use the user's username, but deny enrollment when the username already exists. user_path_template: type: string minLength: 1 client_id: type: string minLength: 1 description: Client identifier used to talk to Plex. allowed_servers: type: array items: type: string minLength: 1 description: Which servers a user has to be a member of to be granted access. Empty list allows every server. allow_friends: type: boolean description: Allow friends to authenticate, even if you don't share a server. plex_token: type: string minLength: 1 description: Plex token used to check friends PatchedPolicyBindingRequest: type: object description: PolicyBinding Serializer properties: policy: type: string format: uuid nullable: true group: type: string format: uuid nullable: true user: type: integer nullable: true target: type: string format: uuid negate: type: boolean description: Negates the outcome of the policy. Messages are unaffected. enabled: type: boolean order: type: integer maximum: 2147483647 minimum: -2147483648 timeout: type: integer maximum: 2147483647 minimum: 0 description: Timeout after which Policy execution is terminated. failure_result: type: boolean description: Result if the Policy execution fails. PatchedPromptRequest: type: object description: Prompt Serializer properties: name: type: string minLength: 1 field_key: type: string minLength: 1 description: Name of the form field, also used to store the value label: type: string minLength: 1 type: $ref: '#/components/schemas/PromptTypeEnum' required: type: boolean placeholder: type: string description: Optionally provide a short hint that describes the expected input value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple choices. initial_value: type: string description: Optionally pre-fill the input with an initial value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple default choices. order: type: integer maximum: 2147483647 minimum: -2147483648 promptstage_set: type: array items: $ref: '#/components/schemas/StageRequest' sub_text: type: string placeholder_expression: type: boolean initial_value_expression: type: boolean PatchedPromptStageRequest: type: object description: PromptStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' fields: type: array items: type: string format: uuid validation_policies: type: array items: type: string format: uuid PatchedProxyProviderRequest: type: object description: ProxyProvider Serializer properties: name: type: string minLength: 1 authentication_flow: type: string format: uuid nullable: true description: Flow used for authentication when the associated application is accessed by an un-authenticated user. authorization_flow: type: string format: uuid description: Flow used when authorizing this provider. property_mappings: type: array items: type: string format: uuid internal_host: type: string format: uri external_host: type: string minLength: 1 format: uri internal_host_ssl_validation: type: boolean description: Validate SSL Certificates of upstream servers certificate: type: string format: uuid nullable: true skip_path_regex: type: string description: Regular expressions for which authentication is not required. Each new line is interpreted as a new Regular Expression. basic_auth_enabled: type: boolean title: Set HTTP-Basic Authentication description: Set a custom HTTP-Basic Authentication header based on values from authentik. basic_auth_password_attribute: type: string title: HTTP-Basic Password Key description: User/Group Attribute used for the password part of the HTTP-Basic Header. basic_auth_user_attribute: type: string title: HTTP-Basic Username Key description: User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used. mode: allOf: - $ref: '#/components/schemas/ProxyMode' description: |- Enable support for forwardAuth in traefik and nginx auth_request. Exclusive with internal_host. * `proxy` - Proxy * `forward_single` - Forward Single * `forward_domain` - Forward Domain intercept_header_auth: type: boolean description: When enabled, this provider will intercept the authorization header and authenticate requests based on its value. cookie_domain: type: string jwks_sources: type: array items: type: string format: uuid title: Any JWT signed by the JWK of the selected source can be used to authenticate. title: Any JWT signed by the JWK of the selected source can be used to authenticate. access_token_validity: type: string minLength: 1 description: 'Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).' refresh_token_validity: type: string minLength: 1 description: 'Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).' PatchedRadiusProviderRequest: type: object description: RadiusProvider Serializer properties: name: type: string minLength: 1 authentication_flow: type: string format: uuid nullable: true description: Flow used for authentication when the associated application is accessed by an un-authenticated user. authorization_flow: type: string format: uuid description: Flow used when authorizing this provider. property_mappings: type: array items: type: string format: uuid client_networks: type: string minLength: 1 description: List of CIDRs (comma-separated) that clients can connect from. A more specific CIDR will match before a looser one. Clients connecting from a non-specified CIDR will be dropped. shared_secret: type: string minLength: 1 description: Shared secret between clients and server to hash packets. mfa_support: type: boolean description: When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. PatchedReputationPolicyRequest: type: object description: Reputation Policy Serializer properties: name: type: string minLength: 1 execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. check_ip: type: boolean check_username: type: boolean threshold: type: integer maximum: 2147483647 minimum: -2147483648 PatchedRoleRequest: type: object description: Role serializer properties: name: type: string minLength: 1 maxLength: 150 PatchedSAMLPropertyMappingRequest: type: object description: SAMLPropertyMapping Serializer properties: managed: type: string nullable: true minLength: 1 title: Managed by authentik description: Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. name: type: string minLength: 1 expression: type: string minLength: 1 saml_name: type: string minLength: 1 friendly_name: type: string nullable: true PatchedSAMLProviderRequest: type: object description: SAMLProvider Serializer properties: name: type: string minLength: 1 authentication_flow: type: string format: uuid nullable: true description: Flow used for authentication when the associated application is accessed by an un-authenticated user. authorization_flow: type: string format: uuid description: Flow used when authorizing this provider. property_mappings: type: array items: type: string format: uuid acs_url: type: string format: uri minLength: 1 maxLength: 200 audience: type: string description: Value of the audience restriction field of the assertion. When left empty, no audience restriction will be added. issuer: type: string minLength: 1 description: Also known as EntityID assertion_valid_not_before: type: string minLength: 1 description: 'Assertion valid not before current time + this value (Format: hours=-1;minutes=-2;seconds=-3).' assertion_valid_not_on_or_after: type: string minLength: 1 description: 'Assertion not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).' session_valid_not_on_or_after: type: string minLength: 1 description: 'Session not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).' name_id_mapping: type: string format: uuid nullable: true title: NameID Property Mapping description: Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be considered digest_algorithm: $ref: '#/components/schemas/DigestAlgorithmEnum' signature_algorithm: $ref: '#/components/schemas/SignatureAlgorithmEnum' signing_kp: type: string format: uuid nullable: true title: Signing Keypair description: Keypair used to sign outgoing Responses going to the Service Provider. verification_kp: type: string format: uuid nullable: true title: Verification Certificate description: When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. sp_binding: allOf: - $ref: '#/components/schemas/SpBindingEnum' title: Service Provider Binding description: |- This determines how authentik sends the response back to the Service Provider. * `redirect` - Redirect * `post` - Post default_relay_state: type: string description: Default relay_state value for IDP-initiated logins PatchedSAMLSourceRequest: type: object description: SAMLSource Serializer properties: name: type: string minLength: 1 description: Source's display Name. slug: type: string minLength: 1 description: Internal source name, used in URLs. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ enabled: type: boolean authentication_flow: type: string format: uuid nullable: true description: Flow to use when authenticating existing users. enrollment_flow: type: string format: uuid nullable: true description: Flow to use when enrolling new users. policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' user_matching_mode: allOf: - $ref: '#/components/schemas/UserMatchingModeEnum' description: |- How the source determines if an existing user should be authenticated or a new user enrolled. * `identifier` - Use the source-specific identifier * `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses. * `email_deny` - Use the user's email address, but deny enrollment when the email address already exists. * `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source. * `username_deny` - Use the user's username, but deny enrollment when the username already exists. user_path_template: type: string minLength: 1 pre_authentication_flow: type: string format: uuid description: Flow used before authentication. issuer: type: string description: Also known as Entity ID. Defaults the Metadata URL. sso_url: type: string format: uri minLength: 1 description: URL that the initial Login request is sent to. maxLength: 200 slo_url: type: string format: uri nullable: true description: Optional URL if your IDP supports Single-Logout. maxLength: 200 allow_idp_initiated: type: boolean description: Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done. name_id_policy: allOf: - $ref: '#/components/schemas/NameIdPolicyEnum' description: |- NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent. * `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress` - Email * `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent` - Persistent * `urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName` - X509 * `urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName` - Windows * `urn:oasis:names:tc:SAML:2.0:nameid-format:transient` - Transient binding_type: $ref: '#/components/schemas/BindingTypeEnum' verification_kp: type: string format: uuid nullable: true title: Verification Certificate description: When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. signing_kp: type: string format: uuid nullable: true title: Signing Keypair description: Keypair used to sign outgoing Responses going to the Identity Provider. digest_algorithm: $ref: '#/components/schemas/DigestAlgorithmEnum' signature_algorithm: $ref: '#/components/schemas/SignatureAlgorithmEnum' temporary_user_delete_after: type: string minLength: 1 title: Delete temporary users after description: 'Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format ''transient'', and the user doesn''t log out manually. (Format: hours=1;minutes=2;seconds=3).' PatchedSCIMMappingRequest: type: object description: SCIMMapping Serializer properties: managed: type: string nullable: true minLength: 1 title: Managed by authentik description: Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. name: type: string minLength: 1 expression: type: string minLength: 1 PatchedSCIMProviderRequest: type: object description: SCIMProvider Serializer properties: name: type: string minLength: 1 property_mappings: type: array items: type: string format: uuid property_mappings_group: type: array items: type: string format: uuid description: Property mappings used for group creation/updating. url: type: string minLength: 1 description: Base URL to SCIM requests, usually ends in /v2 token: type: string minLength: 1 description: Authentication token exclude_users_service_account: type: boolean filter_group: type: string format: uuid nullable: true PatchedSMSDeviceRequest: type: object description: Serializer for sms authenticator devices properties: name: type: string minLength: 1 description: The human-readable name of this device. maxLength: 64 PatchedScopeMappingRequest: type: object description: ScopeMapping Serializer properties: managed: type: string nullable: true minLength: 1 title: Managed by authentik description: Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. name: type: string minLength: 1 expression: type: string minLength: 1 scope_name: type: string minLength: 1 description: Scope name requested by the client description: type: string description: Description shown to the user when consenting. If left empty, the user won't be informed. PatchedSettingsRequest: type: object description: Settings Serializer properties: avatars: type: string minLength: 1 description: Configure how authentik should show avatars for users. default_user_change_name: type: boolean description: Enable the ability for users to change their name. default_user_change_email: type: boolean description: Enable the ability for users to change their email address. default_user_change_username: type: boolean description: Enable the ability for users to change their username. gdpr_compliance: type: boolean description: When enabled, all the events caused by a user will be deleted upon the user's deletion. impersonation: type: boolean description: Globally enable/disable impersonation. footer_links: type: object additionalProperties: {} description: The option configures the footer links on the flow executor pages. PatchedStaticDeviceRequest: type: object description: Serializer for static authenticator devices properties: name: type: string minLength: 1 description: The human-readable name of this device. maxLength: 64 PatchedTOTPDeviceRequest: type: object description: Serializer for totp authenticator devices properties: name: type: string minLength: 1 description: The human-readable name of this device. maxLength: 64 PatchedTenantRequest: type: object description: Tenant Serializer properties: schema_name: type: string minLength: 1 maxLength: 63 name: type: string minLength: 1 ready: type: boolean PatchedTokenRequest: type: object description: Token Serializer properties: managed: type: string nullable: true minLength: 1 title: Managed by authentik description: Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. identifier: type: string minLength: 1 maxLength: 255 pattern: ^[-a-zA-Z0-9_]+$ intent: $ref: '#/components/schemas/IntentEnum' user: type: integer description: type: string expires: type: string format: date-time expiring: type: boolean PatchedUserDeleteStageRequest: type: object description: UserDeleteStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' PatchedUserLoginStageRequest: type: object description: UserLoginStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' session_duration: type: string minLength: 1 description: 'Determines how long a session lasts. Default of 0 means that the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)' terminate_other_sessions: type: boolean description: Terminate all other sessions of the user logging in. remember_me_offset: type: string minLength: 1 description: 'Offset the session will be extended by when the user picks the remember me option. Default of 0 means that the remember me option will not be shown. (Format: hours=-1;minutes=-2;seconds=-3)' PatchedUserLogoutStageRequest: type: object description: UserLogoutStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' PatchedUserOAuthSourceConnectionRequest: type: object description: OAuth Source Serializer properties: user: type: integer identifier: type: string minLength: 1 maxLength: 255 access_token: type: string writeOnly: true nullable: true PatchedUserRequest: type: object description: User Serializer properties: username: type: string minLength: 1 maxLength: 150 name: type: string description: User's display name. is_active: type: boolean title: Active description: Designates whether this user should be treated as active. Unselect this instead of deleting accounts. last_login: type: string format: date-time nullable: true groups: type: array items: type: string format: uuid email: type: string format: email title: Email address maxLength: 254 attributes: type: object additionalProperties: {} path: type: string minLength: 1 type: $ref: '#/components/schemas/UserTypeEnum' PatchedUserSAMLSourceConnectionRequest: type: object description: SAML Source Serializer properties: user: type: integer identifier: type: string minLength: 1 PatchedUserWriteStageRequest: type: object description: UserWriteStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' user_creation_mode: $ref: '#/components/schemas/UserCreationModeEnum' create_users_as_inactive: type: boolean description: When set, newly created users are inactive and cannot login. create_users_group: type: string format: uuid nullable: true description: Optionally add newly created users to this group. user_type: $ref: '#/components/schemas/UserTypeEnum' user_path_template: type: string PatchedWebAuthnDeviceRequest: type: object description: Serializer for WebAuthn authenticator devices properties: name: type: string minLength: 1 maxLength: 200 Permission: type: object description: Global permission properties: id: type: integer readOnly: true name: type: string maxLength: 255 codename: type: string maxLength: 100 model: type: string title: Python model class name readOnly: true app_label: type: string readOnly: true app_label_verbose: type: string description: Human-readable app label readOnly: true model_verbose: type: string description: Human-readable model name readOnly: true required: - app_label - app_label_verbose - codename - id - model - model_verbose - name PermissionAssignRequest: type: object description: Request to assign a new permission properties: permissions: type: array items: type: string minLength: 1 model: $ref: '#/components/schemas/ModelEnum' object_pk: type: string minLength: 1 required: - permissions PlexAuthenticationChallenge: type: object description: Challenge shown to the user in identification stage properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: ak-source-plex response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' client_id: type: string slug: type: string required: - client_id - slug - type PlexAuthenticationChallengeResponseRequest: type: object description: Pseudo class for plex response properties: component: type: string minLength: 1 default: ak-source-plex PlexSource: type: object description: Plex Source Serializer properties: pk: type: string format: uuid readOnly: true title: Pbm uuid name: type: string description: Source's display Name. slug: type: string description: Internal source name, used in URLs. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ enabled: type: boolean authentication_flow: type: string format: uuid nullable: true description: Flow to use when authenticating existing users. enrollment_flow: type: string format: uuid nullable: true description: Flow to use when enrolling new users. component: type: string description: Get object component so that we know how to edit the object readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' user_matching_mode: allOf: - $ref: '#/components/schemas/UserMatchingModeEnum' description: |- How the source determines if an existing user should be authenticated or a new user enrolled. * `identifier` - Use the source-specific identifier * `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses. * `email_deny` - Use the user's email address, but deny enrollment when the email address already exists. * `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source. * `username_deny` - Use the user's username, but deny enrollment when the username already exists. managed: type: string nullable: true title: Managed by authentik description: Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. readOnly: true user_path_template: type: string icon: type: string nullable: true description: |- Get the URL to the Icon. If the name is /static or starts with http it is returned as-is readOnly: true client_id: type: string description: Client identifier used to talk to Plex. allowed_servers: type: array items: type: string description: Which servers a user has to be a member of to be granted access. Empty list allows every server. allow_friends: type: boolean description: Allow friends to authenticate, even if you don't share a server. plex_token: type: string description: Plex token used to check friends required: - component - icon - managed - meta_model_name - name - pk - plex_token - slug - verbose_name - verbose_name_plural PlexSourceConnection: type: object description: Plex Source connection Serializer properties: pk: type: integer readOnly: true title: ID user: type: integer readOnly: true source: allOf: - $ref: '#/components/schemas/Source' readOnly: true identifier: type: string plex_token: type: string required: - identifier - pk - plex_token - source - user PlexSourceConnectionRequest: type: object description: Plex Source connection Serializer properties: identifier: type: string minLength: 1 plex_token: type: string minLength: 1 required: - identifier - plex_token PlexSourceRequest: type: object description: Plex Source Serializer properties: name: type: string minLength: 1 description: Source's display Name. slug: type: string minLength: 1 description: Internal source name, used in URLs. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ enabled: type: boolean authentication_flow: type: string format: uuid nullable: true description: Flow to use when authenticating existing users. enrollment_flow: type: string format: uuid nullable: true description: Flow to use when enrolling new users. policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' user_matching_mode: allOf: - $ref: '#/components/schemas/UserMatchingModeEnum' description: |- How the source determines if an existing user should be authenticated or a new user enrolled. * `identifier` - Use the source-specific identifier * `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses. * `email_deny` - Use the user's email address, but deny enrollment when the email address already exists. * `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source. * `username_deny` - Use the user's username, but deny enrollment when the username already exists. user_path_template: type: string minLength: 1 client_id: type: string minLength: 1 description: Client identifier used to talk to Plex. allowed_servers: type: array items: type: string minLength: 1 description: Which servers a user has to be a member of to be granted access. Empty list allows every server. allow_friends: type: boolean description: Allow friends to authenticate, even if you don't share a server. plex_token: type: string minLength: 1 description: Plex token used to check friends required: - name - plex_token - slug PlexTokenRedeemRequest: type: object description: Serializer to redeem a plex token properties: plex_token: type: string minLength: 1 required: - plex_token Policy: type: object description: Policy Serializer properties: pk: type: string format: uuid readOnly: true title: Policy uuid name: type: string execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. component: type: string description: Get object component so that we know how to edit the object readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true bound_to: type: integer description: Return objects policy is bound to readOnly: true required: - bound_to - component - meta_model_name - name - pk - verbose_name - verbose_name_plural PolicyBinding: type: object description: PolicyBinding Serializer properties: pk: type: string format: uuid readOnly: true title: Policy binding uuid policy: type: string format: uuid nullable: true group: type: string format: uuid nullable: true user: type: integer nullable: true policy_obj: allOf: - $ref: '#/components/schemas/Policy' readOnly: true group_obj: allOf: - $ref: '#/components/schemas/Group' readOnly: true user_obj: allOf: - $ref: '#/components/schemas/User' readOnly: true target: type: string format: uuid negate: type: boolean description: Negates the outcome of the policy. Messages are unaffected. enabled: type: boolean order: type: integer maximum: 2147483647 minimum: -2147483648 timeout: type: integer maximum: 2147483647 minimum: 0 description: Timeout after which Policy execution is terminated. failure_result: type: boolean description: Result if the Policy execution fails. required: - group_obj - order - pk - policy_obj - target - user_obj PolicyBindingRequest: type: object description: PolicyBinding Serializer properties: policy: type: string format: uuid nullable: true group: type: string format: uuid nullable: true user: type: integer nullable: true target: type: string format: uuid negate: type: boolean description: Negates the outcome of the policy. Messages are unaffected. enabled: type: boolean order: type: integer maximum: 2147483647 minimum: -2147483648 timeout: type: integer maximum: 2147483647 minimum: 0 description: Timeout after which Policy execution is terminated. failure_result: type: boolean description: Result if the Policy execution fails. required: - order - target PolicyEngineMode: enum: - all - any type: string description: |- * `all` - all, all policies must pass * `any` - any, any policy must pass PolicyRequest: type: object description: Policy Serializer properties: name: type: string minLength: 1 execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. required: - name PolicyTestRequest: type: object description: Test policy execution for a user with context properties: user: type: integer context: type: object additionalProperties: {} required: - user PolicyTestResult: type: object description: result of a policy test properties: passing: type: boolean messages: type: array items: type: string readOnly: true log_messages: type: array items: type: object additionalProperties: {} readOnly: true required: - log_messages - messages - passing Prompt: type: object description: Prompt Serializer properties: pk: type: string format: uuid readOnly: true title: Prompt uuid name: type: string field_key: type: string description: Name of the form field, also used to store the value label: type: string type: $ref: '#/components/schemas/PromptTypeEnum' required: type: boolean placeholder: type: string description: Optionally provide a short hint that describes the expected input value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple choices. initial_value: type: string description: Optionally pre-fill the input with an initial value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple default choices. order: type: integer maximum: 2147483647 minimum: -2147483648 promptstage_set: type: array items: $ref: '#/components/schemas/Stage' sub_text: type: string placeholder_expression: type: boolean initial_value_expression: type: boolean required: - field_key - label - name - pk - type PromptChallenge: type: object description: Initial challenge being sent, define fields properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: ak-stage-prompt response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' fields: type: array items: $ref: '#/components/schemas/StagePrompt' required: - fields - type PromptChallengeResponseRequest: type: object description: |- Validate response, fields are dynamically created based on the stage properties: component: type: string minLength: 1 default: ak-stage-prompt additionalProperties: {} PromptRequest: type: object description: Prompt Serializer properties: name: type: string minLength: 1 field_key: type: string minLength: 1 description: Name of the form field, also used to store the value label: type: string minLength: 1 type: $ref: '#/components/schemas/PromptTypeEnum' required: type: boolean placeholder: type: string description: Optionally provide a short hint that describes the expected input value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple choices. initial_value: type: string description: Optionally pre-fill the input with an initial value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple default choices. order: type: integer maximum: 2147483647 minimum: -2147483648 promptstage_set: type: array items: $ref: '#/components/schemas/StageRequest' sub_text: type: string placeholder_expression: type: boolean initial_value_expression: type: boolean required: - field_key - label - name - type PromptStage: type: object description: PromptStage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string description: Get object type so that we know how to edit the object readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true flow_set: type: array items: $ref: '#/components/schemas/FlowSet' fields: type: array items: type: string format: uuid validation_policies: type: array items: type: string format: uuid required: - component - fields - meta_model_name - name - pk - verbose_name - verbose_name_plural PromptStageRequest: type: object description: PromptStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' fields: type: array items: type: string format: uuid validation_policies: type: array items: type: string format: uuid required: - fields - name PromptTypeEnum: enum: - text - text_area - text_read_only - text_area_read_only - username - email - password - number - checkbox - radio-button-group - dropdown - date - date-time - file - separator - hidden - static - ak-locale type: string description: |- * `text` - Text: Simple Text input * `text_area` - Text area: Multiline Text Input. * `text_read_only` - Text (read-only): Simple Text input, but cannot be edited. * `text_area_read_only` - Text area (read-only): Multiline Text input, but cannot be edited. * `username` - Username: Same as Text input, but checks for and prevents duplicate usernames. * `email` - Email: Text field with Email type. * `password` - Password: Masked input, multiple inputs of this type on the same prompt need to be identical. * `number` - Number * `checkbox` - Checkbox * `radio-button-group` - Fixed choice field rendered as a group of radio buttons. * `dropdown` - Fixed choice field rendered as a dropdown. * `date` - Date * `date-time` - Date Time * `file` - File: File upload for arbitrary files. File content will be available in flow context as data-URI * `separator` - Separator: Static Separator Line * `hidden` - Hidden: Hidden field, can be used to insert data into form. * `static` - Static: Static value, displayed as-is. * `ak-locale` - authentik: Selection of locales authentik supports PropertyMapping: type: object description: PropertyMapping Serializer properties: pk: type: string format: uuid readOnly: true title: Pm uuid managed: type: string nullable: true title: Managed by authentik description: Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. name: type: string expression: type: string component: type: string description: Get object's component so that we know how to edit the object readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true required: - component - expression - meta_model_name - name - pk - verbose_name - verbose_name_plural PropertyMappingPreview: type: object description: Preview how the current user is mapped via the property mappings selected in a provider properties: preview: type: object additionalProperties: {} readOnly: true required: - preview PropertyMappingTestResult: type: object description: Result of a Property-mapping test properties: result: type: string readOnly: true successful: type: boolean readOnly: true required: - result - successful Provider: type: object description: Provider Serializer properties: pk: type: integer readOnly: true title: ID name: type: string authentication_flow: type: string format: uuid nullable: true description: Flow used for authentication when the associated application is accessed by an un-authenticated user. authorization_flow: type: string format: uuid description: Flow used when authorizing this provider. property_mappings: type: array items: type: string format: uuid component: type: string description: Get object component so that we know how to edit the object readOnly: true assigned_application_slug: type: string description: Internal application name, used in URLs. readOnly: true assigned_application_name: type: string description: Application's display Name. readOnly: true assigned_backchannel_application_slug: type: string description: Internal application name, used in URLs. readOnly: true assigned_backchannel_application_name: type: string description: Application's display Name. readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true required: - assigned_application_name - assigned_application_slug - assigned_backchannel_application_name - assigned_backchannel_application_slug - authorization_flow - component - meta_model_name - name - pk - verbose_name - verbose_name_plural ProviderEnum: enum: - twilio - generic type: string description: |- * `twilio` - Twilio * `generic` - Generic ProviderModelEnum: enum: - authentik_providers_ldap.ldapprovider - authentik_providers_oauth2.oauth2provider - authentik_providers_proxy.proxyprovider - authentik_providers_radius.radiusprovider - authentik_providers_saml.samlprovider - authentik_providers_scim.scimprovider type: string description: |- * `authentik_providers_ldap.ldapprovider` - authentik_providers_ldap.ldapprovider * `authentik_providers_oauth2.oauth2provider` - authentik_providers_oauth2.oauth2provider * `authentik_providers_proxy.proxyprovider` - authentik_providers_proxy.proxyprovider * `authentik_providers_radius.radiusprovider` - authentik_providers_radius.radiusprovider * `authentik_providers_saml.samlprovider` - authentik_providers_saml.samlprovider * `authentik_providers_scim.scimprovider` - authentik_providers_scim.scimprovider ProviderRequest: type: object description: Provider Serializer properties: name: type: string minLength: 1 authentication_flow: type: string format: uuid nullable: true description: Flow used for authentication when the associated application is accessed by an un-authenticated user. authorization_flow: type: string format: uuid description: Flow used when authorizing this provider. property_mappings: type: array items: type: string format: uuid required: - authorization_flow - name ProviderTypeEnum: enum: - apple - azuread - discord - facebook - github - google - mailcow - openidconnect - okta - patreon - reddit - twitch - twitter type: string description: |- * `apple` - Apple * `azuread` - Azure AD * `discord` - Discord * `facebook` - Facebook * `github` - GitHub * `google` - Google * `mailcow` - Mailcow * `openidconnect` - OpenID Connect * `okta` - Okta * `patreon` - Patreon * `reddit` - Reddit * `twitch` - Twitch * `twitter` - Twitter ProxyMode: enum: - proxy - forward_single - forward_domain type: string description: |- * `proxy` - Proxy * `forward_single` - Forward Single * `forward_domain` - Forward Domain ProxyOutpostConfig: type: object description: Proxy provider serializer for outposts properties: pk: type: integer readOnly: true title: ID name: type: string internal_host: type: string format: uri external_host: type: string format: uri internal_host_ssl_validation: type: boolean description: Validate SSL Certificates of upstream servers client_id: type: string maxLength: 255 client_secret: type: string maxLength: 255 oidc_configuration: allOf: - $ref: '#/components/schemas/OpenIDConnectConfiguration' readOnly: true cookie_secret: type: string certificate: type: string format: uuid nullable: true skip_path_regex: type: string description: Regular expressions for which authentication is not required. Each new line is interpreted as a new Regular Expression. basic_auth_enabled: type: boolean title: Set HTTP-Basic Authentication description: Set a custom HTTP-Basic Authentication header based on values from authentik. basic_auth_password_attribute: type: string title: HTTP-Basic Password Key description: User/Group Attribute used for the password part of the HTTP-Basic Header. basic_auth_user_attribute: type: string title: HTTP-Basic Username Key description: User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used. mode: allOf: - $ref: '#/components/schemas/ProxyMode' description: |- Enable support for forwardAuth in traefik and nginx auth_request. Exclusive with internal_host. * `proxy` - Proxy * `forward_single` - Forward Single * `forward_domain` - Forward Domain cookie_domain: type: string access_token_validity: type: number format: double nullable: true description: Get token validity as second count readOnly: true intercept_header_auth: type: boolean description: When enabled, this provider will intercept the authorization header and authenticate requests based on its value. scopes_to_request: type: array items: type: string description: |- Get all the scope names the outpost should request, including custom-defined ones readOnly: true assigned_application_slug: type: string description: Internal application name, used in URLs. readOnly: true assigned_application_name: type: string description: Application's display Name. readOnly: true required: - access_token_validity - assigned_application_name - assigned_application_slug - external_host - name - oidc_configuration - pk - scopes_to_request ProxyProvider: type: object description: ProxyProvider Serializer properties: pk: type: integer readOnly: true title: ID name: type: string authentication_flow: type: string format: uuid nullable: true description: Flow used for authentication when the associated application is accessed by an un-authenticated user. authorization_flow: type: string format: uuid description: Flow used when authorizing this provider. property_mappings: type: array items: type: string format: uuid component: type: string description: Get object component so that we know how to edit the object readOnly: true assigned_application_slug: type: string description: Internal application name, used in URLs. readOnly: true assigned_application_name: type: string description: Application's display Name. readOnly: true assigned_backchannel_application_slug: type: string description: Internal application name, used in URLs. readOnly: true assigned_backchannel_application_name: type: string description: Application's display Name. readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true client_id: type: string readOnly: true internal_host: type: string format: uri external_host: type: string format: uri internal_host_ssl_validation: type: boolean description: Validate SSL Certificates of upstream servers certificate: type: string format: uuid nullable: true skip_path_regex: type: string description: Regular expressions for which authentication is not required. Each new line is interpreted as a new Regular Expression. basic_auth_enabled: type: boolean title: Set HTTP-Basic Authentication description: Set a custom HTTP-Basic Authentication header based on values from authentik. basic_auth_password_attribute: type: string title: HTTP-Basic Password Key description: User/Group Attribute used for the password part of the HTTP-Basic Header. basic_auth_user_attribute: type: string title: HTTP-Basic Username Key description: User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used. mode: allOf: - $ref: '#/components/schemas/ProxyMode' description: |- Enable support for forwardAuth in traefik and nginx auth_request. Exclusive with internal_host. * `proxy` - Proxy * `forward_single` - Forward Single * `forward_domain` - Forward Domain intercept_header_auth: type: boolean description: When enabled, this provider will intercept the authorization header and authenticate requests based on its value. redirect_uris: type: string readOnly: true cookie_domain: type: string jwks_sources: type: array items: type: string format: uuid title: Any JWT signed by the JWK of the selected source can be used to authenticate. title: Any JWT signed by the JWK of the selected source can be used to authenticate. access_token_validity: type: string description: 'Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).' refresh_token_validity: type: string description: 'Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).' outpost_set: type: array items: type: string readOnly: true required: - assigned_application_name - assigned_application_slug - assigned_backchannel_application_name - assigned_backchannel_application_slug - authorization_flow - client_id - component - external_host - meta_model_name - name - outpost_set - pk - redirect_uris - verbose_name - verbose_name_plural ProxyProviderRequest: type: object description: ProxyProvider Serializer properties: name: type: string minLength: 1 authentication_flow: type: string format: uuid nullable: true description: Flow used for authentication when the associated application is accessed by an un-authenticated user. authorization_flow: type: string format: uuid description: Flow used when authorizing this provider. property_mappings: type: array items: type: string format: uuid internal_host: type: string format: uri external_host: type: string minLength: 1 format: uri internal_host_ssl_validation: type: boolean description: Validate SSL Certificates of upstream servers certificate: type: string format: uuid nullable: true skip_path_regex: type: string description: Regular expressions for which authentication is not required. Each new line is interpreted as a new Regular Expression. basic_auth_enabled: type: boolean title: Set HTTP-Basic Authentication description: Set a custom HTTP-Basic Authentication header based on values from authentik. basic_auth_password_attribute: type: string title: HTTP-Basic Password Key description: User/Group Attribute used for the password part of the HTTP-Basic Header. basic_auth_user_attribute: type: string title: HTTP-Basic Username Key description: User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used. mode: allOf: - $ref: '#/components/schemas/ProxyMode' description: |- Enable support for forwardAuth in traefik and nginx auth_request. Exclusive with internal_host. * `proxy` - Proxy * `forward_single` - Forward Single * `forward_domain` - Forward Domain intercept_header_auth: type: boolean description: When enabled, this provider will intercept the authorization header and authenticate requests based on its value. cookie_domain: type: string jwks_sources: type: array items: type: string format: uuid title: Any JWT signed by the JWK of the selected source can be used to authenticate. title: Any JWT signed by the JWK of the selected source can be used to authenticate. access_token_validity: type: string minLength: 1 description: 'Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).' refresh_token_validity: type: string minLength: 1 description: 'Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).' required: - authorization_flow - external_host - name RadiusOutpostConfig: type: object description: RadiusProvider Serializer properties: pk: type: integer readOnly: true title: ID name: type: string application_slug: type: string auth_flow_slug: type: string client_networks: type: string description: List of CIDRs (comma-separated) that clients can connect from. A more specific CIDR will match before a looser one. Clients connecting from a non-specified CIDR will be dropped. shared_secret: type: string description: Shared secret between clients and server to hash packets. mfa_support: type: boolean description: When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. required: - application_slug - auth_flow_slug - name - pk RadiusProvider: type: object description: RadiusProvider Serializer properties: pk: type: integer readOnly: true title: ID name: type: string authentication_flow: type: string format: uuid nullable: true description: Flow used for authentication when the associated application is accessed by an un-authenticated user. authorization_flow: type: string format: uuid description: Flow used when authorizing this provider. property_mappings: type: array items: type: string format: uuid component: type: string description: Get object component so that we know how to edit the object readOnly: true assigned_application_slug: type: string description: Internal application name, used in URLs. readOnly: true assigned_application_name: type: string description: Application's display Name. readOnly: true assigned_backchannel_application_slug: type: string description: Internal application name, used in URLs. readOnly: true assigned_backchannel_application_name: type: string description: Application's display Name. readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true client_networks: type: string description: List of CIDRs (comma-separated) that clients can connect from. A more specific CIDR will match before a looser one. Clients connecting from a non-specified CIDR will be dropped. shared_secret: type: string description: Shared secret between clients and server to hash packets. outpost_set: type: array items: type: string readOnly: true mfa_support: type: boolean description: When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. required: - assigned_application_name - assigned_application_slug - assigned_backchannel_application_name - assigned_backchannel_application_slug - authorization_flow - component - meta_model_name - name - outpost_set - pk - verbose_name - verbose_name_plural RadiusProviderRequest: type: object description: RadiusProvider Serializer properties: name: type: string minLength: 1 authentication_flow: type: string format: uuid nullable: true description: Flow used for authentication when the associated application is accessed by an un-authenticated user. authorization_flow: type: string format: uuid description: Flow used when authorizing this provider. property_mappings: type: array items: type: string format: uuid client_networks: type: string minLength: 1 description: List of CIDRs (comma-separated) that clients can connect from. A more specific CIDR will match before a looser one. Clients connecting from a non-specified CIDR will be dropped. shared_secret: type: string minLength: 1 description: Shared secret between clients and server to hash packets. mfa_support: type: boolean description: When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. required: - authorization_flow - name RedirectChallenge: type: object description: Challenge type to redirect the client properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: xak-flow-redirect response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' to: type: string required: - to - type Reputation: type: object description: Reputation Serializer properties: pk: type: string format: uuid title: Reputation uuid identifier: type: string ip: type: string ip_geo_data: type: object additionalProperties: {} score: type: integer maximum: 9223372036854775807 minimum: -9223372036854775808 format: int64 updated: type: string format: date-time readOnly: true required: - identifier - ip - updated ReputationPolicy: type: object description: Reputation Policy Serializer properties: pk: type: string format: uuid readOnly: true title: Policy uuid name: type: string execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. component: type: string description: Get object component so that we know how to edit the object readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true bound_to: type: integer description: Return objects policy is bound to readOnly: true check_ip: type: boolean check_username: type: boolean threshold: type: integer maximum: 2147483647 minimum: -2147483648 required: - bound_to - component - meta_model_name - name - pk - verbose_name - verbose_name_plural ReputationPolicyRequest: type: object description: Reputation Policy Serializer properties: name: type: string minLength: 1 execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. check_ip: type: boolean check_username: type: boolean threshold: type: integer maximum: 2147483647 minimum: -2147483648 required: - name ResidentKeyRequirementEnum: enum: - discouraged - preferred - required type: string description: |- * `discouraged` - Discouraged * `preferred` - Preferred * `required` - Required Role: type: object description: Role serializer properties: pk: type: string format: uuid readOnly: true title: Uuid name: type: string maxLength: 150 required: - name - pk RoleAssignedObjectPermission: type: object description: Roles assigned object permission serializer properties: role_pk: type: string readOnly: true name: type: string readOnly: true permissions: type: array items: $ref: '#/components/schemas/RoleObjectPermission' required: - name - permissions - role_pk RoleObjectPermission: type: object description: Role-bound object level permission properties: id: type: integer readOnly: true codename: type: string readOnly: true model: type: string title: Python model class name readOnly: true app_label: type: string readOnly: true object_pk: type: string title: Object ID readOnly: true name: type: string readOnly: true required: - app_label - codename - id - model - name - object_pk RoleRequest: type: object description: Role serializer properties: name: type: string minLength: 1 maxLength: 150 required: - name SAMLMetadata: type: object description: SAML Provider Metadata serializer properties: metadata: type: string readOnly: true download_url: type: string readOnly: true required: - download_url - metadata SAMLPropertyMapping: type: object description: SAMLPropertyMapping Serializer properties: pk: type: string format: uuid readOnly: true title: Pm uuid managed: type: string nullable: true title: Managed by authentik description: Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. name: type: string expression: type: string component: type: string description: Get object's component so that we know how to edit the object readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true saml_name: type: string friendly_name: type: string nullable: true required: - component - expression - meta_model_name - name - pk - saml_name - verbose_name - verbose_name_plural SAMLPropertyMappingRequest: type: object description: SAMLPropertyMapping Serializer properties: managed: type: string nullable: true minLength: 1 title: Managed by authentik description: Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. name: type: string minLength: 1 expression: type: string minLength: 1 saml_name: type: string minLength: 1 friendly_name: type: string nullable: true required: - expression - name - saml_name SAMLProvider: type: object description: SAMLProvider Serializer properties: pk: type: integer readOnly: true title: ID name: type: string authentication_flow: type: string format: uuid nullable: true description: Flow used for authentication when the associated application is accessed by an un-authenticated user. authorization_flow: type: string format: uuid description: Flow used when authorizing this provider. property_mappings: type: array items: type: string format: uuid component: type: string description: Get object component so that we know how to edit the object readOnly: true assigned_application_slug: type: string description: Internal application name, used in URLs. readOnly: true assigned_application_name: type: string description: Application's display Name. readOnly: true assigned_backchannel_application_slug: type: string description: Internal application name, used in URLs. readOnly: true assigned_backchannel_application_name: type: string description: Application's display Name. readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true acs_url: type: string format: uri maxLength: 200 audience: type: string description: Value of the audience restriction field of the assertion. When left empty, no audience restriction will be added. issuer: type: string description: Also known as EntityID assertion_valid_not_before: type: string description: 'Assertion valid not before current time + this value (Format: hours=-1;minutes=-2;seconds=-3).' assertion_valid_not_on_or_after: type: string description: 'Assertion not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).' session_valid_not_on_or_after: type: string description: 'Session not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).' name_id_mapping: type: string format: uuid nullable: true title: NameID Property Mapping description: Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be considered digest_algorithm: $ref: '#/components/schemas/DigestAlgorithmEnum' signature_algorithm: $ref: '#/components/schemas/SignatureAlgorithmEnum' signing_kp: type: string format: uuid nullable: true title: Signing Keypair description: Keypair used to sign outgoing Responses going to the Service Provider. verification_kp: type: string format: uuid nullable: true title: Verification Certificate description: When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. sp_binding: allOf: - $ref: '#/components/schemas/SpBindingEnum' title: Service Provider Binding description: |- This determines how authentik sends the response back to the Service Provider. * `redirect` - Redirect * `post` - Post default_relay_state: type: string description: Default relay_state value for IDP-initiated logins url_download_metadata: type: string description: Get metadata download URL readOnly: true url_sso_post: type: string description: Get SSO Post URL readOnly: true url_sso_redirect: type: string description: Get SSO Redirect URL readOnly: true url_sso_init: type: string description: Get SSO IDP-Initiated URL readOnly: true url_slo_post: type: string description: Get SLO POST URL readOnly: true url_slo_redirect: type: string description: Get SLO redirect URL readOnly: true required: - acs_url - assigned_application_name - assigned_application_slug - assigned_backchannel_application_name - assigned_backchannel_application_slug - authorization_flow - component - meta_model_name - name - pk - url_download_metadata - url_slo_post - url_slo_redirect - url_sso_init - url_sso_post - url_sso_redirect - verbose_name - verbose_name_plural SAMLProviderImportRequest: type: object description: Import saml provider from XML Metadata properties: name: type: string minLength: 1 authorization_flow: type: string format: uuid file: type: string format: binary required: - authorization_flow - file - name SAMLProviderRequest: type: object description: SAMLProvider Serializer properties: name: type: string minLength: 1 authentication_flow: type: string format: uuid nullable: true description: Flow used for authentication when the associated application is accessed by an un-authenticated user. authorization_flow: type: string format: uuid description: Flow used when authorizing this provider. property_mappings: type: array items: type: string format: uuid acs_url: type: string format: uri minLength: 1 maxLength: 200 audience: type: string description: Value of the audience restriction field of the assertion. When left empty, no audience restriction will be added. issuer: type: string minLength: 1 description: Also known as EntityID assertion_valid_not_before: type: string minLength: 1 description: 'Assertion valid not before current time + this value (Format: hours=-1;minutes=-2;seconds=-3).' assertion_valid_not_on_or_after: type: string minLength: 1 description: 'Assertion not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).' session_valid_not_on_or_after: type: string minLength: 1 description: 'Session not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).' name_id_mapping: type: string format: uuid nullable: true title: NameID Property Mapping description: Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be considered digest_algorithm: $ref: '#/components/schemas/DigestAlgorithmEnum' signature_algorithm: $ref: '#/components/schemas/SignatureAlgorithmEnum' signing_kp: type: string format: uuid nullable: true title: Signing Keypair description: Keypair used to sign outgoing Responses going to the Service Provider. verification_kp: type: string format: uuid nullable: true title: Verification Certificate description: When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. sp_binding: allOf: - $ref: '#/components/schemas/SpBindingEnum' title: Service Provider Binding description: |- This determines how authentik sends the response back to the Service Provider. * `redirect` - Redirect * `post` - Post default_relay_state: type: string description: Default relay_state value for IDP-initiated logins required: - acs_url - authorization_flow - name SAMLSource: type: object description: SAMLSource Serializer properties: pk: type: string format: uuid readOnly: true title: Pbm uuid name: type: string description: Source's display Name. slug: type: string description: Internal source name, used in URLs. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ enabled: type: boolean authentication_flow: type: string format: uuid nullable: true description: Flow to use when authenticating existing users. enrollment_flow: type: string format: uuid nullable: true description: Flow to use when enrolling new users. component: type: string description: Get object component so that we know how to edit the object readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' user_matching_mode: allOf: - $ref: '#/components/schemas/UserMatchingModeEnum' description: |- How the source determines if an existing user should be authenticated or a new user enrolled. * `identifier` - Use the source-specific identifier * `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses. * `email_deny` - Use the user's email address, but deny enrollment when the email address already exists. * `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source. * `username_deny` - Use the user's username, but deny enrollment when the username already exists. managed: type: string nullable: true title: Managed by authentik description: Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. readOnly: true user_path_template: type: string icon: type: string nullable: true description: |- Get the URL to the Icon. If the name is /static or starts with http it is returned as-is readOnly: true pre_authentication_flow: type: string format: uuid description: Flow used before authentication. issuer: type: string description: Also known as Entity ID. Defaults the Metadata URL. sso_url: type: string format: uri description: URL that the initial Login request is sent to. maxLength: 200 slo_url: type: string format: uri nullable: true description: Optional URL if your IDP supports Single-Logout. maxLength: 200 allow_idp_initiated: type: boolean description: Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done. name_id_policy: allOf: - $ref: '#/components/schemas/NameIdPolicyEnum' description: |- NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent. * `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress` - Email * `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent` - Persistent * `urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName` - X509 * `urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName` - Windows * `urn:oasis:names:tc:SAML:2.0:nameid-format:transient` - Transient binding_type: $ref: '#/components/schemas/BindingTypeEnum' verification_kp: type: string format: uuid nullable: true title: Verification Certificate description: When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. signing_kp: type: string format: uuid nullable: true title: Signing Keypair description: Keypair used to sign outgoing Responses going to the Identity Provider. digest_algorithm: $ref: '#/components/schemas/DigestAlgorithmEnum' signature_algorithm: $ref: '#/components/schemas/SignatureAlgorithmEnum' temporary_user_delete_after: type: string title: Delete temporary users after description: 'Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format ''transient'', and the user doesn''t log out manually. (Format: hours=1;minutes=2;seconds=3).' required: - component - icon - managed - meta_model_name - name - pk - pre_authentication_flow - slug - sso_url - verbose_name - verbose_name_plural SAMLSourceRequest: type: object description: SAMLSource Serializer properties: name: type: string minLength: 1 description: Source's display Name. slug: type: string minLength: 1 description: Internal source name, used in URLs. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ enabled: type: boolean authentication_flow: type: string format: uuid nullable: true description: Flow to use when authenticating existing users. enrollment_flow: type: string format: uuid nullable: true description: Flow to use when enrolling new users. policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' user_matching_mode: allOf: - $ref: '#/components/schemas/UserMatchingModeEnum' description: |- How the source determines if an existing user should be authenticated or a new user enrolled. * `identifier` - Use the source-specific identifier * `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses. * `email_deny` - Use the user's email address, but deny enrollment when the email address already exists. * `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source. * `username_deny` - Use the user's username, but deny enrollment when the username already exists. user_path_template: type: string minLength: 1 pre_authentication_flow: type: string format: uuid description: Flow used before authentication. issuer: type: string description: Also known as Entity ID. Defaults the Metadata URL. sso_url: type: string format: uri minLength: 1 description: URL that the initial Login request is sent to. maxLength: 200 slo_url: type: string format: uri nullable: true description: Optional URL if your IDP supports Single-Logout. maxLength: 200 allow_idp_initiated: type: boolean description: Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done. name_id_policy: allOf: - $ref: '#/components/schemas/NameIdPolicyEnum' description: |- NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent. * `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress` - Email * `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent` - Persistent * `urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName` - X509 * `urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName` - Windows * `urn:oasis:names:tc:SAML:2.0:nameid-format:transient` - Transient binding_type: $ref: '#/components/schemas/BindingTypeEnum' verification_kp: type: string format: uuid nullable: true title: Verification Certificate description: When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. signing_kp: type: string format: uuid nullable: true title: Signing Keypair description: Keypair used to sign outgoing Responses going to the Identity Provider. digest_algorithm: $ref: '#/components/schemas/DigestAlgorithmEnum' signature_algorithm: $ref: '#/components/schemas/SignatureAlgorithmEnum' temporary_user_delete_after: type: string minLength: 1 title: Delete temporary users after description: 'Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format ''transient'', and the user doesn''t log out manually. (Format: hours=1;minutes=2;seconds=3).' required: - name - pre_authentication_flow - slug - sso_url SCIMMapping: type: object description: SCIMMapping Serializer properties: pk: type: string format: uuid readOnly: true title: Pm uuid managed: type: string nullable: true title: Managed by authentik description: Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. name: type: string expression: type: string component: type: string description: Get object's component so that we know how to edit the object readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true required: - component - expression - meta_model_name - name - pk - verbose_name - verbose_name_plural SCIMMappingRequest: type: object description: SCIMMapping Serializer properties: managed: type: string nullable: true minLength: 1 title: Managed by authentik description: Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. name: type: string minLength: 1 expression: type: string minLength: 1 required: - expression - name SCIMProvider: type: object description: SCIMProvider Serializer properties: pk: type: integer readOnly: true title: ID name: type: string property_mappings: type: array items: type: string format: uuid property_mappings_group: type: array items: type: string format: uuid description: Property mappings used for group creation/updating. component: type: string description: Get object component so that we know how to edit the object readOnly: true assigned_backchannel_application_slug: type: string description: Internal application name, used in URLs. readOnly: true assigned_backchannel_application_name: type: string description: Application's display Name. readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true url: type: string description: Base URL to SCIM requests, usually ends in /v2 token: type: string description: Authentication token exclude_users_service_account: type: boolean filter_group: type: string format: uuid nullable: true required: - assigned_backchannel_application_name - assigned_backchannel_application_slug - component - meta_model_name - name - pk - token - url - verbose_name - verbose_name_plural SCIMProviderRequest: type: object description: SCIMProvider Serializer properties: name: type: string minLength: 1 property_mappings: type: array items: type: string format: uuid property_mappings_group: type: array items: type: string format: uuid description: Property mappings used for group creation/updating. url: type: string minLength: 1 description: Base URL to SCIM requests, usually ends in /v2 token: type: string minLength: 1 description: Authentication token exclude_users_service_account: type: boolean filter_group: type: string format: uuid nullable: true required: - name - token - url SMSDevice: type: object description: Serializer for sms authenticator devices properties: name: type: string description: The human-readable name of this device. maxLength: 64 pk: type: integer readOnly: true title: ID phone_number: type: string readOnly: true required: - name - phone_number - pk SMSDeviceRequest: type: object description: Serializer for sms authenticator devices properties: name: type: string minLength: 1 description: The human-readable name of this device. maxLength: 64 required: - name ScopeMapping: type: object description: ScopeMapping Serializer properties: pk: type: string format: uuid readOnly: true title: Pm uuid managed: type: string nullable: true title: Managed by authentik description: Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. name: type: string expression: type: string component: type: string description: Get object's component so that we know how to edit the object readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true scope_name: type: string description: Scope name requested by the client description: type: string description: Description shown to the user when consenting. If left empty, the user won't be informed. required: - component - expression - meta_model_name - name - pk - scope_name - verbose_name - verbose_name_plural ScopeMappingRequest: type: object description: ScopeMapping Serializer properties: managed: type: string nullable: true minLength: 1 title: Managed by authentik description: Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. name: type: string minLength: 1 expression: type: string minLength: 1 scope_name: type: string minLength: 1 description: Scope name requested by the client description: type: string description: Description shown to the user when consenting. If left empty, the user won't be informed. required: - expression - name - scope_name SelectableStage: type: object description: Serializer for stages which can be selected by users properties: pk: type: string format: uuid name: type: string verbose_name: type: string meta_model_name: type: string required: - meta_model_name - name - pk - verbose_name ServiceConnection: type: object description: ServiceConnection Serializer properties: pk: type: string format: uuid readOnly: true title: Uuid name: type: string local: type: boolean description: If enabled, use the local connection. Required Docker socket/Kubernetes Integration component: type: string description: Return component used to edit this object readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true required: - component - meta_model_name - name - pk - verbose_name - verbose_name_plural ServiceConnectionRequest: type: object description: ServiceConnection Serializer properties: name: type: string minLength: 1 local: type: boolean description: If enabled, use the local connection. Required Docker socket/Kubernetes Integration required: - name ServiceConnectionState: type: object description: Serializer for Service connection state properties: healthy: type: boolean readOnly: true version: type: string readOnly: true required: - healthy - version SessionUser: type: object description: |- Response for the /user/me endpoint, returns the currently active user (as `user` property) and, if this user is being impersonated, the original user in the `original` property. properties: user: $ref: '#/components/schemas/UserSelf' original: $ref: '#/components/schemas/UserSelf' required: - user Settings: type: object description: Settings Serializer properties: avatars: type: string description: Configure how authentik should show avatars for users. default_user_change_name: type: boolean description: Enable the ability for users to change their name. default_user_change_email: type: boolean description: Enable the ability for users to change their email address. default_user_change_username: type: boolean description: Enable the ability for users to change their username. gdpr_compliance: type: boolean description: When enabled, all the events caused by a user will be deleted upon the user's deletion. impersonation: type: boolean description: Globally enable/disable impersonation. footer_links: type: object additionalProperties: {} description: The option configures the footer links on the flow executor pages. SettingsRequest: type: object description: Settings Serializer properties: avatars: type: string minLength: 1 description: Configure how authentik should show avatars for users. default_user_change_name: type: boolean description: Enable the ability for users to change their name. default_user_change_email: type: boolean description: Enable the ability for users to change their email address. default_user_change_username: type: boolean description: Enable the ability for users to change their username. gdpr_compliance: type: boolean description: When enabled, all the events caused by a user will be deleted upon the user's deletion. impersonation: type: boolean description: Globally enable/disable impersonation. footer_links: type: object additionalProperties: {} description: The option configures the footer links on the flow executor pages. SeverityEnum: enum: - notice - warning - alert type: string description: |- * `notice` - Notice * `warning` - Warning * `alert` - Alert ShellChallenge: type: object description: challenge type to render HTML as-is properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: xak-flow-shell response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' body: type: string required: - body - type SignatureAlgorithmEnum: enum: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - http://www.w3.org/2000/09/xmldsig#dsa-sha1 type: string description: |- * `http://www.w3.org/2000/09/xmldsig#rsa-sha1` - RSA-SHA1 * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256` - RSA-SHA256 * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384` - RSA-SHA384 * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512` - RSA-SHA512 * `http://www.w3.org/2000/09/xmldsig#dsa-sha1` - DSA-SHA1 Source: type: object description: Source Serializer properties: pk: type: string format: uuid readOnly: true title: Pbm uuid name: type: string description: Source's display Name. slug: type: string description: Internal source name, used in URLs. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ enabled: type: boolean authentication_flow: type: string format: uuid nullable: true description: Flow to use when authenticating existing users. enrollment_flow: type: string format: uuid nullable: true description: Flow to use when enrolling new users. component: type: string description: Get object component so that we know how to edit the object readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' user_matching_mode: allOf: - $ref: '#/components/schemas/UserMatchingModeEnum' description: |- How the source determines if an existing user should be authenticated or a new user enrolled. * `identifier` - Use the source-specific identifier * `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses. * `email_deny` - Use the user's email address, but deny enrollment when the email address already exists. * `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source. * `username_deny` - Use the user's username, but deny enrollment when the username already exists. managed: type: string nullable: true title: Managed by authentik description: Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. readOnly: true user_path_template: type: string icon: type: string nullable: true description: |- Get the URL to the Icon. If the name is /static or starts with http it is returned as-is readOnly: true required: - component - icon - managed - meta_model_name - name - pk - slug - verbose_name - verbose_name_plural SourceRequest: type: object description: Source Serializer properties: name: type: string minLength: 1 description: Source's display Name. slug: type: string minLength: 1 description: Internal source name, used in URLs. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ enabled: type: boolean authentication_flow: type: string format: uuid nullable: true description: Flow to use when authenticating existing users. enrollment_flow: type: string format: uuid nullable: true description: Flow to use when enrolling new users. policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' user_matching_mode: allOf: - $ref: '#/components/schemas/UserMatchingModeEnum' description: |- How the source determines if an existing user should be authenticated or a new user enrolled. * `identifier` - Use the source-specific identifier * `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses. * `email_deny` - Use the user's email address, but deny enrollment when the email address already exists. * `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source. * `username_deny` - Use the user's username, but deny enrollment when the username already exists. user_path_template: type: string minLength: 1 required: - name - slug SourceType: type: object description: Serializer for SourceType properties: name: type: string slug: type: string urls_customizable: type: boolean request_token_url: type: string readOnly: true nullable: true authorization_url: type: string readOnly: true nullable: true access_token_url: type: string readOnly: true nullable: true profile_url: type: string readOnly: true nullable: true oidc_well_known_url: type: string readOnly: true nullable: true oidc_jwks_url: type: string readOnly: true nullable: true required: - access_token_url - authorization_url - name - oidc_jwks_url - oidc_well_known_url - profile_url - request_token_url - slug - urls_customizable SpBindingEnum: enum: - redirect - post type: string description: |- * `redirect` - Redirect * `post` - Post Stage: type: object description: Stage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string description: Get object type so that we know how to edit the object readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true flow_set: type: array items: $ref: '#/components/schemas/FlowSet' required: - component - meta_model_name - name - pk - verbose_name - verbose_name_plural StagePrompt: type: object description: Serializer for a single Prompt field properties: field_key: type: string label: type: string type: $ref: '#/components/schemas/PromptTypeEnum' required: type: boolean placeholder: type: string initial_value: type: string order: type: integer sub_text: type: string choices: type: array items: type: string nullable: true required: - choices - field_key - initial_value - label - order - placeholder - required - sub_text - type StageRequest: type: object description: Stage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' required: - name StaticDevice: type: object description: Serializer for static authenticator devices properties: name: type: string description: The human-readable name of this device. maxLength: 64 token_set: type: array items: $ref: '#/components/schemas/StaticDeviceToken' readOnly: true pk: type: integer readOnly: true title: ID required: - name - pk - token_set StaticDeviceRequest: type: object description: Serializer for static authenticator devices properties: name: type: string minLength: 1 description: The human-readable name of this device. maxLength: 64 required: - name StaticDeviceToken: type: object description: Serializer for static device's tokens properties: token: type: string maxLength: 16 required: - token StaticDeviceTokenRequest: type: object description: Serializer for static device's tokens properties: token: type: string minLength: 1 maxLength: 16 required: - token SubModeEnum: enum: - hashed_user_id - user_id - user_uuid - user_username - user_email - user_upn type: string description: |- * `hashed_user_id` - Based on the Hashed User ID * `user_id` - Based on user ID * `user_uuid` - Based on user UUID * `user_username` - Based on the username * `user_email` - Based on the User's Email. This is recommended over the UPN method. * `user_upn` - Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains. SystemInfo: type: object description: Get system information. properties: http_headers: type: object additionalProperties: type: string description: Get HTTP Request headers readOnly: true http_host: type: string description: Get HTTP host readOnly: true http_is_secure: type: boolean description: Get HTTP Secure flag readOnly: true runtime: type: object description: Get versions properties: python_version: type: string gunicorn_version: type: string environment: type: string architecture: type: string platform: type: string uname: type: string required: - architecture - environment - gunicorn_version - platform - python_version - uname readOnly: true brand: type: string description: Currently active brand readOnly: true server_time: type: string format: date-time description: Current server time readOnly: true embedded_outpost_host: type: string description: Get the FQDN configured on the embedded outpost readOnly: true required: - brand - embedded_outpost_host - http_headers - http_host - http_is_secure - runtime - server_time TOTPDevice: type: object description: Serializer for totp authenticator devices properties: name: type: string description: The human-readable name of this device. maxLength: 64 pk: type: integer readOnly: true title: ID required: - name - pk TOTPDeviceRequest: type: object description: Serializer for totp authenticator devices properties: name: type: string minLength: 1 description: The human-readable name of this device. maxLength: 64 required: - name Task: type: object description: Serialize TaskInfo and TaskResult properties: task_name: type: string task_description: type: string task_finish_timestamp: type: string format: date-time task_duration: type: integer description: Get the duration a task took to run readOnly: true status: $ref: '#/components/schemas/TaskStatusEnum' messages: type: array items: {} required: - messages - status - task_description - task_duration - task_finish_timestamp - task_name TaskStatusEnum: enum: - SUCCESSFUL - WARNING - ERROR - UNKNOWN type: string description: |- * `SUCCESSFUL` - SUCCESSFUL * `WARNING` - WARNING * `ERROR` - ERROR * `UNKNOWN` - UNKNOWN Tenant: type: object description: Tenant Serializer properties: tenant_uuid: type: string format: uuid readOnly: true schema_name: type: string maxLength: 63 name: type: string ready: type: boolean required: - name - schema_name - tenant_uuid TenantRequest: type: object description: Tenant Serializer properties: schema_name: type: string minLength: 1 maxLength: 63 name: type: string minLength: 1 ready: type: boolean required: - name - schema_name Token: type: object description: Token Serializer properties: pk: type: string format: uuid readOnly: true title: Token uuid managed: type: string nullable: true title: Managed by authentik description: Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. identifier: type: string maxLength: 255 pattern: ^[-a-zA-Z0-9_]+$ intent: $ref: '#/components/schemas/IntentEnum' user: type: integer user_obj: allOf: - $ref: '#/components/schemas/User' readOnly: true description: type: string expires: type: string format: date-time expiring: type: boolean required: - identifier - pk - user_obj TokenModel: type: object description: Serializer for BaseGrantModel and RefreshToken properties: pk: type: integer readOnly: true title: ID provider: $ref: '#/components/schemas/OAuth2Provider' user: $ref: '#/components/schemas/User' is_expired: type: boolean description: Check if token is expired yet. readOnly: true expires: type: string format: date-time scope: type: array items: type: string id_token: type: string description: Get the token's id_token as JSON String readOnly: true revoked: type: boolean required: - id_token - is_expired - pk - provider - scope - user TokenRequest: type: object description: Token Serializer properties: managed: type: string nullable: true minLength: 1 title: Managed by authentik description: Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. identifier: type: string minLength: 1 maxLength: 255 pattern: ^[-a-zA-Z0-9_]+$ intent: $ref: '#/components/schemas/IntentEnum' user: type: integer description: type: string expires: type: string format: date-time expiring: type: boolean required: - identifier TokenSetKeyRequest: type: object properties: key: type: string minLength: 1 required: - key TokenView: type: object description: Show token's current key properties: key: type: string readOnly: true required: - key TransactionApplicationRequest: type: object description: Serializer for creating a provider and an application in one transaction properties: app: $ref: '#/components/schemas/ApplicationRequest' provider_model: $ref: '#/components/schemas/ProviderModelEnum' provider: $ref: '#/components/schemas/modelRequest' required: - app - provider - provider_model TransactionApplicationResponse: type: object description: Transactional creation response properties: applied: type: boolean logs: type: array items: type: string required: - applied - logs TypeCreate: type: object description: Types of an object that can be created properties: name: type: string description: type: string component: type: string model_name: type: string required: - component - description - model_name - name UiThemeEnum: enum: - automatic - light - dark type: string description: |- * `automatic` - Automatic * `light` - Light * `dark` - Dark UsedBy: type: object description: A list of all objects referencing the queried object properties: app: type: string model_name: type: string pk: type: string name: type: string action: $ref: '#/components/schemas/UsedByActionEnum' required: - action - app - model_name - name - pk UsedByActionEnum: enum: - CASCADE - CASCADE_MANY - SET_NULL - SET_DEFAULT type: string description: |- * `CASCADE` - CASCADE * `CASCADE_MANY` - CASCADE_MANY * `SET_NULL` - SET_NULL * `SET_DEFAULT` - SET_DEFAULT User: type: object description: User Serializer properties: pk: type: integer readOnly: true title: ID username: type: string maxLength: 150 name: type: string description: User's display name. is_active: type: boolean title: Active description: Designates whether this user should be treated as active. Unselect this instead of deleting accounts. last_login: type: string format: date-time nullable: true is_superuser: type: boolean readOnly: true groups: type: array items: type: string format: uuid groups_obj: type: array items: $ref: '#/components/schemas/UserGroup' readOnly: true email: type: string format: email title: Email address maxLength: 254 avatar: type: string readOnly: true attributes: type: object additionalProperties: {} uid: type: string readOnly: true path: type: string type: $ref: '#/components/schemas/UserTypeEnum' uuid: type: string format: uuid readOnly: true required: - avatar - groups_obj - is_superuser - name - pk - uid - username - uuid UserAccountRequest: type: object description: Account adding/removing operations properties: pk: type: integer required: - pk UserAssignedObjectPermission: type: object description: Users assigned object permission serializer properties: pk: type: integer readOnly: true title: ID username: type: string description: Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only. pattern: ^[\w.@+-]+$ maxLength: 150 name: type: string description: User's display name. is_active: type: boolean title: Active description: Designates whether this user should be treated as active. Unselect this instead of deleting accounts. last_login: type: string format: date-time nullable: true email: type: string format: email title: Email address maxLength: 254 attributes: type: object additionalProperties: {} uid: type: string readOnly: true permissions: type: array items: $ref: '#/components/schemas/UserObjectPermission' is_superuser: type: boolean required: - is_superuser - name - permissions - pk - uid - username UserConsent: type: object description: UserConsent Serializer properties: pk: type: integer readOnly: true title: ID expires: type: string format: date-time user: $ref: '#/components/schemas/User' application: $ref: '#/components/schemas/Application' permissions: type: string default: '' required: - application - pk - user UserCreationModeEnum: enum: - never_create - create_when_required - always_create type: string description: |- * `never_create` - Never Create * `create_when_required` - Create When Required * `always_create` - Always Create UserDeleteStage: type: object description: UserDeleteStage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string description: Get object type so that we know how to edit the object readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true flow_set: type: array items: $ref: '#/components/schemas/FlowSet' required: - component - meta_model_name - name - pk - verbose_name - verbose_name_plural UserDeleteStageRequest: type: object description: UserDeleteStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' required: - name UserFieldsEnum: enum: - email - username - upn type: string description: |- * `email` - E Mail * `username` - Username * `upn` - Upn UserGroup: type: object description: Simplified Group Serializer for user's groups properties: pk: type: string format: uuid readOnly: true title: Group uuid num_pk: type: integer description: Get a numerical, int32 ID for the group readOnly: true name: type: string maxLength: 80 is_superuser: type: boolean description: Users added to this group will be superusers. parent: type: string format: uuid nullable: true parent_name: type: string readOnly: true attributes: type: object additionalProperties: {} required: - name - num_pk - parent_name - pk UserGroupRequest: type: object description: Simplified Group Serializer for user's groups properties: name: type: string minLength: 1 maxLength: 80 is_superuser: type: boolean description: Users added to this group will be superusers. parent: type: string format: uuid nullable: true attributes: type: object additionalProperties: {} required: - name UserLoginChallenge: type: object description: Empty challenge properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: ak-stage-user-login response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' pending_user: type: string pending_user_avatar: type: string required: - pending_user - pending_user_avatar - type UserLoginChallengeResponseRequest: type: object description: User login challenge properties: component: type: string minLength: 1 default: ak-stage-user-login remember_me: type: boolean required: - remember_me UserLoginStage: type: object description: UserLoginStage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string description: Get object type so that we know how to edit the object readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true flow_set: type: array items: $ref: '#/components/schemas/FlowSet' session_duration: type: string description: 'Determines how long a session lasts. Default of 0 means that the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)' terminate_other_sessions: type: boolean description: Terminate all other sessions of the user logging in. remember_me_offset: type: string description: 'Offset the session will be extended by when the user picks the remember me option. Default of 0 means that the remember me option will not be shown. (Format: hours=-1;minutes=-2;seconds=-3)' required: - component - meta_model_name - name - pk - verbose_name - verbose_name_plural UserLoginStageRequest: type: object description: UserLoginStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' session_duration: type: string minLength: 1 description: 'Determines how long a session lasts. Default of 0 means that the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)' terminate_other_sessions: type: boolean description: Terminate all other sessions of the user logging in. remember_me_offset: type: string minLength: 1 description: 'Offset the session will be extended by when the user picks the remember me option. Default of 0 means that the remember me option will not be shown. (Format: hours=-1;minutes=-2;seconds=-3)' required: - name UserLogoutStage: type: object description: UserLogoutStage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string description: Get object type so that we know how to edit the object readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true flow_set: type: array items: $ref: '#/components/schemas/FlowSet' required: - component - meta_model_name - name - pk - verbose_name - verbose_name_plural UserLogoutStageRequest: type: object description: UserLogoutStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' required: - name UserMatchingModeEnum: enum: - identifier - email_link - email_deny - username_link - username_deny type: string description: |- * `identifier` - Use the source-specific identifier * `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses. * `email_deny` - Use the user's email address, but deny enrollment when the email address already exists. * `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source. * `username_deny` - Use the user's username, but deny enrollment when the username already exists. UserMetrics: type: object description: User Metrics properties: logins: type: array items: $ref: '#/components/schemas/Coordinate' readOnly: true logins_failed: type: array items: $ref: '#/components/schemas/Coordinate' readOnly: true authorizations: type: array items: $ref: '#/components/schemas/Coordinate' readOnly: true required: - authorizations - logins - logins_failed UserOAuthSourceConnection: type: object description: OAuth Source Serializer properties: pk: type: integer readOnly: true title: ID user: type: integer source: allOf: - $ref: '#/components/schemas/Source' readOnly: true identifier: type: string maxLength: 255 required: - identifier - pk - source - user UserOAuthSourceConnectionRequest: type: object description: OAuth Source Serializer properties: user: type: integer identifier: type: string minLength: 1 maxLength: 255 access_token: type: string writeOnly: true nullable: true required: - identifier - user UserObjectPermission: type: object description: User-bound object level permission properties: id: type: integer readOnly: true codename: type: string readOnly: true model: type: string title: Python model class name readOnly: true app_label: type: string readOnly: true object_pk: type: string title: Object ID readOnly: true name: type: string readOnly: true required: - app_label - codename - id - model - name - object_pk UserPasswordSetRequest: type: object properties: password: type: string minLength: 1 required: - password UserPath: type: object properties: paths: type: array items: type: string readOnly: true required: - paths UserRequest: type: object description: User Serializer properties: username: type: string minLength: 1 maxLength: 150 name: type: string description: User's display name. is_active: type: boolean title: Active description: Designates whether this user should be treated as active. Unselect this instead of deleting accounts. last_login: type: string format: date-time nullable: true groups: type: array items: type: string format: uuid email: type: string format: email title: Email address maxLength: 254 attributes: type: object additionalProperties: {} path: type: string minLength: 1 type: $ref: '#/components/schemas/UserTypeEnum' required: - name - username UserSAMLSourceConnection: type: object description: SAML Source Serializer properties: pk: type: integer readOnly: true title: ID user: type: integer source: allOf: - $ref: '#/components/schemas/Source' readOnly: true identifier: type: string required: - identifier - pk - source - user UserSAMLSourceConnectionRequest: type: object description: SAML Source Serializer properties: user: type: integer identifier: type: string minLength: 1 required: - identifier - user UserSelf: type: object description: User Serializer for information a user can retrieve about themselves properties: pk: type: integer readOnly: true title: ID username: type: string description: Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only. pattern: ^[\w.@+-]+$ maxLength: 150 name: type: string description: User's display name. is_active: type: boolean readOnly: true title: Active description: Designates whether this user should be treated as active. Unselect this instead of deleting accounts. is_superuser: type: boolean readOnly: true groups: type: array items: $ref: '#/components/schemas/UserSelfGroups' readOnly: true email: type: string format: email title: Email address maxLength: 254 avatar: type: string readOnly: true uid: type: string readOnly: true settings: type: object additionalProperties: {} description: Get user settings with brand and group settings applied readOnly: true type: $ref: '#/components/schemas/UserTypeEnum' system_permissions: type: array items: type: string description: Get all system permissions assigned to the user readOnly: true required: - avatar - groups - is_active - is_superuser - name - pk - settings - system_permissions - uid - username UserSelfGroups: type: object properties: name: type: string readOnly: true pk: type: string readOnly: true required: - name - pk UserServiceAccountRequest: type: object properties: name: type: string minLength: 1 create_group: type: boolean default: false expiring: type: boolean default: true expires: type: string format: date-time description: If not provided, valid for 360 days required: - name UserServiceAccountResponse: type: object properties: username: type: string token: type: string user_uid: type: string user_pk: type: integer group_pk: type: string required: - token - user_pk - user_uid - username UserSetting: type: object description: Serializer for User settings for stages and sources properties: object_uid: type: string component: type: string title: type: string configure_url: type: string icon_url: type: string required: - component - object_uid - title UserSourceConnection: type: object description: OAuth Source Serializer properties: pk: type: integer readOnly: true title: ID user: type: integer readOnly: true source: allOf: - $ref: '#/components/schemas/Source' readOnly: true created: type: string format: date-time readOnly: true required: - created - pk - source - user UserTypeEnum: enum: - internal - external - service_account - internal_service_account type: string description: |- * `internal` - Internal * `external` - External * `service_account` - Service Account * `internal_service_account` - Internal Service Account UserVerificationEnum: enum: - required - preferred - discouraged type: string description: |- * `required` - Required * `preferred` - Preferred * `discouraged` - Discouraged UserWriteStage: type: object description: UserWriteStage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string description: Get object type so that we know how to edit the object readOnly: true verbose_name: type: string description: Return object's verbose_name readOnly: true verbose_name_plural: type: string description: Return object's plural verbose_name readOnly: true meta_model_name: type: string description: Return internal model name readOnly: true flow_set: type: array items: $ref: '#/components/schemas/FlowSet' user_creation_mode: $ref: '#/components/schemas/UserCreationModeEnum' create_users_as_inactive: type: boolean description: When set, newly created users are inactive and cannot login. create_users_group: type: string format: uuid nullable: true description: Optionally add newly created users to this group. user_type: $ref: '#/components/schemas/UserTypeEnum' user_path_template: type: string required: - component - meta_model_name - name - pk - verbose_name - verbose_name_plural UserWriteStageRequest: type: object description: UserWriteStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowSetRequest' user_creation_mode: $ref: '#/components/schemas/UserCreationModeEnum' create_users_as_inactive: type: boolean description: When set, newly created users are inactive and cannot login. create_users_group: type: string format: uuid nullable: true description: Optionally add newly created users to this group. user_type: $ref: '#/components/schemas/UserTypeEnum' user_path_template: type: string required: - name ValidationError: type: object description: Validation Error properties: non_field_errors: type: array items: type: string code: type: string additionalProperties: {} Version: type: object description: Get running and latest version. properties: version_current: type: string description: Get current version readOnly: true version_latest: type: string description: Get latest version from cache readOnly: true build_hash: type: string description: Get build hash, if version is not latest or released readOnly: true outdated: type: boolean description: Check if we're running the latest version readOnly: true required: - build_hash - outdated - version_current - version_latest WebAuthnDevice: type: object description: Serializer for WebAuthn authenticator devices properties: pk: type: integer readOnly: true title: ID name: type: string maxLength: 200 created_on: type: string format: date-time readOnly: true required: - created_on - name - pk WebAuthnDeviceRequest: type: object description: Serializer for WebAuthn authenticator devices properties: name: type: string minLength: 1 maxLength: 200 required: - name Workers: type: object properties: count: type: integer required: - count modelRequest: oneOf: - $ref: '#/components/schemas/LDAPProviderRequest' - $ref: '#/components/schemas/OAuth2ProviderRequest' - $ref: '#/components/schemas/ProxyProviderRequest' - $ref: '#/components/schemas/RadiusProviderRequest' - $ref: '#/components/schemas/SAMLProviderRequest' - $ref: '#/components/schemas/SCIMProviderRequest' discriminator: propertyName: provider_model mapping: authentik_providers_ldap.ldapprovider: '#/components/schemas/LDAPProviderRequest' authentik_providers_oauth2.oauth2provider: '#/components/schemas/OAuth2ProviderRequest' authentik_providers_proxy.proxyprovider: '#/components/schemas/ProxyProviderRequest' authentik_providers_radius.radiusprovider: '#/components/schemas/RadiusProviderRequest' authentik_providers_saml.samlprovider: '#/components/schemas/SAMLProviderRequest' authentik_providers_scim.scimprovider: '#/components/schemas/SCIMProviderRequest' securitySchemes: authentik: type: apiKey in: header name: Authorization scheme: bearer servers: - url: /api/v3/