This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/schema.yml

44039 lines
1.2 MiB

openapi: 3.0.3
info:
title: authentik
version: 2023.10.5
description: Making authentication simple.
contact:
email: hello@goauthentik.io
license:
name: MIT
url: https://github.com/goauthentik/authentik/blob/main/LICENSE
paths:
/admin/apps/:
get:
operationId: admin_apps_list
description: Read-only view list all installed apps
tags:
- admin
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/App'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/admin/metrics/:
get:
operationId: admin_metrics_retrieve
description: Login Metrics per 1h
tags:
- admin
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/LoginMetrics'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/admin/models/:
get:
operationId: admin_models_list
description: Read-only view list all installed models
tags:
- admin
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/App'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/admin/system/:
get:
operationId: admin_system_retrieve
description: Get system information.
tags:
- admin
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SystemInfo'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: admin_system_create
description: Get system information.
tags:
- admin
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SystemInfo'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/admin/system_tasks/:
get:
operationId: admin_system_tasks_list
description: List system tasks
tags:
- admin
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/Task'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/admin/system_tasks/{id}/:
get:
operationId: admin_system_tasks_retrieve
description: Get a single system task
parameters:
- in: path
name: id
schema:
type: string
required: true
tags:
- admin
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Task'
description: ''
'404':
description: Task not found
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/admin/system_tasks/{id}/retry/:
post:
operationId: admin_system_tasks_retry_create
description: Retry task
parameters:
- in: path
name: id
schema:
type: string
required: true
tags:
- admin
security:
- authentik: []
responses:
'204':
description: Task retried successfully
'404':
description: Task not found
'500':
description: Failed to retry task
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/admin/version/:
get:
operationId: admin_version_retrieve
description: Get running and latest version.
tags:
- admin
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Version'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/admin/workers/:
get:
operationId: admin_workers_retrieve
description: Get currently connected worker count.
tags:
- admin
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Workers'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/authenticators/admin/all/:
get:
operationId: authenticators_admin_all_list
description: Get all devices for current user
parameters:
- in: query
name: user
schema:
type: integer
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/Device'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/authenticators/admin/duo/:
get:
operationId: authenticators_admin_duo_list
description: Viewset for Duo authenticator devices (for admins)
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedDuoDeviceList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: authenticators_admin_duo_create
description: Viewset for Duo authenticator devices (for admins)
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DuoDeviceRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/DuoDevice'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/authenticators/admin/duo/{id}/:
get:
operationId: authenticators_admin_duo_retrieve
description: Viewset for Duo authenticator devices (for admins)
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Duo Device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DuoDevice'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: authenticators_admin_duo_update
description: Viewset for Duo authenticator devices (for admins)
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Duo Device.
required: true
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DuoDeviceRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DuoDevice'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: authenticators_admin_duo_partial_update
description: Viewset for Duo authenticator devices (for admins)
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Duo Device.
required: true
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedDuoDeviceRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DuoDevice'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: authenticators_admin_duo_destroy
description: Viewset for Duo authenticator devices (for admins)
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Duo Device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/authenticators/admin/sms/:
get:
operationId: authenticators_admin_sms_list
description: Viewset for sms authenticator devices (for admins)
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedSMSDeviceList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: authenticators_admin_sms_create
description: Viewset for sms authenticator devices (for admins)
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/SMSDeviceRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/SMSDevice'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/authenticators/admin/sms/{id}/:
get:
operationId: authenticators_admin_sms_retrieve
description: Viewset for sms authenticator devices (for admins)
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this SMS Device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SMSDevice'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: authenticators_admin_sms_update
description: Viewset for sms authenticator devices (for admins)
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this SMS Device.
required: true
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/SMSDeviceRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SMSDevice'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: authenticators_admin_sms_partial_update
description: Viewset for sms authenticator devices (for admins)
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this SMS Device.
required: true
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedSMSDeviceRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SMSDevice'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: authenticators_admin_sms_destroy
description: Viewset for sms authenticator devices (for admins)
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this SMS Device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/authenticators/admin/static/:
get:
operationId: authenticators_admin_static_list
description: Viewset for static authenticator devices (for admins)
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedStaticDeviceList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: authenticators_admin_static_create
description: Viewset for static authenticator devices (for admins)
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/StaticDeviceRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/StaticDevice'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/authenticators/admin/static/{id}/:
get:
operationId: authenticators_admin_static_retrieve
description: Viewset for static authenticator devices (for admins)
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Static Device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/StaticDevice'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: authenticators_admin_static_update
description: Viewset for static authenticator devices (for admins)
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Static Device.
required: true
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/StaticDeviceRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/StaticDevice'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: authenticators_admin_static_partial_update
description: Viewset for static authenticator devices (for admins)
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Static Device.
required: true
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedStaticDeviceRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/StaticDevice'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: authenticators_admin_static_destroy
description: Viewset for static authenticator devices (for admins)
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Static Device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/authenticators/admin/totp/:
get:
operationId: authenticators_admin_totp_list
description: Viewset for totp authenticator devices (for admins)
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedTOTPDeviceList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: authenticators_admin_totp_create
description: Viewset for totp authenticator devices (for admins)
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/TOTPDeviceRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/TOTPDevice'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/authenticators/admin/totp/{id}/:
get:
operationId: authenticators_admin_totp_retrieve
description: Viewset for totp authenticator devices (for admins)
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this TOTP Device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/TOTPDevice'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: authenticators_admin_totp_update
description: Viewset for totp authenticator devices (for admins)
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this TOTP Device.
required: true
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/TOTPDeviceRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/TOTPDevice'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: authenticators_admin_totp_partial_update
description: Viewset for totp authenticator devices (for admins)
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this TOTP Device.
required: true
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedTOTPDeviceRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/TOTPDevice'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: authenticators_admin_totp_destroy
description: Viewset for totp authenticator devices (for admins)
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this TOTP Device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/authenticators/admin/webauthn/:
get:
operationId: authenticators_admin_webauthn_list
description: Viewset for WebAuthn authenticator devices (for admins)
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedWebAuthnDeviceList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: authenticators_admin_webauthn_create
description: Viewset for WebAuthn authenticator devices (for admins)
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/WebAuthnDeviceRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/WebAuthnDevice'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/authenticators/admin/webauthn/{id}/:
get:
operationId: authenticators_admin_webauthn_retrieve
description: Viewset for WebAuthn authenticator devices (for admins)
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this WebAuthn Device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/WebAuthnDevice'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: authenticators_admin_webauthn_update
description: Viewset for WebAuthn authenticator devices (for admins)
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this WebAuthn Device.
required: true
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/WebAuthnDeviceRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/WebAuthnDevice'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: authenticators_admin_webauthn_partial_update
description: Viewset for WebAuthn authenticator devices (for admins)
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this WebAuthn Device.
required: true
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedWebAuthnDeviceRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/WebAuthnDevice'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: authenticators_admin_webauthn_destroy
description: Viewset for WebAuthn authenticator devices (for admins)
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this WebAuthn Device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/authenticators/all/:
get:
operationId: authenticators_all_list
description: Get all devices for current user
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/Device'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/authenticators/duo/:
get:
operationId: authenticators_duo_list
description: Viewset for Duo authenticator devices
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedDuoDeviceList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/authenticators/duo/{id}/:
get:
operationId: authenticators_duo_retrieve
description: Viewset for Duo authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Duo Device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DuoDevice'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: authenticators_duo_update
description: Viewset for Duo authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Duo Device.
required: true
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DuoDeviceRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DuoDevice'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: authenticators_duo_partial_update
description: Viewset for Duo authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Duo Device.
required: true
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedDuoDeviceRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DuoDevice'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: authenticators_duo_destroy
description: Viewset for Duo authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Duo Device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/authenticators/duo/{id}/used_by/:
get:
operationId: authenticators_duo_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Duo Device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/authenticators/sms/:
get:
operationId: authenticators_sms_list
description: Viewset for sms authenticator devices
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedSMSDeviceList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/authenticators/sms/{id}/:
get:
operationId: authenticators_sms_retrieve
description: Viewset for sms authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this SMS Device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SMSDevice'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: authenticators_sms_update
description: Viewset for sms authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this SMS Device.
required: true
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/SMSDeviceRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SMSDevice'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: authenticators_sms_partial_update
description: Viewset for sms authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this SMS Device.
required: true
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedSMSDeviceRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SMSDevice'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: authenticators_sms_destroy
description: Viewset for sms authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this SMS Device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/authenticators/sms/{id}/used_by/:
get:
operationId: authenticators_sms_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this SMS Device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/authenticators/static/:
get:
operationId: authenticators_static_list
description: Viewset for static authenticator devices
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedStaticDeviceList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/authenticators/static/{id}/:
get:
operationId: authenticators_static_retrieve
description: Viewset for static authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Static Device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/StaticDevice'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: authenticators_static_update
description: Viewset for static authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Static Device.
required: true
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/StaticDeviceRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/StaticDevice'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: authenticators_static_partial_update
description: Viewset for static authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Static Device.
required: true
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedStaticDeviceRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/StaticDevice'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: authenticators_static_destroy
description: Viewset for static authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Static Device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/authenticators/static/{id}/used_by/:
get:
operationId: authenticators_static_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Static Device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/authenticators/totp/:
get:
operationId: authenticators_totp_list
description: Viewset for totp authenticator devices
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedTOTPDeviceList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/authenticators/totp/{id}/:
get:
operationId: authenticators_totp_retrieve
description: Viewset for totp authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this TOTP Device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/TOTPDevice'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: authenticators_totp_update
description: Viewset for totp authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this TOTP Device.
required: true
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/TOTPDeviceRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/TOTPDevice'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: authenticators_totp_partial_update
description: Viewset for totp authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this TOTP Device.
required: true
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedTOTPDeviceRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/TOTPDevice'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: authenticators_totp_destroy
description: Viewset for totp authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this TOTP Device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/authenticators/totp/{id}/used_by/:
get:
operationId: authenticators_totp_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this TOTP Device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/authenticators/webauthn/:
get:
operationId: authenticators_webauthn_list
description: Viewset for WebAuthn authenticator devices
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedWebAuthnDeviceList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/authenticators/webauthn/{id}/:
get:
operationId: authenticators_webauthn_retrieve
description: Viewset for WebAuthn authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this WebAuthn Device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/WebAuthnDevice'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: authenticators_webauthn_update
description: Viewset for WebAuthn authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this WebAuthn Device.
required: true
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/WebAuthnDeviceRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/WebAuthnDevice'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: authenticators_webauthn_partial_update
description: Viewset for WebAuthn authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this WebAuthn Device.
required: true
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedWebAuthnDeviceRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/WebAuthnDevice'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: authenticators_webauthn_destroy
description: Viewset for WebAuthn authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this WebAuthn Device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/authenticators/webauthn/{id}/used_by/:
get:
operationId: authenticators_webauthn_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this WebAuthn Device.
required: true
tags:
- authenticators
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/applications/:
get:
operationId: core_applications_list
description: Custom list method that checks Policy based access instead of guardian
parameters:
- in: query
name: group
schema:
type: string
- in: query
name: meta_description
schema:
type: string
- in: query
name: meta_launch_url
schema:
type: string
- in: query
name: meta_publisher
schema:
type: string
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: slug
schema:
type: string
- in: query
name: superuser_full_list
schema:
type: boolean
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedApplicationList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: core_applications_create
description: Application Viewset
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ApplicationRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/Application'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/applications/{slug}/:
get:
operationId: core_applications_retrieve
description: Application Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal application name, used in URLs.
required: true
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Application'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: core_applications_update
description: Application Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal application name, used in URLs.
required: true
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ApplicationRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Application'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: core_applications_partial_update
description: Application Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal application name, used in URLs.
required: true
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedApplicationRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Application'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: core_applications_destroy
description: Application Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal application name, used in URLs.
required: true
tags:
- core
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/applications/{slug}/check_access/:
get:
operationId: core_applications_check_access_retrieve
description: Check access to a single application by slug
parameters:
- in: query
name: for_user
schema:
type: integer
- in: path
name: slug
schema:
type: string
description: Internal application name, used in URLs.
required: true
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PolicyTestResult'
description: ''
'404':
description: for_user user not found
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/applications/{slug}/metrics/:
get:
operationId: core_applications_metrics_list
description: Metrics for application logins
parameters:
- in: path
name: slug
schema:
type: string
description: Internal application name, used in URLs.
required: true
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/Coordinate'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/applications/{slug}/set_icon/:
post:
operationId: core_applications_set_icon_create
description: Set application icon
parameters:
- in: path
name: slug
schema:
type: string
description: Internal application name, used in URLs.
required: true
tags:
- core
requestBody:
content:
multipart/form-data:
schema:
$ref: '#/components/schemas/FileUploadRequest'
security:
- authentik: []
responses:
'200':
description: Success
'400':
description: Bad request
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/applications/{slug}/set_icon_url/:
post:
operationId: core_applications_set_icon_url_create
description: Set application icon (as URL)
parameters:
- in: path
name: slug
schema:
type: string
description: Internal application name, used in URLs.
required: true
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/FilePathRequest'
required: true
security:
- authentik: []
responses:
'200':
description: Success
'400':
description: Bad request
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/applications/{slug}/used_by/:
get:
operationId: core_applications_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: slug
schema:
type: string
description: Internal application name, used in URLs.
required: true
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/authenticated_sessions/:
get:
operationId: core_authenticated_sessions_list
description: AuthenticatedSession Viewset
parameters:
- in: query
name: last_ip
schema:
type: string
- in: query
name: last_user_agent
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: user__username
schema:
type: string
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedAuthenticatedSessionList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/authenticated_sessions/{uuid}/:
get:
operationId: core_authenticated_sessions_retrieve
description: AuthenticatedSession Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Authenticated Session.
required: true
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatedSession'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: core_authenticated_sessions_destroy
description: AuthenticatedSession Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Authenticated Session.
required: true
tags:
- core
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/authenticated_sessions/{uuid}/used_by/:
get:
operationId: core_authenticated_sessions_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Authenticated Session.
required: true
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/groups/:
get:
operationId: core_groups_list
description: Group Viewset
parameters:
- in: query
name: attributes
schema:
type: string
description: Attributes
- in: query
name: is_superuser
schema:
type: boolean
- in: query
name: members_by_pk
schema:
type: array
items:
type: integer
explode: true
style: form
- in: query
name: members_by_username
schema:
type: array
items:
type: string
description: Required. 150 characters or fewer. Letters, digits and @/./+/-/_
only.
explode: true
style: form
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedGroupList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: core_groups_create
description: Group Viewset
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/GroupRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/Group'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/groups/{group_uuid}/:
get:
operationId: core_groups_retrieve
description: Group Viewset
parameters:
- in: path
name: group_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Group.
required: true
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Group'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: core_groups_update
description: Group Viewset
parameters:
- in: path
name: group_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Group.
required: true
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/GroupRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Group'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: core_groups_partial_update
description: Group Viewset
parameters:
- in: path
name: group_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Group.
required: true
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedGroupRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Group'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: core_groups_destroy
description: Group Viewset
parameters:
- in: path
name: group_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Group.
required: true
tags:
- core
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/groups/{group_uuid}/add_user/:
post:
operationId: core_groups_add_user_create
description: Add user to group
parameters:
- in: path
name: group_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Group.
required: true
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UserAccountRequest'
required: true
security:
- authentik: []
responses:
'204':
description: User added
'404':
description: User not found
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/groups/{group_uuid}/remove_user/:
post:
operationId: core_groups_remove_user_create
description: Add user to group
parameters:
- in: path
name: group_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Group.
required: true
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UserAccountRequest'
required: true
security:
- authentik: []
responses:
'204':
description: User added
'404':
description: User not found
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/groups/{group_uuid}/used_by/:
get:
operationId: core_groups_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: group_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Group.
required: true
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/tenants/:
get:
operationId: core_tenants_list
description: Tenant Viewset
parameters:
- in: query
name: branding_favicon
schema:
type: string
- in: query
name: branding_logo
schema:
type: string
- in: query
name: branding_title
schema:
type: string
- in: query
name: default
schema:
type: boolean
- in: query
name: domain
schema:
type: string
- in: query
name: event_retention
schema:
type: string
- in: query
name: flow_authentication
schema:
type: string
format: uuid
- in: query
name: flow_device_code
schema:
type: string
format: uuid
- in: query
name: flow_invalidation
schema:
type: string
format: uuid
- in: query
name: flow_recovery
schema:
type: string
format: uuid
- in: query
name: flow_unenrollment
schema:
type: string
format: uuid
- in: query
name: flow_user_settings
schema:
type: string
format: uuid
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: tenant_uuid
schema:
type: string
format: uuid
- in: query
name: web_certificate
schema:
type: string
format: uuid
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedTenantList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: core_tenants_create
description: Tenant Viewset
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/TenantRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/Tenant'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/tenants/{tenant_uuid}/:
get:
operationId: core_tenants_retrieve
description: Tenant Viewset
parameters:
- in: path
name: tenant_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Tenant.
required: true
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Tenant'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: core_tenants_update
description: Tenant Viewset
parameters:
- in: path
name: tenant_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Tenant.
required: true
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/TenantRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Tenant'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: core_tenants_partial_update
description: Tenant Viewset
parameters:
- in: path
name: tenant_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Tenant.
required: true
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedTenantRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Tenant'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: core_tenants_destroy
description: Tenant Viewset
parameters:
- in: path
name: tenant_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Tenant.
required: true
tags:
- core
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/tenants/{tenant_uuid}/used_by/:
get:
operationId: core_tenants_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: tenant_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Tenant.
required: true
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/tenants/current/:
get:
operationId: core_tenants_current_retrieve
description: Get current tenant
tags:
- core
security:
- authentik: []
- {}
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/CurrentTenant'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/tokens/:
get:
operationId: core_tokens_list
description: Token Viewset
parameters:
- in: query
name: description
schema:
type: string
- in: query
name: expires
schema:
type: string
format: date-time
- in: query
name: expiring
schema:
type: boolean
- in: query
name: identifier
schema:
type: string
- in: query
name: intent
schema:
type: string
enum:
- api
- app_password
- recovery
- verification
description: |-
* `verification` - Intent Verification
* `api` - Intent Api
* `recovery` - Intent Recovery
* `app_password` - Intent App Password
- in: query
name: managed
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: user__username
schema:
type: string
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedTokenList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: core_tokens_create
description: Token Viewset
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/TokenRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/Token'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/tokens/{identifier}/:
get:
operationId: core_tokens_retrieve
description: Token Viewset
parameters:
- in: path
name: identifier
schema:
type: string
required: true
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Token'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: core_tokens_update
description: Token Viewset
parameters:
- in: path
name: identifier
schema:
type: string
required: true
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/TokenRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Token'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: core_tokens_partial_update
description: Token Viewset
parameters:
- in: path
name: identifier
schema:
type: string
required: true
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedTokenRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Token'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: core_tokens_destroy
description: Token Viewset
parameters:
- in: path
name: identifier
schema:
type: string
required: true
tags:
- core
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/tokens/{identifier}/set_key/:
post:
operationId: core_tokens_set_key_create
description: |-
Set token key. Action is logged as event. `authentik_core.set_token_key` permission
is required.
parameters:
- in: path
name: identifier
schema:
type: string
required: true
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/TokenSetKeyRequest'
required: true
security:
- authentik: []
responses:
'204':
description: Successfully changed key
'400':
description: Missing key
'404':
description: Token not found or expired
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/tokens/{identifier}/used_by/:
get:
operationId: core_tokens_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: identifier
schema:
type: string
required: true
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/tokens/{identifier}/view_key/:
get:
operationId: core_tokens_view_key_retrieve
description: Return token key and log access
parameters:
- in: path
name: identifier
schema:
type: string
required: true
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/TokenView'
description: ''
'404':
description: Token not found or expired
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/transactional/applications/:
put:
operationId: core_transactional_applications_update
description: Convert data into a blueprint, validate it and apply it
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/TransactionApplicationRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/TransactionApplicationResponse'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/user_consent/:
get:
operationId: core_user_consent_list
description: UserConsent Viewset
parameters:
- in: query
name: application
schema:
type: string
format: uuid
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: user
schema:
type: integer
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedUserConsentList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/user_consent/{id}/:
get:
operationId: core_user_consent_retrieve
description: UserConsent Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User Consent.
required: true
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserConsent'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: core_user_consent_destroy
description: UserConsent Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User Consent.
required: true
tags:
- core
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/user_consent/{id}/used_by/:
get:
operationId: core_user_consent_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User Consent.
required: true
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/users/:
get:
operationId: core_users_list
description: User Viewset
parameters:
- in: query
name: attributes
schema:
type: string
description: Attributes
- in: query
name: email
schema:
type: string
- in: query
name: groups_by_name
schema:
type: array
items:
type: string
explode: true
style: form
- in: query
name: groups_by_pk
schema:
type: array
items:
type: string
format: uuid
explode: true
style: form
- in: query
name: is_active
schema:
type: boolean
- in: query
name: is_superuser
schema:
type: boolean
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: path
schema:
type: string
- in: query
name: path_startswith
schema:
type: string
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: type
schema:
type: array
items:
type: string
enum:
- external
- internal
- internal_service_account
- service_account
description: |-
* `internal` - Internal
* `external` - External
* `service_account` - Service Account
* `internal_service_account` - Internal Service Account
explode: true
style: form
- in: query
name: username
schema:
type: string
- in: query
name: uuid
schema:
type: string
format: uuid
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedUserList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: core_users_create
description: User Viewset
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UserRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/User'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/users/{id}/:
get:
operationId: core_users_retrieve
description: User Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User.
required: true
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/User'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: core_users_update
description: User Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User.
required: true
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UserRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/User'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: core_users_partial_update
description: User Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User.
required: true
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedUserRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/User'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: core_users_destroy
description: User Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User.
required: true
tags:
- core
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/users/{id}/impersonate/:
post:
operationId: core_users_impersonate_create
description: Impersonate a user
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User.
required: true
tags:
- core
security:
- authentik: []
responses:
'204':
description: Successfully started impersonation
'401':
description: Access denied
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/users/{id}/metrics/:
get:
operationId: core_users_metrics_retrieve
description: User metrics per 1h
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User.
required: true
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserMetrics'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/users/{id}/recovery/:
get:
operationId: core_users_recovery_retrieve
description: Create a temporary link that a user can use to recover their accounts
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User.
required: true
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Link'
description: ''
'404':
content:
application/json:
schema:
$ref: '#/components/schemas/Link'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/users/{id}/recovery_email/:
get:
operationId: core_users_recovery_email_retrieve
description: Create a temporary link that a user can use to recover their accounts
parameters:
- in: query
name: email_stage
schema:
type: string
required: true
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User.
required: true
tags:
- core
security:
- authentik: []
responses:
'204':
description: Successfully sent recover email
'404':
description: Bad request
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/users/{id}/set_password/:
post:
operationId: core_users_set_password_create
description: Set password for user
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User.
required: true
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UserPasswordSetRequest'
required: true
security:
- authentik: []
responses:
'204':
description: Successfully changed password
'400':
description: Bad request
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/users/{id}/used_by/:
get:
operationId: core_users_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User.
required: true
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/users/impersonate_end/:
get:
operationId: core_users_impersonate_end_retrieve
description: End Impersonation a user
tags:
- core
security:
- authentik: []
responses:
'204':
description: Successfully started impersonation
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/users/me/:
get:
operationId: core_users_me_retrieve
description: Get information about current user
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SessionUser'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/users/paths/:
get:
operationId: core_users_paths_retrieve
description: Get all user paths
parameters:
- in: query
name: search
schema:
type: string
tags:
- core
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserPath'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/core/users/service_account/:
post:
operationId: core_users_service_account_create
description: Create a new user account that is marked as a service account
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UserServiceAccountRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserServiceAccountResponse'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/crypto/certificatekeypairs/:
get:
operationId: crypto_certificatekeypairs_list
description: CertificateKeyPair Viewset
parameters:
- in: query
name: has_key
schema:
type: boolean
description: Only return certificate-key pairs with keys
- in: query
name: include_details
schema:
type: boolean
default: true
- in: query
name: managed
schema:
type: string
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- crypto
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedCertificateKeyPairList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: crypto_certificatekeypairs_create
description: CertificateKeyPair Viewset
tags:
- crypto
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CertificateKeyPairRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/CertificateKeyPair'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/crypto/certificatekeypairs/{kp_uuid}/:
get:
operationId: crypto_certificatekeypairs_retrieve
description: CertificateKeyPair Viewset
parameters:
- in: path
name: kp_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Certificate-Key Pair.
required: true
tags:
- crypto
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/CertificateKeyPair'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: crypto_certificatekeypairs_update
description: CertificateKeyPair Viewset
parameters:
- in: path
name: kp_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Certificate-Key Pair.
required: true
tags:
- crypto
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CertificateKeyPairRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/CertificateKeyPair'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: crypto_certificatekeypairs_partial_update
description: CertificateKeyPair Viewset
parameters:
- in: path
name: kp_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Certificate-Key Pair.
required: true
tags:
- crypto
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedCertificateKeyPairRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/CertificateKeyPair'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: crypto_certificatekeypairs_destroy
description: CertificateKeyPair Viewset
parameters:
- in: path
name: kp_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Certificate-Key Pair.
required: true
tags:
- crypto
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/crypto/certificatekeypairs/{kp_uuid}/used_by/:
get:
operationId: crypto_certificatekeypairs_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: kp_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Certificate-Key Pair.
required: true
tags:
- crypto
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/crypto/certificatekeypairs/{kp_uuid}/view_certificate/:
get:
operationId: crypto_certificatekeypairs_view_certificate_retrieve
description: Return certificate-key pairs certificate and log access
parameters:
- in: query
name: download
schema:
type: boolean
- in: path
name: kp_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Certificate-Key Pair.
required: true
tags:
- crypto
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/CertificateData'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/crypto/certificatekeypairs/{kp_uuid}/view_private_key/:
get:
operationId: crypto_certificatekeypairs_view_private_key_retrieve
description: Return certificate-key pairs private key and log access
parameters:
- in: query
name: download
schema:
type: boolean
- in: path
name: kp_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Certificate-Key Pair.
required: true
tags:
- crypto
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/CertificateData'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/crypto/certificatekeypairs/generate/:
post:
operationId: crypto_certificatekeypairs_generate_create
description: Generate a new, self-signed certificate-key pair
tags:
- crypto
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CertificateGenerationRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/CertificateKeyPair'
description: ''
'400':
description: Bad request
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/enterprise/license/:
get:
operationId: enterprise_license_list
description: License Viewset
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- enterprise
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedLicenseList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: enterprise_license_create
description: License Viewset
tags:
- enterprise
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/LicenseRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/License'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/enterprise/license/{license_uuid}/:
get:
operationId: enterprise_license_retrieve
description: License Viewset
parameters:
- in: path
name: license_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this License.
required: true
tags:
- enterprise
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/License'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: enterprise_license_update
description: License Viewset
parameters:
- in: path
name: license_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this License.
required: true
tags:
- enterprise
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/LicenseRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/License'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: enterprise_license_partial_update
description: License Viewset
parameters:
- in: path
name: license_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this License.
required: true
tags:
- enterprise
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedLicenseRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/License'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: enterprise_license_destroy
description: License Viewset
parameters:
- in: path
name: license_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this License.
required: true
tags:
- enterprise
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/enterprise/license/{license_uuid}/used_by/:
get:
operationId: enterprise_license_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: license_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this License.
required: true
tags:
- enterprise
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/enterprise/license/forecast/:
get:
operationId: enterprise_license_forecast_retrieve
description: Forecast how many users will be required in a year
tags:
- enterprise
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/LicenseForecast'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/enterprise/license/get_install_id/:
get:
operationId: enterprise_license_get_install_id_retrieve
description: Get install_id
tags:
- enterprise
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/InstallID'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/enterprise/license/summary/:
get:
operationId: enterprise_license_summary_retrieve
description: Get the total license status
tags:
- enterprise
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/LicenseSummary'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/events/events/:
get:
operationId: events_events_list
description: Event Read-Only Viewset
parameters:
- in: query
name: action
schema:
type: string
- in: query
name: client_ip
schema:
type: string
- in: query
name: context_authorized_app
schema:
type: string
description: Context Authorized application
- in: query
name: context_model_app
schema:
type: string
description: Context Model App
- in: query
name: context_model_name
schema:
type: string
description: Context Model Name
- in: query
name: context_model_pk
schema:
type: string
description: Context Model Primary Key
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: tenant_name
schema:
type: string
description: Tenant name
- in: query
name: username
schema:
type: string
description: Username
tags:
- events
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedEventList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: events_events_create
description: Event Read-Only Viewset
tags:
- events
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/EventRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/Event'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/events/events/{event_uuid}/:
get:
operationId: events_events_retrieve
description: Event Read-Only Viewset
parameters:
- in: path
name: event_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Event.
required: true
tags:
- events
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Event'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: events_events_update
description: Event Read-Only Viewset
parameters:
- in: path
name: event_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Event.
required: true
tags:
- events
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/EventRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Event'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: events_events_partial_update
description: Event Read-Only Viewset
parameters:
- in: path
name: event_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Event.
required: true
tags:
- events
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedEventRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Event'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: events_events_destroy
description: Event Read-Only Viewset
parameters:
- in: path
name: event_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Event.
required: true
tags:
- events
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/events/events/actions/:
get:
operationId: events_events_actions_list
description: Get all actions
tags:
- events
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/TypeCreate'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/events/events/per_month/:
get:
operationId: events_events_per_month_list
description: Get the count of events per month
parameters:
- in: query
name: action
schema:
type: string
- in: query
name: query
schema:
type: string
tags:
- events
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/Coordinate'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/events/events/top_per_user/:
get:
operationId: events_events_top_per_user_list
description: Get the top_n events grouped by user count
parameters:
- in: query
name: action
schema:
type: string
- in: query
name: top_n
schema:
type: integer
tags:
- events
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/EventTopPerUser'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/events/events/volume/:
get:
operationId: events_events_volume_list
description: Get event volume for specified filters and timeframe
parameters:
- in: query
name: action
schema:
type: string
- in: query
name: client_ip
schema:
type: string
- in: query
name: context_authorized_app
schema:
type: string
description: Context Authorized application
- in: query
name: context_model_app
schema:
type: string
description: Context Model App
- in: query
name: context_model_name
schema:
type: string
description: Context Model Name
- in: query
name: context_model_pk
schema:
type: string
description: Context Model Primary Key
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: tenant_name
schema:
type: string
description: Tenant name
- in: query
name: username
schema:
type: string
description: Username
tags:
- events
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/Coordinate'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/events/notifications/:
get:
operationId: events_notifications_list
description: Notification Viewset
parameters:
- in: query
name: body
schema:
type: string
- in: query
name: created
schema:
type: string
format: date-time
- in: query
name: event
schema:
type: string
format: uuid
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: seen
schema:
type: boolean
- in: query
name: severity
schema:
type: string
enum:
- alert
- notice
- warning
description: |-
* `notice` - Notice
* `warning` - Warning
* `alert` - Alert
- in: query
name: user
schema:
type: integer
tags:
- events
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedNotificationList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/events/notifications/{uuid}/:
get:
operationId: events_notifications_retrieve
description: Notification Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Notification.
required: true
tags:
- events
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Notification'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: events_notifications_update
description: Notification Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Notification.
required: true
tags:
- events
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Notification'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: events_notifications_partial_update
description: Notification Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Notification.
required: true
tags:
- events
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedNotificationRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Notification'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: events_notifications_destroy
description: Notification Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Notification.
required: true
tags:
- events
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/events/notifications/{uuid}/used_by/:
get:
operationId: events_notifications_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Notification.
required: true
tags:
- events
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/events/notifications/mark_all_seen/:
post:
operationId: events_notifications_mark_all_seen_create
description: Mark all the user's notifications as seen
tags:
- events
security:
- authentik: []
responses:
'204':
description: Marked tasks as read successfully.
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/events/rules/:
get:
operationId: events_rules_list
description: NotificationRule Viewset
parameters:
- in: query
name: group__name
schema:
type: string
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: severity
schema:
type: string
enum:
- alert
- notice
- warning
description: |-
Controls which severity level the created notifications will have.
* `notice` - Notice
* `warning` - Warning
* `alert` - Alert
tags:
- events
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedNotificationRuleList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: events_rules_create
description: NotificationRule Viewset
tags:
- events
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationRuleRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationRule'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/events/rules/{pbm_uuid}/:
get:
operationId: events_rules_retrieve
description: NotificationRule Viewset
parameters:
- in: path
name: pbm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Notification Rule.
required: true
tags:
- events
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationRule'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: events_rules_update
description: NotificationRule Viewset
parameters:
- in: path
name: pbm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Notification Rule.
required: true
tags:
- events
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationRuleRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationRule'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: events_rules_partial_update
description: NotificationRule Viewset
parameters:
- in: path
name: pbm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Notification Rule.
required: true
tags:
- events
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedNotificationRuleRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationRule'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: events_rules_destroy
description: NotificationRule Viewset
parameters:
- in: path
name: pbm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Notification Rule.
required: true
tags:
- events
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/events/rules/{pbm_uuid}/used_by/:
get:
operationId: events_rules_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: pbm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Notification Rule.
required: true
tags:
- events
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/events/transports/:
get:
operationId: events_transports_list
description: NotificationTransport Viewset
parameters:
- in: query
name: mode
schema:
type: string
enum:
- email
- local
- webhook
- webhook_slack
description: |-
* `local` - authentik inbuilt notifications
* `webhook` - Generic Webhook
* `webhook_slack` - Slack Webhook (Slack/Discord)
* `email` - Email
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: send_once
schema:
type: boolean
- in: query
name: webhook_url
schema:
type: string
tags:
- events
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedNotificationTransportList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: events_transports_create
description: NotificationTransport Viewset
tags:
- events
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationTransportRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationTransport'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/events/transports/{uuid}/:
get:
operationId: events_transports_retrieve
description: NotificationTransport Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Notification Transport.
required: true
tags:
- events
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationTransport'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: events_transports_update
description: NotificationTransport Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Notification Transport.
required: true
tags:
- events
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationTransportRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationTransport'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: events_transports_partial_update
description: NotificationTransport Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Notification Transport.
required: true
tags:
- events
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedNotificationTransportRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationTransport'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: events_transports_destroy
description: NotificationTransport Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Notification Transport.
required: true
tags:
- events
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/events/transports/{uuid}/test/:
post:
operationId: events_transports_test_create
description: |-
Send example notification using selected transport. Requires
Modify permissions.
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Notification Transport.
required: true
tags:
- events
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationTransportTest'
description: ''
'500':
description: Failed to test transport
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/events/transports/{uuid}/used_by/:
get:
operationId: events_transports_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Notification Transport.
required: true
tags:
- events
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/flows/bindings/:
get:
operationId: flows_bindings_list
description: FlowStageBinding Viewset
parameters:
- in: query
name: evaluate_on_plan
schema:
type: boolean
- in: query
name: fsb_uuid
schema:
type: string
format: uuid
- in: query
name: invalid_response_action
schema:
type: string
enum:
- restart
- restart_with_context
- retry
description: |-
Configure how the flow executor should handle an invalid response to a challenge. RETRY returns the error message and a similar challenge to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT restarts the flow while keeping the current context.
* `retry` - Retry
* `restart` - Restart
* `restart_with_context` - Restart With Context
- in: query
name: order
schema:
type: integer
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: pbm_uuid
schema:
type: string
format: uuid
- in: query
name: policies
schema:
type: array
items:
type: string
format: uuid
explode: true
style: form
- in: query
name: policy_engine_mode
schema:
type: string
enum:
- all
- any
description: |-
* `all` - all, all policies must pass
* `any` - any, any policy must pass
- in: query
name: re_evaluate_policies
schema:
type: boolean
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: stage
schema:
type: string
format: uuid
- in: query
name: target
schema:
type: string
format: uuid
tags:
- flows
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedFlowStageBindingList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: flows_bindings_create
description: FlowStageBinding Viewset
tags:
- flows
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/FlowStageBindingRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/FlowStageBinding'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/flows/bindings/{fsb_uuid}/:
get:
operationId: flows_bindings_retrieve
description: FlowStageBinding Viewset
parameters:
- in: path
name: fsb_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Flow Stage Binding.
required: true
tags:
- flows
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/FlowStageBinding'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: flows_bindings_update
description: FlowStageBinding Viewset
parameters:
- in: path
name: fsb_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Flow Stage Binding.
required: true
tags:
- flows
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/FlowStageBindingRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/FlowStageBinding'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: flows_bindings_partial_update
description: FlowStageBinding Viewset
parameters:
- in: path
name: fsb_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Flow Stage Binding.
required: true
tags:
- flows
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedFlowStageBindingRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/FlowStageBinding'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: flows_bindings_destroy
description: FlowStageBinding Viewset
parameters:
- in: path
name: fsb_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Flow Stage Binding.
required: true
tags:
- flows
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/flows/bindings/{fsb_uuid}/used_by/:
get:
operationId: flows_bindings_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: fsb_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Flow Stage Binding.
required: true
tags:
- flows
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/flows/executor/{flow_slug}/:
get:
operationId: flows_executor_get
description: Get the next pending challenge from the currently active flow.
parameters:
- in: path
name: flow_slug
schema:
type: string
required: true
- in: query
name: query
schema:
type: string
description: Querystring as received
required: true
tags:
- flows
security:
- authentik: []
- {}
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ChallengeTypes'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: flows_executor_solve
description: Solve the previously retrieved challenge and advanced to the next
stage.
parameters:
- in: path
name: flow_slug
schema:
type: string
required: true
- in: query
name: query
schema:
type: string
description: Querystring as received
required: true
tags:
- flows
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/FlowChallengeResponseRequest'
security:
- authentik: []
- {}
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ChallengeTypes'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/flows/inspector/{flow_slug}/:
get:
operationId: flows_inspector_get
description: Get current flow state and record it
parameters:
- in: path
name: flow_slug
schema:
type: string
required: true
tags:
- flows
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/FlowInspection'
description: ''
'400':
description: No flow plan in session.
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/flows/instances/:
get:
operationId: flows_instances_list
description: Flow Viewset
parameters:
- in: query
name: denied_action
schema:
type: string
enum:
- continue
- message
- message_continue
description: |-
Configure what should happen when a flow denies access to a user.
* `message_continue` - Message Continue
* `message` - Message
* `continue` - Continue
- in: query
name: designation
schema:
type: string
enum:
- authentication
- authorization
- enrollment
- invalidation
- recovery
- stage_configuration
- unenrollment
description: |-
Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik.
* `authentication` - Authentication
* `authorization` - Authorization
* `invalidation` - Invalidation
* `enrollment` - Enrollment
* `unenrollment` - Unrenollment
* `recovery` - Recovery
* `stage_configuration` - Stage Configuration
- in: query
name: flow_uuid
schema:
type: string
format: uuid
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: slug
schema:
type: string
tags:
- flows
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedFlowList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: flows_instances_create
description: Flow Viewset
tags:
- flows
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/FlowRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/Flow'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/flows/instances/{slug}/:
get:
operationId: flows_instances_retrieve
description: Flow Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Visible in the URL.
required: true
tags:
- flows
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Flow'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: flows_instances_update
description: Flow Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Visible in the URL.
required: true
tags:
- flows
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/FlowRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Flow'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: flows_instances_partial_update
description: Flow Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Visible in the URL.
required: true
tags:
- flows
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedFlowRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Flow'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: flows_instances_destroy
description: Flow Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Visible in the URL.
required: true
tags:
- flows
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/flows/instances/{slug}/diagram/:
get:
operationId: flows_instances_diagram_retrieve
description: Return diagram for flow with slug `slug`, in the format used by
flowchart.js
parameters:
- in: path
name: slug
schema:
type: string
description: Visible in the URL.
required: true
tags:
- flows
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/FlowDiagram'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/flows/instances/{slug}/execute/:
get:
operationId: flows_instances_execute_retrieve
description: Execute flow for current user
parameters:
- in: path
name: slug
schema:
type: string
description: Visible in the URL.
required: true
tags:
- flows
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Link'
description: ''
'400':
description: Flow not applicable
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/flows/instances/{slug}/export/:
get:
operationId: flows_instances_export_retrieve
description: Export flow to .yaml file
parameters:
- in: path
name: slug
schema:
type: string
description: Visible in the URL.
required: true
tags:
- flows
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: string
format: binary
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/flows/instances/{slug}/set_background/:
post:
operationId: flows_instances_set_background_create
description: Set Flow background
parameters:
- in: path
name: slug
schema:
type: string
description: Visible in the URL.
required: true
tags:
- flows
requestBody:
content:
multipart/form-data:
schema:
$ref: '#/components/schemas/FileUploadRequest'
security:
- authentik: []
responses:
'200':
description: Success
'400':
description: Bad request
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/flows/instances/{slug}/set_background_url/:
post:
operationId: flows_instances_set_background_url_create
description: Set Flow background (as URL)
parameters:
- in: path
name: slug
schema:
type: string
description: Visible in the URL.
required: true
tags:
- flows
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/FilePathRequest'
required: true
security:
- authentik: []
responses:
'200':
description: Success
'400':
description: Bad request
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/flows/instances/{slug}/used_by/:
get:
operationId: flows_instances_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: slug
schema:
type: string
description: Visible in the URL.
required: true
tags:
- flows
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/flows/instances/cache_clear/:
post:
operationId: flows_instances_cache_clear_create
description: Clear flow cache
tags:
- flows
security:
- authentik: []
responses:
'204':
description: Successfully cleared cache
'400':
description: Bad request
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/flows/instances/cache_info/:
get:
operationId: flows_instances_cache_info_retrieve
description: Info about cached flows
tags:
- flows
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Cache'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/flows/instances/import/:
post:
operationId: flows_instances_import_create
description: Import flow from .yaml file
tags:
- flows
requestBody:
content:
multipart/form-data:
schema:
$ref: '#/components/schemas/FileUploadRequest'
security:
- authentik: []
responses:
'204':
content:
application/json:
schema:
$ref: '#/components/schemas/FlowImportResult'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/FlowImportResult'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/managed/blueprints/:
get:
operationId: managed_blueprints_list
description: Blueprint instances
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: path
schema:
type: string
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- managed
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedBlueprintInstanceList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: managed_blueprints_create
description: Blueprint instances
tags:
- managed
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/BlueprintInstanceRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/BlueprintInstance'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/managed/blueprints/{instance_uuid}/:
get:
operationId: managed_blueprints_retrieve
description: Blueprint instances
parameters:
- in: path
name: instance_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Blueprint Instance.
required: true
tags:
- managed
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/BlueprintInstance'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: managed_blueprints_update
description: Blueprint instances
parameters:
- in: path
name: instance_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Blueprint Instance.
required: true
tags:
- managed
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/BlueprintInstanceRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/BlueprintInstance'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: managed_blueprints_partial_update
description: Blueprint instances
parameters:
- in: path
name: instance_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Blueprint Instance.
required: true
tags:
- managed
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedBlueprintInstanceRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/BlueprintInstance'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: managed_blueprints_destroy
description: Blueprint instances
parameters:
- in: path
name: instance_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Blueprint Instance.
required: true
tags:
- managed
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/managed/blueprints/{instance_uuid}/apply/:
post:
operationId: managed_blueprints_apply_create
description: Apply a blueprint
parameters:
- in: path
name: instance_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Blueprint Instance.
required: true
tags:
- managed
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/BlueprintInstance'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/managed/blueprints/{instance_uuid}/used_by/:
get:
operationId: managed_blueprints_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: instance_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Blueprint Instance.
required: true
tags:
- managed
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/managed/blueprints/available/:
get:
operationId: managed_blueprints_available_list
description: Get blueprints
tags:
- managed
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/BlueprintFile'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/oauth2/access_tokens/:
get:
operationId: oauth2_access_tokens_list
description: AccessToken Viewset
parameters:
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: provider
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: user
schema:
type: integer
tags:
- oauth2
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedTokenModelList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/oauth2/access_tokens/{id}/:
get:
operationId: oauth2_access_tokens_retrieve
description: AccessToken Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this OAuth2 Access Token.
required: true
tags:
- oauth2
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/TokenModel'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: oauth2_access_tokens_destroy
description: AccessToken Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this OAuth2 Access Token.
required: true
tags:
- oauth2
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/oauth2/access_tokens/{id}/used_by/:
get:
operationId: oauth2_access_tokens_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this OAuth2 Access Token.
required: true
tags:
- oauth2
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/oauth2/authorization_codes/:
get:
operationId: oauth2_authorization_codes_list
description: AuthorizationCode Viewset
parameters:
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: provider
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: user
schema:
type: integer
tags:
- oauth2
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedExpiringBaseGrantModelList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/oauth2/authorization_codes/{id}/:
get:
operationId: oauth2_authorization_codes_retrieve
description: AuthorizationCode Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Authorization Code.
required: true
tags:
- oauth2
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ExpiringBaseGrantModel'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: oauth2_authorization_codes_destroy
description: AuthorizationCode Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Authorization Code.
required: true
tags:
- oauth2
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/oauth2/authorization_codes/{id}/used_by/:
get:
operationId: oauth2_authorization_codes_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Authorization Code.
required: true
tags:
- oauth2
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/oauth2/refresh_tokens/:
get:
operationId: oauth2_refresh_tokens_list
description: RefreshToken Viewset
parameters:
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: provider
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: user
schema:
type: integer
tags:
- oauth2
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedTokenModelList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/oauth2/refresh_tokens/{id}/:
get:
operationId: oauth2_refresh_tokens_retrieve
description: RefreshToken Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this OAuth2 Refresh Token.
required: true
tags:
- oauth2
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/TokenModel'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: oauth2_refresh_tokens_destroy
description: RefreshToken Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this OAuth2 Refresh Token.
required: true
tags:
- oauth2
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/oauth2/refresh_tokens/{id}/used_by/:
get:
operationId: oauth2_refresh_tokens_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this OAuth2 Refresh Token.
required: true
tags:
- oauth2
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/outposts/instances/:
get:
operationId: outposts_instances_list
description: Outpost Viewset
parameters:
- in: query
name: managed__icontains
schema:
type: string
- in: query
name: managed__iexact
schema:
type: string
- in: query
name: name__icontains
schema:
type: string
- in: query
name: name__iexact
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: providers__isnull
schema:
type: boolean
- in: query
name: providers_by_pk
schema:
type: array
items:
type: integer
explode: true
style: form
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: service_connection__name__icontains
schema:
type: string
- in: query
name: service_connection__name__iexact
schema:
type: string
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedOutpostList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: outposts_instances_create
description: Outpost Viewset
tags:
- outposts
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/OutpostRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/Outpost'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/outposts/instances/{uuid}/:
get:
operationId: outposts_instances_retrieve
description: Outpost Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Outpost.
required: true
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Outpost'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: outposts_instances_update
description: Outpost Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Outpost.
required: true
tags:
- outposts
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/OutpostRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Outpost'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: outposts_instances_partial_update
description: Outpost Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Outpost.
required: true
tags:
- outposts
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedOutpostRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Outpost'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: outposts_instances_destroy
description: Outpost Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Outpost.
required: true
tags:
- outposts
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/outposts/instances/{uuid}/health/:
get:
operationId: outposts_instances_health_list
description: Get outposts current health
parameters:
- in: query
name: managed__icontains
schema:
type: string
- in: query
name: managed__iexact
schema:
type: string
- in: query
name: name__icontains
schema:
type: string
- in: query
name: name__iexact
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- in: query
name: providers__isnull
schema:
type: boolean
- in: query
name: providers_by_pk
schema:
type: array
items:
type: integer
explode: true
style: form
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: service_connection__name__icontains
schema:
type: string
- in: query
name: service_connection__name__iexact
schema:
type: string
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Outpost.
required: true
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/OutpostHealth'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/outposts/instances/{uuid}/used_by/:
get:
operationId: outposts_instances_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Outpost.
required: true
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/outposts/instances/default_settings/:
get:
operationId: outposts_instances_default_settings_retrieve
description: Global default outpost config
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/OutpostDefaultConfig'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/outposts/ldap/:
get:
operationId: outposts_ldap_list
description: LDAPProvider Viewset
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedLDAPOutpostConfigList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/outposts/ldap/{id}/:
get:
operationId: outposts_ldap_retrieve
description: LDAPProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this LDAP Provider.
required: true
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPOutpostConfig'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/outposts/proxy/:
get:
operationId: outposts_proxy_list
description: ProxyProvider Viewset
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedProxyOutpostConfigList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/outposts/proxy/{id}/:
get:
operationId: outposts_proxy_retrieve
description: ProxyProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Proxy Provider.
required: true
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ProxyOutpostConfig'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/outposts/radius/:
get:
operationId: outposts_radius_list
description: RadiusProvider Viewset
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedRadiusOutpostConfigList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/outposts/radius/{id}/:
get:
operationId: outposts_radius_retrieve
description: RadiusProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Radius Provider.
required: true
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/RadiusOutpostConfig'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/outposts/service_connections/all/:
get:
operationId: outposts_service_connections_all_list
description: ServiceConnection Viewset
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedServiceConnectionList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/outposts/service_connections/all/{uuid}/:
get:
operationId: outposts_service_connections_all_retrieve
description: ServiceConnection Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Outpost Service-Connection.
required: true
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ServiceConnection'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: outposts_service_connections_all_destroy
description: ServiceConnection Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Outpost Service-Connection.
required: true
tags:
- outposts
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/outposts/service_connections/all/{uuid}/state/:
get:
operationId: outposts_service_connections_all_state_retrieve
description: Get the service connection's state
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Outpost Service-Connection.
required: true
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ServiceConnectionState'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/outposts/service_connections/all/{uuid}/used_by/:
get:
operationId: outposts_service_connections_all_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Outpost Service-Connection.
required: true
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/outposts/service_connections/all/types/:
get:
operationId: outposts_service_connections_all_types_list
description: Get all creatable service connection types
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/TypeCreate'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/outposts/service_connections/docker/:
get:
operationId: outposts_service_connections_docker_list
description: DockerServiceConnection Viewset
parameters:
- in: query
name: local
schema:
type: boolean
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: tls_authentication
schema:
type: string
format: uuid
- in: query
name: tls_verification
schema:
type: string
format: uuid
- in: query
name: url
schema:
type: string
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedDockerServiceConnectionList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: outposts_service_connections_docker_create
description: DockerServiceConnection Viewset
tags:
- outposts
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DockerServiceConnectionRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/DockerServiceConnection'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/outposts/service_connections/docker/{uuid}/:
get:
operationId: outposts_service_connections_docker_retrieve
description: DockerServiceConnection Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Docker Service-Connection.
required: true
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DockerServiceConnection'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: outposts_service_connections_docker_update
description: DockerServiceConnection Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Docker Service-Connection.
required: true
tags:
- outposts
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DockerServiceConnectionRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DockerServiceConnection'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: outposts_service_connections_docker_partial_update
description: DockerServiceConnection Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Docker Service-Connection.
required: true
tags:
- outposts
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedDockerServiceConnectionRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DockerServiceConnection'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: outposts_service_connections_docker_destroy
description: DockerServiceConnection Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Docker Service-Connection.
required: true
tags:
- outposts
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/outposts/service_connections/docker/{uuid}/used_by/:
get:
operationId: outposts_service_connections_docker_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Docker Service-Connection.
required: true
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/outposts/service_connections/kubernetes/:
get:
operationId: outposts_service_connections_kubernetes_list
description: KubernetesServiceConnection Viewset
parameters:
- in: query
name: local
schema:
type: boolean
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedKubernetesServiceConnectionList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: outposts_service_connections_kubernetes_create
description: KubernetesServiceConnection Viewset
tags:
- outposts
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/KubernetesServiceConnectionRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/KubernetesServiceConnection'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/outposts/service_connections/kubernetes/{uuid}/:
get:
operationId: outposts_service_connections_kubernetes_retrieve
description: KubernetesServiceConnection Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Kubernetes Service-Connection.
required: true
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/KubernetesServiceConnection'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: outposts_service_connections_kubernetes_update
description: KubernetesServiceConnection Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Kubernetes Service-Connection.
required: true
tags:
- outposts
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/KubernetesServiceConnectionRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/KubernetesServiceConnection'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: outposts_service_connections_kubernetes_partial_update
description: KubernetesServiceConnection Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Kubernetes Service-Connection.
required: true
tags:
- outposts
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedKubernetesServiceConnectionRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/KubernetesServiceConnection'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: outposts_service_connections_kubernetes_destroy
description: KubernetesServiceConnection Viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Kubernetes Service-Connection.
required: true
tags:
- outposts
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/outposts/service_connections/kubernetes/{uuid}/used_by/:
get:
operationId: outposts_service_connections_kubernetes_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Kubernetes Service-Connection.
required: true
tags:
- outposts
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/policies/all/:
get:
operationId: policies_all_list
description: Policy Viewset
parameters:
- in: query
name: bindings__isnull
schema:
type: boolean
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: promptstage__isnull
schema:
type: boolean
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedPolicyList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/policies/all/{policy_uuid}/:
get:
operationId: policies_all_retrieve
description: Policy Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Policy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: policies_all_destroy
description: Policy Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/policies/all/{policy_uuid}/test/:
post:
operationId: policies_all_test_create
description: Test policy
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Policy.
required: true
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PolicyTestRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PolicyTestResult'
description: ''
'400':
description: Invalid parameters
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/policies/all/{policy_uuid}/used_by/:
get:
operationId: policies_all_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/policies/all/cache_clear/:
post:
operationId: policies_all_cache_clear_create
description: Clear policy cache
tags:
- policies
security:
- authentik: []
responses:
'204':
description: Successfully cleared cache
'400':
description: Bad request
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/policies/all/cache_info/:
get:
operationId: policies_all_cache_info_retrieve
description: Info about cached policies
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Cache'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/policies/all/types/:
get:
operationId: policies_all_types_list
description: Get all creatable policy types
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/TypeCreate'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/policies/bindings/:
get:
operationId: policies_bindings_list
description: PolicyBinding Viewset
parameters:
- in: query
name: enabled
schema:
type: boolean
- in: query
name: order
schema:
type: integer
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: policy
schema:
type: string
format: uuid
- in: query
name: policy__isnull
schema:
type: boolean
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: target
schema:
type: string
format: uuid
- in: query
name: target_in
schema:
type: array
items:
type: string
format: uuid
explode: true
style: form
- in: query
name: timeout
schema:
type: integer
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedPolicyBindingList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: policies_bindings_create
description: PolicyBinding Viewset
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PolicyBindingRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/PolicyBinding'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/policies/bindings/{policy_binding_uuid}/:
get:
operationId: policies_bindings_retrieve
description: PolicyBinding Viewset
parameters:
- in: path
name: policy_binding_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Policy Binding.
required: true
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PolicyBinding'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: policies_bindings_update
description: PolicyBinding Viewset
parameters:
- in: path
name: policy_binding_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Policy Binding.
required: true
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PolicyBindingRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PolicyBinding'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: policies_bindings_partial_update
description: PolicyBinding Viewset
parameters:
- in: path
name: policy_binding_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Policy Binding.
required: true
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedPolicyBindingRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PolicyBinding'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: policies_bindings_destroy
description: PolicyBinding Viewset
parameters:
- in: path
name: policy_binding_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Policy Binding.
required: true
tags:
- policies
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/policies/bindings/{policy_binding_uuid}/used_by/:
get:
operationId: policies_bindings_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: policy_binding_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Policy Binding.
required: true
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/policies/dummy/:
get:
operationId: policies_dummy_list
description: Dummy Viewset
parameters:
- in: query
name: created
schema:
type: string
format: date-time
- in: query
name: execution_logging
schema:
type: boolean
- in: query
name: last_updated
schema:
type: string
format: date-time
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: policy_uuid
schema:
type: string
format: uuid
- in: query
name: result
schema:
type: boolean
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: wait_max
schema:
type: integer
- in: query
name: wait_min
schema:
type: integer
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedDummyPolicyList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: policies_dummy_create
description: Dummy Viewset
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DummyPolicyRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/DummyPolicy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/policies/dummy/{policy_uuid}/:
get:
operationId: policies_dummy_retrieve
description: Dummy Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Dummy Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DummyPolicy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: policies_dummy_update
description: Dummy Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Dummy Policy.
required: true
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DummyPolicyRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DummyPolicy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: policies_dummy_partial_update
description: Dummy Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Dummy Policy.
required: true
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedDummyPolicyRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DummyPolicy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: policies_dummy_destroy
description: Dummy Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Dummy Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/policies/dummy/{policy_uuid}/used_by/:
get:
operationId: policies_dummy_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Dummy Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/policies/event_matcher/:
get:
operationId: policies_event_matcher_list
description: Event Matcher Policy Viewset
parameters:
- in: query
name: action
schema:
type: string
nullable: true
enum:
- authorize_application
- configuration_error
- custom_
- email_sent
- flow_execution
- impersonation_ended
- impersonation_started
- invitation_used
- login
- login_failed
- logout
- model_created
- model_deleted
- model_updated
- password_set
- policy_exception
- policy_execution
- property_mapping_exception
- secret_rotate
- secret_view
- source_linked
- suspicious_request
- system_exception
- system_task_exception
- system_task_execution
- update_available
- user_write
description: |-
Match created events with this action type. When left empty, all action types will be matched.
* `login` - Login
* `login_failed` - Login Failed
* `logout` - Logout
* `user_write` - User Write
* `suspicious_request` - Suspicious Request
* `password_set` - Password Set
* `secret_view` - Secret View
* `secret_rotate` - Secret Rotate
* `invitation_used` - Invite Used
* `authorize_application` - Authorize Application
* `source_linked` - Source Linked
* `impersonation_started` - Impersonation Started
* `impersonation_ended` - Impersonation Ended
* `flow_execution` - Flow Execution
* `policy_execution` - Policy Execution
* `policy_exception` - Policy Exception
* `property_mapping_exception` - Property Mapping Exception
* `system_task_execution` - System Task Execution
* `system_task_exception` - System Task Exception
* `system_exception` - System Exception
* `configuration_error` - Configuration Error
* `model_created` - Model Created
* `model_updated` - Model Updated
* `model_deleted` - Model Deleted
* `email_sent` - Email Sent
* `update_available` - Update Available
* `custom_` - Custom Prefix
- in: query
name: app
schema:
type: string
- in: query
name: client_ip
schema:
type: string
- in: query
name: created
schema:
type: string
format: date-time
- in: query
name: execution_logging
schema:
type: boolean
- in: query
name: last_updated
schema:
type: string
format: date-time
- in: query
name: model
schema:
type: string
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: policy_uuid
schema:
type: string
format: uuid
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedEventMatcherPolicyList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: policies_event_matcher_create
description: Event Matcher Policy Viewset
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/EventMatcherPolicyRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/EventMatcherPolicy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/policies/event_matcher/{policy_uuid}/:
get:
operationId: policies_event_matcher_retrieve
description: Event Matcher Policy Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Event Matcher Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/EventMatcherPolicy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: policies_event_matcher_update
description: Event Matcher Policy Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Event Matcher Policy.
required: true
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/EventMatcherPolicyRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/EventMatcherPolicy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: policies_event_matcher_partial_update
description: Event Matcher Policy Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Event Matcher Policy.
required: true
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedEventMatcherPolicyRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/EventMatcherPolicy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: policies_event_matcher_destroy
description: Event Matcher Policy Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Event Matcher Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/policies/event_matcher/{policy_uuid}/used_by/:
get:
operationId: policies_event_matcher_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Event Matcher Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/policies/expression/:
get:
operationId: policies_expression_list
description: Source Viewset
parameters:
- in: query
name: created
schema:
type: string
format: date-time
- in: query
name: execution_logging
schema:
type: boolean
- in: query
name: expression
schema:
type: string
- in: query
name: last_updated
schema:
type: string
format: date-time
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: policy_uuid
schema:
type: string
format: uuid
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedExpressionPolicyList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: policies_expression_create
description: Source Viewset
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ExpressionPolicyRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/ExpressionPolicy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/policies/expression/{policy_uuid}/:
get:
operationId: policies_expression_retrieve
description: Source Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Expression Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ExpressionPolicy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: policies_expression_update
description: Source Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Expression Policy.
required: true
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ExpressionPolicyRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ExpressionPolicy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: policies_expression_partial_update
description: Source Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Expression Policy.
required: true
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedExpressionPolicyRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ExpressionPolicy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: policies_expression_destroy
description: Source Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Expression Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/policies/expression/{policy_uuid}/used_by/:
get:
operationId: policies_expression_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Expression Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/policies/password/:
get:
operationId: policies_password_list
description: Password Policy Viewset
parameters:
- in: query
name: amount_digits
schema:
type: integer
- in: query
name: amount_lowercase
schema:
type: integer
- in: query
name: amount_symbols
schema:
type: integer
- in: query
name: amount_uppercase
schema:
type: integer
- in: query
name: check_have_i_been_pwned
schema:
type: boolean
- in: query
name: check_static_rules
schema:
type: boolean
- in: query
name: check_zxcvbn
schema:
type: boolean
- in: query
name: created
schema:
type: string
format: date-time
- in: query
name: error_message
schema:
type: string
- in: query
name: execution_logging
schema:
type: boolean
- in: query
name: hibp_allowed_count
schema:
type: integer
- in: query
name: last_updated
schema:
type: string
format: date-time
- in: query
name: length_min
schema:
type: integer
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: password_field
schema:
type: string
- in: query
name: policy_uuid
schema:
type: string
format: uuid
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: symbol_charset
schema:
type: string
- in: query
name: zxcvbn_score_threshold
schema:
type: integer
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedPasswordPolicyList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: policies_password_create
description: Password Policy Viewset
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PasswordPolicyRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/PasswordPolicy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/policies/password/{policy_uuid}/:
get:
operationId: policies_password_retrieve
description: Password Policy Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Password Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PasswordPolicy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: policies_password_update
description: Password Policy Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Password Policy.
required: true
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PasswordPolicyRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PasswordPolicy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: policies_password_partial_update
description: Password Policy Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Password Policy.
required: true
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedPasswordPolicyRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PasswordPolicy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: policies_password_destroy
description: Password Policy Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Password Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/policies/password/{policy_uuid}/used_by/:
get:
operationId: policies_password_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Password Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/policies/password_expiry/:
get:
operationId: policies_password_expiry_list
description: Password Expiry Viewset
parameters:
- in: query
name: created
schema:
type: string
format: date-time
- in: query
name: days
schema:
type: integer
- in: query
name: deny_only
schema:
type: boolean
- in: query
name: execution_logging
schema:
type: boolean
- in: query
name: last_updated
schema:
type: string
format: date-time
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: policy_uuid
schema:
type: string
format: uuid
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedPasswordExpiryPolicyList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: policies_password_expiry_create
description: Password Expiry Viewset
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PasswordExpiryPolicyRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/PasswordExpiryPolicy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/policies/password_expiry/{policy_uuid}/:
get:
operationId: policies_password_expiry_retrieve
description: Password Expiry Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Password Expiry Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PasswordExpiryPolicy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: policies_password_expiry_update
description: Password Expiry Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Password Expiry Policy.
required: true
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PasswordExpiryPolicyRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PasswordExpiryPolicy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: policies_password_expiry_partial_update
description: Password Expiry Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Password Expiry Policy.
required: true
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedPasswordExpiryPolicyRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PasswordExpiryPolicy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: policies_password_expiry_destroy
description: Password Expiry Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Password Expiry Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/policies/password_expiry/{policy_uuid}/used_by/:
get:
operationId: policies_password_expiry_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Password Expiry Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/policies/reputation/:
get:
operationId: policies_reputation_list
description: Reputation Policy Viewset
parameters:
- in: query
name: check_ip
schema:
type: boolean
- in: query
name: check_username
schema:
type: boolean
- in: query
name: created
schema:
type: string
format: date-time
- in: query
name: execution_logging
schema:
type: boolean
- in: query
name: last_updated
schema:
type: string
format: date-time
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: policy_uuid
schema:
type: string
format: uuid
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: threshold
schema:
type: integer
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedReputationPolicyList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: policies_reputation_create
description: Reputation Policy Viewset
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ReputationPolicyRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/ReputationPolicy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/policies/reputation/{policy_uuid}/:
get:
operationId: policies_reputation_retrieve
description: Reputation Policy Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Reputation Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ReputationPolicy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: policies_reputation_update
description: Reputation Policy Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Reputation Policy.
required: true
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ReputationPolicyRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ReputationPolicy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: policies_reputation_partial_update
description: Reputation Policy Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Reputation Policy.
required: true
tags:
- policies
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedReputationPolicyRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ReputationPolicy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: policies_reputation_destroy
description: Reputation Policy Viewset
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Reputation Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/policies/reputation/{policy_uuid}/used_by/:
get:
operationId: policies_reputation_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: policy_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Reputation Policy.
required: true
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/policies/reputation/scores/:
get:
operationId: policies_reputation_scores_list
description: Reputation Viewset
parameters:
- in: query
name: identifier
schema:
type: string
- in: query
name: ip
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: score
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedReputationList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/policies/reputation/scores/{reputation_uuid}/:
get:
operationId: policies_reputation_scores_retrieve
description: Reputation Viewset
parameters:
- in: path
name: reputation_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Reputation Score.
required: true
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Reputation'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: policies_reputation_scores_destroy
description: Reputation Viewset
parameters:
- in: path
name: reputation_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Reputation Score.
required: true
tags:
- policies
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/policies/reputation/scores/{reputation_uuid}/used_by/:
get:
operationId: policies_reputation_scores_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: reputation_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Reputation Score.
required: true
tags:
- policies
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/propertymappings/all/:
get:
operationId: propertymappings_all_list
description: PropertyMapping Viewset
parameters:
- in: query
name: managed__isnull
schema:
type: boolean
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedPropertyMappingList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/propertymappings/all/{pm_uuid}/:
get:
operationId: propertymappings_all_retrieve
description: PropertyMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Property Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PropertyMapping'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: propertymappings_all_destroy
description: PropertyMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Property Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/propertymappings/all/{pm_uuid}/test/:
post:
operationId: propertymappings_all_test_create
description: Test Property Mapping
parameters:
- in: query
name: format_result
schema:
type: boolean
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Property Mapping.
required: true
tags:
- propertymappings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PolicyTestRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PropertyMappingTestResult'
description: ''
'400':
description: Invalid parameters
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/propertymappings/all/{pm_uuid}/used_by/:
get:
operationId: propertymappings_all_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Property Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/propertymappings/all/types/:
get:
operationId: propertymappings_all_types_list
description: Get all creatable property-mapping types
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/TypeCreate'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/propertymappings/ldap/:
get:
operationId: propertymappings_ldap_list
description: LDAP PropertyMapping Viewset
parameters:
- in: query
name: expression
schema:
type: string
- in: query
name: managed
schema:
type: array
items:
type: string
explode: true
style: form
- in: query
name: name
schema:
type: string
- in: query
name: object_field
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: pm_uuid
schema:
type: string
format: uuid
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedLDAPPropertyMappingList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: propertymappings_ldap_create
description: LDAP PropertyMapping Viewset
tags:
- propertymappings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPPropertyMappingRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPPropertyMapping'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/propertymappings/ldap/{pm_uuid}/:
get:
operationId: propertymappings_ldap_retrieve
description: LDAP PropertyMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this LDAP Property Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPPropertyMapping'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: propertymappings_ldap_update
description: LDAP PropertyMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this LDAP Property Mapping.
required: true
tags:
- propertymappings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPPropertyMappingRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPPropertyMapping'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: propertymappings_ldap_partial_update
description: LDAP PropertyMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this LDAP Property Mapping.
required: true
tags:
- propertymappings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedLDAPPropertyMappingRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPPropertyMapping'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: propertymappings_ldap_destroy
description: LDAP PropertyMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this LDAP Property Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/propertymappings/ldap/{pm_uuid}/used_by/:
get:
operationId: propertymappings_ldap_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this LDAP Property Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/propertymappings/notification/:
get:
operationId: propertymappings_notification_list
description: NotificationWebhookMapping Viewset
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedNotificationWebhookMappingList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: propertymappings_notification_create
description: NotificationWebhookMapping Viewset
tags:
- propertymappings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationWebhookMappingRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationWebhookMapping'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/propertymappings/notification/{pm_uuid}/:
get:
operationId: propertymappings_notification_retrieve
description: NotificationWebhookMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Webhook Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationWebhookMapping'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: propertymappings_notification_update
description: NotificationWebhookMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Webhook Mapping.
required: true
tags:
- propertymappings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationWebhookMappingRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationWebhookMapping'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: propertymappings_notification_partial_update
description: NotificationWebhookMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Webhook Mapping.
required: true
tags:
- propertymappings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedNotificationWebhookMappingRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationWebhookMapping'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: propertymappings_notification_destroy
description: NotificationWebhookMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Webhook Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/propertymappings/notification/{pm_uuid}/used_by/:
get:
operationId: propertymappings_notification_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Webhook Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/propertymappings/rac/:
get:
operationId: propertymappings_rac_list
description: RACPropertyMapping Viewset
parameters:
- in: query
name: managed
schema:
type: string
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedRACPropertyMappingList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: propertymappings_rac_create
description: RACPropertyMapping Viewset
tags:
- propertymappings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/RACPropertyMappingRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/RACPropertyMapping'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/propertymappings/rac/{pm_uuid}/:
get:
operationId: propertymappings_rac_retrieve
description: RACPropertyMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this RAC Property Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/RACPropertyMapping'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: propertymappings_rac_update
description: RACPropertyMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this RAC Property Mapping.
required: true
tags:
- propertymappings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/RACPropertyMappingRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/RACPropertyMapping'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: propertymappings_rac_partial_update
description: RACPropertyMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this RAC Property Mapping.
required: true
tags:
- propertymappings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedRACPropertyMappingRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/RACPropertyMapping'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: propertymappings_rac_destroy
description: RACPropertyMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this RAC Property Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/propertymappings/rac/{pm_uuid}/used_by/:
get:
operationId: propertymappings_rac_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this RAC Property Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/propertymappings/saml/:
get:
operationId: propertymappings_saml_list
description: SAMLPropertyMapping Viewset
parameters:
- in: query
name: expression
schema:
type: string
- in: query
name: friendly_name
schema:
type: string
- in: query
name: managed
schema:
type: array
items:
type: string
explode: true
style: form
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: pm_uuid
schema:
type: string
format: uuid
- in: query
name: saml_name
schema:
type: string
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedSAMLPropertyMappingList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: propertymappings_saml_create
description: SAMLPropertyMapping Viewset
tags:
- propertymappings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLPropertyMappingRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLPropertyMapping'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/propertymappings/saml/{pm_uuid}/:
get:
operationId: propertymappings_saml_retrieve
description: SAMLPropertyMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this SAML Property Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLPropertyMapping'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: propertymappings_saml_update
description: SAMLPropertyMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this SAML Property Mapping.
required: true
tags:
- propertymappings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLPropertyMappingRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLPropertyMapping'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: propertymappings_saml_partial_update
description: SAMLPropertyMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this SAML Property Mapping.
required: true
tags:
- propertymappings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedSAMLPropertyMappingRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLPropertyMapping'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: propertymappings_saml_destroy
description: SAMLPropertyMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this SAML Property Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/propertymappings/saml/{pm_uuid}/used_by/:
get:
operationId: propertymappings_saml_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this SAML Property Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/propertymappings/scim/:
get:
operationId: propertymappings_scim_list
description: SCIMMapping Viewset
parameters:
- in: query
name: expression
schema:
type: string
- in: query
name: managed
schema:
type: array
items:
type: string
explode: true
style: form
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: pm_uuid
schema:
type: string
format: uuid
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedSCIMMappingList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: propertymappings_scim_create
description: SCIMMapping Viewset
tags:
- propertymappings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/SCIMMappingRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/SCIMMapping'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/propertymappings/scim/{pm_uuid}/:
get:
operationId: propertymappings_scim_retrieve
description: SCIMMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this SCIM Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SCIMMapping'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: propertymappings_scim_update
description: SCIMMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this SCIM Mapping.
required: true
tags:
- propertymappings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/SCIMMappingRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SCIMMapping'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: propertymappings_scim_partial_update
description: SCIMMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this SCIM Mapping.
required: true
tags:
- propertymappings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedSCIMMappingRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SCIMMapping'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: propertymappings_scim_destroy
description: SCIMMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this SCIM Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/propertymappings/scim/{pm_uuid}/used_by/:
get:
operationId: propertymappings_scim_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this SCIM Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/propertymappings/scope/:
get:
operationId: propertymappings_scope_list
description: ScopeMapping Viewset
parameters:
- in: query
name: managed
schema:
type: array
items:
type: string
explode: true
style: form
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: scope_name
schema:
type: string
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedScopeMappingList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: propertymappings_scope_create
description: ScopeMapping Viewset
tags:
- propertymappings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ScopeMappingRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/ScopeMapping'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/propertymappings/scope/{pm_uuid}/:
get:
operationId: propertymappings_scope_retrieve
description: ScopeMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Scope Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ScopeMapping'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: propertymappings_scope_update
description: ScopeMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Scope Mapping.
required: true
tags:
- propertymappings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ScopeMappingRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ScopeMapping'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: propertymappings_scope_partial_update
description: ScopeMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Scope Mapping.
required: true
tags:
- propertymappings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedScopeMappingRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ScopeMapping'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: propertymappings_scope_destroy
description: ScopeMapping Viewset
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Scope Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/propertymappings/scope/{pm_uuid}/used_by/:
get:
operationId: propertymappings_scope_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: pm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Scope Mapping.
required: true
tags:
- propertymappings
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/providers/all/:
get:
operationId: providers_all_list
description: Provider Viewset
parameters:
- in: query
name: application__isnull
schema:
type: boolean
- in: query
name: backchannel_only
schema:
type: boolean
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedProviderList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/providers/all/{id}/:
get:
operationId: providers_all_retrieve
description: Provider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Provider'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: providers_all_destroy
description: Provider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/providers/all/{id}/used_by/:
get:
operationId: providers_all_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/providers/all/types/:
get:
operationId: providers_all_types_list
description: Get all creatable provider types
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/TypeCreate'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/providers/ldap/:
get:
operationId: providers_ldap_list
description: LDAPProvider Viewset
parameters:
- in: query
name: application__isnull
schema:
type: boolean
- in: query
name: authorization_flow__slug__iexact
schema:
type: string
- in: query
name: base_dn__iexact
schema:
type: string
- in: query
name: certificate__kp_uuid__iexact
schema:
type: string
format: uuid
- in: query
name: certificate__name__iexact
schema:
type: string
- in: query
name: gid_start_number__iexact
schema:
type: integer
- in: query
name: name__iexact
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: search_group__group_uuid__iexact
schema:
type: string
format: uuid
- in: query
name: search_group__name__iexact
schema:
type: string
- in: query
name: tls_server_name__iexact
schema:
type: string
- in: query
name: uid_start_number__iexact
schema:
type: integer
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedLDAPProviderList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: providers_ldap_create
description: LDAPProvider Viewset
tags:
- providers
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPProviderRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPProvider'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/providers/ldap/{id}/:
get:
operationId: providers_ldap_retrieve
description: LDAPProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this LDAP Provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPProvider'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: providers_ldap_update
description: LDAPProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this LDAP Provider.
required: true
tags:
- providers
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPProviderRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPProvider'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: providers_ldap_partial_update
description: LDAPProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this LDAP Provider.
required: true
tags:
- providers
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedLDAPProviderRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPProvider'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: providers_ldap_destroy
description: LDAPProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this LDAP Provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/providers/ldap/{id}/used_by/:
get:
operationId: providers_ldap_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this LDAP Provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/providers/oauth2/:
get:
operationId: providers_oauth2_list
description: OAuth2Provider Viewset
parameters:
- in: query
name: access_code_validity
schema:
type: string
- in: query
name: access_token_validity
schema:
type: string
- in: query
name: application
schema:
type: string
format: uuid
- in: query
name: authorization_flow
schema:
type: string
format: uuid
- in: query
name: client_id
schema:
type: string
- in: query
name: client_type
schema:
type: string
enum:
- confidential
- public
description: |-
Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable
* `confidential` - Confidential
* `public` - Public
- in: query
name: include_claims_in_id_token
schema:
type: boolean
- in: query
name: issuer_mode
schema:
type: string
enum:
- global
- per_provider
description: |-
Configure how the issuer field of the ID Token should be filled.
* `global` - Same identifier is used for all providers
* `per_provider` - Each provider has a different issuer, based on the application slug.
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: property_mappings
schema:
type: array
items:
type: string
format: uuid
explode: true
style: form
- in: query
name: redirect_uris
schema:
type: string
- in: query
name: refresh_token_validity
schema:
type: string
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: signing_key
schema:
type: string
format: uuid
- in: query
name: sub_mode
schema:
type: string
enum:
- hashed_user_id
- user_email
- user_id
- user_upn
- user_username
- user_uuid
description: |-
Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
* `hashed_user_id` - Based on the Hashed User ID
* `user_id` - Based on user ID
* `user_uuid` - Based on user UUID
* `user_username` - Based on the username
* `user_email` - Based on the User's Email. This is recommended over the UPN method.
* `user_upn` - Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains.
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedOAuth2ProviderList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: providers_oauth2_create
description: OAuth2Provider Viewset
tags:
- providers
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/OAuth2ProviderRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/OAuth2Provider'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/providers/oauth2/{id}/:
get:
operationId: providers_oauth2_retrieve
description: OAuth2Provider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this OAuth2/OpenID Provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/OAuth2Provider'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: providers_oauth2_update
description: OAuth2Provider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this OAuth2/OpenID Provider.
required: true
tags:
- providers
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/OAuth2ProviderRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/OAuth2Provider'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: providers_oauth2_partial_update
description: OAuth2Provider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this OAuth2/OpenID Provider.
required: true
tags:
- providers
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedOAuth2ProviderRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/OAuth2Provider'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: providers_oauth2_destroy
description: OAuth2Provider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this OAuth2/OpenID Provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/providers/oauth2/{id}/preview_user/:
get:
operationId: providers_oauth2_preview_user_retrieve
description: Preview user data for provider
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this OAuth2/OpenID Provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PropertyMappingPreview'
description: ''
'400':
description: Bad request
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/providers/oauth2/{id}/setup_urls/:
get:
operationId: providers_oauth2_setup_urls_retrieve
description: Get Providers setup URLs
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this OAuth2/OpenID Provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/OAuth2ProviderSetupURLs'
description: ''
'404':
description: Provider has no application assigned
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/providers/oauth2/{id}/used_by/:
get:
operationId: providers_oauth2_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this OAuth2/OpenID Provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/providers/proxy/:
get:
operationId: providers_proxy_list
description: ProxyProvider Viewset
parameters:
- in: query
name: application__isnull
schema:
type: boolean
- in: query
name: authorization_flow__slug__iexact
schema:
type: string
- in: query
name: basic_auth_enabled__iexact
schema:
type: boolean
- in: query
name: basic_auth_password_attribute__iexact
schema:
type: string
- in: query
name: basic_auth_user_attribute__iexact
schema:
type: string
- in: query
name: certificate__kp_uuid__iexact
schema:
type: string
format: uuid
- in: query
name: certificate__name__iexact
schema:
type: string
- in: query
name: cookie_domain__iexact
schema:
type: string
- in: query
name: external_host__iexact
schema:
type: string
- in: query
name: internal_host__iexact
schema:
type: string
- in: query
name: internal_host_ssl_validation__iexact
schema:
type: boolean
- in: query
name: mode__iexact
schema:
type: string
- in: query
name: name__iexact
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: property_mappings__iexact
schema:
type: array
items:
type: string
format: uuid
explode: true
style: form
- in: query
name: redirect_uris__iexact
schema:
type: string
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: skip_path_regex__iexact
schema:
type: string
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedProxyProviderList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: providers_proxy_create
description: ProxyProvider Viewset
tags:
- providers
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ProxyProviderRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/ProxyProvider'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/providers/proxy/{id}/:
get:
operationId: providers_proxy_retrieve
description: ProxyProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Proxy Provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ProxyProvider'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: providers_proxy_update
description: ProxyProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Proxy Provider.
required: true
tags:
- providers
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ProxyProviderRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ProxyProvider'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: providers_proxy_partial_update
description: ProxyProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Proxy Provider.
required: true
tags:
- providers
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedProxyProviderRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ProxyProvider'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: providers_proxy_destroy
description: ProxyProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Proxy Provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/providers/proxy/{id}/used_by/:
get:
operationId: providers_proxy_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Proxy Provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/providers/rac/:
get:
operationId: providers_rac_list
description: RACProvider Viewset
parameters:
- in: query
name: application__isnull
schema:
type: boolean
- in: query
name: name__iexact
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedRACProviderList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: providers_rac_create
description: RACProvider Viewset
tags:
- providers
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/RACProviderRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/RACProvider'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/providers/rac/{id}/:
get:
operationId: providers_rac_retrieve
description: RACProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this RAC Provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/RACProvider'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: providers_rac_update
description: RACProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this RAC Provider.
required: true
tags:
- providers
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/RACProviderRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/RACProvider'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: providers_rac_partial_update
description: RACProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this RAC Provider.
required: true
tags:
- providers
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedRACProviderRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/RACProvider'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: providers_rac_destroy
description: RACProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this RAC Provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/providers/rac/{id}/used_by/:
get:
operationId: providers_rac_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this RAC Provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/providers/radius/:
get:
operationId: providers_radius_list
description: RadiusProvider Viewset
parameters:
- in: query
name: application__isnull
schema:
type: boolean
- in: query
name: authorization_flow__slug__iexact
schema:
type: string
- in: query
name: client_networks__iexact
schema:
type: string
- in: query
name: name__iexact
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedRadiusProviderList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: providers_radius_create
description: RadiusProvider Viewset
tags:
- providers
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/RadiusProviderRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/RadiusProvider'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/providers/radius/{id}/:
get:
operationId: providers_radius_retrieve
description: RadiusProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Radius Provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/RadiusProvider'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: providers_radius_update
description: RadiusProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Radius Provider.
required: true
tags:
- providers
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/RadiusProviderRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/RadiusProvider'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: providers_radius_partial_update
description: RadiusProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Radius Provider.
required: true
tags:
- providers
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedRadiusProviderRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/RadiusProvider'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: providers_radius_destroy
description: RadiusProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Radius Provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/providers/radius/{id}/used_by/:
get:
operationId: providers_radius_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Radius Provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/providers/saml/:
get:
operationId: providers_saml_list
description: SAMLProvider Viewset
parameters:
- in: query
name: acs_url
schema:
type: string
- in: query
name: assertion_valid_not_before
schema:
type: string
- in: query
name: assertion_valid_not_on_or_after
schema:
type: string
- in: query
name: audience
schema:
type: string
- in: query
name: authentication_flow
schema:
type: string
format: uuid
- in: query
name: authorization_flow
schema:
type: string
format: uuid
- in: query
name: backchannel_application
schema:
type: string
format: uuid
- in: query
name: default_relay_state
schema:
type: string
- in: query
name: digest_algorithm
schema:
type: string
enum:
- http://www.w3.org/2000/09/xmldsig#sha1
- http://www.w3.org/2001/04/xmldsig-more#sha384
- http://www.w3.org/2001/04/xmlenc#sha256
- http://www.w3.org/2001/04/xmlenc#sha512
description: |-
* `http://www.w3.org/2000/09/xmldsig#sha1` - SHA1
* `http://www.w3.org/2001/04/xmlenc#sha256` - SHA256
* `http://www.w3.org/2001/04/xmldsig-more#sha384` - SHA384
* `http://www.w3.org/2001/04/xmlenc#sha512` - SHA512
- in: query
name: is_backchannel
schema:
type: boolean
- in: query
name: issuer
schema:
type: string
- in: query
name: name
schema:
type: string
- in: query
name: name_id_mapping
schema:
type: string
format: uuid
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: property_mappings
schema:
type: array
items:
type: string
format: uuid
explode: true
style: form
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: session_valid_not_on_or_after
schema:
type: string
- in: query
name: signature_algorithm
schema:
type: string
enum:
- http://www.w3.org/2000/09/xmldsig#dsa-sha1
- http://www.w3.org/2000/09/xmldsig#rsa-sha1
- http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
- http://www.w3.org/2001/04/xmldsig-more#rsa-sha384
- http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
description: |-
* `http://www.w3.org/2000/09/xmldsig#rsa-sha1` - RSA-SHA1
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256` - RSA-SHA256
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384` - RSA-SHA384
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512` - RSA-SHA512
* `http://www.w3.org/2000/09/xmldsig#dsa-sha1` - DSA-SHA1
- in: query
name: signing_kp
schema:
type: string
format: uuid
- in: query
name: sp_binding
schema:
type: string
title: Service Provider Binding
enum:
- post
- redirect
description: |-
This determines how authentik sends the response back to the Service Provider.
* `redirect` - Redirect
* `post` - Post
- in: query
name: verification_kp
schema:
type: string
format: uuid
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedSAMLProviderList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: providers_saml_create
description: SAMLProvider Viewset
tags:
- providers
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLProviderRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLProvider'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/providers/saml/{id}/:
get:
operationId: providers_saml_retrieve
description: SAMLProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this SAML Provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLProvider'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: providers_saml_update
description: SAMLProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this SAML Provider.
required: true
tags:
- providers
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLProviderRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLProvider'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: providers_saml_partial_update
description: SAMLProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this SAML Provider.
required: true
tags:
- providers
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedSAMLProviderRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLProvider'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: providers_saml_destroy
description: SAMLProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this SAML Provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/providers/saml/{id}/metadata/:
get:
operationId: providers_saml_metadata_retrieve
description: Return metadata as XML string
parameters:
- in: query
name: download
schema:
type: boolean
- in: query
name: force_binding
schema:
type: string
enum:
- urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
- urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
description: Optionally force the metadata to only include one binding.
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this SAML Provider.
required: true
tags:
- providers
security:
- authentik: []
- {}
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLMetadata'
description: ''
'404':
description: Provider has no application assigned
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/providers/saml/{id}/preview_user/:
get:
operationId: providers_saml_preview_user_retrieve
description: Preview user data for provider
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this SAML Provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PropertyMappingPreview'
description: ''
'400':
description: Bad request
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/providers/saml/{id}/used_by/:
get:
operationId: providers_saml_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this SAML Provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/providers/saml/import_metadata/:
post:
operationId: providers_saml_import_metadata_create
description: Create provider from SAML Metadata
tags:
- providers
requestBody:
content:
multipart/form-data:
schema:
$ref: '#/components/schemas/SAMLProviderImportRequest'
required: true
security:
- authentik: []
responses:
'204':
description: Successfully imported provider
'400':
description: Bad request
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/providers/scim/:
get:
operationId: providers_scim_list
description: SCIMProvider Viewset
parameters:
- in: query
name: exclude_users_service_account
schema:
type: boolean
- in: query
name: filter_group
schema:
type: string
format: uuid
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: url
schema:
type: string
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedSCIMProviderList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: providers_scim_create
description: SCIMProvider Viewset
tags:
- providers
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/SCIMProviderRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/SCIMProvider'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/providers/scim/{id}/:
get:
operationId: providers_scim_retrieve
description: SCIMProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this SCIM Provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SCIMProvider'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: providers_scim_update
description: SCIMProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this SCIM Provider.
required: true
tags:
- providers
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/SCIMProviderRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SCIMProvider'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: providers_scim_partial_update
description: SCIMProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this SCIM Provider.
required: true
tags:
- providers
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedSCIMProviderRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SCIMProvider'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: providers_scim_destroy
description: SCIMProvider Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this SCIM Provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/providers/scim/{id}/sync_status/:
get:
operationId: providers_scim_sync_status_retrieve
description: Get provider's sync status
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this SCIM Provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SCIMSyncStatus'
description: ''
'404':
description: Task not found
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/providers/scim/{id}/used_by/:
get:
operationId: providers_scim_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this SCIM Provider.
required: true
tags:
- providers
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/rac/endpoints/:
get:
operationId: rac_endpoints_list
description: List accessible endpoints
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: provider
schema:
type: integer
- in: query
name: search
schema:
type: string
- in: query
name: superuser_full_list
schema:
type: boolean
tags:
- rac
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedEndpointList'
description: ''
'400':
description: Bad request
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: rac_endpoints_create
description: Endpoint Viewset
tags:
- rac
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/EndpointRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/Endpoint'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/rac/endpoints/{pbm_uuid}/:
get:
operationId: rac_endpoints_retrieve
description: Endpoint Viewset
parameters:
- in: path
name: pbm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this RAC Endpoint.
required: true
tags:
- rac
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Endpoint'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: rac_endpoints_update
description: Endpoint Viewset
parameters:
- in: path
name: pbm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this RAC Endpoint.
required: true
tags:
- rac
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/EndpointRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Endpoint'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: rac_endpoints_partial_update
description: Endpoint Viewset
parameters:
- in: path
name: pbm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this RAC Endpoint.
required: true
tags:
- rac
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedEndpointRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Endpoint'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: rac_endpoints_destroy
description: Endpoint Viewset
parameters:
- in: path
name: pbm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this RAC Endpoint.
required: true
tags:
- rac
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/rac/endpoints/{pbm_uuid}/used_by/:
get:
operationId: rac_endpoints_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: pbm_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this RAC Endpoint.
required: true
tags:
- rac
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/rbac/permissions/:
get:
operationId: rbac_permissions_list
description: Read-only list of all permissions, filterable by model and app
parameters:
- in: query
name: codename
schema:
type: string
- in: query
name: content_type__app_label
schema:
type: string
- in: query
name: content_type__model
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: role
schema:
type: string
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: user
schema:
type: integer
tags:
- rbac
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedPermissionList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/rbac/permissions/{id}/:
get:
operationId: rbac_permissions_retrieve
description: Read-only list of all permissions, filterable by model and app
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this permission.
required: true
tags:
- rbac
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Permission'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/rbac/permissions/assigned_by_roles/:
get:
operationId: rbac_permissions_assigned_by_roles_list
description: Get assigned object permissions for a single object
parameters:
- in: query
name: model
schema:
type: string
enum:
- authentik_blueprints.blueprintinstance
- authentik_core.application
- authentik_core.group
- authentik_core.token
- authentik_core.user
- authentik_crypto.certificatekeypair
- authentik_enterprise.license
- authentik_events.event
- authentik_events.notification
- authentik_events.notificationrule
- authentik_events.notificationtransport
- authentik_events.notificationwebhookmapping
- authentik_flows.flow
- authentik_flows.flowstagebinding
- authentik_outposts.dockerserviceconnection
- authentik_outposts.kubernetesserviceconnection
- authentik_outposts.outpost
- authentik_policies.policybinding
- authentik_policies_dummy.dummypolicy
- authentik_policies_event_matcher.eventmatcherpolicy
- authentik_policies_expiry.passwordexpirypolicy
- authentik_policies_expression.expressionpolicy
- authentik_policies_password.passwordpolicy
- authentik_policies_reputation.reputation
- authentik_policies_reputation.reputationpolicy
- authentik_providers_ldap.ldapprovider
- authentik_providers_oauth2.accesstoken
- authentik_providers_oauth2.authorizationcode
- authentik_providers_oauth2.oauth2provider
- authentik_providers_oauth2.refreshtoken
- authentik_providers_oauth2.scopemapping
- authentik_providers_proxy.proxyprovider
- authentik_providers_rac.endpoint
- authentik_providers_rac.racpropertymapping
- authentik_providers_rac.racprovider
- authentik_providers_radius.radiusprovider
- authentik_providers_saml.samlpropertymapping
- authentik_providers_saml.samlprovider
- authentik_providers_scim.scimmapping
- authentik_providers_scim.scimprovider
- authentik_rbac.role
- authentik_sources_ldap.ldappropertymapping
- authentik_sources_ldap.ldapsource
- authentik_sources_oauth.oauthsource
- authentik_sources_oauth.useroauthsourceconnection
- authentik_sources_plex.plexsource
- authentik_sources_plex.plexsourceconnection
- authentik_sources_saml.samlsource
- authentik_sources_saml.usersamlsourceconnection
- authentik_stages_authenticator_duo.authenticatorduostage
- authentik_stages_authenticator_duo.duodevice
- authentik_stages_authenticator_sms.authenticatorsmsstage
- authentik_stages_authenticator_sms.smsdevice
- authentik_stages_authenticator_static.authenticatorstaticstage
- authentik_stages_authenticator_static.staticdevice
- authentik_stages_authenticator_totp.authenticatortotpstage
- authentik_stages_authenticator_totp.totpdevice
- authentik_stages_authenticator_validate.authenticatorvalidatestage
- authentik_stages_authenticator_webauthn.authenticatewebauthnstage
- authentik_stages_authenticator_webauthn.webauthndevice
- authentik_stages_captcha.captchastage
- authentik_stages_consent.consentstage
- authentik_stages_consent.userconsent
- authentik_stages_deny.denystage
- authentik_stages_dummy.dummystage
- authentik_stages_email.emailstage
- authentik_stages_identification.identificationstage
- authentik_stages_invitation.invitation
- authentik_stages_invitation.invitationstage
- authentik_stages_password.passwordstage
- authentik_stages_prompt.prompt
- authentik_stages_prompt.promptstage
- authentik_stages_user_delete.userdeletestage
- authentik_stages_user_login.userloginstage
- authentik_stages_user_logout.userlogoutstage
- authentik_stages_user_write.userwritestage
- authentik_tenants.tenant
description: |-
* `authentik_crypto.certificatekeypair` - Certificate-Key Pair
* `authentik_events.event` - Event
* `authentik_events.notificationtransport` - Notification Transport
* `authentik_events.notification` - Notification
* `authentik_events.notificationrule` - Notification Rule
* `authentik_events.notificationwebhookmapping` - Webhook Mapping
* `authentik_flows.flow` - Flow
* `authentik_flows.flowstagebinding` - Flow Stage Binding
* `authentik_outposts.dockerserviceconnection` - Docker Service-Connection
* `authentik_outposts.kubernetesserviceconnection` - Kubernetes Service-Connection
* `authentik_outposts.outpost` - Outpost
* `authentik_policies_dummy.dummypolicy` - Dummy Policy
* `authentik_policies_event_matcher.eventmatcherpolicy` - Event Matcher Policy
* `authentik_policies_expiry.passwordexpirypolicy` - Password Expiry Policy
* `authentik_policies_expression.expressionpolicy` - Expression Policy
* `authentik_policies_password.passwordpolicy` - Password Policy
* `authentik_policies_reputation.reputationpolicy` - Reputation Policy
* `authentik_policies_reputation.reputation` - Reputation Score
* `authentik_policies.policybinding` - Policy Binding
* `authentik_providers_ldap.ldapprovider` - LDAP Provider
* `authentik_providers_oauth2.scopemapping` - Scope Mapping
* `authentik_providers_oauth2.oauth2provider` - OAuth2/OpenID Provider
* `authentik_providers_oauth2.authorizationcode` - Authorization Code
* `authentik_providers_oauth2.accesstoken` - OAuth2 Access Token
* `authentik_providers_oauth2.refreshtoken` - OAuth2 Refresh Token
* `authentik_providers_proxy.proxyprovider` - Proxy Provider
* `authentik_providers_radius.radiusprovider` - Radius Provider
* `authentik_providers_saml.samlprovider` - SAML Provider
* `authentik_providers_saml.samlpropertymapping` - SAML Property Mapping
* `authentik_providers_scim.scimprovider` - SCIM Provider
* `authentik_providers_scim.scimmapping` - SCIM Mapping
* `authentik_rbac.role` - Role
* `authentik_sources_ldap.ldapsource` - LDAP Source
* `authentik_sources_ldap.ldappropertymapping` - LDAP Property Mapping
* `authentik_sources_oauth.oauthsource` - OAuth Source
* `authentik_sources_oauth.useroauthsourceconnection` - User OAuth Source Connection
* `authentik_sources_plex.plexsource` - Plex Source
* `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection
* `authentik_sources_saml.samlsource` - SAML Source
* `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection
* `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage
* `authentik_stages_authenticator_duo.duodevice` - Duo Device
* `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
* `authentik_stages_authenticator_sms.smsdevice` - SMS Device
* `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage
* `authentik_stages_authenticator_static.staticdevice` - Static Device
* `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage
* `authentik_stages_authenticator_totp.totpdevice` - TOTP Device
* `authentik_stages_authenticator_validate.authenticatorvalidatestage` - Authenticator Validation Stage
* `authentik_stages_authenticator_webauthn.authenticatewebauthnstage` - WebAuthn Authenticator Setup Stage
* `authentik_stages_authenticator_webauthn.webauthndevice` - WebAuthn Device
* `authentik_stages_captcha.captchastage` - Captcha Stage
* `authentik_stages_consent.consentstage` - Consent Stage
* `authentik_stages_consent.userconsent` - User Consent
* `authentik_stages_deny.denystage` - Deny Stage
* `authentik_stages_dummy.dummystage` - Dummy Stage
* `authentik_stages_email.emailstage` - Email Stage
* `authentik_stages_identification.identificationstage` - Identification Stage
* `authentik_stages_invitation.invitationstage` - Invitation Stage
* `authentik_stages_invitation.invitation` - Invitation
* `authentik_stages_password.passwordstage` - Password Stage
* `authentik_stages_prompt.prompt` - Prompt
* `authentik_stages_prompt.promptstage` - Prompt Stage
* `authentik_stages_user_delete.userdeletestage` - User Delete Stage
* `authentik_stages_user_login.userloginstage` - User Login Stage
* `authentik_stages_user_logout.userlogoutstage` - User Logout Stage
* `authentik_stages_user_write.userwritestage` - User Write Stage
* `authentik_tenants.tenant` - Tenant
* `authentik_blueprints.blueprintinstance` - Blueprint Instance
* `authentik_core.group` - Group
* `authentik_core.user` - User
* `authentik_core.application` - Application
* `authentik_core.token` - Token
* `authentik_enterprise.license` - License
* `authentik_providers_rac.racprovider` - RAC Provider
* `authentik_providers_rac.endpoint` - RAC Endpoint
* `authentik_providers_rac.racpropertymapping` - RAC Property Mapping
required: true
- in: query
name: object_pk
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- rbac
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedRoleAssignedObjectPermissionList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/rbac/permissions/assigned_by_roles/{uuid}/assign/:
post:
operationId: rbac_permissions_assigned_by_roles_assign_create
description: |-
Assign permission(s) to role. When `object_pk` is set, the permissions
are only assigned to the specific object, otherwise they are assigned globally.
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Role.
required: true
tags:
- rbac
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PermissionAssignRequest'
required: true
security:
- authentik: []
responses:
'204':
description: Successfully assigned
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/rbac/permissions/assigned_by_roles/{uuid}/unassign/:
patch:
operationId: rbac_permissions_assigned_by_roles_unassign_partial_update
description: |-
Unassign permission(s) to role. When `object_pk` is set, the permissions
are only assigned to the specific object, otherwise they are assigned globally.
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Role.
required: true
tags:
- rbac
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedPermissionAssignRequest'
security:
- authentik: []
responses:
'204':
description: Successfully unassigned
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/rbac/permissions/assigned_by_users/:
get:
operationId: rbac_permissions_assigned_by_users_list
description: Get assigned object permissions for a single object
parameters:
- in: query
name: model
schema:
type: string
enum:
- authentik_blueprints.blueprintinstance
- authentik_core.application
- authentik_core.group
- authentik_core.token
- authentik_core.user
- authentik_crypto.certificatekeypair
- authentik_enterprise.license
- authentik_events.event
- authentik_events.notification
- authentik_events.notificationrule
- authentik_events.notificationtransport
- authentik_events.notificationwebhookmapping
- authentik_flows.flow
- authentik_flows.flowstagebinding
- authentik_outposts.dockerserviceconnection
- authentik_outposts.kubernetesserviceconnection
- authentik_outposts.outpost
- authentik_policies.policybinding
- authentik_policies_dummy.dummypolicy
- authentik_policies_event_matcher.eventmatcherpolicy
- authentik_policies_expiry.passwordexpirypolicy
- authentik_policies_expression.expressionpolicy
- authentik_policies_password.passwordpolicy
- authentik_policies_reputation.reputation
- authentik_policies_reputation.reputationpolicy
- authentik_providers_ldap.ldapprovider
- authentik_providers_oauth2.accesstoken
- authentik_providers_oauth2.authorizationcode
- authentik_providers_oauth2.oauth2provider
- authentik_providers_oauth2.refreshtoken
- authentik_providers_oauth2.scopemapping
- authentik_providers_proxy.proxyprovider
- authentik_providers_rac.endpoint
- authentik_providers_rac.racpropertymapping
- authentik_providers_rac.racprovider
- authentik_providers_radius.radiusprovider
- authentik_providers_saml.samlpropertymapping
- authentik_providers_saml.samlprovider
- authentik_providers_scim.scimmapping
- authentik_providers_scim.scimprovider
- authentik_rbac.role
- authentik_sources_ldap.ldappropertymapping
- authentik_sources_ldap.ldapsource
- authentik_sources_oauth.oauthsource
- authentik_sources_oauth.useroauthsourceconnection
- authentik_sources_plex.plexsource
- authentik_sources_plex.plexsourceconnection
- authentik_sources_saml.samlsource
- authentik_sources_saml.usersamlsourceconnection
- authentik_stages_authenticator_duo.authenticatorduostage
- authentik_stages_authenticator_duo.duodevice
- authentik_stages_authenticator_sms.authenticatorsmsstage
- authentik_stages_authenticator_sms.smsdevice
- authentik_stages_authenticator_static.authenticatorstaticstage
- authentik_stages_authenticator_static.staticdevice
- authentik_stages_authenticator_totp.authenticatortotpstage
- authentik_stages_authenticator_totp.totpdevice
- authentik_stages_authenticator_validate.authenticatorvalidatestage
- authentik_stages_authenticator_webauthn.authenticatewebauthnstage
- authentik_stages_authenticator_webauthn.webauthndevice
- authentik_stages_captcha.captchastage
- authentik_stages_consent.consentstage
- authentik_stages_consent.userconsent
- authentik_stages_deny.denystage
- authentik_stages_dummy.dummystage
- authentik_stages_email.emailstage
- authentik_stages_identification.identificationstage
- authentik_stages_invitation.invitation
- authentik_stages_invitation.invitationstage
- authentik_stages_password.passwordstage
- authentik_stages_prompt.prompt
- authentik_stages_prompt.promptstage
- authentik_stages_user_delete.userdeletestage
- authentik_stages_user_login.userloginstage
- authentik_stages_user_logout.userlogoutstage
- authentik_stages_user_write.userwritestage
- authentik_tenants.tenant
description: |-
* `authentik_crypto.certificatekeypair` - Certificate-Key Pair
* `authentik_events.event` - Event
* `authentik_events.notificationtransport` - Notification Transport
* `authentik_events.notification` - Notification
* `authentik_events.notificationrule` - Notification Rule
* `authentik_events.notificationwebhookmapping` - Webhook Mapping
* `authentik_flows.flow` - Flow
* `authentik_flows.flowstagebinding` - Flow Stage Binding
* `authentik_outposts.dockerserviceconnection` - Docker Service-Connection
* `authentik_outposts.kubernetesserviceconnection` - Kubernetes Service-Connection
* `authentik_outposts.outpost` - Outpost
* `authentik_policies_dummy.dummypolicy` - Dummy Policy
* `authentik_policies_event_matcher.eventmatcherpolicy` - Event Matcher Policy
* `authentik_policies_expiry.passwordexpirypolicy` - Password Expiry Policy
* `authentik_policies_expression.expressionpolicy` - Expression Policy
* `authentik_policies_password.passwordpolicy` - Password Policy
* `authentik_policies_reputation.reputationpolicy` - Reputation Policy
* `authentik_policies_reputation.reputation` - Reputation Score
* `authentik_policies.policybinding` - Policy Binding
* `authentik_providers_ldap.ldapprovider` - LDAP Provider
* `authentik_providers_oauth2.scopemapping` - Scope Mapping
* `authentik_providers_oauth2.oauth2provider` - OAuth2/OpenID Provider
* `authentik_providers_oauth2.authorizationcode` - Authorization Code
* `authentik_providers_oauth2.accesstoken` - OAuth2 Access Token
* `authentik_providers_oauth2.refreshtoken` - OAuth2 Refresh Token
* `authentik_providers_proxy.proxyprovider` - Proxy Provider
* `authentik_providers_radius.radiusprovider` - Radius Provider
* `authentik_providers_saml.samlprovider` - SAML Provider
* `authentik_providers_saml.samlpropertymapping` - SAML Property Mapping
* `authentik_providers_scim.scimprovider` - SCIM Provider
* `authentik_providers_scim.scimmapping` - SCIM Mapping
* `authentik_rbac.role` - Role
* `authentik_sources_ldap.ldapsource` - LDAP Source
* `authentik_sources_ldap.ldappropertymapping` - LDAP Property Mapping
* `authentik_sources_oauth.oauthsource` - OAuth Source
* `authentik_sources_oauth.useroauthsourceconnection` - User OAuth Source Connection
* `authentik_sources_plex.plexsource` - Plex Source
* `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection
* `authentik_sources_saml.samlsource` - SAML Source
* `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection
* `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage
* `authentik_stages_authenticator_duo.duodevice` - Duo Device
* `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
* `authentik_stages_authenticator_sms.smsdevice` - SMS Device
* `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage
* `authentik_stages_authenticator_static.staticdevice` - Static Device
* `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage
* `authentik_stages_authenticator_totp.totpdevice` - TOTP Device
* `authentik_stages_authenticator_validate.authenticatorvalidatestage` - Authenticator Validation Stage
* `authentik_stages_authenticator_webauthn.authenticatewebauthnstage` - WebAuthn Authenticator Setup Stage
* `authentik_stages_authenticator_webauthn.webauthndevice` - WebAuthn Device
* `authentik_stages_captcha.captchastage` - Captcha Stage
* `authentik_stages_consent.consentstage` - Consent Stage
* `authentik_stages_consent.userconsent` - User Consent
* `authentik_stages_deny.denystage` - Deny Stage
* `authentik_stages_dummy.dummystage` - Dummy Stage
* `authentik_stages_email.emailstage` - Email Stage
* `authentik_stages_identification.identificationstage` - Identification Stage
* `authentik_stages_invitation.invitationstage` - Invitation Stage
* `authentik_stages_invitation.invitation` - Invitation
* `authentik_stages_password.passwordstage` - Password Stage
* `authentik_stages_prompt.prompt` - Prompt
* `authentik_stages_prompt.promptstage` - Prompt Stage
* `authentik_stages_user_delete.userdeletestage` - User Delete Stage
* `authentik_stages_user_login.userloginstage` - User Login Stage
* `authentik_stages_user_logout.userlogoutstage` - User Logout Stage
* `authentik_stages_user_write.userwritestage` - User Write Stage
* `authentik_tenants.tenant` - Tenant
* `authentik_blueprints.blueprintinstance` - Blueprint Instance
* `authentik_core.group` - Group
* `authentik_core.user` - User
* `authentik_core.application` - Application
* `authentik_core.token` - Token
* `authentik_enterprise.license` - License
* `authentik_providers_rac.racprovider` - RAC Provider
* `authentik_providers_rac.endpoint` - RAC Endpoint
* `authentik_providers_rac.racpropertymapping` - RAC Property Mapping
required: true
- in: query
name: object_pk
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- rbac
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedUserAssignedObjectPermissionList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/rbac/permissions/assigned_by_users/{id}/assign/:
post:
operationId: rbac_permissions_assigned_by_users_assign_create
description: Assign permission(s) to user
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User.
required: true
tags:
- rbac
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PermissionAssignRequest'
required: true
security:
- authentik: []
responses:
'204':
description: Successfully assigned
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/rbac/permissions/assigned_by_users/{id}/unassign/:
patch:
operationId: rbac_permissions_assigned_by_users_unassign_partial_update
description: |-
Unassign permission(s) to user. When `object_pk` is set, the permissions
are only assigned to the specific object, otherwise they are assigned globally.
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User.
required: true
tags:
- rbac
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedPermissionAssignRequest'
security:
- authentik: []
responses:
'204':
description: Successfully unassigned
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/rbac/permissions/roles/:
get:
operationId: rbac_permissions_roles_list
description: Get a role's assigned object permissions
parameters:
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: uuid
schema:
type: string
format: uuid
required: true
tags:
- rbac
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedExtraRoleObjectPermissionList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/rbac/permissions/users/:
get:
operationId: rbac_permissions_users_list
description: Get a users's assigned object permissions
parameters:
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: user_id
schema:
type: integer
required: true
tags:
- rbac
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedExtraUserObjectPermissionList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/rbac/roles/:
get:
operationId: rbac_roles_list
description: Role viewset
parameters:
- in: query
name: group__name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- rbac
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedRoleList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: rbac_roles_create
description: Role viewset
tags:
- rbac
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/RoleRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/Role'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/rbac/roles/{uuid}/:
get:
operationId: rbac_roles_retrieve
description: Role viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Role.
required: true
tags:
- rbac
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Role'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: rbac_roles_update
description: Role viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Role.
required: true
tags:
- rbac
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/RoleRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Role'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: rbac_roles_partial_update
description: Role viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Role.
required: true
tags:
- rbac
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedRoleRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Role'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: rbac_roles_destroy
description: Role viewset
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Role.
required: true
tags:
- rbac
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/rbac/roles/{uuid}/used_by/:
get:
operationId: rbac_roles_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Role.
required: true
tags:
- rbac
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/root/config/:
get:
operationId: root_config_retrieve
description: Retrieve public configuration options
tags:
- root
security:
- authentik: []
- {}
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Config'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/schema/:
get:
operationId: schema_retrieve
description: |-
OpenApi3 schema for this API. Format can be selected via content negotiation.
- YAML: application/vnd.oai.openapi
- JSON: application/vnd.oai.openapi+json
parameters:
- in: query
name: format
schema:
type: string
enum:
- json
- yaml
- in: query
name: lang
schema:
type: string
enum:
- af
- ar
- ar-dz
- ast
- az
- be
- bg
- bn
- br
- bs
- ca
- ckb
- cs
- cy
- da
- de
- dsb
- el
- en
- en-au
- en-gb
- eo
- es
- es-ar
- es-co
- es-mx
- es-ni
- es-ve
- et
- eu
- fa
- fi
- fr
- fy
- ga
- gd
- gl
- he
- hi
- hr
- hsb
- hu
- hy
- ia
- id
- ig
- io
- is
- it
- ja
- ka
- kab
- kk
- km
- kn
- ko
- ky
- lb
- lt
- lv
- mk
- ml
- mn
- mr
- ms
- my
- nb
- ne
- nl
- nn
- os
- pa
- pl
- pt
- pt-br
- ro
- ru
- sk
- sl
- sq
- sr
- sr-latn
- sv
- sw
- ta
- te
- tg
- th
- tk
- tr
- tt
- udm
- uk
- ur
- uz
- vi
- zh-hans
- zh-hant
tags:
- schema
security:
- authentik: []
- {}
responses:
'200':
content:
application/vnd.oai.openapi:
schema:
type: object
additionalProperties: {}
application/yaml:
schema:
type: object
additionalProperties: {}
application/vnd.oai.openapi+json:
schema:
type: object
additionalProperties: {}
application/json:
schema:
type: object
additionalProperties: {}
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/sources/all/:
get:
operationId: sources_all_list
description: Source Viewset
parameters:
- in: query
name: managed
schema:
type: string
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: slug
schema:
type: string
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedSourceList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/sources/all/{slug}/:
get:
operationId: sources_all_retrieve
description: Source Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Source'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: sources_all_destroy
description: Source Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/sources/all/{slug}/set_icon/:
post:
operationId: sources_all_set_icon_create
description: Set source icon
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
requestBody:
content:
multipart/form-data:
schema:
$ref: '#/components/schemas/FileUploadRequest'
security:
- authentik: []
responses:
'200':
description: Success
'400':
description: Bad request
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/sources/all/{slug}/set_icon_url/:
post:
operationId: sources_all_set_icon_url_create
description: Set source icon (as URL)
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/FilePathRequest'
required: true
security:
- authentik: []
responses:
'200':
description: Success
'400':
description: Bad request
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/sources/all/{slug}/used_by/:
get:
operationId: sources_all_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/sources/all/types/:
get:
operationId: sources_all_types_list
description: Get all creatable source types
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/TypeCreate'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/sources/all/user_settings/:
get:
operationId: sources_all_user_settings_list
description: Get all sources the user can configure
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UserSetting'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/sources/ldap/:
get:
operationId: sources_ldap_list
description: LDAP Source Viewset
parameters:
- in: query
name: additional_group_dn
schema:
type: string
- in: query
name: additional_user_dn
schema:
type: string
- in: query
name: base_dn
schema:
type: string
- in: query
name: bind_cn
schema:
type: string
- in: query
name: client_certificate
schema:
type: string
format: uuid
- in: query
name: enabled
schema:
type: boolean
- in: query
name: group_membership_field
schema:
type: string
- in: query
name: group_object_filter
schema:
type: string
- in: query
name: name
schema:
type: string
- in: query
name: object_uniqueness_field
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: peer_certificate
schema:
type: string
format: uuid
- in: query
name: property_mappings
schema:
type: array
items:
type: string
format: uuid
explode: true
style: form
- in: query
name: property_mappings_group
schema:
type: array
items:
type: string
format: uuid
explode: true
style: form
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: server_uri
schema:
type: string
- in: query
name: slug
schema:
type: string
- in: query
name: sni
schema:
type: boolean
- in: query
name: start_tls
schema:
type: boolean
- in: query
name: sync_groups
schema:
type: boolean
- in: query
name: sync_parent_group
schema:
type: string
format: uuid
- in: query
name: sync_users
schema:
type: boolean
- in: query
name: sync_users_password
schema:
type: boolean
- in: query
name: user_object_filter
schema:
type: string
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedLDAPSourceList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: sources_ldap_create
description: LDAP Source Viewset
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPSourceRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPSource'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/sources/ldap/{slug}/:
get:
operationId: sources_ldap_retrieve
description: LDAP Source Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPSource'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: sources_ldap_update
description: LDAP Source Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPSourceRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPSource'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: sources_ldap_partial_update
description: LDAP Source Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedLDAPSourceRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPSource'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: sources_ldap_destroy
description: LDAP Source Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/sources/ldap/{slug}/debug/:
get:
operationId: sources_ldap_debug_retrieve
description: Get raw LDAP data to debug
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPDebug'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/sources/ldap/{slug}/sync_status/:
get:
operationId: sources_ldap_sync_status_retrieve
description: Get source's sync status
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/LDAPSyncStatus'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/sources/ldap/{slug}/used_by/:
get:
operationId: sources_ldap_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/sources/oauth/:
get:
operationId: sources_oauth_list
description: Source Viewset
parameters:
- in: query
name: access_token_url
schema:
type: string
- in: query
name: additional_scopes
schema:
type: string
- in: query
name: authentication_flow
schema:
type: string
format: uuid
- in: query
name: authorization_url
schema:
type: string
- in: query
name: consumer_key
schema:
type: string
- in: query
name: enabled
schema:
type: boolean
- in: query
name: enrollment_flow
schema:
type: string
format: uuid
- in: query
name: has_jwks
schema:
type: boolean
description: Only return sources with JWKS data
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: policy_engine_mode
schema:
type: string
enum:
- all
- any
description: |-
* `all` - all, all policies must pass
* `any` - any, any policy must pass
- in: query
name: profile_url
schema:
type: string
- in: query
name: provider_type
schema:
type: string
- in: query
name: request_token_url
schema:
type: string
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: slug
schema:
type: string
- in: query
name: user_matching_mode
schema:
type: string
enum:
- email_deny
- email_link
- identifier
- username_deny
- username_link
description: |-
How the source determines if an existing user should be authenticated or a new user enrolled.
* `identifier` - Use the source-specific identifier
* `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses.
* `email_deny` - Use the user's email address, but deny enrollment when the email address already exists.
* `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source.
* `username_deny` - Use the user's username, but deny enrollment when the username already exists.
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedOAuthSourceList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: sources_oauth_create
description: Source Viewset
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/OAuthSourceRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/OAuthSource'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/sources/oauth/{slug}/:
get:
operationId: sources_oauth_retrieve
description: Source Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/OAuthSource'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: sources_oauth_update
description: Source Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/OAuthSourceRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/OAuthSource'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: sources_oauth_partial_update
description: Source Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedOAuthSourceRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/OAuthSource'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: sources_oauth_destroy
description: Source Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/sources/oauth/{slug}/used_by/:
get:
operationId: sources_oauth_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/sources/oauth/source_types/:
get:
operationId: sources_oauth_source_types_list
description: |-
Get all creatable source types. If ?name is set, only returns the type for <name>.
If <name> isn't found, returns the default type.
parameters:
- in: query
name: name
schema:
type: string
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/SourceType'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/sources/plex/:
get:
operationId: sources_plex_list
description: Plex source Viewset
parameters:
- in: query
name: allow_friends
schema:
type: boolean
- in: query
name: authentication_flow
schema:
type: string
format: uuid
- in: query
name: client_id
schema:
type: string
- in: query
name: enabled
schema:
type: boolean
- in: query
name: enrollment_flow
schema:
type: string
format: uuid
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: policy_engine_mode
schema:
type: string
enum:
- all
- any
description: |-
* `all` - all, all policies must pass
* `any` - any, any policy must pass
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: slug
schema:
type: string
- in: query
name: user_matching_mode
schema:
type: string
enum:
- email_deny
- email_link
- identifier
- username_deny
- username_link
description: |-
How the source determines if an existing user should be authenticated or a new user enrolled.
* `identifier` - Use the source-specific identifier
* `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses.
* `email_deny` - Use the user's email address, but deny enrollment when the email address already exists.
* `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source.
* `username_deny` - Use the user's username, but deny enrollment when the username already exists.
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedPlexSourceList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: sources_plex_create
description: Plex source Viewset
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PlexSourceRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/PlexSource'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/sources/plex/{slug}/:
get:
operationId: sources_plex_retrieve
description: Plex source Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PlexSource'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: sources_plex_update
description: Plex source Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PlexSourceRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PlexSource'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: sources_plex_partial_update
description: Plex source Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedPlexSourceRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PlexSource'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: sources_plex_destroy
description: Plex source Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/sources/plex/{slug}/used_by/:
get:
operationId: sources_plex_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/sources/plex/redeem_token/:
post:
operationId: sources_plex_redeem_token_create
description: |-
Redeem a plex token, check it's access to resources against what's allowed
for the source, and redirect to an authentication/enrollment flow.
parameters:
- in: query
name: slug
schema:
type: string
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PlexTokenRedeemRequest'
required: true
security:
- authentik: []
- {}
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/RedirectChallenge'
description: ''
'400':
description: Token not found
'403':
description: Access denied
/sources/plex/redeem_token_authenticated/:
post:
operationId: sources_plex_redeem_token_authenticated_create
description: Redeem a plex token for an authenticated user, creating a connection
parameters:
- in: query
name: slug
schema:
type: string
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PlexTokenRedeemRequest'
required: true
security:
- authentik: []
responses:
'204':
description: No response body
'400':
description: Token not found
'403':
description: Access denied
/sources/saml/:
get:
operationId: sources_saml_list
description: SAMLSource Viewset
parameters:
- in: query
name: allow_idp_initiated
schema:
type: boolean
- in: query
name: authentication_flow
schema:
type: string
format: uuid
- in: query
name: binding_type
schema:
type: string
enum:
- POST
- POST_AUTO
- REDIRECT
description: |-
* `REDIRECT` - Redirect Binding
* `POST` - POST Binding
* `POST_AUTO` - POST Binding with auto-confirmation
- in: query
name: digest_algorithm
schema:
type: string
enum:
- http://www.w3.org/2000/09/xmldsig#sha1
- http://www.w3.org/2001/04/xmldsig-more#sha384
- http://www.w3.org/2001/04/xmlenc#sha256
- http://www.w3.org/2001/04/xmlenc#sha512
description: |-
* `http://www.w3.org/2000/09/xmldsig#sha1` - SHA1
* `http://www.w3.org/2001/04/xmlenc#sha256` - SHA256
* `http://www.w3.org/2001/04/xmldsig-more#sha384` - SHA384
* `http://www.w3.org/2001/04/xmlenc#sha512` - SHA512
- in: query
name: enabled
schema:
type: boolean
- in: query
name: enrollment_flow
schema:
type: string
format: uuid
- in: query
name: issuer
schema:
type: string
- in: query
name: managed
schema:
type: string
- in: query
name: name
schema:
type: string
- in: query
name: name_id_policy
schema:
type: string
enum:
- urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
- urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName
- urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName
- urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
- urn:oasis:names:tc:SAML:2.0:nameid-format:transient
description: |-
NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.
* `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress` - Email
* `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent` - Persistent
* `urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName` - X509
* `urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName` - Windows
* `urn:oasis:names:tc:SAML:2.0:nameid-format:transient` - Transient
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: policy_engine_mode
schema:
type: string
enum:
- all
- any
description: |-
* `all` - all, all policies must pass
* `any` - any, any policy must pass
- in: query
name: pre_authentication_flow
schema:
type: string
format: uuid
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: signature_algorithm
schema:
type: string
enum:
- http://www.w3.org/2000/09/xmldsig#dsa-sha1
- http://www.w3.org/2000/09/xmldsig#rsa-sha1
- http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
- http://www.w3.org/2001/04/xmldsig-more#rsa-sha384
- http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
description: |-
* `http://www.w3.org/2000/09/xmldsig#rsa-sha1` - RSA-SHA1
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256` - RSA-SHA256
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384` - RSA-SHA384
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512` - RSA-SHA512
* `http://www.w3.org/2000/09/xmldsig#dsa-sha1` - DSA-SHA1
- in: query
name: signing_kp
schema:
type: string
format: uuid
- in: query
name: slo_url
schema:
type: string
- in: query
name: slug
schema:
type: string
- in: query
name: sso_url
schema:
type: string
- in: query
name: temporary_user_delete_after
schema:
type: string
- in: query
name: user_matching_mode
schema:
type: string
enum:
- email_deny
- email_link
- identifier
- username_deny
- username_link
description: |-
How the source determines if an existing user should be authenticated or a new user enrolled.
* `identifier` - Use the source-specific identifier
* `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses.
* `email_deny` - Use the user's email address, but deny enrollment when the email address already exists.
* `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source.
* `username_deny` - Use the user's username, but deny enrollment when the username already exists.
- in: query
name: verification_kp
schema:
type: string
format: uuid
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedSAMLSourceList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: sources_saml_create
description: SAMLSource Viewset
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLSourceRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLSource'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/sources/saml/{slug}/:
get:
operationId: sources_saml_retrieve
description: SAMLSource Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLSource'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: sources_saml_update
description: SAMLSource Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLSourceRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLSource'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: sources_saml_partial_update
description: SAMLSource Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedSAMLSourceRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLSource'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: sources_saml_destroy
description: SAMLSource Viewset
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/sources/saml/{slug}/metadata/:
get:
operationId: sources_saml_metadata_retrieve
description: Return metadata as XML string
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SAMLMetadata'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/sources/saml/{slug}/used_by/:
get:
operationId: sources_saml_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: slug
schema:
type: string
description: Internal source name, used in URLs.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/sources/user_connections/all/:
get:
operationId: sources_user_connections_all_list
description: User-source connection Viewset
parameters:
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: user
schema:
type: integer
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedUserSourceConnectionList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/sources/user_connections/all/{id}/:
get:
operationId: sources_user_connections_all_retrieve
description: User-source connection Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this user source connection.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserSourceConnection'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: sources_user_connections_all_update
description: User-source connection Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this user source connection.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserSourceConnection'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: sources_user_connections_all_partial_update
description: User-source connection Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this user source connection.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserSourceConnection'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: sources_user_connections_all_destroy
description: User-source connection Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this user source connection.
required: true
tags:
- sources
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/sources/user_connections/all/{id}/used_by/:
get:
operationId: sources_user_connections_all_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this user source connection.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/sources/user_connections/oauth/:
get:
operationId: sources_user_connections_oauth_list
description: Source Viewset
parameters:
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: source__slug
schema:
type: string
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedUserOAuthSourceConnectionList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: sources_user_connections_oauth_create
description: Source Viewset
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UserOAuthSourceConnectionRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/UserOAuthSourceConnection'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/sources/user_connections/oauth/{id}/:
get:
operationId: sources_user_connections_oauth_retrieve
description: Source Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User OAuth Source Connection.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserOAuthSourceConnection'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: sources_user_connections_oauth_update
description: Source Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User OAuth Source Connection.
required: true
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UserOAuthSourceConnectionRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserOAuthSourceConnection'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: sources_user_connections_oauth_partial_update
description: Source Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User OAuth Source Connection.
required: true
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedUserOAuthSourceConnectionRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserOAuthSourceConnection'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: sources_user_connections_oauth_destroy
description: Source Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User OAuth Source Connection.
required: true
tags:
- sources
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/sources/user_connections/oauth/{id}/used_by/:
get:
operationId: sources_user_connections_oauth_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User OAuth Source Connection.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/sources/user_connections/plex/:
get:
operationId: sources_user_connections_plex_list
description: Plex Source connection Serializer
parameters:
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: source__slug
schema:
type: string
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedPlexSourceConnectionList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: sources_user_connections_plex_create
description: Plex Source connection Serializer
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PlexSourceConnectionRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/PlexSourceConnection'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/sources/user_connections/plex/{id}/:
get:
operationId: sources_user_connections_plex_retrieve
description: Plex Source connection Serializer
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User Plex Source Connection.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PlexSourceConnection'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: sources_user_connections_plex_update
description: Plex Source connection Serializer
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User Plex Source Connection.
required: true
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PlexSourceConnectionRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PlexSourceConnection'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: sources_user_connections_plex_partial_update
description: Plex Source connection Serializer
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User Plex Source Connection.
required: true
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedPlexSourceConnectionRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PlexSourceConnection'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: sources_user_connections_plex_destroy
description: Plex Source connection Serializer
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User Plex Source Connection.
required: true
tags:
- sources
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/sources/user_connections/plex/{id}/used_by/:
get:
operationId: sources_user_connections_plex_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User Plex Source Connection.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/sources/user_connections/saml/:
get:
operationId: sources_user_connections_saml_list
description: Source Viewset
parameters:
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: source__slug
schema:
type: string
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedUserSAMLSourceConnectionList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: sources_user_connections_saml_create
description: Source Viewset
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UserSAMLSourceConnectionRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/UserSAMLSourceConnection'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/sources/user_connections/saml/{id}/:
get:
operationId: sources_user_connections_saml_retrieve
description: Source Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User SAML Source Connection.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserSAMLSourceConnection'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: sources_user_connections_saml_update
description: Source Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User SAML Source Connection.
required: true
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UserSAMLSourceConnectionRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserSAMLSourceConnection'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: sources_user_connections_saml_partial_update
description: Source Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User SAML Source Connection.
required: true
tags:
- sources
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedUserSAMLSourceConnectionRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserSAMLSourceConnection'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: sources_user_connections_saml_destroy
description: Source Viewset
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User SAML Source Connection.
required: true
tags:
- sources
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/sources/user_connections/saml/{id}/used_by/:
get:
operationId: sources_user_connections_saml_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User SAML Source Connection.
required: true
tags:
- sources
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/all/:
get:
operationId: stages_all_list
description: Stage Viewset
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedStageList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/all/{stage_uuid}/:
get:
operationId: stages_all_retrieve
description: Stage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Stage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: stages_all_destroy
description: Stage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/all/{stage_uuid}/used_by/:
get:
operationId: stages_all_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/all/types/:
get:
operationId: stages_all_types_list
description: Get all creatable stage types
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/TypeCreate'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/all/user_settings/:
get:
operationId: stages_all_user_settings_list
description: Get all stages the user can configure
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UserSetting'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/authenticator/duo/:
get:
operationId: stages_authenticator_duo_list
description: AuthenticatorDuoStage Viewset
parameters:
- in: query
name: api_hostname
schema:
type: string
- in: query
name: client_id
schema:
type: string
- in: query
name: configure_flow
schema:
type: string
format: uuid
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedAuthenticatorDuoStageList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: stages_authenticator_duo_create
description: AuthenticatorDuoStage Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorDuoStageRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorDuoStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/authenticator/duo/{stage_uuid}/:
get:
operationId: stages_authenticator_duo_retrieve
description: AuthenticatorDuoStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Duo Authenticator Setup Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorDuoStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: stages_authenticator_duo_update
description: AuthenticatorDuoStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Duo Authenticator Setup Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorDuoStageRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorDuoStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: stages_authenticator_duo_partial_update
description: AuthenticatorDuoStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Duo Authenticator Setup Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedAuthenticatorDuoStageRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorDuoStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: stages_authenticator_duo_destroy
description: AuthenticatorDuoStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Duo Authenticator Setup Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/authenticator/duo/{stage_uuid}/enrollment_status/:
post:
operationId: stages_authenticator_duo_enrollment_status_create
description: Check enrollment status of user details in current session
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Duo Authenticator Setup Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DuoDeviceEnrollmentStatus'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/authenticator/duo/{stage_uuid}/import_device_manual/:
post:
operationId: stages_authenticator_duo_import_device_manual_create
description: Import duo devices into authentik
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Duo Authenticator Setup Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorDuoStageManualDeviceImportRequest'
required: true
security:
- authentik: []
responses:
'204':
description: Enrollment successful
'400':
description: Bad request
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/authenticator/duo/{stage_uuid}/import_devices_automatic/:
post:
operationId: stages_authenticator_duo_import_devices_automatic_create
description: Import duo devices into authentik
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Duo Authenticator Setup Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorDuoStageDeviceImportResponse'
description: ''
'400':
description: Bad request
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/authenticator/duo/{stage_uuid}/used_by/:
get:
operationId: stages_authenticator_duo_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Duo Authenticator Setup Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/authenticator/sms/:
get:
operationId: stages_authenticator_sms_list
description: AuthenticatorSMSStage Viewset
parameters:
- in: query
name: account_sid
schema:
type: string
- in: query
name: auth
schema:
type: string
- in: query
name: auth_password
schema:
type: string
- in: query
name: auth_type
schema:
type: string
enum:
- basic
- bearer
description: |-
* `basic` - Basic
* `bearer` - Bearer
- in: query
name: configure_flow
schema:
type: string
format: uuid
- in: query
name: friendly_name
schema:
type: string
- in: query
name: from_number
schema:
type: string
- in: query
name: mapping
schema:
type: string
format: uuid
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: provider
schema:
type: string
enum:
- generic
- twilio
description: |-
* `twilio` - Twilio
* `generic` - Generic
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: stage_uuid
schema:
type: string
format: uuid
- in: query
name: verify_only
schema:
type: boolean
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedAuthenticatorSMSStageList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: stages_authenticator_sms_create
description: AuthenticatorSMSStage Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorSMSStageRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorSMSStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/authenticator/sms/{stage_uuid}/:
get:
operationId: stages_authenticator_sms_retrieve
description: AuthenticatorSMSStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this SMS Authenticator Setup Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorSMSStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: stages_authenticator_sms_update
description: AuthenticatorSMSStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this SMS Authenticator Setup Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorSMSStageRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorSMSStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: stages_authenticator_sms_partial_update
description: AuthenticatorSMSStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this SMS Authenticator Setup Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedAuthenticatorSMSStageRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorSMSStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: stages_authenticator_sms_destroy
description: AuthenticatorSMSStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this SMS Authenticator Setup Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/authenticator/sms/{stage_uuid}/used_by/:
get:
operationId: stages_authenticator_sms_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this SMS Authenticator Setup Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/authenticator/static/:
get:
operationId: stages_authenticator_static_list
description: AuthenticatorStaticStage Viewset
parameters:
- in: query
name: configure_flow
schema:
type: string
format: uuid
- in: query
name: friendly_name
schema:
type: string
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: stage_uuid
schema:
type: string
format: uuid
- in: query
name: token_count
schema:
type: integer
- in: query
name: token_length
schema:
type: integer
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedAuthenticatorStaticStageList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: stages_authenticator_static_create
description: AuthenticatorStaticStage Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorStaticStageRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorStaticStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/authenticator/static/{stage_uuid}/:
get:
operationId: stages_authenticator_static_retrieve
description: AuthenticatorStaticStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Static Authenticator Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorStaticStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: stages_authenticator_static_update
description: AuthenticatorStaticStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Static Authenticator Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorStaticStageRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorStaticStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: stages_authenticator_static_partial_update
description: AuthenticatorStaticStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Static Authenticator Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedAuthenticatorStaticStageRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorStaticStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: stages_authenticator_static_destroy
description: AuthenticatorStaticStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Static Authenticator Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/authenticator/static/{stage_uuid}/used_by/:
get:
operationId: stages_authenticator_static_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Static Authenticator Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/authenticator/totp/:
get:
operationId: stages_authenticator_totp_list
description: AuthenticatorTOTPStage Viewset
parameters:
- in: query
name: configure_flow
schema:
type: string
format: uuid
- in: query
name: digits
schema:
type: string
enum:
- '6'
- '8'
description: |-
* `6` - 6 digits, widely compatible
* `8` - 8 digits, not compatible with apps like Google Authenticator
- in: query
name: friendly_name
schema:
type: string
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: stage_uuid
schema:
type: string
format: uuid
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedAuthenticatorTOTPStageList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: stages_authenticator_totp_create
description: AuthenticatorTOTPStage Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorTOTPStageRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorTOTPStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/authenticator/totp/{stage_uuid}/:
get:
operationId: stages_authenticator_totp_retrieve
description: AuthenticatorTOTPStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this TOTP Authenticator Setup Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorTOTPStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: stages_authenticator_totp_update
description: AuthenticatorTOTPStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this TOTP Authenticator Setup Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorTOTPStageRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorTOTPStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: stages_authenticator_totp_partial_update
description: AuthenticatorTOTPStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this TOTP Authenticator Setup Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedAuthenticatorTOTPStageRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorTOTPStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: stages_authenticator_totp_destroy
description: AuthenticatorTOTPStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this TOTP Authenticator Setup Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/authenticator/totp/{stage_uuid}/used_by/:
get:
operationId: stages_authenticator_totp_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this TOTP Authenticator Setup Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/authenticator/validate/:
get:
operationId: stages_authenticator_validate_list
description: AuthenticatorValidateStage Viewset
parameters:
- in: query
name: configuration_stages
schema:
type: array
items:
type: string
format: uuid
explode: true
style: form
- in: query
name: name
schema:
type: string
- in: query
name: not_configured_action
schema:
type: string
enum:
- configure
- deny
- skip
description: |-
* `skip` - Skip
* `deny` - Deny
* `configure` - Configure
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedAuthenticatorValidateStageList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: stages_authenticator_validate_create
description: AuthenticatorValidateStage Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorValidateStageRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorValidateStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/authenticator/validate/{stage_uuid}/:
get:
operationId: stages_authenticator_validate_retrieve
description: AuthenticatorValidateStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Authenticator Validation Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorValidateStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: stages_authenticator_validate_update
description: AuthenticatorValidateStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Authenticator Validation Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorValidateStageRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorValidateStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: stages_authenticator_validate_partial_update
description: AuthenticatorValidateStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Authenticator Validation Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedAuthenticatorValidateStageRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorValidateStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: stages_authenticator_validate_destroy
description: AuthenticatorValidateStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Authenticator Validation Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/authenticator/validate/{stage_uuid}/used_by/:
get:
operationId: stages_authenticator_validate_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Authenticator Validation Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/authenticator/webauthn/:
get:
operationId: stages_authenticator_webauthn_list
description: AuthenticateWebAuthnStage Viewset
parameters:
- in: query
name: authenticator_attachment
schema:
type: string
nullable: true
enum:
- cross-platform
- platform
description: |-
* `platform` - Platform
* `cross-platform` - Cross Platform
- in: query
name: configure_flow
schema:
type: string
format: uuid
- in: query
name: friendly_name
schema:
type: string
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: resident_key_requirement
schema:
type: string
enum:
- discouraged
- preferred
- required
description: |-
* `discouraged` - Discouraged
* `preferred` - Preferred
* `required` - Required
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: stage_uuid
schema:
type: string
format: uuid
- in: query
name: user_verification
schema:
type: string
enum:
- discouraged
- preferred
- required
description: |-
* `required` - Required
* `preferred` - Preferred
* `discouraged` - Discouraged
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedAuthenticateWebAuthnStageList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: stages_authenticator_webauthn_create
description: AuthenticateWebAuthnStage Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticateWebAuthnStageRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticateWebAuthnStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/authenticator/webauthn/{stage_uuid}/:
get:
operationId: stages_authenticator_webauthn_retrieve
description: AuthenticateWebAuthnStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this WebAuthn Authenticator Setup Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticateWebAuthnStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: stages_authenticator_webauthn_update
description: AuthenticateWebAuthnStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this WebAuthn Authenticator Setup Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticateWebAuthnStageRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticateWebAuthnStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: stages_authenticator_webauthn_partial_update
description: AuthenticateWebAuthnStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this WebAuthn Authenticator Setup Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedAuthenticateWebAuthnStageRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticateWebAuthnStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: stages_authenticator_webauthn_destroy
description: AuthenticateWebAuthnStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this WebAuthn Authenticator Setup Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/authenticator/webauthn/{stage_uuid}/used_by/:
get:
operationId: stages_authenticator_webauthn_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this WebAuthn Authenticator Setup Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/captcha/:
get:
operationId: stages_captcha_list
description: CaptchaStage Viewset
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: public_key
schema:
type: string
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedCaptchaStageList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: stages_captcha_create
description: CaptchaStage Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CaptchaStageRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/CaptchaStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/captcha/{stage_uuid}/:
get:
operationId: stages_captcha_retrieve
description: CaptchaStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Captcha Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/CaptchaStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: stages_captcha_update
description: CaptchaStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Captcha Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CaptchaStageRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/CaptchaStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: stages_captcha_partial_update
description: CaptchaStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Captcha Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedCaptchaStageRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/CaptchaStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: stages_captcha_destroy
description: CaptchaStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Captcha Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/captcha/{stage_uuid}/used_by/:
get:
operationId: stages_captcha_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Captcha Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/consent/:
get:
operationId: stages_consent_list
description: ConsentStage Viewset
parameters:
- in: query
name: consent_expire_in
schema:
type: string
- in: query
name: mode
schema:
type: string
enum:
- always_require
- expiring
- permanent
description: |-
* `always_require` - Always Require
* `permanent` - Permanent
* `expiring` - Expiring
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: stage_uuid
schema:
type: string
format: uuid
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedConsentStageList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: stages_consent_create
description: ConsentStage Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ConsentStageRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/ConsentStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/consent/{stage_uuid}/:
get:
operationId: stages_consent_retrieve
description: ConsentStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Consent Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ConsentStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: stages_consent_update
description: ConsentStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Consent Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ConsentStageRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ConsentStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: stages_consent_partial_update
description: ConsentStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Consent Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedConsentStageRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ConsentStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: stages_consent_destroy
description: ConsentStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Consent Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/consent/{stage_uuid}/used_by/:
get:
operationId: stages_consent_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Consent Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/deny/:
get:
operationId: stages_deny_list
description: DenyStage Viewset
parameters:
- in: query
name: deny_message
schema:
type: string
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: stage_uuid
schema:
type: string
format: uuid
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedDenyStageList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: stages_deny_create
description: DenyStage Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DenyStageRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/DenyStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/deny/{stage_uuid}/:
get:
operationId: stages_deny_retrieve
description: DenyStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Deny Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DenyStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: stages_deny_update
description: DenyStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Deny Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DenyStageRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DenyStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: stages_deny_partial_update
description: DenyStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Deny Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedDenyStageRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DenyStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: stages_deny_destroy
description: DenyStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Deny Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/deny/{stage_uuid}/used_by/:
get:
operationId: stages_deny_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Deny Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/dummy/:
get:
operationId: stages_dummy_list
description: DummyStage Viewset
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: stage_uuid
schema:
type: string
format: uuid
- in: query
name: throw_error
schema:
type: boolean
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedDummyStageList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: stages_dummy_create
description: DummyStage Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DummyStageRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/DummyStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/dummy/{stage_uuid}/:
get:
operationId: stages_dummy_retrieve
description: DummyStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Dummy Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DummyStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: stages_dummy_update
description: DummyStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Dummy Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DummyStageRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DummyStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: stages_dummy_partial_update
description: DummyStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Dummy Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedDummyStageRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DummyStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: stages_dummy_destroy
description: DummyStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Dummy Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/dummy/{stage_uuid}/used_by/:
get:
operationId: stages_dummy_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Dummy Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/email/:
get:
operationId: stages_email_list
description: EmailStage Viewset
parameters:
- in: query
name: activate_user_on_success
schema:
type: boolean
- in: query
name: from_address
schema:
type: string
- in: query
name: host
schema:
type: string
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: port
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: subject
schema:
type: string
- in: query
name: template
schema:
type: string
- in: query
name: timeout
schema:
type: integer
- in: query
name: token_expiry
schema:
type: integer
- in: query
name: use_global_settings
schema:
type: boolean
- in: query
name: use_ssl
schema:
type: boolean
- in: query
name: use_tls
schema:
type: boolean
- in: query
name: username
schema:
type: string
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedEmailStageList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: stages_email_create
description: EmailStage Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/EmailStageRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/EmailStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/email/{stage_uuid}/:
get:
operationId: stages_email_retrieve
description: EmailStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Email Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/EmailStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: stages_email_update
description: EmailStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Email Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/EmailStageRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/EmailStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: stages_email_partial_update
description: EmailStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Email Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedEmailStageRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/EmailStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: stages_email_destroy
description: EmailStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Email Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/email/{stage_uuid}/used_by/:
get:
operationId: stages_email_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Email Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/email/templates/:
get:
operationId: stages_email_templates_list
description: Get all available templates, including custom templates
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/TypeCreate'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/identification/:
get:
operationId: stages_identification_list
description: IdentificationStage Viewset
parameters:
- in: query
name: case_insensitive_matching
schema:
type: boolean
- in: query
name: enrollment_flow
schema:
type: string
format: uuid
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: password_stage
schema:
type: string
format: uuid
- in: query
name: passwordless_flow
schema:
type: string
format: uuid
- in: query
name: recovery_flow
schema:
type: string
format: uuid
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: show_matched_user
schema:
type: boolean
- in: query
name: show_source_labels
schema:
type: boolean
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedIdentificationStageList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: stages_identification_create
description: IdentificationStage Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/IdentificationStageRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/IdentificationStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/identification/{stage_uuid}/:
get:
operationId: stages_identification_retrieve
description: IdentificationStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Identification Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/IdentificationStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: stages_identification_update
description: IdentificationStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Identification Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/IdentificationStageRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/IdentificationStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: stages_identification_partial_update
description: IdentificationStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Identification Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedIdentificationStageRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/IdentificationStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: stages_identification_destroy
description: IdentificationStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Identification Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/identification/{stage_uuid}/used_by/:
get:
operationId: stages_identification_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Identification Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/invitation/invitations/:
get:
operationId: stages_invitation_invitations_list
description: Invitation Viewset
parameters:
- in: query
name: created_by__username
schema:
type: string
- in: query
name: expires
schema:
type: string
format: date-time
- in: query
name: flow__slug
schema:
type: string
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedInvitationList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: stages_invitation_invitations_create
description: Invitation Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/InvitationRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/Invitation'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/invitation/invitations/{invite_uuid}/:
get:
operationId: stages_invitation_invitations_retrieve
description: Invitation Viewset
parameters:
- in: path
name: invite_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Invitation.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Invitation'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: stages_invitation_invitations_update
description: Invitation Viewset
parameters:
- in: path
name: invite_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Invitation.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/InvitationRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Invitation'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: stages_invitation_invitations_partial_update
description: Invitation Viewset
parameters:
- in: path
name: invite_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Invitation.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedInvitationRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Invitation'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: stages_invitation_invitations_destroy
description: Invitation Viewset
parameters:
- in: path
name: invite_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Invitation.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/invitation/invitations/{invite_uuid}/used_by/:
get:
operationId: stages_invitation_invitations_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: invite_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Invitation.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/invitation/stages/:
get:
operationId: stages_invitation_stages_list
description: InvitationStage Viewset
parameters:
- in: query
name: continue_flow_without_invitation
schema:
type: boolean
- in: query
name: name
schema:
type: string
- in: query
name: no_flows
schema:
type: boolean
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: stage_uuid
schema:
type: string
format: uuid
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedInvitationStageList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: stages_invitation_stages_create
description: InvitationStage Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/InvitationStageRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/InvitationStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/invitation/stages/{stage_uuid}/:
get:
operationId: stages_invitation_stages_retrieve
description: InvitationStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Invitation Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/InvitationStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: stages_invitation_stages_update
description: InvitationStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Invitation Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/InvitationStageRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/InvitationStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: stages_invitation_stages_partial_update
description: InvitationStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Invitation Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedInvitationStageRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/InvitationStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: stages_invitation_stages_destroy
description: InvitationStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Invitation Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/invitation/stages/{stage_uuid}/used_by/:
get:
operationId: stages_invitation_stages_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Invitation Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/password/:
get:
operationId: stages_password_list
description: PasswordStage Viewset
parameters:
- in: query
name: configure_flow
schema:
type: string
format: uuid
- in: query
name: failed_attempts_before_cancel
schema:
type: integer
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedPasswordStageList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: stages_password_create
description: PasswordStage Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PasswordStageRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/PasswordStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/password/{stage_uuid}/:
get:
operationId: stages_password_retrieve
description: PasswordStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Password Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PasswordStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: stages_password_update
description: PasswordStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Password Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PasswordStageRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PasswordStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: stages_password_partial_update
description: PasswordStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Password Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedPasswordStageRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PasswordStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: stages_password_destroy
description: PasswordStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Password Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/password/{stage_uuid}/used_by/:
get:
operationId: stages_password_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Password Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/prompt/prompts/:
get:
operationId: stages_prompt_prompts_list
description: Prompt Viewset
parameters:
- in: query
name: field_key
schema:
type: string
- in: query
name: label
schema:
type: string
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: placeholder
schema:
type: string
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: type
schema:
type: string
enum:
- ak-locale
- checkbox
- date
- date-time
- dropdown
- email
- file
- hidden
- number
- password
- radio-button-group
- separator
- static
- text
- text_area
- text_area_read_only
- text_read_only
- username
description: |-
* `text` - Text: Simple Text input
* `text_area` - Text area: Multiline Text Input.
* `text_read_only` - Text (read-only): Simple Text input, but cannot be edited.
* `text_area_read_only` - Text area (read-only): Multiline Text input, but cannot be edited.
* `username` - Username: Same as Text input, but checks for and prevents duplicate usernames.
* `email` - Email: Text field with Email type.
* `password` - Password: Masked input, multiple inputs of this type on the same prompt need to be identical.
* `number` - Number
* `checkbox` - Checkbox
* `radio-button-group` - Fixed choice field rendered as a group of radio buttons.
* `dropdown` - Fixed choice field rendered as a dropdown.
* `date` - Date
* `date-time` - Date Time
* `file` - File: File upload for arbitrary files. File content will be available in flow context as data-URI
* `separator` - Separator: Static Separator Line
* `hidden` - Hidden: Hidden field, can be used to insert data into form.
* `static` - Static: Static value, displayed as-is.
* `ak-locale` - authentik: Selection of locales authentik supports
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedPromptList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: stages_prompt_prompts_create
description: Prompt Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PromptRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/Prompt'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/prompt/prompts/{prompt_uuid}/:
get:
operationId: stages_prompt_prompts_retrieve
description: Prompt Viewset
parameters:
- in: path
name: prompt_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Prompt.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Prompt'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: stages_prompt_prompts_update
description: Prompt Viewset
parameters:
- in: path
name: prompt_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Prompt.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PromptRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Prompt'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: stages_prompt_prompts_partial_update
description: Prompt Viewset
parameters:
- in: path
name: prompt_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Prompt.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedPromptRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Prompt'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: stages_prompt_prompts_destroy
description: Prompt Viewset
parameters:
- in: path
name: prompt_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Prompt.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/prompt/prompts/{prompt_uuid}/used_by/:
get:
operationId: stages_prompt_prompts_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: prompt_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Prompt.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/prompt/prompts/preview/:
post:
operationId: stages_prompt_prompts_preview_create
description: Preview a prompt as a challenge, just like a flow would receive
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PromptRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PromptChallenge'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/prompt/stages/:
get:
operationId: stages_prompt_stages_list
description: PromptStage Viewset
parameters:
- in: query
name: fields
schema:
type: array
items:
type: string
format: uuid
explode: true
style: form
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: stage_uuid
schema:
type: string
format: uuid
- in: query
name: validation_policies
schema:
type: array
items:
type: string
format: uuid
explode: true
style: form
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedPromptStageList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: stages_prompt_stages_create
description: PromptStage Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PromptStageRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/PromptStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/prompt/stages/{stage_uuid}/:
get:
operationId: stages_prompt_stages_retrieve
description: PromptStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Prompt Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PromptStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: stages_prompt_stages_update
description: PromptStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Prompt Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PromptStageRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PromptStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: stages_prompt_stages_partial_update
description: PromptStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Prompt Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedPromptStageRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PromptStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: stages_prompt_stages_destroy
description: PromptStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Prompt Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/prompt/stages/{stage_uuid}/used_by/:
get:
operationId: stages_prompt_stages_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this Prompt Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/user_delete/:
get:
operationId: stages_user_delete_list
description: UserDeleteStage Viewset
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: stage_uuid
schema:
type: string
format: uuid
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedUserDeleteStageList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: stages_user_delete_create
description: UserDeleteStage Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UserDeleteStageRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/UserDeleteStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/user_delete/{stage_uuid}/:
get:
operationId: stages_user_delete_retrieve
description: UserDeleteStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Delete Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserDeleteStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: stages_user_delete_update
description: UserDeleteStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Delete Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UserDeleteStageRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserDeleteStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: stages_user_delete_partial_update
description: UserDeleteStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Delete Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedUserDeleteStageRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserDeleteStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: stages_user_delete_destroy
description: UserDeleteStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Delete Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/user_delete/{stage_uuid}/used_by/:
get:
operationId: stages_user_delete_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Delete Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/user_login/:
get:
operationId: stages_user_login_list
description: UserLoginStage Viewset
parameters:
- in: query
name: geoip_binding
schema:
type: string
enum:
- bind_continent
- bind_continent_country
- bind_continent_country_city
- no_binding
description: |-
Bind sessions created by this stage to the configured GeoIP location
* `no_binding` - No Binding
* `bind_continent` - Bind Continent
* `bind_continent_country` - Bind Continent Country
* `bind_continent_country_city` - Bind Continent Country City
- in: query
name: name
schema:
type: string
- in: query
name: network_binding
schema:
type: string
enum:
- bind_asn
- bind_asn_network
- bind_asn_network_ip
- no_binding
description: |-
Bind sessions created by this stage to the configured network
* `no_binding` - No Binding
* `bind_asn` - Bind Asn
* `bind_asn_network` - Bind Asn Network
* `bind_asn_network_ip` - Bind Asn Network Ip
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- in: query
name: remember_me_offset
schema:
type: string
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: session_duration
schema:
type: string
- in: query
name: stage_uuid
schema:
type: string
format: uuid
- in: query
name: terminate_other_sessions
schema:
type: boolean
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedUserLoginStageList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: stages_user_login_create
description: UserLoginStage Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UserLoginStageRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/UserLoginStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/user_login/{stage_uuid}/:
get:
operationId: stages_user_login_retrieve
description: UserLoginStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Login Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserLoginStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: stages_user_login_update
description: UserLoginStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Login Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UserLoginStageRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserLoginStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: stages_user_login_partial_update
description: UserLoginStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Login Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedUserLoginStageRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserLoginStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: stages_user_login_destroy
description: UserLoginStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Login Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/user_login/{stage_uuid}/used_by/:
get:
operationId: stages_user_login_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Login Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/user_logout/:
get:
operationId: stages_user_logout_list
description: UserLogoutStage Viewset
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: stage_uuid
schema:
type: string
format: uuid
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedUserLogoutStageList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: stages_user_logout_create
description: UserLogoutStage Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UserLogoutStageRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/UserLogoutStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/user_logout/{stage_uuid}/:
get:
operationId: stages_user_logout_retrieve
description: UserLogoutStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Logout Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserLogoutStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: stages_user_logout_update
description: UserLogoutStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Logout Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UserLogoutStageRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserLogoutStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: stages_user_logout_partial_update
description: UserLogoutStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Logout Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedUserLogoutStageRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserLogoutStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: stages_user_logout_destroy
description: UserLogoutStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Logout Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/user_logout/{stage_uuid}/used_by/:
get:
operationId: stages_user_logout_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Logout Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/user_write/:
get:
operationId: stages_user_write_list
description: UserWriteStage Viewset
parameters:
- in: query
name: create_users_as_inactive
schema:
type: boolean
- in: query
name: create_users_group
schema:
type: string
format: uuid
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
- in: query
name: stage_uuid
schema:
type: string
format: uuid
- in: query
name: user_creation_mode
schema:
type: string
enum:
- always_create
- create_when_required
- never_create
description: |-
* `never_create` - Never Create
* `create_when_required` - Create When Required
* `always_create` - Always Create
- in: query
name: user_path_template
schema:
type: string
- in: query
name: user_type
schema:
type: string
enum:
- external
- internal
- internal_service_account
- service_account
description: |-
* `internal` - Internal
* `external` - External
* `service_account` - Service Account
* `internal_service_account` - Internal Service Account
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedUserWriteStageList'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
post:
operationId: stages_user_write_create
description: UserWriteStage Viewset
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UserWriteStageRequest'
required: true
security:
- authentik: []
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/UserWriteStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/user_write/{stage_uuid}/:
get:
operationId: stages_user_write_retrieve
description: UserWriteStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Write Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserWriteStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
put:
operationId: stages_user_write_update
description: UserWriteStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Write Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UserWriteStageRequest'
required: true
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserWriteStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
patch:
operationId: stages_user_write_partial_update
description: UserWriteStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Write Stage.
required: true
tags:
- stages
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedUserWriteStageRequest'
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserWriteStage'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
delete:
operationId: stages_user_write_destroy
description: UserWriteStage Viewset
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Write Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'204':
description: No response body
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
/stages/user_write/{stage_uuid}/used_by/:
get:
operationId: stages_user_write_used_by_list
description: Get a list of all objects that use this object
parameters:
- in: path
name: stage_uuid
schema:
type: string
format: uuid
description: A UUID string identifying this User Write Stage.
required: true
tags:
- stages
security:
- authentik: []
responses:
'200':
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/UsedBy'
description: ''
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/GenericError'
description: ''
components:
schemas:
AccessDeniedChallenge:
type: object
description: Challenge when a flow's active stage calls `stage_invalid()`.
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: ak-stage-access-denied
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
pending_user:
type: string
pending_user_avatar:
type: string
error_message:
type: string
required:
- pending_user
- pending_user_avatar
- type
App:
type: object
description: Serialize Application info
properties:
name:
type: string
label:
type: string
required:
- label
- name
AppEnum:
enum:
- authentik.admin
- authentik.api
- authentik.crypto
- authentik.events
- authentik.flows
- authentik.outposts
- authentik.policies.dummy
- authentik.policies.event_matcher
- authentik.policies.expiry
- authentik.policies.expression
- authentik.policies.password
- authentik.policies.reputation
- authentik.policies
- authentik.providers.ldap
- authentik.providers.oauth2
- authentik.providers.proxy
- authentik.providers.radius
- authentik.providers.saml
- authentik.providers.scim
- authentik.rbac
- authentik.recovery
- authentik.sources.ldap
- authentik.sources.oauth
- authentik.sources.plex
- authentik.sources.saml
- authentik.stages.authenticator
- authentik.stages.authenticator_duo
- authentik.stages.authenticator_sms
- authentik.stages.authenticator_static
- authentik.stages.authenticator_totp
- authentik.stages.authenticator_validate
- authentik.stages.authenticator_webauthn
- authentik.stages.captcha
- authentik.stages.consent
- authentik.stages.deny
- authentik.stages.dummy
- authentik.stages.email
- authentik.stages.identification
- authentik.stages.invitation
- authentik.stages.password
- authentik.stages.prompt
- authentik.stages.user_delete
- authentik.stages.user_login
- authentik.stages.user_logout
- authentik.stages.user_write
- authentik.tenants
- authentik.blueprints
- authentik.core
- authentik.enterprise
- authentik.enterprise.providers.rac
type: string
description: |-
* `authentik.admin` - authentik Admin
* `authentik.api` - authentik API
* `authentik.crypto` - authentik Crypto
* `authentik.events` - authentik Events
* `authentik.flows` - authentik Flows
* `authentik.outposts` - authentik Outpost
* `authentik.policies.dummy` - authentik Policies.Dummy
* `authentik.policies.event_matcher` - authentik Policies.Event Matcher
* `authentik.policies.expiry` - authentik Policies.Expiry
* `authentik.policies.expression` - authentik Policies.Expression
* `authentik.policies.password` - authentik Policies.Password
* `authentik.policies.reputation` - authentik Policies.Reputation
* `authentik.policies` - authentik Policies
* `authentik.providers.ldap` - authentik Providers.LDAP
* `authentik.providers.oauth2` - authentik Providers.OAuth2
* `authentik.providers.proxy` - authentik Providers.Proxy
* `authentik.providers.radius` - authentik Providers.Radius
* `authentik.providers.saml` - authentik Providers.SAML
* `authentik.providers.scim` - authentik Providers.SCIM
* `authentik.rbac` - authentik RBAC
* `authentik.recovery` - authentik Recovery
* `authentik.sources.ldap` - authentik Sources.LDAP
* `authentik.sources.oauth` - authentik Sources.OAuth
* `authentik.sources.plex` - authentik Sources.Plex
* `authentik.sources.saml` - authentik Sources.SAML
* `authentik.stages.authenticator` - authentik Stages.Authenticator
* `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
* `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
* `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static
* `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP
* `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate
* `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn
* `authentik.stages.captcha` - authentik Stages.Captcha
* `authentik.stages.consent` - authentik Stages.Consent
* `authentik.stages.deny` - authentik Stages.Deny
* `authentik.stages.dummy` - authentik Stages.Dummy
* `authentik.stages.email` - authentik Stages.Email
* `authentik.stages.identification` - authentik Stages.Identification
* `authentik.stages.invitation` - authentik Stages.User Invitation
* `authentik.stages.password` - authentik Stages.Password
* `authentik.stages.prompt` - authentik Stages.Prompt
* `authentik.stages.user_delete` - authentik Stages.User Delete
* `authentik.stages.user_login` - authentik Stages.User Login
* `authentik.stages.user_logout` - authentik Stages.User Logout
* `authentik.stages.user_write` - authentik Stages.User Write
* `authentik.tenants` - authentik Tenants
* `authentik.blueprints` - authentik Blueprints
* `authentik.core` - authentik Core
* `authentik.enterprise` - authentik Enterprise
* `authentik.enterprise.providers.rac` - authentik Enterprise.Providers.RAC
AppleChallengeResponseRequest:
type: object
description: Pseudo class for plex response
properties:
component:
type: string
minLength: 1
default: ak-source-oauth-apple
AppleLoginChallenge:
type: object
description: Special challenge for apple-native authentication flow, which happens
on the client.
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: ak-source-oauth-apple
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
client_id:
type: string
scope:
type: string
redirect_uri:
type: string
state:
type: string
required:
- client_id
- redirect_uri
- scope
- state
- type
Application:
type: object
description: Application Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Pbm uuid
name:
type: string
description: Application's display Name.
slug:
type: string
description: Internal application name, used in URLs.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
provider:
type: integer
nullable: true
provider_obj:
allOf:
- $ref: '#/components/schemas/Provider'
readOnly: true
backchannel_providers:
type: array
items:
type: integer
backchannel_providers_obj:
type: array
items:
$ref: '#/components/schemas/Provider'
readOnly: true
launch_url:
type: string
nullable: true
description: Allow formatting of launch URL
readOnly: true
open_in_new_tab:
type: boolean
description: Open launch URL in a new browser tab or window.
meta_launch_url:
type: string
format: uri
meta_icon:
type: string
nullable: true
description: |-
Get the URL to the App Icon image. If the name is /static or starts with http
it is returned as-is
readOnly: true
meta_description:
type: string
meta_publisher:
type: string
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
group:
type: string
required:
- backchannel_providers_obj
- launch_url
- meta_icon
- name
- pk
- provider_obj
- slug
ApplicationRequest:
type: object
description: Application Serializer
properties:
name:
type: string
minLength: 1
description: Application's display Name.
slug:
type: string
minLength: 1
description: Internal application name, used in URLs.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
provider:
type: integer
nullable: true
backchannel_providers:
type: array
items:
type: integer
open_in_new_tab:
type: boolean
description: Open launch URL in a new browser tab or window.
meta_launch_url:
type: string
format: uri
meta_description:
type: string
meta_publisher:
type: string
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
group:
type: string
required:
- name
- slug
AuthModeEnum:
enum:
- static
- prompt
type: string
description: |-
* `static` - Static
* `prompt` - Prompt
AuthTypeEnum:
enum:
- basic
- bearer
type: string
description: |-
* `basic` - Basic
* `bearer` - Bearer
AuthenticateWebAuthnStage:
type: object
description: AuthenticateWebAuthnStage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
description: Get object type so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSet'
configure_flow:
type: string
format: uuid
nullable: true
description: Flow used by an authenticated user to configure this Stage.
If empty, user will not be able to configure this stage.
friendly_name:
type: string
nullable: true
user_verification:
$ref: '#/components/schemas/UserVerificationEnum'
authenticator_attachment:
allOf:
- $ref: '#/components/schemas/AuthenticatorAttachmentEnum'
nullable: true
resident_key_requirement:
$ref: '#/components/schemas/ResidentKeyRequirementEnum'
required:
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
AuthenticateWebAuthnStageRequest:
type: object
description: AuthenticateWebAuthnStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
configure_flow:
type: string
format: uuid
nullable: true
description: Flow used by an authenticated user to configure this Stage.
If empty, user will not be able to configure this stage.
friendly_name:
type: string
nullable: true
minLength: 1
user_verification:
$ref: '#/components/schemas/UserVerificationEnum'
authenticator_attachment:
allOf:
- $ref: '#/components/schemas/AuthenticatorAttachmentEnum'
nullable: true
resident_key_requirement:
$ref: '#/components/schemas/ResidentKeyRequirementEnum'
required:
- name
AuthenticatedSession:
type: object
description: AuthenticatedSession Serializer
properties:
uuid:
type: string
format: uuid
current:
type: boolean
description: Check if session is currently active session
readOnly: true
user_agent:
type: object
description: Get parsed user agent
properties:
device:
type: object
description: User agent device
properties:
brand:
type: string
family:
type: string
model:
type: string
required:
- brand
- family
- model
os:
type: object
description: User agent os
properties:
family:
type: string
major:
type: string
minor:
type: string
patch:
type: string
patch_minor:
type: string
required:
- family
- major
- minor
- patch
- patch_minor
user_agent:
type: object
description: User agent browser
properties:
family:
type: string
major:
type: string
minor:
type: string
patch:
type: string
required:
- family
- major
- minor
- patch
string:
type: string
required:
- device
- os
- string
- user_agent
readOnly: true
geo_ip:
type: object
description: Get GeoIP Data
properties:
continent:
type: string
country:
type: string
lat:
type: number
format: double
long:
type: number
format: double
city:
type: string
required:
- city
- continent
- country
- lat
- long
nullable: true
readOnly: true
asn:
type: object
description: Get ASN Data
properties:
asn:
type: integer
as_org:
type: string
nullable: true
network:
type: string
nullable: true
required:
- as_org
- asn
- network
nullable: true
readOnly: true
user:
type: integer
last_ip:
type: string
last_user_agent:
type: string
last_used:
type: string
format: date-time
readOnly: true
expires:
type: string
format: date-time
required:
- asn
- current
- geo_ip
- last_ip
- last_used
- user
- user_agent
AuthenticationEnum:
enum:
- none
- require_authenticated
- require_unauthenticated
- require_superuser
- require_outpost
type: string
description: |-
* `none` - None
* `require_authenticated` - Require Authenticated
* `require_unauthenticated` - Require Unauthenticated
* `require_superuser` - Require Superuser
* `require_outpost` - Require Outpost
AuthenticatorAttachmentEnum:
enum:
- platform
- cross-platform
type: string
description: |-
* `platform` - Platform
* `cross-platform` - Cross Platform
AuthenticatorDuoChallenge:
type: object
description: Duo Challenge
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: ak-stage-authenticator-duo
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
pending_user:
type: string
pending_user_avatar:
type: string
activation_barcode:
type: string
activation_code:
type: string
stage_uuid:
type: string
required:
- activation_barcode
- activation_code
- pending_user
- pending_user_avatar
- stage_uuid
- type
AuthenticatorDuoChallengeResponseRequest:
type: object
description: Pseudo class for duo response
properties:
component:
type: string
minLength: 1
default: ak-stage-authenticator-duo
AuthenticatorDuoStage:
type: object
description: AuthenticatorDuoStage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
description: Get object type so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSet'
configure_flow:
type: string
format: uuid
nullable: true
description: Flow used by an authenticated user to configure this Stage.
If empty, user will not be able to configure this stage.
friendly_name:
type: string
nullable: true
client_id:
type: string
api_hostname:
type: string
admin_integration_key:
type: string
required:
- api_hostname
- client_id
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
AuthenticatorDuoStageDeviceImportResponse:
type: object
properties:
count:
type: integer
readOnly: true
error:
type: string
readOnly: true
required:
- count
- error
AuthenticatorDuoStageManualDeviceImportRequest:
type: object
properties:
duo_user_id:
type: string
minLength: 1
username:
type: string
minLength: 1
required:
- duo_user_id
- username
AuthenticatorDuoStageRequest:
type: object
description: AuthenticatorDuoStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
configure_flow:
type: string
format: uuid
nullable: true
description: Flow used by an authenticated user to configure this Stage.
If empty, user will not be able to configure this stage.
friendly_name:
type: string
nullable: true
minLength: 1
client_id:
type: string
minLength: 1
client_secret:
type: string
writeOnly: true
minLength: 1
api_hostname:
type: string
minLength: 1
admin_integration_key:
type: string
admin_secret_key:
type: string
writeOnly: true
required:
- api_hostname
- client_id
- client_secret
- name
AuthenticatorSMSChallenge:
type: object
description: SMS Setup challenge
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: ak-stage-authenticator-sms
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
pending_user:
type: string
pending_user_avatar:
type: string
phone_number_required:
type: boolean
default: true
required:
- pending_user
- pending_user_avatar
- type
AuthenticatorSMSChallengeResponseRequest:
type: object
description: SMS Challenge response, device is set by get_response_instance
properties:
component:
type: string
minLength: 1
default: ak-stage-authenticator-sms
code:
type: integer
phone_number:
type: string
minLength: 1
AuthenticatorSMSStage:
type: object
description: AuthenticatorSMSStage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
description: Get object type so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSet'
configure_flow:
type: string
format: uuid
nullable: true
description: Flow used by an authenticated user to configure this Stage.
If empty, user will not be able to configure this stage.
friendly_name:
type: string
nullable: true
provider:
$ref: '#/components/schemas/ProviderEnum'
from_number:
type: string
account_sid:
type: string
auth:
type: string
auth_password:
type: string
auth_type:
$ref: '#/components/schemas/AuthTypeEnum'
verify_only:
type: boolean
description: When enabled, the Phone number is only used during enrollment
to verify the users authenticity. Only a hash of the phone number is saved
to ensure it is not reused in the future.
mapping:
type: string
format: uuid
nullable: true
description: Optionally modify the payload being sent to custom providers.
required:
- account_sid
- auth
- component
- from_number
- meta_model_name
- name
- pk
- provider
- verbose_name
- verbose_name_plural
AuthenticatorSMSStageRequest:
type: object
description: AuthenticatorSMSStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
configure_flow:
type: string
format: uuid
nullable: true
description: Flow used by an authenticated user to configure this Stage.
If empty, user will not be able to configure this stage.
friendly_name:
type: string
nullable: true
minLength: 1
provider:
$ref: '#/components/schemas/ProviderEnum'
from_number:
type: string
minLength: 1
account_sid:
type: string
minLength: 1
auth:
type: string
minLength: 1
auth_password:
type: string
auth_type:
$ref: '#/components/schemas/AuthTypeEnum'
verify_only:
type: boolean
description: When enabled, the Phone number is only used during enrollment
to verify the users authenticity. Only a hash of the phone number is saved
to ensure it is not reused in the future.
mapping:
type: string
format: uuid
nullable: true
description: Optionally modify the payload being sent to custom providers.
required:
- account_sid
- auth
- from_number
- name
- provider
AuthenticatorStaticChallenge:
type: object
description: Static authenticator challenge
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: ak-stage-authenticator-static
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
pending_user:
type: string
pending_user_avatar:
type: string
codes:
type: array
items:
type: string
required:
- codes
- pending_user
- pending_user_avatar
- type
AuthenticatorStaticChallengeResponseRequest:
type: object
description: Pseudo class for static response
properties:
component:
type: string
minLength: 1
default: ak-stage-authenticator-static
AuthenticatorStaticStage:
type: object
description: AuthenticatorStaticStage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
description: Get object type so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSet'
configure_flow:
type: string
format: uuid
nullable: true
description: Flow used by an authenticated user to configure this Stage.
If empty, user will not be able to configure this stage.
friendly_name:
type: string
nullable: true
token_count:
type: integer
maximum: 2147483647
minimum: 0
token_length:
type: integer
maximum: 2147483647
minimum: 0
required:
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
AuthenticatorStaticStageRequest:
type: object
description: AuthenticatorStaticStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
configure_flow:
type: string
format: uuid
nullable: true
description: Flow used by an authenticated user to configure this Stage.
If empty, user will not be able to configure this stage.
friendly_name:
type: string
nullable: true
minLength: 1
token_count:
type: integer
maximum: 2147483647
minimum: 0
token_length:
type: integer
maximum: 2147483647
minimum: 0
required:
- name
AuthenticatorTOTPChallenge:
type: object
description: TOTP Setup challenge
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: ak-stage-authenticator-totp
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
pending_user:
type: string
pending_user_avatar:
type: string
config_url:
type: string
required:
- config_url
- pending_user
- pending_user_avatar
- type
AuthenticatorTOTPChallengeResponseRequest:
type: object
description: TOTP Challenge response, device is set by get_response_instance
properties:
component:
type: string
minLength: 1
default: ak-stage-authenticator-totp
code:
type: integer
required:
- code
AuthenticatorTOTPStage:
type: object
description: AuthenticatorTOTPStage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
description: Get object type so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSet'
configure_flow:
type: string
format: uuid
nullable: true
description: Flow used by an authenticated user to configure this Stage.
If empty, user will not be able to configure this stage.
friendly_name:
type: string
nullable: true
digits:
$ref: '#/components/schemas/DigitsEnum'
required:
- component
- digits
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
AuthenticatorTOTPStageRequest:
type: object
description: AuthenticatorTOTPStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
configure_flow:
type: string
format: uuid
nullable: true
description: Flow used by an authenticated user to configure this Stage.
If empty, user will not be able to configure this stage.
friendly_name:
type: string
nullable: true
minLength: 1
digits:
$ref: '#/components/schemas/DigitsEnum'
required:
- digits
- name
AuthenticatorValidateStage:
type: object
description: AuthenticatorValidateStage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
description: Get object type so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSet'
not_configured_action:
$ref: '#/components/schemas/NotConfiguredActionEnum'
device_classes:
type: array
items:
$ref: '#/components/schemas/DeviceClassesEnum'
description: Device classes which can be used to authenticate
configuration_stages:
type: array
items:
type: string
format: uuid
description: Stages used to configure Authenticator when user doesn't have
any compatible devices. After this configuration Stage passes, the user
is not prompted again.
last_auth_threshold:
type: string
description: If any of the user's device has been used within this threshold,
this stage will be skipped
webauthn_user_verification:
allOf:
- $ref: '#/components/schemas/UserVerificationEnum'
description: |-
Enforce user verification for WebAuthn devices.
* `required` - Required
* `preferred` - Preferred
* `discouraged` - Discouraged
required:
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
AuthenticatorValidateStageRequest:
type: object
description: AuthenticatorValidateStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
not_configured_action:
$ref: '#/components/schemas/NotConfiguredActionEnum'
device_classes:
type: array
items:
$ref: '#/components/schemas/DeviceClassesEnum'
description: Device classes which can be used to authenticate
configuration_stages:
type: array
items:
type: string
format: uuid
description: Stages used to configure Authenticator when user doesn't have
any compatible devices. After this configuration Stage passes, the user
is not prompted again.
last_auth_threshold:
type: string
minLength: 1
description: If any of the user's device has been used within this threshold,
this stage will be skipped
webauthn_user_verification:
allOf:
- $ref: '#/components/schemas/UserVerificationEnum'
description: |-
Enforce user verification for WebAuthn devices.
* `required` - Required
* `preferred` - Preferred
* `discouraged` - Discouraged
required:
- name
AuthenticatorValidationChallenge:
type: object
description: Authenticator challenge
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: ak-stage-authenticator-validate
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
pending_user:
type: string
pending_user_avatar:
type: string
device_challenges:
type: array
items:
$ref: '#/components/schemas/DeviceChallenge'
configuration_stages:
type: array
items:
$ref: '#/components/schemas/SelectableStage'
required:
- configuration_stages
- device_challenges
- pending_user
- pending_user_avatar
- type
AuthenticatorValidationChallengeResponseRequest:
type: object
description: Challenge used for Code-based and WebAuthn authenticators
properties:
component:
type: string
minLength: 1
default: ak-stage-authenticator-validate
selected_challenge:
$ref: '#/components/schemas/DeviceChallengeRequest'
selected_stage:
type: string
minLength: 1
code:
type: string
minLength: 1
webauthn:
type: object
additionalProperties: {}
duo:
type: integer
AuthenticatorWebAuthnChallenge:
type: object
description: WebAuthn Challenge
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: ak-stage-authenticator-webauthn
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
pending_user:
type: string
pending_user_avatar:
type: string
registration:
type: object
additionalProperties: {}
required:
- pending_user
- pending_user_avatar
- registration
- type
AuthenticatorWebAuthnChallengeResponseRequest:
type: object
description: WebAuthn Challenge response
properties:
component:
type: string
minLength: 1
default: ak-stage-authenticator-webauthn
response:
type: object
additionalProperties: {}
required:
- response
AutoSubmitChallengeResponseRequest:
type: object
description: Pseudo class for autosubmit response
properties:
component:
type: string
minLength: 1
default: ak-stage-autosubmit
AutosubmitChallenge:
type: object
description: Autosubmit challenge used to send and navigate a POST request
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: ak-stage-autosubmit
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
url:
type: string
attrs:
type: object
additionalProperties:
type: string
title:
type: string
required:
- attrs
- type
- url
BackendsEnum:
enum:
- authentik.core.auth.InbuiltBackend
- authentik.core.auth.TokenBackend
- authentik.sources.ldap.auth.LDAPBackend
type: string
description: |-
* `authentik.core.auth.InbuiltBackend` - User database + standard password
* `authentik.core.auth.TokenBackend` - User database + app passwords
* `authentik.sources.ldap.auth.LDAPBackend` - User database + LDAP password
BindingTypeEnum:
enum:
- REDIRECT
- POST
- POST_AUTO
type: string
description: |-
* `REDIRECT` - Redirect Binding
* `POST` - POST Binding
* `POST_AUTO` - POST Binding with auto-confirmation
BlueprintFile:
type: object
properties:
path:
type: string
last_m:
type: string
format: date-time
hash:
type: string
meta:
allOf:
- $ref: '#/components/schemas/Metadata'
readOnly: true
required:
- hash
- last_m
- meta
- path
BlueprintInstance:
type: object
description: Info about a single blueprint instance file
properties:
pk:
type: string
format: uuid
readOnly: true
title: Instance uuid
name:
type: string
path:
type: string
default: ''
context: {}
last_applied:
type: string
format: date-time
readOnly: true
last_applied_hash:
type: string
readOnly: true
status:
allOf:
- $ref: '#/components/schemas/BlueprintInstanceStatusEnum'
readOnly: true
enabled:
type: boolean
managed_models:
type: array
items:
type: string
readOnly: true
metadata:
readOnly: true
content:
type: string
required:
- last_applied
- last_applied_hash
- managed_models
- metadata
- name
- pk
- status
BlueprintInstanceRequest:
type: object
description: Info about a single blueprint instance file
properties:
name:
type: string
minLength: 1
path:
type: string
default: ''
context: {}
enabled:
type: boolean
content:
type: string
required:
- name
BlueprintInstanceStatusEnum:
enum:
- successful
- warning
- error
- orphaned
- unknown
type: string
description: |-
* `successful` - Successful
* `warning` - Warning
* `error` - Error
* `orphaned` - Orphaned
* `unknown` - Unknown
Cache:
type: object
description: Generic cache stats for an object
properties:
count:
type: integer
readOnly: true
required:
- count
CapabilitiesEnum:
enum:
- can_save_media
- can_geo_ip
- can_asn
- can_impersonate
- can_debug
- is_enterprise
type: string
description: |-
* `can_save_media` - Can Save Media
* `can_geo_ip` - Can Geo Ip
* `can_asn` - Can Asn
* `can_impersonate` - Can Impersonate
* `can_debug` - Can Debug
* `is_enterprise` - Is Enterprise
CaptchaChallenge:
type: object
description: Site public key
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: ak-stage-captcha
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
pending_user:
type: string
pending_user_avatar:
type: string
site_key:
type: string
js_url:
type: string
required:
- js_url
- pending_user
- pending_user_avatar
- site_key
- type
CaptchaChallengeResponseRequest:
type: object
description: Validate captcha token
properties:
component:
type: string
minLength: 1
default: ak-stage-captcha
token:
type: string
minLength: 1
required:
- token
CaptchaStage:
type: object
description: CaptchaStage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
description: Get object type so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSet'
public_key:
type: string
description: Public key, acquired your captcha Provider.
js_url:
type: string
api_url:
type: string
required:
- component
- meta_model_name
- name
- pk
- public_key
- verbose_name
- verbose_name_plural
CaptchaStageRequest:
type: object
description: CaptchaStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
public_key:
type: string
minLength: 1
description: Public key, acquired your captcha Provider.
private_key:
type: string
writeOnly: true
minLength: 1
description: Private key, acquired your captcha Provider.
js_url:
type: string
minLength: 1
api_url:
type: string
minLength: 1
required:
- name
- private_key
- public_key
CertificateData:
type: object
description: Get CertificateKeyPair's data
properties:
data:
type: string
readOnly: true
required:
- data
CertificateGenerationRequest:
type: object
description: Certificate generation parameters
properties:
common_name:
type: string
minLength: 1
subject_alt_name:
type: string
validity_days:
type: integer
required:
- common_name
- validity_days
CertificateKeyPair:
type: object
description: CertificateKeyPair Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Kp uuid
name:
type: string
fingerprint_sha256:
type: string
nullable: true
description: Get certificate Hash (SHA256)
readOnly: true
fingerprint_sha1:
type: string
nullable: true
description: Get certificate Hash (SHA1)
readOnly: true
cert_expiry:
type: string
format: date-time
nullable: true
description: Get certificate expiry
readOnly: true
cert_subject:
type: string
nullable: true
description: Get certificate subject as full rfc4514
readOnly: true
private_key_available:
type: boolean
description: Show if this keypair has a private key configured or not
readOnly: true
private_key_type:
type: string
nullable: true
description: Get the private key's type, if set
readOnly: true
certificate_download_url:
type: string
description: Get URL to download certificate
readOnly: true
private_key_download_url:
type: string
description: Get URL to download private key
readOnly: true
managed:
type: string
readOnly: true
nullable: true
title: Managed by authentik
description: Objects that are managed by authentik. These objects are created
and updated automatically. This flag only indicates that an object can
be overwritten by migrations. You can still modify the objects via the
API, but expect changes to be overwritten in a later update.
required:
- cert_expiry
- cert_subject
- certificate_download_url
- fingerprint_sha1
- fingerprint_sha256
- managed
- name
- pk
- private_key_available
- private_key_download_url
- private_key_type
CertificateKeyPairRequest:
type: object
description: CertificateKeyPair Serializer
properties:
name:
type: string
minLength: 1
certificate_data:
type: string
writeOnly: true
minLength: 1
description: PEM-encoded Certificate data
key_data:
type: string
writeOnly: true
description: Optional Private Key. If this is set, you can use this keypair
for encryption.
required:
- certificate_data
- name
ChallengeChoices:
enum:
- native
- shell
- redirect
type: string
description: |-
* `native` - NATIVE
* `shell` - SHELL
* `redirect` - REDIRECT
ChallengeTypes:
oneOf:
- $ref: '#/components/schemas/AccessDeniedChallenge'
- $ref: '#/components/schemas/AppleLoginChallenge'
- $ref: '#/components/schemas/AuthenticatorDuoChallenge'
- $ref: '#/components/schemas/AuthenticatorSMSChallenge'
- $ref: '#/components/schemas/AuthenticatorStaticChallenge'
- $ref: '#/components/schemas/AuthenticatorTOTPChallenge'
- $ref: '#/components/schemas/AuthenticatorValidationChallenge'
- $ref: '#/components/schemas/AuthenticatorWebAuthnChallenge'
- $ref: '#/components/schemas/AutosubmitChallenge'
- $ref: '#/components/schemas/CaptchaChallenge'
- $ref: '#/components/schemas/ConsentChallenge'
- $ref: '#/components/schemas/DummyChallenge'
- $ref: '#/components/schemas/EmailChallenge'
- $ref: '#/components/schemas/FlowErrorChallenge'
- $ref: '#/components/schemas/IdentificationChallenge'
- $ref: '#/components/schemas/OAuthDeviceCodeChallenge'
- $ref: '#/components/schemas/OAuthDeviceCodeFinishChallenge'
- $ref: '#/components/schemas/PasswordChallenge'
- $ref: '#/components/schemas/PlexAuthenticationChallenge'
- $ref: '#/components/schemas/PromptChallenge'
- $ref: '#/components/schemas/RedirectChallenge'
- $ref: '#/components/schemas/ShellChallenge'
- $ref: '#/components/schemas/UserLoginChallenge'
discriminator:
propertyName: component
mapping:
ak-stage-access-denied: '#/components/schemas/AccessDeniedChallenge'
ak-source-oauth-apple: '#/components/schemas/AppleLoginChallenge'
ak-stage-authenticator-duo: '#/components/schemas/AuthenticatorDuoChallenge'
ak-stage-authenticator-sms: '#/components/schemas/AuthenticatorSMSChallenge'
ak-stage-authenticator-static: '#/components/schemas/AuthenticatorStaticChallenge'
ak-stage-authenticator-totp: '#/components/schemas/AuthenticatorTOTPChallenge'
ak-stage-authenticator-validate: '#/components/schemas/AuthenticatorValidationChallenge'
ak-stage-authenticator-webauthn: '#/components/schemas/AuthenticatorWebAuthnChallenge'
ak-stage-autosubmit: '#/components/schemas/AutosubmitChallenge'
ak-stage-captcha: '#/components/schemas/CaptchaChallenge'
ak-stage-consent: '#/components/schemas/ConsentChallenge'
ak-stage-dummy: '#/components/schemas/DummyChallenge'
ak-stage-email: '#/components/schemas/EmailChallenge'
ak-stage-flow-error: '#/components/schemas/FlowErrorChallenge'
ak-stage-identification: '#/components/schemas/IdentificationChallenge'
ak-provider-oauth2-device-code: '#/components/schemas/OAuthDeviceCodeChallenge'
ak-provider-oauth2-device-code-finish: '#/components/schemas/OAuthDeviceCodeFinishChallenge'
ak-stage-password: '#/components/schemas/PasswordChallenge'
ak-source-plex: '#/components/schemas/PlexAuthenticationChallenge'
ak-stage-prompt: '#/components/schemas/PromptChallenge'
xak-flow-redirect: '#/components/schemas/RedirectChallenge'
xak-flow-shell: '#/components/schemas/ShellChallenge'
ak-stage-user-login: '#/components/schemas/UserLoginChallenge'
ClientTypeEnum:
enum:
- confidential
- public
type: string
description: |-
* `confidential` - Confidential
* `public` - Public
Config:
type: object
description: Serialize authentik Config into DRF Object
properties:
error_reporting:
$ref: '#/components/schemas/ErrorReportingConfig'
capabilities:
type: array
items:
$ref: '#/components/schemas/CapabilitiesEnum'
cache_timeout:
type: integer
cache_timeout_flows:
type: integer
cache_timeout_policies:
type: integer
cache_timeout_reputation:
type: integer
required:
- cache_timeout
- cache_timeout_flows
- cache_timeout_policies
- cache_timeout_reputation
- capabilities
- error_reporting
ConsentChallenge:
type: object
description: Challenge info for consent screens
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: ak-stage-consent
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
pending_user:
type: string
pending_user_avatar:
type: string
header_text:
type: string
permissions:
type: array
items:
$ref: '#/components/schemas/ConsentPermission'
additional_permissions:
type: array
items:
$ref: '#/components/schemas/ConsentPermission'
token:
type: string
required:
- additional_permissions
- pending_user
- pending_user_avatar
- permissions
- token
- type
ConsentChallengeResponseRequest:
type: object
description: Consent challenge response, any valid response request is valid
properties:
component:
type: string
minLength: 1
default: ak-stage-consent
token:
type: string
minLength: 1
required:
- token
ConsentPermission:
type: object
description: Permission used for consent
properties:
name:
type: string
id:
type: string
required:
- id
- name
ConsentStage:
type: object
description: ConsentStage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
description: Get object type so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSet'
mode:
$ref: '#/components/schemas/ConsentStageModeEnum'
consent_expire_in:
type: string
title: Consent expires in
description: 'Offset after which consent expires. (Format: hours=1;minutes=2;seconds=3).'
required:
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
ConsentStageModeEnum:
enum:
- always_require
- permanent
- expiring
type: string
description: |-
* `always_require` - Always Require
* `permanent` - Permanent
* `expiring` - Expiring
ConsentStageRequest:
type: object
description: ConsentStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
mode:
$ref: '#/components/schemas/ConsentStageModeEnum'
consent_expire_in:
type: string
minLength: 1
title: Consent expires in
description: 'Offset after which consent expires. (Format: hours=1;minutes=2;seconds=3).'
required:
- name
ContextualFlowInfo:
type: object
description: Contextual flow information for a challenge
properties:
title:
type: string
background:
type: string
cancel_url:
type: string
layout:
$ref: '#/components/schemas/ContextualFlowInfoLayoutEnum'
required:
- cancel_url
- layout
ContextualFlowInfoLayoutEnum:
enum:
- stacked
- content_left
- content_right
- sidebar_left
- sidebar_right
type: string
description: |-
* `stacked` - STACKED
* `content_left` - CONTENT_LEFT
* `content_right` - CONTENT_RIGHT
* `sidebar_left` - SIDEBAR_LEFT
* `sidebar_right` - SIDEBAR_RIGHT
Coordinate:
type: object
description: Coordinates for diagrams
properties:
x_cord:
type: integer
readOnly: true
y_cord:
type: integer
readOnly: true
required:
- x_cord
- y_cord
CurrentTenant:
type: object
description: Partial tenant information for styling
properties:
matched_domain:
type: string
branding_title:
type: string
branding_logo:
type: string
branding_favicon:
type: string
ui_footer_links:
type: array
items:
$ref: '#/components/schemas/FooterLink'
readOnly: true
default: []
ui_theme:
allOf:
- $ref: '#/components/schemas/UiThemeEnum'
readOnly: true
default: automatic
flow_authentication:
type: string
flow_invalidation:
type: string
flow_recovery:
type: string
flow_unenrollment:
type: string
flow_user_settings:
type: string
flow_device_code:
type: string
default_locale:
type: string
readOnly: true
required:
- branding_favicon
- branding_logo
- branding_title
- default_locale
- matched_domain
- ui_footer_links
- ui_theme
DeniedActionEnum:
enum:
- message_continue
- message
- continue
type: string
description: |-
* `message_continue` - Message Continue
* `message` - Message
* `continue` - Continue
DenyStage:
type: object
description: DenyStage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
description: Get object type so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSet'
deny_message:
type: string
required:
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
DenyStageRequest:
type: object
description: DenyStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
deny_message:
type: string
required:
- name
Device:
type: object
description: Serializer for Duo authenticator devices
properties:
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
pk:
type: integer
name:
type: string
type:
type: string
description: Get type of device
readOnly: true
confirmed:
type: boolean
required:
- confirmed
- meta_model_name
- name
- pk
- type
- verbose_name
- verbose_name_plural
DeviceChallenge:
type: object
description: Single device challenge
properties:
device_class:
type: string
device_uid:
type: string
challenge:
type: object
additionalProperties: {}
required:
- challenge
- device_class
- device_uid
DeviceChallengeRequest:
type: object
description: Single device challenge
properties:
device_class:
type: string
minLength: 1
device_uid:
type: string
minLength: 1
challenge:
type: object
additionalProperties: {}
required:
- challenge
- device_class
- device_uid
DeviceClassesEnum:
enum:
- static
- totp
- webauthn
- duo
- sms
type: string
description: |-
* `static` - Static
* `totp` - TOTP
* `webauthn` - WebAuthn
* `duo` - Duo
* `sms` - SMS
DigestAlgorithmEnum:
enum:
- http://www.w3.org/2000/09/xmldsig#sha1
- http://www.w3.org/2001/04/xmlenc#sha256
- http://www.w3.org/2001/04/xmldsig-more#sha384
- http://www.w3.org/2001/04/xmlenc#sha512
type: string
description: |-
* `http://www.w3.org/2000/09/xmldsig#sha1` - SHA1
* `http://www.w3.org/2001/04/xmlenc#sha256` - SHA256
* `http://www.w3.org/2001/04/xmldsig-more#sha384` - SHA384
* `http://www.w3.org/2001/04/xmlenc#sha512` - SHA512
DigitsEnum:
enum:
- '6'
- '8'
type: string
description: |-
* `6` - 6 digits, widely compatible
* `8` - 8 digits, not compatible with apps like Google Authenticator
DockerServiceConnection:
type: object
description: DockerServiceConnection Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Uuid
name:
type: string
local:
type: boolean
description: If enabled, use the local connection. Required Docker socket/Kubernetes
Integration
component:
type: string
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
url:
type: string
description: Can be in the format of 'unix://<path>' when connecting to
a local docker daemon, or 'https://<hostname>:2376' when connecting to
a remote system.
tls_verification:
type: string
format: uuid
nullable: true
description: CA which the endpoint's Certificate is verified against. Can
be left empty for no validation.
tls_authentication:
type: string
format: uuid
nullable: true
description: Certificate/Key used for authentication. Can be left empty
for no authentication.
required:
- component
- meta_model_name
- name
- pk
- url
- verbose_name
- verbose_name_plural
DockerServiceConnectionRequest:
type: object
description: DockerServiceConnection Serializer
properties:
name:
type: string
minLength: 1
local:
type: boolean
description: If enabled, use the local connection. Required Docker socket/Kubernetes
Integration
url:
type: string
minLength: 1
description: Can be in the format of 'unix://<path>' when connecting to
a local docker daemon, or 'https://<hostname>:2376' when connecting to
a remote system.
tls_verification:
type: string
format: uuid
nullable: true
description: CA which the endpoint's Certificate is verified against. Can
be left empty for no validation.
tls_authentication:
type: string
format: uuid
nullable: true
description: Certificate/Key used for authentication. Can be left empty
for no authentication.
required:
- name
- url
DummyChallenge:
type: object
description: Dummy challenge
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: ak-stage-dummy
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
required:
- type
DummyChallengeResponseRequest:
type: object
description: Dummy challenge response
properties:
component:
type: string
minLength: 1
default: ak-stage-dummy
DummyPolicy:
type: object
description: Dummy Policy Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Policy uuid
name:
type: string
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
component:
type: string
description: Get object component so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
bound_to:
type: integer
description: Return objects policy is bound to
readOnly: true
result:
type: boolean
wait_min:
type: integer
maximum: 2147483647
minimum: -2147483648
wait_max:
type: integer
maximum: 2147483647
minimum: -2147483648
required:
- bound_to
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
DummyPolicyRequest:
type: object
description: Dummy Policy Serializer
properties:
name:
type: string
minLength: 1
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
result:
type: boolean
wait_min:
type: integer
maximum: 2147483647
minimum: -2147483648
wait_max:
type: integer
maximum: 2147483647
minimum: -2147483648
required:
- name
DummyStage:
type: object
description: DummyStage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
description: Get object type so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSet'
throw_error:
type: boolean
required:
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
DummyStageRequest:
type: object
description: DummyStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
throw_error:
type: boolean
required:
- name
DuoDevice:
type: object
description: Serializer for Duo authenticator devices
properties:
pk:
type: integer
readOnly: true
title: ID
name:
type: string
description: The human-readable name of this device.
maxLength: 64
required:
- name
- pk
DuoDeviceEnrollmentStatus:
type: object
properties:
duo_response:
$ref: '#/components/schemas/DuoResponseEnum'
required:
- duo_response
DuoDeviceRequest:
type: object
description: Serializer for Duo authenticator devices
properties:
name:
type: string
minLength: 1
description: The human-readable name of this device.
maxLength: 64
required:
- name
DuoResponseEnum:
enum:
- success
- waiting
- invalid
type: string
description: |-
* `success` - Success
* `waiting` - Waiting
* `invalid` - Invalid
EmailChallenge:
type: object
description: Email challenge
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: ak-stage-email
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
required:
- type
EmailChallengeResponseRequest:
type: object
description: |-
Email challenge resposen. No fields. This challenge is
always declared invalid to give the user a chance to retry
properties:
component:
type: string
minLength: 1
default: ak-stage-email
EmailStage:
type: object
description: EmailStage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
description: Get object type so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSet'
use_global_settings:
type: boolean
description: When enabled, global Email connection settings will be used
and connection settings below will be ignored.
host:
type: string
port:
type: integer
maximum: 2147483647
minimum: -2147483648
username:
type: string
use_tls:
type: boolean
use_ssl:
type: boolean
timeout:
type: integer
maximum: 2147483647
minimum: -2147483648
from_address:
type: string
format: email
maxLength: 254
token_expiry:
type: integer
maximum: 2147483647
minimum: -2147483648
description: Time in minutes the token sent is valid.
subject:
type: string
template:
type: string
activate_user_on_success:
type: boolean
description: Activate users upon completion of stage.
required:
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
EmailStageRequest:
type: object
description: EmailStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
use_global_settings:
type: boolean
description: When enabled, global Email connection settings will be used
and connection settings below will be ignored.
host:
type: string
minLength: 1
port:
type: integer
maximum: 2147483647
minimum: -2147483648
username:
type: string
password:
type: string
writeOnly: true
use_tls:
type: boolean
use_ssl:
type: boolean
timeout:
type: integer
maximum: 2147483647
minimum: -2147483648
from_address:
type: string
format: email
minLength: 1
maxLength: 254
token_expiry:
type: integer
maximum: 2147483647
minimum: -2147483648
description: Time in minutes the token sent is valid.
subject:
type: string
minLength: 1
template:
type: string
minLength: 1
activate_user_on_success:
type: boolean
description: Activate users upon completion of stage.
required:
- name
Endpoint:
type: object
description: Endpoint Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Pbm uuid
name:
type: string
provider:
type: integer
provider_obj:
allOf:
- $ref: '#/components/schemas/RACProvider'
readOnly: true
protocol:
$ref: '#/components/schemas/ProtocolEnum'
host:
type: string
settings: {}
property_mappings:
type: array
items:
type: string
format: uuid
auth_mode:
$ref: '#/components/schemas/AuthModeEnum'
launch_url:
type: string
nullable: true
description: |-
Build actual launch URL (the provider itself does not have one, just
individual endpoints)
readOnly: true
required:
- auth_mode
- host
- launch_url
- name
- pk
- protocol
- provider
- provider_obj
EndpointRequest:
type: object
description: Endpoint Serializer
properties:
name:
type: string
minLength: 1
provider:
type: integer
protocol:
$ref: '#/components/schemas/ProtocolEnum'
host:
type: string
minLength: 1
settings: {}
property_mappings:
type: array
items:
type: string
format: uuid
auth_mode:
$ref: '#/components/schemas/AuthModeEnum'
required:
- auth_mode
- host
- name
- protocol
- provider
ErrorDetail:
type: object
description: Serializer for rest_framework's error messages
properties:
string:
type: string
code:
type: string
required:
- code
- string
ErrorReportingConfig:
type: object
description: Config for error reporting
properties:
enabled:
type: boolean
readOnly: true
sentry_dsn:
type: string
readOnly: true
environment:
type: string
readOnly: true
send_pii:
type: boolean
readOnly: true
traces_sample_rate:
type: number
format: double
readOnly: true
required:
- enabled
- environment
- send_pii
- sentry_dsn
- traces_sample_rate
Event:
type: object
description: Event Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Event uuid
user: {}
action:
$ref: '#/components/schemas/EventActions'
app:
type: string
context: {}
client_ip:
type: string
nullable: true
created:
type: string
format: date-time
readOnly: true
expires:
type: string
format: date-time
tenant: {}
required:
- action
- app
- created
- pk
EventActions:
enum:
- login
- login_failed
- logout
- user_write
- suspicious_request
- password_set
- secret_view
- secret_rotate
- invitation_used
- authorize_application
- source_linked
- impersonation_started
- impersonation_ended
- flow_execution
- policy_execution
- policy_exception
- property_mapping_exception
- system_task_execution
- system_task_exception
- system_exception
- configuration_error
- model_created
- model_updated
- model_deleted
- email_sent
- update_available
- custom_
type: string
description: |-
* `login` - Login
* `login_failed` - Login Failed
* `logout` - Logout
* `user_write` - User Write
* `suspicious_request` - Suspicious Request
* `password_set` - Password Set
* `secret_view` - Secret View
* `secret_rotate` - Secret Rotate
* `invitation_used` - Invite Used
* `authorize_application` - Authorize Application
* `source_linked` - Source Linked
* `impersonation_started` - Impersonation Started
* `impersonation_ended` - Impersonation Ended
* `flow_execution` - Flow Execution
* `policy_execution` - Policy Execution
* `policy_exception` - Policy Exception
* `property_mapping_exception` - Property Mapping Exception
* `system_task_execution` - System Task Execution
* `system_task_exception` - System Task Exception
* `system_exception` - System Exception
* `configuration_error` - Configuration Error
* `model_created` - Model Created
* `model_updated` - Model Updated
* `model_deleted` - Model Deleted
* `email_sent` - Email Sent
* `update_available` - Update Available
* `custom_` - Custom Prefix
EventMatcherPolicy:
type: object
description: Event Matcher Policy Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Policy uuid
name:
type: string
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
component:
type: string
description: Get object component so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
bound_to:
type: integer
description: Return objects policy is bound to
readOnly: true
action:
allOf:
- $ref: '#/components/schemas/EventActions'
nullable: true
description: |-
Match created events with this action type. When left empty, all action types will be matched.
* `login` - Login
* `login_failed` - Login Failed
* `logout` - Logout
* `user_write` - User Write
* `suspicious_request` - Suspicious Request
* `password_set` - Password Set
* `secret_view` - Secret View
* `secret_rotate` - Secret Rotate
* `invitation_used` - Invite Used
* `authorize_application` - Authorize Application
* `source_linked` - Source Linked
* `impersonation_started` - Impersonation Started
* `impersonation_ended` - Impersonation Ended
* `flow_execution` - Flow Execution
* `policy_execution` - Policy Execution
* `policy_exception` - Policy Exception
* `property_mapping_exception` - Property Mapping Exception
* `system_task_execution` - System Task Execution
* `system_task_exception` - System Task Exception
* `system_exception` - System Exception
* `configuration_error` - Configuration Error
* `model_created` - Model Created
* `model_updated` - Model Updated
* `model_deleted` - Model Deleted
* `email_sent` - Email Sent
* `update_available` - Update Available
* `custom_` - Custom Prefix
client_ip:
type: string
nullable: true
description: Matches Event's Client IP (strict matching, for network matching
use an Expression Policy)
app:
allOf:
- $ref: '#/components/schemas/AppEnum'
nullable: true
description: |-
Match events created by selected application. When left empty, all applications are matched.
* `authentik.admin` - authentik Admin
* `authentik.api` - authentik API
* `authentik.crypto` - authentik Crypto
* `authentik.events` - authentik Events
* `authentik.flows` - authentik Flows
* `authentik.outposts` - authentik Outpost
* `authentik.policies.dummy` - authentik Policies.Dummy
* `authentik.policies.event_matcher` - authentik Policies.Event Matcher
* `authentik.policies.expiry` - authentik Policies.Expiry
* `authentik.policies.expression` - authentik Policies.Expression
* `authentik.policies.password` - authentik Policies.Password
* `authentik.policies.reputation` - authentik Policies.Reputation
* `authentik.policies` - authentik Policies
* `authentik.providers.ldap` - authentik Providers.LDAP
* `authentik.providers.oauth2` - authentik Providers.OAuth2
* `authentik.providers.proxy` - authentik Providers.Proxy
* `authentik.providers.radius` - authentik Providers.Radius
* `authentik.providers.saml` - authentik Providers.SAML
* `authentik.providers.scim` - authentik Providers.SCIM
* `authentik.rbac` - authentik RBAC
* `authentik.recovery` - authentik Recovery
* `authentik.sources.ldap` - authentik Sources.LDAP
* `authentik.sources.oauth` - authentik Sources.OAuth
* `authentik.sources.plex` - authentik Sources.Plex
* `authentik.sources.saml` - authentik Sources.SAML
* `authentik.stages.authenticator` - authentik Stages.Authenticator
* `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
* `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
* `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static
* `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP
* `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate
* `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn
* `authentik.stages.captcha` - authentik Stages.Captcha
* `authentik.stages.consent` - authentik Stages.Consent
* `authentik.stages.deny` - authentik Stages.Deny
* `authentik.stages.dummy` - authentik Stages.Dummy
* `authentik.stages.email` - authentik Stages.Email
* `authentik.stages.identification` - authentik Stages.Identification
* `authentik.stages.invitation` - authentik Stages.User Invitation
* `authentik.stages.password` - authentik Stages.Password
* `authentik.stages.prompt` - authentik Stages.Prompt
* `authentik.stages.user_delete` - authentik Stages.User Delete
* `authentik.stages.user_login` - authentik Stages.User Login
* `authentik.stages.user_logout` - authentik Stages.User Logout
* `authentik.stages.user_write` - authentik Stages.User Write
* `authentik.tenants` - authentik Tenants
* `authentik.blueprints` - authentik Blueprints
* `authentik.core` - authentik Core
* `authentik.enterprise` - authentik Enterprise
* `authentik.enterprise.providers.rac` - authentik Enterprise.Providers.RAC
model:
allOf:
- $ref: '#/components/schemas/ModelEnum'
nullable: true
description: |-
Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
* `authentik_crypto.certificatekeypair` - Certificate-Key Pair
* `authentik_events.event` - Event
* `authentik_events.notificationtransport` - Notification Transport
* `authentik_events.notification` - Notification
* `authentik_events.notificationrule` - Notification Rule
* `authentik_events.notificationwebhookmapping` - Webhook Mapping
* `authentik_flows.flow` - Flow
* `authentik_flows.flowstagebinding` - Flow Stage Binding
* `authentik_outposts.dockerserviceconnection` - Docker Service-Connection
* `authentik_outposts.kubernetesserviceconnection` - Kubernetes Service-Connection
* `authentik_outposts.outpost` - Outpost
* `authentik_policies_dummy.dummypolicy` - Dummy Policy
* `authentik_policies_event_matcher.eventmatcherpolicy` - Event Matcher Policy
* `authentik_policies_expiry.passwordexpirypolicy` - Password Expiry Policy
* `authentik_policies_expression.expressionpolicy` - Expression Policy
* `authentik_policies_password.passwordpolicy` - Password Policy
* `authentik_policies_reputation.reputationpolicy` - Reputation Policy
* `authentik_policies_reputation.reputation` - Reputation Score
* `authentik_policies.policybinding` - Policy Binding
* `authentik_providers_ldap.ldapprovider` - LDAP Provider
* `authentik_providers_oauth2.scopemapping` - Scope Mapping
* `authentik_providers_oauth2.oauth2provider` - OAuth2/OpenID Provider
* `authentik_providers_oauth2.authorizationcode` - Authorization Code
* `authentik_providers_oauth2.accesstoken` - OAuth2 Access Token
* `authentik_providers_oauth2.refreshtoken` - OAuth2 Refresh Token
* `authentik_providers_proxy.proxyprovider` - Proxy Provider
* `authentik_providers_radius.radiusprovider` - Radius Provider
* `authentik_providers_saml.samlprovider` - SAML Provider
* `authentik_providers_saml.samlpropertymapping` - SAML Property Mapping
* `authentik_providers_scim.scimprovider` - SCIM Provider
* `authentik_providers_scim.scimmapping` - SCIM Mapping
* `authentik_rbac.role` - Role
* `authentik_sources_ldap.ldapsource` - LDAP Source
* `authentik_sources_ldap.ldappropertymapping` - LDAP Property Mapping
* `authentik_sources_oauth.oauthsource` - OAuth Source
* `authentik_sources_oauth.useroauthsourceconnection` - User OAuth Source Connection
* `authentik_sources_plex.plexsource` - Plex Source
* `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection
* `authentik_sources_saml.samlsource` - SAML Source
* `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection
* `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage
* `authentik_stages_authenticator_duo.duodevice` - Duo Device
* `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
* `authentik_stages_authenticator_sms.smsdevice` - SMS Device
* `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage
* `authentik_stages_authenticator_static.staticdevice` - Static Device
* `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage
* `authentik_stages_authenticator_totp.totpdevice` - TOTP Device
* `authentik_stages_authenticator_validate.authenticatorvalidatestage` - Authenticator Validation Stage
* `authentik_stages_authenticator_webauthn.authenticatewebauthnstage` - WebAuthn Authenticator Setup Stage
* `authentik_stages_authenticator_webauthn.webauthndevice` - WebAuthn Device
* `authentik_stages_captcha.captchastage` - Captcha Stage
* `authentik_stages_consent.consentstage` - Consent Stage
* `authentik_stages_consent.userconsent` - User Consent
* `authentik_stages_deny.denystage` - Deny Stage
* `authentik_stages_dummy.dummystage` - Dummy Stage
* `authentik_stages_email.emailstage` - Email Stage
* `authentik_stages_identification.identificationstage` - Identification Stage
* `authentik_stages_invitation.invitationstage` - Invitation Stage
* `authentik_stages_invitation.invitation` - Invitation
* `authentik_stages_password.passwordstage` - Password Stage
* `authentik_stages_prompt.prompt` - Prompt
* `authentik_stages_prompt.promptstage` - Prompt Stage
* `authentik_stages_user_delete.userdeletestage` - User Delete Stage
* `authentik_stages_user_login.userloginstage` - User Login Stage
* `authentik_stages_user_logout.userlogoutstage` - User Logout Stage
* `authentik_stages_user_write.userwritestage` - User Write Stage
* `authentik_tenants.tenant` - Tenant
* `authentik_blueprints.blueprintinstance` - Blueprint Instance
* `authentik_core.group` - Group
* `authentik_core.user` - User
* `authentik_core.application` - Application
* `authentik_core.token` - Token
* `authentik_enterprise.license` - License
* `authentik_providers_rac.racprovider` - RAC Provider
* `authentik_providers_rac.endpoint` - RAC Endpoint
* `authentik_providers_rac.racpropertymapping` - RAC Property Mapping
required:
- bound_to
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
EventMatcherPolicyRequest:
type: object
description: Event Matcher Policy Serializer
properties:
name:
type: string
minLength: 1
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
action:
allOf:
- $ref: '#/components/schemas/EventActions'
nullable: true
description: |-
Match created events with this action type. When left empty, all action types will be matched.
* `login` - Login
* `login_failed` - Login Failed
* `logout` - Logout
* `user_write` - User Write
* `suspicious_request` - Suspicious Request
* `password_set` - Password Set
* `secret_view` - Secret View
* `secret_rotate` - Secret Rotate
* `invitation_used` - Invite Used
* `authorize_application` - Authorize Application
* `source_linked` - Source Linked
* `impersonation_started` - Impersonation Started
* `impersonation_ended` - Impersonation Ended
* `flow_execution` - Flow Execution
* `policy_execution` - Policy Execution
* `policy_exception` - Policy Exception
* `property_mapping_exception` - Property Mapping Exception
* `system_task_execution` - System Task Execution
* `system_task_exception` - System Task Exception
* `system_exception` - System Exception
* `configuration_error` - Configuration Error
* `model_created` - Model Created
* `model_updated` - Model Updated
* `model_deleted` - Model Deleted
* `email_sent` - Email Sent
* `update_available` - Update Available
* `custom_` - Custom Prefix
client_ip:
type: string
nullable: true
minLength: 1
description: Matches Event's Client IP (strict matching, for network matching
use an Expression Policy)
app:
allOf:
- $ref: '#/components/schemas/AppEnum'
nullable: true
description: |-
Match events created by selected application. When left empty, all applications are matched.
* `authentik.admin` - authentik Admin
* `authentik.api` - authentik API
* `authentik.crypto` - authentik Crypto
* `authentik.events` - authentik Events
* `authentik.flows` - authentik Flows
* `authentik.outposts` - authentik Outpost
* `authentik.policies.dummy` - authentik Policies.Dummy
* `authentik.policies.event_matcher` - authentik Policies.Event Matcher
* `authentik.policies.expiry` - authentik Policies.Expiry
* `authentik.policies.expression` - authentik Policies.Expression
* `authentik.policies.password` - authentik Policies.Password
* `authentik.policies.reputation` - authentik Policies.Reputation
* `authentik.policies` - authentik Policies
* `authentik.providers.ldap` - authentik Providers.LDAP
* `authentik.providers.oauth2` - authentik Providers.OAuth2
* `authentik.providers.proxy` - authentik Providers.Proxy
* `authentik.providers.radius` - authentik Providers.Radius
* `authentik.providers.saml` - authentik Providers.SAML
* `authentik.providers.scim` - authentik Providers.SCIM
* `authentik.rbac` - authentik RBAC
* `authentik.recovery` - authentik Recovery
* `authentik.sources.ldap` - authentik Sources.LDAP
* `authentik.sources.oauth` - authentik Sources.OAuth
* `authentik.sources.plex` - authentik Sources.Plex
* `authentik.sources.saml` - authentik Sources.SAML
* `authentik.stages.authenticator` - authentik Stages.Authenticator
* `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
* `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
* `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static
* `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP
* `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate
* `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn
* `authentik.stages.captcha` - authentik Stages.Captcha
* `authentik.stages.consent` - authentik Stages.Consent
* `authentik.stages.deny` - authentik Stages.Deny
* `authentik.stages.dummy` - authentik Stages.Dummy
* `authentik.stages.email` - authentik Stages.Email
* `authentik.stages.identification` - authentik Stages.Identification
* `authentik.stages.invitation` - authentik Stages.User Invitation
* `authentik.stages.password` - authentik Stages.Password
* `authentik.stages.prompt` - authentik Stages.Prompt
* `authentik.stages.user_delete` - authentik Stages.User Delete
* `authentik.stages.user_login` - authentik Stages.User Login
* `authentik.stages.user_logout` - authentik Stages.User Logout
* `authentik.stages.user_write` - authentik Stages.User Write
* `authentik.tenants` - authentik Tenants
* `authentik.blueprints` - authentik Blueprints
* `authentik.core` - authentik Core
* `authentik.enterprise` - authentik Enterprise
* `authentik.enterprise.providers.rac` - authentik Enterprise.Providers.RAC
model:
allOf:
- $ref: '#/components/schemas/ModelEnum'
nullable: true
description: |-
Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
* `authentik_crypto.certificatekeypair` - Certificate-Key Pair
* `authentik_events.event` - Event
* `authentik_events.notificationtransport` - Notification Transport
* `authentik_events.notification` - Notification
* `authentik_events.notificationrule` - Notification Rule
* `authentik_events.notificationwebhookmapping` - Webhook Mapping
* `authentik_flows.flow` - Flow
* `authentik_flows.flowstagebinding` - Flow Stage Binding
* `authentik_outposts.dockerserviceconnection` - Docker Service-Connection
* `authentik_outposts.kubernetesserviceconnection` - Kubernetes Service-Connection
* `authentik_outposts.outpost` - Outpost
* `authentik_policies_dummy.dummypolicy` - Dummy Policy
* `authentik_policies_event_matcher.eventmatcherpolicy` - Event Matcher Policy
* `authentik_policies_expiry.passwordexpirypolicy` - Password Expiry Policy
* `authentik_policies_expression.expressionpolicy` - Expression Policy
* `authentik_policies_password.passwordpolicy` - Password Policy
* `authentik_policies_reputation.reputationpolicy` - Reputation Policy
* `authentik_policies_reputation.reputation` - Reputation Score
* `authentik_policies.policybinding` - Policy Binding
* `authentik_providers_ldap.ldapprovider` - LDAP Provider
* `authentik_providers_oauth2.scopemapping` - Scope Mapping
* `authentik_providers_oauth2.oauth2provider` - OAuth2/OpenID Provider
* `authentik_providers_oauth2.authorizationcode` - Authorization Code
* `authentik_providers_oauth2.accesstoken` - OAuth2 Access Token
* `authentik_providers_oauth2.refreshtoken` - OAuth2 Refresh Token
* `authentik_providers_proxy.proxyprovider` - Proxy Provider
* `authentik_providers_radius.radiusprovider` - Radius Provider
* `authentik_providers_saml.samlprovider` - SAML Provider
* `authentik_providers_saml.samlpropertymapping` - SAML Property Mapping
* `authentik_providers_scim.scimprovider` - SCIM Provider
* `authentik_providers_scim.scimmapping` - SCIM Mapping
* `authentik_rbac.role` - Role
* `authentik_sources_ldap.ldapsource` - LDAP Source
* `authentik_sources_ldap.ldappropertymapping` - LDAP Property Mapping
* `authentik_sources_oauth.oauthsource` - OAuth Source
* `authentik_sources_oauth.useroauthsourceconnection` - User OAuth Source Connection
* `authentik_sources_plex.plexsource` - Plex Source
* `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection
* `authentik_sources_saml.samlsource` - SAML Source
* `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection
* `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage
* `authentik_stages_authenticator_duo.duodevice` - Duo Device
* `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
* `authentik_stages_authenticator_sms.smsdevice` - SMS Device
* `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage
* `authentik_stages_authenticator_static.staticdevice` - Static Device
* `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage
* `authentik_stages_authenticator_totp.totpdevice` - TOTP Device
* `authentik_stages_authenticator_validate.authenticatorvalidatestage` - Authenticator Validation Stage
* `authentik_stages_authenticator_webauthn.authenticatewebauthnstage` - WebAuthn Authenticator Setup Stage
* `authentik_stages_authenticator_webauthn.webauthndevice` - WebAuthn Device
* `authentik_stages_captcha.captchastage` - Captcha Stage
* `authentik_stages_consent.consentstage` - Consent Stage
* `authentik_stages_consent.userconsent` - User Consent
* `authentik_stages_deny.denystage` - Deny Stage
* `authentik_stages_dummy.dummystage` - Dummy Stage
* `authentik_stages_email.emailstage` - Email Stage
* `authentik_stages_identification.identificationstage` - Identification Stage
* `authentik_stages_invitation.invitationstage` - Invitation Stage
* `authentik_stages_invitation.invitation` - Invitation
* `authentik_stages_password.passwordstage` - Password Stage
* `authentik_stages_prompt.prompt` - Prompt
* `authentik_stages_prompt.promptstage` - Prompt Stage
* `authentik_stages_user_delete.userdeletestage` - User Delete Stage
* `authentik_stages_user_login.userloginstage` - User Login Stage
* `authentik_stages_user_logout.userlogoutstage` - User Logout Stage
* `authentik_stages_user_write.userwritestage` - User Write Stage
* `authentik_tenants.tenant` - Tenant
* `authentik_blueprints.blueprintinstance` - Blueprint Instance
* `authentik_core.group` - Group
* `authentik_core.user` - User
* `authentik_core.application` - Application
* `authentik_core.token` - Token
* `authentik_enterprise.license` - License
* `authentik_providers_rac.racprovider` - RAC Provider
* `authentik_providers_rac.endpoint` - RAC Endpoint
* `authentik_providers_rac.racpropertymapping` - RAC Property Mapping
required:
- name
EventRequest:
type: object
description: Event Serializer
properties:
user: {}
action:
$ref: '#/components/schemas/EventActions'
app:
type: string
minLength: 1
context: {}
client_ip:
type: string
nullable: true
minLength: 1
expires:
type: string
format: date-time
tenant: {}
required:
- action
- app
EventTopPerUser:
type: object
description: Response object of Event's top_per_user
properties:
application:
type: object
additionalProperties: {}
counted_events:
type: integer
unique_users:
type: integer
required:
- application
- counted_events
- unique_users
ExpiringBaseGrantModel:
type: object
description: Serializer for BaseGrantModel and ExpiringBaseGrant
properties:
pk:
type: integer
readOnly: true
title: ID
provider:
$ref: '#/components/schemas/OAuth2Provider'
user:
$ref: '#/components/schemas/User'
is_expired:
type: boolean
description: Check if token is expired yet.
readOnly: true
expires:
type: string
format: date-time
scope:
type: array
items:
type: string
required:
- is_expired
- pk
- provider
- scope
- user
ExpressionPolicy:
type: object
description: Group Membership Policy Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Policy uuid
name:
type: string
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
component:
type: string
description: Get object component so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
bound_to:
type: integer
description: Return objects policy is bound to
readOnly: true
expression:
type: string
required:
- bound_to
- component
- expression
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
ExpressionPolicyRequest:
type: object
description: Group Membership Policy Serializer
properties:
name:
type: string
minLength: 1
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
expression:
type: string
minLength: 1
required:
- expression
- name
ExtraRoleObjectPermission:
type: object
description: User permission with additional object-related data
properties:
id:
type: integer
readOnly: true
codename:
type: string
readOnly: true
model:
type: string
title: Python model class name
readOnly: true
app_label:
type: string
readOnly: true
object_pk:
type: string
title: Object ID
readOnly: true
name:
type: string
readOnly: true
app_label_verbose:
type: string
description: Get app label from permission's model
readOnly: true
model_verbose:
type: string
description: Get model label from permission's model
readOnly: true
object_description:
type: string
nullable: true
description: |-
Get model description from attached model. This operation takes at least
one additional query, and the description is only shown if the user/role has the
view_ permission on the object
readOnly: true
required:
- app_label
- app_label_verbose
- codename
- id
- model
- model_verbose
- name
- object_description
- object_pk
ExtraUserObjectPermission:
type: object
description: User permission with additional object-related data
properties:
id:
type: integer
readOnly: true
codename:
type: string
readOnly: true
model:
type: string
title: Python model class name
readOnly: true
app_label:
type: string
readOnly: true
object_pk:
type: string
title: Object ID
readOnly: true
name:
type: string
readOnly: true
app_label_verbose:
type: string
description: Get app label from permission's model
readOnly: true
model_verbose:
type: string
description: Get model label from permission's model
readOnly: true
object_description:
type: string
nullable: true
description: |-
Get model description from attached model. This operation takes at least
one additional query, and the description is only shown if the user/role has the
view_ permission on the object
readOnly: true
required:
- app_label
- app_label_verbose
- codename
- id
- model
- model_verbose
- name
- object_description
- object_pk
FilePathRequest:
type: object
description: Serializer to upload file
properties:
url:
type: string
minLength: 1
required:
- url
FileUploadRequest:
type: object
description: Serializer to upload file
properties:
file:
type: string
format: binary
clear:
type: boolean
default: false
Flow:
type: object
description: Flow Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Flow uuid
policybindingmodel_ptr_id:
type: string
format: uuid
readOnly: true
name:
type: string
slug:
type: string
description: Visible in the URL.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
title:
type: string
description: Shown as the Title in Flow pages.
designation:
allOf:
- $ref: '#/components/schemas/FlowDesignationEnum'
description: |-
Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik.
* `authentication` - Authentication
* `authorization` - Authorization
* `invalidation` - Invalidation
* `enrollment` - Enrollment
* `unenrollment` - Unrenollment
* `recovery` - Recovery
* `stage_configuration` - Stage Configuration
background:
type: string
description: |-
Get the URL to the background image. If the name is /static or starts with http
it is returned as-is
readOnly: true
stages:
type: array
items:
type: string
format: uuid
readOnly: true
policies:
type: array
items:
type: string
format: uuid
readOnly: true
cache_count:
type: integer
description: Get count of cached flows
readOnly: true
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
compatibility_mode:
type: boolean
description: Enable compatibility mode, increases compatibility with password
managers on mobile devices.
export_url:
type: string
description: Get export URL for flow
readOnly: true
layout:
$ref: '#/components/schemas/FlowLayoutEnum'
denied_action:
allOf:
- $ref: '#/components/schemas/DeniedActionEnum'
description: |-
Configure what should happen when a flow denies access to a user.
* `message_continue` - Message Continue
* `message` - Message
* `continue` - Continue
authentication:
allOf:
- $ref: '#/components/schemas/AuthenticationEnum'
description: |-
Required level of authentication and authorization to access a flow.
* `none` - None
* `require_authenticated` - Require Authenticated
* `require_unauthenticated` - Require Unauthenticated
* `require_superuser` - Require Superuser
* `require_outpost` - Require Outpost
required:
- background
- cache_count
- designation
- export_url
- name
- pk
- policies
- policybindingmodel_ptr_id
- slug
- stages
- title
FlowChallengeResponseRequest:
oneOf:
- $ref: '#/components/schemas/AppleChallengeResponseRequest'
- $ref: '#/components/schemas/AuthenticatorDuoChallengeResponseRequest'
- $ref: '#/components/schemas/AuthenticatorSMSChallengeResponseRequest'
- $ref: '#/components/schemas/AuthenticatorStaticChallengeResponseRequest'
- $ref: '#/components/schemas/AuthenticatorTOTPChallengeResponseRequest'
- $ref: '#/components/schemas/AuthenticatorValidationChallengeResponseRequest'
- $ref: '#/components/schemas/AuthenticatorWebAuthnChallengeResponseRequest'
- $ref: '#/components/schemas/AutoSubmitChallengeResponseRequest'
- $ref: '#/components/schemas/CaptchaChallengeResponseRequest'
- $ref: '#/components/schemas/ConsentChallengeResponseRequest'
- $ref: '#/components/schemas/DummyChallengeResponseRequest'
- $ref: '#/components/schemas/EmailChallengeResponseRequest'
- $ref: '#/components/schemas/IdentificationChallengeResponseRequest'
- $ref: '#/components/schemas/OAuthDeviceCodeChallengeResponseRequest'
- $ref: '#/components/schemas/OAuthDeviceCodeFinishChallengeResponseRequest'
- $ref: '#/components/schemas/PasswordChallengeResponseRequest'
- $ref: '#/components/schemas/PlexAuthenticationChallengeResponseRequest'
- $ref: '#/components/schemas/PromptChallengeResponseRequest'
- $ref: '#/components/schemas/UserLoginChallengeResponseRequest'
discriminator:
propertyName: component
mapping:
ak-source-oauth-apple: '#/components/schemas/AppleChallengeResponseRequest'
ak-stage-authenticator-duo: '#/components/schemas/AuthenticatorDuoChallengeResponseRequest'
ak-stage-authenticator-sms: '#/components/schemas/AuthenticatorSMSChallengeResponseRequest'
ak-stage-authenticator-static: '#/components/schemas/AuthenticatorStaticChallengeResponseRequest'
ak-stage-authenticator-totp: '#/components/schemas/AuthenticatorTOTPChallengeResponseRequest'
ak-stage-authenticator-validate: '#/components/schemas/AuthenticatorValidationChallengeResponseRequest'
ak-stage-authenticator-webauthn: '#/components/schemas/AuthenticatorWebAuthnChallengeResponseRequest'
ak-stage-autosubmit: '#/components/schemas/AutoSubmitChallengeResponseRequest'
ak-stage-captcha: '#/components/schemas/CaptchaChallengeResponseRequest'
ak-stage-consent: '#/components/schemas/ConsentChallengeResponseRequest'
ak-stage-dummy: '#/components/schemas/DummyChallengeResponseRequest'
ak-stage-email: '#/components/schemas/EmailChallengeResponseRequest'
ak-stage-identification: '#/components/schemas/IdentificationChallengeResponseRequest'
ak-provider-oauth2-device-code: '#/components/schemas/OAuthDeviceCodeChallengeResponseRequest'
ak-provider-oauth2-device-code-finish: '#/components/schemas/OAuthDeviceCodeFinishChallengeResponseRequest'
ak-stage-password: '#/components/schemas/PasswordChallengeResponseRequest'
ak-source-plex: '#/components/schemas/PlexAuthenticationChallengeResponseRequest'
ak-stage-prompt: '#/components/schemas/PromptChallengeResponseRequest'
ak-stage-user-login: '#/components/schemas/UserLoginChallengeResponseRequest'
FlowDesignationEnum:
enum:
- authentication
- authorization
- invalidation
- enrollment
- unenrollment
- recovery
- stage_configuration
type: string
description: |-
* `authentication` - Authentication
* `authorization` - Authorization
* `invalidation` - Invalidation
* `enrollment` - Enrollment
* `unenrollment` - Unrenollment
* `recovery` - Recovery
* `stage_configuration` - Stage Configuration
FlowDiagram:
type: object
description: response of the flow's diagram action
properties:
diagram:
type: string
readOnly: true
required:
- diagram
FlowErrorChallenge:
type: object
description: |-
Challenge class when an unhandled error occurs during a stage. Normal users
are shown an error message, superusers are shown a full stacktrace.
properties:
type:
type: string
default: native
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: ak-stage-flow-error
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
request_id:
type: string
error:
type: string
traceback:
type: string
required:
- request_id
FlowImportResult:
type: object
description: Logs of an attempted flow import
properties:
logs:
type: array
items:
type: object
additionalProperties: {}
readOnly: true
success:
type: boolean
readOnly: true
required:
- logs
- success
FlowInspection:
type: object
description: Serializer for inspect endpoint
properties:
plans:
type: array
items:
$ref: '#/components/schemas/FlowInspectorPlan'
current_plan:
$ref: '#/components/schemas/FlowInspectorPlan'
is_completed:
type: boolean
required:
- is_completed
- plans
FlowInspectorPlan:
type: object
description: Serializer for an active FlowPlan
properties:
current_stage:
allOf:
- $ref: '#/components/schemas/FlowStageBinding'
readOnly: true
next_planned_stage:
allOf:
- $ref: '#/components/schemas/FlowStageBinding'
readOnly: true
plan_context:
type: object
additionalProperties: {}
description: Get the plan's context, sanitized
readOnly: true
session_id:
type: string
description: Get a unique session ID
readOnly: true
required:
- current_stage
- next_planned_stage
- plan_context
- session_id
FlowLayoutEnum:
enum:
- stacked
- content_left
- content_right
- sidebar_left
- sidebar_right
type: string
description: |-
* `stacked` - Stacked
* `content_left` - Content Left
* `content_right` - Content Right
* `sidebar_left` - Sidebar Left
* `sidebar_right` - Sidebar Right
FlowRequest:
type: object
description: Flow Serializer
properties:
name:
type: string
minLength: 1
slug:
type: string
minLength: 1
description: Visible in the URL.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
title:
type: string
minLength: 1
description: Shown as the Title in Flow pages.
designation:
allOf:
- $ref: '#/components/schemas/FlowDesignationEnum'
description: |-
Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik.
* `authentication` - Authentication
* `authorization` - Authorization
* `invalidation` - Invalidation
* `enrollment` - Enrollment
* `unenrollment` - Unrenollment
* `recovery` - Recovery
* `stage_configuration` - Stage Configuration
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
compatibility_mode:
type: boolean
description: Enable compatibility mode, increases compatibility with password
managers on mobile devices.
layout:
$ref: '#/components/schemas/FlowLayoutEnum'
denied_action:
allOf:
- $ref: '#/components/schemas/DeniedActionEnum'
description: |-
Configure what should happen when a flow denies access to a user.
* `message_continue` - Message Continue
* `message` - Message
* `continue` - Continue
authentication:
allOf:
- $ref: '#/components/schemas/AuthenticationEnum'
description: |-
Required level of authentication and authorization to access a flow.
* `none` - None
* `require_authenticated` - Require Authenticated
* `require_unauthenticated` - Require Unauthenticated
* `require_superuser` - Require Superuser
* `require_outpost` - Require Outpost
required:
- designation
- name
- slug
- title
FlowSet:
type: object
description: Stripped down flow serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Flow uuid
policybindingmodel_ptr_id:
type: string
format: uuid
readOnly: true
name:
type: string
slug:
type: string
description: Visible in the URL.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
title:
type: string
description: Shown as the Title in Flow pages.
designation:
allOf:
- $ref: '#/components/schemas/FlowDesignationEnum'
description: |-
Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik.
* `authentication` - Authentication
* `authorization` - Authorization
* `invalidation` - Invalidation
* `enrollment` - Enrollment
* `unenrollment` - Unrenollment
* `recovery` - Recovery
* `stage_configuration` - Stage Configuration
background:
type: string
description: |-
Get the URL to the background image. If the name is /static or starts with http
it is returned as-is
readOnly: true
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
compatibility_mode:
type: boolean
description: Enable compatibility mode, increases compatibility with password
managers on mobile devices.
export_url:
type: string
description: Get export URL for flow
readOnly: true
layout:
$ref: '#/components/schemas/FlowLayoutEnum'
denied_action:
allOf:
- $ref: '#/components/schemas/DeniedActionEnum'
description: |-
Configure what should happen when a flow denies access to a user.
* `message_continue` - Message Continue
* `message` - Message
* `continue` - Continue
required:
- background
- designation
- export_url
- name
- pk
- policybindingmodel_ptr_id
- slug
- title
FlowSetRequest:
type: object
description: Stripped down flow serializer
properties:
name:
type: string
minLength: 1
slug:
type: string
minLength: 1
description: Visible in the URL.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
title:
type: string
minLength: 1
description: Shown as the Title in Flow pages.
designation:
allOf:
- $ref: '#/components/schemas/FlowDesignationEnum'
description: |-
Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik.
* `authentication` - Authentication
* `authorization` - Authorization
* `invalidation` - Invalidation
* `enrollment` - Enrollment
* `unenrollment` - Unrenollment
* `recovery` - Recovery
* `stage_configuration` - Stage Configuration
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
compatibility_mode:
type: boolean
description: Enable compatibility mode, increases compatibility with password
managers on mobile devices.
layout:
$ref: '#/components/schemas/FlowLayoutEnum'
denied_action:
allOf:
- $ref: '#/components/schemas/DeniedActionEnum'
description: |-
Configure what should happen when a flow denies access to a user.
* `message_continue` - Message Continue
* `message` - Message
* `continue` - Continue
required:
- designation
- name
- slug
- title
FlowStageBinding:
type: object
description: FlowStageBinding Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Fsb uuid
policybindingmodel_ptr_id:
type: string
format: uuid
readOnly: true
target:
type: string
format: uuid
stage:
type: string
format: uuid
stage_obj:
allOf:
- $ref: '#/components/schemas/Stage'
readOnly: true
evaluate_on_plan:
type: boolean
description: Evaluate policies during the Flow planning process.
re_evaluate_policies:
type: boolean
description: Evaluate policies when the Stage is present to the user.
order:
type: integer
maximum: 2147483647
minimum: -2147483648
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
invalid_response_action:
allOf:
- $ref: '#/components/schemas/InvalidResponseActionEnum'
description: |-
Configure how the flow executor should handle an invalid response to a challenge. RETRY returns the error message and a similar challenge to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT restarts the flow while keeping the current context.
* `retry` - Retry
* `restart` - Restart
* `restart_with_context` - Restart With Context
required:
- order
- pk
- policybindingmodel_ptr_id
- stage
- stage_obj
- target
FlowStageBindingRequest:
type: object
description: FlowStageBinding Serializer
properties:
target:
type: string
format: uuid
stage:
type: string
format: uuid
evaluate_on_plan:
type: boolean
description: Evaluate policies during the Flow planning process.
re_evaluate_policies:
type: boolean
description: Evaluate policies when the Stage is present to the user.
order:
type: integer
maximum: 2147483647
minimum: -2147483648
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
invalid_response_action:
allOf:
- $ref: '#/components/schemas/InvalidResponseActionEnum'
description: |-
Configure how the flow executor should handle an invalid response to a challenge. RETRY returns the error message and a similar challenge to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT restarts the flow while keeping the current context.
* `retry` - Retry
* `restart` - Restart
* `restart_with_context` - Restart With Context
required:
- order
- stage
- target
FooterLink:
type: object
description: Links returned in Config API
properties:
href:
type: string
readOnly: true
name:
type: string
readOnly: true
required:
- href
- name
GenericError:
type: object
description: Generic API Error
properties:
detail:
type: string
code:
type: string
required:
- detail
GeoipBindingEnum:
enum:
- no_binding
- bind_continent
- bind_continent_country
- bind_continent_country_city
type: string
description: |-
* `no_binding` - No Binding
* `bind_continent` - Bind Continent
* `bind_continent_country` - Bind Continent Country
* `bind_continent_country_city` - Bind Continent Country City
Group:
type: object
description: Group Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Group uuid
num_pk:
type: integer
readOnly: true
name:
type: string
maxLength: 80
is_superuser:
type: boolean
description: Users added to this group will be superusers.
parent:
type: string
format: uuid
nullable: true
parent_name:
type: string
readOnly: true
nullable: true
users:
type: array
items:
type: integer
users_obj:
type: array
items:
$ref: '#/components/schemas/GroupMember'
readOnly: true
attributes:
type: object
additionalProperties: {}
roles:
type: array
items:
type: string
format: uuid
roles_obj:
type: array
items:
$ref: '#/components/schemas/Role'
readOnly: true
required:
- name
- num_pk
- parent_name
- pk
- roles_obj
- users_obj
GroupMember:
type: object
description: Stripped down user serializer to show relevant users for groups
properties:
pk:
type: integer
readOnly: true
title: ID
username:
type: string
description: Required. 150 characters or fewer. Letters, digits and @/./+/-/_
only.
pattern: ^[\w.@+-]+$
maxLength: 150
name:
type: string
description: User's display name.
is_active:
type: boolean
title: Active
description: Designates whether this user should be treated as active. Unselect
this instead of deleting accounts.
last_login:
type: string
format: date-time
nullable: true
email:
type: string
format: email
title: Email address
maxLength: 254
attributes:
type: object
additionalProperties: {}
uid:
type: string
readOnly: true
required:
- name
- pk
- uid
- username
GroupMemberRequest:
type: object
description: Stripped down user serializer to show relevant users for groups
properties:
username:
type: string
minLength: 1
description: Required. 150 characters or fewer. Letters, digits and @/./+/-/_
only.
pattern: ^[\w.@+-]+$
maxLength: 150
name:
type: string
minLength: 1
description: User's display name.
is_active:
type: boolean
title: Active
description: Designates whether this user should be treated as active. Unselect
this instead of deleting accounts.
last_login:
type: string
format: date-time
nullable: true
email:
type: string
format: email
title: Email address
maxLength: 254
attributes:
type: object
additionalProperties: {}
required:
- name
- username
GroupRequest:
type: object
description: Group Serializer
properties:
name:
type: string
minLength: 1
maxLength: 80
is_superuser:
type: boolean
description: Users added to this group will be superusers.
parent:
type: string
format: uuid
nullable: true
users:
type: array
items:
type: integer
attributes:
type: object
additionalProperties: {}
roles:
type: array
items:
type: string
format: uuid
required:
- name
IdentificationChallenge:
type: object
description: Identification challenges with all UI elements
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: ak-stage-identification
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
user_fields:
type: array
items:
type: string
nullable: true
password_fields:
type: boolean
application_pre:
type: string
enroll_url:
type: string
recovery_url:
type: string
passwordless_url:
type: string
primary_action:
type: string
sources:
type: array
items:
$ref: '#/components/schemas/LoginSource'
show_source_labels:
type: boolean
required:
- password_fields
- primary_action
- show_source_labels
- type
- user_fields
IdentificationChallengeResponseRequest:
type: object
description: Identification challenge
properties:
component:
type: string
minLength: 1
default: ak-stage-identification
uid_field:
type: string
minLength: 1
password:
type: string
nullable: true
required:
- uid_field
IdentificationStage:
type: object
description: IdentificationStage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
description: Get object type so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSet'
user_fields:
type: array
items:
$ref: '#/components/schemas/UserFieldsEnum'
description: Fields of the user object to match against. (Hold shift to
select multiple options)
password_stage:
type: string
format: uuid
nullable: true
description: When set, shows a password field, instead of showing the password
field as seaprate step.
case_insensitive_matching:
type: boolean
description: When enabled, user fields are matched regardless of their casing.
show_matched_user:
type: boolean
description: When a valid username/email has been entered, and this option
is enabled, the user's username and avatar will be shown. Otherwise, the
text that the user entered will be shown
enrollment_flow:
type: string
format: uuid
nullable: true
description: Optional enrollment flow, which is linked at the bottom of
the page.
recovery_flow:
type: string
format: uuid
nullable: true
description: Optional recovery flow, which is linked at the bottom of the
page.
passwordless_flow:
type: string
format: uuid
nullable: true
description: Optional passwordless flow, which is linked at the bottom of
the page.
sources:
type: array
items:
type: string
format: uuid
description: Specify which sources should be shown.
show_source_labels:
type: boolean
pretend_user_exists:
type: boolean
description: When enabled, the stage will succeed and continue even when
incorrect user info is entered.
required:
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
IdentificationStageRequest:
type: object
description: IdentificationStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
user_fields:
type: array
items:
$ref: '#/components/schemas/UserFieldsEnum'
description: Fields of the user object to match against. (Hold shift to
select multiple options)
password_stage:
type: string
format: uuid
nullable: true
description: When set, shows a password field, instead of showing the password
field as seaprate step.
case_insensitive_matching:
type: boolean
description: When enabled, user fields are matched regardless of their casing.
show_matched_user:
type: boolean
description: When a valid username/email has been entered, and this option
is enabled, the user's username and avatar will be shown. Otherwise, the
text that the user entered will be shown
enrollment_flow:
type: string
format: uuid
nullable: true
description: Optional enrollment flow, which is linked at the bottom of
the page.
recovery_flow:
type: string
format: uuid
nullable: true
description: Optional recovery flow, which is linked at the bottom of the
page.
passwordless_flow:
type: string
format: uuid
nullable: true
description: Optional passwordless flow, which is linked at the bottom of
the page.
sources:
type: array
items:
type: string
format: uuid
description: Specify which sources should be shown.
show_source_labels:
type: boolean
pretend_user_exists:
type: boolean
description: When enabled, the stage will succeed and continue even when
incorrect user info is entered.
required:
- name
InstallID:
type: object
properties:
install_id:
type: string
required:
- install_id
IntentEnum:
enum:
- verification
- api
- recovery
- app_password
type: string
description: |-
* `verification` - Intent Verification
* `api` - Intent Api
* `recovery` - Intent Recovery
* `app_password` - Intent App Password
InvalidResponseActionEnum:
enum:
- retry
- restart
- restart_with_context
type: string
description: |-
* `retry` - Retry
* `restart` - Restart
* `restart_with_context` - Restart With Context
Invitation:
type: object
description: Invitation Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Invite uuid
name:
type: string
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
expires:
type: string
format: date-time
fixed_data:
type: object
additionalProperties: {}
created_by:
allOf:
- $ref: '#/components/schemas/GroupMember'
readOnly: true
single_use:
type: boolean
description: When enabled, the invitation will be deleted after usage.
flow:
type: string
format: uuid
nullable: true
description: When set, only the configured flow can use this invitation.
flow_obj:
allOf:
- $ref: '#/components/schemas/Flow'
readOnly: true
required:
- created_by
- flow_obj
- name
- pk
InvitationRequest:
type: object
description: Invitation Serializer
properties:
name:
type: string
minLength: 1
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
expires:
type: string
format: date-time
fixed_data:
type: object
additionalProperties: {}
single_use:
type: boolean
description: When enabled, the invitation will be deleted after usage.
flow:
type: string
format: uuid
nullable: true
description: When set, only the configured flow can use this invitation.
required:
- name
InvitationStage:
type: object
description: InvitationStage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
description: Get object type so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSet'
continue_flow_without_invitation:
type: boolean
description: If this flag is set, this Stage will jump to the next Stage
when no Invitation is given. By default this Stage will cancel the Flow
when no invitation is given.
required:
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
InvitationStageRequest:
type: object
description: InvitationStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
continue_flow_without_invitation:
type: boolean
description: If this flag is set, this Stage will jump to the next Stage
when no Invitation is given. By default this Stage will cancel the Flow
when no invitation is given.
required:
- name
IssuerModeEnum:
enum:
- global
- per_provider
type: string
description: |-
* `global` - Same identifier is used for all providers
* `per_provider` - Each provider has a different issuer, based on the application slug.
KubernetesServiceConnection:
type: object
description: KubernetesServiceConnection Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Uuid
name:
type: string
local:
type: boolean
description: If enabled, use the local connection. Required Docker socket/Kubernetes
Integration
component:
type: string
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
kubeconfig:
description: Paste your kubeconfig here. authentik will automatically use
the currently selected context.
verify_ssl:
type: boolean
description: Verify SSL Certificates of the Kubernetes API endpoint
required:
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
KubernetesServiceConnectionRequest:
type: object
description: KubernetesServiceConnection Serializer
properties:
name:
type: string
minLength: 1
local:
type: boolean
description: If enabled, use the local connection. Required Docker socket/Kubernetes
Integration
kubeconfig:
description: Paste your kubeconfig here. authentik will automatically use
the currently selected context.
verify_ssl:
type: boolean
description: Verify SSL Certificates of the Kubernetes API endpoint
required:
- name
LDAPAPIAccessMode:
enum:
- direct
- cached
type: string
description: |-
* `direct` - Direct
* `cached` - Cached
LDAPDebug:
type: object
properties:
user:
type: array
items:
type: object
additionalProperties: {}
readOnly: true
group:
type: array
items:
type: object
additionalProperties: {}
readOnly: true
membership:
type: array
items:
type: object
additionalProperties: {}
readOnly: true
required:
- group
- membership
- user
LDAPOutpostConfig:
type: object
description: LDAPProvider Serializer
properties:
pk:
type: integer
readOnly: true
title: ID
name:
type: string
base_dn:
type: string
description: DN under which objects are accessible.
bind_flow_slug:
type: string
application_slug:
type: string
description: Prioritise backchannel slug over direct application slug
readOnly: true
search_group:
type: string
format: uuid
nullable: true
description: Users in this group can do search queries. If not set, every
user can execute search queries.
certificate:
type: string
format: uuid
nullable: true
tls_server_name:
type: string
uid_start_number:
type: integer
maximum: 2147483647
minimum: -2147483648
description: The start for uidNumbers, this number is added to the user.pk
to make sure that the numbers aren't too low for POSIX users. Default
is 2000 to ensure that we don't collide with local users uidNumber
gid_start_number:
type: integer
maximum: 2147483647
minimum: -2147483648
description: The start for gidNumbers, this number is added to a number
generated from the group.pk to make sure that the numbers aren't too low
for POSIX groups. Default is 4000 to ensure that we don't collide with
local groups or users primary groups gidNumber
search_mode:
$ref: '#/components/schemas/LDAPAPIAccessMode'
bind_mode:
$ref: '#/components/schemas/LDAPAPIAccessMode'
mfa_support:
type: boolean
description: When enabled, code-based multi-factor authentication can be
used by appending a semicolon and the TOTP code to the password. This
should only be enabled if all users that will bind to this provider have
a TOTP device configured, as otherwise a password may incorrectly be rejected
if it contains a semicolon.
required:
- application_slug
- bind_flow_slug
- name
- pk
LDAPPropertyMapping:
type: object
description: LDAP PropertyMapping Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Pm uuid
managed:
type: string
nullable: true
title: Managed by authentik
description: Objects that are managed by authentik. These objects are created
and updated automatically. This flag only indicates that an object can
be overwritten by migrations. You can still modify the objects via the
API, but expect changes to be overwritten in a later update.
name:
type: string
expression:
type: string
component:
type: string
description: Get object's component so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
object_field:
type: string
required:
- component
- expression
- meta_model_name
- name
- object_field
- pk
- verbose_name
- verbose_name_plural
LDAPPropertyMappingRequest:
type: object
description: LDAP PropertyMapping Serializer
properties:
managed:
type: string
nullable: true
minLength: 1
title: Managed by authentik
description: Objects that are managed by authentik. These objects are created
and updated automatically. This flag only indicates that an object can
be overwritten by migrations. You can still modify the objects via the
API, but expect changes to be overwritten in a later update.
name:
type: string
minLength: 1
expression:
type: string
minLength: 1
object_field:
type: string
minLength: 1
required:
- expression
- name
- object_field
LDAPProvider:
type: object
description: LDAPProvider Serializer
properties:
pk:
type: integer
readOnly: true
title: ID
name:
type: string
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow used for authentication when the associated application
is accessed by an un-authenticated user.
authorization_flow:
type: string
format: uuid
description: Flow used when authorizing this provider.
property_mappings:
type: array
items:
type: string
format: uuid
component:
type: string
description: Get object component so that we know how to edit the object
readOnly: true
assigned_application_slug:
type: string
description: Internal application name, used in URLs.
readOnly: true
assigned_application_name:
type: string
description: Application's display Name.
readOnly: true
assigned_backchannel_application_slug:
type: string
description: Internal application name, used in URLs.
readOnly: true
assigned_backchannel_application_name:
type: string
description: Application's display Name.
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
base_dn:
type: string
description: DN under which objects are accessible.
search_group:
type: string
format: uuid
nullable: true
description: Users in this group can do search queries. If not set, every
user can execute search queries.
certificate:
type: string
format: uuid
nullable: true
tls_server_name:
type: string
uid_start_number:
type: integer
maximum: 2147483647
minimum: -2147483648
description: The start for uidNumbers, this number is added to the user.pk
to make sure that the numbers aren't too low for POSIX users. Default
is 2000 to ensure that we don't collide with local users uidNumber
gid_start_number:
type: integer
maximum: 2147483647
minimum: -2147483648
description: The start for gidNumbers, this number is added to a number
generated from the group.pk to make sure that the numbers aren't too low
for POSIX groups. Default is 4000 to ensure that we don't collide with
local groups or users primary groups gidNumber
outpost_set:
type: array
items:
type: string
readOnly: true
search_mode:
$ref: '#/components/schemas/LDAPAPIAccessMode'
bind_mode:
$ref: '#/components/schemas/LDAPAPIAccessMode'
mfa_support:
type: boolean
description: When enabled, code-based multi-factor authentication can be
used by appending a semicolon and the TOTP code to the password. This
should only be enabled if all users that will bind to this provider have
a TOTP device configured, as otherwise a password may incorrectly be rejected
if it contains a semicolon.
required:
- assigned_application_name
- assigned_application_slug
- assigned_backchannel_application_name
- assigned_backchannel_application_slug
- authorization_flow
- component
- meta_model_name
- name
- outpost_set
- pk
- verbose_name
- verbose_name_plural
LDAPProviderRequest:
type: object
description: LDAPProvider Serializer
properties:
name:
type: string
minLength: 1
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow used for authentication when the associated application
is accessed by an un-authenticated user.
authorization_flow:
type: string
format: uuid
description: Flow used when authorizing this provider.
property_mappings:
type: array
items:
type: string
format: uuid
base_dn:
type: string
minLength: 1
description: DN under which objects are accessible.
search_group:
type: string
format: uuid
nullable: true
description: Users in this group can do search queries. If not set, every
user can execute search queries.
certificate:
type: string
format: uuid
nullable: true
tls_server_name:
type: string
uid_start_number:
type: integer
maximum: 2147483647
minimum: -2147483648
description: The start for uidNumbers, this number is added to the user.pk
to make sure that the numbers aren't too low for POSIX users. Default
is 2000 to ensure that we don't collide with local users uidNumber
gid_start_number:
type: integer
maximum: 2147483647
minimum: -2147483648
description: The start for gidNumbers, this number is added to a number
generated from the group.pk to make sure that the numbers aren't too low
for POSIX groups. Default is 4000 to ensure that we don't collide with
local groups or users primary groups gidNumber
search_mode:
$ref: '#/components/schemas/LDAPAPIAccessMode'
bind_mode:
$ref: '#/components/schemas/LDAPAPIAccessMode'
mfa_support:
type: boolean
description: When enabled, code-based multi-factor authentication can be
used by appending a semicolon and the TOTP code to the password. This
should only be enabled if all users that will bind to this provider have
a TOTP device configured, as otherwise a password may incorrectly be rejected
if it contains a semicolon.
required:
- authorization_flow
- name
LDAPSource:
type: object
description: LDAP Source Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Pbm uuid
name:
type: string
description: Source's display Name.
slug:
type: string
description: Internal source name, used in URLs.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
enabled:
type: boolean
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow to use when authenticating existing users.
enrollment_flow:
type: string
format: uuid
nullable: true
description: Flow to use when enrolling new users.
component:
type: string
description: Get object component so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
user_matching_mode:
allOf:
- $ref: '#/components/schemas/UserMatchingModeEnum'
description: |-
How the source determines if an existing user should be authenticated or a new user enrolled.
* `identifier` - Use the source-specific identifier
* `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses.
* `email_deny` - Use the user's email address, but deny enrollment when the email address already exists.
* `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source.
* `username_deny` - Use the user's username, but deny enrollment when the username already exists.
managed:
type: string
nullable: true
title: Managed by authentik
description: Objects that are managed by authentik. These objects are created
and updated automatically. This flag only indicates that an object can
be overwritten by migrations. You can still modify the objects via the
API, but expect changes to be overwritten in a later update.
readOnly: true
user_path_template:
type: string
icon:
type: string
nullable: true
description: |-
Get the URL to the Icon. If the name is /static or
starts with http it is returned as-is
readOnly: true
server_uri:
type: string
format: uri
peer_certificate:
type: string
format: uuid
nullable: true
description: Optionally verify the LDAP Server's Certificate against the
CA Chain in this keypair.
client_certificate:
type: string
format: uuid
nullable: true
description: Client certificate to authenticate against the LDAP Server's
Certificate.
bind_cn:
type: string
start_tls:
type: boolean
title: Enable Start TLS
sni:
type: boolean
title: Use Server URI for SNI verification
base_dn:
type: string
additional_user_dn:
type: string
title: Addition User DN
description: Prepended to Base DN for User-queries.
additional_group_dn:
type: string
title: Addition Group DN
description: Prepended to Base DN for Group-queries.
user_object_filter:
type: string
description: Consider Objects matching this filter to be Users.
group_object_filter:
type: string
description: Consider Objects matching this filter to be Groups.
group_membership_field:
type: string
description: Field which contains members of a group.
object_uniqueness_field:
type: string
description: Field which contains a unique Identifier.
sync_users:
type: boolean
sync_users_password:
type: boolean
description: When a user changes their password, sync it back to LDAP. This
can only be enabled on a single LDAP source.
sync_groups:
type: boolean
sync_parent_group:
type: string
format: uuid
nullable: true
property_mappings:
type: array
items:
type: string
format: uuid
property_mappings_group:
type: array
items:
type: string
format: uuid
description: Property mappings used for group creation/updating.
connectivity:
type: object
additionalProperties:
type: object
additionalProperties:
type: string
nullable: true
description: Get cached source connectivity
readOnly: true
required:
- base_dn
- component
- connectivity
- icon
- managed
- meta_model_name
- name
- pk
- server_uri
- slug
- verbose_name
- verbose_name_plural
LDAPSourceRequest:
type: object
description: LDAP Source Serializer
properties:
name:
type: string
minLength: 1
description: Source's display Name.
slug:
type: string
minLength: 1
description: Internal source name, used in URLs.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
enabled:
type: boolean
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow to use when authenticating existing users.
enrollment_flow:
type: string
format: uuid
nullable: true
description: Flow to use when enrolling new users.
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
user_matching_mode:
allOf:
- $ref: '#/components/schemas/UserMatchingModeEnum'
description: |-
How the source determines if an existing user should be authenticated or a new user enrolled.
* `identifier` - Use the source-specific identifier
* `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses.
* `email_deny` - Use the user's email address, but deny enrollment when the email address already exists.
* `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source.
* `username_deny` - Use the user's username, but deny enrollment when the username already exists.
user_path_template:
type: string
minLength: 1
server_uri:
type: string
minLength: 1
format: uri
peer_certificate:
type: string
format: uuid
nullable: true
description: Optionally verify the LDAP Server's Certificate against the
CA Chain in this keypair.
client_certificate:
type: string
format: uuid
nullable: true
description: Client certificate to authenticate against the LDAP Server's
Certificate.
bind_cn:
type: string
bind_password:
type: string
writeOnly: true
start_tls:
type: boolean
title: Enable Start TLS
sni:
type: boolean
title: Use Server URI for SNI verification
base_dn:
type: string
minLength: 1
additional_user_dn:
type: string
title: Addition User DN
description: Prepended to Base DN for User-queries.
additional_group_dn:
type: string
title: Addition Group DN
description: Prepended to Base DN for Group-queries.
user_object_filter:
type: string
minLength: 1
description: Consider Objects matching this filter to be Users.
group_object_filter:
type: string
minLength: 1
description: Consider Objects matching this filter to be Groups.
group_membership_field:
type: string
minLength: 1
description: Field which contains members of a group.
object_uniqueness_field:
type: string
minLength: 1
description: Field which contains a unique Identifier.
sync_users:
type: boolean
sync_users_password:
type: boolean
description: When a user changes their password, sync it back to LDAP. This
can only be enabled on a single LDAP source.
sync_groups:
type: boolean
sync_parent_group:
type: string
format: uuid
nullable: true
property_mappings:
type: array
items:
type: string
format: uuid
property_mappings_group:
type: array
items:
type: string
format: uuid
description: Property mappings used for group creation/updating.
required:
- base_dn
- name
- server_uri
- slug
LDAPSyncStatus:
type: object
description: LDAP Source sync status
properties:
is_running:
type: boolean
readOnly: true
tasks:
type: array
items:
$ref: '#/components/schemas/Task'
readOnly: true
required:
- is_running
- tasks
License:
type: object
description: License Serializer
properties:
license_uuid:
type: string
format: uuid
readOnly: true
name:
type: string
readOnly: true
key:
type: string
expiry:
type: string
format: date-time
readOnly: true
internal_users:
type: integer
readOnly: true
external_users:
type: integer
readOnly: true
required:
- expiry
- external_users
- internal_users
- key
- license_uuid
- name
LicenseForecast:
type: object
description: Serializer for license forecast
properties:
internal_users:
type: integer
external_users:
type: integer
forecasted_internal_users:
type: integer
forecasted_external_users:
type: integer
required:
- external_users
- forecasted_external_users
- forecasted_internal_users
- internal_users
LicenseRequest:
type: object
description: License Serializer
properties:
key:
type: string
minLength: 1
required:
- key
LicenseSummary:
type: object
description: Serializer for license status
properties:
internal_users:
type: integer
external_users:
type: integer
valid:
type: boolean
show_admin_warning:
type: boolean
show_user_warning:
type: boolean
read_only:
type: boolean
latest_valid:
type: string
format: date-time
has_license:
type: boolean
required:
- external_users
- has_license
- internal_users
- latest_valid
- read_only
- show_admin_warning
- show_user_warning
- valid
Link:
type: object
description: Returns a single link
properties:
link:
type: string
required:
- link
LoginChallengeTypes:
oneOf:
- $ref: '#/components/schemas/RedirectChallenge'
- $ref: '#/components/schemas/PlexAuthenticationChallenge'
- $ref: '#/components/schemas/AppleLoginChallenge'
discriminator:
propertyName: component
mapping:
xak-flow-redirect: '#/components/schemas/RedirectChallenge'
ak-source-plex: '#/components/schemas/PlexAuthenticationChallenge'
ak-source-oauth-apple: '#/components/schemas/AppleLoginChallenge'
LoginMetrics:
type: object
description: Login Metrics per 1h
properties:
logins:
type: array
items:
$ref: '#/components/schemas/Coordinate'
readOnly: true
logins_failed:
type: array
items:
$ref: '#/components/schemas/Coordinate'
readOnly: true
authorizations:
type: array
items:
$ref: '#/components/schemas/Coordinate'
readOnly: true
required:
- authorizations
- logins
- logins_failed
LoginSource:
type: object
description: Serializer for Login buttons of sources
properties:
name:
type: string
icon_url:
type: string
nullable: true
challenge:
$ref: '#/components/schemas/LoginChallengeTypes'
required:
- challenge
- name
Metadata:
type: object
description: Serializer for blueprint metadata
properties:
name:
type: string
labels:
type: object
additionalProperties: {}
required:
- labels
- name
ModelEnum:
enum:
- authentik_crypto.certificatekeypair
- authentik_events.event
- authentik_events.notificationtransport
- authentik_events.notification
- authentik_events.notificationrule
- authentik_events.notificationwebhookmapping
- authentik_flows.flow
- authentik_flows.flowstagebinding
- authentik_outposts.dockerserviceconnection
- authentik_outposts.kubernetesserviceconnection
- authentik_outposts.outpost
- authentik_policies_dummy.dummypolicy
- authentik_policies_event_matcher.eventmatcherpolicy
- authentik_policies_expiry.passwordexpirypolicy
- authentik_policies_expression.expressionpolicy
- authentik_policies_password.passwordpolicy
- authentik_policies_reputation.reputationpolicy
- authentik_policies_reputation.reputation
- authentik_policies.policybinding
- authentik_providers_ldap.ldapprovider
- authentik_providers_oauth2.scopemapping
- authentik_providers_oauth2.oauth2provider
- authentik_providers_oauth2.authorizationcode
- authentik_providers_oauth2.accesstoken
- authentik_providers_oauth2.refreshtoken
- authentik_providers_proxy.proxyprovider
- authentik_providers_radius.radiusprovider
- authentik_providers_saml.samlprovider
- authentik_providers_saml.samlpropertymapping
- authentik_providers_scim.scimprovider
- authentik_providers_scim.scimmapping
- authentik_rbac.role
- authentik_sources_ldap.ldapsource
- authentik_sources_ldap.ldappropertymapping
- authentik_sources_oauth.oauthsource
- authentik_sources_oauth.useroauthsourceconnection
- authentik_sources_plex.plexsource
- authentik_sources_plex.plexsourceconnection
- authentik_sources_saml.samlsource
- authentik_sources_saml.usersamlsourceconnection
- authentik_stages_authenticator_duo.authenticatorduostage
- authentik_stages_authenticator_duo.duodevice
- authentik_stages_authenticator_sms.authenticatorsmsstage
- authentik_stages_authenticator_sms.smsdevice
- authentik_stages_authenticator_static.authenticatorstaticstage
- authentik_stages_authenticator_static.staticdevice
- authentik_stages_authenticator_totp.authenticatortotpstage
- authentik_stages_authenticator_totp.totpdevice
- authentik_stages_authenticator_validate.authenticatorvalidatestage
- authentik_stages_authenticator_webauthn.authenticatewebauthnstage
- authentik_stages_authenticator_webauthn.webauthndevice
- authentik_stages_captcha.captchastage
- authentik_stages_consent.consentstage
- authentik_stages_consent.userconsent
- authentik_stages_deny.denystage
- authentik_stages_dummy.dummystage
- authentik_stages_email.emailstage
- authentik_stages_identification.identificationstage
- authentik_stages_invitation.invitationstage
- authentik_stages_invitation.invitation
- authentik_stages_password.passwordstage
- authentik_stages_prompt.prompt
- authentik_stages_prompt.promptstage
- authentik_stages_user_delete.userdeletestage
- authentik_stages_user_login.userloginstage
- authentik_stages_user_logout.userlogoutstage
- authentik_stages_user_write.userwritestage
- authentik_tenants.tenant
- authentik_blueprints.blueprintinstance
- authentik_core.group
- authentik_core.user
- authentik_core.application
- authentik_core.token
- authentik_enterprise.license
- authentik_providers_rac.racprovider
- authentik_providers_rac.endpoint
- authentik_providers_rac.racpropertymapping
type: string
description: |-
* `authentik_crypto.certificatekeypair` - Certificate-Key Pair
* `authentik_events.event` - Event
* `authentik_events.notificationtransport` - Notification Transport
* `authentik_events.notification` - Notification
* `authentik_events.notificationrule` - Notification Rule
* `authentik_events.notificationwebhookmapping` - Webhook Mapping
* `authentik_flows.flow` - Flow
* `authentik_flows.flowstagebinding` - Flow Stage Binding
* `authentik_outposts.dockerserviceconnection` - Docker Service-Connection
* `authentik_outposts.kubernetesserviceconnection` - Kubernetes Service-Connection
* `authentik_outposts.outpost` - Outpost
* `authentik_policies_dummy.dummypolicy` - Dummy Policy
* `authentik_policies_event_matcher.eventmatcherpolicy` - Event Matcher Policy
* `authentik_policies_expiry.passwordexpirypolicy` - Password Expiry Policy
* `authentik_policies_expression.expressionpolicy` - Expression Policy
* `authentik_policies_password.passwordpolicy` - Password Policy
* `authentik_policies_reputation.reputationpolicy` - Reputation Policy
* `authentik_policies_reputation.reputation` - Reputation Score
* `authentik_policies.policybinding` - Policy Binding
* `authentik_providers_ldap.ldapprovider` - LDAP Provider
* `authentik_providers_oauth2.scopemapping` - Scope Mapping
* `authentik_providers_oauth2.oauth2provider` - OAuth2/OpenID Provider
* `authentik_providers_oauth2.authorizationcode` - Authorization Code
* `authentik_providers_oauth2.accesstoken` - OAuth2 Access Token
* `authentik_providers_oauth2.refreshtoken` - OAuth2 Refresh Token
* `authentik_providers_proxy.proxyprovider` - Proxy Provider
* `authentik_providers_radius.radiusprovider` - Radius Provider
* `authentik_providers_saml.samlprovider` - SAML Provider
* `authentik_providers_saml.samlpropertymapping` - SAML Property Mapping
* `authentik_providers_scim.scimprovider` - SCIM Provider
* `authentik_providers_scim.scimmapping` - SCIM Mapping
* `authentik_rbac.role` - Role
* `authentik_sources_ldap.ldapsource` - LDAP Source
* `authentik_sources_ldap.ldappropertymapping` - LDAP Property Mapping
* `authentik_sources_oauth.oauthsource` - OAuth Source
* `authentik_sources_oauth.useroauthsourceconnection` - User OAuth Source Connection
* `authentik_sources_plex.plexsource` - Plex Source
* `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection
* `authentik_sources_saml.samlsource` - SAML Source
* `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection
* `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage
* `authentik_stages_authenticator_duo.duodevice` - Duo Device
* `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
* `authentik_stages_authenticator_sms.smsdevice` - SMS Device
* `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage
* `authentik_stages_authenticator_static.staticdevice` - Static Device
* `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage
* `authentik_stages_authenticator_totp.totpdevice` - TOTP Device
* `authentik_stages_authenticator_validate.authenticatorvalidatestage` - Authenticator Validation Stage
* `authentik_stages_authenticator_webauthn.authenticatewebauthnstage` - WebAuthn Authenticator Setup Stage
* `authentik_stages_authenticator_webauthn.webauthndevice` - WebAuthn Device
* `authentik_stages_captcha.captchastage` - Captcha Stage
* `authentik_stages_consent.consentstage` - Consent Stage
* `authentik_stages_consent.userconsent` - User Consent
* `authentik_stages_deny.denystage` - Deny Stage
* `authentik_stages_dummy.dummystage` - Dummy Stage
* `authentik_stages_email.emailstage` - Email Stage
* `authentik_stages_identification.identificationstage` - Identification Stage
* `authentik_stages_invitation.invitationstage` - Invitation Stage
* `authentik_stages_invitation.invitation` - Invitation
* `authentik_stages_password.passwordstage` - Password Stage
* `authentik_stages_prompt.prompt` - Prompt
* `authentik_stages_prompt.promptstage` - Prompt Stage
* `authentik_stages_user_delete.userdeletestage` - User Delete Stage
* `authentik_stages_user_login.userloginstage` - User Login Stage
* `authentik_stages_user_logout.userlogoutstage` - User Logout Stage
* `authentik_stages_user_write.userwritestage` - User Write Stage
* `authentik_tenants.tenant` - Tenant
* `authentik_blueprints.blueprintinstance` - Blueprint Instance
* `authentik_core.group` - Group
* `authentik_core.user` - User
* `authentik_core.application` - Application
* `authentik_core.token` - Token
* `authentik_enterprise.license` - License
* `authentik_providers_rac.racprovider` - RAC Provider
* `authentik_providers_rac.endpoint` - RAC Endpoint
* `authentik_providers_rac.racpropertymapping` - RAC Property Mapping
NameIdPolicyEnum:
enum:
- urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
- urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
- urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName
- urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName
- urn:oasis:names:tc:SAML:2.0:nameid-format:transient
type: string
description: |-
* `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress` - Email
* `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent` - Persistent
* `urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName` - X509
* `urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName` - Windows
* `urn:oasis:names:tc:SAML:2.0:nameid-format:transient` - Transient
NetworkBindingEnum:
enum:
- no_binding
- bind_asn
- bind_asn_network
- bind_asn_network_ip
type: string
description: |-
* `no_binding` - No Binding
* `bind_asn` - Bind Asn
* `bind_asn_network` - Bind Asn Network
* `bind_asn_network_ip` - Bind Asn Network Ip
NotConfiguredActionEnum:
enum:
- skip
- deny
- configure
type: string
description: |-
* `skip` - Skip
* `deny` - Deny
* `configure` - Configure
Notification:
type: object
description: Notification Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Uuid
severity:
allOf:
- $ref: '#/components/schemas/SeverityEnum'
readOnly: true
body:
type: string
readOnly: true
created:
type: string
format: date-time
readOnly: true
event:
$ref: '#/components/schemas/Event'
seen:
type: boolean
required:
- body
- created
- pk
- severity
NotificationRequest:
type: object
description: Notification Serializer
properties:
event:
$ref: '#/components/schemas/EventRequest'
seen:
type: boolean
NotificationRule:
type: object
description: NotificationRule Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Pbm uuid
name:
type: string
transports:
type: array
items:
type: string
format: uuid
description: Select which transports should be used to notify the user.
If none are selected, the notification will only be shown in the authentik
UI.
severity:
allOf:
- $ref: '#/components/schemas/SeverityEnum'
description: |-
Controls which severity level the created notifications will have.
* `notice` - Notice
* `warning` - Warning
* `alert` - Alert
group:
type: string
format: uuid
nullable: true
description: Define which group of users this notification should be sent
and shown to. If left empty, Notification won't ben sent.
group_obj:
allOf:
- $ref: '#/components/schemas/Group'
readOnly: true
required:
- group_obj
- name
- pk
NotificationRuleRequest:
type: object
description: NotificationRule Serializer
properties:
name:
type: string
minLength: 1
transports:
type: array
items:
type: string
format: uuid
description: Select which transports should be used to notify the user.
If none are selected, the notification will only be shown in the authentik
UI.
severity:
allOf:
- $ref: '#/components/schemas/SeverityEnum'
description: |-
Controls which severity level the created notifications will have.
* `notice` - Notice
* `warning` - Warning
* `alert` - Alert
group:
type: string
format: uuid
nullable: true
description: Define which group of users this notification should be sent
and shown to. If left empty, Notification won't ben sent.
required:
- name
NotificationTransport:
type: object
description: NotificationTransport Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Uuid
name:
type: string
mode:
$ref: '#/components/schemas/NotificationTransportModeEnum'
mode_verbose:
type: string
description: Return selected mode with a UI Label
readOnly: true
webhook_url:
type: string
format: uri
webhook_mapping:
type: string
format: uuid
nullable: true
send_once:
type: boolean
description: Only send notification once, for example when sending a webhook
into a chat channel.
required:
- mode_verbose
- name
- pk
NotificationTransportModeEnum:
enum:
- local
- webhook
- webhook_slack
- email
type: string
description: |-
* `local` - authentik inbuilt notifications
* `webhook` - Generic Webhook
* `webhook_slack` - Slack Webhook (Slack/Discord)
* `email` - Email
NotificationTransportRequest:
type: object
description: NotificationTransport Serializer
properties:
name:
type: string
minLength: 1
mode:
$ref: '#/components/schemas/NotificationTransportModeEnum'
webhook_url:
type: string
format: uri
webhook_mapping:
type: string
format: uuid
nullable: true
send_once:
type: boolean
description: Only send notification once, for example when sending a webhook
into a chat channel.
required:
- name
NotificationTransportTest:
type: object
description: Notification test serializer
properties:
messages:
type: array
items:
type: string
required:
- messages
NotificationWebhookMapping:
type: object
description: NotificationWebhookMapping Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Pm uuid
name:
type: string
expression:
type: string
required:
- expression
- name
- pk
NotificationWebhookMappingRequest:
type: object
description: NotificationWebhookMapping Serializer
properties:
name:
type: string
minLength: 1
expression:
type: string
minLength: 1
required:
- expression
- name
OAuth2Provider:
type: object
description: OAuth2Provider Serializer
properties:
pk:
type: integer
readOnly: true
title: ID
name:
type: string
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow used for authentication when the associated application
is accessed by an un-authenticated user.
authorization_flow:
type: string
format: uuid
description: Flow used when authorizing this provider.
property_mappings:
type: array
items:
type: string
format: uuid
component:
type: string
description: Get object component so that we know how to edit the object
readOnly: true
assigned_application_slug:
type: string
description: Internal application name, used in URLs.
readOnly: true
assigned_application_name:
type: string
description: Application's display Name.
readOnly: true
assigned_backchannel_application_slug:
type: string
description: Internal application name, used in URLs.
readOnly: true
assigned_backchannel_application_name:
type: string
description: Application's display Name.
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
client_type:
allOf:
- $ref: '#/components/schemas/ClientTypeEnum'
description: |-
Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable
* `confidential` - Confidential
* `public` - Public
client_id:
type: string
maxLength: 255
client_secret:
type: string
maxLength: 255
access_code_validity:
type: string
description: 'Access codes not valid on or after current time + this value
(Format: hours=1;minutes=2;seconds=3).'
access_token_validity:
type: string
description: 'Tokens not valid on or after current time + this value (Format:
hours=1;minutes=2;seconds=3).'
refresh_token_validity:
type: string
description: 'Tokens not valid on or after current time + this value (Format:
hours=1;minutes=2;seconds=3).'
include_claims_in_id_token:
type: boolean
description: Include User claims from scopes in the id_token, for applications
that don't access the userinfo endpoint.
signing_key:
type: string
format: uuid
nullable: true
description: Key used to sign the tokens. Only required when JWT Algorithm
is set to RS256.
redirect_uris:
type: string
description: Enter each URI on a new line.
sub_mode:
allOf:
- $ref: '#/components/schemas/SubModeEnum'
description: |-
Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
* `hashed_user_id` - Based on the Hashed User ID
* `user_id` - Based on user ID
* `user_uuid` - Based on user UUID
* `user_username` - Based on the username
* `user_email` - Based on the User's Email. This is recommended over the UPN method.
* `user_upn` - Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains.
issuer_mode:
allOf:
- $ref: '#/components/schemas/IssuerModeEnum'
description: |-
Configure how the issuer field of the ID Token should be filled.
* `global` - Same identifier is used for all providers
* `per_provider` - Each provider has a different issuer, based on the application slug.
jwks_sources:
type: array
items:
type: string
format: uuid
title: Any JWT signed by the JWK of the selected source can be used to
authenticate.
title: Any JWT signed by the JWK of the selected source can be used to authenticate.
required:
- assigned_application_name
- assigned_application_slug
- assigned_backchannel_application_name
- assigned_backchannel_application_slug
- authorization_flow
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
OAuth2ProviderRequest:
type: object
description: OAuth2Provider Serializer
properties:
name:
type: string
minLength: 1
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow used for authentication when the associated application
is accessed by an un-authenticated user.
authorization_flow:
type: string
format: uuid
description: Flow used when authorizing this provider.
property_mappings:
type: array
items:
type: string
format: uuid
client_type:
allOf:
- $ref: '#/components/schemas/ClientTypeEnum'
description: |-
Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable
* `confidential` - Confidential
* `public` - Public
client_id:
type: string
minLength: 1
maxLength: 255
client_secret:
type: string
maxLength: 255
access_code_validity:
type: string
minLength: 1
description: 'Access codes not valid on or after current time + this value
(Format: hours=1;minutes=2;seconds=3).'
access_token_validity:
type: string
minLength: 1
description: 'Tokens not valid on or after current time + this value (Format:
hours=1;minutes=2;seconds=3).'
refresh_token_validity:
type: string
minLength: 1
description: 'Tokens not valid on or after current time + this value (Format:
hours=1;minutes=2;seconds=3).'
include_claims_in_id_token:
type: boolean
description: Include User claims from scopes in the id_token, for applications
that don't access the userinfo endpoint.
signing_key:
type: string
format: uuid
nullable: true
description: Key used to sign the tokens. Only required when JWT Algorithm
is set to RS256.
redirect_uris:
type: string
description: Enter each URI on a new line.
sub_mode:
allOf:
- $ref: '#/components/schemas/SubModeEnum'
description: |-
Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
* `hashed_user_id` - Based on the Hashed User ID
* `user_id` - Based on user ID
* `user_uuid` - Based on user UUID
* `user_username` - Based on the username
* `user_email` - Based on the User's Email. This is recommended over the UPN method.
* `user_upn` - Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains.
issuer_mode:
allOf:
- $ref: '#/components/schemas/IssuerModeEnum'
description: |-
Configure how the issuer field of the ID Token should be filled.
* `global` - Same identifier is used for all providers
* `per_provider` - Each provider has a different issuer, based on the application slug.
jwks_sources:
type: array
items:
type: string
format: uuid
title: Any JWT signed by the JWK of the selected source can be used to
authenticate.
title: Any JWT signed by the JWK of the selected source can be used to authenticate.
required:
- authorization_flow
- name
OAuth2ProviderSetupURLs:
type: object
description: OAuth2 Provider Metadata serializer
properties:
issuer:
type: string
readOnly: true
authorize:
type: string
readOnly: true
token:
type: string
readOnly: true
user_info:
type: string
readOnly: true
provider_info:
type: string
readOnly: true
logout:
type: string
readOnly: true
jwks:
type: string
readOnly: true
required:
- authorize
- issuer
- jwks
- logout
- provider_info
- token
- user_info
OAuthDeviceCodeChallenge:
type: object
description: OAuth Device code challenge
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: ak-provider-oauth2-device-code
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
required:
- type
OAuthDeviceCodeChallengeResponseRequest:
type: object
description: Response that includes the user-entered device code
properties:
component:
type: string
minLength: 1
default: ak-provider-oauth2-device-code
code:
type: integer
required:
- code
OAuthDeviceCodeFinishChallenge:
type: object
description: Final challenge after user enters their code
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: ak-provider-oauth2-device-code-finish
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
required:
- type
OAuthDeviceCodeFinishChallengeResponseRequest:
type: object
description: Response that device has been authenticated and tab can be closed
properties:
component:
type: string
minLength: 1
default: ak-provider-oauth2-device-code-finish
OAuthSource:
type: object
description: OAuth Source Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Pbm uuid
name:
type: string
description: Source's display Name.
slug:
type: string
description: Internal source name, used in URLs.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
enabled:
type: boolean
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow to use when authenticating existing users.
enrollment_flow:
type: string
format: uuid
nullable: true
description: Flow to use when enrolling new users.
component:
type: string
description: Get object component so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
user_matching_mode:
allOf:
- $ref: '#/components/schemas/UserMatchingModeEnum'
description: |-
How the source determines if an existing user should be authenticated or a new user enrolled.
* `identifier` - Use the source-specific identifier
* `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses.
* `email_deny` - Use the user's email address, but deny enrollment when the email address already exists.
* `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source.
* `username_deny` - Use the user's username, but deny enrollment when the username already exists.
managed:
type: string
nullable: true
title: Managed by authentik
description: Objects that are managed by authentik. These objects are created
and updated automatically. This flag only indicates that an object can
be overwritten by migrations. You can still modify the objects via the
API, but expect changes to be overwritten in a later update.
readOnly: true
user_path_template:
type: string
icon:
type: string
nullable: true
description: |-
Get the URL to the Icon. If the name is /static or
starts with http it is returned as-is
readOnly: true
provider_type:
$ref: '#/components/schemas/ProviderTypeEnum'
request_token_url:
type: string
nullable: true
description: URL used to request the initial token. This URL is only required
for OAuth 1.
maxLength: 255
authorization_url:
type: string
nullable: true
description: URL the user is redirect to to conest the flow.
maxLength: 255
access_token_url:
type: string
nullable: true
description: URL used by authentik to retrieve tokens.
maxLength: 255
profile_url:
type: string
nullable: true
description: URL used by authentik to get user information.
maxLength: 255
consumer_key:
type: string
callback_url:
type: string
description: Get OAuth Callback URL
readOnly: true
additional_scopes:
type: string
type:
allOf:
- $ref: '#/components/schemas/SourceType'
readOnly: true
oidc_well_known_url:
type: string
oidc_jwks_url:
type: string
oidc_jwks: {}
required:
- callback_url
- component
- consumer_key
- icon
- managed
- meta_model_name
- name
- pk
- provider_type
- slug
- type
- verbose_name
- verbose_name_plural
OAuthSourceRequest:
type: object
description: OAuth Source Serializer
properties:
name:
type: string
minLength: 1
description: Source's display Name.
slug:
type: string
minLength: 1
description: Internal source name, used in URLs.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
enabled:
type: boolean
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow to use when authenticating existing users.
enrollment_flow:
type: string
format: uuid
nullable: true
description: Flow to use when enrolling new users.
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
user_matching_mode:
allOf:
- $ref: '#/components/schemas/UserMatchingModeEnum'
description: |-
How the source determines if an existing user should be authenticated or a new user enrolled.
* `identifier` - Use the source-specific identifier
* `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses.
* `email_deny` - Use the user's email address, but deny enrollment when the email address already exists.
* `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source.
* `username_deny` - Use the user's username, but deny enrollment when the username already exists.
user_path_template:
type: string
minLength: 1
provider_type:
$ref: '#/components/schemas/ProviderTypeEnum'
request_token_url:
type: string
nullable: true
minLength: 1
description: URL used to request the initial token. This URL is only required
for OAuth 1.
maxLength: 255
authorization_url:
type: string
nullable: true
minLength: 1
description: URL the user is redirect to to conest the flow.
maxLength: 255
access_token_url:
type: string
nullable: true
minLength: 1
description: URL used by authentik to retrieve tokens.
maxLength: 255
profile_url:
type: string
nullable: true
minLength: 1
description: URL used by authentik to get user information.
maxLength: 255
consumer_key:
type: string
minLength: 1
consumer_secret:
type: string
writeOnly: true
minLength: 1
additional_scopes:
type: string
oidc_well_known_url:
type: string
oidc_jwks_url:
type: string
oidc_jwks: {}
required:
- consumer_key
- consumer_secret
- name
- provider_type
- slug
OpenIDConnectConfiguration:
type: object
description: rest_framework Serializer for OIDC Configuration
properties:
issuer:
type: string
authorization_endpoint:
type: string
token_endpoint:
type: string
userinfo_endpoint:
type: string
end_session_endpoint:
type: string
introspection_endpoint:
type: string
jwks_uri:
type: string
response_types_supported:
type: array
items:
type: string
id_token_signing_alg_values_supported:
type: array
items:
type: string
subject_types_supported:
type: array
items:
type: string
token_endpoint_auth_methods_supported:
type: array
items:
type: string
required:
- authorization_endpoint
- end_session_endpoint
- id_token_signing_alg_values_supported
- introspection_endpoint
- issuer
- jwks_uri
- response_types_supported
- subject_types_supported
- token_endpoint
- token_endpoint_auth_methods_supported
- userinfo_endpoint
Outpost:
type: object
description: Outpost Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Uuid
name:
type: string
type:
$ref: '#/components/schemas/OutpostTypeEnum'
providers:
type: array
items:
type: integer
providers_obj:
type: array
items:
$ref: '#/components/schemas/Provider'
readOnly: true
service_connection:
type: string
format: uuid
nullable: true
description: Select Service-Connection authentik should use to manage this
outpost. Leave empty if authentik should not handle the deployment.
service_connection_obj:
allOf:
- $ref: '#/components/schemas/ServiceConnection'
readOnly: true
token_identifier:
type: string
description: Get Token identifier
readOnly: true
config:
type: object
additionalProperties: {}
managed:
type: string
nullable: true
title: Managed by authentik
description: Objects that are managed by authentik. These objects are created
and updated automatically. This flag only indicates that an object can
be overwritten by migrations. You can still modify the objects via the
API, but expect changes to be overwritten in a later update.
required:
- config
- name
- pk
- providers
- providers_obj
- service_connection_obj
- token_identifier
- type
OutpostDefaultConfig:
type: object
description: Global default outpost config
properties:
config:
type: object
additionalProperties: {}
readOnly: true
required:
- config
OutpostHealth:
type: object
description: Outpost health status
properties:
uid:
type: string
readOnly: true
last_seen:
type: string
format: date-time
readOnly: true
version:
type: string
readOnly: true
version_should:
type: string
readOnly: true
version_outdated:
type: boolean
readOnly: true
build_hash:
type: string
readOnly: true
build_hash_should:
type: string
readOnly: true
hostname:
type: string
readOnly: true
required:
- build_hash
- build_hash_should
- hostname
- last_seen
- uid
- version
- version_outdated
- version_should
OutpostRequest:
type: object
description: Outpost Serializer
properties:
name:
type: string
minLength: 1
type:
$ref: '#/components/schemas/OutpostTypeEnum'
providers:
type: array
items:
type: integer
service_connection:
type: string
format: uuid
nullable: true
description: Select Service-Connection authentik should use to manage this
outpost. Leave empty if authentik should not handle the deployment.
config:
type: object
additionalProperties: {}
managed:
type: string
nullable: true
minLength: 1
title: Managed by authentik
description: Objects that are managed by authentik. These objects are created
and updated automatically. This flag only indicates that an object can
be overwritten by migrations. You can still modify the objects via the
API, but expect changes to be overwritten in a later update.
required:
- config
- name
- providers
- type
OutpostTypeEnum:
enum:
- proxy
- ldap
- radius
- rac
type: string
description: |-
* `proxy` - Proxy
* `ldap` - Ldap
* `radius` - Radius
* `rac` - Rac
PaginatedApplicationList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/Application'
required:
- pagination
- results
PaginatedAuthenticateWebAuthnStageList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/AuthenticateWebAuthnStage'
required:
- pagination
- results
PaginatedAuthenticatedSessionList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/AuthenticatedSession'
required:
- pagination
- results
PaginatedAuthenticatorDuoStageList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/AuthenticatorDuoStage'
required:
- pagination
- results
PaginatedAuthenticatorSMSStageList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/AuthenticatorSMSStage'
required:
- pagination
- results
PaginatedAuthenticatorStaticStageList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/AuthenticatorStaticStage'
required:
- pagination
- results
PaginatedAuthenticatorTOTPStageList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/AuthenticatorTOTPStage'
required:
- pagination
- results
PaginatedAuthenticatorValidateStageList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/AuthenticatorValidateStage'
required:
- pagination
- results
PaginatedBlueprintInstanceList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/BlueprintInstance'
required:
- pagination
- results
PaginatedCaptchaStageList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/CaptchaStage'
required:
- pagination
- results
PaginatedCertificateKeyPairList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/CertificateKeyPair'
required:
- pagination
- results
PaginatedConsentStageList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/ConsentStage'
required:
- pagination
- results
PaginatedDenyStageList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/DenyStage'
required:
- pagination
- results
PaginatedDockerServiceConnectionList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/DockerServiceConnection'
required:
- pagination
- results
PaginatedDummyPolicyList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/DummyPolicy'
required:
- pagination
- results
PaginatedDummyStageList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/DummyStage'
required:
- pagination
- results
PaginatedDuoDeviceList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/DuoDevice'
required:
- pagination
- results
PaginatedEmailStageList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/EmailStage'
required:
- pagination
- results
PaginatedEndpointList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/Endpoint'
required:
- pagination
- results
PaginatedEventList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/Event'
required:
- pagination
- results
PaginatedEventMatcherPolicyList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/EventMatcherPolicy'
required:
- pagination
- results
PaginatedExpiringBaseGrantModelList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/ExpiringBaseGrantModel'
required:
- pagination
- results
PaginatedExpressionPolicyList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/ExpressionPolicy'
required:
- pagination
- results
PaginatedExtraRoleObjectPermissionList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/ExtraRoleObjectPermission'
required:
- pagination
- results
PaginatedExtraUserObjectPermissionList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/ExtraUserObjectPermission'
required:
- pagination
- results
PaginatedFlowList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/Flow'
required:
- pagination
- results
PaginatedFlowStageBindingList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/FlowStageBinding'
required:
- pagination
- results
PaginatedGroupList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/Group'
required:
- pagination
- results
PaginatedIdentificationStageList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/IdentificationStage'
required:
- pagination
- results
PaginatedInvitationList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/Invitation'
required:
- pagination
- results
PaginatedInvitationStageList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/InvitationStage'
required:
- pagination
- results
PaginatedKubernetesServiceConnectionList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/KubernetesServiceConnection'
required:
- pagination
- results
PaginatedLDAPOutpostConfigList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/LDAPOutpostConfig'
required:
- pagination
- results
PaginatedLDAPPropertyMappingList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/LDAPPropertyMapping'
required:
- pagination
- results
PaginatedLDAPProviderList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/LDAPProvider'
required:
- pagination
- results
PaginatedLDAPSourceList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/LDAPSource'
required:
- pagination
- results
PaginatedLicenseList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/License'
required:
- pagination
- results
PaginatedNotificationList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/Notification'
required:
- pagination
- results
PaginatedNotificationRuleList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/NotificationRule'
required:
- pagination
- results
PaginatedNotificationTransportList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/NotificationTransport'
required:
- pagination
- results
PaginatedNotificationWebhookMappingList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/NotificationWebhookMapping'
required:
- pagination
- results
PaginatedOAuth2ProviderList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/OAuth2Provider'
required:
- pagination
- results
PaginatedOAuthSourceList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/OAuthSource'
required:
- pagination
- results
PaginatedOutpostList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/Outpost'
required:
- pagination
- results
PaginatedPasswordExpiryPolicyList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/PasswordExpiryPolicy'
required:
- pagination
- results
PaginatedPasswordPolicyList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/PasswordPolicy'
required:
- pagination
- results
PaginatedPasswordStageList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/PasswordStage'
required:
- pagination
- results
PaginatedPermissionList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/Permission'
required:
- pagination
- results
PaginatedPlexSourceConnectionList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/PlexSourceConnection'
required:
- pagination
- results
PaginatedPlexSourceList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/PlexSource'
required:
- pagination
- results
PaginatedPolicyBindingList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/PolicyBinding'
required:
- pagination
- results
PaginatedPolicyList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/Policy'
required:
- pagination
- results
PaginatedPromptList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/Prompt'
required:
- pagination
- results
PaginatedPromptStageList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/PromptStage'
required:
- pagination
- results
PaginatedPropertyMappingList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/PropertyMapping'
required:
- pagination
- results
PaginatedProviderList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/Provider'
required:
- pagination
- results
PaginatedProxyOutpostConfigList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/ProxyOutpostConfig'
required:
- pagination
- results
PaginatedProxyProviderList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/ProxyProvider'
required:
- pagination
- results
PaginatedRACPropertyMappingList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/RACPropertyMapping'
required:
- pagination
- results
PaginatedRACProviderList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/RACProvider'
required:
- pagination
- results
PaginatedRadiusOutpostConfigList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/RadiusOutpostConfig'
required:
- pagination
- results
PaginatedRadiusProviderList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/RadiusProvider'
required:
- pagination
- results
PaginatedReputationList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/Reputation'
required:
- pagination
- results
PaginatedReputationPolicyList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/ReputationPolicy'
required:
- pagination
- results
PaginatedRoleAssignedObjectPermissionList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/RoleAssignedObjectPermission'
required:
- pagination
- results
PaginatedRoleList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/Role'
required:
- pagination
- results
PaginatedSAMLPropertyMappingList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/SAMLPropertyMapping'
required:
- pagination
- results
PaginatedSAMLProviderList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/SAMLProvider'
required:
- pagination
- results
PaginatedSAMLSourceList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/SAMLSource'
required:
- pagination
- results
PaginatedSCIMMappingList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/SCIMMapping'
required:
- pagination
- results
PaginatedSCIMProviderList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/SCIMProvider'
required:
- pagination
- results
PaginatedSMSDeviceList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/SMSDevice'
required:
- pagination
- results
PaginatedScopeMappingList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/ScopeMapping'
required:
- pagination
- results
PaginatedServiceConnectionList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/ServiceConnection'
required:
- pagination
- results
PaginatedSourceList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/Source'
required:
- pagination
- results
PaginatedStageList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/Stage'
required:
- pagination
- results
PaginatedStaticDeviceList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/StaticDevice'
required:
- pagination
- results
PaginatedTOTPDeviceList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/TOTPDevice'
required:
- pagination
- results
PaginatedTenantList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/Tenant'
required:
- pagination
- results
PaginatedTokenList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/Token'
required:
- pagination
- results
PaginatedTokenModelList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/TokenModel'
required:
- pagination
- results
PaginatedUserAssignedObjectPermissionList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/UserAssignedObjectPermission'
required:
- pagination
- results
PaginatedUserConsentList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/UserConsent'
required:
- pagination
- results
PaginatedUserDeleteStageList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/UserDeleteStage'
required:
- pagination
- results
PaginatedUserList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/User'
required:
- pagination
- results
PaginatedUserLoginStageList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/UserLoginStage'
required:
- pagination
- results
PaginatedUserLogoutStageList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/UserLogoutStage'
required:
- pagination
- results
PaginatedUserOAuthSourceConnectionList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/UserOAuthSourceConnection'
required:
- pagination
- results
PaginatedUserSAMLSourceConnectionList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/UserSAMLSourceConnection'
required:
- pagination
- results
PaginatedUserSourceConnectionList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/UserSourceConnection'
required:
- pagination
- results
PaginatedUserWriteStageList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/UserWriteStage'
required:
- pagination
- results
PaginatedWebAuthnDeviceList:
type: object
properties:
pagination:
$ref: '#/components/schemas/Pagination'
results:
type: array
items:
$ref: '#/components/schemas/WebAuthnDevice'
required:
- pagination
- results
Pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
PasswordChallenge:
type: object
description: Password challenge UI fields
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: ak-stage-password
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
pending_user:
type: string
pending_user_avatar:
type: string
recovery_url:
type: string
required:
- pending_user
- pending_user_avatar
- type
PasswordChallengeResponseRequest:
type: object
description: Password challenge response
properties:
component:
type: string
minLength: 1
default: ak-stage-password
password:
type: string
minLength: 1
required:
- password
PasswordExpiryPolicy:
type: object
description: Password Expiry Policy Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Policy uuid
name:
type: string
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
component:
type: string
description: Get object component so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
bound_to:
type: integer
description: Return objects policy is bound to
readOnly: true
days:
type: integer
maximum: 2147483647
minimum: -2147483648
deny_only:
type: boolean
required:
- bound_to
- component
- days
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
PasswordExpiryPolicyRequest:
type: object
description: Password Expiry Policy Serializer
properties:
name:
type: string
minLength: 1
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
days:
type: integer
maximum: 2147483647
minimum: -2147483648
deny_only:
type: boolean
required:
- days
- name
PasswordPolicy:
type: object
description: Password Policy Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Policy uuid
name:
type: string
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
component:
type: string
description: Get object component so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
bound_to:
type: integer
description: Return objects policy is bound to
readOnly: true
password_field:
type: string
description: Field key to check, field keys defined in Prompt stages are
available.
amount_digits:
type: integer
maximum: 2147483647
minimum: 0
amount_uppercase:
type: integer
maximum: 2147483647
minimum: 0
amount_lowercase:
type: integer
maximum: 2147483647
minimum: 0
amount_symbols:
type: integer
maximum: 2147483647
minimum: 0
length_min:
type: integer
maximum: 2147483647
minimum: 0
symbol_charset:
type: string
error_message:
type: string
check_static_rules:
type: boolean
check_have_i_been_pwned:
type: boolean
check_zxcvbn:
type: boolean
hibp_allowed_count:
type: integer
maximum: 2147483647
minimum: 0
description: How many times the password hash is allowed to be on haveibeenpwned
zxcvbn_score_threshold:
type: integer
maximum: 2147483647
minimum: 0
description: If the zxcvbn score is equal or less than this value, the policy
will fail.
required:
- bound_to
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
PasswordPolicyRequest:
type: object
description: Password Policy Serializer
properties:
name:
type: string
minLength: 1
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
password_field:
type: string
minLength: 1
description: Field key to check, field keys defined in Prompt stages are
available.
amount_digits:
type: integer
maximum: 2147483647
minimum: 0
amount_uppercase:
type: integer
maximum: 2147483647
minimum: 0
amount_lowercase:
type: integer
maximum: 2147483647
minimum: 0
amount_symbols:
type: integer
maximum: 2147483647
minimum: 0
length_min:
type: integer
maximum: 2147483647
minimum: 0
symbol_charset:
type: string
minLength: 1
error_message:
type: string
check_static_rules:
type: boolean
check_have_i_been_pwned:
type: boolean
check_zxcvbn:
type: boolean
hibp_allowed_count:
type: integer
maximum: 2147483647
minimum: 0
description: How many times the password hash is allowed to be on haveibeenpwned
zxcvbn_score_threshold:
type: integer
maximum: 2147483647
minimum: 0
description: If the zxcvbn score is equal or less than this value, the policy
will fail.
required:
- name
PasswordStage:
type: object
description: PasswordStage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
description: Get object type so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSet'
backends:
type: array
items:
$ref: '#/components/schemas/BackendsEnum'
description: Selection of backends to test the password against.
configure_flow:
type: string
format: uuid
nullable: true
description: Flow used by an authenticated user to configure this Stage.
If empty, user will not be able to configure this stage.
failed_attempts_before_cancel:
type: integer
maximum: 2147483647
minimum: -2147483648
description: How many attempts a user has before the flow is canceled. To
lock the user out, use a reputation policy and a user_write stage.
required:
- backends
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
PasswordStageRequest:
type: object
description: PasswordStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
backends:
type: array
items:
$ref: '#/components/schemas/BackendsEnum'
description: Selection of backends to test the password against.
configure_flow:
type: string
format: uuid
nullable: true
description: Flow used by an authenticated user to configure this Stage.
If empty, user will not be able to configure this stage.
failed_attempts_before_cancel:
type: integer
maximum: 2147483647
minimum: -2147483648
description: How many attempts a user has before the flow is canceled. To
lock the user out, use a reputation policy and a user_write stage.
required:
- backends
- name
PatchedApplicationRequest:
type: object
description: Application Serializer
properties:
name:
type: string
minLength: 1
description: Application's display Name.
slug:
type: string
minLength: 1
description: Internal application name, used in URLs.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
provider:
type: integer
nullable: true
backchannel_providers:
type: array
items:
type: integer
open_in_new_tab:
type: boolean
description: Open launch URL in a new browser tab or window.
meta_launch_url:
type: string
format: uri
meta_description:
type: string
meta_publisher:
type: string
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
group:
type: string
PatchedAuthenticateWebAuthnStageRequest:
type: object
description: AuthenticateWebAuthnStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
configure_flow:
type: string
format: uuid
nullable: true
description: Flow used by an authenticated user to configure this Stage.
If empty, user will not be able to configure this stage.
friendly_name:
type: string
nullable: true
minLength: 1
user_verification:
$ref: '#/components/schemas/UserVerificationEnum'
authenticator_attachment:
allOf:
- $ref: '#/components/schemas/AuthenticatorAttachmentEnum'
nullable: true
resident_key_requirement:
$ref: '#/components/schemas/ResidentKeyRequirementEnum'
PatchedAuthenticatorDuoStageRequest:
type: object
description: AuthenticatorDuoStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
configure_flow:
type: string
format: uuid
nullable: true
description: Flow used by an authenticated user to configure this Stage.
If empty, user will not be able to configure this stage.
friendly_name:
type: string
nullable: true
minLength: 1
client_id:
type: string
minLength: 1
client_secret:
type: string
writeOnly: true
minLength: 1
api_hostname:
type: string
minLength: 1
admin_integration_key:
type: string
admin_secret_key:
type: string
writeOnly: true
PatchedAuthenticatorSMSStageRequest:
type: object
description: AuthenticatorSMSStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
configure_flow:
type: string
format: uuid
nullable: true
description: Flow used by an authenticated user to configure this Stage.
If empty, user will not be able to configure this stage.
friendly_name:
type: string
nullable: true
minLength: 1
provider:
$ref: '#/components/schemas/ProviderEnum'
from_number:
type: string
minLength: 1
account_sid:
type: string
minLength: 1
auth:
type: string
minLength: 1
auth_password:
type: string
auth_type:
$ref: '#/components/schemas/AuthTypeEnum'
verify_only:
type: boolean
description: When enabled, the Phone number is only used during enrollment
to verify the users authenticity. Only a hash of the phone number is saved
to ensure it is not reused in the future.
mapping:
type: string
format: uuid
nullable: true
description: Optionally modify the payload being sent to custom providers.
PatchedAuthenticatorStaticStageRequest:
type: object
description: AuthenticatorStaticStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
configure_flow:
type: string
format: uuid
nullable: true
description: Flow used by an authenticated user to configure this Stage.
If empty, user will not be able to configure this stage.
friendly_name:
type: string
nullable: true
minLength: 1
token_count:
type: integer
maximum: 2147483647
minimum: 0
token_length:
type: integer
maximum: 2147483647
minimum: 0
PatchedAuthenticatorTOTPStageRequest:
type: object
description: AuthenticatorTOTPStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
configure_flow:
type: string
format: uuid
nullable: true
description: Flow used by an authenticated user to configure this Stage.
If empty, user will not be able to configure this stage.
friendly_name:
type: string
nullable: true
minLength: 1
digits:
$ref: '#/components/schemas/DigitsEnum'
PatchedAuthenticatorValidateStageRequest:
type: object
description: AuthenticatorValidateStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
not_configured_action:
$ref: '#/components/schemas/NotConfiguredActionEnum'
device_classes:
type: array
items:
$ref: '#/components/schemas/DeviceClassesEnum'
description: Device classes which can be used to authenticate
configuration_stages:
type: array
items:
type: string
format: uuid
description: Stages used to configure Authenticator when user doesn't have
any compatible devices. After this configuration Stage passes, the user
is not prompted again.
last_auth_threshold:
type: string
minLength: 1
description: If any of the user's device has been used within this threshold,
this stage will be skipped
webauthn_user_verification:
allOf:
- $ref: '#/components/schemas/UserVerificationEnum'
description: |-
Enforce user verification for WebAuthn devices.
* `required` - Required
* `preferred` - Preferred
* `discouraged` - Discouraged
PatchedBlueprintInstanceRequest:
type: object
description: Info about a single blueprint instance file
properties:
name:
type: string
minLength: 1
path:
type: string
default: ''
context: {}
enabled:
type: boolean
content:
type: string
PatchedCaptchaStageRequest:
type: object
description: CaptchaStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
public_key:
type: string
minLength: 1
description: Public key, acquired your captcha Provider.
private_key:
type: string
writeOnly: true
minLength: 1
description: Private key, acquired your captcha Provider.
js_url:
type: string
minLength: 1
api_url:
type: string
minLength: 1
PatchedCertificateKeyPairRequest:
type: object
description: CertificateKeyPair Serializer
properties:
name:
type: string
minLength: 1
certificate_data:
type: string
writeOnly: true
minLength: 1
description: PEM-encoded Certificate data
key_data:
type: string
writeOnly: true
description: Optional Private Key. If this is set, you can use this keypair
for encryption.
PatchedConsentStageRequest:
type: object
description: ConsentStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
mode:
$ref: '#/components/schemas/ConsentStageModeEnum'
consent_expire_in:
type: string
minLength: 1
title: Consent expires in
description: 'Offset after which consent expires. (Format: hours=1;minutes=2;seconds=3).'
PatchedDenyStageRequest:
type: object
description: DenyStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
deny_message:
type: string
PatchedDockerServiceConnectionRequest:
type: object
description: DockerServiceConnection Serializer
properties:
name:
type: string
minLength: 1
local:
type: boolean
description: If enabled, use the local connection. Required Docker socket/Kubernetes
Integration
url:
type: string
minLength: 1
description: Can be in the format of 'unix://<path>' when connecting to
a local docker daemon, or 'https://<hostname>:2376' when connecting to
a remote system.
tls_verification:
type: string
format: uuid
nullable: true
description: CA which the endpoint's Certificate is verified against. Can
be left empty for no validation.
tls_authentication:
type: string
format: uuid
nullable: true
description: Certificate/Key used for authentication. Can be left empty
for no authentication.
PatchedDummyPolicyRequest:
type: object
description: Dummy Policy Serializer
properties:
name:
type: string
minLength: 1
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
result:
type: boolean
wait_min:
type: integer
maximum: 2147483647
minimum: -2147483648
wait_max:
type: integer
maximum: 2147483647
minimum: -2147483648
PatchedDummyStageRequest:
type: object
description: DummyStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
throw_error:
type: boolean
PatchedDuoDeviceRequest:
type: object
description: Serializer for Duo authenticator devices
properties:
name:
type: string
minLength: 1
description: The human-readable name of this device.
maxLength: 64
PatchedEmailStageRequest:
type: object
description: EmailStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
use_global_settings:
type: boolean
description: When enabled, global Email connection settings will be used
and connection settings below will be ignored.
host:
type: string
minLength: 1
port:
type: integer
maximum: 2147483647
minimum: -2147483648
username:
type: string
password:
type: string
writeOnly: true
use_tls:
type: boolean
use_ssl:
type: boolean
timeout:
type: integer
maximum: 2147483647
minimum: -2147483648
from_address:
type: string
format: email
minLength: 1
maxLength: 254
token_expiry:
type: integer
maximum: 2147483647
minimum: -2147483648
description: Time in minutes the token sent is valid.
subject:
type: string
minLength: 1
template:
type: string
minLength: 1
activate_user_on_success:
type: boolean
description: Activate users upon completion of stage.
PatchedEndpointRequest:
type: object
description: Endpoint Serializer
properties:
name:
type: string
minLength: 1
provider:
type: integer
protocol:
$ref: '#/components/schemas/ProtocolEnum'
host:
type: string
minLength: 1
settings: {}
property_mappings:
type: array
items:
type: string
format: uuid
auth_mode:
$ref: '#/components/schemas/AuthModeEnum'
PatchedEventMatcherPolicyRequest:
type: object
description: Event Matcher Policy Serializer
properties:
name:
type: string
minLength: 1
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
action:
allOf:
- $ref: '#/components/schemas/EventActions'
nullable: true
description: |-
Match created events with this action type. When left empty, all action types will be matched.
* `login` - Login
* `login_failed` - Login Failed
* `logout` - Logout
* `user_write` - User Write
* `suspicious_request` - Suspicious Request
* `password_set` - Password Set
* `secret_view` - Secret View
* `secret_rotate` - Secret Rotate
* `invitation_used` - Invite Used
* `authorize_application` - Authorize Application
* `source_linked` - Source Linked
* `impersonation_started` - Impersonation Started
* `impersonation_ended` - Impersonation Ended
* `flow_execution` - Flow Execution
* `policy_execution` - Policy Execution
* `policy_exception` - Policy Exception
* `property_mapping_exception` - Property Mapping Exception
* `system_task_execution` - System Task Execution
* `system_task_exception` - System Task Exception
* `system_exception` - System Exception
* `configuration_error` - Configuration Error
* `model_created` - Model Created
* `model_updated` - Model Updated
* `model_deleted` - Model Deleted
* `email_sent` - Email Sent
* `update_available` - Update Available
* `custom_` - Custom Prefix
client_ip:
type: string
nullable: true
minLength: 1
description: Matches Event's Client IP (strict matching, for network matching
use an Expression Policy)
app:
allOf:
- $ref: '#/components/schemas/AppEnum'
nullable: true
description: |-
Match events created by selected application. When left empty, all applications are matched.
* `authentik.admin` - authentik Admin
* `authentik.api` - authentik API
* `authentik.crypto` - authentik Crypto
* `authentik.events` - authentik Events
* `authentik.flows` - authentik Flows
* `authentik.outposts` - authentik Outpost
* `authentik.policies.dummy` - authentik Policies.Dummy
* `authentik.policies.event_matcher` - authentik Policies.Event Matcher
* `authentik.policies.expiry` - authentik Policies.Expiry
* `authentik.policies.expression` - authentik Policies.Expression
* `authentik.policies.password` - authentik Policies.Password
* `authentik.policies.reputation` - authentik Policies.Reputation
* `authentik.policies` - authentik Policies
* `authentik.providers.ldap` - authentik Providers.LDAP
* `authentik.providers.oauth2` - authentik Providers.OAuth2
* `authentik.providers.proxy` - authentik Providers.Proxy
* `authentik.providers.radius` - authentik Providers.Radius
* `authentik.providers.saml` - authentik Providers.SAML
* `authentik.providers.scim` - authentik Providers.SCIM
* `authentik.rbac` - authentik RBAC
* `authentik.recovery` - authentik Recovery
* `authentik.sources.ldap` - authentik Sources.LDAP
* `authentik.sources.oauth` - authentik Sources.OAuth
* `authentik.sources.plex` - authentik Sources.Plex
* `authentik.sources.saml` - authentik Sources.SAML
* `authentik.stages.authenticator` - authentik Stages.Authenticator
* `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo
* `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS
* `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static
* `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP
* `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate
* `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn
* `authentik.stages.captcha` - authentik Stages.Captcha
* `authentik.stages.consent` - authentik Stages.Consent
* `authentik.stages.deny` - authentik Stages.Deny
* `authentik.stages.dummy` - authentik Stages.Dummy
* `authentik.stages.email` - authentik Stages.Email
* `authentik.stages.identification` - authentik Stages.Identification
* `authentik.stages.invitation` - authentik Stages.User Invitation
* `authentik.stages.password` - authentik Stages.Password
* `authentik.stages.prompt` - authentik Stages.Prompt
* `authentik.stages.user_delete` - authentik Stages.User Delete
* `authentik.stages.user_login` - authentik Stages.User Login
* `authentik.stages.user_logout` - authentik Stages.User Logout
* `authentik.stages.user_write` - authentik Stages.User Write
* `authentik.tenants` - authentik Tenants
* `authentik.blueprints` - authentik Blueprints
* `authentik.core` - authentik Core
* `authentik.enterprise` - authentik Enterprise
* `authentik.enterprise.providers.rac` - authentik Enterprise.Providers.RAC
model:
allOf:
- $ref: '#/components/schemas/ModelEnum'
nullable: true
description: |-
Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
* `authentik_crypto.certificatekeypair` - Certificate-Key Pair
* `authentik_events.event` - Event
* `authentik_events.notificationtransport` - Notification Transport
* `authentik_events.notification` - Notification
* `authentik_events.notificationrule` - Notification Rule
* `authentik_events.notificationwebhookmapping` - Webhook Mapping
* `authentik_flows.flow` - Flow
* `authentik_flows.flowstagebinding` - Flow Stage Binding
* `authentik_outposts.dockerserviceconnection` - Docker Service-Connection
* `authentik_outposts.kubernetesserviceconnection` - Kubernetes Service-Connection
* `authentik_outposts.outpost` - Outpost
* `authentik_policies_dummy.dummypolicy` - Dummy Policy
* `authentik_policies_event_matcher.eventmatcherpolicy` - Event Matcher Policy
* `authentik_policies_expiry.passwordexpirypolicy` - Password Expiry Policy
* `authentik_policies_expression.expressionpolicy` - Expression Policy
* `authentik_policies_password.passwordpolicy` - Password Policy
* `authentik_policies_reputation.reputationpolicy` - Reputation Policy
* `authentik_policies_reputation.reputation` - Reputation Score
* `authentik_policies.policybinding` - Policy Binding
* `authentik_providers_ldap.ldapprovider` - LDAP Provider
* `authentik_providers_oauth2.scopemapping` - Scope Mapping
* `authentik_providers_oauth2.oauth2provider` - OAuth2/OpenID Provider
* `authentik_providers_oauth2.authorizationcode` - Authorization Code
* `authentik_providers_oauth2.accesstoken` - OAuth2 Access Token
* `authentik_providers_oauth2.refreshtoken` - OAuth2 Refresh Token
* `authentik_providers_proxy.proxyprovider` - Proxy Provider
* `authentik_providers_radius.radiusprovider` - Radius Provider
* `authentik_providers_saml.samlprovider` - SAML Provider
* `authentik_providers_saml.samlpropertymapping` - SAML Property Mapping
* `authentik_providers_scim.scimprovider` - SCIM Provider
* `authentik_providers_scim.scimmapping` - SCIM Mapping
* `authentik_rbac.role` - Role
* `authentik_sources_ldap.ldapsource` - LDAP Source
* `authentik_sources_ldap.ldappropertymapping` - LDAP Property Mapping
* `authentik_sources_oauth.oauthsource` - OAuth Source
* `authentik_sources_oauth.useroauthsourceconnection` - User OAuth Source Connection
* `authentik_sources_plex.plexsource` - Plex Source
* `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection
* `authentik_sources_saml.samlsource` - SAML Source
* `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection
* `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage
* `authentik_stages_authenticator_duo.duodevice` - Duo Device
* `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
* `authentik_stages_authenticator_sms.smsdevice` - SMS Device
* `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage
* `authentik_stages_authenticator_static.staticdevice` - Static Device
* `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage
* `authentik_stages_authenticator_totp.totpdevice` - TOTP Device
* `authentik_stages_authenticator_validate.authenticatorvalidatestage` - Authenticator Validation Stage
* `authentik_stages_authenticator_webauthn.authenticatewebauthnstage` - WebAuthn Authenticator Setup Stage
* `authentik_stages_authenticator_webauthn.webauthndevice` - WebAuthn Device
* `authentik_stages_captcha.captchastage` - Captcha Stage
* `authentik_stages_consent.consentstage` - Consent Stage
* `authentik_stages_consent.userconsent` - User Consent
* `authentik_stages_deny.denystage` - Deny Stage
* `authentik_stages_dummy.dummystage` - Dummy Stage
* `authentik_stages_email.emailstage` - Email Stage
* `authentik_stages_identification.identificationstage` - Identification Stage
* `authentik_stages_invitation.invitationstage` - Invitation Stage
* `authentik_stages_invitation.invitation` - Invitation
* `authentik_stages_password.passwordstage` - Password Stage
* `authentik_stages_prompt.prompt` - Prompt
* `authentik_stages_prompt.promptstage` - Prompt Stage
* `authentik_stages_user_delete.userdeletestage` - User Delete Stage
* `authentik_stages_user_login.userloginstage` - User Login Stage
* `authentik_stages_user_logout.userlogoutstage` - User Logout Stage
* `authentik_stages_user_write.userwritestage` - User Write Stage
* `authentik_tenants.tenant` - Tenant
* `authentik_blueprints.blueprintinstance` - Blueprint Instance
* `authentik_core.group` - Group
* `authentik_core.user` - User
* `authentik_core.application` - Application
* `authentik_core.token` - Token
* `authentik_enterprise.license` - License
* `authentik_providers_rac.racprovider` - RAC Provider
* `authentik_providers_rac.endpoint` - RAC Endpoint
* `authentik_providers_rac.racpropertymapping` - RAC Property Mapping
PatchedEventRequest:
type: object
description: Event Serializer
properties:
user: {}
action:
$ref: '#/components/schemas/EventActions'
app:
type: string
minLength: 1
context: {}
client_ip:
type: string
nullable: true
minLength: 1
expires:
type: string
format: date-time
tenant: {}
PatchedExpressionPolicyRequest:
type: object
description: Group Membership Policy Serializer
properties:
name:
type: string
minLength: 1
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
expression:
type: string
minLength: 1
PatchedFlowRequest:
type: object
description: Flow Serializer
properties:
name:
type: string
minLength: 1
slug:
type: string
minLength: 1
description: Visible in the URL.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
title:
type: string
minLength: 1
description: Shown as the Title in Flow pages.
designation:
allOf:
- $ref: '#/components/schemas/FlowDesignationEnum'
description: |-
Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik.
* `authentication` - Authentication
* `authorization` - Authorization
* `invalidation` - Invalidation
* `enrollment` - Enrollment
* `unenrollment` - Unrenollment
* `recovery` - Recovery
* `stage_configuration` - Stage Configuration
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
compatibility_mode:
type: boolean
description: Enable compatibility mode, increases compatibility with password
managers on mobile devices.
layout:
$ref: '#/components/schemas/FlowLayoutEnum'
denied_action:
allOf:
- $ref: '#/components/schemas/DeniedActionEnum'
description: |-
Configure what should happen when a flow denies access to a user.
* `message_continue` - Message Continue
* `message` - Message
* `continue` - Continue
authentication:
allOf:
- $ref: '#/components/schemas/AuthenticationEnum'
description: |-
Required level of authentication and authorization to access a flow.
* `none` - None
* `require_authenticated` - Require Authenticated
* `require_unauthenticated` - Require Unauthenticated
* `require_superuser` - Require Superuser
* `require_outpost` - Require Outpost
PatchedFlowStageBindingRequest:
type: object
description: FlowStageBinding Serializer
properties:
target:
type: string
format: uuid
stage:
type: string
format: uuid
evaluate_on_plan:
type: boolean
description: Evaluate policies during the Flow planning process.
re_evaluate_policies:
type: boolean
description: Evaluate policies when the Stage is present to the user.
order:
type: integer
maximum: 2147483647
minimum: -2147483648
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
invalid_response_action:
allOf:
- $ref: '#/components/schemas/InvalidResponseActionEnum'
description: |-
Configure how the flow executor should handle an invalid response to a challenge. RETRY returns the error message and a similar challenge to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT restarts the flow while keeping the current context.
* `retry` - Retry
* `restart` - Restart
* `restart_with_context` - Restart With Context
PatchedGroupRequest:
type: object
description: Group Serializer
properties:
name:
type: string
minLength: 1
maxLength: 80
is_superuser:
type: boolean
description: Users added to this group will be superusers.
parent:
type: string
format: uuid
nullable: true
users:
type: array
items:
type: integer
attributes:
type: object
additionalProperties: {}
roles:
type: array
items:
type: string
format: uuid
PatchedIdentificationStageRequest:
type: object
description: IdentificationStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
user_fields:
type: array
items:
$ref: '#/components/schemas/UserFieldsEnum'
description: Fields of the user object to match against. (Hold shift to
select multiple options)
password_stage:
type: string
format: uuid
nullable: true
description: When set, shows a password field, instead of showing the password
field as seaprate step.
case_insensitive_matching:
type: boolean
description: When enabled, user fields are matched regardless of their casing.
show_matched_user:
type: boolean
description: When a valid username/email has been entered, and this option
is enabled, the user's username and avatar will be shown. Otherwise, the
text that the user entered will be shown
enrollment_flow:
type: string
format: uuid
nullable: true
description: Optional enrollment flow, which is linked at the bottom of
the page.
recovery_flow:
type: string
format: uuid
nullable: true
description: Optional recovery flow, which is linked at the bottom of the
page.
passwordless_flow:
type: string
format: uuid
nullable: true
description: Optional passwordless flow, which is linked at the bottom of
the page.
sources:
type: array
items:
type: string
format: uuid
description: Specify which sources should be shown.
show_source_labels:
type: boolean
pretend_user_exists:
type: boolean
description: When enabled, the stage will succeed and continue even when
incorrect user info is entered.
PatchedInvitationRequest:
type: object
description: Invitation Serializer
properties:
name:
type: string
minLength: 1
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
expires:
type: string
format: date-time
fixed_data:
type: object
additionalProperties: {}
single_use:
type: boolean
description: When enabled, the invitation will be deleted after usage.
flow:
type: string
format: uuid
nullable: true
description: When set, only the configured flow can use this invitation.
PatchedInvitationStageRequest:
type: object
description: InvitationStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
continue_flow_without_invitation:
type: boolean
description: If this flag is set, this Stage will jump to the next Stage
when no Invitation is given. By default this Stage will cancel the Flow
when no invitation is given.
PatchedKubernetesServiceConnectionRequest:
type: object
description: KubernetesServiceConnection Serializer
properties:
name:
type: string
minLength: 1
local:
type: boolean
description: If enabled, use the local connection. Required Docker socket/Kubernetes
Integration
kubeconfig:
description: Paste your kubeconfig here. authentik will automatically use
the currently selected context.
verify_ssl:
type: boolean
description: Verify SSL Certificates of the Kubernetes API endpoint
PatchedLDAPPropertyMappingRequest:
type: object
description: LDAP PropertyMapping Serializer
properties:
managed:
type: string
nullable: true
minLength: 1
title: Managed by authentik
description: Objects that are managed by authentik. These objects are created
and updated automatically. This flag only indicates that an object can
be overwritten by migrations. You can still modify the objects via the
API, but expect changes to be overwritten in a later update.
name:
type: string
minLength: 1
expression:
type: string
minLength: 1
object_field:
type: string
minLength: 1
PatchedLDAPProviderRequest:
type: object
description: LDAPProvider Serializer
properties:
name:
type: string
minLength: 1
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow used for authentication when the associated application
is accessed by an un-authenticated user.
authorization_flow:
type: string
format: uuid
description: Flow used when authorizing this provider.
property_mappings:
type: array
items:
type: string
format: uuid
base_dn:
type: string
minLength: 1
description: DN under which objects are accessible.
search_group:
type: string
format: uuid
nullable: true
description: Users in this group can do search queries. If not set, every
user can execute search queries.
certificate:
type: string
format: uuid
nullable: true
tls_server_name:
type: string
uid_start_number:
type: integer
maximum: 2147483647
minimum: -2147483648
description: The start for uidNumbers, this number is added to the user.pk
to make sure that the numbers aren't too low for POSIX users. Default
is 2000 to ensure that we don't collide with local users uidNumber
gid_start_number:
type: integer
maximum: 2147483647
minimum: -2147483648
description: The start for gidNumbers, this number is added to a number
generated from the group.pk to make sure that the numbers aren't too low
for POSIX groups. Default is 4000 to ensure that we don't collide with
local groups or users primary groups gidNumber
search_mode:
$ref: '#/components/schemas/LDAPAPIAccessMode'
bind_mode:
$ref: '#/components/schemas/LDAPAPIAccessMode'
mfa_support:
type: boolean
description: When enabled, code-based multi-factor authentication can be
used by appending a semicolon and the TOTP code to the password. This
should only be enabled if all users that will bind to this provider have
a TOTP device configured, as otherwise a password may incorrectly be rejected
if it contains a semicolon.
PatchedLDAPSourceRequest:
type: object
description: LDAP Source Serializer
properties:
name:
type: string
minLength: 1
description: Source's display Name.
slug:
type: string
minLength: 1
description: Internal source name, used in URLs.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
enabled:
type: boolean
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow to use when authenticating existing users.
enrollment_flow:
type: string
format: uuid
nullable: true
description: Flow to use when enrolling new users.
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
user_matching_mode:
allOf:
- $ref: '#/components/schemas/UserMatchingModeEnum'
description: |-
How the source determines if an existing user should be authenticated or a new user enrolled.
* `identifier` - Use the source-specific identifier
* `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses.
* `email_deny` - Use the user's email address, but deny enrollment when the email address already exists.
* `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source.
* `username_deny` - Use the user's username, but deny enrollment when the username already exists.
user_path_template:
type: string
minLength: 1
server_uri:
type: string
minLength: 1
format: uri
peer_certificate:
type: string
format: uuid
nullable: true
description: Optionally verify the LDAP Server's Certificate against the
CA Chain in this keypair.
client_certificate:
type: string
format: uuid
nullable: true
description: Client certificate to authenticate against the LDAP Server's
Certificate.
bind_cn:
type: string
bind_password:
type: string
writeOnly: true
start_tls:
type: boolean
title: Enable Start TLS
sni:
type: boolean
title: Use Server URI for SNI verification
base_dn:
type: string
minLength: 1
additional_user_dn:
type: string
title: Addition User DN
description: Prepended to Base DN for User-queries.
additional_group_dn:
type: string
title: Addition Group DN
description: Prepended to Base DN for Group-queries.
user_object_filter:
type: string
minLength: 1
description: Consider Objects matching this filter to be Users.
group_object_filter:
type: string
minLength: 1
description: Consider Objects matching this filter to be Groups.
group_membership_field:
type: string
minLength: 1
description: Field which contains members of a group.
object_uniqueness_field:
type: string
minLength: 1
description: Field which contains a unique Identifier.
sync_users:
type: boolean
sync_users_password:
type: boolean
description: When a user changes their password, sync it back to LDAP. This
can only be enabled on a single LDAP source.
sync_groups:
type: boolean
sync_parent_group:
type: string
format: uuid
nullable: true
property_mappings:
type: array
items:
type: string
format: uuid
property_mappings_group:
type: array
items:
type: string
format: uuid
description: Property mappings used for group creation/updating.
PatchedLicenseRequest:
type: object
description: License Serializer
properties:
key:
type: string
minLength: 1
PatchedNotificationRequest:
type: object
description: Notification Serializer
properties:
event:
$ref: '#/components/schemas/EventRequest'
seen:
type: boolean
PatchedNotificationRuleRequest:
type: object
description: NotificationRule Serializer
properties:
name:
type: string
minLength: 1
transports:
type: array
items:
type: string
format: uuid
description: Select which transports should be used to notify the user.
If none are selected, the notification will only be shown in the authentik
UI.
severity:
allOf:
- $ref: '#/components/schemas/SeverityEnum'
description: |-
Controls which severity level the created notifications will have.
* `notice` - Notice
* `warning` - Warning
* `alert` - Alert
group:
type: string
format: uuid
nullable: true
description: Define which group of users this notification should be sent
and shown to. If left empty, Notification won't ben sent.
PatchedNotificationTransportRequest:
type: object
description: NotificationTransport Serializer
properties:
name:
type: string
minLength: 1
mode:
$ref: '#/components/schemas/NotificationTransportModeEnum'
webhook_url:
type: string
format: uri
webhook_mapping:
type: string
format: uuid
nullable: true
send_once:
type: boolean
description: Only send notification once, for example when sending a webhook
into a chat channel.
PatchedNotificationWebhookMappingRequest:
type: object
description: NotificationWebhookMapping Serializer
properties:
name:
type: string
minLength: 1
expression:
type: string
minLength: 1
PatchedOAuth2ProviderRequest:
type: object
description: OAuth2Provider Serializer
properties:
name:
type: string
minLength: 1
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow used for authentication when the associated application
is accessed by an un-authenticated user.
authorization_flow:
type: string
format: uuid
description: Flow used when authorizing this provider.
property_mappings:
type: array
items:
type: string
format: uuid
client_type:
allOf:
- $ref: '#/components/schemas/ClientTypeEnum'
description: |-
Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable
* `confidential` - Confidential
* `public` - Public
client_id:
type: string
minLength: 1
maxLength: 255
client_secret:
type: string
maxLength: 255
access_code_validity:
type: string
minLength: 1
description: 'Access codes not valid on or after current time + this value
(Format: hours=1;minutes=2;seconds=3).'
access_token_validity:
type: string
minLength: 1
description: 'Tokens not valid on or after current time + this value (Format:
hours=1;minutes=2;seconds=3).'
refresh_token_validity:
type: string
minLength: 1
description: 'Tokens not valid on or after current time + this value (Format:
hours=1;minutes=2;seconds=3).'
include_claims_in_id_token:
type: boolean
description: Include User claims from scopes in the id_token, for applications
that don't access the userinfo endpoint.
signing_key:
type: string
format: uuid
nullable: true
description: Key used to sign the tokens. Only required when JWT Algorithm
is set to RS256.
redirect_uris:
type: string
description: Enter each URI on a new line.
sub_mode:
allOf:
- $ref: '#/components/schemas/SubModeEnum'
description: |-
Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
* `hashed_user_id` - Based on the Hashed User ID
* `user_id` - Based on user ID
* `user_uuid` - Based on user UUID
* `user_username` - Based on the username
* `user_email` - Based on the User's Email. This is recommended over the UPN method.
* `user_upn` - Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains.
issuer_mode:
allOf:
- $ref: '#/components/schemas/IssuerModeEnum'
description: |-
Configure how the issuer field of the ID Token should be filled.
* `global` - Same identifier is used for all providers
* `per_provider` - Each provider has a different issuer, based on the application slug.
jwks_sources:
type: array
items:
type: string
format: uuid
title: Any JWT signed by the JWK of the selected source can be used to
authenticate.
title: Any JWT signed by the JWK of the selected source can be used to authenticate.
PatchedOAuthSourceRequest:
type: object
description: OAuth Source Serializer
properties:
name:
type: string
minLength: 1
description: Source's display Name.
slug:
type: string
minLength: 1
description: Internal source name, used in URLs.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
enabled:
type: boolean
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow to use when authenticating existing users.
enrollment_flow:
type: string
format: uuid
nullable: true
description: Flow to use when enrolling new users.
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
user_matching_mode:
allOf:
- $ref: '#/components/schemas/UserMatchingModeEnum'
description: |-
How the source determines if an existing user should be authenticated or a new user enrolled.
* `identifier` - Use the source-specific identifier
* `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses.
* `email_deny` - Use the user's email address, but deny enrollment when the email address already exists.
* `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source.
* `username_deny` - Use the user's username, but deny enrollment when the username already exists.
user_path_template:
type: string
minLength: 1
provider_type:
$ref: '#/components/schemas/ProviderTypeEnum'
request_token_url:
type: string
nullable: true
minLength: 1
description: URL used to request the initial token. This URL is only required
for OAuth 1.
maxLength: 255
authorization_url:
type: string
nullable: true
minLength: 1
description: URL the user is redirect to to conest the flow.
maxLength: 255
access_token_url:
type: string
nullable: true
minLength: 1
description: URL used by authentik to retrieve tokens.
maxLength: 255
profile_url:
type: string
nullable: true
minLength: 1
description: URL used by authentik to get user information.
maxLength: 255
consumer_key:
type: string
minLength: 1
consumer_secret:
type: string
writeOnly: true
minLength: 1
additional_scopes:
type: string
oidc_well_known_url:
type: string
oidc_jwks_url:
type: string
oidc_jwks: {}
PatchedOutpostRequest:
type: object
description: Outpost Serializer
properties:
name:
type: string
minLength: 1
type:
$ref: '#/components/schemas/OutpostTypeEnum'
providers:
type: array
items:
type: integer
service_connection:
type: string
format: uuid
nullable: true
description: Select Service-Connection authentik should use to manage this
outpost. Leave empty if authentik should not handle the deployment.
config:
type: object
additionalProperties: {}
managed:
type: string
nullable: true
minLength: 1
title: Managed by authentik
description: Objects that are managed by authentik. These objects are created
and updated automatically. This flag only indicates that an object can
be overwritten by migrations. You can still modify the objects via the
API, but expect changes to be overwritten in a later update.
PatchedPasswordExpiryPolicyRequest:
type: object
description: Password Expiry Policy Serializer
properties:
name:
type: string
minLength: 1
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
days:
type: integer
maximum: 2147483647
minimum: -2147483648
deny_only:
type: boolean
PatchedPasswordPolicyRequest:
type: object
description: Password Policy Serializer
properties:
name:
type: string
minLength: 1
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
password_field:
type: string
minLength: 1
description: Field key to check, field keys defined in Prompt stages are
available.
amount_digits:
type: integer
maximum: 2147483647
minimum: 0
amount_uppercase:
type: integer
maximum: 2147483647
minimum: 0
amount_lowercase:
type: integer
maximum: 2147483647
minimum: 0
amount_symbols:
type: integer
maximum: 2147483647
minimum: 0
length_min:
type: integer
maximum: 2147483647
minimum: 0
symbol_charset:
type: string
minLength: 1
error_message:
type: string
check_static_rules:
type: boolean
check_have_i_been_pwned:
type: boolean
check_zxcvbn:
type: boolean
hibp_allowed_count:
type: integer
maximum: 2147483647
minimum: 0
description: How many times the password hash is allowed to be on haveibeenpwned
zxcvbn_score_threshold:
type: integer
maximum: 2147483647
minimum: 0
description: If the zxcvbn score is equal or less than this value, the policy
will fail.
PatchedPasswordStageRequest:
type: object
description: PasswordStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
backends:
type: array
items:
$ref: '#/components/schemas/BackendsEnum'
description: Selection of backends to test the password against.
configure_flow:
type: string
format: uuid
nullable: true
description: Flow used by an authenticated user to configure this Stage.
If empty, user will not be able to configure this stage.
failed_attempts_before_cancel:
type: integer
maximum: 2147483647
minimum: -2147483648
description: How many attempts a user has before the flow is canceled. To
lock the user out, use a reputation policy and a user_write stage.
PatchedPermissionAssignRequest:
type: object
description: Request to assign a new permission
properties:
permissions:
type: array
items:
type: string
minLength: 1
model:
$ref: '#/components/schemas/ModelEnum'
object_pk:
type: string
minLength: 1
PatchedPlexSourceConnectionRequest:
type: object
description: Plex Source connection Serializer
properties:
identifier:
type: string
minLength: 1
plex_token:
type: string
minLength: 1
PatchedPlexSourceRequest:
type: object
description: Plex Source Serializer
properties:
name:
type: string
minLength: 1
description: Source's display Name.
slug:
type: string
minLength: 1
description: Internal source name, used in URLs.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
enabled:
type: boolean
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow to use when authenticating existing users.
enrollment_flow:
type: string
format: uuid
nullable: true
description: Flow to use when enrolling new users.
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
user_matching_mode:
allOf:
- $ref: '#/components/schemas/UserMatchingModeEnum'
description: |-
How the source determines if an existing user should be authenticated or a new user enrolled.
* `identifier` - Use the source-specific identifier
* `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses.
* `email_deny` - Use the user's email address, but deny enrollment when the email address already exists.
* `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source.
* `username_deny` - Use the user's username, but deny enrollment when the username already exists.
user_path_template:
type: string
minLength: 1
client_id:
type: string
minLength: 1
description: Client identifier used to talk to Plex.
allowed_servers:
type: array
items:
type: string
minLength: 1
description: Which servers a user has to be a member of to be granted access.
Empty list allows every server.
allow_friends:
type: boolean
description: Allow friends to authenticate, even if you don't share a server.
plex_token:
type: string
minLength: 1
description: Plex token used to check friends
PatchedPolicyBindingRequest:
type: object
description: PolicyBinding Serializer
properties:
policy:
type: string
format: uuid
nullable: true
group:
type: string
format: uuid
nullable: true
user:
type: integer
nullable: true
target:
type: string
format: uuid
negate:
type: boolean
description: Negates the outcome of the policy. Messages are unaffected.
enabled:
type: boolean
order:
type: integer
maximum: 2147483647
minimum: -2147483648
timeout:
type: integer
maximum: 2147483647
minimum: 0
description: Timeout after which Policy execution is terminated.
failure_result:
type: boolean
description: Result if the Policy execution fails.
PatchedPromptRequest:
type: object
description: Prompt Serializer
properties:
name:
type: string
minLength: 1
field_key:
type: string
minLength: 1
description: Name of the form field, also used to store the value
label:
type: string
minLength: 1
type:
$ref: '#/components/schemas/PromptTypeEnum'
required:
type: boolean
placeholder:
type: string
description: Optionally provide a short hint that describes the expected
input value. When creating a fixed choice field, enable interpreting as
expression and return a list to return multiple choices.
initial_value:
type: string
description: Optionally pre-fill the input with an initial value. When creating
a fixed choice field, enable interpreting as expression and return a list
to return multiple default choices.
order:
type: integer
maximum: 2147483647
minimum: -2147483648
promptstage_set:
type: array
items:
$ref: '#/components/schemas/StageRequest'
sub_text:
type: string
placeholder_expression:
type: boolean
initial_value_expression:
type: boolean
PatchedPromptStageRequest:
type: object
description: PromptStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
fields:
type: array
items:
type: string
format: uuid
validation_policies:
type: array
items:
type: string
format: uuid
PatchedProxyProviderRequest:
type: object
description: ProxyProvider Serializer
properties:
name:
type: string
minLength: 1
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow used for authentication when the associated application
is accessed by an un-authenticated user.
authorization_flow:
type: string
format: uuid
description: Flow used when authorizing this provider.
property_mappings:
type: array
items:
type: string
format: uuid
internal_host:
type: string
format: uri
external_host:
type: string
minLength: 1
format: uri
internal_host_ssl_validation:
type: boolean
description: Validate SSL Certificates of upstream servers
certificate:
type: string
format: uuid
nullable: true
skip_path_regex:
type: string
description: Regular expressions for which authentication is not required.
Each new line is interpreted as a new Regular Expression.
basic_auth_enabled:
type: boolean
title: Set HTTP-Basic Authentication
description: Set a custom HTTP-Basic Authentication header based on values
from authentik.
basic_auth_password_attribute:
type: string
title: HTTP-Basic Password Key
description: User/Group Attribute used for the password part of the HTTP-Basic
Header.
basic_auth_user_attribute:
type: string
title: HTTP-Basic Username Key
description: User/Group Attribute used for the user part of the HTTP-Basic
Header. If not set, the user's Email address is used.
mode:
allOf:
- $ref: '#/components/schemas/ProxyMode'
description: |-
Enable support for forwardAuth in traefik and nginx auth_request. Exclusive with internal_host.
* `proxy` - Proxy
* `forward_single` - Forward Single
* `forward_domain` - Forward Domain
intercept_header_auth:
type: boolean
description: When enabled, this provider will intercept the authorization
header and authenticate requests based on its value.
cookie_domain:
type: string
jwks_sources:
type: array
items:
type: string
format: uuid
title: Any JWT signed by the JWK of the selected source can be used to
authenticate.
title: Any JWT signed by the JWK of the selected source can be used to authenticate.
access_token_validity:
type: string
minLength: 1
description: 'Tokens not valid on or after current time + this value (Format:
hours=1;minutes=2;seconds=3).'
refresh_token_validity:
type: string
minLength: 1
description: 'Tokens not valid on or after current time + this value (Format:
hours=1;minutes=2;seconds=3).'
PatchedRACPropertyMappingRequest:
type: object
description: RACPropertyMapping Serializer
properties:
managed:
type: string
nullable: true
minLength: 1
title: Managed by authentik
description: Objects that are managed by authentik. These objects are created
and updated automatically. This flag only indicates that an object can
be overwritten by migrations. You can still modify the objects via the
API, but expect changes to be overwritten in a later update.
name:
type: string
minLength: 1
expression:
type: string
static_settings:
type: object
additionalProperties: {}
PatchedRACProviderRequest:
type: object
description: RACProvider Serializer
properties:
name:
type: string
minLength: 1
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow used for authentication when the associated application
is accessed by an un-authenticated user.
authorization_flow:
type: string
format: uuid
description: Flow used when authorizing this provider.
property_mappings:
type: array
items:
type: string
format: uuid
settings: {}
connection_expiry:
type: string
minLength: 1
description: 'Determines how long a session lasts. Default of 0 means that
the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)'
PatchedRadiusProviderRequest:
type: object
description: RadiusProvider Serializer
properties:
name:
type: string
minLength: 1
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow used for authentication when the associated application
is accessed by an un-authenticated user.
authorization_flow:
type: string
format: uuid
description: Flow used when authorizing this provider.
property_mappings:
type: array
items:
type: string
format: uuid
client_networks:
type: string
minLength: 1
description: List of CIDRs (comma-separated) that clients can connect from.
A more specific CIDR will match before a looser one. Clients connecting
from a non-specified CIDR will be dropped.
shared_secret:
type: string
minLength: 1
description: Shared secret between clients and server to hash packets.
mfa_support:
type: boolean
description: When enabled, code-based multi-factor authentication can be
used by appending a semicolon and the TOTP code to the password. This
should only be enabled if all users that will bind to this provider have
a TOTP device configured, as otherwise a password may incorrectly be rejected
if it contains a semicolon.
PatchedReputationPolicyRequest:
type: object
description: Reputation Policy Serializer
properties:
name:
type: string
minLength: 1
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
check_ip:
type: boolean
check_username:
type: boolean
threshold:
type: integer
maximum: 2147483647
minimum: -2147483648
PatchedRoleRequest:
type: object
description: Role serializer
properties:
name:
type: string
minLength: 1
maxLength: 150
PatchedSAMLPropertyMappingRequest:
type: object
description: SAMLPropertyMapping Serializer
properties:
managed:
type: string
nullable: true
minLength: 1
title: Managed by authentik
description: Objects that are managed by authentik. These objects are created
and updated automatically. This flag only indicates that an object can
be overwritten by migrations. You can still modify the objects via the
API, but expect changes to be overwritten in a later update.
name:
type: string
minLength: 1
expression:
type: string
minLength: 1
saml_name:
type: string
minLength: 1
friendly_name:
type: string
nullable: true
PatchedSAMLProviderRequest:
type: object
description: SAMLProvider Serializer
properties:
name:
type: string
minLength: 1
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow used for authentication when the associated application
is accessed by an un-authenticated user.
authorization_flow:
type: string
format: uuid
description: Flow used when authorizing this provider.
property_mappings:
type: array
items:
type: string
format: uuid
acs_url:
type: string
format: uri
minLength: 1
maxLength: 200
audience:
type: string
description: Value of the audience restriction field of the assertion. When
left empty, no audience restriction will be added.
issuer:
type: string
minLength: 1
description: Also known as EntityID
assertion_valid_not_before:
type: string
minLength: 1
description: 'Assertion valid not before current time + this value (Format:
hours=-1;minutes=-2;seconds=-3).'
assertion_valid_not_on_or_after:
type: string
minLength: 1
description: 'Assertion not valid on or after current time + this value
(Format: hours=1;minutes=2;seconds=3).'
session_valid_not_on_or_after:
type: string
minLength: 1
description: 'Session not valid on or after current time + this value (Format:
hours=1;minutes=2;seconds=3).'
name_id_mapping:
type: string
format: uuid
nullable: true
title: NameID Property Mapping
description: Configure how the NameID value will be created. When left empty,
the NameIDPolicy of the incoming request will be considered
digest_algorithm:
$ref: '#/components/schemas/DigestAlgorithmEnum'
signature_algorithm:
$ref: '#/components/schemas/SignatureAlgorithmEnum'
signing_kp:
type: string
format: uuid
nullable: true
title: Signing Keypair
description: Keypair used to sign outgoing Responses going to the Service
Provider.
verification_kp:
type: string
format: uuid
nullable: true
title: Verification Certificate
description: When selected, incoming assertion's Signatures will be validated
against this certificate. To allow unsigned Requests, leave on default.
sp_binding:
allOf:
- $ref: '#/components/schemas/SpBindingEnum'
title: Service Provider Binding
description: |-
This determines how authentik sends the response back to the Service Provider.
* `redirect` - Redirect
* `post` - Post
default_relay_state:
type: string
description: Default relay_state value for IDP-initiated logins
PatchedSAMLSourceRequest:
type: object
description: SAMLSource Serializer
properties:
name:
type: string
minLength: 1
description: Source's display Name.
slug:
type: string
minLength: 1
description: Internal source name, used in URLs.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
enabled:
type: boolean
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow to use when authenticating existing users.
enrollment_flow:
type: string
format: uuid
nullable: true
description: Flow to use when enrolling new users.
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
user_matching_mode:
allOf:
- $ref: '#/components/schemas/UserMatchingModeEnum'
description: |-
How the source determines if an existing user should be authenticated or a new user enrolled.
* `identifier` - Use the source-specific identifier
* `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses.
* `email_deny` - Use the user's email address, but deny enrollment when the email address already exists.
* `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source.
* `username_deny` - Use the user's username, but deny enrollment when the username already exists.
user_path_template:
type: string
minLength: 1
pre_authentication_flow:
type: string
format: uuid
description: Flow used before authentication.
issuer:
type: string
description: Also known as Entity ID. Defaults the Metadata URL.
sso_url:
type: string
format: uri
minLength: 1
description: URL that the initial Login request is sent to.
maxLength: 200
slo_url:
type: string
format: uri
nullable: true
description: Optional URL if your IDP supports Single-Logout.
maxLength: 200
allow_idp_initiated:
type: boolean
description: Allows authentication flows initiated by the IdP. This can
be a security risk, as no validation of the request ID is done.
name_id_policy:
allOf:
- $ref: '#/components/schemas/NameIdPolicyEnum'
description: |-
NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.
* `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress` - Email
* `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent` - Persistent
* `urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName` - X509
* `urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName` - Windows
* `urn:oasis:names:tc:SAML:2.0:nameid-format:transient` - Transient
binding_type:
$ref: '#/components/schemas/BindingTypeEnum'
verification_kp:
type: string
format: uuid
nullable: true
title: Verification Certificate
description: When selected, incoming assertion's Signatures will be validated
against this certificate. To allow unsigned Requests, leave on default.
signing_kp:
type: string
format: uuid
nullable: true
title: Signing Keypair
description: Keypair used to sign outgoing Responses going to the Identity
Provider.
digest_algorithm:
$ref: '#/components/schemas/DigestAlgorithmEnum'
signature_algorithm:
$ref: '#/components/schemas/SignatureAlgorithmEnum'
temporary_user_delete_after:
type: string
minLength: 1
title: Delete temporary users after
description: 'Time offset when temporary users should be deleted. This only
applies if your IDP uses the NameID Format ''transient'', and the user
doesn''t log out manually. (Format: hours=1;minutes=2;seconds=3).'
PatchedSCIMMappingRequest:
type: object
description: SCIMMapping Serializer
properties:
managed:
type: string
nullable: true
minLength: 1
title: Managed by authentik
description: Objects that are managed by authentik. These objects are created
and updated automatically. This flag only indicates that an object can
be overwritten by migrations. You can still modify the objects via the
API, but expect changes to be overwritten in a later update.
name:
type: string
minLength: 1
expression:
type: string
minLength: 1
PatchedSCIMProviderRequest:
type: object
description: SCIMProvider Serializer
properties:
name:
type: string
minLength: 1
property_mappings:
type: array
items:
type: string
format: uuid
property_mappings_group:
type: array
items:
type: string
format: uuid
description: Property mappings used for group creation/updating.
url:
type: string
minLength: 1
description: Base URL to SCIM requests, usually ends in /v2
token:
type: string
minLength: 1
description: Authentication token
exclude_users_service_account:
type: boolean
filter_group:
type: string
format: uuid
nullable: true
PatchedSMSDeviceRequest:
type: object
description: Serializer for sms authenticator devices
properties:
name:
type: string
minLength: 1
description: The human-readable name of this device.
maxLength: 64
PatchedScopeMappingRequest:
type: object
description: ScopeMapping Serializer
properties:
managed:
type: string
nullable: true
minLength: 1
title: Managed by authentik
description: Objects that are managed by authentik. These objects are created
and updated automatically. This flag only indicates that an object can
be overwritten by migrations. You can still modify the objects via the
API, but expect changes to be overwritten in a later update.
name:
type: string
minLength: 1
expression:
type: string
minLength: 1
scope_name:
type: string
minLength: 1
description: Scope name requested by the client
description:
type: string
description: Description shown to the user when consenting. If left empty,
the user won't be informed.
PatchedStaticDeviceRequest:
type: object
description: Serializer for static authenticator devices
properties:
name:
type: string
minLength: 1
description: The human-readable name of this device.
maxLength: 64
PatchedTOTPDeviceRequest:
type: object
description: Serializer for totp authenticator devices
properties:
name:
type: string
minLength: 1
description: The human-readable name of this device.
maxLength: 64
PatchedTenantRequest:
type: object
description: Tenant Serializer
properties:
domain:
type: string
minLength: 1
description: Domain that activates this tenant. Can be a superset, i.e.
`a.b` for `aa.b` and `ba.b`
default:
type: boolean
branding_title:
type: string
minLength: 1
branding_logo:
type: string
minLength: 1
branding_favicon:
type: string
minLength: 1
flow_authentication:
type: string
format: uuid
nullable: true
flow_invalidation:
type: string
format: uuid
nullable: true
flow_recovery:
type: string
format: uuid
nullable: true
flow_unenrollment:
type: string
format: uuid
nullable: true
flow_user_settings:
type: string
format: uuid
nullable: true
flow_device_code:
type: string
format: uuid
nullable: true
event_retention:
type: string
minLength: 1
description: 'Events will be deleted after this duration.(Format: weeks=3;days=2;hours=3,seconds=2).'
web_certificate:
type: string
format: uuid
nullable: true
description: Web Certificate used by the authentik Core webserver.
attributes: {}
PatchedTokenRequest:
type: object
description: Token Serializer
properties:
managed:
type: string
nullable: true
minLength: 1
title: Managed by authentik
description: Objects that are managed by authentik. These objects are created
and updated automatically. This flag only indicates that an object can
be overwritten by migrations. You can still modify the objects via the
API, but expect changes to be overwritten in a later update.
identifier:
type: string
minLength: 1
maxLength: 255
pattern: ^[-a-zA-Z0-9_]+$
intent:
$ref: '#/components/schemas/IntentEnum'
user:
type: integer
description:
type: string
expires:
type: string
format: date-time
expiring:
type: boolean
PatchedUserDeleteStageRequest:
type: object
description: UserDeleteStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
PatchedUserLoginStageRequest:
type: object
description: UserLoginStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
session_duration:
type: string
minLength: 1
description: 'Determines how long a session lasts. Default of 0 means that
the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)'
terminate_other_sessions:
type: boolean
description: Terminate all other sessions of the user logging in.
remember_me_offset:
type: string
minLength: 1
description: 'Offset the session will be extended by when the user picks
the remember me option. Default of 0 means that the remember me option
will not be shown. (Format: hours=-1;minutes=-2;seconds=-3)'
network_binding:
allOf:
- $ref: '#/components/schemas/NetworkBindingEnum'
description: |-
Bind sessions created by this stage to the configured network
* `no_binding` - No Binding
* `bind_asn` - Bind Asn
* `bind_asn_network` - Bind Asn Network
* `bind_asn_network_ip` - Bind Asn Network Ip
geoip_binding:
allOf:
- $ref: '#/components/schemas/GeoipBindingEnum'
description: |-
Bind sessions created by this stage to the configured GeoIP location
* `no_binding` - No Binding
* `bind_continent` - Bind Continent
* `bind_continent_country` - Bind Continent Country
* `bind_continent_country_city` - Bind Continent Country City
PatchedUserLogoutStageRequest:
type: object
description: UserLogoutStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
PatchedUserOAuthSourceConnectionRequest:
type: object
description: OAuth Source Serializer
properties:
user:
type: integer
identifier:
type: string
minLength: 1
maxLength: 255
access_token:
type: string
writeOnly: true
nullable: true
PatchedUserRequest:
type: object
description: User Serializer
properties:
username:
type: string
minLength: 1
maxLength: 150
name:
type: string
description: User's display name.
is_active:
type: boolean
title: Active
description: Designates whether this user should be treated as active. Unselect
this instead of deleting accounts.
last_login:
type: string
format: date-time
nullable: true
groups:
type: array
items:
type: string
format: uuid
email:
type: string
format: email
title: Email address
maxLength: 254
attributes:
type: object
additionalProperties: {}
path:
type: string
minLength: 1
type:
$ref: '#/components/schemas/UserTypeEnum'
PatchedUserSAMLSourceConnectionRequest:
type: object
description: SAML Source Serializer
properties:
user:
type: integer
identifier:
type: string
minLength: 1
PatchedUserWriteStageRequest:
type: object
description: UserWriteStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
user_creation_mode:
$ref: '#/components/schemas/UserCreationModeEnum'
create_users_as_inactive:
type: boolean
description: When set, newly created users are inactive and cannot login.
create_users_group:
type: string
format: uuid
nullable: true
description: Optionally add newly created users to this group.
user_type:
$ref: '#/components/schemas/UserTypeEnum'
user_path_template:
type: string
PatchedWebAuthnDeviceRequest:
type: object
description: Serializer for WebAuthn authenticator devices
properties:
name:
type: string
minLength: 1
maxLength: 200
Permission:
type: object
description: Global permission
properties:
id:
type: integer
readOnly: true
name:
type: string
maxLength: 255
codename:
type: string
maxLength: 100
model:
type: string
title: Python model class name
readOnly: true
app_label:
type: string
readOnly: true
app_label_verbose:
type: string
description: Human-readable app label
readOnly: true
model_verbose:
type: string
description: Human-readable model name
readOnly: true
required:
- app_label
- app_label_verbose
- codename
- id
- model
- model_verbose
- name
PermissionAssignRequest:
type: object
description: Request to assign a new permission
properties:
permissions:
type: array
items:
type: string
minLength: 1
model:
$ref: '#/components/schemas/ModelEnum'
object_pk:
type: string
minLength: 1
required:
- permissions
PlexAuthenticationChallenge:
type: object
description: Challenge shown to the user in identification stage
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: ak-source-plex
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
client_id:
type: string
slug:
type: string
required:
- client_id
- slug
- type
PlexAuthenticationChallengeResponseRequest:
type: object
description: Pseudo class for plex response
properties:
component:
type: string
minLength: 1
default: ak-source-plex
PlexSource:
type: object
description: Plex Source Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Pbm uuid
name:
type: string
description: Source's display Name.
slug:
type: string
description: Internal source name, used in URLs.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
enabled:
type: boolean
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow to use when authenticating existing users.
enrollment_flow:
type: string
format: uuid
nullable: true
description: Flow to use when enrolling new users.
component:
type: string
description: Get object component so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
user_matching_mode:
allOf:
- $ref: '#/components/schemas/UserMatchingModeEnum'
description: |-
How the source determines if an existing user should be authenticated or a new user enrolled.
* `identifier` - Use the source-specific identifier
* `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses.
* `email_deny` - Use the user's email address, but deny enrollment when the email address already exists.
* `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source.
* `username_deny` - Use the user's username, but deny enrollment when the username already exists.
managed:
type: string
nullable: true
title: Managed by authentik
description: Objects that are managed by authentik. These objects are created
and updated automatically. This flag only indicates that an object can
be overwritten by migrations. You can still modify the objects via the
API, but expect changes to be overwritten in a later update.
readOnly: true
user_path_template:
type: string
icon:
type: string
nullable: true
description: |-
Get the URL to the Icon. If the name is /static or
starts with http it is returned as-is
readOnly: true
client_id:
type: string
description: Client identifier used to talk to Plex.
allowed_servers:
type: array
items:
type: string
description: Which servers a user has to be a member of to be granted access.
Empty list allows every server.
allow_friends:
type: boolean
description: Allow friends to authenticate, even if you don't share a server.
plex_token:
type: string
description: Plex token used to check friends
required:
- component
- icon
- managed
- meta_model_name
- name
- pk
- plex_token
- slug
- verbose_name
- verbose_name_plural
PlexSourceConnection:
type: object
description: Plex Source connection Serializer
properties:
pk:
type: integer
readOnly: true
title: ID
user:
type: integer
readOnly: true
source:
allOf:
- $ref: '#/components/schemas/Source'
readOnly: true
identifier:
type: string
plex_token:
type: string
required:
- identifier
- pk
- plex_token
- source
- user
PlexSourceConnectionRequest:
type: object
description: Plex Source connection Serializer
properties:
identifier:
type: string
minLength: 1
plex_token:
type: string
minLength: 1
required:
- identifier
- plex_token
PlexSourceRequest:
type: object
description: Plex Source Serializer
properties:
name:
type: string
minLength: 1
description: Source's display Name.
slug:
type: string
minLength: 1
description: Internal source name, used in URLs.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
enabled:
type: boolean
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow to use when authenticating existing users.
enrollment_flow:
type: string
format: uuid
nullable: true
description: Flow to use when enrolling new users.
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
user_matching_mode:
allOf:
- $ref: '#/components/schemas/UserMatchingModeEnum'
description: |-
How the source determines if an existing user should be authenticated or a new user enrolled.
* `identifier` - Use the source-specific identifier
* `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses.
* `email_deny` - Use the user's email address, but deny enrollment when the email address already exists.
* `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source.
* `username_deny` - Use the user's username, but deny enrollment when the username already exists.
user_path_template:
type: string
minLength: 1
client_id:
type: string
minLength: 1
description: Client identifier used to talk to Plex.
allowed_servers:
type: array
items:
type: string
minLength: 1
description: Which servers a user has to be a member of to be granted access.
Empty list allows every server.
allow_friends:
type: boolean
description: Allow friends to authenticate, even if you don't share a server.
plex_token:
type: string
minLength: 1
description: Plex token used to check friends
required:
- name
- plex_token
- slug
PlexTokenRedeemRequest:
type: object
description: Serializer to redeem a plex token
properties:
plex_token:
type: string
minLength: 1
required:
- plex_token
Policy:
type: object
description: Policy Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Policy uuid
name:
type: string
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
component:
type: string
description: Get object component so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
bound_to:
type: integer
description: Return objects policy is bound to
readOnly: true
required:
- bound_to
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
PolicyBinding:
type: object
description: PolicyBinding Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Policy binding uuid
policy:
type: string
format: uuid
nullable: true
group:
type: string
format: uuid
nullable: true
user:
type: integer
nullable: true
policy_obj:
allOf:
- $ref: '#/components/schemas/Policy'
readOnly: true
group_obj:
allOf:
- $ref: '#/components/schemas/Group'
readOnly: true
user_obj:
allOf:
- $ref: '#/components/schemas/User'
readOnly: true
target:
type: string
format: uuid
negate:
type: boolean
description: Negates the outcome of the policy. Messages are unaffected.
enabled:
type: boolean
order:
type: integer
maximum: 2147483647
minimum: -2147483648
timeout:
type: integer
maximum: 2147483647
minimum: 0
description: Timeout after which Policy execution is terminated.
failure_result:
type: boolean
description: Result if the Policy execution fails.
required:
- group_obj
- order
- pk
- policy_obj
- target
- user_obj
PolicyBindingRequest:
type: object
description: PolicyBinding Serializer
properties:
policy:
type: string
format: uuid
nullable: true
group:
type: string
format: uuid
nullable: true
user:
type: integer
nullable: true
target:
type: string
format: uuid
negate:
type: boolean
description: Negates the outcome of the policy. Messages are unaffected.
enabled:
type: boolean
order:
type: integer
maximum: 2147483647
minimum: -2147483648
timeout:
type: integer
maximum: 2147483647
minimum: 0
description: Timeout after which Policy execution is terminated.
failure_result:
type: boolean
description: Result if the Policy execution fails.
required:
- order
- target
PolicyEngineMode:
enum:
- all
- any
type: string
description: |-
* `all` - all, all policies must pass
* `any` - any, any policy must pass
PolicyRequest:
type: object
description: Policy Serializer
properties:
name:
type: string
minLength: 1
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
required:
- name
PolicyTestRequest:
type: object
description: Test policy execution for a user with context
properties:
user:
type: integer
context:
type: object
additionalProperties: {}
required:
- user
PolicyTestResult:
type: object
description: result of a policy test
properties:
passing:
type: boolean
messages:
type: array
items:
type: string
readOnly: true
log_messages:
type: array
items:
type: object
additionalProperties: {}
readOnly: true
required:
- log_messages
- messages
- passing
Prompt:
type: object
description: Prompt Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Prompt uuid
name:
type: string
field_key:
type: string
description: Name of the form field, also used to store the value
label:
type: string
type:
$ref: '#/components/schemas/PromptTypeEnum'
required:
type: boolean
placeholder:
type: string
description: Optionally provide a short hint that describes the expected
input value. When creating a fixed choice field, enable interpreting as
expression and return a list to return multiple choices.
initial_value:
type: string
description: Optionally pre-fill the input with an initial value. When creating
a fixed choice field, enable interpreting as expression and return a list
to return multiple default choices.
order:
type: integer
maximum: 2147483647
minimum: -2147483648
promptstage_set:
type: array
items:
$ref: '#/components/schemas/Stage'
sub_text:
type: string
placeholder_expression:
type: boolean
initial_value_expression:
type: boolean
required:
- field_key
- label
- name
- pk
- type
PromptChallenge:
type: object
description: Initial challenge being sent, define fields
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: ak-stage-prompt
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
fields:
type: array
items:
$ref: '#/components/schemas/StagePrompt'
required:
- fields
- type
PromptChallengeResponseRequest:
type: object
description: |-
Validate response, fields are dynamically created based
on the stage
properties:
component:
type: string
minLength: 1
default: ak-stage-prompt
additionalProperties: {}
PromptRequest:
type: object
description: Prompt Serializer
properties:
name:
type: string
minLength: 1
field_key:
type: string
minLength: 1
description: Name of the form field, also used to store the value
label:
type: string
minLength: 1
type:
$ref: '#/components/schemas/PromptTypeEnum'
required:
type: boolean
placeholder:
type: string
description: Optionally provide a short hint that describes the expected
input value. When creating a fixed choice field, enable interpreting as
expression and return a list to return multiple choices.
initial_value:
type: string
description: Optionally pre-fill the input with an initial value. When creating
a fixed choice field, enable interpreting as expression and return a list
to return multiple default choices.
order:
type: integer
maximum: 2147483647
minimum: -2147483648
promptstage_set:
type: array
items:
$ref: '#/components/schemas/StageRequest'
sub_text:
type: string
placeholder_expression:
type: boolean
initial_value_expression:
type: boolean
required:
- field_key
- label
- name
- type
PromptStage:
type: object
description: PromptStage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
description: Get object type so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSet'
fields:
type: array
items:
type: string
format: uuid
validation_policies:
type: array
items:
type: string
format: uuid
required:
- component
- fields
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
PromptStageRequest:
type: object
description: PromptStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
fields:
type: array
items:
type: string
format: uuid
validation_policies:
type: array
items:
type: string
format: uuid
required:
- fields
- name
PromptTypeEnum:
enum:
- text
- text_area
- text_read_only
- text_area_read_only
- username
- email
- password
- number
- checkbox
- radio-button-group
- dropdown
- date
- date-time
- file
- separator
- hidden
- static
- ak-locale
type: string
description: |-
* `text` - Text: Simple Text input
* `text_area` - Text area: Multiline Text Input.
* `text_read_only` - Text (read-only): Simple Text input, but cannot be edited.
* `text_area_read_only` - Text area (read-only): Multiline Text input, but cannot be edited.
* `username` - Username: Same as Text input, but checks for and prevents duplicate usernames.
* `email` - Email: Text field with Email type.
* `password` - Password: Masked input, multiple inputs of this type on the same prompt need to be identical.
* `number` - Number
* `checkbox` - Checkbox
* `radio-button-group` - Fixed choice field rendered as a group of radio buttons.
* `dropdown` - Fixed choice field rendered as a dropdown.
* `date` - Date
* `date-time` - Date Time
* `file` - File: File upload for arbitrary files. File content will be available in flow context as data-URI
* `separator` - Separator: Static Separator Line
* `hidden` - Hidden: Hidden field, can be used to insert data into form.
* `static` - Static: Static value, displayed as-is.
* `ak-locale` - authentik: Selection of locales authentik supports
PropertyMapping:
type: object
description: PropertyMapping Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Pm uuid
managed:
type: string
nullable: true
title: Managed by authentik
description: Objects that are managed by authentik. These objects are created
and updated automatically. This flag only indicates that an object can
be overwritten by migrations. You can still modify the objects via the
API, but expect changes to be overwritten in a later update.
name:
type: string
expression:
type: string
component:
type: string
description: Get object's component so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
required:
- component
- expression
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
PropertyMappingPreview:
type: object
description: Preview how the current user is mapped via the property mappings
selected in a provider
properties:
preview:
type: object
additionalProperties: {}
readOnly: true
required:
- preview
PropertyMappingTestResult:
type: object
description: Result of a Property-mapping test
properties:
result:
type: string
readOnly: true
successful:
type: boolean
readOnly: true
required:
- result
- successful
ProtocolEnum:
enum:
- rdp
- vnc
- ssh
type: string
description: |-
* `rdp` - Rdp
* `vnc` - Vnc
* `ssh` - Ssh
Provider:
type: object
description: Provider Serializer
properties:
pk:
type: integer
readOnly: true
title: ID
name:
type: string
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow used for authentication when the associated application
is accessed by an un-authenticated user.
authorization_flow:
type: string
format: uuid
description: Flow used when authorizing this provider.
property_mappings:
type: array
items:
type: string
format: uuid
component:
type: string
description: Get object component so that we know how to edit the object
readOnly: true
assigned_application_slug:
type: string
description: Internal application name, used in URLs.
readOnly: true
assigned_application_name:
type: string
description: Application's display Name.
readOnly: true
assigned_backchannel_application_slug:
type: string
description: Internal application name, used in URLs.
readOnly: true
assigned_backchannel_application_name:
type: string
description: Application's display Name.
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
required:
- assigned_application_name
- assigned_application_slug
- assigned_backchannel_application_name
- assigned_backchannel_application_slug
- authorization_flow
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
ProviderEnum:
enum:
- twilio
- generic
type: string
description: |-
* `twilio` - Twilio
* `generic` - Generic
ProviderModelEnum:
enum:
- authentik_providers_ldap.ldapprovider
- authentik_providers_oauth2.oauth2provider
- authentik_providers_proxy.proxyprovider
- authentik_providers_rac.racprovider
- authentik_providers_radius.radiusprovider
- authentik_providers_saml.samlprovider
- authentik_providers_scim.scimprovider
type: string
description: |-
* `authentik_providers_ldap.ldapprovider` - authentik_providers_ldap.ldapprovider
* `authentik_providers_oauth2.oauth2provider` - authentik_providers_oauth2.oauth2provider
* `authentik_providers_proxy.proxyprovider` - authentik_providers_proxy.proxyprovider
* `authentik_providers_rac.racprovider` - authentik_providers_rac.racprovider
* `authentik_providers_radius.radiusprovider` - authentik_providers_radius.radiusprovider
* `authentik_providers_saml.samlprovider` - authentik_providers_saml.samlprovider
* `authentik_providers_scim.scimprovider` - authentik_providers_scim.scimprovider
ProviderRequest:
type: object
description: Provider Serializer
properties:
name:
type: string
minLength: 1
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow used for authentication when the associated application
is accessed by an un-authenticated user.
authorization_flow:
type: string
format: uuid
description: Flow used when authorizing this provider.
property_mappings:
type: array
items:
type: string
format: uuid
required:
- authorization_flow
- name
ProviderTypeEnum:
enum:
- apple
- openidconnect
- azuread
- discord
- facebook
- github
- google
- mailcow
- okta
- patreon
- reddit
- twitch
- twitter
type: string
description: |-
* `apple` - Apple
* `openidconnect` - OpenID Connect
* `azuread` - Azure AD
* `discord` - Discord
* `facebook` - Facebook
* `github` - GitHub
* `google` - Google
* `mailcow` - Mailcow
* `okta` - Okta
* `patreon` - Patreon
* `reddit` - Reddit
* `twitch` - Twitch
* `twitter` - Twitter
ProxyMode:
enum:
- proxy
- forward_single
- forward_domain
type: string
description: |-
* `proxy` - Proxy
* `forward_single` - Forward Single
* `forward_domain` - Forward Domain
ProxyOutpostConfig:
type: object
description: Proxy provider serializer for outposts
properties:
pk:
type: integer
readOnly: true
title: ID
name:
type: string
internal_host:
type: string
format: uri
external_host:
type: string
format: uri
internal_host_ssl_validation:
type: boolean
description: Validate SSL Certificates of upstream servers
client_id:
type: string
maxLength: 255
client_secret:
type: string
maxLength: 255
oidc_configuration:
allOf:
- $ref: '#/components/schemas/OpenIDConnectConfiguration'
readOnly: true
cookie_secret:
type: string
certificate:
type: string
format: uuid
nullable: true
skip_path_regex:
type: string
description: Regular expressions for which authentication is not required.
Each new line is interpreted as a new Regular Expression.
basic_auth_enabled:
type: boolean
title: Set HTTP-Basic Authentication
description: Set a custom HTTP-Basic Authentication header based on values
from authentik.
basic_auth_password_attribute:
type: string
title: HTTP-Basic Password Key
description: User/Group Attribute used for the password part of the HTTP-Basic
Header.
basic_auth_user_attribute:
type: string
title: HTTP-Basic Username Key
description: User/Group Attribute used for the user part of the HTTP-Basic
Header. If not set, the user's Email address is used.
mode:
allOf:
- $ref: '#/components/schemas/ProxyMode'
description: |-
Enable support for forwardAuth in traefik and nginx auth_request. Exclusive with internal_host.
* `proxy` - Proxy
* `forward_single` - Forward Single
* `forward_domain` - Forward Domain
cookie_domain:
type: string
access_token_validity:
type: number
format: double
nullable: true
description: Get token validity as second count
readOnly: true
intercept_header_auth:
type: boolean
description: When enabled, this provider will intercept the authorization
header and authenticate requests based on its value.
scopes_to_request:
type: array
items:
type: string
description: |-
Get all the scope names the outpost should request,
including custom-defined ones
readOnly: true
assigned_application_slug:
type: string
description: Internal application name, used in URLs.
readOnly: true
assigned_application_name:
type: string
description: Application's display Name.
readOnly: true
required:
- access_token_validity
- assigned_application_name
- assigned_application_slug
- external_host
- name
- oidc_configuration
- pk
- scopes_to_request
ProxyProvider:
type: object
description: ProxyProvider Serializer
properties:
pk:
type: integer
readOnly: true
title: ID
name:
type: string
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow used for authentication when the associated application
is accessed by an un-authenticated user.
authorization_flow:
type: string
format: uuid
description: Flow used when authorizing this provider.
property_mappings:
type: array
items:
type: string
format: uuid
component:
type: string
description: Get object component so that we know how to edit the object
readOnly: true
assigned_application_slug:
type: string
description: Internal application name, used in URLs.
readOnly: true
assigned_application_name:
type: string
description: Application's display Name.
readOnly: true
assigned_backchannel_application_slug:
type: string
description: Internal application name, used in URLs.
readOnly: true
assigned_backchannel_application_name:
type: string
description: Application's display Name.
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
client_id:
type: string
readOnly: true
internal_host:
type: string
format: uri
external_host:
type: string
format: uri
internal_host_ssl_validation:
type: boolean
description: Validate SSL Certificates of upstream servers
certificate:
type: string
format: uuid
nullable: true
skip_path_regex:
type: string
description: Regular expressions for which authentication is not required.
Each new line is interpreted as a new Regular Expression.
basic_auth_enabled:
type: boolean
title: Set HTTP-Basic Authentication
description: Set a custom HTTP-Basic Authentication header based on values
from authentik.
basic_auth_password_attribute:
type: string
title: HTTP-Basic Password Key
description: User/Group Attribute used for the password part of the HTTP-Basic
Header.
basic_auth_user_attribute:
type: string
title: HTTP-Basic Username Key
description: User/Group Attribute used for the user part of the HTTP-Basic
Header. If not set, the user's Email address is used.
mode:
allOf:
- $ref: '#/components/schemas/ProxyMode'
description: |-
Enable support for forwardAuth in traefik and nginx auth_request. Exclusive with internal_host.
* `proxy` - Proxy
* `forward_single` - Forward Single
* `forward_domain` - Forward Domain
intercept_header_auth:
type: boolean
description: When enabled, this provider will intercept the authorization
header and authenticate requests based on its value.
redirect_uris:
type: string
readOnly: true
cookie_domain:
type: string
jwks_sources:
type: array
items:
type: string
format: uuid
title: Any JWT signed by the JWK of the selected source can be used to
authenticate.
title: Any JWT signed by the JWK of the selected source can be used to authenticate.
access_token_validity:
type: string
description: 'Tokens not valid on or after current time + this value (Format:
hours=1;minutes=2;seconds=3).'
refresh_token_validity:
type: string
description: 'Tokens not valid on or after current time + this value (Format:
hours=1;minutes=2;seconds=3).'
outpost_set:
type: array
items:
type: string
readOnly: true
required:
- assigned_application_name
- assigned_application_slug
- assigned_backchannel_application_name
- assigned_backchannel_application_slug
- authorization_flow
- client_id
- component
- external_host
- meta_model_name
- name
- outpost_set
- pk
- redirect_uris
- verbose_name
- verbose_name_plural
ProxyProviderRequest:
type: object
description: ProxyProvider Serializer
properties:
name:
type: string
minLength: 1
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow used for authentication when the associated application
is accessed by an un-authenticated user.
authorization_flow:
type: string
format: uuid
description: Flow used when authorizing this provider.
property_mappings:
type: array
items:
type: string
format: uuid
internal_host:
type: string
format: uri
external_host:
type: string
minLength: 1
format: uri
internal_host_ssl_validation:
type: boolean
description: Validate SSL Certificates of upstream servers
certificate:
type: string
format: uuid
nullable: true
skip_path_regex:
type: string
description: Regular expressions for which authentication is not required.
Each new line is interpreted as a new Regular Expression.
basic_auth_enabled:
type: boolean
title: Set HTTP-Basic Authentication
description: Set a custom HTTP-Basic Authentication header based on values
from authentik.
basic_auth_password_attribute:
type: string
title: HTTP-Basic Password Key
description: User/Group Attribute used for the password part of the HTTP-Basic
Header.
basic_auth_user_attribute:
type: string
title: HTTP-Basic Username Key
description: User/Group Attribute used for the user part of the HTTP-Basic
Header. If not set, the user's Email address is used.
mode:
allOf:
- $ref: '#/components/schemas/ProxyMode'
description: |-
Enable support for forwardAuth in traefik and nginx auth_request. Exclusive with internal_host.
* `proxy` - Proxy
* `forward_single` - Forward Single
* `forward_domain` - Forward Domain
intercept_header_auth:
type: boolean
description: When enabled, this provider will intercept the authorization
header and authenticate requests based on its value.
cookie_domain:
type: string
jwks_sources:
type: array
items:
type: string
format: uuid
title: Any JWT signed by the JWK of the selected source can be used to
authenticate.
title: Any JWT signed by the JWK of the selected source can be used to authenticate.
access_token_validity:
type: string
minLength: 1
description: 'Tokens not valid on or after current time + this value (Format:
hours=1;minutes=2;seconds=3).'
refresh_token_validity:
type: string
minLength: 1
description: 'Tokens not valid on or after current time + this value (Format:
hours=1;minutes=2;seconds=3).'
required:
- authorization_flow
- external_host
- name
RACPropertyMapping:
type: object
description: RACPropertyMapping Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Pm uuid
managed:
type: string
nullable: true
title: Managed by authentik
description: Objects that are managed by authentik. These objects are created
and updated automatically. This flag only indicates that an object can
be overwritten by migrations. You can still modify the objects via the
API, but expect changes to be overwritten in a later update.
name:
type: string
expression:
type: string
component:
type: string
description: Get object's component so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
static_settings:
type: object
additionalProperties: {}
required:
- component
- meta_model_name
- name
- pk
- static_settings
- verbose_name
- verbose_name_plural
RACPropertyMappingRequest:
type: object
description: RACPropertyMapping Serializer
properties:
managed:
type: string
nullable: true
minLength: 1
title: Managed by authentik
description: Objects that are managed by authentik. These objects are created
and updated automatically. This flag only indicates that an object can
be overwritten by migrations. You can still modify the objects via the
API, but expect changes to be overwritten in a later update.
name:
type: string
minLength: 1
expression:
type: string
static_settings:
type: object
additionalProperties: {}
required:
- name
- static_settings
RACProvider:
type: object
description: RACProvider Serializer
properties:
pk:
type: integer
readOnly: true
title: ID
name:
type: string
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow used for authentication when the associated application
is accessed by an un-authenticated user.
authorization_flow:
type: string
format: uuid
description: Flow used when authorizing this provider.
property_mappings:
type: array
items:
type: string
format: uuid
component:
type: string
description: Get object component so that we know how to edit the object
readOnly: true
assigned_application_slug:
type: string
description: Internal application name, used in URLs.
readOnly: true
assigned_application_name:
type: string
description: Application's display Name.
readOnly: true
assigned_backchannel_application_slug:
type: string
description: Internal application name, used in URLs.
readOnly: true
assigned_backchannel_application_name:
type: string
description: Application's display Name.
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
settings: {}
outpost_set:
type: array
items:
type: string
readOnly: true
connection_expiry:
type: string
description: 'Determines how long a session lasts. Default of 0 means that
the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)'
required:
- assigned_application_name
- assigned_application_slug
- assigned_backchannel_application_name
- assigned_backchannel_application_slug
- authorization_flow
- component
- meta_model_name
- name
- outpost_set
- pk
- verbose_name
- verbose_name_plural
RACProviderRequest:
type: object
description: RACProvider Serializer
properties:
name:
type: string
minLength: 1
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow used for authentication when the associated application
is accessed by an un-authenticated user.
authorization_flow:
type: string
format: uuid
description: Flow used when authorizing this provider.
property_mappings:
type: array
items:
type: string
format: uuid
settings: {}
connection_expiry:
type: string
minLength: 1
description: 'Determines how long a session lasts. Default of 0 means that
the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)'
required:
- authorization_flow
- name
RadiusOutpostConfig:
type: object
description: RadiusProvider Serializer
properties:
pk:
type: integer
readOnly: true
title: ID
name:
type: string
application_slug:
type: string
auth_flow_slug:
type: string
client_networks:
type: string
description: List of CIDRs (comma-separated) that clients can connect from.
A more specific CIDR will match before a looser one. Clients connecting
from a non-specified CIDR will be dropped.
shared_secret:
type: string
description: Shared secret between clients and server to hash packets.
mfa_support:
type: boolean
description: When enabled, code-based multi-factor authentication can be
used by appending a semicolon and the TOTP code to the password. This
should only be enabled if all users that will bind to this provider have
a TOTP device configured, as otherwise a password may incorrectly be rejected
if it contains a semicolon.
required:
- application_slug
- auth_flow_slug
- name
- pk
RadiusProvider:
type: object
description: RadiusProvider Serializer
properties:
pk:
type: integer
readOnly: true
title: ID
name:
type: string
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow used for authentication when the associated application
is accessed by an un-authenticated user.
authorization_flow:
type: string
format: uuid
description: Flow used when authorizing this provider.
property_mappings:
type: array
items:
type: string
format: uuid
component:
type: string
description: Get object component so that we know how to edit the object
readOnly: true
assigned_application_slug:
type: string
description: Internal application name, used in URLs.
readOnly: true
assigned_application_name:
type: string
description: Application's display Name.
readOnly: true
assigned_backchannel_application_slug:
type: string
description: Internal application name, used in URLs.
readOnly: true
assigned_backchannel_application_name:
type: string
description: Application's display Name.
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
client_networks:
type: string
description: List of CIDRs (comma-separated) that clients can connect from.
A more specific CIDR will match before a looser one. Clients connecting
from a non-specified CIDR will be dropped.
shared_secret:
type: string
description: Shared secret between clients and server to hash packets.
outpost_set:
type: array
items:
type: string
readOnly: true
mfa_support:
type: boolean
description: When enabled, code-based multi-factor authentication can be
used by appending a semicolon and the TOTP code to the password. This
should only be enabled if all users that will bind to this provider have
a TOTP device configured, as otherwise a password may incorrectly be rejected
if it contains a semicolon.
required:
- assigned_application_name
- assigned_application_slug
- assigned_backchannel_application_name
- assigned_backchannel_application_slug
- authorization_flow
- component
- meta_model_name
- name
- outpost_set
- pk
- verbose_name
- verbose_name_plural
RadiusProviderRequest:
type: object
description: RadiusProvider Serializer
properties:
name:
type: string
minLength: 1
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow used for authentication when the associated application
is accessed by an un-authenticated user.
authorization_flow:
type: string
format: uuid
description: Flow used when authorizing this provider.
property_mappings:
type: array
items:
type: string
format: uuid
client_networks:
type: string
minLength: 1
description: List of CIDRs (comma-separated) that clients can connect from.
A more specific CIDR will match before a looser one. Clients connecting
from a non-specified CIDR will be dropped.
shared_secret:
type: string
minLength: 1
description: Shared secret between clients and server to hash packets.
mfa_support:
type: boolean
description: When enabled, code-based multi-factor authentication can be
used by appending a semicolon and the TOTP code to the password. This
should only be enabled if all users that will bind to this provider have
a TOTP device configured, as otherwise a password may incorrectly be rejected
if it contains a semicolon.
required:
- authorization_flow
- name
RedirectChallenge:
type: object
description: Challenge type to redirect the client
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: xak-flow-redirect
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
to:
type: string
required:
- to
- type
Reputation:
type: object
description: Reputation Serializer
properties:
pk:
type: string
format: uuid
title: Reputation uuid
identifier:
type: string
ip:
type: string
ip_geo_data: {}
ip_asn_data: {}
score:
type: integer
maximum: 9223372036854775807
minimum: -9223372036854775808
format: int64
updated:
type: string
format: date-time
readOnly: true
required:
- identifier
- ip
- updated
ReputationPolicy:
type: object
description: Reputation Policy Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Policy uuid
name:
type: string
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
component:
type: string
description: Get object component so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
bound_to:
type: integer
description: Return objects policy is bound to
readOnly: true
check_ip:
type: boolean
check_username:
type: boolean
threshold:
type: integer
maximum: 2147483647
minimum: -2147483648
required:
- bound_to
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
ReputationPolicyRequest:
type: object
description: Reputation Policy Serializer
properties:
name:
type: string
minLength: 1
execution_logging:
type: boolean
description: When this option is enabled, all executions of this policy
will be logged. By default, only execution errors are logged.
check_ip:
type: boolean
check_username:
type: boolean
threshold:
type: integer
maximum: 2147483647
minimum: -2147483648
required:
- name
ResidentKeyRequirementEnum:
enum:
- discouraged
- preferred
- required
type: string
description: |-
* `discouraged` - Discouraged
* `preferred` - Preferred
* `required` - Required
Role:
type: object
description: Role serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Uuid
name:
type: string
maxLength: 150
required:
- name
- pk
RoleAssignedObjectPermission:
type: object
description: Roles assigned object permission serializer
properties:
role_pk:
type: string
readOnly: true
name:
type: string
readOnly: true
permissions:
type: array
items:
$ref: '#/components/schemas/RoleObjectPermission'
required:
- name
- permissions
- role_pk
RoleObjectPermission:
type: object
description: Role-bound object level permission
properties:
id:
type: integer
readOnly: true
codename:
type: string
readOnly: true
model:
type: string
title: Python model class name
readOnly: true
app_label:
type: string
readOnly: true
object_pk:
type: string
title: Object ID
readOnly: true
name:
type: string
readOnly: true
required:
- app_label
- codename
- id
- model
- name
- object_pk
RoleRequest:
type: object
description: Role serializer
properties:
name:
type: string
minLength: 1
maxLength: 150
required:
- name
SAMLMetadata:
type: object
description: SAML Provider Metadata serializer
properties:
metadata:
type: string
readOnly: true
download_url:
type: string
readOnly: true
required:
- download_url
- metadata
SAMLPropertyMapping:
type: object
description: SAMLPropertyMapping Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Pm uuid
managed:
type: string
nullable: true
title: Managed by authentik
description: Objects that are managed by authentik. These objects are created
and updated automatically. This flag only indicates that an object can
be overwritten by migrations. You can still modify the objects via the
API, but expect changes to be overwritten in a later update.
name:
type: string
expression:
type: string
component:
type: string
description: Get object's component so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
saml_name:
type: string
friendly_name:
type: string
nullable: true
required:
- component
- expression
- meta_model_name
- name
- pk
- saml_name
- verbose_name
- verbose_name_plural
SAMLPropertyMappingRequest:
type: object
description: SAMLPropertyMapping Serializer
properties:
managed:
type: string
nullable: true
minLength: 1
title: Managed by authentik
description: Objects that are managed by authentik. These objects are created
and updated automatically. This flag only indicates that an object can
be overwritten by migrations. You can still modify the objects via the
API, but expect changes to be overwritten in a later update.
name:
type: string
minLength: 1
expression:
type: string
minLength: 1
saml_name:
type: string
minLength: 1
friendly_name:
type: string
nullable: true
required:
- expression
- name
- saml_name
SAMLProvider:
type: object
description: SAMLProvider Serializer
properties:
pk:
type: integer
readOnly: true
title: ID
name:
type: string
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow used for authentication when the associated application
is accessed by an un-authenticated user.
authorization_flow:
type: string
format: uuid
description: Flow used when authorizing this provider.
property_mappings:
type: array
items:
type: string
format: uuid
component:
type: string
description: Get object component so that we know how to edit the object
readOnly: true
assigned_application_slug:
type: string
description: Internal application name, used in URLs.
readOnly: true
assigned_application_name:
type: string
description: Application's display Name.
readOnly: true
assigned_backchannel_application_slug:
type: string
description: Internal application name, used in URLs.
readOnly: true
assigned_backchannel_application_name:
type: string
description: Application's display Name.
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
acs_url:
type: string
format: uri
maxLength: 200
audience:
type: string
description: Value of the audience restriction field of the assertion. When
left empty, no audience restriction will be added.
issuer:
type: string
description: Also known as EntityID
assertion_valid_not_before:
type: string
description: 'Assertion valid not before current time + this value (Format:
hours=-1;minutes=-2;seconds=-3).'
assertion_valid_not_on_or_after:
type: string
description: 'Assertion not valid on or after current time + this value
(Format: hours=1;minutes=2;seconds=3).'
session_valid_not_on_or_after:
type: string
description: 'Session not valid on or after current time + this value (Format:
hours=1;minutes=2;seconds=3).'
name_id_mapping:
type: string
format: uuid
nullable: true
title: NameID Property Mapping
description: Configure how the NameID value will be created. When left empty,
the NameIDPolicy of the incoming request will be considered
digest_algorithm:
$ref: '#/components/schemas/DigestAlgorithmEnum'
signature_algorithm:
$ref: '#/components/schemas/SignatureAlgorithmEnum'
signing_kp:
type: string
format: uuid
nullable: true
title: Signing Keypair
description: Keypair used to sign outgoing Responses going to the Service
Provider.
verification_kp:
type: string
format: uuid
nullable: true
title: Verification Certificate
description: When selected, incoming assertion's Signatures will be validated
against this certificate. To allow unsigned Requests, leave on default.
sp_binding:
allOf:
- $ref: '#/components/schemas/SpBindingEnum'
title: Service Provider Binding
description: |-
This determines how authentik sends the response back to the Service Provider.
* `redirect` - Redirect
* `post` - Post
default_relay_state:
type: string
description: Default relay_state value for IDP-initiated logins
url_download_metadata:
type: string
description: Get metadata download URL
readOnly: true
url_sso_post:
type: string
description: Get SSO Post URL
readOnly: true
url_sso_redirect:
type: string
description: Get SSO Redirect URL
readOnly: true
url_sso_init:
type: string
description: Get SSO IDP-Initiated URL
readOnly: true
url_slo_post:
type: string
description: Get SLO POST URL
readOnly: true
url_slo_redirect:
type: string
description: Get SLO redirect URL
readOnly: true
required:
- acs_url
- assigned_application_name
- assigned_application_slug
- assigned_backchannel_application_name
- assigned_backchannel_application_slug
- authorization_flow
- component
- meta_model_name
- name
- pk
- url_download_metadata
- url_slo_post
- url_slo_redirect
- url_sso_init
- url_sso_post
- url_sso_redirect
- verbose_name
- verbose_name_plural
SAMLProviderImportRequest:
type: object
description: Import saml provider from XML Metadata
properties:
name:
type: string
minLength: 1
authorization_flow:
type: string
format: uuid
file:
type: string
format: binary
required:
- authorization_flow
- file
- name
SAMLProviderRequest:
type: object
description: SAMLProvider Serializer
properties:
name:
type: string
minLength: 1
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow used for authentication when the associated application
is accessed by an un-authenticated user.
authorization_flow:
type: string
format: uuid
description: Flow used when authorizing this provider.
property_mappings:
type: array
items:
type: string
format: uuid
acs_url:
type: string
format: uri
minLength: 1
maxLength: 200
audience:
type: string
description: Value of the audience restriction field of the assertion. When
left empty, no audience restriction will be added.
issuer:
type: string
minLength: 1
description: Also known as EntityID
assertion_valid_not_before:
type: string
minLength: 1
description: 'Assertion valid not before current time + this value (Format:
hours=-1;minutes=-2;seconds=-3).'
assertion_valid_not_on_or_after:
type: string
minLength: 1
description: 'Assertion not valid on or after current time + this value
(Format: hours=1;minutes=2;seconds=3).'
session_valid_not_on_or_after:
type: string
minLength: 1
description: 'Session not valid on or after current time + this value (Format:
hours=1;minutes=2;seconds=3).'
name_id_mapping:
type: string
format: uuid
nullable: true
title: NameID Property Mapping
description: Configure how the NameID value will be created. When left empty,
the NameIDPolicy of the incoming request will be considered
digest_algorithm:
$ref: '#/components/schemas/DigestAlgorithmEnum'
signature_algorithm:
$ref: '#/components/schemas/SignatureAlgorithmEnum'
signing_kp:
type: string
format: uuid
nullable: true
title: Signing Keypair
description: Keypair used to sign outgoing Responses going to the Service
Provider.
verification_kp:
type: string
format: uuid
nullable: true
title: Verification Certificate
description: When selected, incoming assertion's Signatures will be validated
against this certificate. To allow unsigned Requests, leave on default.
sp_binding:
allOf:
- $ref: '#/components/schemas/SpBindingEnum'
title: Service Provider Binding
description: |-
This determines how authentik sends the response back to the Service Provider.
* `redirect` - Redirect
* `post` - Post
default_relay_state:
type: string
description: Default relay_state value for IDP-initiated logins
required:
- acs_url
- authorization_flow
- name
SAMLSource:
type: object
description: SAMLSource Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Pbm uuid
name:
type: string
description: Source's display Name.
slug:
type: string
description: Internal source name, used in URLs.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
enabled:
type: boolean
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow to use when authenticating existing users.
enrollment_flow:
type: string
format: uuid
nullable: true
description: Flow to use when enrolling new users.
component:
type: string
description: Get object component so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
user_matching_mode:
allOf:
- $ref: '#/components/schemas/UserMatchingModeEnum'
description: |-
How the source determines if an existing user should be authenticated or a new user enrolled.
* `identifier` - Use the source-specific identifier
* `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses.
* `email_deny` - Use the user's email address, but deny enrollment when the email address already exists.
* `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source.
* `username_deny` - Use the user's username, but deny enrollment when the username already exists.
managed:
type: string
nullable: true
title: Managed by authentik
description: Objects that are managed by authentik. These objects are created
and updated automatically. This flag only indicates that an object can
be overwritten by migrations. You can still modify the objects via the
API, but expect changes to be overwritten in a later update.
readOnly: true
user_path_template:
type: string
icon:
type: string
nullable: true
description: |-
Get the URL to the Icon. If the name is /static or
starts with http it is returned as-is
readOnly: true
pre_authentication_flow:
type: string
format: uuid
description: Flow used before authentication.
issuer:
type: string
description: Also known as Entity ID. Defaults the Metadata URL.
sso_url:
type: string
format: uri
description: URL that the initial Login request is sent to.
maxLength: 200
slo_url:
type: string
format: uri
nullable: true
description: Optional URL if your IDP supports Single-Logout.
maxLength: 200
allow_idp_initiated:
type: boolean
description: Allows authentication flows initiated by the IdP. This can
be a security risk, as no validation of the request ID is done.
name_id_policy:
allOf:
- $ref: '#/components/schemas/NameIdPolicyEnum'
description: |-
NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.
* `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress` - Email
* `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent` - Persistent
* `urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName` - X509
* `urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName` - Windows
* `urn:oasis:names:tc:SAML:2.0:nameid-format:transient` - Transient
binding_type:
$ref: '#/components/schemas/BindingTypeEnum'
verification_kp:
type: string
format: uuid
nullable: true
title: Verification Certificate
description: When selected, incoming assertion's Signatures will be validated
against this certificate. To allow unsigned Requests, leave on default.
signing_kp:
type: string
format: uuid
nullable: true
title: Signing Keypair
description: Keypair used to sign outgoing Responses going to the Identity
Provider.
digest_algorithm:
$ref: '#/components/schemas/DigestAlgorithmEnum'
signature_algorithm:
$ref: '#/components/schemas/SignatureAlgorithmEnum'
temporary_user_delete_after:
type: string
title: Delete temporary users after
description: 'Time offset when temporary users should be deleted. This only
applies if your IDP uses the NameID Format ''transient'', and the user
doesn''t log out manually. (Format: hours=1;minutes=2;seconds=3).'
required:
- component
- icon
- managed
- meta_model_name
- name
- pk
- pre_authentication_flow
- slug
- sso_url
- verbose_name
- verbose_name_plural
SAMLSourceRequest:
type: object
description: SAMLSource Serializer
properties:
name:
type: string
minLength: 1
description: Source's display Name.
slug:
type: string
minLength: 1
description: Internal source name, used in URLs.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
enabled:
type: boolean
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow to use when authenticating existing users.
enrollment_flow:
type: string
format: uuid
nullable: true
description: Flow to use when enrolling new users.
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
user_matching_mode:
allOf:
- $ref: '#/components/schemas/UserMatchingModeEnum'
description: |-
How the source determines if an existing user should be authenticated or a new user enrolled.
* `identifier` - Use the source-specific identifier
* `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses.
* `email_deny` - Use the user's email address, but deny enrollment when the email address already exists.
* `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source.
* `username_deny` - Use the user's username, but deny enrollment when the username already exists.
user_path_template:
type: string
minLength: 1
pre_authentication_flow:
type: string
format: uuid
description: Flow used before authentication.
issuer:
type: string
description: Also known as Entity ID. Defaults the Metadata URL.
sso_url:
type: string
format: uri
minLength: 1
description: URL that the initial Login request is sent to.
maxLength: 200
slo_url:
type: string
format: uri
nullable: true
description: Optional URL if your IDP supports Single-Logout.
maxLength: 200
allow_idp_initiated:
type: boolean
description: Allows authentication flows initiated by the IdP. This can
be a security risk, as no validation of the request ID is done.
name_id_policy:
allOf:
- $ref: '#/components/schemas/NameIdPolicyEnum'
description: |-
NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.
* `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress` - Email
* `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent` - Persistent
* `urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName` - X509
* `urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName` - Windows
* `urn:oasis:names:tc:SAML:2.0:nameid-format:transient` - Transient
binding_type:
$ref: '#/components/schemas/BindingTypeEnum'
verification_kp:
type: string
format: uuid
nullable: true
title: Verification Certificate
description: When selected, incoming assertion's Signatures will be validated
against this certificate. To allow unsigned Requests, leave on default.
signing_kp:
type: string
format: uuid
nullable: true
title: Signing Keypair
description: Keypair used to sign outgoing Responses going to the Identity
Provider.
digest_algorithm:
$ref: '#/components/schemas/DigestAlgorithmEnum'
signature_algorithm:
$ref: '#/components/schemas/SignatureAlgorithmEnum'
temporary_user_delete_after:
type: string
minLength: 1
title: Delete temporary users after
description: 'Time offset when temporary users should be deleted. This only
applies if your IDP uses the NameID Format ''transient'', and the user
doesn''t log out manually. (Format: hours=1;minutes=2;seconds=3).'
required:
- name
- pre_authentication_flow
- slug
- sso_url
SCIMMapping:
type: object
description: SCIMMapping Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Pm uuid
managed:
type: string
nullable: true
title: Managed by authentik
description: Objects that are managed by authentik. These objects are created
and updated automatically. This flag only indicates that an object can
be overwritten by migrations. You can still modify the objects via the
API, but expect changes to be overwritten in a later update.
name:
type: string
expression:
type: string
component:
type: string
description: Get object's component so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
required:
- component
- expression
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
SCIMMappingRequest:
type: object
description: SCIMMapping Serializer
properties:
managed:
type: string
nullable: true
minLength: 1
title: Managed by authentik
description: Objects that are managed by authentik. These objects are created
and updated automatically. This flag only indicates that an object can
be overwritten by migrations. You can still modify the objects via the
API, but expect changes to be overwritten in a later update.
name:
type: string
minLength: 1
expression:
type: string
minLength: 1
required:
- expression
- name
SCIMProvider:
type: object
description: SCIMProvider Serializer
properties:
pk:
type: integer
readOnly: true
title: ID
name:
type: string
property_mappings:
type: array
items:
type: string
format: uuid
property_mappings_group:
type: array
items:
type: string
format: uuid
description: Property mappings used for group creation/updating.
component:
type: string
description: Get object component so that we know how to edit the object
readOnly: true
assigned_backchannel_application_slug:
type: string
description: Internal application name, used in URLs.
readOnly: true
assigned_backchannel_application_name:
type: string
description: Application's display Name.
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
url:
type: string
description: Base URL to SCIM requests, usually ends in /v2
token:
type: string
description: Authentication token
exclude_users_service_account:
type: boolean
filter_group:
type: string
format: uuid
nullable: true
required:
- assigned_backchannel_application_name
- assigned_backchannel_application_slug
- component
- meta_model_name
- name
- pk
- token
- url
- verbose_name
- verbose_name_plural
SCIMProviderRequest:
type: object
description: SCIMProvider Serializer
properties:
name:
type: string
minLength: 1
property_mappings:
type: array
items:
type: string
format: uuid
property_mappings_group:
type: array
items:
type: string
format: uuid
description: Property mappings used for group creation/updating.
url:
type: string
minLength: 1
description: Base URL to SCIM requests, usually ends in /v2
token:
type: string
minLength: 1
description: Authentication token
exclude_users_service_account:
type: boolean
filter_group:
type: string
format: uuid
nullable: true
required:
- name
- token
- url
SCIMSyncStatus:
type: object
description: SCIM Provider sync status
properties:
is_running:
type: boolean
readOnly: true
tasks:
type: array
items:
$ref: '#/components/schemas/Task'
readOnly: true
required:
- is_running
- tasks
SMSDevice:
type: object
description: Serializer for sms authenticator devices
properties:
name:
type: string
description: The human-readable name of this device.
maxLength: 64
pk:
type: integer
readOnly: true
title: ID
phone_number:
type: string
readOnly: true
required:
- name
- phone_number
- pk
SMSDeviceRequest:
type: object
description: Serializer for sms authenticator devices
properties:
name:
type: string
minLength: 1
description: The human-readable name of this device.
maxLength: 64
required:
- name
ScopeMapping:
type: object
description: ScopeMapping Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Pm uuid
managed:
type: string
nullable: true
title: Managed by authentik
description: Objects that are managed by authentik. These objects are created
and updated automatically. This flag only indicates that an object can
be overwritten by migrations. You can still modify the objects via the
API, but expect changes to be overwritten in a later update.
name:
type: string
expression:
type: string
component:
type: string
description: Get object's component so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
scope_name:
type: string
description: Scope name requested by the client
description:
type: string
description: Description shown to the user when consenting. If left empty,
the user won't be informed.
required:
- component
- expression
- meta_model_name
- name
- pk
- scope_name
- verbose_name
- verbose_name_plural
ScopeMappingRequest:
type: object
description: ScopeMapping Serializer
properties:
managed:
type: string
nullable: true
minLength: 1
title: Managed by authentik
description: Objects that are managed by authentik. These objects are created
and updated automatically. This flag only indicates that an object can
be overwritten by migrations. You can still modify the objects via the
API, but expect changes to be overwritten in a later update.
name:
type: string
minLength: 1
expression:
type: string
minLength: 1
scope_name:
type: string
minLength: 1
description: Scope name requested by the client
description:
type: string
description: Description shown to the user when consenting. If left empty,
the user won't be informed.
required:
- expression
- name
- scope_name
SelectableStage:
type: object
description: Serializer for stages which can be selected by users
properties:
pk:
type: string
format: uuid
name:
type: string
verbose_name:
type: string
meta_model_name:
type: string
required:
- meta_model_name
- name
- pk
- verbose_name
ServiceConnection:
type: object
description: ServiceConnection Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Uuid
name:
type: string
local:
type: boolean
description: If enabled, use the local connection. Required Docker socket/Kubernetes
Integration
component:
type: string
description: Return component used to edit this object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
required:
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
ServiceConnectionRequest:
type: object
description: ServiceConnection Serializer
properties:
name:
type: string
minLength: 1
local:
type: boolean
description: If enabled, use the local connection. Required Docker socket/Kubernetes
Integration
required:
- name
ServiceConnectionState:
type: object
description: Serializer for Service connection state
properties:
healthy:
type: boolean
readOnly: true
version:
type: string
readOnly: true
required:
- healthy
- version
SessionUser:
type: object
description: |-
Response for the /user/me endpoint, returns the currently active user (as `user` property)
and, if this user is being impersonated, the original user in the `original` property.
properties:
user:
$ref: '#/components/schemas/UserSelf'
original:
$ref: '#/components/schemas/UserSelf'
required:
- user
SeverityEnum:
enum:
- notice
- warning
- alert
type: string
description: |-
* `notice` - Notice
* `warning` - Warning
* `alert` - Alert
ShellChallenge:
type: object
description: challenge type to render HTML as-is
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: xak-flow-shell
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
body:
type: string
required:
- body
- type
SignatureAlgorithmEnum:
enum:
- http://www.w3.org/2000/09/xmldsig#rsa-sha1
- http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
- http://www.w3.org/2001/04/xmldsig-more#rsa-sha384
- http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
- http://www.w3.org/2000/09/xmldsig#dsa-sha1
type: string
description: |-
* `http://www.w3.org/2000/09/xmldsig#rsa-sha1` - RSA-SHA1
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256` - RSA-SHA256
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384` - RSA-SHA384
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512` - RSA-SHA512
* `http://www.w3.org/2000/09/xmldsig#dsa-sha1` - DSA-SHA1
Source:
type: object
description: Source Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Pbm uuid
name:
type: string
description: Source's display Name.
slug:
type: string
description: Internal source name, used in URLs.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
enabled:
type: boolean
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow to use when authenticating existing users.
enrollment_flow:
type: string
format: uuid
nullable: true
description: Flow to use when enrolling new users.
component:
type: string
description: Get object component so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
user_matching_mode:
allOf:
- $ref: '#/components/schemas/UserMatchingModeEnum'
description: |-
How the source determines if an existing user should be authenticated or a new user enrolled.
* `identifier` - Use the source-specific identifier
* `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses.
* `email_deny` - Use the user's email address, but deny enrollment when the email address already exists.
* `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source.
* `username_deny` - Use the user's username, but deny enrollment when the username already exists.
managed:
type: string
nullable: true
title: Managed by authentik
description: Objects that are managed by authentik. These objects are created
and updated automatically. This flag only indicates that an object can
be overwritten by migrations. You can still modify the objects via the
API, but expect changes to be overwritten in a later update.
readOnly: true
user_path_template:
type: string
icon:
type: string
nullable: true
description: |-
Get the URL to the Icon. If the name is /static or
starts with http it is returned as-is
readOnly: true
required:
- component
- icon
- managed
- meta_model_name
- name
- pk
- slug
- verbose_name
- verbose_name_plural
SourceRequest:
type: object
description: Source Serializer
properties:
name:
type: string
minLength: 1
description: Source's display Name.
slug:
type: string
minLength: 1
description: Internal source name, used in URLs.
maxLength: 50
pattern: ^[-a-zA-Z0-9_]+$
enabled:
type: boolean
authentication_flow:
type: string
format: uuid
nullable: true
description: Flow to use when authenticating existing users.
enrollment_flow:
type: string
format: uuid
nullable: true
description: Flow to use when enrolling new users.
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
user_matching_mode:
allOf:
- $ref: '#/components/schemas/UserMatchingModeEnum'
description: |-
How the source determines if an existing user should be authenticated or a new user enrolled.
* `identifier` - Use the source-specific identifier
* `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses.
* `email_deny` - Use the user's email address, but deny enrollment when the email address already exists.
* `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source.
* `username_deny` - Use the user's username, but deny enrollment when the username already exists.
user_path_template:
type: string
minLength: 1
required:
- name
- slug
SourceType:
type: object
description: Serializer for SourceType
properties:
name:
type: string
slug:
type: string
urls_customizable:
type: boolean
request_token_url:
type: string
readOnly: true
nullable: true
authorization_url:
type: string
readOnly: true
nullable: true
access_token_url:
type: string
readOnly: true
nullable: true
profile_url:
type: string
readOnly: true
nullable: true
oidc_well_known_url:
type: string
readOnly: true
nullable: true
oidc_jwks_url:
type: string
readOnly: true
nullable: true
required:
- access_token_url
- authorization_url
- name
- oidc_jwks_url
- oidc_well_known_url
- profile_url
- request_token_url
- slug
- urls_customizable
SpBindingEnum:
enum:
- redirect
- post
type: string
description: |-
* `redirect` - Redirect
* `post` - Post
Stage:
type: object
description: Stage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
description: Get object type so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSet'
required:
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
StagePrompt:
type: object
description: Serializer for a single Prompt field
properties:
field_key:
type: string
label:
type: string
type:
$ref: '#/components/schemas/PromptTypeEnum'
required:
type: boolean
placeholder:
type: string
initial_value:
type: string
order:
type: integer
sub_text:
type: string
choices:
type: array
items:
type: string
nullable: true
required:
- choices
- field_key
- initial_value
- label
- order
- placeholder
- required
- sub_text
- type
StageRequest:
type: object
description: Stage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
required:
- name
StaticDevice:
type: object
description: Serializer for static authenticator devices
properties:
name:
type: string
description: The human-readable name of this device.
maxLength: 64
token_set:
type: array
items:
$ref: '#/components/schemas/StaticDeviceToken'
readOnly: true
pk:
type: integer
readOnly: true
title: ID
required:
- name
- pk
- token_set
StaticDeviceRequest:
type: object
description: Serializer for static authenticator devices
properties:
name:
type: string
minLength: 1
description: The human-readable name of this device.
maxLength: 64
required:
- name
StaticDeviceToken:
type: object
description: Serializer for static device's tokens
properties:
token:
type: string
maxLength: 16
required:
- token
StaticDeviceTokenRequest:
type: object
description: Serializer for static device's tokens
properties:
token:
type: string
minLength: 1
maxLength: 16
required:
- token
SubModeEnum:
enum:
- hashed_user_id
- user_id
- user_uuid
- user_username
- user_email
- user_upn
type: string
description: |-
* `hashed_user_id` - Based on the Hashed User ID
* `user_id` - Based on user ID
* `user_uuid` - Based on user UUID
* `user_username` - Based on the username
* `user_email` - Based on the User's Email. This is recommended over the UPN method.
* `user_upn` - Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains.
SystemInfo:
type: object
description: Get system information.
properties:
http_headers:
type: object
additionalProperties:
type: string
description: Get HTTP Request headers
readOnly: true
http_host:
type: string
description: Get HTTP host
readOnly: true
http_is_secure:
type: boolean
description: Get HTTP Secure flag
readOnly: true
runtime:
type: object
description: Get versions
properties:
python_version:
type: string
gunicorn_version:
type: string
environment:
type: string
architecture:
type: string
platform:
type: string
uname:
type: string
required:
- architecture
- environment
- gunicorn_version
- platform
- python_version
- uname
readOnly: true
tenant:
type: string
description: Currently active tenant
readOnly: true
server_time:
type: string
format: date-time
description: Current server time
readOnly: true
embedded_outpost_host:
type: string
description: Get the FQDN configured on the embedded outpost
readOnly: true
required:
- embedded_outpost_host
- http_headers
- http_host
- http_is_secure
- runtime
- server_time
- tenant
TOTPDevice:
type: object
description: Serializer for totp authenticator devices
properties:
name:
type: string
description: The human-readable name of this device.
maxLength: 64
pk:
type: integer
readOnly: true
title: ID
required:
- name
- pk
TOTPDeviceRequest:
type: object
description: Serializer for totp authenticator devices
properties:
name:
type: string
minLength: 1
description: The human-readable name of this device.
maxLength: 64
required:
- name
Task:
type: object
description: Serialize TaskInfo and TaskResult
properties:
task_name:
type: string
task_description:
type: string
task_finish_timestamp:
type: string
format: date-time
task_duration:
type: integer
description: Get the duration a task took to run
readOnly: true
status:
$ref: '#/components/schemas/TaskStatusEnum'
messages:
type: array
items: {}
required:
- messages
- status
- task_description
- task_duration
- task_finish_timestamp
- task_name
TaskStatusEnum:
enum:
- SUCCESSFUL
- WARNING
- ERROR
- UNKNOWN
type: string
description: |-
* `SUCCESSFUL` - SUCCESSFUL
* `WARNING` - WARNING
* `ERROR` - ERROR
* `UNKNOWN` - UNKNOWN
Tenant:
type: object
description: Tenant Serializer
properties:
tenant_uuid:
type: string
format: uuid
readOnly: true
domain:
type: string
description: Domain that activates this tenant. Can be a superset, i.e.
`a.b` for `aa.b` and `ba.b`
default:
type: boolean
branding_title:
type: string
branding_logo:
type: string
branding_favicon:
type: string
flow_authentication:
type: string
format: uuid
nullable: true
flow_invalidation:
type: string
format: uuid
nullable: true
flow_recovery:
type: string
format: uuid
nullable: true
flow_unenrollment:
type: string
format: uuid
nullable: true
flow_user_settings:
type: string
format: uuid
nullable: true
flow_device_code:
type: string
format: uuid
nullable: true
event_retention:
type: string
description: 'Events will be deleted after this duration.(Format: weeks=3;days=2;hours=3,seconds=2).'
web_certificate:
type: string
format: uuid
nullable: true
description: Web Certificate used by the authentik Core webserver.
attributes: {}
required:
- domain
- tenant_uuid
TenantRequest:
type: object
description: Tenant Serializer
properties:
domain:
type: string
minLength: 1
description: Domain that activates this tenant. Can be a superset, i.e.
`a.b` for `aa.b` and `ba.b`
default:
type: boolean
branding_title:
type: string
minLength: 1
branding_logo:
type: string
minLength: 1
branding_favicon:
type: string
minLength: 1
flow_authentication:
type: string
format: uuid
nullable: true
flow_invalidation:
type: string
format: uuid
nullable: true
flow_recovery:
type: string
format: uuid
nullable: true
flow_unenrollment:
type: string
format: uuid
nullable: true
flow_user_settings:
type: string
format: uuid
nullable: true
flow_device_code:
type: string
format: uuid
nullable: true
event_retention:
type: string
minLength: 1
description: 'Events will be deleted after this duration.(Format: weeks=3;days=2;hours=3,seconds=2).'
web_certificate:
type: string
format: uuid
nullable: true
description: Web Certificate used by the authentik Core webserver.
attributes: {}
required:
- domain
Token:
type: object
description: Token Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Token uuid
managed:
type: string
nullable: true
title: Managed by authentik
description: Objects that are managed by authentik. These objects are created
and updated automatically. This flag only indicates that an object can
be overwritten by migrations. You can still modify the objects via the
API, but expect changes to be overwritten in a later update.
identifier:
type: string
maxLength: 255
pattern: ^[-a-zA-Z0-9_]+$
intent:
$ref: '#/components/schemas/IntentEnum'
user:
type: integer
user_obj:
allOf:
- $ref: '#/components/schemas/User'
readOnly: true
description:
type: string
expires:
type: string
format: date-time
expiring:
type: boolean
required:
- identifier
- pk
- user_obj
TokenModel:
type: object
description: Serializer for BaseGrantModel and RefreshToken
properties:
pk:
type: integer
readOnly: true
title: ID
provider:
$ref: '#/components/schemas/OAuth2Provider'
user:
$ref: '#/components/schemas/User'
is_expired:
type: boolean
description: Check if token is expired yet.
readOnly: true
expires:
type: string
format: date-time
scope:
type: array
items:
type: string
id_token:
type: string
description: Get the token's id_token as JSON String
readOnly: true
revoked:
type: boolean
required:
- id_token
- is_expired
- pk
- provider
- scope
- user
TokenRequest:
type: object
description: Token Serializer
properties:
managed:
type: string
nullable: true
minLength: 1
title: Managed by authentik
description: Objects that are managed by authentik. These objects are created
and updated automatically. This flag only indicates that an object can
be overwritten by migrations. You can still modify the objects via the
API, but expect changes to be overwritten in a later update.
identifier:
type: string
minLength: 1
maxLength: 255
pattern: ^[-a-zA-Z0-9_]+$
intent:
$ref: '#/components/schemas/IntentEnum'
user:
type: integer
description:
type: string
expires:
type: string
format: date-time
expiring:
type: boolean
required:
- identifier
TokenSetKeyRequest:
type: object
properties:
key:
type: string
minLength: 1
required:
- key
TokenView:
type: object
description: Show token's current key
properties:
key:
type: string
readOnly: true
required:
- key
TransactionApplicationRequest:
type: object
description: Serializer for creating a provider and an application in one transaction
properties:
app:
$ref: '#/components/schemas/ApplicationRequest'
provider_model:
$ref: '#/components/schemas/ProviderModelEnum'
provider:
$ref: '#/components/schemas/modelRequest'
required:
- app
- provider
- provider_model
TransactionApplicationResponse:
type: object
description: Transactional creation response
properties:
applied:
type: boolean
logs:
type: array
items:
type: string
required:
- applied
- logs
TypeCreate:
type: object
description: Types of an object that can be created
properties:
name:
type: string
description:
type: string
component:
type: string
model_name:
type: string
required:
- component
- description
- model_name
- name
UiThemeEnum:
enum:
- automatic
- light
- dark
type: string
description: |-
* `automatic` - Automatic
* `light` - Light
* `dark` - Dark
UsedBy:
type: object
description: A list of all objects referencing the queried object
properties:
app:
type: string
model_name:
type: string
pk:
type: string
name:
type: string
action:
$ref: '#/components/schemas/UsedByActionEnum'
required:
- action
- app
- model_name
- name
- pk
UsedByActionEnum:
enum:
- CASCADE
- CASCADE_MANY
- SET_NULL
- SET_DEFAULT
type: string
description: |-
* `CASCADE` - CASCADE
* `CASCADE_MANY` - CASCADE_MANY
* `SET_NULL` - SET_NULL
* `SET_DEFAULT` - SET_DEFAULT
User:
type: object
description: User Serializer
properties:
pk:
type: integer
readOnly: true
title: ID
username:
type: string
maxLength: 150
name:
type: string
description: User's display name.
is_active:
type: boolean
title: Active
description: Designates whether this user should be treated as active. Unselect
this instead of deleting accounts.
last_login:
type: string
format: date-time
nullable: true
is_superuser:
type: boolean
readOnly: true
groups:
type: array
items:
type: string
format: uuid
groups_obj:
type: array
items:
$ref: '#/components/schemas/UserGroup'
readOnly: true
email:
type: string
format: email
title: Email address
maxLength: 254
avatar:
type: string
readOnly: true
attributes:
type: object
additionalProperties: {}
uid:
type: string
readOnly: true
path:
type: string
type:
$ref: '#/components/schemas/UserTypeEnum'
uuid:
type: string
format: uuid
readOnly: true
required:
- avatar
- groups_obj
- is_superuser
- name
- pk
- uid
- username
- uuid
UserAccountRequest:
type: object
description: Account adding/removing operations
properties:
pk:
type: integer
required:
- pk
UserAssignedObjectPermission:
type: object
description: Users assigned object permission serializer
properties:
pk:
type: integer
readOnly: true
title: ID
username:
type: string
description: Required. 150 characters or fewer. Letters, digits and @/./+/-/_
only.
pattern: ^[\w.@+-]+$
maxLength: 150
name:
type: string
description: User's display name.
is_active:
type: boolean
title: Active
description: Designates whether this user should be treated as active. Unselect
this instead of deleting accounts.
last_login:
type: string
format: date-time
nullable: true
email:
type: string
format: email
title: Email address
maxLength: 254
attributes:
type: object
additionalProperties: {}
uid:
type: string
readOnly: true
permissions:
type: array
items:
$ref: '#/components/schemas/UserObjectPermission'
is_superuser:
type: boolean
required:
- is_superuser
- name
- permissions
- pk
- uid
- username
UserConsent:
type: object
description: UserConsent Serializer
properties:
pk:
type: integer
readOnly: true
title: ID
expires:
type: string
format: date-time
user:
$ref: '#/components/schemas/User'
application:
$ref: '#/components/schemas/Application'
permissions:
type: string
default: ''
required:
- application
- pk
- user
UserCreationModeEnum:
enum:
- never_create
- create_when_required
- always_create
type: string
description: |-
* `never_create` - Never Create
* `create_when_required` - Create When Required
* `always_create` - Always Create
UserDeleteStage:
type: object
description: UserDeleteStage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
description: Get object type so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSet'
required:
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
UserDeleteStageRequest:
type: object
description: UserDeleteStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
required:
- name
UserFieldsEnum:
enum:
- email
- username
- upn
type: string
description: |-
* `email` - E Mail
* `username` - Username
* `upn` - Upn
UserGroup:
type: object
description: Simplified Group Serializer for user's groups
properties:
pk:
type: string
format: uuid
readOnly: true
title: Group uuid
num_pk:
type: integer
description: Get a numerical, int32 ID for the group
readOnly: true
name:
type: string
maxLength: 80
is_superuser:
type: boolean
description: Users added to this group will be superusers.
parent:
type: string
format: uuid
nullable: true
parent_name:
type: string
readOnly: true
attributes:
type: object
additionalProperties: {}
required:
- name
- num_pk
- parent_name
- pk
UserGroupRequest:
type: object
description: Simplified Group Serializer for user's groups
properties:
name:
type: string
minLength: 1
maxLength: 80
is_superuser:
type: boolean
description: Users added to this group will be superusers.
parent:
type: string
format: uuid
nullable: true
attributes:
type: object
additionalProperties: {}
required:
- name
UserLoginChallenge:
type: object
description: Empty challenge
properties:
type:
$ref: '#/components/schemas/ChallengeChoices'
flow_info:
$ref: '#/components/schemas/ContextualFlowInfo'
component:
type: string
default: ak-stage-user-login
response_errors:
type: object
additionalProperties:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
pending_user:
type: string
pending_user_avatar:
type: string
required:
- pending_user
- pending_user_avatar
- type
UserLoginChallengeResponseRequest:
type: object
description: User login challenge
properties:
component:
type: string
minLength: 1
default: ak-stage-user-login
remember_me:
type: boolean
required:
- remember_me
UserLoginStage:
type: object
description: UserLoginStage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
description: Get object type so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSet'
session_duration:
type: string
description: 'Determines how long a session lasts. Default of 0 means that
the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)'
terminate_other_sessions:
type: boolean
description: Terminate all other sessions of the user logging in.
remember_me_offset:
type: string
description: 'Offset the session will be extended by when the user picks
the remember me option. Default of 0 means that the remember me option
will not be shown. (Format: hours=-1;minutes=-2;seconds=-3)'
network_binding:
allOf:
- $ref: '#/components/schemas/NetworkBindingEnum'
description: |-
Bind sessions created by this stage to the configured network
* `no_binding` - No Binding
* `bind_asn` - Bind Asn
* `bind_asn_network` - Bind Asn Network
* `bind_asn_network_ip` - Bind Asn Network Ip
geoip_binding:
allOf:
- $ref: '#/components/schemas/GeoipBindingEnum'
description: |-
Bind sessions created by this stage to the configured GeoIP location
* `no_binding` - No Binding
* `bind_continent` - Bind Continent
* `bind_continent_country` - Bind Continent Country
* `bind_continent_country_city` - Bind Continent Country City
required:
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
UserLoginStageRequest:
type: object
description: UserLoginStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
session_duration:
type: string
minLength: 1
description: 'Determines how long a session lasts. Default of 0 means that
the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)'
terminate_other_sessions:
type: boolean
description: Terminate all other sessions of the user logging in.
remember_me_offset:
type: string
minLength: 1
description: 'Offset the session will be extended by when the user picks
the remember me option. Default of 0 means that the remember me option
will not be shown. (Format: hours=-1;minutes=-2;seconds=-3)'
network_binding:
allOf:
- $ref: '#/components/schemas/NetworkBindingEnum'
description: |-
Bind sessions created by this stage to the configured network
* `no_binding` - No Binding
* `bind_asn` - Bind Asn
* `bind_asn_network` - Bind Asn Network
* `bind_asn_network_ip` - Bind Asn Network Ip
geoip_binding:
allOf:
- $ref: '#/components/schemas/GeoipBindingEnum'
description: |-
Bind sessions created by this stage to the configured GeoIP location
* `no_binding` - No Binding
* `bind_continent` - Bind Continent
* `bind_continent_country` - Bind Continent Country
* `bind_continent_country_city` - Bind Continent Country City
required:
- name
UserLogoutStage:
type: object
description: UserLogoutStage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
description: Get object type so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSet'
required:
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
UserLogoutStageRequest:
type: object
description: UserLogoutStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
required:
- name
UserMatchingModeEnum:
enum:
- identifier
- email_link
- email_deny
- username_link
- username_deny
type: string
description: |-
* `identifier` - Use the source-specific identifier
* `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses.
* `email_deny` - Use the user's email address, but deny enrollment when the email address already exists.
* `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source.
* `username_deny` - Use the user's username, but deny enrollment when the username already exists.
UserMetrics:
type: object
description: User Metrics
properties:
logins:
type: array
items:
$ref: '#/components/schemas/Coordinate'
readOnly: true
logins_failed:
type: array
items:
$ref: '#/components/schemas/Coordinate'
readOnly: true
authorizations:
type: array
items:
$ref: '#/components/schemas/Coordinate'
readOnly: true
required:
- authorizations
- logins
- logins_failed
UserOAuthSourceConnection:
type: object
description: OAuth Source Serializer
properties:
pk:
type: integer
readOnly: true
title: ID
user:
type: integer
source:
allOf:
- $ref: '#/components/schemas/Source'
readOnly: true
identifier:
type: string
maxLength: 255
required:
- identifier
- pk
- source
- user
UserOAuthSourceConnectionRequest:
type: object
description: OAuth Source Serializer
properties:
user:
type: integer
identifier:
type: string
minLength: 1
maxLength: 255
access_token:
type: string
writeOnly: true
nullable: true
required:
- identifier
- user
UserObjectPermission:
type: object
description: User-bound object level permission
properties:
id:
type: integer
readOnly: true
codename:
type: string
readOnly: true
model:
type: string
title: Python model class name
readOnly: true
app_label:
type: string
readOnly: true
object_pk:
type: string
title: Object ID
readOnly: true
name:
type: string
readOnly: true
required:
- app_label
- codename
- id
- model
- name
- object_pk
UserPasswordSetRequest:
type: object
properties:
password:
type: string
minLength: 1
required:
- password
UserPath:
type: object
properties:
paths:
type: array
items:
type: string
readOnly: true
required:
- paths
UserRequest:
type: object
description: User Serializer
properties:
username:
type: string
minLength: 1
maxLength: 150
name:
type: string
description: User's display name.
is_active:
type: boolean
title: Active
description: Designates whether this user should be treated as active. Unselect
this instead of deleting accounts.
last_login:
type: string
format: date-time
nullable: true
groups:
type: array
items:
type: string
format: uuid
email:
type: string
format: email
title: Email address
maxLength: 254
attributes:
type: object
additionalProperties: {}
path:
type: string
minLength: 1
type:
$ref: '#/components/schemas/UserTypeEnum'
required:
- name
- username
UserSAMLSourceConnection:
type: object
description: SAML Source Serializer
properties:
pk:
type: integer
readOnly: true
title: ID
user:
type: integer
source:
allOf:
- $ref: '#/components/schemas/Source'
readOnly: true
identifier:
type: string
required:
- identifier
- pk
- source
- user
UserSAMLSourceConnectionRequest:
type: object
description: SAML Source Serializer
properties:
user:
type: integer
identifier:
type: string
minLength: 1
required:
- identifier
- user
UserSelf:
type: object
description: User Serializer for information a user can retrieve about themselves
properties:
pk:
type: integer
readOnly: true
title: ID
username:
type: string
description: Required. 150 characters or fewer. Letters, digits and @/./+/-/_
only.
pattern: ^[\w.@+-]+$
maxLength: 150
name:
type: string
description: User's display name.
is_active:
type: boolean
readOnly: true
title: Active
description: Designates whether this user should be treated as active. Unselect
this instead of deleting accounts.
is_superuser:
type: boolean
readOnly: true
groups:
type: array
items:
$ref: '#/components/schemas/UserSelfGroups'
readOnly: true
email:
type: string
format: email
title: Email address
maxLength: 254
avatar:
type: string
readOnly: true
uid:
type: string
readOnly: true
settings:
type: object
additionalProperties: {}
description: Get user settings with tenant and group settings applied
readOnly: true
type:
$ref: '#/components/schemas/UserTypeEnum'
system_permissions:
type: array
items:
type: string
description: Get all system permissions assigned to the user
readOnly: true
required:
- avatar
- groups
- is_active
- is_superuser
- name
- pk
- settings
- system_permissions
- uid
- username
UserSelfGroups:
type: object
properties:
name:
type: string
readOnly: true
pk:
type: string
readOnly: true
required:
- name
- pk
UserServiceAccountRequest:
type: object
properties:
name:
type: string
minLength: 1
create_group:
type: boolean
default: false
expiring:
type: boolean
default: true
expires:
type: string
format: date-time
description: If not provided, valid for 360 days
required:
- name
UserServiceAccountResponse:
type: object
properties:
username:
type: string
token:
type: string
user_uid:
type: string
user_pk:
type: integer
group_pk:
type: string
required:
- token
- user_pk
- user_uid
- username
UserSetting:
type: object
description: Serializer for User settings for stages and sources
properties:
object_uid:
type: string
component:
type: string
title:
type: string
configure_url:
type: string
icon_url:
type: string
required:
- component
- object_uid
- title
UserSourceConnection:
type: object
description: OAuth Source Serializer
properties:
pk:
type: integer
readOnly: true
title: ID
user:
type: integer
readOnly: true
source:
allOf:
- $ref: '#/components/schemas/Source'
readOnly: true
created:
type: string
format: date-time
readOnly: true
required:
- created
- pk
- source
- user
UserTypeEnum:
enum:
- internal
- external
- service_account
- internal_service_account
type: string
description: |-
* `internal` - Internal
* `external` - External
* `service_account` - Service Account
* `internal_service_account` - Internal Service Account
UserVerificationEnum:
enum:
- required
- preferred
- discouraged
type: string
description: |-
* `required` - Required
* `preferred` - Preferred
* `discouraged` - Discouraged
UserWriteStage:
type: object
description: UserWriteStage Serializer
properties:
pk:
type: string
format: uuid
readOnly: true
title: Stage uuid
name:
type: string
component:
type: string
description: Get object type so that we know how to edit the object
readOnly: true
verbose_name:
type: string
description: Return object's verbose_name
readOnly: true
verbose_name_plural:
type: string
description: Return object's plural verbose_name
readOnly: true
meta_model_name:
type: string
description: Return internal model name
readOnly: true
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSet'
user_creation_mode:
$ref: '#/components/schemas/UserCreationModeEnum'
create_users_as_inactive:
type: boolean
description: When set, newly created users are inactive and cannot login.
create_users_group:
type: string
format: uuid
nullable: true
description: Optionally add newly created users to this group.
user_type:
$ref: '#/components/schemas/UserTypeEnum'
user_path_template:
type: string
required:
- component
- meta_model_name
- name
- pk
- verbose_name
- verbose_name_plural
UserWriteStageRequest:
type: object
description: UserWriteStage Serializer
properties:
name:
type: string
minLength: 1
flow_set:
type: array
items:
$ref: '#/components/schemas/FlowSetRequest'
user_creation_mode:
$ref: '#/components/schemas/UserCreationModeEnum'
create_users_as_inactive:
type: boolean
description: When set, newly created users are inactive and cannot login.
create_users_group:
type: string
format: uuid
nullable: true
description: Optionally add newly created users to this group.
user_type:
$ref: '#/components/schemas/UserTypeEnum'
user_path_template:
type: string
required:
- name
ValidationError:
type: object
description: Validation Error
properties:
non_field_errors:
type: array
items:
type: string
code:
type: string
additionalProperties: {}
Version:
type: object
description: Get running and latest version.
properties:
version_current:
type: string
description: Get current version
readOnly: true
version_latest:
type: string
description: Get latest version from cache
readOnly: true
build_hash:
type: string
description: Get build hash, if version is not latest or released
readOnly: true
outdated:
type: boolean
description: Check if we're running the latest version
readOnly: true
required:
- build_hash
- outdated
- version_current
- version_latest
WebAuthnDevice:
type: object
description: Serializer for WebAuthn authenticator devices
properties:
pk:
type: integer
readOnly: true
title: ID
name:
type: string
maxLength: 200
created_on:
type: string
format: date-time
readOnly: true
required:
- created_on
- name
- pk
WebAuthnDeviceRequest:
type: object
description: Serializer for WebAuthn authenticator devices
properties:
name:
type: string
minLength: 1
maxLength: 200
required:
- name
Workers:
type: object
properties:
count:
type: integer
required:
- count
modelRequest:
oneOf:
- $ref: '#/components/schemas/LDAPProviderRequest'
- $ref: '#/components/schemas/OAuth2ProviderRequest'
- $ref: '#/components/schemas/ProxyProviderRequest'
- $ref: '#/components/schemas/RACProviderRequest'
- $ref: '#/components/schemas/RadiusProviderRequest'
- $ref: '#/components/schemas/SAMLProviderRequest'
- $ref: '#/components/schemas/SCIMProviderRequest'
discriminator:
propertyName: provider_model
mapping:
authentik_providers_ldap.ldapprovider: '#/components/schemas/LDAPProviderRequest'
authentik_providers_oauth2.oauth2provider: '#/components/schemas/OAuth2ProviderRequest'
authentik_providers_proxy.proxyprovider: '#/components/schemas/ProxyProviderRequest'
authentik_providers_rac.racprovider: '#/components/schemas/RACProviderRequest'
authentik_providers_radius.radiusprovider: '#/components/schemas/RadiusProviderRequest'
authentik_providers_saml.samlprovider: '#/components/schemas/SAMLProviderRequest'
authentik_providers_scim.scimprovider: '#/components/schemas/SCIMProviderRequest'
securitySchemes:
authentik:
type: apiKey
in: header
name: Authorization
scheme: bearer
servers:
- url: /api/v3/