authentik (2024.4.0)

Download OpenAPI specification:Download

E-mail: hello@goauthentik.io License: MIT

Making authentication simple.

admin

admin_apps_list

Read-only view list all installed apps

Authorizations:

authentik

Responses

Response samples

200
400
403

Content type

application/json

[{"name": "string",
"label": "string"
}
]

admin_metrics_retrieve

Login Metrics per 1h

Authorizations:

authentik

Responses

Response samples

200
400
403

Content type

application/json

{"logins": [{"x_cord": 0,
"y_cord": 0
}
],
"logins_failed": [{"x_cord": 0,
"y_cord": 0
}
],
"authorizations": [{"x_cord": 0,
"y_cord": 0
}
]
}

admin_models_list

Read-only view list all installed models

Authorizations:

authentik

Responses

Response samples

200
400
403

Content type

application/json

[{"name": "string",
"label": "string"
}
]

admin_settings_retrieve

Settings view

Authorizations:

authentik

Responses

Response samples

200
400
403

Content type

application/json

{"avatars": "string",
"default_user_change_name": true,
"default_user_change_email": true,
"default_user_change_username": true,
"event_retention": "string",
"footer_links": null,
"gdpr_compliance": true,
"impersonation": true,
"default_token_duration": "string",
"default_token_length": 1
}

admin_settings_update

Settings view

Authorizations:

authentik

Request Body schema: application/json

avatars	string non-empty Configure how authentik should show avatars for users.
default_user_change_name	boolean Enable the ability for users to change their name.
default_user_change_email	boolean Enable the ability for users to change their email address.
default_user_change_username	boolean Enable the ability for users to change their username.
event_retention	string non-empty Events will be deleted after this duration.(Format: weeks=3;days=2;hours=3,seconds=2).
footer_links	any The option configures the footer links on the flow executor pages.
gdpr_compliance	boolean When enabled, all the events caused by a user will be deleted upon the user's deletion.
impersonation	boolean Globally enable/disable impersonation.
default_token_duration	string non-empty Default token duration
default_token_length	integer [ 1 .. 2147483647 ] Default token length

Responses

Request samples

Payload

Content type

application/json

{"avatars": "string",
"default_user_change_name": true,
"default_user_change_email": true,
"default_user_change_username": true,
"event_retention": "string",
"footer_links": null,
"gdpr_compliance": true,
"impersonation": true,
"default_token_duration": "string",
"default_token_length": 1
}

Response samples

200
400
403

Content type

application/json

{"avatars": "string",
"default_user_change_name": true,
"default_user_change_email": true,
"default_user_change_username": true,
"event_retention": "string",
"footer_links": null,
"gdpr_compliance": true,
"impersonation": true,
"default_token_duration": "string",
"default_token_length": 1
}

admin_settings_partial_update

Settings view

Authorizations:

authentik

Request Body schema: application/json

avatars	string non-empty Configure how authentik should show avatars for users.
default_user_change_name	boolean Enable the ability for users to change their name.
default_user_change_email	boolean Enable the ability for users to change their email address.
default_user_change_username	boolean Enable the ability for users to change their username.
event_retention	string non-empty Events will be deleted after this duration.(Format: weeks=3;days=2;hours=3,seconds=2).
footer_links	any The option configures the footer links on the flow executor pages.
gdpr_compliance	boolean When enabled, all the events caused by a user will be deleted upon the user's deletion.
impersonation	boolean Globally enable/disable impersonation.
default_token_duration	string non-empty Default token duration
default_token_length	integer [ 1 .. 2147483647 ] Default token length

Responses

Request samples

Payload

Content type

application/json

{"avatars": "string",
"default_user_change_name": true,
"default_user_change_email": true,
"default_user_change_username": true,
"event_retention": "string",
"footer_links": null,
"gdpr_compliance": true,
"impersonation": true,
"default_token_duration": "string",
"default_token_length": 1
}

Response samples

200
400
403

Content type

application/json

{"avatars": "string",
"default_user_change_name": true,
"default_user_change_email": true,
"default_user_change_username": true,
"event_retention": "string",
"footer_links": null,
"gdpr_compliance": true,
"impersonation": true,
"default_token_duration": "string",
"default_token_length": 1
}

admin_system_retrieve

Get system information.

Authorizations:

authentik

Responses

Response samples

200
400
403

Content type

application/json

{"http_headers": {"property1": "string",
"property2": "string"
},
"http_host": "string",
"http_is_secure": true,
"runtime": {"python_version": "string",
"gunicorn_version": "string",
"environment": "string",
"architecture": "string",
"platform": "string",
"uname": "string"
},
"brand": "string",
"server_time": "2019-08-24T14:15:22Z",
"embedded_outpost_disabled": true,
"embedded_outpost_host": "string"
}

admin_system_create

Get system information.

Authorizations:

authentik

Responses

Response samples

200
400
403

Content type

application/json

{"http_headers": {"property1": "string",
"property2": "string"
},
"http_host": "string",
"http_is_secure": true,
"runtime": {"python_version": "string",
"gunicorn_version": "string",
"environment": "string",
"architecture": "string",
"platform": "string",
"uname": "string"
},
"brand": "string",
"server_time": "2019-08-24T14:15:22Z",
"embedded_outpost_disabled": true,
"embedded_outpost_host": "string"
}

admin_version_retrieve

Get running and latest version.

Authorizations:

authentik

Responses

Response samples

200
400
403

Content type

application/json

{"version_current": "string",
"version_latest": "string",
"version_latest_valid": true,
"build_hash": "string",
"outdated": true
}

admin_workers_retrieve

Get currently connected worker count.

Authorizations:

authentik

Responses

Response samples

200
400
403

Content type

application/json

{"count": 0
}

authenticators

authenticators_admin_all_list

Get all devices for current user

Authorizations:

authentik

query Parameters

user

integer

Responses

Response samples

200
400
403

Content type

application/json

[{"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"pk": 0,
"name": "string",
"type": "string",
"confirmed": true
}
]

authenticators_admin_duo_list

Viewset for Duo authenticator devices (for admins)

Authorizations:

authentik

query Parameters

name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": 0,
"name": "string"
}
]
}

authenticators_admin_duo_create

Viewset for Duo authenticator devices (for admins)

Authorizations:

authentik

Request Body schema: application/json
required

name

required

string [ 1 .. 64 ] characters

The human-readable name of this device.

Responses

Request samples

Payload

Content type

application/json

{"name": "string"
}

Response samples

201
400
403

Content type

application/json

{"pk": 0,
"name": "string"
}

authenticators_admin_duo_retrieve

Viewset for Duo authenticator devices (for admins)

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this Duo Device.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"name": "string"
}

authenticators_admin_duo_update

Viewset for Duo authenticator devices (for admins)

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this Duo Device.

Request Body schema: application/json
required

name

required

string [ 1 .. 64 ] characters

The human-readable name of this device.

Responses

Request samples

Payload

Content type

application/json

{"name": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"name": "string"
}

authenticators_admin_duo_partial_update

Viewset for Duo authenticator devices (for admins)

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this Duo Device.

Request Body schema: application/json

name	string [ 1 .. 64 ] characters The human-readable name of this device.

Responses

Request samples

Payload

Content type

application/json

{"name": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"name": "string"
}

authenticators_admin_duo_destroy

Viewset for Duo authenticator devices (for admins)

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this Duo Device.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

authenticators_admin_sms_list

Viewset for sms authenticator devices (for admins)

Authorizations:

authentik

query Parameters

name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"name": "string",
"pk": 0,
"phone_number": "string"
}
]
}

authenticators_admin_sms_create

Viewset for sms authenticator devices (for admins)

Authorizations:

authentik

Request Body schema: application/json
required

name

required

string [ 1 .. 64 ] characters

The human-readable name of this device.

Responses

Request samples

Payload

Content type

application/json

{"name": "string"
}

Response samples

201
400
403

Content type

application/json

{"name": "string",
"pk": 0,
"phone_number": "string"
}

authenticators_admin_sms_retrieve

Viewset for sms authenticator devices (for admins)

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this SMS Device.

Responses

Response samples

200
400
403

Content type

application/json

{"name": "string",
"pk": 0,
"phone_number": "string"
}

authenticators_admin_sms_update

Viewset for sms authenticator devices (for admins)

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this SMS Device.

Request Body schema: application/json
required

name

required

string [ 1 .. 64 ] characters

The human-readable name of this device.

Responses

Request samples

Payload

Content type

application/json

{"name": "string"
}

Response samples

200
400
403

Content type

application/json

{"name": "string",
"pk": 0,
"phone_number": "string"
}

authenticators_admin_sms_partial_update

Viewset for sms authenticator devices (for admins)

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this SMS Device.

Request Body schema: application/json

name	string [ 1 .. 64 ] characters The human-readable name of this device.

Responses

Request samples

Payload

Content type

application/json

{"name": "string"
}

Response samples

200
400
403

Content type

application/json

{"name": "string",
"pk": 0,
"phone_number": "string"
}

authenticators_admin_sms_destroy

Viewset for sms authenticator devices (for admins)

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this SMS Device.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

authenticators_admin_static_list

Viewset for static authenticator devices (for admins)

Authorizations:

authentik

query Parameters

name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"name": "string",
"token_set": [{"token": "string"
}
],
"pk": 0
}
]
}

authenticators_admin_static_create

Viewset for static authenticator devices (for admins)

Authorizations:

authentik

Request Body schema: application/json
required

name

required

string [ 1 .. 64 ] characters

The human-readable name of this device.

Responses

Request samples

Payload

Content type

application/json

{"name": "string"
}

Response samples

201
400
403

Content type

application/json

{"name": "string",
"token_set": [{"token": "string"
}
],
"pk": 0
}

authenticators_admin_static_retrieve

Viewset for static authenticator devices (for admins)

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this Static Device.

Responses

Response samples

200
400
403

Content type

application/json

{"name": "string",
"token_set": [{"token": "string"
}
],
"pk": 0
}

authenticators_admin_static_update

Viewset for static authenticator devices (for admins)

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this Static Device.

Request Body schema: application/json
required

name

required

string [ 1 .. 64 ] characters

The human-readable name of this device.

Responses

Request samples

Payload

Content type

application/json

{"name": "string"
}

Response samples

200
400
403

Content type

application/json

{"name": "string",
"token_set": [{"token": "string"
}
],
"pk": 0
}

authenticators_admin_static_partial_update

Viewset for static authenticator devices (for admins)

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this Static Device.

Request Body schema: application/json

name	string [ 1 .. 64 ] characters The human-readable name of this device.

Responses

Request samples

Payload

Content type

application/json

{"name": "string"
}

Response samples

200
400
403

Content type

application/json

{"name": "string",
"token_set": [{"token": "string"
}
],
"pk": 0
}

authenticators_admin_static_destroy

Viewset for static authenticator devices (for admins)

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this Static Device.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

authenticators_admin_totp_list

Viewset for totp authenticator devices (for admins)

Authorizations:

authentik

query Parameters

name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"name": "string",
"pk": 0
}
]
}

authenticators_admin_totp_create

Viewset for totp authenticator devices (for admins)

Authorizations:

authentik

Request Body schema: application/json
required

name

required

string [ 1 .. 64 ] characters

The human-readable name of this device.

Responses

Request samples

Payload

Content type

application/json

{"name": "string"
}

Response samples

201
400
403

Content type

application/json

{"name": "string",
"pk": 0
}

authenticators_admin_totp_retrieve

Viewset for totp authenticator devices (for admins)

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this TOTP Device.

Responses

Response samples

200
400
403

Content type

application/json

{"name": "string",
"pk": 0
}

authenticators_admin_totp_update

Viewset for totp authenticator devices (for admins)

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this TOTP Device.

Request Body schema: application/json
required

name

required

string [ 1 .. 64 ] characters

The human-readable name of this device.

Responses

Request samples

Payload

Content type

application/json

{"name": "string"
}

Response samples

200
400
403

Content type

application/json

{"name": "string",
"pk": 0
}

authenticators_admin_totp_partial_update

Viewset for totp authenticator devices (for admins)

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this TOTP Device.

Request Body schema: application/json

name	string [ 1 .. 64 ] characters The human-readable name of this device.

Responses

Request samples

Payload

Content type

application/json

{"name": "string"
}

Response samples

200
400
403

Content type

application/json

{"name": "string",
"pk": 0
}

authenticators_admin_totp_destroy

Viewset for totp authenticator devices (for admins)

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this TOTP Device.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

authenticators_admin_webauthn_list

Viewset for WebAuthn authenticator devices (for admins)

Authorizations:

authentik

query Parameters

name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": 0,
"name": "string",
"created_on": "2019-08-24T14:15:22Z",
"device_type": {"aaguid": "e263c88c-bd50-489e-aacd-e4ea31523281",
"description": "string"
},
"aaguid": "string"
}
]
}

authenticators_admin_webauthn_create

Viewset for WebAuthn authenticator devices (for admins)

Authorizations:

authentik

Request Body schema: application/json
required

name

required

string [ 1 .. 200 ] characters

Responses

Request samples

Payload

Content type

application/json

{"name": "string"
}

Response samples

201
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"created_on": "2019-08-24T14:15:22Z",
"device_type": {"aaguid": "e263c88c-bd50-489e-aacd-e4ea31523281",
"description": "string"
},
"aaguid": "string"
}

authenticators_admin_webauthn_retrieve

Viewset for WebAuthn authenticator devices (for admins)

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this WebAuthn Device.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"created_on": "2019-08-24T14:15:22Z",
"device_type": {"aaguid": "e263c88c-bd50-489e-aacd-e4ea31523281",
"description": "string"
},
"aaguid": "string"
}

authenticators_admin_webauthn_update

Viewset for WebAuthn authenticator devices (for admins)

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this WebAuthn Device.

Request Body schema: application/json
required

name

required

string [ 1 .. 200 ] characters

Responses

Request samples

Payload

Content type

application/json

{"name": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"created_on": "2019-08-24T14:15:22Z",
"device_type": {"aaguid": "e263c88c-bd50-489e-aacd-e4ea31523281",
"description": "string"
},
"aaguid": "string"
}

authenticators_admin_webauthn_partial_update

Viewset for WebAuthn authenticator devices (for admins)

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this WebAuthn Device.

Request Body schema: application/json

name	string [ 1 .. 200 ] characters

Responses

Request samples

Payload

Content type

application/json

{"name": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"created_on": "2019-08-24T14:15:22Z",
"device_type": {"aaguid": "e263c88c-bd50-489e-aacd-e4ea31523281",
"description": "string"
},
"aaguid": "string"
}

authenticators_admin_webauthn_destroy

Viewset for WebAuthn authenticator devices (for admins)

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this WebAuthn Device.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

authenticators_all_list

Get all devices for current user

Authorizations:

authentik

Responses

Response samples

200
400
403

Content type

application/json

[{"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"pk": 0,
"name": "string",
"type": "string",
"confirmed": true
}
]

authenticators_duo_list

Viewset for Duo authenticator devices

Authorizations:

authentik

query Parameters

name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": 0,
"name": "string"
}
]
}

authenticators_duo_retrieve

Viewset for Duo authenticator devices

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this Duo Device.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"name": "string"
}

authenticators_duo_update

Viewset for Duo authenticator devices

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this Duo Device.

Request Body schema: application/json
required

name

required

string [ 1 .. 64 ] characters

The human-readable name of this device.

Responses

Request samples

Payload

Content type

application/json

{"name": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"name": "string"
}

authenticators_duo_partial_update

Viewset for Duo authenticator devices

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this Duo Device.

Request Body schema: application/json

name	string [ 1 .. 64 ] characters The human-readable name of this device.

Responses

Request samples

Payload

Content type

application/json

{"name": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"name": "string"
}

authenticators_duo_destroy

Viewset for Duo authenticator devices

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this Duo Device.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

authenticators_duo_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this Duo Device.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

authenticators_sms_list

Viewset for sms authenticator devices

Authorizations:

authentik

query Parameters

name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"name": "string",
"pk": 0,
"phone_number": "string"
}
]
}

authenticators_sms_retrieve

Viewset for sms authenticator devices

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this SMS Device.

Responses

Response samples

200
400
403

Content type

application/json

{"name": "string",
"pk": 0,
"phone_number": "string"
}

authenticators_sms_update

Viewset for sms authenticator devices

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this SMS Device.

Request Body schema: application/json
required

name

required

string [ 1 .. 64 ] characters

The human-readable name of this device.

Responses

Request samples

Payload

Content type

application/json

{"name": "string"
}

Response samples

200
400
403

Content type

application/json

{"name": "string",
"pk": 0,
"phone_number": "string"
}

authenticators_sms_partial_update

Viewset for sms authenticator devices

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this SMS Device.

Request Body schema: application/json

name	string [ 1 .. 64 ] characters The human-readable name of this device.

Responses

Request samples

Payload

Content type

application/json

{"name": "string"
}

Response samples

200
400
403

Content type

application/json

{"name": "string",
"pk": 0,
"phone_number": "string"
}

authenticators_sms_destroy

Viewset for sms authenticator devices

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this SMS Device.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

authenticators_sms_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this SMS Device.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

authenticators_static_list

Viewset for static authenticator devices

Authorizations:

authentik

query Parameters

name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"name": "string",
"token_set": [{"token": "string"
}
],
"pk": 0
}
]
}

authenticators_static_retrieve

Viewset for static authenticator devices

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this Static Device.

Responses

Response samples

200
400
403

Content type

application/json

{"name": "string",
"token_set": [{"token": "string"
}
],
"pk": 0
}

authenticators_static_update

Viewset for static authenticator devices

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this Static Device.

Request Body schema: application/json
required

name

required

string [ 1 .. 64 ] characters

The human-readable name of this device.

Responses

Request samples

Payload

Content type

application/json

{"name": "string"
}

Response samples

200
400
403

Content type

application/json

{"name": "string",
"token_set": [{"token": "string"
}
],
"pk": 0
}

authenticators_static_partial_update

Viewset for static authenticator devices

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this Static Device.

Request Body schema: application/json

name	string [ 1 .. 64 ] characters The human-readable name of this device.

Responses

Request samples

Payload

Content type

application/json

{"name": "string"
}

Response samples

200
400
403

Content type

application/json

{"name": "string",
"token_set": [{"token": "string"
}
],
"pk": 0
}

authenticators_static_destroy

Viewset for static authenticator devices

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this Static Device.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

authenticators_static_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this Static Device.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

authenticators_totp_list

Viewset for totp authenticator devices

Authorizations:

authentik

query Parameters

name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"name": "string",
"pk": 0
}
]
}

authenticators_totp_retrieve

Viewset for totp authenticator devices

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this TOTP Device.

Responses

Response samples

200
400
403

Content type

application/json

{"name": "string",
"pk": 0
}

authenticators_totp_update

Viewset for totp authenticator devices

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this TOTP Device.

Request Body schema: application/json
required

name

required

string [ 1 .. 64 ] characters

The human-readable name of this device.

Responses

Request samples

Payload

Content type

application/json

{"name": "string"
}

Response samples

200
400
403

Content type

application/json

{"name": "string",
"pk": 0
}

authenticators_totp_partial_update

Viewset for totp authenticator devices

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this TOTP Device.

Request Body schema: application/json

name	string [ 1 .. 64 ] characters The human-readable name of this device.

Responses

Request samples

Payload

Content type

application/json

{"name": "string"
}

Response samples

200
400
403

Content type

application/json

{"name": "string",
"pk": 0
}

authenticators_totp_destroy

Viewset for totp authenticator devices

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this TOTP Device.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

authenticators_totp_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this TOTP Device.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

authenticators_webauthn_list

Viewset for WebAuthn authenticator devices

Authorizations:

authentik

query Parameters

name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": 0,
"name": "string",
"created_on": "2019-08-24T14:15:22Z",
"device_type": {"aaguid": "e263c88c-bd50-489e-aacd-e4ea31523281",
"description": "string"
},
"aaguid": "string"
}
]
}

authenticators_webauthn_retrieve

Viewset for WebAuthn authenticator devices

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this WebAuthn Device.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"created_on": "2019-08-24T14:15:22Z",
"device_type": {"aaguid": "e263c88c-bd50-489e-aacd-e4ea31523281",
"description": "string"
},
"aaguid": "string"
}

authenticators_webauthn_update

Viewset for WebAuthn authenticator devices

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this WebAuthn Device.

Request Body schema: application/json
required

name

required

string [ 1 .. 200 ] characters

Responses

Request samples

Payload

Content type

application/json

{"name": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"created_on": "2019-08-24T14:15:22Z",
"device_type": {"aaguid": "e263c88c-bd50-489e-aacd-e4ea31523281",
"description": "string"
},
"aaguid": "string"
}

authenticators_webauthn_partial_update

Viewset for WebAuthn authenticator devices

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this WebAuthn Device.

Request Body schema: application/json

name	string [ 1 .. 200 ] characters

Responses

Request samples

Payload

Content type

application/json

{"name": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"created_on": "2019-08-24T14:15:22Z",
"device_type": {"aaguid": "e263c88c-bd50-489e-aacd-e4ea31523281",
"description": "string"
},
"aaguid": "string"
}

authenticators_webauthn_destroy

Viewset for WebAuthn authenticator devices

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this WebAuthn Device.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

authenticators_webauthn_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this WebAuthn Device.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

core

core_applications_list

Custom list method that checks Policy based access instead of guardian

Authorizations:

authentik

query Parameters

for_user	integer
group	string
meta_description	string
meta_launch_url	string
meta_publisher	string
name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.
slug	string
superuser_full_list	boolean

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"provider": 0,
"provider_obj": {"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string"
},
"backchannel_providers": [0
],
"backchannel_providers_obj": [{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string"
}
],
"launch_url": "string",
"open_in_new_tab": true,
"meta_launch_url": "http://example.com",
"meta_icon": "string",
"meta_description": "string",
"meta_publisher": "string",
"policy_engine_mode": "all",
"group": "string"
}
]
}

core_applications_create

Application Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty Application's display Name.
slug required	string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$ Internal application name, used in URLs.
provider	integer or null
backchannel_providers	Array of integers
open_in_new_tab	boolean Open launch URL in a new browser tab or window.
meta_launch_url	string <uri>
meta_description	string
meta_publisher	string
policy_engine_mode	string (PolicyEngineMode) Enum: "all" "any"
group	string

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"slug": "string",
"provider": 0,
"backchannel_providers": [0
],
"open_in_new_tab": true,
"meta_launch_url": "http://example.com",
"meta_description": "string",
"meta_publisher": "string",
"policy_engine_mode": "all",
"group": "string"
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"provider": 0,
"provider_obj": {"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string"
},
"backchannel_providers": [0
],
"backchannel_providers_obj": [{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string"
}
],
"launch_url": "string",
"open_in_new_tab": true,
"meta_launch_url": "http://example.com",
"meta_icon": "string",
"meta_description": "string",
"meta_publisher": "string",
"policy_engine_mode": "all",
"group": "string"
}

core_applications_retrieve

Application Viewset

Authorizations:

authentik

path Parameters

slug

required

string

Internal application name, used in URLs.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"provider": 0,
"provider_obj": {"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string"
},
"backchannel_providers": [0
],
"backchannel_providers_obj": [{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string"
}
],
"launch_url": "string",
"open_in_new_tab": true,
"meta_launch_url": "http://example.com",
"meta_icon": "string",
"meta_description": "string",
"meta_publisher": "string",
"policy_engine_mode": "all",
"group": "string"
}

core_applications_update

Application Viewset

Authorizations:

authentik

path Parameters

slug

required

string

Internal application name, used in URLs.

Request Body schema: application/json
required

name required	string non-empty Application's display Name.
slug required	string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$ Internal application name, used in URLs.
provider	integer or null
backchannel_providers	Array of integers
open_in_new_tab	boolean Open launch URL in a new browser tab or window.
meta_launch_url	string <uri>
meta_description	string
meta_publisher	string
policy_engine_mode	string (PolicyEngineMode) Enum: "all" "any"
group	string

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"slug": "string",
"provider": 0,
"backchannel_providers": [0
],
"open_in_new_tab": true,
"meta_launch_url": "http://example.com",
"meta_description": "string",
"meta_publisher": "string",
"policy_engine_mode": "all",
"group": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"provider": 0,
"provider_obj": {"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string"
},
"backchannel_providers": [0
],
"backchannel_providers_obj": [{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string"
}
],
"launch_url": "string",
"open_in_new_tab": true,
"meta_launch_url": "http://example.com",
"meta_icon": "string",
"meta_description": "string",
"meta_publisher": "string",
"policy_engine_mode": "all",
"group": "string"
}

core_applications_partial_update

Application Viewset

Authorizations:

authentik

path Parameters

slug

required

string

Internal application name, used in URLs.

Request Body schema: application/json

name	string non-empty Application's display Name.
slug	string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$ Internal application name, used in URLs.
provider	integer or null
backchannel_providers	Array of integers
open_in_new_tab	boolean Open launch URL in a new browser tab or window.
meta_launch_url	string <uri>
meta_description	string
meta_publisher	string
policy_engine_mode	string (PolicyEngineMode) Enum: "all" "any"
group	string

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"slug": "string",
"provider": 0,
"backchannel_providers": [0
],
"open_in_new_tab": true,
"meta_launch_url": "http://example.com",
"meta_description": "string",
"meta_publisher": "string",
"policy_engine_mode": "all",
"group": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"provider": 0,
"provider_obj": {"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string"
},
"backchannel_providers": [0
],
"backchannel_providers_obj": [{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string"
}
],
"launch_url": "string",
"open_in_new_tab": true,
"meta_launch_url": "http://example.com",
"meta_icon": "string",
"meta_description": "string",
"meta_publisher": "string",
"policy_engine_mode": "all",
"group": "string"
}

core_applications_destroy

Application Viewset

Authorizations:

authentik

path Parameters

slug

required

string

Internal application name, used in URLs.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

core_applications_check_access_retrieve

Check access to a single application by slug

Authorizations:

authentik

path Parameters

slug

required

string

Internal application name, used in URLs.

query Parameters

for_user

integer

Responses

Response samples

200
400
403

Content type

application/json

{"passing": true,
"messages": ["string"
],
"log_messages": [{"timestamp": "2019-08-24T14:15:22Z",
"log_level": "critical",
"logger": "string",
"event": "string",
"attributes": {"property1": null,
"property2": null
}
}
]
}

core_applications_metrics_list

Metrics for application logins

Authorizations:

authentik

path Parameters

slug

required

string

Internal application name, used in URLs.

Responses

Response samples

200
400
403

Content type

application/json

[{"x_cord": 0,
"y_cord": 0
}
]

core_applications_set_icon_create

Set application icon

Authorizations:

authentik

path Parameters

slug

required

string

Internal application name, used in URLs.

Request Body schema: multipart/form-data

file	string <binary>
clear	boolean Default: false

Responses

Response samples

403

Content type

application/json

{"detail": "string",
"code": "string"
}

core_applications_set_icon_url_create

Set application icon (as URL)

Authorizations:

authentik

path Parameters

slug

required

string

Internal application name, used in URLs.

Request Body schema: application/json
required

url

required

string non-empty

Responses

Request samples

Payload

Content type

application/json

{"url": "string"
}

Response samples

403

Content type

application/json

{"detail": "string",
"code": "string"
}

core_applications_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

slug

required

string

Internal application name, used in URLs.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

core_authenticated_sessions_list

AuthenticatedSession Viewset

Authorizations:

authentik

query Parameters

last_ip	string
last_user_agent	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.
user__username	string

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f",
"current": true,
"user_agent": {"device": {"brand": "string",
"family": "string",
"model": "string"
},
"os": {"family": "string",
"major": "string",
"minor": "string",
"patch": "string",
"patch_minor": "string"
},
"user_agent": {"family": "string",
"major": "string",
"minor": "string",
"patch": "string"
},
"string": "string"
},
"geo_ip": {"continent": "string",
"country": "string",
"lat": 0.1,
"long": 0.1,
"city": "string"
},
"asn": {"asn": 0,
"as_org": "string",
"network": "string"
},
"user": 0,
"last_ip": "string",
"last_user_agent": "string",
"last_used": "2019-08-24T14:15:22Z",
"expires": "2019-08-24T14:15:22Z"
}
]
}

core_authenticated_sessions_retrieve

AuthenticatedSession Viewset

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Authenticated Session.

Responses

Response samples

200
400
403

Content type

application/json

{"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f",
"current": true,
"user_agent": {"device": {"brand": "string",
"family": "string",
"model": "string"
},
"os": {"family": "string",
"major": "string",
"minor": "string",
"patch": "string",
"patch_minor": "string"
},
"user_agent": {"family": "string",
"major": "string",
"minor": "string",
"patch": "string"
},
"string": "string"
},
"geo_ip": {"continent": "string",
"country": "string",
"lat": 0.1,
"long": 0.1,
"city": "string"
},
"asn": {"asn": 0,
"as_org": "string",
"network": "string"
},
"user": 0,
"last_ip": "string",
"last_user_agent": "string",
"last_used": "2019-08-24T14:15:22Z",
"expires": "2019-08-24T14:15:22Z"
}

core_authenticated_sessions_destroy

AuthenticatedSession Viewset

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Authenticated Session.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

core_authenticated_sessions_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Authenticated Session.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

core_brands_list

Brand Viewset

Authorizations:

authentik

query Parameters

brand_uuid	string <uuid>
branding_favicon	string
branding_logo	string
branding_title	string
default	boolean
domain	string
flow_authentication	string <uuid>
flow_device_code	string <uuid>
flow_invalidation	string <uuid>
flow_recovery	string <uuid>
flow_unenrollment	string <uuid>
flow_user_settings	string <uuid>
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.
web_certificate	string <uuid>

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"brand_uuid": "609591e0-6f26-457f-b94a-6b6e0ada8cbd",
"domain": "string",
"default": true,
"branding_title": "string",
"branding_logo": "string",
"branding_favicon": "string",
"flow_authentication": "1ad204c6-64ed-4148-88d3-2c349124578b",
"flow_invalidation": "205c8147-903b-44bb-85e1-35de3cbc64a1",
"flow_recovery": "88f38245-c03d-49bd-8648-bcbdec3a3b20",
"flow_unenrollment": "3ebb01c8-3633-48f7-8455-78e343470248",
"flow_user_settings": "791d2034-5fea-479f-b369-1c8dbaaacaef",
"flow_device_code": "9a66effa-a041-4736-ba23-30fc6acc1aa0",
"web_certificate": "797a487b-f516-4568-8e75-3bbca477e2a3",
"attributes": null
}
]
}

core_brands_create

Brand Viewset

Authorizations:

authentik

Request Body schema: application/json
required

domain required	string non-empty Domain that activates this brand. Can be a superset, i.e. `a.b` for `aa.b` and `ba.b`
default	boolean
branding_title	string non-empty
branding_logo	string non-empty
branding_favicon	string non-empty
flow_authentication	string or null <uuid>
flow_invalidation	string or null <uuid>
flow_recovery	string or null <uuid>
flow_unenrollment	string or null <uuid>
flow_user_settings	string or null <uuid>
flow_device_code	string or null <uuid>
web_certificate	string or null <uuid> Web Certificate used by the authentik Core webserver.
attributes	any

Responses

Request samples

Payload

Content type

application/json

{"domain": "string",
"default": true,
"branding_title": "string",
"branding_logo": "string",
"branding_favicon": "string",
"flow_authentication": "1ad204c6-64ed-4148-88d3-2c349124578b",
"flow_invalidation": "205c8147-903b-44bb-85e1-35de3cbc64a1",
"flow_recovery": "88f38245-c03d-49bd-8648-bcbdec3a3b20",
"flow_unenrollment": "3ebb01c8-3633-48f7-8455-78e343470248",
"flow_user_settings": "791d2034-5fea-479f-b369-1c8dbaaacaef",
"flow_device_code": "9a66effa-a041-4736-ba23-30fc6acc1aa0",
"web_certificate": "797a487b-f516-4568-8e75-3bbca477e2a3",
"attributes": null
}

Response samples

201
400
403

Content type

application/json

{"brand_uuid": "609591e0-6f26-457f-b94a-6b6e0ada8cbd",
"domain": "string",
"default": true,
"branding_title": "string",
"branding_logo": "string",
"branding_favicon": "string",
"flow_authentication": "1ad204c6-64ed-4148-88d3-2c349124578b",
"flow_invalidation": "205c8147-903b-44bb-85e1-35de3cbc64a1",
"flow_recovery": "88f38245-c03d-49bd-8648-bcbdec3a3b20",
"flow_unenrollment": "3ebb01c8-3633-48f7-8455-78e343470248",
"flow_user_settings": "791d2034-5fea-479f-b369-1c8dbaaacaef",
"flow_device_code": "9a66effa-a041-4736-ba23-30fc6acc1aa0",
"web_certificate": "797a487b-f516-4568-8e75-3bbca477e2a3",
"attributes": null
}

core_brands_retrieve

Brand Viewset

Authorizations:

authentik

path Parameters

brand_uuid

required

string <uuid>

A UUID string identifying this Brand.

Responses

Response samples

200
400
403

Content type

application/json

{"brand_uuid": "609591e0-6f26-457f-b94a-6b6e0ada8cbd",
"domain": "string",
"default": true,
"branding_title": "string",
"branding_logo": "string",
"branding_favicon": "string",
"flow_authentication": "1ad204c6-64ed-4148-88d3-2c349124578b",
"flow_invalidation": "205c8147-903b-44bb-85e1-35de3cbc64a1",
"flow_recovery": "88f38245-c03d-49bd-8648-bcbdec3a3b20",
"flow_unenrollment": "3ebb01c8-3633-48f7-8455-78e343470248",
"flow_user_settings": "791d2034-5fea-479f-b369-1c8dbaaacaef",
"flow_device_code": "9a66effa-a041-4736-ba23-30fc6acc1aa0",
"web_certificate": "797a487b-f516-4568-8e75-3bbca477e2a3",
"attributes": null
}

core_brands_update

Brand Viewset

Authorizations:

authentik

path Parameters

brand_uuid

required

string <uuid>

A UUID string identifying this Brand.

Request Body schema: application/json
required

domain required	string non-empty Domain that activates this brand. Can be a superset, i.e. `a.b` for `aa.b` and `ba.b`
default	boolean
branding_title	string non-empty
branding_logo	string non-empty
branding_favicon	string non-empty
flow_authentication	string or null <uuid>
flow_invalidation	string or null <uuid>
flow_recovery	string or null <uuid>
flow_unenrollment	string or null <uuid>
flow_user_settings	string or null <uuid>
flow_device_code	string or null <uuid>
web_certificate	string or null <uuid> Web Certificate used by the authentik Core webserver.
attributes	any

Responses

Request samples

Payload

Content type

application/json

{"domain": "string",
"default": true,
"branding_title": "string",
"branding_logo": "string",
"branding_favicon": "string",
"flow_authentication": "1ad204c6-64ed-4148-88d3-2c349124578b",
"flow_invalidation": "205c8147-903b-44bb-85e1-35de3cbc64a1",
"flow_recovery": "88f38245-c03d-49bd-8648-bcbdec3a3b20",
"flow_unenrollment": "3ebb01c8-3633-48f7-8455-78e343470248",
"flow_user_settings": "791d2034-5fea-479f-b369-1c8dbaaacaef",
"flow_device_code": "9a66effa-a041-4736-ba23-30fc6acc1aa0",
"web_certificate": "797a487b-f516-4568-8e75-3bbca477e2a3",
"attributes": null
}

Response samples

200
400
403

Content type

application/json

{"brand_uuid": "609591e0-6f26-457f-b94a-6b6e0ada8cbd",
"domain": "string",
"default": true,
"branding_title": "string",
"branding_logo": "string",
"branding_favicon": "string",
"flow_authentication": "1ad204c6-64ed-4148-88d3-2c349124578b",
"flow_invalidation": "205c8147-903b-44bb-85e1-35de3cbc64a1",
"flow_recovery": "88f38245-c03d-49bd-8648-bcbdec3a3b20",
"flow_unenrollment": "3ebb01c8-3633-48f7-8455-78e343470248",
"flow_user_settings": "791d2034-5fea-479f-b369-1c8dbaaacaef",
"flow_device_code": "9a66effa-a041-4736-ba23-30fc6acc1aa0",
"web_certificate": "797a487b-f516-4568-8e75-3bbca477e2a3",
"attributes": null
}

core_brands_partial_update

Brand Viewset

Authorizations:

authentik

path Parameters

brand_uuid

required

string <uuid>

A UUID string identifying this Brand.

Request Body schema: application/json

domain	string non-empty Domain that activates this brand. Can be a superset, i.e. `a.b` for `aa.b` and `ba.b`
default	boolean
branding_title	string non-empty
branding_logo	string non-empty
branding_favicon	string non-empty
flow_authentication	string or null <uuid>
flow_invalidation	string or null <uuid>
flow_recovery	string or null <uuid>
flow_unenrollment	string or null <uuid>
flow_user_settings	string or null <uuid>
flow_device_code	string or null <uuid>
web_certificate	string or null <uuid> Web Certificate used by the authentik Core webserver.
attributes	any

Responses

Request samples

Payload

Content type

application/json

{"domain": "string",
"default": true,
"branding_title": "string",
"branding_logo": "string",
"branding_favicon": "string",
"flow_authentication": "1ad204c6-64ed-4148-88d3-2c349124578b",
"flow_invalidation": "205c8147-903b-44bb-85e1-35de3cbc64a1",
"flow_recovery": "88f38245-c03d-49bd-8648-bcbdec3a3b20",
"flow_unenrollment": "3ebb01c8-3633-48f7-8455-78e343470248",
"flow_user_settings": "791d2034-5fea-479f-b369-1c8dbaaacaef",
"flow_device_code": "9a66effa-a041-4736-ba23-30fc6acc1aa0",
"web_certificate": "797a487b-f516-4568-8e75-3bbca477e2a3",
"attributes": null
}

Response samples

200
400
403

Content type

application/json

{"brand_uuid": "609591e0-6f26-457f-b94a-6b6e0ada8cbd",
"domain": "string",
"default": true,
"branding_title": "string",
"branding_logo": "string",
"branding_favicon": "string",
"flow_authentication": "1ad204c6-64ed-4148-88d3-2c349124578b",
"flow_invalidation": "205c8147-903b-44bb-85e1-35de3cbc64a1",
"flow_recovery": "88f38245-c03d-49bd-8648-bcbdec3a3b20",
"flow_unenrollment": "3ebb01c8-3633-48f7-8455-78e343470248",
"flow_user_settings": "791d2034-5fea-479f-b369-1c8dbaaacaef",
"flow_device_code": "9a66effa-a041-4736-ba23-30fc6acc1aa0",
"web_certificate": "797a487b-f516-4568-8e75-3bbca477e2a3",
"attributes": null
}

core_brands_destroy

Brand Viewset

Authorizations:

authentik

path Parameters

brand_uuid

required

string <uuid>

A UUID string identifying this Brand.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

core_brands_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

brand_uuid

required

string <uuid>

A UUID string identifying this Brand.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

core_brands_current_retrieve

Get current brand

Authorizations:

authentikNone

Responses

Response samples

200
400
403

Content type

application/json

{"matched_domain": "string",
"branding_title": "string",
"branding_logo": "string",
"branding_favicon": "string",
"ui_footer_links": [{"href": "string",
"name": "string"
}
],
"ui_theme": "automatic",
"flow_authentication": "string",
"flow_invalidation": "string",
"flow_recovery": "string",
"flow_unenrollment": "string",
"flow_user_settings": "string",
"flow_device_code": "string",
"default_locale": "string"
}

core_groups_list

Group Viewset

Authorizations:

authentik

query Parameters

attributes	string Attributes
include_users	boolean Default: true
is_superuser	boolean
members_by_pk	Array of integers
members_by_username	Array of strings Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only.
name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"users": [0
],
"users_obj": [{"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"email": "user@example.com",
"attributes": {"property1": null,
"property2": null
},
"uid": "string"
}
],
"attributes": {"property1": null,
"property2": null
},
"roles": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"roles_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string"
}
]
}
]
}

core_groups_create

Group Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string [ 1 .. 80 ] characters
is_superuser	boolean Users added to this group will be superusers.
parent	string or null <uuid>
users	Array of integers
	object
roles	Array of strings <uuid> [ items <uuid > ]

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"users": [0
],
"attributes": {"property1": null,
"property2": null
},
"roles": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"users": [0
],
"users_obj": [{"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"email": "user@example.com",
"attributes": {"property1": null,
"property2": null
},
"uid": "string"
}
],
"attributes": {"property1": null,
"property2": null
},
"roles": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"roles_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string"
}
]
}

core_groups_retrieve

Group Viewset

Authorizations:

authentik

path Parameters

group_uuid

required

string <uuid>

A UUID string identifying this Group.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"users": [0
],
"users_obj": [{"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"email": "user@example.com",
"attributes": {"property1": null,
"property2": null
},
"uid": "string"
}
],
"attributes": {"property1": null,
"property2": null
},
"roles": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"roles_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string"
}
]
}

core_groups_update

Group Viewset

Authorizations:

authentik

path Parameters

group_uuid

required

string <uuid>

A UUID string identifying this Group.

Request Body schema: application/json
required

name required	string [ 1 .. 80 ] characters
is_superuser	boolean Users added to this group will be superusers.
parent	string or null <uuid>
users	Array of integers
	object
roles	Array of strings <uuid> [ items <uuid > ]

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"users": [0
],
"attributes": {"property1": null,
"property2": null
},
"roles": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"users": [0
],
"users_obj": [{"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"email": "user@example.com",
"attributes": {"property1": null,
"property2": null
},
"uid": "string"
}
],
"attributes": {"property1": null,
"property2": null
},
"roles": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"roles_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string"
}
]
}

core_groups_partial_update

Group Viewset

Authorizations:

authentik

path Parameters

group_uuid

required

string <uuid>

A UUID string identifying this Group.

Request Body schema: application/json

name	string [ 1 .. 80 ] characters
is_superuser	boolean Users added to this group will be superusers.
parent	string or null <uuid>
users	Array of integers
	object
roles	Array of strings <uuid> [ items <uuid > ]

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"users": [0
],
"attributes": {"property1": null,
"property2": null
},
"roles": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"users": [0
],
"users_obj": [{"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"email": "user@example.com",
"attributes": {"property1": null,
"property2": null
},
"uid": "string"
}
],
"attributes": {"property1": null,
"property2": null
},
"roles": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"roles_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string"
}
]
}

core_groups_destroy

Group Viewset

Authorizations:

authentik

path Parameters

group_uuid

required

string <uuid>

A UUID string identifying this Group.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

core_groups_add_user_create

Add user to group

Authorizations:

authentik

path Parameters

group_uuid

required

string <uuid>

A UUID string identifying this Group.

Request Body schema: application/json
required

pk

required

integer

Responses

Request samples

Payload

Content type

application/json

{"pk": 0
}

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

core_groups_remove_user_create

Add user to group

Authorizations:

authentik

path Parameters

group_uuid

required

string <uuid>

A UUID string identifying this Group.

Request Body schema: application/json
required

pk

required

integer

Responses

Request samples

Payload

Content type

application/json

{"pk": 0
}

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

core_groups_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

group_uuid

required

string <uuid>

A UUID string identifying this Group.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

core_tokens_list

Token Viewset

Authorizations:

authentik

query Parameters

description	string
expires	string <date-time>
expiring	boolean
identifier	string
intent	string Enum: "api" "app_password" "recovery" "verification"
managed	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.
user__username	string

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"managed": "string",
"identifier": "string",
"intent": "verification",
"user": 0,
"user_obj": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"is_superuser": true,
"groups": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"groups_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"attributes": {"property1": null,
"property2": null
}
}
],
"email": "user@example.com",
"avatar": "string",
"attributes": {"property1": null,
"property2": null
},
"uid": "string",
"path": "string",
"type": "internal",
"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f"
},
"description": "string",
"expires": "2019-08-24T14:15:22Z",
"expiring": true
}
]
}

core_tokens_create

Token Viewset

Authorizations:

authentik

Request Body schema: application/json
required

managed	string or null (Managed by authentik) non-empty Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
identifier required	string [ 1 .. 255 ] characters ^[-a-zA-Z0-9_]+$
intent	string (IntentEnum) Enum: "verification" "api" "recovery" "app_password"
user	integer
description	string
expires	string or null <date-time>
expiring	boolean

Responses

Request samples

Payload

Content type

application/json

{"managed": "string",
"identifier": "string",
"intent": "verification",
"user": 0,
"description": "string",
"expires": "2019-08-24T14:15:22Z",
"expiring": true
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"managed": "string",
"identifier": "string",
"intent": "verification",
"user": 0,
"user_obj": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"is_superuser": true,
"groups": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"groups_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"attributes": {"property1": null,
"property2": null
}
}
],
"email": "user@example.com",
"avatar": "string",
"attributes": {"property1": null,
"property2": null
},
"uid": "string",
"path": "string",
"type": "internal",
"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f"
},
"description": "string",
"expires": "2019-08-24T14:15:22Z",
"expiring": true
}

core_tokens_retrieve

Token Viewset

Authorizations:

authentik

path Parameters

identifier

required

string

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"managed": "string",
"identifier": "string",
"intent": "verification",
"user": 0,
"user_obj": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"is_superuser": true,
"groups": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"groups_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"attributes": {"property1": null,
"property2": null
}
}
],
"email": "user@example.com",
"avatar": "string",
"attributes": {"property1": null,
"property2": null
},
"uid": "string",
"path": "string",
"type": "internal",
"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f"
},
"description": "string",
"expires": "2019-08-24T14:15:22Z",
"expiring": true
}

core_tokens_update

Token Viewset

Authorizations:

authentik

path Parameters

identifier

required

string

Request Body schema: application/json
required

managed	string or null (Managed by authentik) non-empty Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
identifier required	string [ 1 .. 255 ] characters ^[-a-zA-Z0-9_]+$
intent	string (IntentEnum) Enum: "verification" "api" "recovery" "app_password"
user	integer
description	string
expires	string or null <date-time>
expiring	boolean

Responses

Request samples

Payload

Content type

application/json

{"managed": "string",
"identifier": "string",
"intent": "verification",
"user": 0,
"description": "string",
"expires": "2019-08-24T14:15:22Z",
"expiring": true
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"managed": "string",
"identifier": "string",
"intent": "verification",
"user": 0,
"user_obj": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"is_superuser": true,
"groups": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"groups_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"attributes": {"property1": null,
"property2": null
}
}
],
"email": "user@example.com",
"avatar": "string",
"attributes": {"property1": null,
"property2": null
},
"uid": "string",
"path": "string",
"type": "internal",
"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f"
},
"description": "string",
"expires": "2019-08-24T14:15:22Z",
"expiring": true
}

core_tokens_partial_update

Token Viewset

Authorizations:

authentik

path Parameters

identifier

required

string

Request Body schema: application/json

managed	string or null (Managed by authentik) non-empty Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
identifier	string [ 1 .. 255 ] characters ^[-a-zA-Z0-9_]+$
intent	string (IntentEnum) Enum: "verification" "api" "recovery" "app_password"
user	integer
description	string
expires	string or null <date-time>
expiring	boolean

Responses

Request samples

Payload

Content type

application/json

{"managed": "string",
"identifier": "string",
"intent": "verification",
"user": 0,
"description": "string",
"expires": "2019-08-24T14:15:22Z",
"expiring": true
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"managed": "string",
"identifier": "string",
"intent": "verification",
"user": 0,
"user_obj": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"is_superuser": true,
"groups": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"groups_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"attributes": {"property1": null,
"property2": null
}
}
],
"email": "user@example.com",
"avatar": "string",
"attributes": {"property1": null,
"property2": null
},
"uid": "string",
"path": "string",
"type": "internal",
"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f"
},
"description": "string",
"expires": "2019-08-24T14:15:22Z",
"expiring": true
}

core_tokens_destroy

Token Viewset

Authorizations:

authentik

path Parameters

identifier

required

string

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

core_tokens_set_key_create

Set token key. Action is logged as event. authentik_core.set_token_key permission is required.

Authorizations:

authentik

path Parameters

identifier

required

string

Request Body schema: application/json
required

key

required

string non-empty

Responses

Request samples

Payload

Content type

application/json

{"key": "string"
}

Response samples

403

Content type

application/json

{"detail": "string",
"code": "string"
}

core_tokens_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

identifier

required

string

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

core_tokens_view_key_retrieve

Return token key and log access

Authorizations:

authentik

path Parameters

identifier

required

string

Responses

Response samples

200
400
403

Content type

application/json

{"key": "string"
}

core_transactional_applications_update

Convert data into a blueprint, validate it and apply it

Authorizations:

authentik

Request Body schema: application/json
required

required	object (ApplicationRequest) Application Serializer
provider_model required	string (ProviderModelEnum) Enum: "authentik_providers_ldap.ldapprovider" "authentik_providers_oauth2.oauth2provider" "authentik_providers_proxy.proxyprovider" "authentik_providers_rac.racprovider" "authentik_providers_radius.radiusprovider" "authentik_providers_saml.samlprovider" "authentik_providers_scim.scimprovider"
required	any (modelRequest)

Responses

Request samples

Payload

Content type

application/json

{"app": {"name": "string",
"slug": "string",
"provider": 0,
"backchannel_providers": [0
],
"open_in_new_tab": true,
"meta_launch_url": "http://example.com",
"meta_description": "string",
"meta_publisher": "string",
"policy_engine_mode": "all",
"group": "string"
},
"provider_model": "authentik_providers_ldap.ldapprovider",
"provider": {"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"base_dn": "string",
"search_group": "bfbd661e-4d78-456a-b020-3a3c48f6db9b",
"certificate": "b7dc5fd8-9c23-4dd8-a5cb-7431da1854eb",
"tls_server_name": "string",
"uid_start_number": -2147483648,
"gid_start_number": -2147483648,
"search_mode": "direct",
"bind_mode": "direct",
"mfa_support": true
}
}

Response samples

200
400
403

Content type

application/json

{"applied": true,
"logs": ["string"
]
}

core_user_consent_list

UserConsent Viewset

Authorizations:

authentik

query Parameters

application	string <uuid>
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.
user	integer

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": 0,
"expires": "2019-08-24T14:15:22Z",
"expiring": true,
"user": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"is_superuser": true,
"groups": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"groups_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"attributes": {"property1": null,
"property2": null
}
}
],
"email": "user@example.com",
"avatar": "string",
"attributes": {"property1": null,
"property2": null
},
"uid": "string",
"path": "string",
"type": "internal",
"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f"
},
"application": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"provider": 0,
"provider_obj": {"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string"
},
"backchannel_providers": [0
],
"backchannel_providers_obj": [{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string"
}
],
"launch_url": "string",
"open_in_new_tab": true,
"meta_launch_url": "http://example.com",
"meta_icon": "string",
"meta_description": "string",
"meta_publisher": "string",
"policy_engine_mode": "all",
"group": "string"
},
"permissions": ""
}
]
}

core_user_consent_retrieve

UserConsent Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this User Consent.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"expires": "2019-08-24T14:15:22Z",
"expiring": true,
"user": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"is_superuser": true,
"groups": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"groups_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"attributes": {"property1": null,
"property2": null
}
}
],
"email": "user@example.com",
"avatar": "string",
"attributes": {"property1": null,
"property2": null
},
"uid": "string",
"path": "string",
"type": "internal",
"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f"
},
"application": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"provider": 0,
"provider_obj": {"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string"
},
"backchannel_providers": [0
],
"backchannel_providers_obj": [{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string"
}
],
"launch_url": "string",
"open_in_new_tab": true,
"meta_launch_url": "http://example.com",
"meta_icon": "string",
"meta_description": "string",
"meta_publisher": "string",
"policy_engine_mode": "all",
"group": "string"
},
"permissions": ""
}

core_user_consent_destroy

UserConsent Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this User Consent.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

core_user_consent_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this User Consent.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

core_users_list

User Viewset

Authorizations:

authentik

query Parameters

attributes	string Attributes
email	string
groups_by_name	Array of strings
groups_by_pk	Array of strings <uuid> [ items <uuid > ]
include_groups	boolean Default: true
is_active	boolean
is_superuser	boolean
name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
path	string
path_startswith	string
search	string A search term.
type	Array of strings Items Enum: "external" "internal" "internal_service_account" "service_account"
username	string
uuid	string <uuid>

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"is_superuser": true,
"groups": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"groups_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"attributes": {"property1": null,
"property2": null
}
}
],
"email": "user@example.com",
"avatar": "string",
"attributes": {"property1": null,
"property2": null
},
"uid": "string",
"path": "string",
"type": "internal",
"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f"
}
]
}

core_users_create

User Viewset

Authorizations:

authentik

Request Body schema: application/json
required

username required	string [ 1 .. 150 ] characters
name required	string User's display name.
is_active	boolean (Active) Designates whether this user should be treated as active. Unselect this instead of deleting accounts.
last_login	string or null <date-time>
groups	Array of strings <uuid> [ items <uuid > ]
email	string <email> (Email address) <= 254 characters
	object
path	string non-empty
type	string (UserTypeEnum) Enum: "internal" "external" "service_account" "internal_service_account"

Responses

Request samples

Payload

Content type

application/json

{"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"groups": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"email": "user@example.com",
"attributes": {"property1": null,
"property2": null
},
"path": "string",
"type": "internal"
}

Response samples

201
400
403

Content type

application/json

{"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"is_superuser": true,
"groups": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"groups_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"attributes": {"property1": null,
"property2": null
}
}
],
"email": "user@example.com",
"avatar": "string",
"attributes": {"property1": null,
"property2": null
},
"uid": "string",
"path": "string",
"type": "internal",
"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f"
}

core_users_retrieve

User Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this User.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"is_superuser": true,
"groups": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"groups_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"attributes": {"property1": null,
"property2": null
}
}
],
"email": "user@example.com",
"avatar": "string",
"attributes": {"property1": null,
"property2": null
},
"uid": "string",
"path": "string",
"type": "internal",
"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f"
}

core_users_update

User Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this User.

Request Body schema: application/json
required

username required	string [ 1 .. 150 ] characters
name required	string User's display name.
is_active	boolean (Active) Designates whether this user should be treated as active. Unselect this instead of deleting accounts.
last_login	string or null <date-time>
groups	Array of strings <uuid> [ items <uuid > ]
email	string <email> (Email address) <= 254 characters
	object
path	string non-empty
type	string (UserTypeEnum) Enum: "internal" "external" "service_account" "internal_service_account"

Responses

Request samples

Payload

Content type

application/json

{"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"groups": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"email": "user@example.com",
"attributes": {"property1": null,
"property2": null
},
"path": "string",
"type": "internal"
}

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"is_superuser": true,
"groups": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"groups_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"attributes": {"property1": null,
"property2": null
}
}
],
"email": "user@example.com",
"avatar": "string",
"attributes": {"property1": null,
"property2": null
},
"uid": "string",
"path": "string",
"type": "internal",
"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f"
}

core_users_partial_update

User Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this User.

Request Body schema: application/json

username	string [ 1 .. 150 ] characters
name	string User's display name.
is_active	boolean (Active) Designates whether this user should be treated as active. Unselect this instead of deleting accounts.
last_login	string or null <date-time>
groups	Array of strings <uuid> [ items <uuid > ]
email	string <email> (Email address) <= 254 characters
	object
path	string non-empty
type	string (UserTypeEnum) Enum: "internal" "external" "service_account" "internal_service_account"

Responses

Request samples

Payload

Content type

application/json

{"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"groups": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"email": "user@example.com",
"attributes": {"property1": null,
"property2": null
},
"path": "string",
"type": "internal"
}

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"is_superuser": true,
"groups": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"groups_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"attributes": {"property1": null,
"property2": null
}
}
],
"email": "user@example.com",
"avatar": "string",
"attributes": {"property1": null,
"property2": null
},
"uid": "string",
"path": "string",
"type": "internal",
"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f"
}

core_users_destroy

User Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this User.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

core_users_impersonate_create

Impersonate a user

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this User.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

core_users_metrics_retrieve

User metrics per 1h

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this User.

Responses

Response samples

200
400
403

Content type

application/json

{"logins": [{"x_cord": 0,
"y_cord": 0
}
],
"logins_failed": [{"x_cord": 0,
"y_cord": 0
}
],
"authorizations": [{"x_cord": 0,
"y_cord": 0
}
]
}

core_users_recovery_create

Create a temporary link that a user can use to recover their accounts

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this User.

Responses

Response samples

200
400
403

Content type

application/json

{"link": "string"
}

core_users_recovery_email_create

Create a temporary link that a user can use to recover their accounts

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this User.

query Parameters

email_stage

required

string

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

core_users_set_password_create

Set password for user

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this User.

Request Body schema: application/json
required

password

required

string non-empty

Responses

Request samples

Payload

Content type

application/json

{"password": "string"
}

Response samples

403

Content type

application/json

{"detail": "string",
"code": "string"
}

core_users_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this User.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

core_users_impersonate_end_retrieve

End Impersonation a user

Authorizations:

authentik

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

core_users_me_retrieve

Get information about current user

Authorizations:

authentik

Responses

Response samples

200
400
403

Content type

application/json

{"user": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"is_superuser": true,
"groups": [{"name": "string",
"pk": "string"
}
],
"email": "user@example.com",
"avatar": "string",
"uid": "string",
"settings": {"property1": null,
"property2": null
},
"type": "internal",
"system_permissions": ["string"
]
},
"original": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"is_superuser": true,
"groups": [{"name": "string",
"pk": "string"
}
],
"email": "user@example.com",
"avatar": "string",
"uid": "string",
"settings": {"property1": null,
"property2": null
},
"type": "internal",
"system_permissions": ["string"
]
}
}

core_users_paths_retrieve

Get all user paths

Authorizations:

authentik

query Parameters

search

string

Responses

Response samples

200
400
403

Content type

application/json

{"paths": ["string"
]
}

core_users_service_account_create

Create a new user account that is marked as a service account

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
create_group	boolean Default: false
expiring	boolean Default: true
expires	string <date-time> If not provided, valid for 360 days

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"create_group": false,
"expiring": true,
"expires": "2019-08-24T14:15:22Z"
}

Response samples

200
400
403

Content type

application/json

{"username": "string",
"token": "string",
"user_uid": "string",
"user_pk": 0,
"group_pk": "string"
}

crypto

crypto_certificatekeypairs_list

CertificateKeyPair Viewset

Authorizations:

authentik

query Parameters

has_key	boolean Only return certificate-key pairs with keys
include_details	boolean Default: true
managed	string
name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"fingerprint_sha256": "string",
"fingerprint_sha1": "string",
"cert_expiry": "2019-08-24T14:15:22Z",
"cert_subject": "string",
"private_key_available": true,
"private_key_type": "string",
"certificate_download_url": "string",
"private_key_download_url": "string",
"managed": "string"
}
]
}

crypto_certificatekeypairs_create

CertificateKeyPair Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
certificate_data required	string non-empty PEM-encoded Certificate data
key_data	string Optional Private Key. If this is set, you can use this keypair for encryption.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"certificate_data": "string",
"key_data": "string"
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"fingerprint_sha256": "string",
"fingerprint_sha1": "string",
"cert_expiry": "2019-08-24T14:15:22Z",
"cert_subject": "string",
"private_key_available": true,
"private_key_type": "string",
"certificate_download_url": "string",
"private_key_download_url": "string",
"managed": "string"
}

crypto_certificatekeypairs_retrieve

CertificateKeyPair Viewset

Authorizations:

authentik

path Parameters

kp_uuid

required

string <uuid>

A UUID string identifying this Certificate-Key Pair.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"fingerprint_sha256": "string",
"fingerprint_sha1": "string",
"cert_expiry": "2019-08-24T14:15:22Z",
"cert_subject": "string",
"private_key_available": true,
"private_key_type": "string",
"certificate_download_url": "string",
"private_key_download_url": "string",
"managed": "string"
}

crypto_certificatekeypairs_update

CertificateKeyPair Viewset

Authorizations:

authentik

path Parameters

kp_uuid

required

string <uuid>

A UUID string identifying this Certificate-Key Pair.

Request Body schema: application/json
required

name required	string non-empty
certificate_data required	string non-empty PEM-encoded Certificate data
key_data	string Optional Private Key. If this is set, you can use this keypair for encryption.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"certificate_data": "string",
"key_data": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"fingerprint_sha256": "string",
"fingerprint_sha1": "string",
"cert_expiry": "2019-08-24T14:15:22Z",
"cert_subject": "string",
"private_key_available": true,
"private_key_type": "string",
"certificate_download_url": "string",
"private_key_download_url": "string",
"managed": "string"
}

crypto_certificatekeypairs_partial_update

CertificateKeyPair Viewset

Authorizations:

authentik

path Parameters

kp_uuid

required

string <uuid>

A UUID string identifying this Certificate-Key Pair.

Request Body schema: application/json

name	string non-empty
certificate_data	string non-empty PEM-encoded Certificate data
key_data	string Optional Private Key. If this is set, you can use this keypair for encryption.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"certificate_data": "string",
"key_data": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"fingerprint_sha256": "string",
"fingerprint_sha1": "string",
"cert_expiry": "2019-08-24T14:15:22Z",
"cert_subject": "string",
"private_key_available": true,
"private_key_type": "string",
"certificate_download_url": "string",
"private_key_download_url": "string",
"managed": "string"
}

crypto_certificatekeypairs_destroy

CertificateKeyPair Viewset

Authorizations:

authentik

path Parameters

kp_uuid

required

string <uuid>

A UUID string identifying this Certificate-Key Pair.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

crypto_certificatekeypairs_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

kp_uuid

required

string <uuid>

A UUID string identifying this Certificate-Key Pair.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

crypto_certificatekeypairs_view_certificate_retrieve

Return certificate-key pairs certificate and log access

Authorizations:

authentik

path Parameters

kp_uuid

required

string <uuid>

A UUID string identifying this Certificate-Key Pair.

query Parameters

download

boolean

Responses

Response samples

200
400
403

Content type

application/json

{"data": "string"
}

crypto_certificatekeypairs_view_private_key_retrieve

Return certificate-key pairs private key and log access

Authorizations:

authentik

path Parameters

kp_uuid

required

string <uuid>

A UUID string identifying this Certificate-Key Pair.

query Parameters

download

boolean

Responses

Response samples

200
400
403

Content type

application/json

{"data": "string"
}

crypto_certificatekeypairs_generate_create

Generate a new, self-signed certificate-key pair

Authorizations:

authentik

Request Body schema: application/json
required

common_name required	string non-empty
subject_alt_name	string
validity_days required	integer

Responses

Request samples

Payload

Content type

application/json

{"common_name": "string",
"subject_alt_name": "string",
"validity_days": 0
}

Response samples

200
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"fingerprint_sha256": "string",
"fingerprint_sha1": "string",
"cert_expiry": "2019-08-24T14:15:22Z",
"cert_subject": "string",
"private_key_available": true,
"private_key_type": "string",
"certificate_download_url": "string",
"private_key_download_url": "string",
"managed": "string"
}

enterprise

enterprise_license_list

License Viewset

Authorizations:

authentik

query Parameters

name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"license_uuid": "c1f3b8e8-1ed0-4f1f-8b9a-d3c1e906f280",
"name": "string",
"key": "string",
"expiry": "2019-08-24T14:15:22Z",
"internal_users": 0,
"external_users": 0
}
]
}

enterprise_license_create

License Viewset

Authorizations:

authentik

Request Body schema: application/json
required

key

required

string non-empty

Responses

Request samples

Payload

Content type

application/json

{"key": "string"
}

Response samples

201
400
403

Content type

application/json

{"license_uuid": "c1f3b8e8-1ed0-4f1f-8b9a-d3c1e906f280",
"name": "string",
"key": "string",
"expiry": "2019-08-24T14:15:22Z",
"internal_users": 0,
"external_users": 0
}

enterprise_license_retrieve

License Viewset

Authorizations:

authentik

path Parameters

license_uuid

required

string <uuid>

A UUID string identifying this License.

Responses

Response samples

200
400
403

Content type

application/json

{"license_uuid": "c1f3b8e8-1ed0-4f1f-8b9a-d3c1e906f280",
"name": "string",
"key": "string",
"expiry": "2019-08-24T14:15:22Z",
"internal_users": 0,
"external_users": 0
}

enterprise_license_update

License Viewset

Authorizations:

authentik

path Parameters

license_uuid

required

string <uuid>

A UUID string identifying this License.

Request Body schema: application/json
required

key

required

string non-empty

Responses

Request samples

Payload

Content type

application/json

{"key": "string"
}

Response samples

200
400
403

Content type

application/json

{"license_uuid": "c1f3b8e8-1ed0-4f1f-8b9a-d3c1e906f280",
"name": "string",
"key": "string",
"expiry": "2019-08-24T14:15:22Z",
"internal_users": 0,
"external_users": 0
}

enterprise_license_partial_update

License Viewset

Authorizations:

authentik

path Parameters

license_uuid

required

string <uuid>

A UUID string identifying this License.

Request Body schema: application/json

key	string non-empty

Responses

Request samples

Payload

Content type

application/json

{"key": "string"
}

Response samples

200
400
403

Content type

application/json

{"license_uuid": "c1f3b8e8-1ed0-4f1f-8b9a-d3c1e906f280",
"name": "string",
"key": "string",
"expiry": "2019-08-24T14:15:22Z",
"internal_users": 0,
"external_users": 0
}

enterprise_license_destroy

License Viewset

Authorizations:

authentik

path Parameters

license_uuid

required

string <uuid>

A UUID string identifying this License.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

enterprise_license_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

license_uuid

required

string <uuid>

A UUID string identifying this License.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

enterprise_license_forecast_retrieve

Forecast how many users will be required in a year

Authorizations:

authentik

Responses

Response samples

200
400
403

Content type

application/json

{"internal_users": 0,
"external_users": 0,
"forecasted_internal_users": 0,
"forecasted_external_users": 0
}

enterprise_license_get_install_id_retrieve

Get install_id

Authorizations:

authentik

Responses

Response samples

200
400
403

Content type

application/json

{"install_id": "string"
}

enterprise_license_summary_retrieve

Get the total license status

Authorizations:

authentik

Responses

Response samples

200
400
403

Content type

application/json

{"internal_users": 0,
"external_users": 0,
"valid": true,
"show_admin_warning": true,
"show_user_warning": true,
"read_only": true,
"latest_valid": "2019-08-24T14:15:22Z",
"has_license": true
}

events

events_events_list

Event Read-Only Viewset

Authorizations:

authentik

query Parameters

action	string
brand_name	string Brand name
client_ip	string
context_authorized_app	string Context Authorized application
context_model_app	string Context Model App
context_model_name	string Context Model Name
context_model_pk	string Context Model Primary Key
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.
username	string Username

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"user": null,
"action": "login",
"app": "string",
"context": null,
"client_ip": "string",
"created": "2019-08-24T14:15:22Z",
"expires": "2019-08-24T14:15:22Z",
"brand": null
}
]
}

events_events_create

Event Read-Only Viewset

Authorizations:

authentik

Request Body schema: application/json
required

user	any
action required	string (EventActions) Enum: "login" "login_failed" "logout" "user_write" "suspicious_request" "password_set" "secret_view" "secret_rotate" "invitation_used" "authorize_application" "source_linked" "impersonation_started" "impersonation_ended" "flow_execution" "policy_execution" "policy_exception" "property_mapping_exception" "system_task_execution" "system_task_exception" "system_exception" "configuration_error" "model_created" "model_updated" "model_deleted" "email_sent" "update_available" "custom_"
app required	string non-empty
context	any
client_ip	string or null non-empty
expires	string <date-time>
brand	any

Responses

Request samples

Payload

Content type

application/json

{"user": null,
"action": "login",
"app": "string",
"context": null,
"client_ip": "string",
"expires": "2019-08-24T14:15:22Z",
"brand": null
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"user": null,
"action": "login",
"app": "string",
"context": null,
"client_ip": "string",
"created": "2019-08-24T14:15:22Z",
"expires": "2019-08-24T14:15:22Z",
"brand": null
}

events_events_retrieve

Event Read-Only Viewset

Authorizations:

authentik

path Parameters

event_uuid

required

string <uuid>

A UUID string identifying this Event.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"user": null,
"action": "login",
"app": "string",
"context": null,
"client_ip": "string",
"created": "2019-08-24T14:15:22Z",
"expires": "2019-08-24T14:15:22Z",
"brand": null
}

events_events_update

Event Read-Only Viewset

Authorizations:

authentik

path Parameters

event_uuid

required

string <uuid>

A UUID string identifying this Event.

Request Body schema: application/json
required

user	any
action required	string (EventActions) Enum: "login" "login_failed" "logout" "user_write" "suspicious_request" "password_set" "secret_view" "secret_rotate" "invitation_used" "authorize_application" "source_linked" "impersonation_started" "impersonation_ended" "flow_execution" "policy_execution" "policy_exception" "property_mapping_exception" "system_task_execution" "system_task_exception" "system_exception" "configuration_error" "model_created" "model_updated" "model_deleted" "email_sent" "update_available" "custom_"
app required	string non-empty
context	any
client_ip	string or null non-empty
expires	string <date-time>
brand	any

Responses

Request samples

Payload

Content type

application/json

{"user": null,
"action": "login",
"app": "string",
"context": null,
"client_ip": "string",
"expires": "2019-08-24T14:15:22Z",
"brand": null
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"user": null,
"action": "login",
"app": "string",
"context": null,
"client_ip": "string",
"created": "2019-08-24T14:15:22Z",
"expires": "2019-08-24T14:15:22Z",
"brand": null
}

events_events_partial_update

Event Read-Only Viewset

Authorizations:

authentik

path Parameters

event_uuid

required

string <uuid>

A UUID string identifying this Event.

Request Body schema: application/json

user	any
action	string (EventActions) Enum: "login" "login_failed" "logout" "user_write" "suspicious_request" "password_set" "secret_view" "secret_rotate" "invitation_used" "authorize_application" "source_linked" "impersonation_started" "impersonation_ended" "flow_execution" "policy_execution" "policy_exception" "property_mapping_exception" "system_task_execution" "system_task_exception" "system_exception" "configuration_error" "model_created" "model_updated" "model_deleted" "email_sent" "update_available" "custom_"
app	string non-empty
context	any
client_ip	string or null non-empty
expires	string <date-time>
brand	any

Responses

Request samples

Payload

Content type

application/json

{"user": null,
"action": "login",
"app": "string",
"context": null,
"client_ip": "string",
"expires": "2019-08-24T14:15:22Z",
"brand": null
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"user": null,
"action": "login",
"app": "string",
"context": null,
"client_ip": "string",
"created": "2019-08-24T14:15:22Z",
"expires": "2019-08-24T14:15:22Z",
"brand": null
}

events_events_destroy

Event Read-Only Viewset

Authorizations:

authentik

path Parameters

event_uuid

required

string <uuid>

A UUID string identifying this Event.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

events_events_actions_list

Get all actions

Authorizations:

authentik

Responses

Response samples

200
400
403

Content type

application/json

[{"name": "string",
"description": "string",
"component": "string",
"model_name": "string",
"requires_enterprise": false
}
]

events_events_per_month_list

Get the count of events per month

Authorizations:

authentik

query Parameters

action	string
query	string

Responses

Response samples

200
400
403

Content type

application/json

[{"x_cord": 0,
"y_cord": 0
}
]

events_events_top_per_user_list

Get the top_n events grouped by user count

Authorizations:

authentik

query Parameters

action	string
top_n	integer

Responses

Response samples

200
400
403

Content type

application/json

[{"application": {"property1": null,
"property2": null
},
"counted_events": 0,
"unique_users": 0
}
]

events_events_volume_list

Get event volume for specified filters and timeframe

Authorizations:

authentik

query Parameters

action	string
brand_name	string Brand name
client_ip	string
context_authorized_app	string Context Authorized application
context_model_app	string Context Model App
context_model_name	string Context Model Name
context_model_pk	string Context Model Primary Key
ordering	string Which field to use when ordering the results.
search	string A search term.
username	string Username

Responses

Response samples

200
400
403

Content type

application/json

[{"x_cord": 0,
"y_cord": 0
}
]

events_notifications_list

Notification Viewset

Authorizations:

authentik

query Parameters

body	string
created	string <date-time>
event	string <uuid>
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.
seen	boolean
severity	string Enum: "alert" "notice" "warning"
user	integer

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"severity": "notice",
"body": "string",
"created": "2019-08-24T14:15:22Z",
"event": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"user": null,
"action": "login",
"app": "string",
"context": null,
"client_ip": "string",
"created": "2019-08-24T14:15:22Z",
"expires": "2019-08-24T14:15:22Z",
"brand": null
},
"seen": true
}
]
}

events_notifications_retrieve

Notification Viewset

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Notification.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"severity": "notice",
"body": "string",
"created": "2019-08-24T14:15:22Z",
"event": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"user": null,
"action": "login",
"app": "string",
"context": null,
"client_ip": "string",
"created": "2019-08-24T14:15:22Z",
"expires": "2019-08-24T14:15:22Z",
"brand": null
},
"seen": true
}

events_notifications_update

Notification Viewset

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Notification.

Request Body schema: application/json

	object (EventRequest) Event Serializer
seen	boolean

Responses

Request samples

Payload

Content type

application/json

{"event": {"user": null,
"action": "login",
"app": "string",
"context": null,
"client_ip": "string",
"expires": "2019-08-24T14:15:22Z",
"brand": null
},
"seen": true
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"severity": "notice",
"body": "string",
"created": "2019-08-24T14:15:22Z",
"event": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"user": null,
"action": "login",
"app": "string",
"context": null,
"client_ip": "string",
"created": "2019-08-24T14:15:22Z",
"expires": "2019-08-24T14:15:22Z",
"brand": null
},
"seen": true
}

events_notifications_partial_update

Notification Viewset

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Notification.

Request Body schema: application/json

	object (EventRequest) Event Serializer
seen	boolean

Responses

Request samples

Payload

Content type

application/json

{"event": {"user": null,
"action": "login",
"app": "string",
"context": null,
"client_ip": "string",
"expires": "2019-08-24T14:15:22Z",
"brand": null
},
"seen": true
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"severity": "notice",
"body": "string",
"created": "2019-08-24T14:15:22Z",
"event": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"user": null,
"action": "login",
"app": "string",
"context": null,
"client_ip": "string",
"created": "2019-08-24T14:15:22Z",
"expires": "2019-08-24T14:15:22Z",
"brand": null
},
"seen": true
}

events_notifications_destroy

Notification Viewset

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Notification.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

events_notifications_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Notification.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

events_notifications_mark_all_seen_create

Mark all the user's notifications as seen

Authorizations:

authentik

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

events_rules_list

NotificationRule Viewset

Authorizations:

authentik

query Parameters

group__name	string
name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.
severity	string Enum: "alert" "notice" "warning" Controls which severity level the created notifications will have.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"transports": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"severity": "notice",
"group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
"group_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"users": [0
],
"users_obj": [{"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"email": "user@example.com",
"attributes": {"property1": null,
"property2": null
},
"uid": "string"
}
],
"attributes": {"property1": null,
"property2": null
},
"roles": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"roles_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string"
}
]
}
}
]
}

events_rules_create

NotificationRule Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
transports	Array of strings <uuid> [ items <uuid > ] Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI.
severity	string Enum: "notice" "warning" "alert" Controls which severity level the created notifications will have.
group	string or null <uuid> Define which group of users this notification should be sent and shown to. If left empty, Notification won't ben sent.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"transports": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"severity": "notice",
"group": "fbd899a6-8a66-4f51-a95d-68668de198ae"
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"transports": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"severity": "notice",
"group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
"group_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"users": [0
],
"users_obj": [{"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"email": "user@example.com",
"attributes": {"property1": null,
"property2": null
},
"uid": "string"
}
],
"attributes": {"property1": null,
"property2": null
},
"roles": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"roles_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string"
}
]
}
}

events_rules_retrieve

NotificationRule Viewset

Authorizations:

authentik

path Parameters

pbm_uuid

required

string <uuid>

A UUID string identifying this Notification Rule.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"transports": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"severity": "notice",
"group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
"group_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"users": [0
],
"users_obj": [{"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"email": "user@example.com",
"attributes": {"property1": null,
"property2": null
},
"uid": "string"
}
],
"attributes": {"property1": null,
"property2": null
},
"roles": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"roles_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string"
}
]
}
}

events_rules_update

NotificationRule Viewset

Authorizations:

authentik

path Parameters

pbm_uuid

required

string <uuid>

A UUID string identifying this Notification Rule.

Request Body schema: application/json
required

name required	string non-empty
transports	Array of strings <uuid> [ items <uuid > ] Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI.
severity	string Enum: "notice" "warning" "alert" Controls which severity level the created notifications will have.
group	string or null <uuid> Define which group of users this notification should be sent and shown to. If left empty, Notification won't ben sent.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"transports": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"severity": "notice",
"group": "fbd899a6-8a66-4f51-a95d-68668de198ae"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"transports": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"severity": "notice",
"group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
"group_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"users": [0
],
"users_obj": [{"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"email": "user@example.com",
"attributes": {"property1": null,
"property2": null
},
"uid": "string"
}
],
"attributes": {"property1": null,
"property2": null
},
"roles": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"roles_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string"
}
]
}
}

events_rules_partial_update

NotificationRule Viewset

Authorizations:

authentik

path Parameters

pbm_uuid

required

string <uuid>

A UUID string identifying this Notification Rule.

Request Body schema: application/json

name	string non-empty
transports	Array of strings <uuid> [ items <uuid > ] Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI.
severity	string Enum: "notice" "warning" "alert" Controls which severity level the created notifications will have.
group	string or null <uuid> Define which group of users this notification should be sent and shown to. If left empty, Notification won't ben sent.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"transports": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"severity": "notice",
"group": "fbd899a6-8a66-4f51-a95d-68668de198ae"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"transports": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"severity": "notice",
"group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
"group_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"users": [0
],
"users_obj": [{"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"email": "user@example.com",
"attributes": {"property1": null,
"property2": null
},
"uid": "string"
}
],
"attributes": {"property1": null,
"property2": null
},
"roles": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"roles_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string"
}
]
}
}

events_rules_destroy

NotificationRule Viewset

Authorizations:

authentik

path Parameters

pbm_uuid

required

string <uuid>

A UUID string identifying this Notification Rule.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

events_rules_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

pbm_uuid

required

string <uuid>

A UUID string identifying this Notification Rule.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

events_system_tasks_list

Read-only view set that returns all background tasks

Authorizations:

authentik

query Parameters

name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.
status	string Enum: "error" "successful" "unknown" "warning"
uid	string

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f",
"name": "string",
"full_name": "string",
"uid": "string",
"description": "string",
"start_timestamp": "2019-08-24T14:15:22Z",
"finish_timestamp": "2019-08-24T14:15:22Z",
"duration": 0.1,
"status": "unknown",
"messages": [{"timestamp": "2019-08-24T14:15:22Z",
"log_level": "critical",
"logger": "string",
"event": "string",
"attributes": {"property1": null,
"property2": null
}
}
]
}
]
}

events_system_tasks_retrieve

Read-only view set that returns all background tasks

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this System Task.

Responses

Response samples

200
400
403

Content type

application/json

{"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f",
"name": "string",
"full_name": "string",
"uid": "string",
"description": "string",
"start_timestamp": "2019-08-24T14:15:22Z",
"finish_timestamp": "2019-08-24T14:15:22Z",
"duration": 0.1,
"status": "unknown",
"messages": [{"timestamp": "2019-08-24T14:15:22Z",
"log_level": "critical",
"logger": "string",
"event": "string",
"attributes": {"property1": null,
"property2": null
}
}
]
}

events_system_tasks_run_create

Run task

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this System Task.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

events_transports_list

NotificationTransport Viewset

Authorizations:

authentik

query Parameters

mode	string Enum: "email" "local" "webhook" "webhook_slack"
name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.
send_once	boolean
webhook_url	string

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"mode": "local",
"mode_verbose": "string",
"webhook_url": "http://example.com",
"webhook_mapping": "65dec373-04ee-4418-80af-c31796cda1c4",
"send_once": true
}
]
}

events_transports_create

NotificationTransport Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
mode	string (NotificationTransportModeEnum) Enum: "local" "webhook" "webhook_slack" "email"
webhook_url	string <uri>
webhook_mapping	string or null <uuid>
send_once	boolean Only send notification once, for example when sending a webhook into a chat channel.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"mode": "local",
"webhook_url": "http://example.com",
"webhook_mapping": "65dec373-04ee-4418-80af-c31796cda1c4",
"send_once": true
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"mode": "local",
"mode_verbose": "string",
"webhook_url": "http://example.com",
"webhook_mapping": "65dec373-04ee-4418-80af-c31796cda1c4",
"send_once": true
}

events_transports_retrieve

NotificationTransport Viewset

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Notification Transport.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"mode": "local",
"mode_verbose": "string",
"webhook_url": "http://example.com",
"webhook_mapping": "65dec373-04ee-4418-80af-c31796cda1c4",
"send_once": true
}

events_transports_update

NotificationTransport Viewset

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Notification Transport.

Request Body schema: application/json
required

name required	string non-empty
mode	string (NotificationTransportModeEnum) Enum: "local" "webhook" "webhook_slack" "email"
webhook_url	string <uri>
webhook_mapping	string or null <uuid>
send_once	boolean Only send notification once, for example when sending a webhook into a chat channel.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"mode": "local",
"webhook_url": "http://example.com",
"webhook_mapping": "65dec373-04ee-4418-80af-c31796cda1c4",
"send_once": true
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"mode": "local",
"mode_verbose": "string",
"webhook_url": "http://example.com",
"webhook_mapping": "65dec373-04ee-4418-80af-c31796cda1c4",
"send_once": true
}

events_transports_partial_update

NotificationTransport Viewset

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Notification Transport.

Request Body schema: application/json

name	string non-empty
mode	string (NotificationTransportModeEnum) Enum: "local" "webhook" "webhook_slack" "email"
webhook_url	string <uri>
webhook_mapping	string or null <uuid>
send_once	boolean Only send notification once, for example when sending a webhook into a chat channel.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"mode": "local",
"webhook_url": "http://example.com",
"webhook_mapping": "65dec373-04ee-4418-80af-c31796cda1c4",
"send_once": true
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"mode": "local",
"mode_verbose": "string",
"webhook_url": "http://example.com",
"webhook_mapping": "65dec373-04ee-4418-80af-c31796cda1c4",
"send_once": true
}

events_transports_destroy

NotificationTransport Viewset

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Notification Transport.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

events_transports_test_create

Send example notification using selected transport. Requires Modify permissions.

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Notification Transport.

Responses

Response samples

200
400
403

Content type

application/json

{"messages": ["string"
]
}

events_transports_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Notification Transport.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

flows

flows_bindings_list

FlowStageBinding Viewset

Authorizations:

authentik

query Parameters

evaluate_on_plan	boolean
fsb_uuid	string <uuid>
invalid_response_action	string Enum: "restart" "restart_with_context" "retry" Configure how the flow executor should handle an invalid response to a challenge. RETRY returns the error message and a similar challenge to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT restarts the flow while keeping the current context.
order	integer
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
pbm_uuid	string <uuid>
policies	Array of strings <uuid> [ items <uuid > ]
policy_engine_mode	string Enum: "all" "any"
re_evaluate_policies	boolean
search	string A search term.
stage	string <uuid>
target	string <uuid>

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"target": "65a17d54-9c67-4477-8b80-d3f97e165aa5",
"stage": "9f09bdb0-89bd-4a1a-b468-0312474f1023",
"stage_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
]
},
"evaluate_on_plan": true,
"re_evaluate_policies": true,
"order": -2147483648,
"policy_engine_mode": "all",
"invalid_response_action": "retry"
}
]
}

flows_bindings_create

FlowStageBinding Viewset

Authorizations:

authentik

Request Body schema: application/json
required

target required	string <uuid>
stage required	string <uuid>
evaluate_on_plan	boolean Evaluate policies during the Flow planning process.
re_evaluate_policies	boolean Evaluate policies when the Stage is present to the user.
order required	integer [ -2147483648 .. 2147483647 ]
policy_engine_mode	string (PolicyEngineMode) Enum: "all" "any"
invalid_response_action	string Enum: "retry" "restart" "restart_with_context" Configure how the flow executor should handle an invalid response to a challenge. RETRY returns the error message and a similar challenge to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT restarts the flow while keeping the current context.

Responses

Request samples

Payload

Content type

application/json

{"target": "65a17d54-9c67-4477-8b80-d3f97e165aa5",
"stage": "9f09bdb0-89bd-4a1a-b468-0312474f1023",
"evaluate_on_plan": true,
"re_evaluate_policies": true,
"order": -2147483648,
"policy_engine_mode": "all",
"invalid_response_action": "retry"
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"target": "65a17d54-9c67-4477-8b80-d3f97e165aa5",
"stage": "9f09bdb0-89bd-4a1a-b468-0312474f1023",
"stage_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
]
},
"evaluate_on_plan": true,
"re_evaluate_policies": true,
"order": -2147483648,
"policy_engine_mode": "all",
"invalid_response_action": "retry"
}

flows_bindings_retrieve

FlowStageBinding Viewset

Authorizations:

authentik

path Parameters

fsb_uuid

required

string <uuid>

A UUID string identifying this Flow Stage Binding.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"target": "65a17d54-9c67-4477-8b80-d3f97e165aa5",
"stage": "9f09bdb0-89bd-4a1a-b468-0312474f1023",
"stage_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
]
},
"evaluate_on_plan": true,
"re_evaluate_policies": true,
"order": -2147483648,
"policy_engine_mode": "all",
"invalid_response_action": "retry"
}

flows_bindings_update

FlowStageBinding Viewset

Authorizations:

authentik

path Parameters

fsb_uuid

required

string <uuid>

A UUID string identifying this Flow Stage Binding.

Request Body schema: application/json
required

target required	string <uuid>
stage required	string <uuid>
evaluate_on_plan	boolean Evaluate policies during the Flow planning process.
re_evaluate_policies	boolean Evaluate policies when the Stage is present to the user.
order required	integer [ -2147483648 .. 2147483647 ]
policy_engine_mode	string (PolicyEngineMode) Enum: "all" "any"
invalid_response_action	string Enum: "retry" "restart" "restart_with_context" Configure how the flow executor should handle an invalid response to a challenge. RETRY returns the error message and a similar challenge to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT restarts the flow while keeping the current context.

Responses

Request samples

Payload

Content type

application/json

{"target": "65a17d54-9c67-4477-8b80-d3f97e165aa5",
"stage": "9f09bdb0-89bd-4a1a-b468-0312474f1023",
"evaluate_on_plan": true,
"re_evaluate_policies": true,
"order": -2147483648,
"policy_engine_mode": "all",
"invalid_response_action": "retry"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"target": "65a17d54-9c67-4477-8b80-d3f97e165aa5",
"stage": "9f09bdb0-89bd-4a1a-b468-0312474f1023",
"stage_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
]
},
"evaluate_on_plan": true,
"re_evaluate_policies": true,
"order": -2147483648,
"policy_engine_mode": "all",
"invalid_response_action": "retry"
}

flows_bindings_partial_update

FlowStageBinding Viewset

Authorizations:

authentik

path Parameters

fsb_uuid

required

string <uuid>

A UUID string identifying this Flow Stage Binding.

Request Body schema: application/json

target	string <uuid>
stage	string <uuid>
evaluate_on_plan	boolean Evaluate policies during the Flow planning process.
re_evaluate_policies	boolean Evaluate policies when the Stage is present to the user.
order	integer [ -2147483648 .. 2147483647 ]
policy_engine_mode	string (PolicyEngineMode) Enum: "all" "any"
invalid_response_action	string Enum: "retry" "restart" "restart_with_context" Configure how the flow executor should handle an invalid response to a challenge. RETRY returns the error message and a similar challenge to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT restarts the flow while keeping the current context.

Responses

Request samples

Payload

Content type

application/json

{"target": "65a17d54-9c67-4477-8b80-d3f97e165aa5",
"stage": "9f09bdb0-89bd-4a1a-b468-0312474f1023",
"evaluate_on_plan": true,
"re_evaluate_policies": true,
"order": -2147483648,
"policy_engine_mode": "all",
"invalid_response_action": "retry"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"target": "65a17d54-9c67-4477-8b80-d3f97e165aa5",
"stage": "9f09bdb0-89bd-4a1a-b468-0312474f1023",
"stage_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
]
},
"evaluate_on_plan": true,
"re_evaluate_policies": true,
"order": -2147483648,
"policy_engine_mode": "all",
"invalid_response_action": "retry"
}

flows_bindings_destroy

FlowStageBinding Viewset

Authorizations:

authentik

path Parameters

fsb_uuid

required

string <uuid>

A UUID string identifying this Flow Stage Binding.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

flows_bindings_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

fsb_uuid

required

string <uuid>

A UUID string identifying this Flow Stage Binding.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

flows_executor_get

Get the next pending challenge from the currently active flow.

Authorizations:

authentikNone

path Parameters

flow_slug

required

string

query Parameters

query

required

string

Querystring as received

Responses

Response samples

200
400
403

Content type

application/json

Example

ak-stage-access-denied

{"type": "native",
"flow_info": {"title": "string",
"background": "string",
"cancel_url": "string",
"layout": "stacked"
},
"component": "ak-stage-access-denied",
"response_errors": {"property1": [{"string": "string",
"code": "string"
}
],
"property2": [{"string": "string",
"code": "string"
}
]
},
"pending_user": "string",
"pending_user_avatar": "string",
"error_message": "string"
}

flows_executor_solve

Solve the previously retrieved challenge and advanced to the next stage.

Authorizations:

authentikNone

path Parameters

flow_slug

required

string

query Parameters

query

required

string

Querystring as received

Request Body schema: application/json

component

string non-empty

Default: "ak-source-oauth-apple"

ak-source-oauth-apple

Responses

Request samples

Payload

Content type

application/json

Example

ak-source-oauth-apple

{"component": "ak-source-oauth-apple"
}

Response samples

200
400
403

Content type

application/json

Example

ak-stage-access-denied

{"type": "native",
"flow_info": {"title": "string",
"background": "string",
"cancel_url": "string",
"layout": "stacked"
},
"component": "ak-stage-access-denied",
"response_errors": {"property1": [{"string": "string",
"code": "string"
}
],
"property2": [{"string": "string",
"code": "string"
}
]
},
"pending_user": "string",
"pending_user_avatar": "string",
"error_message": "string"
}

flows_inspector_get

Get current flow state and record it

Authorizations:

authentik

path Parameters

flow_slug

required

string

Responses

Response samples

200
403

Content type

application/json

{"plans": [{"current_stage": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"target": "65a17d54-9c67-4477-8b80-d3f97e165aa5",
"stage": "9f09bdb0-89bd-4a1a-b468-0312474f1023",
"stage_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
]
},
"evaluate_on_plan": true,
"re_evaluate_policies": true,
"order": -2147483648,
"policy_engine_mode": "all",
"invalid_response_action": "retry"
},
"next_planned_stage": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"target": "65a17d54-9c67-4477-8b80-d3f97e165aa5",
"stage": "9f09bdb0-89bd-4a1a-b468-0312474f1023",
"stage_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
]
},
"evaluate_on_plan": true,
"re_evaluate_policies": true,
"order": -2147483648,
"policy_engine_mode": "all",
"invalid_response_action": "retry"
},
"plan_context": {"property1": null,
"property2": null
},
"session_id": "string"
}
],
"current_plan": {"current_stage": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"target": "65a17d54-9c67-4477-8b80-d3f97e165aa5",
"stage": "9f09bdb0-89bd-4a1a-b468-0312474f1023",
"stage_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
]
},
"evaluate_on_plan": true,
"re_evaluate_policies": true,
"order": -2147483648,
"policy_engine_mode": "all",
"invalid_response_action": "retry"
},
"next_planned_stage": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"target": "65a17d54-9c67-4477-8b80-d3f97e165aa5",
"stage": "9f09bdb0-89bd-4a1a-b468-0312474f1023",
"stage_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
]
},
"evaluate_on_plan": true,
"re_evaluate_policies": true,
"order": -2147483648,
"policy_engine_mode": "all",
"invalid_response_action": "retry"
},
"plan_context": {"property1": null,
"property2": null
},
"session_id": "string"
},
"is_completed": true
}

flows_instances_list

Flow Viewset

Authorizations:

authentik

query Parameters

denied_action	string Enum: "continue" "message" "message_continue" Configure what should happen when a flow denies access to a user.
designation	string Enum: "authentication" "authorization" "enrollment" "invalidation" "recovery" "stage_configuration" "unenrollment" Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik.
flow_uuid	string <uuid>
name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.
slug	string

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"stages": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"policies": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"cache_count": 0,
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue",
"authentication": "none"
}
]
}

flows_instances_create

Flow Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
slug required	string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$ Visible in the URL.
title required	string non-empty Shown as the Title in Flow pages.
designation required	string Enum: "authentication" "authorization" "invalidation" "enrollment" "unenrollment" "recovery" "stage_configuration" Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik.
policy_engine_mode	string (PolicyEngineMode) Enum: "all" "any"
compatibility_mode	boolean Enable compatibility mode, increases compatibility with password managers on mobile devices.
layout	string (FlowLayoutEnum) Enum: "stacked" "content_left" "content_right" "sidebar_left" "sidebar_right"
denied_action	string Enum: "message_continue" "message" "continue" Configure what should happen when a flow denies access to a user.
authentication	string Enum: "none" "require_authenticated" "require_unauthenticated" "require_superuser" "require_outpost" Required level of authentication and authorization to access a flow.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue",
"authentication": "none"
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"stages": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"policies": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"cache_count": 0,
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue",
"authentication": "none"
}

flows_instances_retrieve

Flow Viewset

Authorizations:

authentik

path Parameters

slug

required

string

Visible in the URL.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"stages": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"policies": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"cache_count": 0,
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue",
"authentication": "none"
}

flows_instances_update

Flow Viewset

Authorizations:

authentik

path Parameters

slug

required

string

Visible in the URL.

Request Body schema: application/json
required

name required	string non-empty
slug required	string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$ Visible in the URL.
title required	string non-empty Shown as the Title in Flow pages.
designation required	string Enum: "authentication" "authorization" "invalidation" "enrollment" "unenrollment" "recovery" "stage_configuration" Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik.
policy_engine_mode	string (PolicyEngineMode) Enum: "all" "any"
compatibility_mode	boolean Enable compatibility mode, increases compatibility with password managers on mobile devices.
layout	string (FlowLayoutEnum) Enum: "stacked" "content_left" "content_right" "sidebar_left" "sidebar_right"
denied_action	string Enum: "message_continue" "message" "continue" Configure what should happen when a flow denies access to a user.
authentication	string Enum: "none" "require_authenticated" "require_unauthenticated" "require_superuser" "require_outpost" Required level of authentication and authorization to access a flow.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue",
"authentication": "none"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"stages": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"policies": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"cache_count": 0,
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue",
"authentication": "none"
}

flows_instances_partial_update

Flow Viewset

Authorizations:

authentik

path Parameters

slug

required

string

Visible in the URL.

Request Body schema: application/json

name	string non-empty
slug	string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$ Visible in the URL.
title	string non-empty Shown as the Title in Flow pages.
designation	string Enum: "authentication" "authorization" "invalidation" "enrollment" "unenrollment" "recovery" "stage_configuration" Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik.
policy_engine_mode	string (PolicyEngineMode) Enum: "all" "any"
compatibility_mode	boolean Enable compatibility mode, increases compatibility with password managers on mobile devices.
layout	string (FlowLayoutEnum) Enum: "stacked" "content_left" "content_right" "sidebar_left" "sidebar_right"
denied_action	string Enum: "message_continue" "message" "continue" Configure what should happen when a flow denies access to a user.
authentication	string Enum: "none" "require_authenticated" "require_unauthenticated" "require_superuser" "require_outpost" Required level of authentication and authorization to access a flow.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue",
"authentication": "none"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"stages": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"policies": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"cache_count": 0,
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue",
"authentication": "none"
}

flows_instances_destroy

Flow Viewset

Authorizations:

authentik

path Parameters

slug

required

string

Visible in the URL.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

flows_instances_diagram_retrieve

Return diagram for flow with slug slug, in the format used by flowchart.js

Authorizations:

authentik

path Parameters

slug

required

string

Visible in the URL.

Responses

Response samples

200
400
403

Content type

application/json

{"diagram": "string"
}

flows_instances_execute_retrieve

Execute flow for current user

Authorizations:

authentik

path Parameters

slug

required

string

Visible in the URL.

Responses

Response samples

200
403

Content type

application/json

{"link": "string"
}

flows_instances_export_retrieve

Export flow to .yaml file

Authorizations:

authentik

path Parameters

slug

required

string

Visible in the URL.

Responses

Response samples

200
400
403

Content type

application/json

"string"

flows_instances_set_background_create

Set Flow background

Authorizations:

authentik

path Parameters

slug

required

string

Visible in the URL.

Request Body schema: multipart/form-data

file	string <binary>
clear	boolean Default: false

Responses

Response samples

403

Content type

application/json

{"detail": "string",
"code": "string"
}

flows_instances_set_background_url_create

Set Flow background (as URL)

Authorizations:

authentik

path Parameters

slug

required

string

Visible in the URL.

Request Body schema: application/json
required

url

required

string non-empty

Responses

Request samples

Payload

Content type

application/json

{"url": "string"
}

Response samples

403

Content type

application/json

{"detail": "string",
"code": "string"
}

flows_instances_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

slug

required

string

Visible in the URL.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

flows_instances_cache_clear_create

Clear flow cache

Authorizations:

authentik

Responses

Response samples

403

Content type

application/json

{"detail": "string",
"code": "string"
}

flows_instances_cache_info_retrieve

Info about cached flows

Authorizations:

authentik

Responses

Response samples

200
400
403

Content type

application/json

{"count": 0
}

flows_instances_import_create

Import flow from .yaml file

Authorizations:

authentik

Request Body schema: multipart/form-data

file	string <binary>
clear	boolean Default: false

Responses

Response samples

204
400
403

Content type

application/json

{"logs": [{"timestamp": "2019-08-24T14:15:22Z",
"log_level": "critical",
"logger": "string",
"event": "string",
"attributes": {"property1": null,
"property2": null
}
}
],
"success": true
}

managed

managed_blueprints_list

Blueprint instances

Authorizations:

authentik

query Parameters

name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
path	string
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"path": "",
"context": null,
"last_applied": "2019-08-24T14:15:22Z",
"last_applied_hash": "string",
"status": "successful",
"enabled": true,
"managed_models": ["string"
],
"metadata": null,
"content": "string"
}
]
}

managed_blueprints_create

Blueprint instances

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
path	string Default: ""
context	any
enabled	boolean
content	string

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"path": "",
"context": null,
"enabled": true,
"content": "string"
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"path": "",
"context": null,
"last_applied": "2019-08-24T14:15:22Z",
"last_applied_hash": "string",
"status": "successful",
"enabled": true,
"managed_models": ["string"
],
"metadata": null,
"content": "string"
}

managed_blueprints_retrieve

Blueprint instances

Authorizations:

authentik

path Parameters

instance_uuid

required

string <uuid>

A UUID string identifying this Blueprint Instance.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"path": "",
"context": null,
"last_applied": "2019-08-24T14:15:22Z",
"last_applied_hash": "string",
"status": "successful",
"enabled": true,
"managed_models": ["string"
],
"metadata": null,
"content": "string"
}

managed_blueprints_update

Blueprint instances

Authorizations:

authentik

path Parameters

instance_uuid

required

string <uuid>

A UUID string identifying this Blueprint Instance.

Request Body schema: application/json
required

name required	string non-empty
path	string Default: ""
context	any
enabled	boolean
content	string

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"path": "",
"context": null,
"enabled": true,
"content": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"path": "",
"context": null,
"last_applied": "2019-08-24T14:15:22Z",
"last_applied_hash": "string",
"status": "successful",
"enabled": true,
"managed_models": ["string"
],
"metadata": null,
"content": "string"
}

managed_blueprints_partial_update

Blueprint instances

Authorizations:

authentik

path Parameters

instance_uuid

required

string <uuid>

A UUID string identifying this Blueprint Instance.

Request Body schema: application/json

name	string non-empty
path	string Default: ""
context	any
enabled	boolean
content	string

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"path": "",
"context": null,
"enabled": true,
"content": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"path": "",
"context": null,
"last_applied": "2019-08-24T14:15:22Z",
"last_applied_hash": "string",
"status": "successful",
"enabled": true,
"managed_models": ["string"
],
"metadata": null,
"content": "string"
}

managed_blueprints_destroy

Blueprint instances

Authorizations:

authentik

path Parameters

instance_uuid

required

string <uuid>

A UUID string identifying this Blueprint Instance.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

managed_blueprints_apply_create

Apply a blueprint

Authorizations:

authentik

path Parameters

instance_uuid

required

string <uuid>

A UUID string identifying this Blueprint Instance.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"path": "",
"context": null,
"last_applied": "2019-08-24T14:15:22Z",
"last_applied_hash": "string",
"status": "successful",
"enabled": true,
"managed_models": ["string"
],
"metadata": null,
"content": "string"
}

managed_blueprints_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

instance_uuid

required

string <uuid>

A UUID string identifying this Blueprint Instance.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

managed_blueprints_available_list

Get blueprints

Authorizations:

authentik

Responses

Response samples

200
400
403

Content type

application/json

[{"path": "string",
"last_m": "2019-08-24T14:15:22Z",
"hash": "string",
"meta": {"name": "string",
"labels": {"property1": null,
"property2": null
}
}
}
]

oauth2

oauth2_access_tokens_list

AccessToken Viewset

Authorizations:

authentik

query Parameters

ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
provider	integer
search	string A search term.
user	integer

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": 0,
"provider": {"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"client_type": "confidential",
"client_id": "string",
"client_secret": "string",
"access_code_validity": "string",
"access_token_validity": "string",
"refresh_token_validity": "string",
"include_claims_in_id_token": true,
"signing_key": "e956740a-6ddf-4402-92f0-0d8f6b97c243",
"redirect_uris": "string",
"sub_mode": "hashed_user_id",
"issuer_mode": "global",
"jwks_sources": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
},
"user": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"is_superuser": true,
"groups": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"groups_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"attributes": {"property1": null,
"property2": null
}
}
],
"email": "user@example.com",
"avatar": "string",
"attributes": {"property1": null,
"property2": null
},
"uid": "string",
"path": "string",
"type": "internal",
"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f"
},
"is_expired": true,
"expires": "2019-08-24T14:15:22Z",
"scope": ["string"
],
"id_token": "string",
"revoked": true
}
]
}

oauth2_access_tokens_retrieve

AccessToken Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this OAuth2 Access Token.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"provider": {"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"client_type": "confidential",
"client_id": "string",
"client_secret": "string",
"access_code_validity": "string",
"access_token_validity": "string",
"refresh_token_validity": "string",
"include_claims_in_id_token": true,
"signing_key": "e956740a-6ddf-4402-92f0-0d8f6b97c243",
"redirect_uris": "string",
"sub_mode": "hashed_user_id",
"issuer_mode": "global",
"jwks_sources": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
},
"user": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"is_superuser": true,
"groups": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"groups_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"attributes": {"property1": null,
"property2": null
}
}
],
"email": "user@example.com",
"avatar": "string",
"attributes": {"property1": null,
"property2": null
},
"uid": "string",
"path": "string",
"type": "internal",
"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f"
},
"is_expired": true,
"expires": "2019-08-24T14:15:22Z",
"scope": ["string"
],
"id_token": "string",
"revoked": true
}

oauth2_access_tokens_destroy

AccessToken Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this OAuth2 Access Token.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

oauth2_access_tokens_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this OAuth2 Access Token.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

oauth2_authorization_codes_list

AuthorizationCode Viewset

Authorizations:

authentik

query Parameters

ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
provider	integer
search	string A search term.
user	integer

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": 0,
"provider": {"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"client_type": "confidential",
"client_id": "string",
"client_secret": "string",
"access_code_validity": "string",
"access_token_validity": "string",
"refresh_token_validity": "string",
"include_claims_in_id_token": true,
"signing_key": "e956740a-6ddf-4402-92f0-0d8f6b97c243",
"redirect_uris": "string",
"sub_mode": "hashed_user_id",
"issuer_mode": "global",
"jwks_sources": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
},
"user": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"is_superuser": true,
"groups": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"groups_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"attributes": {"property1": null,
"property2": null
}
}
],
"email": "user@example.com",
"avatar": "string",
"attributes": {"property1": null,
"property2": null
},
"uid": "string",
"path": "string",
"type": "internal",
"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f"
},
"is_expired": true,
"expires": "2019-08-24T14:15:22Z",
"scope": ["string"
]
}
]
}

oauth2_authorization_codes_retrieve

AuthorizationCode Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this Authorization Code.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"provider": {"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"client_type": "confidential",
"client_id": "string",
"client_secret": "string",
"access_code_validity": "string",
"access_token_validity": "string",
"refresh_token_validity": "string",
"include_claims_in_id_token": true,
"signing_key": "e956740a-6ddf-4402-92f0-0d8f6b97c243",
"redirect_uris": "string",
"sub_mode": "hashed_user_id",
"issuer_mode": "global",
"jwks_sources": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
},
"user": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"is_superuser": true,
"groups": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"groups_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"attributes": {"property1": null,
"property2": null
}
}
],
"email": "user@example.com",
"avatar": "string",
"attributes": {"property1": null,
"property2": null
},
"uid": "string",
"path": "string",
"type": "internal",
"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f"
},
"is_expired": true,
"expires": "2019-08-24T14:15:22Z",
"scope": ["string"
]
}

oauth2_authorization_codes_destroy

AuthorizationCode Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this Authorization Code.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

oauth2_authorization_codes_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this Authorization Code.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

oauth2_refresh_tokens_list

RefreshToken Viewset

Authorizations:

authentik

query Parameters

ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
provider	integer
search	string A search term.
user	integer

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": 0,
"provider": {"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"client_type": "confidential",
"client_id": "string",
"client_secret": "string",
"access_code_validity": "string",
"access_token_validity": "string",
"refresh_token_validity": "string",
"include_claims_in_id_token": true,
"signing_key": "e956740a-6ddf-4402-92f0-0d8f6b97c243",
"redirect_uris": "string",
"sub_mode": "hashed_user_id",
"issuer_mode": "global",
"jwks_sources": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
},
"user": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"is_superuser": true,
"groups": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"groups_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"attributes": {"property1": null,
"property2": null
}
}
],
"email": "user@example.com",
"avatar": "string",
"attributes": {"property1": null,
"property2": null
},
"uid": "string",
"path": "string",
"type": "internal",
"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f"
},
"is_expired": true,
"expires": "2019-08-24T14:15:22Z",
"scope": ["string"
],
"id_token": "string",
"revoked": true
}
]
}

oauth2_refresh_tokens_retrieve

RefreshToken Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this OAuth2 Refresh Token.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"provider": {"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"client_type": "confidential",
"client_id": "string",
"client_secret": "string",
"access_code_validity": "string",
"access_token_validity": "string",
"refresh_token_validity": "string",
"include_claims_in_id_token": true,
"signing_key": "e956740a-6ddf-4402-92f0-0d8f6b97c243",
"redirect_uris": "string",
"sub_mode": "hashed_user_id",
"issuer_mode": "global",
"jwks_sources": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
},
"user": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"is_superuser": true,
"groups": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"groups_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"attributes": {"property1": null,
"property2": null
}
}
],
"email": "user@example.com",
"avatar": "string",
"attributes": {"property1": null,
"property2": null
},
"uid": "string",
"path": "string",
"type": "internal",
"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f"
},
"is_expired": true,
"expires": "2019-08-24T14:15:22Z",
"scope": ["string"
],
"id_token": "string",
"revoked": true
}

oauth2_refresh_tokens_destroy

RefreshToken Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this OAuth2 Refresh Token.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

oauth2_refresh_tokens_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this OAuth2 Refresh Token.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

outposts

outposts_instances_list

Outpost Viewset

Authorizations:

authentik

query Parameters

managed__icontains	string
managed__iexact	string
name__icontains	string
name__iexact	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
providers__isnull	boolean
providers_by_pk	Array of integers
search	string A search term.
service_connection__name__icontains	string
service_connection__name__iexact	string

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"type": "proxy",
"providers": [0
],
"providers_obj": [{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string"
}
],
"service_connection": "42d1f606-386d-44d6-8d5c-96a6d96e0cfa",
"service_connection_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"local": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string"
},
"token_identifier": "string",
"config": {"property1": null,
"property2": null
},
"managed": "string"
}
]
}

outposts_instances_create

Outpost Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
type required	string (OutpostTypeEnum) Enum: "proxy" "ldap" "radius" "rac"
providers required	Array of integers
service_connection	string or null <uuid> Select Service-Connection authentik should use to manage this outpost. Leave empty if authentik should not handle the deployment.
required	object
managed	string or null (Managed by authentik) non-empty Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"type": "proxy",
"providers": [0
],
"service_connection": "42d1f606-386d-44d6-8d5c-96a6d96e0cfa",
"config": {"property1": null,
"property2": null
},
"managed": "string"
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"type": "proxy",
"providers": [0
],
"providers_obj": [{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string"
}
],
"service_connection": "42d1f606-386d-44d6-8d5c-96a6d96e0cfa",
"service_connection_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"local": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string"
},
"token_identifier": "string",
"config": {"property1": null,
"property2": null
},
"managed": "string"
}

outposts_instances_retrieve

Outpost Viewset

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Outpost.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"type": "proxy",
"providers": [0
],
"providers_obj": [{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string"
}
],
"service_connection": "42d1f606-386d-44d6-8d5c-96a6d96e0cfa",
"service_connection_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"local": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string"
},
"token_identifier": "string",
"config": {"property1": null,
"property2": null
},
"managed": "string"
}

outposts_instances_update

Outpost Viewset

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Outpost.

Request Body schema: application/json
required

name required	string non-empty
type required	string (OutpostTypeEnum) Enum: "proxy" "ldap" "radius" "rac"
providers required	Array of integers
service_connection	string or null <uuid> Select Service-Connection authentik should use to manage this outpost. Leave empty if authentik should not handle the deployment.
required	object
managed	string or null (Managed by authentik) non-empty Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"type": "proxy",
"providers": [0
],
"service_connection": "42d1f606-386d-44d6-8d5c-96a6d96e0cfa",
"config": {"property1": null,
"property2": null
},
"managed": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"type": "proxy",
"providers": [0
],
"providers_obj": [{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string"
}
],
"service_connection": "42d1f606-386d-44d6-8d5c-96a6d96e0cfa",
"service_connection_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"local": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string"
},
"token_identifier": "string",
"config": {"property1": null,
"property2": null
},
"managed": "string"
}

outposts_instances_partial_update

Outpost Viewset

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Outpost.

Request Body schema: application/json

name	string non-empty
type	string (OutpostTypeEnum) Enum: "proxy" "ldap" "radius" "rac"
providers	Array of integers
service_connection	string or null <uuid> Select Service-Connection authentik should use to manage this outpost. Leave empty if authentik should not handle the deployment.
	object
managed	string or null (Managed by authentik) non-empty Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"type": "proxy",
"providers": [0
],
"service_connection": "42d1f606-386d-44d6-8d5c-96a6d96e0cfa",
"config": {"property1": null,
"property2": null
},
"managed": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"type": "proxy",
"providers": [0
],
"providers_obj": [{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string"
}
],
"service_connection": "42d1f606-386d-44d6-8d5c-96a6d96e0cfa",
"service_connection_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"local": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string"
},
"token_identifier": "string",
"config": {"property1": null,
"property2": null
},
"managed": "string"
}

outposts_instances_destroy

Outpost Viewset

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Outpost.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

outposts_instances_health_list

Get outposts current health

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Outpost.

query Parameters

managed__icontains	string
managed__iexact	string
name__icontains	string
name__iexact	string
ordering	string Which field to use when ordering the results.
providers__isnull	boolean
providers_by_pk	Array of integers
search	string A search term.
service_connection__name__icontains	string
service_connection__name__iexact	string

Responses

Response samples

200
400
403

Content type

application/json

[{"uid": "string",
"last_seen": "2019-08-24T14:15:22Z",
"version": "string",
"version_should": "string",
"version_outdated": true,
"build_hash": "string",
"build_hash_should": "string",
"hostname": "string"
}
]

outposts_instances_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Outpost.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

outposts_instances_default_settings_retrieve

Global default outpost config

Authorizations:

authentik

Responses

Response samples

200
400
403

Content type

application/json

{"config": {"property1": null,
"property2": null
}
}

outposts_ldap_list

LDAPProvider Viewset

Authorizations:

authentik

query Parameters

name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": 0,
"name": "string",
"base_dn": "string",
"bind_flow_slug": "string",
"application_slug": "string",
"search_group": "bfbd661e-4d78-456a-b020-3a3c48f6db9b",
"certificate": "b7dc5fd8-9c23-4dd8-a5cb-7431da1854eb",
"tls_server_name": "string",
"uid_start_number": -2147483648,
"gid_start_number": -2147483648,
"search_mode": "direct",
"bind_mode": "direct",
"mfa_support": true
}
]
}

outposts_ldap_retrieve

LDAPProvider Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this LDAP Provider.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"base_dn": "string",
"bind_flow_slug": "string",
"application_slug": "string",
"search_group": "bfbd661e-4d78-456a-b020-3a3c48f6db9b",
"certificate": "b7dc5fd8-9c23-4dd8-a5cb-7431da1854eb",
"tls_server_name": "string",
"uid_start_number": -2147483648,
"gid_start_number": -2147483648,
"search_mode": "direct",
"bind_mode": "direct",
"mfa_support": true
}

outposts_proxy_list

ProxyProvider Viewset

Authorizations:

authentik

query Parameters

name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": 0,
"name": "string",
"internal_host": "http://example.com",
"external_host": "http://example.com",
"internal_host_ssl_validation": true,
"client_id": "string",
"client_secret": "string",
"oidc_configuration": {"issuer": "string",
"authorization_endpoint": "string",
"token_endpoint": "string",
"userinfo_endpoint": "string",
"end_session_endpoint": "string",
"introspection_endpoint": "string",
"jwks_uri": "string",
"response_types_supported": ["string"
],
"id_token_signing_alg_values_supported": ["string"
],
"subject_types_supported": ["string"
],
"token_endpoint_auth_methods_supported": ["string"
]
},
"cookie_secret": "string",
"certificate": "b7dc5fd8-9c23-4dd8-a5cb-7431da1854eb",
"skip_path_regex": "string",
"basic_auth_enabled": true,
"basic_auth_password_attribute": "string",
"basic_auth_user_attribute": "string",
"mode": "proxy",
"cookie_domain": "string",
"access_token_validity": 0.1,
"intercept_header_auth": true,
"scopes_to_request": ["string"
],
"assigned_application_slug": "string",
"assigned_application_name": "string"
}
]
}

outposts_proxy_retrieve

ProxyProvider Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this Proxy Provider.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"internal_host": "http://example.com",
"external_host": "http://example.com",
"internal_host_ssl_validation": true,
"client_id": "string",
"client_secret": "string",
"oidc_configuration": {"issuer": "string",
"authorization_endpoint": "string",
"token_endpoint": "string",
"userinfo_endpoint": "string",
"end_session_endpoint": "string",
"introspection_endpoint": "string",
"jwks_uri": "string",
"response_types_supported": ["string"
],
"id_token_signing_alg_values_supported": ["string"
],
"subject_types_supported": ["string"
],
"token_endpoint_auth_methods_supported": ["string"
]
},
"cookie_secret": "string",
"certificate": "b7dc5fd8-9c23-4dd8-a5cb-7431da1854eb",
"skip_path_regex": "string",
"basic_auth_enabled": true,
"basic_auth_password_attribute": "string",
"basic_auth_user_attribute": "string",
"mode": "proxy",
"cookie_domain": "string",
"access_token_validity": 0.1,
"intercept_header_auth": true,
"scopes_to_request": ["string"
],
"assigned_application_slug": "string",
"assigned_application_name": "string"
}

outposts_radius_list

RadiusProvider Viewset

Authorizations:

authentik

query Parameters

name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": 0,
"name": "string",
"application_slug": "string",
"auth_flow_slug": "string",
"client_networks": "string",
"shared_secret": "string",
"mfa_support": true
}
]
}

outposts_radius_retrieve

RadiusProvider Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this Radius Provider.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"application_slug": "string",
"auth_flow_slug": "string",
"client_networks": "string",
"shared_secret": "string",
"mfa_support": true
}

outposts_service_connections_all_list

ServiceConnection Viewset

Authorizations:

authentik

query Parameters

name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"local": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string"
}
]
}

outposts_service_connections_all_retrieve

ServiceConnection Viewset

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Outpost Service-Connection.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"local": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string"
}

outposts_service_connections_all_destroy

ServiceConnection Viewset

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Outpost Service-Connection.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

outposts_service_connections_all_state_retrieve

Get the service connection's state

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Outpost Service-Connection.

Responses

Response samples

200
400
403

Content type

application/json

{"healthy": true,
"version": "string"
}

outposts_service_connections_all_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Outpost Service-Connection.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

outposts_service_connections_all_types_list

Get all creatable service connection types

Authorizations:

authentik

Responses

Response samples

200
400
403

Content type

application/json

[{"name": "string",
"description": "string",
"component": "string",
"model_name": "string",
"requires_enterprise": false
}
]

outposts_service_connections_docker_list

DockerServiceConnection Viewset

Authorizations:

authentik

query Parameters

local	boolean
name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.
tls_authentication	string <uuid>
tls_verification	string <uuid>
url	string

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"local": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"url": "string",
"tls_verification": "abfc60cf-b788-497b-90cf-de579831c7f7",
"tls_authentication": "cc841068-7173-4529-9560-50b021d00610"
}
]
}

outposts_service_connections_docker_create

DockerServiceConnection Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
local	boolean If enabled, use the local connection. Required Docker socket/Kubernetes Integration
url required	string non-empty Can be in the format of 'unix://' when connecting to a local docker daemon, or 'https://:2376' when connecting to a remote system.
tls_verification	string or null <uuid> CA which the endpoint's Certificate is verified against. Can be left empty for no validation.
tls_authentication	string or null <uuid> Certificate/Key used for authentication. Can be left empty for no authentication.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"local": true,
"url": "string",
"tls_verification": "abfc60cf-b788-497b-90cf-de579831c7f7",
"tls_authentication": "cc841068-7173-4529-9560-50b021d00610"
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"local": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"url": "string",
"tls_verification": "abfc60cf-b788-497b-90cf-de579831c7f7",
"tls_authentication": "cc841068-7173-4529-9560-50b021d00610"
}

outposts_service_connections_docker_retrieve

DockerServiceConnection Viewset

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Docker Service-Connection.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"local": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"url": "string",
"tls_verification": "abfc60cf-b788-497b-90cf-de579831c7f7",
"tls_authentication": "cc841068-7173-4529-9560-50b021d00610"
}

outposts_service_connections_docker_update

DockerServiceConnection Viewset

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Docker Service-Connection.

Request Body schema: application/json
required

name required	string non-empty
local	boolean If enabled, use the local connection. Required Docker socket/Kubernetes Integration
url required	string non-empty Can be in the format of 'unix://' when connecting to a local docker daemon, or 'https://:2376' when connecting to a remote system.
tls_verification	string or null <uuid> CA which the endpoint's Certificate is verified against. Can be left empty for no validation.
tls_authentication	string or null <uuid> Certificate/Key used for authentication. Can be left empty for no authentication.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"local": true,
"url": "string",
"tls_verification": "abfc60cf-b788-497b-90cf-de579831c7f7",
"tls_authentication": "cc841068-7173-4529-9560-50b021d00610"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"local": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"url": "string",
"tls_verification": "abfc60cf-b788-497b-90cf-de579831c7f7",
"tls_authentication": "cc841068-7173-4529-9560-50b021d00610"
}

outposts_service_connections_docker_partial_update

DockerServiceConnection Viewset

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Docker Service-Connection.

Request Body schema: application/json

name	string non-empty
local	boolean If enabled, use the local connection. Required Docker socket/Kubernetes Integration
url	string non-empty Can be in the format of 'unix://' when connecting to a local docker daemon, or 'https://:2376' when connecting to a remote system.
tls_verification	string or null <uuid> CA which the endpoint's Certificate is verified against. Can be left empty for no validation.
tls_authentication	string or null <uuid> Certificate/Key used for authentication. Can be left empty for no authentication.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"local": true,
"url": "string",
"tls_verification": "abfc60cf-b788-497b-90cf-de579831c7f7",
"tls_authentication": "cc841068-7173-4529-9560-50b021d00610"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"local": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"url": "string",
"tls_verification": "abfc60cf-b788-497b-90cf-de579831c7f7",
"tls_authentication": "cc841068-7173-4529-9560-50b021d00610"
}

outposts_service_connections_docker_destroy

DockerServiceConnection Viewset

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Docker Service-Connection.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

outposts_service_connections_docker_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Docker Service-Connection.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

outposts_service_connections_kubernetes_list

KubernetesServiceConnection Viewset

Authorizations:

authentik

query Parameters

local	boolean
name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"local": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"kubeconfig": null,
"verify_ssl": true
}
]
}

outposts_service_connections_kubernetes_create

KubernetesServiceConnection Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
local	boolean If enabled, use the local connection. Required Docker socket/Kubernetes Integration
kubeconfig	any Paste your kubeconfig here. authentik will automatically use the currently selected context.
verify_ssl	boolean Verify SSL Certificates of the Kubernetes API endpoint

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"local": true,
"kubeconfig": null,
"verify_ssl": true
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"local": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"kubeconfig": null,
"verify_ssl": true
}

outposts_service_connections_kubernetes_retrieve

KubernetesServiceConnection Viewset

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Kubernetes Service-Connection.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"local": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"kubeconfig": null,
"verify_ssl": true
}

outposts_service_connections_kubernetes_update

KubernetesServiceConnection Viewset

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Kubernetes Service-Connection.

Request Body schema: application/json
required

name required	string non-empty
local	boolean If enabled, use the local connection. Required Docker socket/Kubernetes Integration
kubeconfig	any Paste your kubeconfig here. authentik will automatically use the currently selected context.
verify_ssl	boolean Verify SSL Certificates of the Kubernetes API endpoint

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"local": true,
"kubeconfig": null,
"verify_ssl": true
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"local": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"kubeconfig": null,
"verify_ssl": true
}

outposts_service_connections_kubernetes_partial_update

KubernetesServiceConnection Viewset

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Kubernetes Service-Connection.

Request Body schema: application/json

name	string non-empty
local	boolean If enabled, use the local connection. Required Docker socket/Kubernetes Integration
kubeconfig	any Paste your kubeconfig here. authentik will automatically use the currently selected context.
verify_ssl	boolean Verify SSL Certificates of the Kubernetes API endpoint

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"local": true,
"kubeconfig": null,
"verify_ssl": true
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"local": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"kubeconfig": null,
"verify_ssl": true
}

outposts_service_connections_kubernetes_destroy

KubernetesServiceConnection Viewset

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Kubernetes Service-Connection.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

outposts_service_connections_kubernetes_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Kubernetes Service-Connection.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

policies

policies_all_list

Policy Viewset

Authorizations:

authentik

query Parameters

bindings__isnull	boolean
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
promptstage__isnull	boolean
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"execution_logging": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"bound_to": 0
}
]
}

policies_all_retrieve

Policy Viewset

Authorizations:

authentik

path Parameters

policy_uuid

required

string <uuid>

A UUID string identifying this Policy.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"execution_logging": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"bound_to": 0
}

policies_all_destroy

Policy Viewset

Authorizations:

authentik

path Parameters

policy_uuid

required

string <uuid>

A UUID string identifying this Policy.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

policies_all_test_create

Test policy

Authorizations:

authentik

path Parameters

policy_uuid

required

string <uuid>

A UUID string identifying this Policy.

Request Body schema: application/json
required

user required	integer
	object

Responses

Request samples

Payload

Content type

application/json

{"user": 0,
"context": {"property1": null,
"property2": null
}
}

Response samples

200
403

Content type

application/json

{"passing": true,
"messages": ["string"
],
"log_messages": [{"timestamp": "2019-08-24T14:15:22Z",
"log_level": "critical",
"logger": "string",
"event": "string",
"attributes": {"property1": null,
"property2": null
}
}
]
}

policies_all_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

policy_uuid

required

string <uuid>

A UUID string identifying this Policy.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

policies_all_cache_clear_create

Clear policy cache

Authorizations:

authentik

Responses

Response samples

403

Content type

application/json

{"detail": "string",
"code": "string"
}

policies_all_cache_info_retrieve

Info about cached policies

Authorizations:

authentik

Responses

Response samples

200
400
403

Content type

application/json

{"count": 0
}

policies_all_types_list

Get all creatable policy types

Authorizations:

authentik

Responses

Response samples

200
400
403

Content type

application/json

[{"name": "string",
"description": "string",
"component": "string",
"model_name": "string",
"requires_enterprise": false
}
]

policies_bindings_list

PolicyBinding Viewset

Authorizations:

authentik

query Parameters

enabled	boolean
order	integer
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
policy	string <uuid>
policy__isnull	boolean
search	string A search term.
target	string <uuid>
target_in	Array of strings <uuid> [ items <uuid > ]
timeout	integer

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policy": "b98582cd-72b0-4e39-98a9-ede64030e4c6",
"group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
"user": 0,
"policy_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"execution_logging": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"bound_to": 0
},
"group_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"users": [0
],
"users_obj": [{"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"email": "user@example.com",
"attributes": {"property1": null,
"property2": null
},
"uid": "string"
}
],
"attributes": {"property1": null,
"property2": null
},
"roles": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"roles_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string"
}
]
},
"user_obj": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"is_superuser": true,
"groups": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"groups_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"attributes": {"property1": null,
"property2": null
}
}
],
"email": "user@example.com",
"avatar": "string",
"attributes": {"property1": null,
"property2": null
},
"uid": "string",
"path": "string",
"type": "internal",
"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f"
},
"target": "65a17d54-9c67-4477-8b80-d3f97e165aa5",
"negate": true,
"enabled": true,
"order": -2147483648,
"timeout": 2147483647,
"failure_result": true
}
]
}

policies_bindings_create

PolicyBinding Viewset

Authorizations:

authentik

Request Body schema: application/json
required

policy	string or null <uuid>
group	string or null <uuid>
user	integer or null
target required	string <uuid>
negate	boolean Negates the outcome of the policy. Messages are unaffected.
enabled	boolean
order required	integer [ -2147483648 .. 2147483647 ]
timeout	integer [ 0 .. 2147483647 ] Timeout after which Policy execution is terminated.
failure_result	boolean Result if the Policy execution fails.

Responses

Request samples

Payload

Content type

application/json

{"policy": "b98582cd-72b0-4e39-98a9-ede64030e4c6",
"group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
"user": 0,
"target": "65a17d54-9c67-4477-8b80-d3f97e165aa5",
"negate": true,
"enabled": true,
"order": -2147483648,
"timeout": 2147483647,
"failure_result": true
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policy": "b98582cd-72b0-4e39-98a9-ede64030e4c6",
"group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
"user": 0,
"policy_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"execution_logging": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"bound_to": 0
},
"group_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"users": [0
],
"users_obj": [{"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"email": "user@example.com",
"attributes": {"property1": null,
"property2": null
},
"uid": "string"
}
],
"attributes": {"property1": null,
"property2": null
},
"roles": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"roles_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string"
}
]
},
"user_obj": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"is_superuser": true,
"groups": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"groups_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"attributes": {"property1": null,
"property2": null
}
}
],
"email": "user@example.com",
"avatar": "string",
"attributes": {"property1": null,
"property2": null
},
"uid": "string",
"path": "string",
"type": "internal",
"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f"
},
"target": "65a17d54-9c67-4477-8b80-d3f97e165aa5",
"negate": true,
"enabled": true,
"order": -2147483648,
"timeout": 2147483647,
"failure_result": true
}

policies_bindings_retrieve

PolicyBinding Viewset

Authorizations:

authentik

path Parameters

policy_binding_uuid

required

string <uuid>

A UUID string identifying this Policy Binding.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policy": "b98582cd-72b0-4e39-98a9-ede64030e4c6",
"group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
"user": 0,
"policy_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"execution_logging": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"bound_to": 0
},
"group_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"users": [0
],
"users_obj": [{"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"email": "user@example.com",
"attributes": {"property1": null,
"property2": null
},
"uid": "string"
}
],
"attributes": {"property1": null,
"property2": null
},
"roles": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"roles_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string"
}
]
},
"user_obj": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"is_superuser": true,
"groups": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"groups_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"attributes": {"property1": null,
"property2": null
}
}
],
"email": "user@example.com",
"avatar": "string",
"attributes": {"property1": null,
"property2": null
},
"uid": "string",
"path": "string",
"type": "internal",
"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f"
},
"target": "65a17d54-9c67-4477-8b80-d3f97e165aa5",
"negate": true,
"enabled": true,
"order": -2147483648,
"timeout": 2147483647,
"failure_result": true
}

policies_bindings_update

PolicyBinding Viewset

Authorizations:

authentik

path Parameters

policy_binding_uuid

required

string <uuid>

A UUID string identifying this Policy Binding.

Request Body schema: application/json
required

policy	string or null <uuid>
group	string or null <uuid>
user	integer or null
target required	string <uuid>
negate	boolean Negates the outcome of the policy. Messages are unaffected.
enabled	boolean
order required	integer [ -2147483648 .. 2147483647 ]
timeout	integer [ 0 .. 2147483647 ] Timeout after which Policy execution is terminated.
failure_result	boolean Result if the Policy execution fails.

Responses

Request samples

Payload

Content type

application/json

{"policy": "b98582cd-72b0-4e39-98a9-ede64030e4c6",
"group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
"user": 0,
"target": "65a17d54-9c67-4477-8b80-d3f97e165aa5",
"negate": true,
"enabled": true,
"order": -2147483648,
"timeout": 2147483647,
"failure_result": true
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policy": "b98582cd-72b0-4e39-98a9-ede64030e4c6",
"group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
"user": 0,
"policy_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"execution_logging": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"bound_to": 0
},
"group_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"users": [0
],
"users_obj": [{"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"email": "user@example.com",
"attributes": {"property1": null,
"property2": null
},
"uid": "string"
}
],
"attributes": {"property1": null,
"property2": null
},
"roles": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"roles_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string"
}
]
},
"user_obj": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"is_superuser": true,
"groups": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"groups_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"attributes": {"property1": null,
"property2": null
}
}
],
"email": "user@example.com",
"avatar": "string",
"attributes": {"property1": null,
"property2": null
},
"uid": "string",
"path": "string",
"type": "internal",
"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f"
},
"target": "65a17d54-9c67-4477-8b80-d3f97e165aa5",
"negate": true,
"enabled": true,
"order": -2147483648,
"timeout": 2147483647,
"failure_result": true
}

policies_bindings_partial_update

PolicyBinding Viewset

Authorizations:

authentik

path Parameters

policy_binding_uuid

required

string <uuid>

A UUID string identifying this Policy Binding.

Request Body schema: application/json

policy	string or null <uuid>
group	string or null <uuid>
user	integer or null
target	string <uuid>
negate	boolean Negates the outcome of the policy. Messages are unaffected.
enabled	boolean
order	integer [ -2147483648 .. 2147483647 ]
timeout	integer [ 0 .. 2147483647 ] Timeout after which Policy execution is terminated.
failure_result	boolean Result if the Policy execution fails.

Responses

Request samples

Payload

Content type

application/json

{"policy": "b98582cd-72b0-4e39-98a9-ede64030e4c6",
"group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
"user": 0,
"target": "65a17d54-9c67-4477-8b80-d3f97e165aa5",
"negate": true,
"enabled": true,
"order": -2147483648,
"timeout": 2147483647,
"failure_result": true
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policy": "b98582cd-72b0-4e39-98a9-ede64030e4c6",
"group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
"user": 0,
"policy_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"execution_logging": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"bound_to": 0
},
"group_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"users": [0
],
"users_obj": [{"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"email": "user@example.com",
"attributes": {"property1": null,
"property2": null
},
"uid": "string"
}
],
"attributes": {"property1": null,
"property2": null
},
"roles": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"roles_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string"
}
]
},
"user_obj": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"is_superuser": true,
"groups": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"groups_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"attributes": {"property1": null,
"property2": null
}
}
],
"email": "user@example.com",
"avatar": "string",
"attributes": {"property1": null,
"property2": null
},
"uid": "string",
"path": "string",
"type": "internal",
"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f"
},
"target": "65a17d54-9c67-4477-8b80-d3f97e165aa5",
"negate": true,
"enabled": true,
"order": -2147483648,
"timeout": 2147483647,
"failure_result": true
}

policies_bindings_destroy

PolicyBinding Viewset

Authorizations:

authentik

path Parameters

policy_binding_uuid

required

string <uuid>

A UUID string identifying this Policy Binding.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

policies_bindings_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

policy_binding_uuid

required

string <uuid>

A UUID string identifying this Policy Binding.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

policies_dummy_list

Dummy Viewset

Authorizations:

authentik

query Parameters

created	string <date-time>
execution_logging	boolean
last_updated	string <date-time>
name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
policy_uuid	string <uuid>
result	boolean
search	string A search term.
wait_max	integer
wait_min	integer

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"execution_logging": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"bound_to": 0,
"result": true,
"wait_min": -2147483648,
"wait_max": -2147483648
}
]
}

policies_dummy_create

Dummy Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
execution_logging	boolean When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.
result	boolean
wait_min	integer [ -2147483648 .. 2147483647 ]
wait_max	integer [ -2147483648 .. 2147483647 ]

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"execution_logging": true,
"result": true,
"wait_min": -2147483648,
"wait_max": -2147483648
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"execution_logging": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"bound_to": 0,
"result": true,
"wait_min": -2147483648,
"wait_max": -2147483648
}

policies_dummy_retrieve

Dummy Viewset

Authorizations:

authentik

path Parameters

policy_uuid

required

string <uuid>

A UUID string identifying this Dummy Policy.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"execution_logging": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"bound_to": 0,
"result": true,
"wait_min": -2147483648,
"wait_max": -2147483648
}

policies_dummy_update

Dummy Viewset

Authorizations:

authentik

path Parameters

policy_uuid

required

string <uuid>

A UUID string identifying this Dummy Policy.

Request Body schema: application/json
required

name required	string non-empty
execution_logging	boolean When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.
result	boolean
wait_min	integer [ -2147483648 .. 2147483647 ]
wait_max	integer [ -2147483648 .. 2147483647 ]

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"execution_logging": true,
"result": true,
"wait_min": -2147483648,
"wait_max": -2147483648
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"execution_logging": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"bound_to": 0,
"result": true,
"wait_min": -2147483648,
"wait_max": -2147483648
}

policies_dummy_partial_update

Dummy Viewset

Authorizations:

authentik

path Parameters

policy_uuid

required

string <uuid>

A UUID string identifying this Dummy Policy.

Request Body schema: application/json

name	string non-empty
execution_logging	boolean When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.
result	boolean
wait_min	integer [ -2147483648 .. 2147483647 ]
wait_max	integer [ -2147483648 .. 2147483647 ]

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"execution_logging": true,
"result": true,
"wait_min": -2147483648,
"wait_max": -2147483648
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"execution_logging": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"bound_to": 0,
"result": true,
"wait_min": -2147483648,
"wait_max": -2147483648
}

policies_dummy_destroy

Dummy Viewset

Authorizations:

authentik

path Parameters

policy_uuid

required

string <uuid>

A UUID string identifying this Dummy Policy.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

policies_dummy_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

policy_uuid

required

string <uuid>

A UUID string identifying this Dummy Policy.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

policies_event_matcher_list

Event Matcher Policy Viewset

Authorizations:

authentik

query Parameters

action	string or null Enum: "authorize_application" "configuration_error" "custom_" "email_sent" "flow_execution" "impersonation_ended" "impersonation_started" "invitation_used" "login" "login_failed" "logout" "model_created" "model_deleted" "model_updated" "password_set" "policy_exception" "policy_execution" "property_mapping_exception" "secret_rotate" "secret_view" "source_linked" "suspicious_request" "system_exception" "system_task_exception" "system_task_execution" "update_available" "user_write" Match created events with this action type. When left empty, all action types will be matched.
app	string
client_ip	string
created	string <date-time>
execution_logging	boolean
last_updated	string <date-time>
model	string
name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
policy_uuid	string <uuid>
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"execution_logging": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"bound_to": 0,
"action": "login",
"client_ip": "string",
"app": "authentik.tenants",
"model": "authentik_tenants.domain"
}
]
}

policies_event_matcher_create

Event Matcher Policy Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
execution_logging	boolean When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.
action	string or null Enum: "login" "login_failed" "logout" "user_write" "suspicious_request" "password_set" "secret_view" "secret_rotate" "invitation_used" "authorize_application" "source_linked" "impersonation_started" "impersonation_ended" "flow_execution" "policy_execution" "policy_exception" "property_mapping_exception" "system_task_execution" "system_task_exception" "system_exception" "configuration_error" "model_created" "model_updated" "model_deleted" "email_sent" "update_available" "custom_" Match created events with this action type. When left empty, all action types will be matched.
client_ip	string or null non-empty Matches Event's Client IP (strict matching, for network matching use an Expression Policy)
app	string or null Enum: "authentik.tenants" "authentik.admin" "authentik.api" "authentik.crypto" "authentik.flows" "authentik.outposts" "authentik.policies.dummy" "authentik.policies.event_matcher" "authentik.policies.expiry" "authentik.policies.expression" "authentik.policies.password" "authentik.policies.reputation" "authentik.policies" "authentik.providers.ldap" "authentik.providers.oauth2" "authentik.providers.proxy" "authentik.providers.radius" "authentik.providers.saml" "authentik.providers.scim" "authentik.rbac" "authentik.recovery" "authentik.sources.ldap" "authentik.sources.oauth" "authentik.sources.plex" "authentik.sources.saml" "authentik.sources.scim" "authentik.stages.authenticator" "authentik.stages.authenticator_duo" "authentik.stages.authenticator_sms" "authentik.stages.authenticator_static" "authentik.stages.authenticator_totp" "authentik.stages.authenticator_validate" "authentik.stages.authenticator_webauthn" "authentik.stages.captcha" "authentik.stages.consent" "authentik.stages.deny" "authentik.stages.dummy" "authentik.stages.email" "authentik.stages.identification" "authentik.stages.invitation" "authentik.stages.password" "authentik.stages.prompt" "authentik.stages.user_delete" "authentik.stages.user_login" "authentik.stages.user_logout" "authentik.stages.user_write" "authentik.brands" "authentik.blueprints" "authentik.core" "authentik.enterprise" "authentik.enterprise.audit" "authentik.enterprise.providers.rac" "authentik.enterprise.stages.source" "authentik.events" Match events created by selected application. When left empty, all applications are matched.
model	string or null Enum: "authentik_tenants.domain" "authentik_crypto.certificatekeypair" "authentik_flows.flow" "authentik_flows.flowstagebinding" "authentik_outposts.dockerserviceconnection" "authentik_outposts.kubernetesserviceconnection" "authentik_outposts.outpost" "authentik_policies_dummy.dummypolicy" "authentik_policies_event_matcher.eventmatcherpolicy" "authentik_policies_expiry.passwordexpirypolicy" "authentik_policies_expression.expressionpolicy" "authentik_policies_password.passwordpolicy" "authentik_policies_reputation.reputationpolicy" "authentik_policies.policybinding" "authentik_providers_ldap.ldapprovider" "authentik_providers_oauth2.scopemapping" "authentik_providers_oauth2.oauth2provider" "authentik_providers_proxy.proxyprovider" "authentik_providers_radius.radiusprovider" "authentik_providers_saml.samlprovider" "authentik_providers_saml.samlpropertymapping" "authentik_providers_scim.scimprovider" "authentik_providers_scim.scimmapping" "authentik_rbac.role" "authentik_sources_ldap.ldapsource" "authentik_sources_ldap.ldappropertymapping" "authentik_sources_oauth.oauthsource" "authentik_sources_oauth.useroauthsourceconnection" "authentik_sources_plex.plexsource" "authentik_sources_plex.plexsourceconnection" "authentik_sources_saml.samlsource" "authentik_sources_saml.usersamlsourceconnection" "authentik_sources_scim.scimsource" "authentik_stages_authenticator_duo.authenticatorduostage" "authentik_stages_authenticator_duo.duodevice" "authentik_stages_authenticator_sms.authenticatorsmsstage" "authentik_stages_authenticator_sms.smsdevice" "authentik_stages_authenticator_static.authenticatorstaticstage" "authentik_stages_authenticator_static.staticdevice" "authentik_stages_authenticator_totp.authenticatortotpstage" "authentik_stages_authenticator_totp.totpdevice" "authentik_stages_authenticator_validate.authenticatorvalidatestage" "authentik_stages_authenticator_webauthn.authenticatorwebauthnstage" "authentik_stages_authenticator_webauthn.webauthndevice" "authentik_stages_captcha.captchastage" "authentik_stages_consent.consentstage" "authentik_stages_consent.userconsent" "authentik_stages_deny.denystage" "authentik_stages_dummy.dummystage" "authentik_stages_email.emailstage" "authentik_stages_identification.identificationstage" "authentik_stages_invitation.invitationstage" "authentik_stages_invitation.invitation" "authentik_stages_password.passwordstage" "authentik_stages_prompt.prompt" "authentik_stages_prompt.promptstage" "authentik_stages_user_delete.userdeletestage" "authentik_stages_user_login.userloginstage" "authentik_stages_user_logout.userlogoutstage" "authentik_stages_user_write.userwritestage" "authentik_brands.brand" "authentik_blueprints.blueprintinstance" "authentik_core.group" "authentik_core.user" "authentik_core.application" "authentik_core.token" "authentik_enterprise.license" "authentik_providers_rac.racprovider" "authentik_providers_rac.endpoint" "authentik_providers_rac.racpropertymapping" "authentik_stages_source.sourcestage" "authentik_events.event" "authentik_events.notificationtransport" "authentik_events.notification" "authentik_events.notificationrule" "authentik_events.notificationwebhookmapping" Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"execution_logging": true,
"action": "login",
"client_ip": "string",
"app": "authentik.tenants",
"model": "authentik_tenants.domain"
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"execution_logging": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"bound_to": 0,
"action": "login",
"client_ip": "string",
"app": "authentik.tenants",
"model": "authentik_tenants.domain"
}

policies_event_matcher_retrieve

Event Matcher Policy Viewset

Authorizations:

authentik

path Parameters

policy_uuid

required

string <uuid>

A UUID string identifying this Event Matcher Policy.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"execution_logging": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"bound_to": 0,
"action": "login",
"client_ip": "string",
"app": "authentik.tenants",
"model": "authentik_tenants.domain"
}

policies_event_matcher_update

Event Matcher Policy Viewset

Authorizations:

authentik

path Parameters

policy_uuid

required

string <uuid>

A UUID string identifying this Event Matcher Policy.

Request Body schema: application/json
required

name required	string non-empty
execution_logging	boolean When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.
action	string or null Enum: "login" "login_failed" "logout" "user_write" "suspicious_request" "password_set" "secret_view" "secret_rotate" "invitation_used" "authorize_application" "source_linked" "impersonation_started" "impersonation_ended" "flow_execution" "policy_execution" "policy_exception" "property_mapping_exception" "system_task_execution" "system_task_exception" "system_exception" "configuration_error" "model_created" "model_updated" "model_deleted" "email_sent" "update_available" "custom_" Match created events with this action type. When left empty, all action types will be matched.
client_ip	string or null non-empty Matches Event's Client IP (strict matching, for network matching use an Expression Policy)
app	string or null Enum: "authentik.tenants" "authentik.admin" "authentik.api" "authentik.crypto" "authentik.flows" "authentik.outposts" "authentik.policies.dummy" "authentik.policies.event_matcher" "authentik.policies.expiry" "authentik.policies.expression" "authentik.policies.password" "authentik.policies.reputation" "authentik.policies" "authentik.providers.ldap" "authentik.providers.oauth2" "authentik.providers.proxy" "authentik.providers.radius" "authentik.providers.saml" "authentik.providers.scim" "authentik.rbac" "authentik.recovery" "authentik.sources.ldap" "authentik.sources.oauth" "authentik.sources.plex" "authentik.sources.saml" "authentik.sources.scim" "authentik.stages.authenticator" "authentik.stages.authenticator_duo" "authentik.stages.authenticator_sms" "authentik.stages.authenticator_static" "authentik.stages.authenticator_totp" "authentik.stages.authenticator_validate" "authentik.stages.authenticator_webauthn" "authentik.stages.captcha" "authentik.stages.consent" "authentik.stages.deny" "authentik.stages.dummy" "authentik.stages.email" "authentik.stages.identification" "authentik.stages.invitation" "authentik.stages.password" "authentik.stages.prompt" "authentik.stages.user_delete" "authentik.stages.user_login" "authentik.stages.user_logout" "authentik.stages.user_write" "authentik.brands" "authentik.blueprints" "authentik.core" "authentik.enterprise" "authentik.enterprise.audit" "authentik.enterprise.providers.rac" "authentik.enterprise.stages.source" "authentik.events" Match events created by selected application. When left empty, all applications are matched.
model	string or null Enum: "authentik_tenants.domain" "authentik_crypto.certificatekeypair" "authentik_flows.flow" "authentik_flows.flowstagebinding" "authentik_outposts.dockerserviceconnection" "authentik_outposts.kubernetesserviceconnection" "authentik_outposts.outpost" "authentik_policies_dummy.dummypolicy" "authentik_policies_event_matcher.eventmatcherpolicy" "authentik_policies_expiry.passwordexpirypolicy" "authentik_policies_expression.expressionpolicy" "authentik_policies_password.passwordpolicy" "authentik_policies_reputation.reputationpolicy" "authentik_policies.policybinding" "authentik_providers_ldap.ldapprovider" "authentik_providers_oauth2.scopemapping" "authentik_providers_oauth2.oauth2provider" "authentik_providers_proxy.proxyprovider" "authentik_providers_radius.radiusprovider" "authentik_providers_saml.samlprovider" "authentik_providers_saml.samlpropertymapping" "authentik_providers_scim.scimprovider" "authentik_providers_scim.scimmapping" "authentik_rbac.role" "authentik_sources_ldap.ldapsource" "authentik_sources_ldap.ldappropertymapping" "authentik_sources_oauth.oauthsource" "authentik_sources_oauth.useroauthsourceconnection" "authentik_sources_plex.plexsource" "authentik_sources_plex.plexsourceconnection" "authentik_sources_saml.samlsource" "authentik_sources_saml.usersamlsourceconnection" "authentik_sources_scim.scimsource" "authentik_stages_authenticator_duo.authenticatorduostage" "authentik_stages_authenticator_duo.duodevice" "authentik_stages_authenticator_sms.authenticatorsmsstage" "authentik_stages_authenticator_sms.smsdevice" "authentik_stages_authenticator_static.authenticatorstaticstage" "authentik_stages_authenticator_static.staticdevice" "authentik_stages_authenticator_totp.authenticatortotpstage" "authentik_stages_authenticator_totp.totpdevice" "authentik_stages_authenticator_validate.authenticatorvalidatestage" "authentik_stages_authenticator_webauthn.authenticatorwebauthnstage" "authentik_stages_authenticator_webauthn.webauthndevice" "authentik_stages_captcha.captchastage" "authentik_stages_consent.consentstage" "authentik_stages_consent.userconsent" "authentik_stages_deny.denystage" "authentik_stages_dummy.dummystage" "authentik_stages_email.emailstage" "authentik_stages_identification.identificationstage" "authentik_stages_invitation.invitationstage" "authentik_stages_invitation.invitation" "authentik_stages_password.passwordstage" "authentik_stages_prompt.prompt" "authentik_stages_prompt.promptstage" "authentik_stages_user_delete.userdeletestage" "authentik_stages_user_login.userloginstage" "authentik_stages_user_logout.userlogoutstage" "authentik_stages_user_write.userwritestage" "authentik_brands.brand" "authentik_blueprints.blueprintinstance" "authentik_core.group" "authentik_core.user" "authentik_core.application" "authentik_core.token" "authentik_enterprise.license" "authentik_providers_rac.racprovider" "authentik_providers_rac.endpoint" "authentik_providers_rac.racpropertymapping" "authentik_stages_source.sourcestage" "authentik_events.event" "authentik_events.notificationtransport" "authentik_events.notification" "authentik_events.notificationrule" "authentik_events.notificationwebhookmapping" Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"execution_logging": true,
"action": "login",
"client_ip": "string",
"app": "authentik.tenants",
"model": "authentik_tenants.domain"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"execution_logging": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"bound_to": 0,
"action": "login",
"client_ip": "string",
"app": "authentik.tenants",
"model": "authentik_tenants.domain"
}

policies_event_matcher_partial_update

Event Matcher Policy Viewset

Authorizations:

authentik

path Parameters

policy_uuid

required

string <uuid>

A UUID string identifying this Event Matcher Policy.

Request Body schema: application/json

name	string non-empty
execution_logging	boolean When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.
action	string or null Enum: "login" "login_failed" "logout" "user_write" "suspicious_request" "password_set" "secret_view" "secret_rotate" "invitation_used" "authorize_application" "source_linked" "impersonation_started" "impersonation_ended" "flow_execution" "policy_execution" "policy_exception" "property_mapping_exception" "system_task_execution" "system_task_exception" "system_exception" "configuration_error" "model_created" "model_updated" "model_deleted" "email_sent" "update_available" "custom_" Match created events with this action type. When left empty, all action types will be matched.
client_ip	string or null non-empty Matches Event's Client IP (strict matching, for network matching use an Expression Policy)
app	string or null Enum: "authentik.tenants" "authentik.admin" "authentik.api" "authentik.crypto" "authentik.flows" "authentik.outposts" "authentik.policies.dummy" "authentik.policies.event_matcher" "authentik.policies.expiry" "authentik.policies.expression" "authentik.policies.password" "authentik.policies.reputation" "authentik.policies" "authentik.providers.ldap" "authentik.providers.oauth2" "authentik.providers.proxy" "authentik.providers.radius" "authentik.providers.saml" "authentik.providers.scim" "authentik.rbac" "authentik.recovery" "authentik.sources.ldap" "authentik.sources.oauth" "authentik.sources.plex" "authentik.sources.saml" "authentik.sources.scim" "authentik.stages.authenticator" "authentik.stages.authenticator_duo" "authentik.stages.authenticator_sms" "authentik.stages.authenticator_static" "authentik.stages.authenticator_totp" "authentik.stages.authenticator_validate" "authentik.stages.authenticator_webauthn" "authentik.stages.captcha" "authentik.stages.consent" "authentik.stages.deny" "authentik.stages.dummy" "authentik.stages.email" "authentik.stages.identification" "authentik.stages.invitation" "authentik.stages.password" "authentik.stages.prompt" "authentik.stages.user_delete" "authentik.stages.user_login" "authentik.stages.user_logout" "authentik.stages.user_write" "authentik.brands" "authentik.blueprints" "authentik.core" "authentik.enterprise" "authentik.enterprise.audit" "authentik.enterprise.providers.rac" "authentik.enterprise.stages.source" "authentik.events" Match events created by selected application. When left empty, all applications are matched.
model	string or null Enum: "authentik_tenants.domain" "authentik_crypto.certificatekeypair" "authentik_flows.flow" "authentik_flows.flowstagebinding" "authentik_outposts.dockerserviceconnection" "authentik_outposts.kubernetesserviceconnection" "authentik_outposts.outpost" "authentik_policies_dummy.dummypolicy" "authentik_policies_event_matcher.eventmatcherpolicy" "authentik_policies_expiry.passwordexpirypolicy" "authentik_policies_expression.expressionpolicy" "authentik_policies_password.passwordpolicy" "authentik_policies_reputation.reputationpolicy" "authentik_policies.policybinding" "authentik_providers_ldap.ldapprovider" "authentik_providers_oauth2.scopemapping" "authentik_providers_oauth2.oauth2provider" "authentik_providers_proxy.proxyprovider" "authentik_providers_radius.radiusprovider" "authentik_providers_saml.samlprovider" "authentik_providers_saml.samlpropertymapping" "authentik_providers_scim.scimprovider" "authentik_providers_scim.scimmapping" "authentik_rbac.role" "authentik_sources_ldap.ldapsource" "authentik_sources_ldap.ldappropertymapping" "authentik_sources_oauth.oauthsource" "authentik_sources_oauth.useroauthsourceconnection" "authentik_sources_plex.plexsource" "authentik_sources_plex.plexsourceconnection" "authentik_sources_saml.samlsource" "authentik_sources_saml.usersamlsourceconnection" "authentik_sources_scim.scimsource" "authentik_stages_authenticator_duo.authenticatorduostage" "authentik_stages_authenticator_duo.duodevice" "authentik_stages_authenticator_sms.authenticatorsmsstage" "authentik_stages_authenticator_sms.smsdevice" "authentik_stages_authenticator_static.authenticatorstaticstage" "authentik_stages_authenticator_static.staticdevice" "authentik_stages_authenticator_totp.authenticatortotpstage" "authentik_stages_authenticator_totp.totpdevice" "authentik_stages_authenticator_validate.authenticatorvalidatestage" "authentik_stages_authenticator_webauthn.authenticatorwebauthnstage" "authentik_stages_authenticator_webauthn.webauthndevice" "authentik_stages_captcha.captchastage" "authentik_stages_consent.consentstage" "authentik_stages_consent.userconsent" "authentik_stages_deny.denystage" "authentik_stages_dummy.dummystage" "authentik_stages_email.emailstage" "authentik_stages_identification.identificationstage" "authentik_stages_invitation.invitationstage" "authentik_stages_invitation.invitation" "authentik_stages_password.passwordstage" "authentik_stages_prompt.prompt" "authentik_stages_prompt.promptstage" "authentik_stages_user_delete.userdeletestage" "authentik_stages_user_login.userloginstage" "authentik_stages_user_logout.userlogoutstage" "authentik_stages_user_write.userwritestage" "authentik_brands.brand" "authentik_blueprints.blueprintinstance" "authentik_core.group" "authentik_core.user" "authentik_core.application" "authentik_core.token" "authentik_enterprise.license" "authentik_providers_rac.racprovider" "authentik_providers_rac.endpoint" "authentik_providers_rac.racpropertymapping" "authentik_stages_source.sourcestage" "authentik_events.event" "authentik_events.notificationtransport" "authentik_events.notification" "authentik_events.notificationrule" "authentik_events.notificationwebhookmapping" Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"execution_logging": true,
"action": "login",
"client_ip": "string",
"app": "authentik.tenants",
"model": "authentik_tenants.domain"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"execution_logging": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"bound_to": 0,
"action": "login",
"client_ip": "string",
"app": "authentik.tenants",
"model": "authentik_tenants.domain"
}

policies_event_matcher_destroy

Event Matcher Policy Viewset

Authorizations:

authentik

path Parameters

policy_uuid

required

string <uuid>

A UUID string identifying this Event Matcher Policy.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

policies_event_matcher_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

policy_uuid

required

string <uuid>

A UUID string identifying this Event Matcher Policy.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

policies_expression_list

Source Viewset

Authorizations:

authentik

query Parameters

created	string <date-time>
execution_logging	boolean
expression	string
last_updated	string <date-time>
name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
policy_uuid	string <uuid>
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"execution_logging": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"bound_to": 0,
"expression": "string"
}
]
}

policies_expression_create

Source Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
execution_logging	boolean When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.
expression required	string non-empty

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"execution_logging": true,
"expression": "string"
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"execution_logging": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"bound_to": 0,
"expression": "string"
}

policies_expression_retrieve

Source Viewset

Authorizations:

authentik

path Parameters

policy_uuid

required

string <uuid>

A UUID string identifying this Expression Policy.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"execution_logging": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"bound_to": 0,
"expression": "string"
}

policies_expression_update

Source Viewset

Authorizations:

authentik

path Parameters

policy_uuid

required

string <uuid>

A UUID string identifying this Expression Policy.

Request Body schema: application/json
required

name required	string non-empty
execution_logging	boolean When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.
expression required	string non-empty

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"execution_logging": true,
"expression": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"execution_logging": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"bound_to": 0,
"expression": "string"
}

policies_expression_partial_update

Source Viewset

Authorizations:

authentik

path Parameters

policy_uuid

required

string <uuid>

A UUID string identifying this Expression Policy.

Request Body schema: application/json

name	string non-empty
execution_logging	boolean When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.
expression	string non-empty

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"execution_logging": true,
"expression": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"execution_logging": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"bound_to": 0,
"expression": "string"
}

policies_expression_destroy

Source Viewset

Authorizations:

authentik

path Parameters

policy_uuid

required

string <uuid>

A UUID string identifying this Expression Policy.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

policies_expression_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

policy_uuid

required

string <uuid>

A UUID string identifying this Expression Policy.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

policies_password_list

Password Policy Viewset

Authorizations:

authentik

query Parameters

amount_digits	integer
amount_lowercase	integer
amount_symbols	integer
amount_uppercase	integer
check_have_i_been_pwned	boolean
check_static_rules	boolean
check_zxcvbn	boolean
created	string <date-time>
error_message	string
execution_logging	boolean
hibp_allowed_count	integer
last_updated	string <date-time>
length_min	integer
name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
password_field	string
policy_uuid	string <uuid>
search	string A search term.
symbol_charset	string
zxcvbn_score_threshold	integer

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"execution_logging": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"bound_to": 0,
"password_field": "string",
"amount_digits": 2147483647,
"amount_uppercase": 2147483647,
"amount_lowercase": 2147483647,
"amount_symbols": 2147483647,
"length_min": 2147483647,
"symbol_charset": "string",
"error_message": "string",
"check_static_rules": true,
"check_have_i_been_pwned": true,
"check_zxcvbn": true,
"hibp_allowed_count": 2147483647,
"zxcvbn_score_threshold": 2147483647
}
]
}

policies_password_create

Password Policy Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
execution_logging	boolean When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.
password_field	string non-empty Field key to check, field keys defined in Prompt stages are available.
amount_digits	integer [ 0 .. 2147483647 ]
amount_uppercase	integer [ 0 .. 2147483647 ]
amount_lowercase	integer [ 0 .. 2147483647 ]
amount_symbols	integer [ 0 .. 2147483647 ]
length_min	integer [ 0 .. 2147483647 ]
symbol_charset	string non-empty
error_message	string
check_static_rules	boolean
check_have_i_been_pwned	boolean
check_zxcvbn	boolean
hibp_allowed_count	integer [ 0 .. 2147483647 ] How many times the password hash is allowed to be on haveibeenpwned
zxcvbn_score_threshold	integer [ 0 .. 2147483647 ] If the zxcvbn score is equal or less than this value, the policy will fail.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"execution_logging": true,
"password_field": "string",
"amount_digits": 2147483647,
"amount_uppercase": 2147483647,
"amount_lowercase": 2147483647,
"amount_symbols": 2147483647,
"length_min": 2147483647,
"symbol_charset": "string",
"error_message": "string",
"check_static_rules": true,
"check_have_i_been_pwned": true,
"check_zxcvbn": true,
"hibp_allowed_count": 2147483647,
"zxcvbn_score_threshold": 2147483647
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"execution_logging": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"bound_to": 0,
"password_field": "string",
"amount_digits": 2147483647,
"amount_uppercase": 2147483647,
"amount_lowercase": 2147483647,
"amount_symbols": 2147483647,
"length_min": 2147483647,
"symbol_charset": "string",
"error_message": "string",
"check_static_rules": true,
"check_have_i_been_pwned": true,
"check_zxcvbn": true,
"hibp_allowed_count": 2147483647,
"zxcvbn_score_threshold": 2147483647
}

policies_password_retrieve

Password Policy Viewset

Authorizations:

authentik

path Parameters

policy_uuid

required

string <uuid>

A UUID string identifying this Password Policy.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"execution_logging": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"bound_to": 0,
"password_field": "string",
"amount_digits": 2147483647,
"amount_uppercase": 2147483647,
"amount_lowercase": 2147483647,
"amount_symbols": 2147483647,
"length_min": 2147483647,
"symbol_charset": "string",
"error_message": "string",
"check_static_rules": true,
"check_have_i_been_pwned": true,
"check_zxcvbn": true,
"hibp_allowed_count": 2147483647,
"zxcvbn_score_threshold": 2147483647
}

policies_password_update

Password Policy Viewset

Authorizations:

authentik

path Parameters

policy_uuid

required

string <uuid>

A UUID string identifying this Password Policy.

Request Body schema: application/json
required

name required	string non-empty
execution_logging	boolean When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.
password_field	string non-empty Field key to check, field keys defined in Prompt stages are available.
amount_digits	integer [ 0 .. 2147483647 ]
amount_uppercase	integer [ 0 .. 2147483647 ]
amount_lowercase	integer [ 0 .. 2147483647 ]
amount_symbols	integer [ 0 .. 2147483647 ]
length_min	integer [ 0 .. 2147483647 ]
symbol_charset	string non-empty
error_message	string
check_static_rules	boolean
check_have_i_been_pwned	boolean
check_zxcvbn	boolean
hibp_allowed_count	integer [ 0 .. 2147483647 ] How many times the password hash is allowed to be on haveibeenpwned
zxcvbn_score_threshold	integer [ 0 .. 2147483647 ] If the zxcvbn score is equal or less than this value, the policy will fail.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"execution_logging": true,
"password_field": "string",
"amount_digits": 2147483647,
"amount_uppercase": 2147483647,
"amount_lowercase": 2147483647,
"amount_symbols": 2147483647,
"length_min": 2147483647,
"symbol_charset": "string",
"error_message": "string",
"check_static_rules": true,
"check_have_i_been_pwned": true,
"check_zxcvbn": true,
"hibp_allowed_count": 2147483647,
"zxcvbn_score_threshold": 2147483647
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"execution_logging": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"bound_to": 0,
"password_field": "string",
"amount_digits": 2147483647,
"amount_uppercase": 2147483647,
"amount_lowercase": 2147483647,
"amount_symbols": 2147483647,
"length_min": 2147483647,
"symbol_charset": "string",
"error_message": "string",
"check_static_rules": true,
"check_have_i_been_pwned": true,
"check_zxcvbn": true,
"hibp_allowed_count": 2147483647,
"zxcvbn_score_threshold": 2147483647
}

policies_password_partial_update

Password Policy Viewset

Authorizations:

authentik

path Parameters

policy_uuid

required

string <uuid>

A UUID string identifying this Password Policy.

Request Body schema: application/json

name	string non-empty
execution_logging	boolean When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.
password_field	string non-empty Field key to check, field keys defined in Prompt stages are available.
amount_digits	integer [ 0 .. 2147483647 ]
amount_uppercase	integer [ 0 .. 2147483647 ]
amount_lowercase	integer [ 0 .. 2147483647 ]
amount_symbols	integer [ 0 .. 2147483647 ]
length_min	integer [ 0 .. 2147483647 ]
symbol_charset	string non-empty
error_message	string
check_static_rules	boolean
check_have_i_been_pwned	boolean
check_zxcvbn	boolean
hibp_allowed_count	integer [ 0 .. 2147483647 ] How many times the password hash is allowed to be on haveibeenpwned
zxcvbn_score_threshold	integer [ 0 .. 2147483647 ] If the zxcvbn score is equal or less than this value, the policy will fail.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"execution_logging": true,
"password_field": "string",
"amount_digits": 2147483647,
"amount_uppercase": 2147483647,
"amount_lowercase": 2147483647,
"amount_symbols": 2147483647,
"length_min": 2147483647,
"symbol_charset": "string",
"error_message": "string",
"check_static_rules": true,
"check_have_i_been_pwned": true,
"check_zxcvbn": true,
"hibp_allowed_count": 2147483647,
"zxcvbn_score_threshold": 2147483647
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"execution_logging": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"bound_to": 0,
"password_field": "string",
"amount_digits": 2147483647,
"amount_uppercase": 2147483647,
"amount_lowercase": 2147483647,
"amount_symbols": 2147483647,
"length_min": 2147483647,
"symbol_charset": "string",
"error_message": "string",
"check_static_rules": true,
"check_have_i_been_pwned": true,
"check_zxcvbn": true,
"hibp_allowed_count": 2147483647,
"zxcvbn_score_threshold": 2147483647
}

policies_password_destroy

Password Policy Viewset

Authorizations:

authentik

path Parameters

policy_uuid

required

string <uuid>

A UUID string identifying this Password Policy.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

policies_password_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

policy_uuid

required

string <uuid>

A UUID string identifying this Password Policy.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

policies_password_expiry_list

Password Expiry Viewset

Authorizations:

authentik

query Parameters

created	string <date-time>
days	integer
deny_only	boolean
execution_logging	boolean
last_updated	string <date-time>
name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
policy_uuid	string <uuid>
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"execution_logging": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"bound_to": 0,
"days": -2147483648,
"deny_only": true
}
]
}

policies_password_expiry_create

Password Expiry Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
execution_logging	boolean When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.
days required	integer [ -2147483648 .. 2147483647 ]
deny_only	boolean

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"execution_logging": true,
"days": -2147483648,
"deny_only": true
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"execution_logging": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"bound_to": 0,
"days": -2147483648,
"deny_only": true
}

policies_password_expiry_retrieve

Password Expiry Viewset

Authorizations:

authentik

path Parameters

policy_uuid

required

string <uuid>

A UUID string identifying this Password Expiry Policy.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"execution_logging": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"bound_to": 0,
"days": -2147483648,
"deny_only": true
}

policies_password_expiry_update

Password Expiry Viewset

Authorizations:

authentik

path Parameters

policy_uuid

required

string <uuid>

A UUID string identifying this Password Expiry Policy.

Request Body schema: application/json
required

name required	string non-empty
execution_logging	boolean When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.
days required	integer [ -2147483648 .. 2147483647 ]
deny_only	boolean

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"execution_logging": true,
"days": -2147483648,
"deny_only": true
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"execution_logging": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"bound_to": 0,
"days": -2147483648,
"deny_only": true
}

policies_password_expiry_partial_update

Password Expiry Viewset

Authorizations:

authentik

path Parameters

policy_uuid

required

string <uuid>

A UUID string identifying this Password Expiry Policy.

Request Body schema: application/json

name	string non-empty
execution_logging	boolean When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.
days	integer [ -2147483648 .. 2147483647 ]
deny_only	boolean

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"execution_logging": true,
"days": -2147483648,
"deny_only": true
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"execution_logging": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"bound_to": 0,
"days": -2147483648,
"deny_only": true
}

policies_password_expiry_destroy

Password Expiry Viewset

Authorizations:

authentik

path Parameters

policy_uuid

required

string <uuid>

A UUID string identifying this Password Expiry Policy.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

policies_password_expiry_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

policy_uuid

required

string <uuid>

A UUID string identifying this Password Expiry Policy.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

policies_reputation_list

Reputation Policy Viewset

Authorizations:

authentik

query Parameters

check_ip	boolean
check_username	boolean
created	string <date-time>
execution_logging	boolean
last_updated	string <date-time>
name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
policy_uuid	string <uuid>
search	string A search term.
threshold	integer

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"execution_logging": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"bound_to": 0,
"check_ip": true,
"check_username": true,
"threshold": -2147483648
}
]
}

policies_reputation_create

Reputation Policy Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
execution_logging	boolean When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.
check_ip	boolean
check_username	boolean
threshold	integer [ -2147483648 .. 2147483647 ]

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"execution_logging": true,
"check_ip": true,
"check_username": true,
"threshold": -2147483648
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"execution_logging": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"bound_to": 0,
"check_ip": true,
"check_username": true,
"threshold": -2147483648
}

policies_reputation_retrieve

Reputation Policy Viewset

Authorizations:

authentik

path Parameters

policy_uuid

required

string <uuid>

A UUID string identifying this Reputation Policy.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"execution_logging": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"bound_to": 0,
"check_ip": true,
"check_username": true,
"threshold": -2147483648
}

policies_reputation_update

Reputation Policy Viewset

Authorizations:

authentik

path Parameters

policy_uuid

required

string <uuid>

A UUID string identifying this Reputation Policy.

Request Body schema: application/json
required

name required	string non-empty
execution_logging	boolean When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.
check_ip	boolean
check_username	boolean
threshold	integer [ -2147483648 .. 2147483647 ]

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"execution_logging": true,
"check_ip": true,
"check_username": true,
"threshold": -2147483648
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"execution_logging": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"bound_to": 0,
"check_ip": true,
"check_username": true,
"threshold": -2147483648
}

policies_reputation_partial_update

Reputation Policy Viewset

Authorizations:

authentik

path Parameters

policy_uuid

required

string <uuid>

A UUID string identifying this Reputation Policy.

Request Body schema: application/json

name	string non-empty
execution_logging	boolean When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.
check_ip	boolean
check_username	boolean
threshold	integer [ -2147483648 .. 2147483647 ]

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"execution_logging": true,
"check_ip": true,
"check_username": true,
"threshold": -2147483648
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"execution_logging": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"bound_to": 0,
"check_ip": true,
"check_username": true,
"threshold": -2147483648
}

policies_reputation_destroy

Reputation Policy Viewset

Authorizations:

authentik

path Parameters

policy_uuid

required

string <uuid>

A UUID string identifying this Reputation Policy.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

policies_reputation_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

policy_uuid

required

string <uuid>

A UUID string identifying this Reputation Policy.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

policies_reputation_scores_list

Reputation Viewset

Authorizations:

authentik

query Parameters

identifier	string
ip	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
score	integer
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"identifier": "string",
"ip": "string",
"ip_geo_data": null,
"ip_asn_data": null,
"score": -9223372036854776000,
"updated": "2019-08-24T14:15:22Z"
}
]
}

policies_reputation_scores_retrieve

Reputation Viewset

Authorizations:

authentik

path Parameters

reputation_uuid

required

string <uuid>

A UUID string identifying this Reputation Score.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"identifier": "string",
"ip": "string",
"ip_geo_data": null,
"ip_asn_data": null,
"score": -9223372036854776000,
"updated": "2019-08-24T14:15:22Z"
}

policies_reputation_scores_destroy

Reputation Viewset

Authorizations:

authentik

path Parameters

reputation_uuid

required

string <uuid>

A UUID string identifying this Reputation Score.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

policies_reputation_scores_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

reputation_uuid

required

string <uuid>

A UUID string identifying this Reputation Score.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

propertymappings

propertymappings_all_list

PropertyMapping Viewset

Authorizations:

authentik

query Parameters

managed__isnull	boolean
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"managed": "string",
"name": "string",
"expression": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string"
}
]
}

propertymappings_all_retrieve

PropertyMapping Viewset

Authorizations:

authentik

path Parameters

pm_uuid

required

string <uuid>

A UUID string identifying this Property Mapping.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"managed": "string",
"name": "string",
"expression": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string"
}

propertymappings_all_destroy

PropertyMapping Viewset

Authorizations:

authentik

path Parameters

pm_uuid

required

string <uuid>

A UUID string identifying this Property Mapping.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

propertymappings_all_test_create

Test Property Mapping

Authorizations:

authentik

path Parameters

pm_uuid

required

string <uuid>

A UUID string identifying this Property Mapping.

query Parameters

format_result

boolean

Request Body schema: application/json
required

user required	integer
	object

Responses

Request samples

Payload

Content type

application/json

{"user": 0,
"context": {"property1": null,
"property2": null
}
}

Response samples

200
403

Content type

application/json

{"result": "string",
"successful": true
}

propertymappings_all_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

pm_uuid

required

string <uuid>

A UUID string identifying this Property Mapping.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

propertymappings_all_types_list

Get all creatable property-mapping types

Authorizations:

authentik

Responses

Response samples

200
400
403

Content type

application/json

[{"name": "string",
"description": "string",
"component": "string",
"model_name": "string",
"requires_enterprise": false
}
]

propertymappings_ldap_list

LDAP PropertyMapping Viewset

Authorizations:

authentik

query Parameters

expression	string
managed	Array of strings
name	string
object_field	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
pm_uuid	string <uuid>
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"managed": "string",
"name": "string",
"expression": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"object_field": "string"
}
]
}

propertymappings_ldap_create

LDAP PropertyMapping Viewset

Authorizations:

authentik

Request Body schema: application/json
required

managed	string or null (Managed by authentik) non-empty Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
name required	string non-empty
expression required	string non-empty
object_field required	string non-empty

Responses

Request samples

Payload

Content type

application/json

{"managed": "string",
"name": "string",
"expression": "string",
"object_field": "string"
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"managed": "string",
"name": "string",
"expression": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"object_field": "string"
}

propertymappings_ldap_retrieve

LDAP PropertyMapping Viewset

Authorizations:

authentik

path Parameters

pm_uuid

required

string <uuid>

A UUID string identifying this LDAP Property Mapping.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"managed": "string",
"name": "string",
"expression": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"object_field": "string"
}

propertymappings_ldap_update

LDAP PropertyMapping Viewset

Authorizations:

authentik

path Parameters

pm_uuid

required

string <uuid>

A UUID string identifying this LDAP Property Mapping.

Request Body schema: application/json
required

managed	string or null (Managed by authentik) non-empty Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
name required	string non-empty
expression required	string non-empty
object_field required	string non-empty

Responses

Request samples

Payload

Content type

application/json

{"managed": "string",
"name": "string",
"expression": "string",
"object_field": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"managed": "string",
"name": "string",
"expression": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"object_field": "string"
}

propertymappings_ldap_partial_update

LDAP PropertyMapping Viewset

Authorizations:

authentik

path Parameters

pm_uuid

required

string <uuid>

A UUID string identifying this LDAP Property Mapping.

Request Body schema: application/json

managed	string or null (Managed by authentik) non-empty Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
name	string non-empty
expression	string non-empty
object_field	string non-empty

Responses

Request samples

Payload

Content type

application/json

{"managed": "string",
"name": "string",
"expression": "string",
"object_field": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"managed": "string",
"name": "string",
"expression": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"object_field": "string"
}

propertymappings_ldap_destroy

LDAP PropertyMapping Viewset

Authorizations:

authentik

path Parameters

pm_uuid

required

string <uuid>

A UUID string identifying this LDAP Property Mapping.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

propertymappings_ldap_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

pm_uuid

required

string <uuid>

A UUID string identifying this LDAP Property Mapping.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

propertymappings_notification_list

NotificationWebhookMapping Viewset

Authorizations:

authentik

query Parameters

name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"expression": "string"
}
]
}

propertymappings_notification_create

NotificationWebhookMapping Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
expression required	string non-empty

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"expression": "string"
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"expression": "string"
}

propertymappings_notification_retrieve

NotificationWebhookMapping Viewset

Authorizations:

authentik

path Parameters

pm_uuid

required

string <uuid>

A UUID string identifying this Webhook Mapping.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"expression": "string"
}

propertymappings_notification_update

NotificationWebhookMapping Viewset

Authorizations:

authentik

path Parameters

pm_uuid

required

string <uuid>

A UUID string identifying this Webhook Mapping.

Request Body schema: application/json
required

name required	string non-empty
expression required	string non-empty

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"expression": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"expression": "string"
}

propertymappings_notification_partial_update

NotificationWebhookMapping Viewset

Authorizations:

authentik

path Parameters

pm_uuid

required

string <uuid>

A UUID string identifying this Webhook Mapping.

Request Body schema: application/json

name	string non-empty
expression	string non-empty

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"expression": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"expression": "string"
}

propertymappings_notification_destroy

NotificationWebhookMapping Viewset

Authorizations:

authentik

path Parameters

pm_uuid

required

string <uuid>

A UUID string identifying this Webhook Mapping.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

propertymappings_notification_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

pm_uuid

required

string <uuid>

A UUID string identifying this Webhook Mapping.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

propertymappings_rac_list

RACPropertyMapping Viewset

Authorizations:

authentik

query Parameters

managed	Array of strings
name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"managed": "string",
"name": "string",
"expression": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"static_settings": {"property1": null,
"property2": null
}
}
]
}

propertymappings_rac_create

RACPropertyMapping Viewset

Authorizations:

authentik

Request Body schema: application/json
required

managed	string or null (Managed by authentik) non-empty Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
name required	string non-empty
expression	string
required	object

Responses

Request samples

Payload

Content type

application/json

{"managed": "string",
"name": "string",
"expression": "string",
"static_settings": {"property1": null,
"property2": null
}
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"managed": "string",
"name": "string",
"expression": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"static_settings": {"property1": null,
"property2": null
}
}

propertymappings_rac_retrieve

RACPropertyMapping Viewset

Authorizations:

authentik

path Parameters

pm_uuid

required

string <uuid>

A UUID string identifying this RAC Property Mapping.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"managed": "string",
"name": "string",
"expression": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"static_settings": {"property1": null,
"property2": null
}
}

propertymappings_rac_update

RACPropertyMapping Viewset

Authorizations:

authentik

path Parameters

pm_uuid

required

string <uuid>

A UUID string identifying this RAC Property Mapping.

Request Body schema: application/json
required

managed	string or null (Managed by authentik) non-empty Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
name required	string non-empty
expression	string
required	object

Responses

Request samples

Payload

Content type

application/json

{"managed": "string",
"name": "string",
"expression": "string",
"static_settings": {"property1": null,
"property2": null
}
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"managed": "string",
"name": "string",
"expression": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"static_settings": {"property1": null,
"property2": null
}
}

propertymappings_rac_partial_update

RACPropertyMapping Viewset

Authorizations:

authentik

path Parameters

pm_uuid

required

string <uuid>

A UUID string identifying this RAC Property Mapping.

Request Body schema: application/json

managed	string or null (Managed by authentik) non-empty Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
name	string non-empty
expression	string
	object

Responses

Request samples

Payload

Content type

application/json

{"managed": "string",
"name": "string",
"expression": "string",
"static_settings": {"property1": null,
"property2": null
}
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"managed": "string",
"name": "string",
"expression": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"static_settings": {"property1": null,
"property2": null
}
}

propertymappings_rac_destroy

RACPropertyMapping Viewset

Authorizations:

authentik

path Parameters

pm_uuid

required

string <uuid>

A UUID string identifying this RAC Property Mapping.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

propertymappings_rac_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

pm_uuid

required

string <uuid>

A UUID string identifying this RAC Property Mapping.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

propertymappings_saml_list

SAMLPropertyMapping Viewset

Authorizations:

authentik

query Parameters

expression	string
friendly_name	string
managed	Array of strings
name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
pm_uuid	string <uuid>
saml_name	string
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"managed": "string",
"name": "string",
"expression": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"saml_name": "string",
"friendly_name": "string"
}
]
}

propertymappings_saml_create

SAMLPropertyMapping Viewset

Authorizations:

authentik

Request Body schema: application/json
required

managed	string or null (Managed by authentik) non-empty Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
name required	string non-empty
expression required	string non-empty
saml_name required	string non-empty
friendly_name	string or null

Responses

Request samples

Payload

Content type

application/json

{"managed": "string",
"name": "string",
"expression": "string",
"saml_name": "string",
"friendly_name": "string"
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"managed": "string",
"name": "string",
"expression": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"saml_name": "string",
"friendly_name": "string"
}

propertymappings_saml_retrieve

SAMLPropertyMapping Viewset

Authorizations:

authentik

path Parameters

pm_uuid

required

string <uuid>

A UUID string identifying this SAML Property Mapping.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"managed": "string",
"name": "string",
"expression": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"saml_name": "string",
"friendly_name": "string"
}

propertymappings_saml_update

SAMLPropertyMapping Viewset

Authorizations:

authentik

path Parameters

pm_uuid

required

string <uuid>

A UUID string identifying this SAML Property Mapping.

Request Body schema: application/json
required

managed	string or null (Managed by authentik) non-empty Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
name required	string non-empty
expression required	string non-empty
saml_name required	string non-empty
friendly_name	string or null

Responses

Request samples

Payload

Content type

application/json

{"managed": "string",
"name": "string",
"expression": "string",
"saml_name": "string",
"friendly_name": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"managed": "string",
"name": "string",
"expression": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"saml_name": "string",
"friendly_name": "string"
}

propertymappings_saml_partial_update

SAMLPropertyMapping Viewset

Authorizations:

authentik

path Parameters

pm_uuid

required

string <uuid>

A UUID string identifying this SAML Property Mapping.

Request Body schema: application/json

managed	string or null (Managed by authentik) non-empty Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
name	string non-empty
expression	string non-empty
saml_name	string non-empty
friendly_name	string or null

Responses

Request samples

Payload

Content type

application/json

{"managed": "string",
"name": "string",
"expression": "string",
"saml_name": "string",
"friendly_name": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"managed": "string",
"name": "string",
"expression": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"saml_name": "string",
"friendly_name": "string"
}

propertymappings_saml_destroy

SAMLPropertyMapping Viewset

Authorizations:

authentik

path Parameters

pm_uuid

required

string <uuid>

A UUID string identifying this SAML Property Mapping.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

propertymappings_saml_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

pm_uuid

required

string <uuid>

A UUID string identifying this SAML Property Mapping.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

propertymappings_scim_list

SCIMMapping Viewset

Authorizations:

authentik

query Parameters

expression	string
managed	Array of strings
name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
pm_uuid	string <uuid>
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"managed": "string",
"name": "string",
"expression": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string"
}
]
}

propertymappings_scim_create

SCIMMapping Viewset

Authorizations:

authentik

Request Body schema: application/json
required

managed	string or null (Managed by authentik) non-empty Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
name required	string non-empty
expression required	string non-empty

Responses

Request samples

Payload

Content type

application/json

{"managed": "string",
"name": "string",
"expression": "string"
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"managed": "string",
"name": "string",
"expression": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string"
}

propertymappings_scim_retrieve

SCIMMapping Viewset

Authorizations:

authentik

path Parameters

pm_uuid

required

string <uuid>

A UUID string identifying this SCIM Mapping.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"managed": "string",
"name": "string",
"expression": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string"
}

propertymappings_scim_update

SCIMMapping Viewset

Authorizations:

authentik

path Parameters

pm_uuid

required

string <uuid>

A UUID string identifying this SCIM Mapping.

Request Body schema: application/json
required

managed	string or null (Managed by authentik) non-empty Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
name required	string non-empty
expression required	string non-empty

Responses

Request samples

Payload

Content type

application/json

{"managed": "string",
"name": "string",
"expression": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"managed": "string",
"name": "string",
"expression": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string"
}

propertymappings_scim_partial_update

SCIMMapping Viewset

Authorizations:

authentik

path Parameters

pm_uuid

required

string <uuid>

A UUID string identifying this SCIM Mapping.

Request Body schema: application/json

managed	string or null (Managed by authentik) non-empty Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
name	string non-empty
expression	string non-empty

Responses

Request samples

Payload

Content type

application/json

{"managed": "string",
"name": "string",
"expression": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"managed": "string",
"name": "string",
"expression": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string"
}

propertymappings_scim_destroy

SCIMMapping Viewset

Authorizations:

authentik

path Parameters

pm_uuid

required

string <uuid>

A UUID string identifying this SCIM Mapping.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

propertymappings_scim_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

pm_uuid

required

string <uuid>

A UUID string identifying this SCIM Mapping.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

propertymappings_scope_list

ScopeMapping Viewset

Authorizations:

authentik

query Parameters

managed	Array of strings
name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
scope_name	string
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"managed": "string",
"name": "string",
"expression": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"scope_name": "string",
"description": "string"
}
]
}

propertymappings_scope_create

ScopeMapping Viewset

Authorizations:

authentik

Request Body schema: application/json
required

managed	string or null (Managed by authentik) non-empty Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
name required	string non-empty
expression required	string non-empty
scope_name required	string non-empty Scope name requested by the client
description	string Description shown to the user when consenting. If left empty, the user won't be informed.

Responses

Request samples

Payload

Content type

application/json

{"managed": "string",
"name": "string",
"expression": "string",
"scope_name": "string",
"description": "string"
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"managed": "string",
"name": "string",
"expression": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"scope_name": "string",
"description": "string"
}

propertymappings_scope_retrieve

ScopeMapping Viewset

Authorizations:

authentik

path Parameters

pm_uuid

required

string <uuid>

A UUID string identifying this Scope Mapping.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"managed": "string",
"name": "string",
"expression": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"scope_name": "string",
"description": "string"
}

propertymappings_scope_update

ScopeMapping Viewset

Authorizations:

authentik

path Parameters

pm_uuid

required

string <uuid>

A UUID string identifying this Scope Mapping.

Request Body schema: application/json
required

managed	string or null (Managed by authentik) non-empty Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
name required	string non-empty
expression required	string non-empty
scope_name required	string non-empty Scope name requested by the client
description	string Description shown to the user when consenting. If left empty, the user won't be informed.

Responses

Request samples

Payload

Content type

application/json

{"managed": "string",
"name": "string",
"expression": "string",
"scope_name": "string",
"description": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"managed": "string",
"name": "string",
"expression": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"scope_name": "string",
"description": "string"
}

propertymappings_scope_partial_update

ScopeMapping Viewset

Authorizations:

authentik

path Parameters

pm_uuid

required

string <uuid>

A UUID string identifying this Scope Mapping.

Request Body schema: application/json

managed	string or null (Managed by authentik) non-empty Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
name	string non-empty
expression	string non-empty
scope_name	string non-empty Scope name requested by the client
description	string Description shown to the user when consenting. If left empty, the user won't be informed.

Responses

Request samples

Payload

Content type

application/json

{"managed": "string",
"name": "string",
"expression": "string",
"scope_name": "string",
"description": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"managed": "string",
"name": "string",
"expression": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"scope_name": "string",
"description": "string"
}

propertymappings_scope_destroy

ScopeMapping Viewset

Authorizations:

authentik

path Parameters

pm_uuid

required

string <uuid>

A UUID string identifying this Scope Mapping.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

propertymappings_scope_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

pm_uuid

required

string <uuid>

A UUID string identifying this Scope Mapping.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

providers

providers_all_list

Provider Viewset

Authorizations:

authentik

query Parameters

application__isnull	boolean
backchannel_only	boolean
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string"
}
]
}

providers_all_retrieve

Provider Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this provider.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string"
}

providers_all_destroy

Provider Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this provider.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

providers_all_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this provider.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

providers_all_types_list

Get all creatable provider types

Authorizations:

authentik

Responses

Response samples

200
400
403

Content type

application/json

[{"name": "string",
"description": "string",
"component": "string",
"model_name": "string",
"requires_enterprise": false
}
]

providers_ldap_list

LDAPProvider Viewset

Authorizations:

authentik

query Parameters

application__isnull	boolean
authorization_flow__slug__iexact	string
base_dn__iexact	string
certificate__kp_uuid__iexact	string <uuid>
certificate__name__iexact	string
gid_start_number__iexact	integer
name__iexact	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.
search_group__group_uuid__iexact	string <uuid>
search_group__name__iexact	string
tls_server_name__iexact	string
uid_start_number__iexact	integer

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"base_dn": "string",
"search_group": "bfbd661e-4d78-456a-b020-3a3c48f6db9b",
"certificate": "b7dc5fd8-9c23-4dd8-a5cb-7431da1854eb",
"tls_server_name": "string",
"uid_start_number": -2147483648,
"gid_start_number": -2147483648,
"outpost_set": ["string"
],
"search_mode": "direct",
"bind_mode": "direct",
"mfa_support": true
}
]
}

providers_ldap_create

LDAPProvider Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
authentication_flow	string or null <uuid> Flow used for authentication when the associated application is accessed by an un-authenticated user.
authorization_flow required	string <uuid> Flow used when authorizing this provider.
property_mappings	Array of strings <uuid> [ items <uuid > ]
base_dn	string non-empty DN under which objects are accessible.
search_group	string or null <uuid> Users in this group can do search queries. If not set, every user can execute search queries.
certificate	string or null <uuid>
tls_server_name	string
uid_start_number	integer [ -2147483648 .. 2147483647 ] The start for uidNumbers, this number is added to the user.pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber
gid_start_number	integer [ -2147483648 .. 2147483647 ] The start for gidNumbers, this number is added to a number generated from the group.pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber
search_mode	string (LDAPAPIAccessMode) Enum: "direct" "cached"
bind_mode	string (LDAPAPIAccessMode) Enum: "direct" "cached"
mfa_support	boolean When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"base_dn": "string",
"search_group": "bfbd661e-4d78-456a-b020-3a3c48f6db9b",
"certificate": "b7dc5fd8-9c23-4dd8-a5cb-7431da1854eb",
"tls_server_name": "string",
"uid_start_number": -2147483648,
"gid_start_number": -2147483648,
"search_mode": "direct",
"bind_mode": "direct",
"mfa_support": true
}

Response samples

201
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"base_dn": "string",
"search_group": "bfbd661e-4d78-456a-b020-3a3c48f6db9b",
"certificate": "b7dc5fd8-9c23-4dd8-a5cb-7431da1854eb",
"tls_server_name": "string",
"uid_start_number": -2147483648,
"gid_start_number": -2147483648,
"outpost_set": ["string"
],
"search_mode": "direct",
"bind_mode": "direct",
"mfa_support": true
}

providers_ldap_retrieve

LDAPProvider Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this LDAP Provider.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"base_dn": "string",
"search_group": "bfbd661e-4d78-456a-b020-3a3c48f6db9b",
"certificate": "b7dc5fd8-9c23-4dd8-a5cb-7431da1854eb",
"tls_server_name": "string",
"uid_start_number": -2147483648,
"gid_start_number": -2147483648,
"outpost_set": ["string"
],
"search_mode": "direct",
"bind_mode": "direct",
"mfa_support": true
}

providers_ldap_update

LDAPProvider Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this LDAP Provider.

Request Body schema: application/json
required

name required	string non-empty
authentication_flow	string or null <uuid> Flow used for authentication when the associated application is accessed by an un-authenticated user.
authorization_flow required	string <uuid> Flow used when authorizing this provider.
property_mappings	Array of strings <uuid> [ items <uuid > ]
base_dn	string non-empty DN under which objects are accessible.
search_group	string or null <uuid> Users in this group can do search queries. If not set, every user can execute search queries.
certificate	string or null <uuid>
tls_server_name	string
uid_start_number	integer [ -2147483648 .. 2147483647 ] The start for uidNumbers, this number is added to the user.pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber
gid_start_number	integer [ -2147483648 .. 2147483647 ] The start for gidNumbers, this number is added to a number generated from the group.pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber
search_mode	string (LDAPAPIAccessMode) Enum: "direct" "cached"
bind_mode	string (LDAPAPIAccessMode) Enum: "direct" "cached"
mfa_support	boolean When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"base_dn": "string",
"search_group": "bfbd661e-4d78-456a-b020-3a3c48f6db9b",
"certificate": "b7dc5fd8-9c23-4dd8-a5cb-7431da1854eb",
"tls_server_name": "string",
"uid_start_number": -2147483648,
"gid_start_number": -2147483648,
"search_mode": "direct",
"bind_mode": "direct",
"mfa_support": true
}

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"base_dn": "string",
"search_group": "bfbd661e-4d78-456a-b020-3a3c48f6db9b",
"certificate": "b7dc5fd8-9c23-4dd8-a5cb-7431da1854eb",
"tls_server_name": "string",
"uid_start_number": -2147483648,
"gid_start_number": -2147483648,
"outpost_set": ["string"
],
"search_mode": "direct",
"bind_mode": "direct",
"mfa_support": true
}

providers_ldap_partial_update

LDAPProvider Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this LDAP Provider.

Request Body schema: application/json

name	string non-empty
authentication_flow	string or null <uuid> Flow used for authentication when the associated application is accessed by an un-authenticated user.
authorization_flow	string <uuid> Flow used when authorizing this provider.
property_mappings	Array of strings <uuid> [ items <uuid > ]
base_dn	string non-empty DN under which objects are accessible.
search_group	string or null <uuid> Users in this group can do search queries. If not set, every user can execute search queries.
certificate	string or null <uuid>
tls_server_name	string
uid_start_number	integer [ -2147483648 .. 2147483647 ] The start for uidNumbers, this number is added to the user.pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber
gid_start_number	integer [ -2147483648 .. 2147483647 ] The start for gidNumbers, this number is added to a number generated from the group.pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber
search_mode	string (LDAPAPIAccessMode) Enum: "direct" "cached"
bind_mode	string (LDAPAPIAccessMode) Enum: "direct" "cached"
mfa_support	boolean When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"base_dn": "string",
"search_group": "bfbd661e-4d78-456a-b020-3a3c48f6db9b",
"certificate": "b7dc5fd8-9c23-4dd8-a5cb-7431da1854eb",
"tls_server_name": "string",
"uid_start_number": -2147483648,
"gid_start_number": -2147483648,
"search_mode": "direct",
"bind_mode": "direct",
"mfa_support": true
}

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"base_dn": "string",
"search_group": "bfbd661e-4d78-456a-b020-3a3c48f6db9b",
"certificate": "b7dc5fd8-9c23-4dd8-a5cb-7431da1854eb",
"tls_server_name": "string",
"uid_start_number": -2147483648,
"gid_start_number": -2147483648,
"outpost_set": ["string"
],
"search_mode": "direct",
"bind_mode": "direct",
"mfa_support": true
}

providers_ldap_destroy

LDAPProvider Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this LDAP Provider.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

providers_ldap_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this LDAP Provider.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

providers_oauth2_list

OAuth2Provider Viewset

Authorizations:

authentik

query Parameters

access_code_validity	string
access_token_validity	string
application	string <uuid>
authorization_flow	string <uuid>
client_id	string
client_type	string Enum: "confidential" "public" Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable
include_claims_in_id_token	boolean
issuer_mode	string Enum: "global" "per_provider" Configure how the issuer field of the ID Token should be filled.
name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
property_mappings	Array of strings <uuid> [ items <uuid > ]
redirect_uris	string
refresh_token_validity	string
search	string A search term.
signing_key	string <uuid>
sub_mode	string Enum: "hashed_user_id" "user_email" "user_id" "user_upn" "user_username" "user_uuid" Configure what data should be used as unique User Identifier. For most cases, the default should be fine.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"client_type": "confidential",
"client_id": "string",
"client_secret": "string",
"access_code_validity": "string",
"access_token_validity": "string",
"refresh_token_validity": "string",
"include_claims_in_id_token": true,
"signing_key": "e956740a-6ddf-4402-92f0-0d8f6b97c243",
"redirect_uris": "string",
"sub_mode": "hashed_user_id",
"issuer_mode": "global",
"jwks_sources": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}
]
}

providers_oauth2_create

OAuth2Provider Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
authentication_flow	string or null <uuid> Flow used for authentication when the associated application is accessed by an un-authenticated user.
authorization_flow required	string <uuid> Flow used when authorizing this provider.
property_mappings	Array of strings <uuid> [ items <uuid > ]
client_type	string Enum: "confidential" "public" Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable
client_id	string [ 1 .. 255 ] characters
client_secret	string <= 255 characters
access_code_validity	string non-empty Access codes not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).
access_token_validity	string non-empty Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).
refresh_token_validity	string non-empty Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).
include_claims_in_id_token	boolean Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint.
signing_key	string or null <uuid> Key used to sign the tokens. Only required when JWT Algorithm is set to RS256.
redirect_uris	string Enter each URI on a new line.
sub_mode	string Enum: "hashed_user_id" "user_id" "user_uuid" "user_username" "user_email" "user_upn" Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
issuer_mode	string Enum: "global" "per_provider" Configure how the issuer field of the ID Token should be filled.
jwks_sources	Array of strings <uuid> (Any JWT signed by the JWK of the selected source can be used to authenticate.) [ items <uuid > ]

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"client_type": "confidential",
"client_id": "string",
"client_secret": "string",
"access_code_validity": "string",
"access_token_validity": "string",
"refresh_token_validity": "string",
"include_claims_in_id_token": true,
"signing_key": "e956740a-6ddf-4402-92f0-0d8f6b97c243",
"redirect_uris": "string",
"sub_mode": "hashed_user_id",
"issuer_mode": "global",
"jwks_sources": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

Response samples

201
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"client_type": "confidential",
"client_id": "string",
"client_secret": "string",
"access_code_validity": "string",
"access_token_validity": "string",
"refresh_token_validity": "string",
"include_claims_in_id_token": true,
"signing_key": "e956740a-6ddf-4402-92f0-0d8f6b97c243",
"redirect_uris": "string",
"sub_mode": "hashed_user_id",
"issuer_mode": "global",
"jwks_sources": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

providers_oauth2_retrieve

OAuth2Provider Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this OAuth2/OpenID Provider.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"client_type": "confidential",
"client_id": "string",
"client_secret": "string",
"access_code_validity": "string",
"access_token_validity": "string",
"refresh_token_validity": "string",
"include_claims_in_id_token": true,
"signing_key": "e956740a-6ddf-4402-92f0-0d8f6b97c243",
"redirect_uris": "string",
"sub_mode": "hashed_user_id",
"issuer_mode": "global",
"jwks_sources": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

providers_oauth2_update

OAuth2Provider Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this OAuth2/OpenID Provider.

Request Body schema: application/json
required

name required	string non-empty
authentication_flow	string or null <uuid> Flow used for authentication when the associated application is accessed by an un-authenticated user.
authorization_flow required	string <uuid> Flow used when authorizing this provider.
property_mappings	Array of strings <uuid> [ items <uuid > ]
client_type	string Enum: "confidential" "public" Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable
client_id	string [ 1 .. 255 ] characters
client_secret	string <= 255 characters
access_code_validity	string non-empty Access codes not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).
access_token_validity	string non-empty Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).
refresh_token_validity	string non-empty Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).
include_claims_in_id_token	boolean Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint.
signing_key	string or null <uuid> Key used to sign the tokens. Only required when JWT Algorithm is set to RS256.
redirect_uris	string Enter each URI on a new line.
sub_mode	string Enum: "hashed_user_id" "user_id" "user_uuid" "user_username" "user_email" "user_upn" Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
issuer_mode	string Enum: "global" "per_provider" Configure how the issuer field of the ID Token should be filled.
jwks_sources	Array of strings <uuid> (Any JWT signed by the JWK of the selected source can be used to authenticate.) [ items <uuid > ]

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"client_type": "confidential",
"client_id": "string",
"client_secret": "string",
"access_code_validity": "string",
"access_token_validity": "string",
"refresh_token_validity": "string",
"include_claims_in_id_token": true,
"signing_key": "e956740a-6ddf-4402-92f0-0d8f6b97c243",
"redirect_uris": "string",
"sub_mode": "hashed_user_id",
"issuer_mode": "global",
"jwks_sources": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"client_type": "confidential",
"client_id": "string",
"client_secret": "string",
"access_code_validity": "string",
"access_token_validity": "string",
"refresh_token_validity": "string",
"include_claims_in_id_token": true,
"signing_key": "e956740a-6ddf-4402-92f0-0d8f6b97c243",
"redirect_uris": "string",
"sub_mode": "hashed_user_id",
"issuer_mode": "global",
"jwks_sources": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

providers_oauth2_partial_update

OAuth2Provider Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this OAuth2/OpenID Provider.

Request Body schema: application/json

name	string non-empty
authentication_flow	string or null <uuid> Flow used for authentication when the associated application is accessed by an un-authenticated user.
authorization_flow	string <uuid> Flow used when authorizing this provider.
property_mappings	Array of strings <uuid> [ items <uuid > ]
client_type	string Enum: "confidential" "public" Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable
client_id	string [ 1 .. 255 ] characters
client_secret	string <= 255 characters
access_code_validity	string non-empty Access codes not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).
access_token_validity	string non-empty Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).
refresh_token_validity	string non-empty Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).
include_claims_in_id_token	boolean Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint.
signing_key	string or null <uuid> Key used to sign the tokens. Only required when JWT Algorithm is set to RS256.
redirect_uris	string Enter each URI on a new line.
sub_mode	string Enum: "hashed_user_id" "user_id" "user_uuid" "user_username" "user_email" "user_upn" Configure what data should be used as unique User Identifier. For most cases, the default should be fine.
issuer_mode	string Enum: "global" "per_provider" Configure how the issuer field of the ID Token should be filled.
jwks_sources	Array of strings <uuid> (Any JWT signed by the JWK of the selected source can be used to authenticate.) [ items <uuid > ]

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"client_type": "confidential",
"client_id": "string",
"client_secret": "string",
"access_code_validity": "string",
"access_token_validity": "string",
"refresh_token_validity": "string",
"include_claims_in_id_token": true,
"signing_key": "e956740a-6ddf-4402-92f0-0d8f6b97c243",
"redirect_uris": "string",
"sub_mode": "hashed_user_id",
"issuer_mode": "global",
"jwks_sources": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"client_type": "confidential",
"client_id": "string",
"client_secret": "string",
"access_code_validity": "string",
"access_token_validity": "string",
"refresh_token_validity": "string",
"include_claims_in_id_token": true,
"signing_key": "e956740a-6ddf-4402-92f0-0d8f6b97c243",
"redirect_uris": "string",
"sub_mode": "hashed_user_id",
"issuer_mode": "global",
"jwks_sources": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

providers_oauth2_destroy

OAuth2Provider Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this OAuth2/OpenID Provider.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

providers_oauth2_preview_user_retrieve

Preview user data for provider

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this OAuth2/OpenID Provider.

query Parameters

for_user

integer

Responses

Response samples

200
403

Content type

application/json

{"preview": {"property1": null,
"property2": null
}
}

providers_oauth2_setup_urls_retrieve

Get Providers setup URLs

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this OAuth2/OpenID Provider.

Responses

Response samples

200
400
403

Content type

application/json

{"issuer": "string",
"authorize": "string",
"token": "string",
"user_info": "string",
"provider_info": "string",
"logout": "string",
"jwks": "string"
}

providers_oauth2_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this OAuth2/OpenID Provider.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

providers_proxy_list

ProxyProvider Viewset

Authorizations:

authentik

query Parameters

application__isnull	boolean
authorization_flow__slug__iexact	string
basic_auth_enabled__iexact	boolean
basic_auth_password_attribute__iexact	string
basic_auth_user_attribute__iexact	string
certificate__kp_uuid__iexact	string <uuid>
certificate__name__iexact	string
cookie_domain__iexact	string
external_host__iexact	string
internal_host__iexact	string
internal_host_ssl_validation__iexact	boolean
mode__iexact	string
name__iexact	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
property_mappings__iexact	Array of strings <uuid> [ items <uuid > ]
redirect_uris__iexact	string
search	string A search term.
skip_path_regex__iexact	string

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"client_id": "string",
"internal_host": "http://example.com",
"external_host": "http://example.com",
"internal_host_ssl_validation": true,
"certificate": "b7dc5fd8-9c23-4dd8-a5cb-7431da1854eb",
"skip_path_regex": "string",
"basic_auth_enabled": true,
"basic_auth_password_attribute": "string",
"basic_auth_user_attribute": "string",
"mode": "proxy",
"intercept_header_auth": true,
"redirect_uris": "string",
"cookie_domain": "string",
"jwks_sources": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"access_token_validity": "string",
"refresh_token_validity": "string",
"outpost_set": ["string"
]
}
]
}

providers_proxy_create

ProxyProvider Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
authentication_flow	string or null <uuid> Flow used for authentication when the associated application is accessed by an un-authenticated user.
authorization_flow required	string <uuid> Flow used when authorizing this provider.
property_mappings	Array of strings <uuid> [ items <uuid > ]
internal_host	string <uri>
external_host required	string <uri> non-empty
internal_host_ssl_validation	boolean Validate SSL Certificates of upstream servers
certificate	string or null <uuid>
skip_path_regex	string Regular expressions for which authentication is not required. Each new line is interpreted as a new Regular Expression.
basic_auth_enabled	boolean (Set HTTP-Basic Authentication) Set a custom HTTP-Basic Authentication header based on values from authentik.
basic_auth_password_attribute	string (HTTP-Basic Password Key) User/Group Attribute used for the password part of the HTTP-Basic Header.
basic_auth_user_attribute	string (HTTP-Basic Username Key) User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used.
mode	string Enum: "proxy" "forward_single" "forward_domain" Enable support for forwardAuth in traefik and nginx auth_request. Exclusive with internal_host.
intercept_header_auth	boolean When enabled, this provider will intercept the authorization header and authenticate requests based on its value.
cookie_domain	string
jwks_sources	Array of strings <uuid> (Any JWT signed by the JWK of the selected source can be used to authenticate.) [ items <uuid > ]
access_token_validity	string non-empty Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).
refresh_token_validity	string non-empty Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"internal_host": "http://example.com",
"external_host": "http://example.com",
"internal_host_ssl_validation": true,
"certificate": "b7dc5fd8-9c23-4dd8-a5cb-7431da1854eb",
"skip_path_regex": "string",
"basic_auth_enabled": true,
"basic_auth_password_attribute": "string",
"basic_auth_user_attribute": "string",
"mode": "proxy",
"intercept_header_auth": true,
"cookie_domain": "string",
"jwks_sources": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"access_token_validity": "string",
"refresh_token_validity": "string"
}

Response samples

201
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"client_id": "string",
"internal_host": "http://example.com",
"external_host": "http://example.com",
"internal_host_ssl_validation": true,
"certificate": "b7dc5fd8-9c23-4dd8-a5cb-7431da1854eb",
"skip_path_regex": "string",
"basic_auth_enabled": true,
"basic_auth_password_attribute": "string",
"basic_auth_user_attribute": "string",
"mode": "proxy",
"intercept_header_auth": true,
"redirect_uris": "string",
"cookie_domain": "string",
"jwks_sources": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"access_token_validity": "string",
"refresh_token_validity": "string",
"outpost_set": ["string"
]
}

providers_proxy_retrieve

ProxyProvider Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this Proxy Provider.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"client_id": "string",
"internal_host": "http://example.com",
"external_host": "http://example.com",
"internal_host_ssl_validation": true,
"certificate": "b7dc5fd8-9c23-4dd8-a5cb-7431da1854eb",
"skip_path_regex": "string",
"basic_auth_enabled": true,
"basic_auth_password_attribute": "string",
"basic_auth_user_attribute": "string",
"mode": "proxy",
"intercept_header_auth": true,
"redirect_uris": "string",
"cookie_domain": "string",
"jwks_sources": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"access_token_validity": "string",
"refresh_token_validity": "string",
"outpost_set": ["string"
]
}

providers_proxy_update

ProxyProvider Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this Proxy Provider.

Request Body schema: application/json
required

name required	string non-empty
authentication_flow	string or null <uuid> Flow used for authentication when the associated application is accessed by an un-authenticated user.
authorization_flow required	string <uuid> Flow used when authorizing this provider.
property_mappings	Array of strings <uuid> [ items <uuid > ]
internal_host	string <uri>
external_host required	string <uri> non-empty
internal_host_ssl_validation	boolean Validate SSL Certificates of upstream servers
certificate	string or null <uuid>
skip_path_regex	string Regular expressions for which authentication is not required. Each new line is interpreted as a new Regular Expression.
basic_auth_enabled	boolean (Set HTTP-Basic Authentication) Set a custom HTTP-Basic Authentication header based on values from authentik.
basic_auth_password_attribute	string (HTTP-Basic Password Key) User/Group Attribute used for the password part of the HTTP-Basic Header.
basic_auth_user_attribute	string (HTTP-Basic Username Key) User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used.
mode	string Enum: "proxy" "forward_single" "forward_domain" Enable support for forwardAuth in traefik and nginx auth_request. Exclusive with internal_host.
intercept_header_auth	boolean When enabled, this provider will intercept the authorization header and authenticate requests based on its value.
cookie_domain	string
jwks_sources	Array of strings <uuid> (Any JWT signed by the JWK of the selected source can be used to authenticate.) [ items <uuid > ]
access_token_validity	string non-empty Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).
refresh_token_validity	string non-empty Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"internal_host": "http://example.com",
"external_host": "http://example.com",
"internal_host_ssl_validation": true,
"certificate": "b7dc5fd8-9c23-4dd8-a5cb-7431da1854eb",
"skip_path_regex": "string",
"basic_auth_enabled": true,
"basic_auth_password_attribute": "string",
"basic_auth_user_attribute": "string",
"mode": "proxy",
"intercept_header_auth": true,
"cookie_domain": "string",
"jwks_sources": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"access_token_validity": "string",
"refresh_token_validity": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"client_id": "string",
"internal_host": "http://example.com",
"external_host": "http://example.com",
"internal_host_ssl_validation": true,
"certificate": "b7dc5fd8-9c23-4dd8-a5cb-7431da1854eb",
"skip_path_regex": "string",
"basic_auth_enabled": true,
"basic_auth_password_attribute": "string",
"basic_auth_user_attribute": "string",
"mode": "proxy",
"intercept_header_auth": true,
"redirect_uris": "string",
"cookie_domain": "string",
"jwks_sources": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"access_token_validity": "string",
"refresh_token_validity": "string",
"outpost_set": ["string"
]
}

providers_proxy_partial_update

ProxyProvider Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this Proxy Provider.

Request Body schema: application/json

name	string non-empty
authentication_flow	string or null <uuid> Flow used for authentication when the associated application is accessed by an un-authenticated user.
authorization_flow	string <uuid> Flow used when authorizing this provider.
property_mappings	Array of strings <uuid> [ items <uuid > ]
internal_host	string <uri>
external_host	string <uri> non-empty
internal_host_ssl_validation	boolean Validate SSL Certificates of upstream servers
certificate	string or null <uuid>
skip_path_regex	string Regular expressions for which authentication is not required. Each new line is interpreted as a new Regular Expression.
basic_auth_enabled	boolean (Set HTTP-Basic Authentication) Set a custom HTTP-Basic Authentication header based on values from authentik.
basic_auth_password_attribute	string (HTTP-Basic Password Key) User/Group Attribute used for the password part of the HTTP-Basic Header.
basic_auth_user_attribute	string (HTTP-Basic Username Key) User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used.
mode	string Enum: "proxy" "forward_single" "forward_domain" Enable support for forwardAuth in traefik and nginx auth_request. Exclusive with internal_host.
intercept_header_auth	boolean When enabled, this provider will intercept the authorization header and authenticate requests based on its value.
cookie_domain	string
jwks_sources	Array of strings <uuid> (Any JWT signed by the JWK of the selected source can be used to authenticate.) [ items <uuid > ]
access_token_validity	string non-empty Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).
refresh_token_validity	string non-empty Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"internal_host": "http://example.com",
"external_host": "http://example.com",
"internal_host_ssl_validation": true,
"certificate": "b7dc5fd8-9c23-4dd8-a5cb-7431da1854eb",
"skip_path_regex": "string",
"basic_auth_enabled": true,
"basic_auth_password_attribute": "string",
"basic_auth_user_attribute": "string",
"mode": "proxy",
"intercept_header_auth": true,
"cookie_domain": "string",
"jwks_sources": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"access_token_validity": "string",
"refresh_token_validity": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"client_id": "string",
"internal_host": "http://example.com",
"external_host": "http://example.com",
"internal_host_ssl_validation": true,
"certificate": "b7dc5fd8-9c23-4dd8-a5cb-7431da1854eb",
"skip_path_regex": "string",
"basic_auth_enabled": true,
"basic_auth_password_attribute": "string",
"basic_auth_user_attribute": "string",
"mode": "proxy",
"intercept_header_auth": true,
"redirect_uris": "string",
"cookie_domain": "string",
"jwks_sources": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"access_token_validity": "string",
"refresh_token_validity": "string",
"outpost_set": ["string"
]
}

providers_proxy_destroy

ProxyProvider Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this Proxy Provider.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

providers_proxy_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this Proxy Provider.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

providers_rac_list

RACProvider Viewset

Authorizations:

authentik

query Parameters

application__isnull	boolean
name__iexact	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"settings": null,
"outpost_set": ["string"
],
"connection_expiry": "string",
"delete_token_on_disconnect": true
}
]
}

providers_rac_create

RACProvider Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
authentication_flow	string or null <uuid> Flow used for authentication when the associated application is accessed by an un-authenticated user.
authorization_flow required	string <uuid> Flow used when authorizing this provider.
property_mappings	Array of strings <uuid> [ items <uuid > ]
settings	any
connection_expiry	string non-empty Determines how long a session lasts. Default of 0 means that the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)
delete_token_on_disconnect	boolean When set to true, connection tokens will be deleted upon disconnect.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"settings": null,
"connection_expiry": "string",
"delete_token_on_disconnect": true
}

Response samples

201
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"settings": null,
"outpost_set": ["string"
],
"connection_expiry": "string",
"delete_token_on_disconnect": true
}

providers_rac_retrieve

RACProvider Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this RAC Provider.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"settings": null,
"outpost_set": ["string"
],
"connection_expiry": "string",
"delete_token_on_disconnect": true
}

providers_rac_update

RACProvider Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this RAC Provider.

Request Body schema: application/json
required

name required	string non-empty
authentication_flow	string or null <uuid> Flow used for authentication when the associated application is accessed by an un-authenticated user.
authorization_flow required	string <uuid> Flow used when authorizing this provider.
property_mappings	Array of strings <uuid> [ items <uuid > ]
settings	any
connection_expiry	string non-empty Determines how long a session lasts. Default of 0 means that the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)
delete_token_on_disconnect	boolean When set to true, connection tokens will be deleted upon disconnect.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"settings": null,
"connection_expiry": "string",
"delete_token_on_disconnect": true
}

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"settings": null,
"outpost_set": ["string"
],
"connection_expiry": "string",
"delete_token_on_disconnect": true
}

providers_rac_partial_update

RACProvider Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this RAC Provider.

Request Body schema: application/json

name	string non-empty
authentication_flow	string or null <uuid> Flow used for authentication when the associated application is accessed by an un-authenticated user.
authorization_flow	string <uuid> Flow used when authorizing this provider.
property_mappings	Array of strings <uuid> [ items <uuid > ]
settings	any
connection_expiry	string non-empty Determines how long a session lasts. Default of 0 means that the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)
delete_token_on_disconnect	boolean When set to true, connection tokens will be deleted upon disconnect.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"settings": null,
"connection_expiry": "string",
"delete_token_on_disconnect": true
}

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"settings": null,
"outpost_set": ["string"
],
"connection_expiry": "string",
"delete_token_on_disconnect": true
}

providers_rac_destroy

RACProvider Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this RAC Provider.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

providers_rac_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this RAC Provider.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

providers_radius_list

RadiusProvider Viewset

Authorizations:

authentik

query Parameters

application__isnull	boolean
authorization_flow__slug__iexact	string
client_networks__iexact	string
name__iexact	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"client_networks": "string",
"shared_secret": "string",
"outpost_set": ["string"
],
"mfa_support": true
}
]
}

providers_radius_create

RadiusProvider Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
authentication_flow	string or null <uuid> Flow used for authentication when the associated application is accessed by an un-authenticated user.
authorization_flow required	string <uuid> Flow used when authorizing this provider.
property_mappings	Array of strings <uuid> [ items <uuid > ]
client_networks	string non-empty List of CIDRs (comma-separated) that clients can connect from. A more specific CIDR will match before a looser one. Clients connecting from a non-specified CIDR will be dropped.
shared_secret	string non-empty Shared secret between clients and server to hash packets.
mfa_support	boolean When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"client_networks": "string",
"shared_secret": "string",
"mfa_support": true
}

Response samples

201
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"client_networks": "string",
"shared_secret": "string",
"outpost_set": ["string"
],
"mfa_support": true
}

providers_radius_retrieve

RadiusProvider Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this Radius Provider.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"client_networks": "string",
"shared_secret": "string",
"outpost_set": ["string"
],
"mfa_support": true
}

providers_radius_update

RadiusProvider Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this Radius Provider.

Request Body schema: application/json
required

name required	string non-empty
authentication_flow	string or null <uuid> Flow used for authentication when the associated application is accessed by an un-authenticated user.
authorization_flow required	string <uuid> Flow used when authorizing this provider.
property_mappings	Array of strings <uuid> [ items <uuid > ]
client_networks	string non-empty List of CIDRs (comma-separated) that clients can connect from. A more specific CIDR will match before a looser one. Clients connecting from a non-specified CIDR will be dropped.
shared_secret	string non-empty Shared secret between clients and server to hash packets.
mfa_support	boolean When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"client_networks": "string",
"shared_secret": "string",
"mfa_support": true
}

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"client_networks": "string",
"shared_secret": "string",
"outpost_set": ["string"
],
"mfa_support": true
}

providers_radius_partial_update

RadiusProvider Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this Radius Provider.

Request Body schema: application/json

name	string non-empty
authentication_flow	string or null <uuid> Flow used for authentication when the associated application is accessed by an un-authenticated user.
authorization_flow	string <uuid> Flow used when authorizing this provider.
property_mappings	Array of strings <uuid> [ items <uuid > ]
client_networks	string non-empty List of CIDRs (comma-separated) that clients can connect from. A more specific CIDR will match before a looser one. Clients connecting from a non-specified CIDR will be dropped.
shared_secret	string non-empty Shared secret between clients and server to hash packets.
mfa_support	boolean When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"client_networks": "string",
"shared_secret": "string",
"mfa_support": true
}

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"client_networks": "string",
"shared_secret": "string",
"outpost_set": ["string"
],
"mfa_support": true
}

providers_radius_destroy

RadiusProvider Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this Radius Provider.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

providers_radius_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this Radius Provider.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

providers_saml_list

SAMLProvider Viewset

Authorizations:

authentik

query Parameters

acs_url	string
assertion_valid_not_before	string
assertion_valid_not_on_or_after	string
audience	string
authentication_flow	string <uuid>
authorization_flow	string <uuid>
backchannel_application	string <uuid>
default_relay_state	string
digest_algorithm	string Enum: "http://www.w3.org/2000/09/xmldsig#sha1" "http://www.w3.org/2001/04/xmldsig-more#sha384" "http://www.w3.org/2001/04/xmlenc#sha256" "http://www.w3.org/2001/04/xmlenc#sha512"
is_backchannel	boolean
issuer	string
name	string
name_id_mapping	string <uuid>
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
property_mappings	Array of strings <uuid> [ items <uuid > ]
search	string A search term.
session_valid_not_on_or_after	string
signature_algorithm	string Enum: "http://www.w3.org/2000/09/xmldsig#dsa-sha1" "http://www.w3.org/2000/09/xmldsig#rsa-sha1" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"
signing_kp	string <uuid>
sp_binding	string (Service Provider Binding) Enum: "post" "redirect" This determines how authentik sends the response back to the Service Provider.
verification_kp	string <uuid>

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"acs_url": "http://example.com",
"audience": "string",
"issuer": "string",
"assertion_valid_not_before": "string",
"assertion_valid_not_on_or_after": "string",
"session_valid_not_on_or_after": "string",
"name_id_mapping": "1c831206-4e81-4ce0-bcd7-e2c9213ab800",
"digest_algorithm": "http://www.w3.org/2000/09/xmldsig#sha1",
"signature_algorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
"signing_kp": "b97ed510-ac46-447f-91e4-3a014dd2e993",
"verification_kp": "01673228-a4bf-408e-99ea-d26a2859b762",
"sp_binding": "redirect",
"default_relay_state": "string",
"url_download_metadata": "string",
"url_sso_post": "string",
"url_sso_redirect": "string",
"url_sso_init": "string",
"url_slo_post": "string",
"url_slo_redirect": "string"
}
]
}

providers_saml_create

SAMLProvider Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
authentication_flow	string or null <uuid> Flow used for authentication when the associated application is accessed by an un-authenticated user.
authorization_flow required	string <uuid> Flow used when authorizing this provider.
property_mappings	Array of strings <uuid> [ items <uuid > ]
acs_url required	string <uri> [ 1 .. 200 ] characters
audience	string Value of the audience restriction field of the assertion. When left empty, no audience restriction will be added.
issuer	string non-empty Also known as EntityID
assertion_valid_not_before	string non-empty Assertion valid not before current time + this value (Format: hours=-1;minutes=-2;seconds=-3).
assertion_valid_not_on_or_after	string non-empty Assertion not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).
session_valid_not_on_or_after	string non-empty Session not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).
name_id_mapping	string or null <uuid> (NameID Property Mapping) Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be considered
digest_algorithm	string (DigestAlgorithmEnum) Enum: "http://www.w3.org/2000/09/xmldsig#sha1" "http://www.w3.org/2001/04/xmlenc#sha256" "http://www.w3.org/2001/04/xmldsig-more#sha384" "http://www.w3.org/2001/04/xmlenc#sha512"
signature_algorithm	string (SignatureAlgorithmEnum) Enum: "http://www.w3.org/2000/09/xmldsig#rsa-sha1" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" "http://www.w3.org/2000/09/xmldsig#dsa-sha1"
signing_kp	string or null <uuid> (Signing Keypair) Keypair used to sign outgoing Responses going to the Service Provider.
verification_kp	string or null <uuid> (Verification Certificate) When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default.
sp_binding	string (Service Provider Binding) Enum: "redirect" "post" This determines how authentik sends the response back to the Service Provider.
default_relay_state	string Default relay_state value for IDP-initiated logins

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"acs_url": "http://example.com",
"audience": "string",
"issuer": "string",
"assertion_valid_not_before": "string",
"assertion_valid_not_on_or_after": "string",
"session_valid_not_on_or_after": "string",
"name_id_mapping": "1c831206-4e81-4ce0-bcd7-e2c9213ab800",
"digest_algorithm": "http://www.w3.org/2000/09/xmldsig#sha1",
"signature_algorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
"signing_kp": "b97ed510-ac46-447f-91e4-3a014dd2e993",
"verification_kp": "01673228-a4bf-408e-99ea-d26a2859b762",
"sp_binding": "redirect",
"default_relay_state": "string"
}

Response samples

201
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"acs_url": "http://example.com",
"audience": "string",
"issuer": "string",
"assertion_valid_not_before": "string",
"assertion_valid_not_on_or_after": "string",
"session_valid_not_on_or_after": "string",
"name_id_mapping": "1c831206-4e81-4ce0-bcd7-e2c9213ab800",
"digest_algorithm": "http://www.w3.org/2000/09/xmldsig#sha1",
"signature_algorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
"signing_kp": "b97ed510-ac46-447f-91e4-3a014dd2e993",
"verification_kp": "01673228-a4bf-408e-99ea-d26a2859b762",
"sp_binding": "redirect",
"default_relay_state": "string",
"url_download_metadata": "string",
"url_sso_post": "string",
"url_sso_redirect": "string",
"url_sso_init": "string",
"url_slo_post": "string",
"url_slo_redirect": "string"
}

providers_saml_retrieve

SAMLProvider Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this SAML Provider.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"acs_url": "http://example.com",
"audience": "string",
"issuer": "string",
"assertion_valid_not_before": "string",
"assertion_valid_not_on_or_after": "string",
"session_valid_not_on_or_after": "string",
"name_id_mapping": "1c831206-4e81-4ce0-bcd7-e2c9213ab800",
"digest_algorithm": "http://www.w3.org/2000/09/xmldsig#sha1",
"signature_algorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
"signing_kp": "b97ed510-ac46-447f-91e4-3a014dd2e993",
"verification_kp": "01673228-a4bf-408e-99ea-d26a2859b762",
"sp_binding": "redirect",
"default_relay_state": "string",
"url_download_metadata": "string",
"url_sso_post": "string",
"url_sso_redirect": "string",
"url_sso_init": "string",
"url_slo_post": "string",
"url_slo_redirect": "string"
}

providers_saml_update

SAMLProvider Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this SAML Provider.

Request Body schema: application/json
required

name required	string non-empty
authentication_flow	string or null <uuid> Flow used for authentication when the associated application is accessed by an un-authenticated user.
authorization_flow required	string <uuid> Flow used when authorizing this provider.
property_mappings	Array of strings <uuid> [ items <uuid > ]
acs_url required	string <uri> [ 1 .. 200 ] characters
audience	string Value of the audience restriction field of the assertion. When left empty, no audience restriction will be added.
issuer	string non-empty Also known as EntityID
assertion_valid_not_before	string non-empty Assertion valid not before current time + this value (Format: hours=-1;minutes=-2;seconds=-3).
assertion_valid_not_on_or_after	string non-empty Assertion not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).
session_valid_not_on_or_after	string non-empty Session not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).
name_id_mapping	string or null <uuid> (NameID Property Mapping) Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be considered
digest_algorithm	string (DigestAlgorithmEnum) Enum: "http://www.w3.org/2000/09/xmldsig#sha1" "http://www.w3.org/2001/04/xmlenc#sha256" "http://www.w3.org/2001/04/xmldsig-more#sha384" "http://www.w3.org/2001/04/xmlenc#sha512"
signature_algorithm	string (SignatureAlgorithmEnum) Enum: "http://www.w3.org/2000/09/xmldsig#rsa-sha1" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" "http://www.w3.org/2000/09/xmldsig#dsa-sha1"
signing_kp	string or null <uuid> (Signing Keypair) Keypair used to sign outgoing Responses going to the Service Provider.
verification_kp	string or null <uuid> (Verification Certificate) When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default.
sp_binding	string (Service Provider Binding) Enum: "redirect" "post" This determines how authentik sends the response back to the Service Provider.
default_relay_state	string Default relay_state value for IDP-initiated logins

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"acs_url": "http://example.com",
"audience": "string",
"issuer": "string",
"assertion_valid_not_before": "string",
"assertion_valid_not_on_or_after": "string",
"session_valid_not_on_or_after": "string",
"name_id_mapping": "1c831206-4e81-4ce0-bcd7-e2c9213ab800",
"digest_algorithm": "http://www.w3.org/2000/09/xmldsig#sha1",
"signature_algorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
"signing_kp": "b97ed510-ac46-447f-91e4-3a014dd2e993",
"verification_kp": "01673228-a4bf-408e-99ea-d26a2859b762",
"sp_binding": "redirect",
"default_relay_state": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"acs_url": "http://example.com",
"audience": "string",
"issuer": "string",
"assertion_valid_not_before": "string",
"assertion_valid_not_on_or_after": "string",
"session_valid_not_on_or_after": "string",
"name_id_mapping": "1c831206-4e81-4ce0-bcd7-e2c9213ab800",
"digest_algorithm": "http://www.w3.org/2000/09/xmldsig#sha1",
"signature_algorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
"signing_kp": "b97ed510-ac46-447f-91e4-3a014dd2e993",
"verification_kp": "01673228-a4bf-408e-99ea-d26a2859b762",
"sp_binding": "redirect",
"default_relay_state": "string",
"url_download_metadata": "string",
"url_sso_post": "string",
"url_sso_redirect": "string",
"url_sso_init": "string",
"url_slo_post": "string",
"url_slo_redirect": "string"
}

providers_saml_partial_update

SAMLProvider Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this SAML Provider.

Request Body schema: application/json

name	string non-empty
authentication_flow	string or null <uuid> Flow used for authentication when the associated application is accessed by an un-authenticated user.
authorization_flow	string <uuid> Flow used when authorizing this provider.
property_mappings	Array of strings <uuid> [ items <uuid > ]
acs_url	string <uri> [ 1 .. 200 ] characters
audience	string Value of the audience restriction field of the assertion. When left empty, no audience restriction will be added.
issuer	string non-empty Also known as EntityID
assertion_valid_not_before	string non-empty Assertion valid not before current time + this value (Format: hours=-1;minutes=-2;seconds=-3).
assertion_valid_not_on_or_after	string non-empty Assertion not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).
session_valid_not_on_or_after	string non-empty Session not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).
name_id_mapping	string or null <uuid> (NameID Property Mapping) Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be considered
digest_algorithm	string (DigestAlgorithmEnum) Enum: "http://www.w3.org/2000/09/xmldsig#sha1" "http://www.w3.org/2001/04/xmlenc#sha256" "http://www.w3.org/2001/04/xmldsig-more#sha384" "http://www.w3.org/2001/04/xmlenc#sha512"
signature_algorithm	string (SignatureAlgorithmEnum) Enum: "http://www.w3.org/2000/09/xmldsig#rsa-sha1" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" "http://www.w3.org/2000/09/xmldsig#dsa-sha1"
signing_kp	string or null <uuid> (Signing Keypair) Keypair used to sign outgoing Responses going to the Service Provider.
verification_kp	string or null <uuid> (Verification Certificate) When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default.
sp_binding	string (Service Provider Binding) Enum: "redirect" "post" This determines how authentik sends the response back to the Service Provider.
default_relay_state	string Default relay_state value for IDP-initiated logins

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"acs_url": "http://example.com",
"audience": "string",
"issuer": "string",
"assertion_valid_not_before": "string",
"assertion_valid_not_on_or_after": "string",
"session_valid_not_on_or_after": "string",
"name_id_mapping": "1c831206-4e81-4ce0-bcd7-e2c9213ab800",
"digest_algorithm": "http://www.w3.org/2000/09/xmldsig#sha1",
"signature_algorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
"signing_kp": "b97ed510-ac46-447f-91e4-3a014dd2e993",
"verification_kp": "01673228-a4bf-408e-99ea-d26a2859b762",
"sp_binding": "redirect",
"default_relay_state": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"acs_url": "http://example.com",
"audience": "string",
"issuer": "string",
"assertion_valid_not_before": "string",
"assertion_valid_not_on_or_after": "string",
"session_valid_not_on_or_after": "string",
"name_id_mapping": "1c831206-4e81-4ce0-bcd7-e2c9213ab800",
"digest_algorithm": "http://www.w3.org/2000/09/xmldsig#sha1",
"signature_algorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
"signing_kp": "b97ed510-ac46-447f-91e4-3a014dd2e993",
"verification_kp": "01673228-a4bf-408e-99ea-d26a2859b762",
"sp_binding": "redirect",
"default_relay_state": "string",
"url_download_metadata": "string",
"url_sso_post": "string",
"url_sso_redirect": "string",
"url_sso_init": "string",
"url_slo_post": "string",
"url_slo_redirect": "string"
}

providers_saml_destroy

SAMLProvider Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this SAML Provider.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

providers_saml_metadata_retrieve

Return metadata as XML string

Authorizations:

authentikNone

path Parameters

id

required

integer

A unique integer value identifying this SAML Provider.

query Parameters

download	boolean
force_binding	string Enum: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Optionally force the metadata to only include one binding.

Responses

Response samples

200
400
403

Content type

application/json

{"metadata": "string",
"download_url": "string"
}

providers_saml_preview_user_retrieve

Preview user data for provider

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this SAML Provider.

query Parameters

for_user

integer

Responses

Response samples

200
403

Content type

application/json

{"preview": {"property1": null,
"property2": null
}
}

providers_saml_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this SAML Provider.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

providers_saml_import_metadata_create

Create provider from SAML Metadata

Authorizations:

authentik

Request Body schema: multipart/form-data
required

name required	string non-empty
authorization_flow required	string <uuid>
file required	string <binary>

Responses

Response samples

403

Content type

application/json

{"detail": "string",
"code": "string"
}

providers_scim_list

SCIMProvider Viewset

Authorizations:

authentik

query Parameters

exclude_users_service_account	boolean
filter_group	string <uuid>
name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.
url	string

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": 0,
"name": "string",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"property_mappings_group": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"url": "string",
"token": "string",
"exclude_users_service_account": true,
"filter_group": "93f2be05-578f-4002-929e-5fb2cd5b9c97"
}
]
}

providers_scim_create

SCIMProvider Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
property_mappings	Array of strings <uuid> [ items <uuid > ]
property_mappings_group	Array of strings <uuid> [ items <uuid > ] Property mappings used for group creation/updating.
url required	string non-empty Base URL to SCIM requests, usually ends in /v2
token required	string non-empty Authentication token
exclude_users_service_account	boolean
filter_group	string or null <uuid>

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"property_mappings_group": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"url": "string",
"token": "string",
"exclude_users_service_account": true,
"filter_group": "93f2be05-578f-4002-929e-5fb2cd5b9c97"
}

Response samples

201
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"property_mappings_group": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"url": "string",
"token": "string",
"exclude_users_service_account": true,
"filter_group": "93f2be05-578f-4002-929e-5fb2cd5b9c97"
}

providers_scim_retrieve

SCIMProvider Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this SCIM Provider.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"property_mappings_group": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"url": "string",
"token": "string",
"exclude_users_service_account": true,
"filter_group": "93f2be05-578f-4002-929e-5fb2cd5b9c97"
}

providers_scim_update

SCIMProvider Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this SCIM Provider.

Request Body schema: application/json
required

name required	string non-empty
property_mappings	Array of strings <uuid> [ items <uuid > ]
property_mappings_group	Array of strings <uuid> [ items <uuid > ] Property mappings used for group creation/updating.
url required	string non-empty Base URL to SCIM requests, usually ends in /v2
token required	string non-empty Authentication token
exclude_users_service_account	boolean
filter_group	string or null <uuid>

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"property_mappings_group": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"url": "string",
"token": "string",
"exclude_users_service_account": true,
"filter_group": "93f2be05-578f-4002-929e-5fb2cd5b9c97"
}

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"property_mappings_group": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"url": "string",
"token": "string",
"exclude_users_service_account": true,
"filter_group": "93f2be05-578f-4002-929e-5fb2cd5b9c97"
}

providers_scim_partial_update

SCIMProvider Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this SCIM Provider.

Request Body schema: application/json

name	string non-empty
property_mappings	Array of strings <uuid> [ items <uuid > ]
property_mappings_group	Array of strings <uuid> [ items <uuid > ] Property mappings used for group creation/updating.
url	string non-empty Base URL to SCIM requests, usually ends in /v2
token	string non-empty Authentication token
exclude_users_service_account	boolean
filter_group	string or null <uuid>

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"property_mappings_group": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"url": "string",
"token": "string",
"exclude_users_service_account": true,
"filter_group": "93f2be05-578f-4002-929e-5fb2cd5b9c97"
}

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"name": "string",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"property_mappings_group": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"url": "string",
"token": "string",
"exclude_users_service_account": true,
"filter_group": "93f2be05-578f-4002-929e-5fb2cd5b9c97"
}

providers_scim_destroy

SCIMProvider Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this SCIM Provider.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

providers_scim_sync_status_retrieve

Get provider's sync status

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this SCIM Provider.

Responses

Response samples

200
400
403

Content type

application/json

{"is_running": true,
"tasks": [{"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f",
"name": "string",
"full_name": "string",
"uid": "string",
"description": "string",
"start_timestamp": "2019-08-24T14:15:22Z",
"finish_timestamp": "2019-08-24T14:15:22Z",
"duration": 0.1,
"status": "unknown",
"messages": [{"timestamp": "2019-08-24T14:15:22Z",
"log_level": "critical",
"logger": "string",
"event": "string",
"attributes": {"property1": null,
"property2": null
}
}
]
}
]
}

providers_scim_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this SCIM Provider.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

rac

rac_connection_tokens_list

ConnectionToken Viewset

Authorizations:

authentik

query Parameters

endpoint	string <uuid>
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
provider	integer
search	string A search term.
session__user	integer

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"provider": 0,
"provider_obj": {"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"settings": null,
"outpost_set": ["string"
],
"connection_expiry": "string",
"delete_token_on_disconnect": true
},
"endpoint": "1dc4441f-38d5-42b5-a705-81958f928462",
"endpoint_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"provider": 0,
"provider_obj": {"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"settings": null,
"outpost_set": ["string"
],
"connection_expiry": "string",
"delete_token_on_disconnect": true
},
"protocol": "rdp",
"host": "string",
"settings": null,
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"auth_mode": "static",
"launch_url": "string",
"maximum_connections": -2147483648
},
"user": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"email": "user@example.com",
"attributes": {"property1": null,
"property2": null
},
"uid": "string"
}
}
]
}

rac_connection_tokens_retrieve

ConnectionToken Viewset

Authorizations:

authentik

path Parameters

connection_token_uuid

required

string <uuid>

A UUID string identifying this RAC Connection token.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"provider": 0,
"provider_obj": {"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"settings": null,
"outpost_set": ["string"
],
"connection_expiry": "string",
"delete_token_on_disconnect": true
},
"endpoint": "1dc4441f-38d5-42b5-a705-81958f928462",
"endpoint_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"provider": 0,
"provider_obj": {"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"settings": null,
"outpost_set": ["string"
],
"connection_expiry": "string",
"delete_token_on_disconnect": true
},
"protocol": "rdp",
"host": "string",
"settings": null,
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"auth_mode": "static",
"launch_url": "string",
"maximum_connections": -2147483648
},
"user": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"email": "user@example.com",
"attributes": {"property1": null,
"property2": null
},
"uid": "string"
}
}

rac_connection_tokens_update

ConnectionToken Viewset

Authorizations:

authentik

path Parameters

connection_token_uuid

required

string <uuid>

A UUID string identifying this RAC Connection token.

Request Body schema: application/json
required

pk	string <uuid> (Connection token uuid)
provider required	integer
endpoint required	string <uuid>

Responses

Request samples

Payload

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"provider": 0,
"endpoint": "1dc4441f-38d5-42b5-a705-81958f928462"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"provider": 0,
"provider_obj": {"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"settings": null,
"outpost_set": ["string"
],
"connection_expiry": "string",
"delete_token_on_disconnect": true
},
"endpoint": "1dc4441f-38d5-42b5-a705-81958f928462",
"endpoint_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"provider": 0,
"provider_obj": {"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"settings": null,
"outpost_set": ["string"
],
"connection_expiry": "string",
"delete_token_on_disconnect": true
},
"protocol": "rdp",
"host": "string",
"settings": null,
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"auth_mode": "static",
"launch_url": "string",
"maximum_connections": -2147483648
},
"user": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"email": "user@example.com",
"attributes": {"property1": null,
"property2": null
},
"uid": "string"
}
}

rac_connection_tokens_partial_update

ConnectionToken Viewset

Authorizations:

authentik

path Parameters

connection_token_uuid

required

string <uuid>

A UUID string identifying this RAC Connection token.

Request Body schema: application/json

pk	string <uuid> (Connection token uuid)
provider	integer
endpoint	string <uuid>

Responses

Request samples

Payload

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"provider": 0,
"endpoint": "1dc4441f-38d5-42b5-a705-81958f928462"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"provider": 0,
"provider_obj": {"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"settings": null,
"outpost_set": ["string"
],
"connection_expiry": "string",
"delete_token_on_disconnect": true
},
"endpoint": "1dc4441f-38d5-42b5-a705-81958f928462",
"endpoint_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"provider": 0,
"provider_obj": {"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"settings": null,
"outpost_set": ["string"
],
"connection_expiry": "string",
"delete_token_on_disconnect": true
},
"protocol": "rdp",
"host": "string",
"settings": null,
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"auth_mode": "static",
"launch_url": "string",
"maximum_connections": -2147483648
},
"user": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"email": "user@example.com",
"attributes": {"property1": null,
"property2": null
},
"uid": "string"
}
}

rac_connection_tokens_destroy

ConnectionToken Viewset

Authorizations:

authentik

path Parameters

connection_token_uuid

required

string <uuid>

A UUID string identifying this RAC Connection token.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

rac_connection_tokens_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

connection_token_uuid

required

string <uuid>

A UUID string identifying this RAC Connection token.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

rac_endpoints_list

List accessible endpoints

Authorizations:

authentik

query Parameters

name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
provider	integer
search	string
superuser_full_list	boolean

Responses

Response samples

200
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"provider": 0,
"provider_obj": {"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"settings": null,
"outpost_set": ["string"
],
"connection_expiry": "string",
"delete_token_on_disconnect": true
},
"protocol": "rdp",
"host": "string",
"settings": null,
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"auth_mode": "static",
"launch_url": "string",
"maximum_connections": -2147483648
}
]
}

rac_endpoints_create

Endpoint Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
provider required	integer
protocol required	string (ProtocolEnum) Enum: "rdp" "vnc" "ssh"
host required	string non-empty
settings	any
property_mappings	Array of strings <uuid> [ items <uuid > ]
auth_mode required	string (AuthModeEnum) Enum: "static" "prompt"
maximum_connections	integer [ -2147483648 .. 2147483647 ]

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"provider": 0,
"protocol": "rdp",
"host": "string",
"settings": null,
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"auth_mode": "static",
"maximum_connections": -2147483648
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"provider": 0,
"provider_obj": {"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"settings": null,
"outpost_set": ["string"
],
"connection_expiry": "string",
"delete_token_on_disconnect": true
},
"protocol": "rdp",
"host": "string",
"settings": null,
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"auth_mode": "static",
"launch_url": "string",
"maximum_connections": -2147483648
}

rac_endpoints_retrieve

Endpoint Viewset

Authorizations:

authentik

path Parameters

pbm_uuid

required

string <uuid>

A UUID string identifying this RAC Endpoint.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"provider": 0,
"provider_obj": {"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"settings": null,
"outpost_set": ["string"
],
"connection_expiry": "string",
"delete_token_on_disconnect": true
},
"protocol": "rdp",
"host": "string",
"settings": null,
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"auth_mode": "static",
"launch_url": "string",
"maximum_connections": -2147483648
}

rac_endpoints_update

Endpoint Viewset

Authorizations:

authentik

path Parameters

pbm_uuid

required

string <uuid>

A UUID string identifying this RAC Endpoint.

Request Body schema: application/json
required

name required	string non-empty
provider required	integer
protocol required	string (ProtocolEnum) Enum: "rdp" "vnc" "ssh"
host required	string non-empty
settings	any
property_mappings	Array of strings <uuid> [ items <uuid > ]
auth_mode required	string (AuthModeEnum) Enum: "static" "prompt"
maximum_connections	integer [ -2147483648 .. 2147483647 ]

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"provider": 0,
"protocol": "rdp",
"host": "string",
"settings": null,
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"auth_mode": "static",
"maximum_connections": -2147483648
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"provider": 0,
"provider_obj": {"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"settings": null,
"outpost_set": ["string"
],
"connection_expiry": "string",
"delete_token_on_disconnect": true
},
"protocol": "rdp",
"host": "string",
"settings": null,
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"auth_mode": "static",
"launch_url": "string",
"maximum_connections": -2147483648
}

rac_endpoints_partial_update

Endpoint Viewset

Authorizations:

authentik

path Parameters

pbm_uuid

required

string <uuid>

A UUID string identifying this RAC Endpoint.

Request Body schema: application/json

name	string non-empty
provider	integer
protocol	string (ProtocolEnum) Enum: "rdp" "vnc" "ssh"
host	string non-empty
settings	any
property_mappings	Array of strings <uuid> [ items <uuid > ]
auth_mode	string (AuthModeEnum) Enum: "static" "prompt"
maximum_connections	integer [ -2147483648 .. 2147483647 ]

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"provider": 0,
"protocol": "rdp",
"host": "string",
"settings": null,
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"auth_mode": "static",
"maximum_connections": -2147483648
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"provider": 0,
"provider_obj": {"pk": 0,
"name": "string",
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"authorization_flow": "e1d121cc-76e7-4a15-93d9-62bcd7adc708",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"component": "string",
"assigned_application_slug": "string",
"assigned_application_name": "string",
"assigned_backchannel_application_slug": "string",
"assigned_backchannel_application_name": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"settings": null,
"outpost_set": ["string"
],
"connection_expiry": "string",
"delete_token_on_disconnect": true
},
"protocol": "rdp",
"host": "string",
"settings": null,
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"auth_mode": "static",
"launch_url": "string",
"maximum_connections": -2147483648
}

rac_endpoints_destroy

Endpoint Viewset

Authorizations:

authentik

path Parameters

pbm_uuid

required

string <uuid>

A UUID string identifying this RAC Endpoint.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

rac_endpoints_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

pbm_uuid

required

string <uuid>

A UUID string identifying this RAC Endpoint.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

rbac

rbac_permissions_list

Read-only list of all permissions, filterable by model and app

Authorizations:

authentik

query Parameters

codename	string
content_type__app_label	string
content_type__model	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
role	string
search	string A search term.
user	integer

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"id": 0,
"name": "string",
"codename": "string",
"model": "string",
"app_label": "string",
"app_label_verbose": "string",
"model_verbose": "string"
}
]
}

rbac_permissions_retrieve

Read-only list of all permissions, filterable by model and app

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this permission.

Responses

Response samples

200
400
403

Content type

application/json

{"id": 0,
"name": "string",
"codename": "string",
"model": "string",
"app_label": "string",
"app_label_verbose": "string",
"model_verbose": "string"
}

rbac_permissions_assigned_by_roles_list

Get assigned object permissions for a single object

Authorizations:

authentik

query Parameters

model required	string Enum: "authentik_blueprints.blueprintinstance" "authentik_brands.brand" "authentik_core.application" "authentik_core.group" "authentik_core.token" "authentik_core.user" "authentik_crypto.certificatekeypair" "authentik_enterprise.license" "authentik_events.event" "authentik_events.notification" "authentik_events.notificationrule" "authentik_events.notificationtransport" "authentik_events.notificationwebhookmapping" "authentik_flows.flow" "authentik_flows.flowstagebinding" "authentik_outposts.dockerserviceconnection" "authentik_outposts.kubernetesserviceconnection" "authentik_outposts.outpost" "authentik_policies.policybinding" "authentik_policies_dummy.dummypolicy" "authentik_policies_event_matcher.eventmatcherpolicy" "authentik_policies_expiry.passwordexpirypolicy" "authentik_policies_expression.expressionpolicy" "authentik_policies_password.passwordpolicy" "authentik_policies_reputation.reputationpolicy" "authentik_providers_ldap.ldapprovider" "authentik_providers_oauth2.oauth2provider" "authentik_providers_oauth2.scopemapping" "authentik_providers_proxy.proxyprovider" "authentik_providers_rac.endpoint" "authentik_providers_rac.racpropertymapping" "authentik_providers_rac.racprovider" "authentik_providers_radius.radiusprovider" "authentik_providers_saml.samlpropertymapping" "authentik_providers_saml.samlprovider" "authentik_providers_scim.scimmapping" "authentik_providers_scim.scimprovider" "authentik_rbac.role" "authentik_sources_ldap.ldappropertymapping" "authentik_sources_ldap.ldapsource" "authentik_sources_oauth.oauthsource" "authentik_sources_oauth.useroauthsourceconnection" "authentik_sources_plex.plexsource" "authentik_sources_plex.plexsourceconnection" "authentik_sources_saml.samlsource" "authentik_sources_saml.usersamlsourceconnection" "authentik_sources_scim.scimsource" "authentik_stages_authenticator_duo.authenticatorduostage" "authentik_stages_authenticator_duo.duodevice" "authentik_stages_authenticator_sms.authenticatorsmsstage" "authentik_stages_authenticator_sms.smsdevice" "authentik_stages_authenticator_static.authenticatorstaticstage" "authentik_stages_authenticator_static.staticdevice" "authentik_stages_authenticator_totp.authenticatortotpstage" "authentik_stages_authenticator_totp.totpdevice" "authentik_stages_authenticator_validate.authenticatorvalidatestage" "authentik_stages_authenticator_webauthn.authenticatorwebauthnstage" "authentik_stages_authenticator_webauthn.webauthndevice" "authentik_stages_captcha.captchastage" "authentik_stages_consent.consentstage" "authentik_stages_consent.userconsent" "authentik_stages_deny.denystage" "authentik_stages_dummy.dummystage" "authentik_stages_email.emailstage" "authentik_stages_identification.identificationstage" "authentik_stages_invitation.invitation" "authentik_stages_invitation.invitationstage" "authentik_stages_password.passwordstage" "authentik_stages_prompt.prompt" "authentik_stages_prompt.promptstage" "authentik_stages_source.sourcestage" "authentik_stages_user_delete.userdeletestage" "authentik_stages_user_login.userloginstage" "authentik_stages_user_logout.userlogoutstage" "authentik_stages_user_write.userwritestage" "authentik_tenants.domain"
object_pk	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"role_pk": "string",
"name": "string",
"permissions": [{"id": 0,
"codename": "string",
"model": "string",
"app_label": "string",
"object_pk": "string",
"name": "string"
}
]
}
]
}

rbac_permissions_assigned_by_roles_assign_create

Assign permission(s) to role. When object_pk is set, the permissions are only assigned to the specific object, otherwise they are assigned globally.

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Role.

Request Body schema: application/json
required

permissions required	Array of strings[ items non-empty ]
model	string (ModelEnum) Enum: "authentik_tenants.domain" "authentik_crypto.certificatekeypair" "authentik_flows.flow" "authentik_flows.flowstagebinding" "authentik_outposts.dockerserviceconnection" "authentik_outposts.kubernetesserviceconnection" "authentik_outposts.outpost" "authentik_policies_dummy.dummypolicy" "authentik_policies_event_matcher.eventmatcherpolicy" "authentik_policies_expiry.passwordexpirypolicy" "authentik_policies_expression.expressionpolicy" "authentik_policies_password.passwordpolicy" "authentik_policies_reputation.reputationpolicy" "authentik_policies.policybinding" "authentik_providers_ldap.ldapprovider" "authentik_providers_oauth2.scopemapping" "authentik_providers_oauth2.oauth2provider" "authentik_providers_proxy.proxyprovider" "authentik_providers_radius.radiusprovider" "authentik_providers_saml.samlprovider" "authentik_providers_saml.samlpropertymapping" "authentik_providers_scim.scimprovider" "authentik_providers_scim.scimmapping" "authentik_rbac.role" "authentik_sources_ldap.ldapsource" "authentik_sources_ldap.ldappropertymapping" "authentik_sources_oauth.oauthsource" "authentik_sources_oauth.useroauthsourceconnection" "authentik_sources_plex.plexsource" "authentik_sources_plex.plexsourceconnection" "authentik_sources_saml.samlsource" "authentik_sources_saml.usersamlsourceconnection" "authentik_sources_scim.scimsource" "authentik_stages_authenticator_duo.authenticatorduostage" "authentik_stages_authenticator_duo.duodevice" "authentik_stages_authenticator_sms.authenticatorsmsstage" "authentik_stages_authenticator_sms.smsdevice" "authentik_stages_authenticator_static.authenticatorstaticstage" "authentik_stages_authenticator_static.staticdevice" "authentik_stages_authenticator_totp.authenticatortotpstage" "authentik_stages_authenticator_totp.totpdevice" "authentik_stages_authenticator_validate.authenticatorvalidatestage" "authentik_stages_authenticator_webauthn.authenticatorwebauthnstage" "authentik_stages_authenticator_webauthn.webauthndevice" "authentik_stages_captcha.captchastage" "authentik_stages_consent.consentstage" "authentik_stages_consent.userconsent" "authentik_stages_deny.denystage" "authentik_stages_dummy.dummystage" "authentik_stages_email.emailstage" "authentik_stages_identification.identificationstage" "authentik_stages_invitation.invitationstage" "authentik_stages_invitation.invitation" "authentik_stages_password.passwordstage" "authentik_stages_prompt.prompt" "authentik_stages_prompt.promptstage" "authentik_stages_user_delete.userdeletestage" "authentik_stages_user_login.userloginstage" "authentik_stages_user_logout.userlogoutstage" "authentik_stages_user_write.userwritestage" "authentik_brands.brand" "authentik_blueprints.blueprintinstance" "authentik_core.group" "authentik_core.user" "authentik_core.application" "authentik_core.token" "authentik_enterprise.license" "authentik_providers_rac.racprovider" "authentik_providers_rac.endpoint" "authentik_providers_rac.racpropertymapping" "authentik_stages_source.sourcestage" "authentik_events.event" "authentik_events.notificationtransport" "authentik_events.notification" "authentik_events.notificationrule" "authentik_events.notificationwebhookmapping"
object_pk	string non-empty

Responses

Request samples

Payload

Content type

application/json

{"permissions": ["string"
],
"model": "authentik_tenants.domain",
"object_pk": "string"
}

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

rbac_permissions_assigned_by_roles_unassign_partial_update

Unassign permission(s) to role. When object_pk is set, the permissions are only assigned to the specific object, otherwise they are assigned globally.

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Role.

Request Body schema: application/json

permissions	Array of strings[ items non-empty ]
model	string (ModelEnum) Enum: "authentik_tenants.domain" "authentik_crypto.certificatekeypair" "authentik_flows.flow" "authentik_flows.flowstagebinding" "authentik_outposts.dockerserviceconnection" "authentik_outposts.kubernetesserviceconnection" "authentik_outposts.outpost" "authentik_policies_dummy.dummypolicy" "authentik_policies_event_matcher.eventmatcherpolicy" "authentik_policies_expiry.passwordexpirypolicy" "authentik_policies_expression.expressionpolicy" "authentik_policies_password.passwordpolicy" "authentik_policies_reputation.reputationpolicy" "authentik_policies.policybinding" "authentik_providers_ldap.ldapprovider" "authentik_providers_oauth2.scopemapping" "authentik_providers_oauth2.oauth2provider" "authentik_providers_proxy.proxyprovider" "authentik_providers_radius.radiusprovider" "authentik_providers_saml.samlprovider" "authentik_providers_saml.samlpropertymapping" "authentik_providers_scim.scimprovider" "authentik_providers_scim.scimmapping" "authentik_rbac.role" "authentik_sources_ldap.ldapsource" "authentik_sources_ldap.ldappropertymapping" "authentik_sources_oauth.oauthsource" "authentik_sources_oauth.useroauthsourceconnection" "authentik_sources_plex.plexsource" "authentik_sources_plex.plexsourceconnection" "authentik_sources_saml.samlsource" "authentik_sources_saml.usersamlsourceconnection" "authentik_sources_scim.scimsource" "authentik_stages_authenticator_duo.authenticatorduostage" "authentik_stages_authenticator_duo.duodevice" "authentik_stages_authenticator_sms.authenticatorsmsstage" "authentik_stages_authenticator_sms.smsdevice" "authentik_stages_authenticator_static.authenticatorstaticstage" "authentik_stages_authenticator_static.staticdevice" "authentik_stages_authenticator_totp.authenticatortotpstage" "authentik_stages_authenticator_totp.totpdevice" "authentik_stages_authenticator_validate.authenticatorvalidatestage" "authentik_stages_authenticator_webauthn.authenticatorwebauthnstage" "authentik_stages_authenticator_webauthn.webauthndevice" "authentik_stages_captcha.captchastage" "authentik_stages_consent.consentstage" "authentik_stages_consent.userconsent" "authentik_stages_deny.denystage" "authentik_stages_dummy.dummystage" "authentik_stages_email.emailstage" "authentik_stages_identification.identificationstage" "authentik_stages_invitation.invitationstage" "authentik_stages_invitation.invitation" "authentik_stages_password.passwordstage" "authentik_stages_prompt.prompt" "authentik_stages_prompt.promptstage" "authentik_stages_user_delete.userdeletestage" "authentik_stages_user_login.userloginstage" "authentik_stages_user_logout.userlogoutstage" "authentik_stages_user_write.userwritestage" "authentik_brands.brand" "authentik_blueprints.blueprintinstance" "authentik_core.group" "authentik_core.user" "authentik_core.application" "authentik_core.token" "authentik_enterprise.license" "authentik_providers_rac.racprovider" "authentik_providers_rac.endpoint" "authentik_providers_rac.racpropertymapping" "authentik_stages_source.sourcestage" "authentik_events.event" "authentik_events.notificationtransport" "authentik_events.notification" "authentik_events.notificationrule" "authentik_events.notificationwebhookmapping"
object_pk	string non-empty

Responses

Request samples

Payload

Content type

application/json

{"permissions": ["string"
],
"model": "authentik_tenants.domain",
"object_pk": "string"
}

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

rbac_permissions_assigned_by_users_list

Get assigned object permissions for a single object

Authorizations:

authentik

query Parameters

model required	string Enum: "authentik_blueprints.blueprintinstance" "authentik_brands.brand" "authentik_core.application" "authentik_core.group" "authentik_core.token" "authentik_core.user" "authentik_crypto.certificatekeypair" "authentik_enterprise.license" "authentik_events.event" "authentik_events.notification" "authentik_events.notificationrule" "authentik_events.notificationtransport" "authentik_events.notificationwebhookmapping" "authentik_flows.flow" "authentik_flows.flowstagebinding" "authentik_outposts.dockerserviceconnection" "authentik_outposts.kubernetesserviceconnection" "authentik_outposts.outpost" "authentik_policies.policybinding" "authentik_policies_dummy.dummypolicy" "authentik_policies_event_matcher.eventmatcherpolicy" "authentik_policies_expiry.passwordexpirypolicy" "authentik_policies_expression.expressionpolicy" "authentik_policies_password.passwordpolicy" "authentik_policies_reputation.reputationpolicy" "authentik_providers_ldap.ldapprovider" "authentik_providers_oauth2.oauth2provider" "authentik_providers_oauth2.scopemapping" "authentik_providers_proxy.proxyprovider" "authentik_providers_rac.endpoint" "authentik_providers_rac.racpropertymapping" "authentik_providers_rac.racprovider" "authentik_providers_radius.radiusprovider" "authentik_providers_saml.samlpropertymapping" "authentik_providers_saml.samlprovider" "authentik_providers_scim.scimmapping" "authentik_providers_scim.scimprovider" "authentik_rbac.role" "authentik_sources_ldap.ldappropertymapping" "authentik_sources_ldap.ldapsource" "authentik_sources_oauth.oauthsource" "authentik_sources_oauth.useroauthsourceconnection" "authentik_sources_plex.plexsource" "authentik_sources_plex.plexsourceconnection" "authentik_sources_saml.samlsource" "authentik_sources_saml.usersamlsourceconnection" "authentik_sources_scim.scimsource" "authentik_stages_authenticator_duo.authenticatorduostage" "authentik_stages_authenticator_duo.duodevice" "authentik_stages_authenticator_sms.authenticatorsmsstage" "authentik_stages_authenticator_sms.smsdevice" "authentik_stages_authenticator_static.authenticatorstaticstage" "authentik_stages_authenticator_static.staticdevice" "authentik_stages_authenticator_totp.authenticatortotpstage" "authentik_stages_authenticator_totp.totpdevice" "authentik_stages_authenticator_validate.authenticatorvalidatestage" "authentik_stages_authenticator_webauthn.authenticatorwebauthnstage" "authentik_stages_authenticator_webauthn.webauthndevice" "authentik_stages_captcha.captchastage" "authentik_stages_consent.consentstage" "authentik_stages_consent.userconsent" "authentik_stages_deny.denystage" "authentik_stages_dummy.dummystage" "authentik_stages_email.emailstage" "authentik_stages_identification.identificationstage" "authentik_stages_invitation.invitation" "authentik_stages_invitation.invitationstage" "authentik_stages_password.passwordstage" "authentik_stages_prompt.prompt" "authentik_stages_prompt.promptstage" "authentik_stages_source.sourcestage" "authentik_stages_user_delete.userdeletestage" "authentik_stages_user_login.userloginstage" "authentik_stages_user_logout.userlogoutstage" "authentik_stages_user_write.userwritestage" "authentik_tenants.domain"
object_pk	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"email": "user@example.com",
"attributes": {"property1": null,
"property2": null
},
"uid": "string",
"permissions": [{"id": 0,
"codename": "string",
"model": "string",
"app_label": "string",
"object_pk": "string",
"name": "string"
}
],
"is_superuser": true
}
]
}

rbac_permissions_assigned_by_users_assign_create

Assign permission(s) to user

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this User.

Request Body schema: application/json
required

permissions required	Array of strings[ items non-empty ]
model	string (ModelEnum) Enum: "authentik_tenants.domain" "authentik_crypto.certificatekeypair" "authentik_flows.flow" "authentik_flows.flowstagebinding" "authentik_outposts.dockerserviceconnection" "authentik_outposts.kubernetesserviceconnection" "authentik_outposts.outpost" "authentik_policies_dummy.dummypolicy" "authentik_policies_event_matcher.eventmatcherpolicy" "authentik_policies_expiry.passwordexpirypolicy" "authentik_policies_expression.expressionpolicy" "authentik_policies_password.passwordpolicy" "authentik_policies_reputation.reputationpolicy" "authentik_policies.policybinding" "authentik_providers_ldap.ldapprovider" "authentik_providers_oauth2.scopemapping" "authentik_providers_oauth2.oauth2provider" "authentik_providers_proxy.proxyprovider" "authentik_providers_radius.radiusprovider" "authentik_providers_saml.samlprovider" "authentik_providers_saml.samlpropertymapping" "authentik_providers_scim.scimprovider" "authentik_providers_scim.scimmapping" "authentik_rbac.role" "authentik_sources_ldap.ldapsource" "authentik_sources_ldap.ldappropertymapping" "authentik_sources_oauth.oauthsource" "authentik_sources_oauth.useroauthsourceconnection" "authentik_sources_plex.plexsource" "authentik_sources_plex.plexsourceconnection" "authentik_sources_saml.samlsource" "authentik_sources_saml.usersamlsourceconnection" "authentik_sources_scim.scimsource" "authentik_stages_authenticator_duo.authenticatorduostage" "authentik_stages_authenticator_duo.duodevice" "authentik_stages_authenticator_sms.authenticatorsmsstage" "authentik_stages_authenticator_sms.smsdevice" "authentik_stages_authenticator_static.authenticatorstaticstage" "authentik_stages_authenticator_static.staticdevice" "authentik_stages_authenticator_totp.authenticatortotpstage" "authentik_stages_authenticator_totp.totpdevice" "authentik_stages_authenticator_validate.authenticatorvalidatestage" "authentik_stages_authenticator_webauthn.authenticatorwebauthnstage" "authentik_stages_authenticator_webauthn.webauthndevice" "authentik_stages_captcha.captchastage" "authentik_stages_consent.consentstage" "authentik_stages_consent.userconsent" "authentik_stages_deny.denystage" "authentik_stages_dummy.dummystage" "authentik_stages_email.emailstage" "authentik_stages_identification.identificationstage" "authentik_stages_invitation.invitationstage" "authentik_stages_invitation.invitation" "authentik_stages_password.passwordstage" "authentik_stages_prompt.prompt" "authentik_stages_prompt.promptstage" "authentik_stages_user_delete.userdeletestage" "authentik_stages_user_login.userloginstage" "authentik_stages_user_logout.userlogoutstage" "authentik_stages_user_write.userwritestage" "authentik_brands.brand" "authentik_blueprints.blueprintinstance" "authentik_core.group" "authentik_core.user" "authentik_core.application" "authentik_core.token" "authentik_enterprise.license" "authentik_providers_rac.racprovider" "authentik_providers_rac.endpoint" "authentik_providers_rac.racpropertymapping" "authentik_stages_source.sourcestage" "authentik_events.event" "authentik_events.notificationtransport" "authentik_events.notification" "authentik_events.notificationrule" "authentik_events.notificationwebhookmapping"
object_pk	string non-empty

Responses

Request samples

Payload

Content type

application/json

{"permissions": ["string"
],
"model": "authentik_tenants.domain",
"object_pk": "string"
}

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

rbac_permissions_assigned_by_users_unassign_partial_update

Unassign permission(s) to user. When object_pk is set, the permissions are only assigned to the specific object, otherwise they are assigned globally.

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this User.

Request Body schema: application/json

permissions	Array of strings[ items non-empty ]
model	string (ModelEnum) Enum: "authentik_tenants.domain" "authentik_crypto.certificatekeypair" "authentik_flows.flow" "authentik_flows.flowstagebinding" "authentik_outposts.dockerserviceconnection" "authentik_outposts.kubernetesserviceconnection" "authentik_outposts.outpost" "authentik_policies_dummy.dummypolicy" "authentik_policies_event_matcher.eventmatcherpolicy" "authentik_policies_expiry.passwordexpirypolicy" "authentik_policies_expression.expressionpolicy" "authentik_policies_password.passwordpolicy" "authentik_policies_reputation.reputationpolicy" "authentik_policies.policybinding" "authentik_providers_ldap.ldapprovider" "authentik_providers_oauth2.scopemapping" "authentik_providers_oauth2.oauth2provider" "authentik_providers_proxy.proxyprovider" "authentik_providers_radius.radiusprovider" "authentik_providers_saml.samlprovider" "authentik_providers_saml.samlpropertymapping" "authentik_providers_scim.scimprovider" "authentik_providers_scim.scimmapping" "authentik_rbac.role" "authentik_sources_ldap.ldapsource" "authentik_sources_ldap.ldappropertymapping" "authentik_sources_oauth.oauthsource" "authentik_sources_oauth.useroauthsourceconnection" "authentik_sources_plex.plexsource" "authentik_sources_plex.plexsourceconnection" "authentik_sources_saml.samlsource" "authentik_sources_saml.usersamlsourceconnection" "authentik_sources_scim.scimsource" "authentik_stages_authenticator_duo.authenticatorduostage" "authentik_stages_authenticator_duo.duodevice" "authentik_stages_authenticator_sms.authenticatorsmsstage" "authentik_stages_authenticator_sms.smsdevice" "authentik_stages_authenticator_static.authenticatorstaticstage" "authentik_stages_authenticator_static.staticdevice" "authentik_stages_authenticator_totp.authenticatortotpstage" "authentik_stages_authenticator_totp.totpdevice" "authentik_stages_authenticator_validate.authenticatorvalidatestage" "authentik_stages_authenticator_webauthn.authenticatorwebauthnstage" "authentik_stages_authenticator_webauthn.webauthndevice" "authentik_stages_captcha.captchastage" "authentik_stages_consent.consentstage" "authentik_stages_consent.userconsent" "authentik_stages_deny.denystage" "authentik_stages_dummy.dummystage" "authentik_stages_email.emailstage" "authentik_stages_identification.identificationstage" "authentik_stages_invitation.invitationstage" "authentik_stages_invitation.invitation" "authentik_stages_password.passwordstage" "authentik_stages_prompt.prompt" "authentik_stages_prompt.promptstage" "authentik_stages_user_delete.userdeletestage" "authentik_stages_user_login.userloginstage" "authentik_stages_user_logout.userlogoutstage" "authentik_stages_user_write.userwritestage" "authentik_brands.brand" "authentik_blueprints.blueprintinstance" "authentik_core.group" "authentik_core.user" "authentik_core.application" "authentik_core.token" "authentik_enterprise.license" "authentik_providers_rac.racprovider" "authentik_providers_rac.endpoint" "authentik_providers_rac.racpropertymapping" "authentik_stages_source.sourcestage" "authentik_events.event" "authentik_events.notificationtransport" "authentik_events.notification" "authentik_events.notificationrule" "authentik_events.notificationwebhookmapping"
object_pk	string non-empty

Responses

Request samples

Payload

Content type

application/json

{"permissions": ["string"
],
"model": "authentik_tenants.domain",
"object_pk": "string"
}

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

rbac_permissions_roles_list

Get a role's assigned object permissions

Authorizations:

authentik

query Parameters

ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.
uuid required	string <uuid>

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"id": 0,
"codename": "string",
"model": "string",
"app_label": "string",
"object_pk": "string",
"name": "string",
"app_label_verbose": "string",
"model_verbose": "string",
"object_description": "string"
}
]
}

rbac_permissions_users_list

Get a users's assigned object permissions

Authorizations:

authentik

query Parameters

ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.
user_id required	integer

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"id": 0,
"codename": "string",
"model": "string",
"app_label": "string",
"object_pk": "string",
"name": "string",
"app_label_verbose": "string",
"model_verbose": "string",
"object_description": "string"
}
]
}

rbac_roles_list

Role viewset

Authorizations:

authentik

query Parameters

group__name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string"
}
]
}

rbac_roles_create

Role viewset

Authorizations:

authentik

Request Body schema: application/json
required

name

required

string [ 1 .. 150 ] characters

Responses

Request samples

Payload

Content type

application/json

{"name": "string"
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string"
}

rbac_roles_retrieve

Role viewset

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Role.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string"
}

rbac_roles_update

Role viewset

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Role.

Request Body schema: application/json
required

name

required

string [ 1 .. 150 ] characters

Responses

Request samples

Payload

Content type

application/json

{"name": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string"
}

rbac_roles_partial_update

Role viewset

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Role.

Request Body schema: application/json

name	string [ 1 .. 150 ] characters

Responses

Request samples

Payload

Content type

application/json

{"name": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string"
}

rbac_roles_destroy

Role viewset

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Role.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

rbac_roles_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

uuid

required

string <uuid>

A UUID string identifying this Role.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

root

root_config_retrieve

Retrieve public configuration options

Authorizations:

authentikNone

Responses

Response samples

200
400
403

Content type

application/json

{"error_reporting": {"enabled": true,
"sentry_dsn": "string",
"environment": "string",
"send_pii": true,
"traces_sample_rate": 0.1
},
"capabilities": ["can_save_media"
],
"cache_timeout": 0,
"cache_timeout_flows": 0,
"cache_timeout_policies": 0,
"cache_timeout_reputation": 0
}

schema

schema_retrieve

OpenApi3 schema for this API. Format can be selected via content negotiation.

YAML: application/vnd.oai.openapi
JSON: application/vnd.oai.openapi+json

Authorizations:

authentikNone

query Parameters

format

string

Enum: "json" "yaml"

lang

string

Enum: "af" "ar" "ar-dz" "ast" "az" "be" "bg" "bn" "br" "bs" "ca" "ckb" "cs" "cy" "da" "de" "dsb" "el" "en" "en-au" "en-gb" "eo" "es" "es-ar" "es-co" "es-mx" "es-ni" "es-ve" "et" "eu" "fa" "fi" "fr" "fy" "ga" "gd" "gl" "he" "hi" "hr" "hsb" "hu" "hy" "ia" "id" "ig" "io" "is" "it" "ja" "ka" "kab" "kk" "km" "kn" "ko" "ky" "lb" "lt" "lv" "mk" "ml" "mn" "mr" "ms" "my" "nb" "ne" "nl" "nn" "os" "pa" "pl" "pt" "pt-br" "ro" "ru" "sk" "sl" "sq" "sr" "sr-latn" "sv" "sw" "ta" "te" "tg" "th" "tk" "tr" "tt" "udm" "ug" "uk" "ur" "uz" "vi" "zh-hans" "zh-hant"

Responses

Response samples

200
400
403

Content type

application/vnd.oai.openapi

No sample

sources

sources_all_list

Source Viewset

Authorizations:

authentik

query Parameters

managed	string
name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.
slug	string

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string"
}
]
}

sources_all_retrieve

Source Viewset

Authorizations:

authentik

path Parameters

slug

required

string

Internal source name, used in URLs.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string"
}

sources_all_destroy

Source Viewset

Authorizations:

authentik

path Parameters

slug

required

string

Internal source name, used in URLs.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

sources_all_set_icon_create

Set source icon

Authorizations:

authentik

path Parameters

slug

required

string

Internal source name, used in URLs.

Request Body schema: multipart/form-data

file	string <binary>
clear	boolean Default: false

Responses

Response samples

403

Content type

application/json

{"detail": "string",
"code": "string"
}

sources_all_set_icon_url_create

Set source icon (as URL)

Authorizations:

authentik

path Parameters

slug

required

string

Internal source name, used in URLs.

Request Body schema: application/json
required

url

required

string non-empty

Responses

Request samples

Payload

Content type

application/json

{"url": "string"
}

Response samples

403

Content type

application/json

{"detail": "string",
"code": "string"
}

sources_all_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

slug

required

string

Internal source name, used in URLs.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

sources_all_types_list

Get all creatable source types

Authorizations:

authentik

Responses

Response samples

200
400
403

Content type

application/json

[{"name": "string",
"description": "string",
"component": "string",
"model_name": "string",
"requires_enterprise": false
}
]

sources_all_user_settings_list

Get all sources the user can configure

Authorizations:

authentik

Responses

Response samples

200
400
403

Content type

application/json

[{"object_uid": "string",
"component": "string",
"title": "string",
"configure_url": "string",
"icon_url": "string"
}
]

sources_ldap_list

LDAP Source Viewset

Authorizations:

authentik

query Parameters

additional_group_dn	string
additional_user_dn	string
base_dn	string
bind_cn	string
client_certificate	string <uuid>
enabled	boolean
group_membership_field	string
group_object_filter	string
name	string
object_uniqueness_field	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
password_login_update_internal_password	boolean
peer_certificate	string <uuid>
property_mappings	Array of strings <uuid> [ items <uuid > ]
property_mappings_group	Array of strings <uuid> [ items <uuid > ]
search	string A search term.
server_uri	string
slug	string
sni	boolean
start_tls	boolean
sync_groups	boolean
sync_parent_group	string <uuid>
sync_users	boolean
sync_users_password	boolean
user_object_filter	string

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string",
"server_uri": "http://example.com",
"peer_certificate": "c7d691e9-2e1b-4056-8d98-41cfb97738a9",
"client_certificate": "5ccdc3a5-2005-4740-9e5f-d47c3a0bb418",
"bind_cn": "string",
"start_tls": true,
"sni": true,
"base_dn": "string",
"additional_user_dn": "string",
"additional_group_dn": "string",
"user_object_filter": "string",
"group_object_filter": "string",
"group_membership_field": "string",
"object_uniqueness_field": "string",
"password_login_update_internal_password": true,
"sync_users": true,
"sync_users_password": true,
"sync_groups": true,
"sync_parent_group": "45e76c5d-d86c-4b68-9230-81ee95bc199a",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"property_mappings_group": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"connectivity": {"property1": {"property1": "string",
"property2": "string"
},
"property2": {"property1": "string",
"property2": "string"
}
}
}
]
}

sources_ldap_create

LDAP Source Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty Source's display Name.
slug required	string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$ Internal source name, used in URLs.
enabled	boolean
authentication_flow	string or null <uuid> Flow to use when authenticating existing users.
enrollment_flow	string or null <uuid> Flow to use when enrolling new users.
policy_engine_mode	string (PolicyEngineMode) Enum: "all" "any"
user_matching_mode	string Enum: "identifier" "email_link" "email_deny" "username_link" "username_deny" How the source determines if an existing user should be authenticated or a new user enrolled.
user_path_template	string non-empty
server_uri required	string <uri> non-empty
peer_certificate	string or null <uuid> Optionally verify the LDAP Server's Certificate against the CA Chain in this keypair.
client_certificate	string or null <uuid> Client certificate to authenticate against the LDAP Server's Certificate.
bind_cn	string
bind_password	string
start_tls	boolean (Enable Start TLS)
sni	boolean (Use Server URI for SNI verification)
base_dn required	string non-empty
additional_user_dn	string (Addition User DN) Prepended to Base DN for User-queries.
additional_group_dn	string (Addition Group DN) Prepended to Base DN for Group-queries.
user_object_filter	string non-empty Consider Objects matching this filter to be Users.
group_object_filter	string non-empty Consider Objects matching this filter to be Groups.
group_membership_field	string non-empty Field which contains members of a group.
object_uniqueness_field	string non-empty Field which contains a unique Identifier.
password_login_update_internal_password	boolean Update internal authentik password when login succeeds with LDAP
sync_users	boolean
sync_users_password	boolean When a user changes their password, sync it back to LDAP. This can only be enabled on a single LDAP source.
sync_groups	boolean
sync_parent_group	string or null <uuid>
property_mappings	Array of strings <uuid> [ items <uuid > ]
property_mappings_group	Array of strings <uuid> [ items <uuid > ] Property mappings used for group creation/updating.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"user_path_template": "string",
"server_uri": "http://example.com",
"peer_certificate": "c7d691e9-2e1b-4056-8d98-41cfb97738a9",
"client_certificate": "5ccdc3a5-2005-4740-9e5f-d47c3a0bb418",
"bind_cn": "string",
"bind_password": "string",
"start_tls": true,
"sni": true,
"base_dn": "string",
"additional_user_dn": "string",
"additional_group_dn": "string",
"user_object_filter": "string",
"group_object_filter": "string",
"group_membership_field": "string",
"object_uniqueness_field": "string",
"password_login_update_internal_password": true,
"sync_users": true,
"sync_users_password": true,
"sync_groups": true,
"sync_parent_group": "45e76c5d-d86c-4b68-9230-81ee95bc199a",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"property_mappings_group": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string",
"server_uri": "http://example.com",
"peer_certificate": "c7d691e9-2e1b-4056-8d98-41cfb97738a9",
"client_certificate": "5ccdc3a5-2005-4740-9e5f-d47c3a0bb418",
"bind_cn": "string",
"start_tls": true,
"sni": true,
"base_dn": "string",
"additional_user_dn": "string",
"additional_group_dn": "string",
"user_object_filter": "string",
"group_object_filter": "string",
"group_membership_field": "string",
"object_uniqueness_field": "string",
"password_login_update_internal_password": true,
"sync_users": true,
"sync_users_password": true,
"sync_groups": true,
"sync_parent_group": "45e76c5d-d86c-4b68-9230-81ee95bc199a",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"property_mappings_group": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"connectivity": {"property1": {"property1": "string",
"property2": "string"
},
"property2": {"property1": "string",
"property2": "string"
}
}
}

sources_ldap_retrieve

LDAP Source Viewset

Authorizations:

authentik

path Parameters

slug

required

string

Internal source name, used in URLs.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string",
"server_uri": "http://example.com",
"peer_certificate": "c7d691e9-2e1b-4056-8d98-41cfb97738a9",
"client_certificate": "5ccdc3a5-2005-4740-9e5f-d47c3a0bb418",
"bind_cn": "string",
"start_tls": true,
"sni": true,
"base_dn": "string",
"additional_user_dn": "string",
"additional_group_dn": "string",
"user_object_filter": "string",
"group_object_filter": "string",
"group_membership_field": "string",
"object_uniqueness_field": "string",
"password_login_update_internal_password": true,
"sync_users": true,
"sync_users_password": true,
"sync_groups": true,
"sync_parent_group": "45e76c5d-d86c-4b68-9230-81ee95bc199a",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"property_mappings_group": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"connectivity": {"property1": {"property1": "string",
"property2": "string"
},
"property2": {"property1": "string",
"property2": "string"
}
}
}

sources_ldap_update

LDAP Source Viewset

Authorizations:

authentik

path Parameters

slug

required

string

Internal source name, used in URLs.

Request Body schema: application/json
required

name required	string non-empty Source's display Name.
slug required	string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$ Internal source name, used in URLs.
enabled	boolean
authentication_flow	string or null <uuid> Flow to use when authenticating existing users.
enrollment_flow	string or null <uuid> Flow to use when enrolling new users.
policy_engine_mode	string (PolicyEngineMode) Enum: "all" "any"
user_matching_mode	string Enum: "identifier" "email_link" "email_deny" "username_link" "username_deny" How the source determines if an existing user should be authenticated or a new user enrolled.
user_path_template	string non-empty
server_uri required	string <uri> non-empty
peer_certificate	string or null <uuid> Optionally verify the LDAP Server's Certificate against the CA Chain in this keypair.
client_certificate	string or null <uuid> Client certificate to authenticate against the LDAP Server's Certificate.
bind_cn	string
bind_password	string
start_tls	boolean (Enable Start TLS)
sni	boolean (Use Server URI for SNI verification)
base_dn required	string non-empty
additional_user_dn	string (Addition User DN) Prepended to Base DN for User-queries.
additional_group_dn	string (Addition Group DN) Prepended to Base DN for Group-queries.
user_object_filter	string non-empty Consider Objects matching this filter to be Users.
group_object_filter	string non-empty Consider Objects matching this filter to be Groups.
group_membership_field	string non-empty Field which contains members of a group.
object_uniqueness_field	string non-empty Field which contains a unique Identifier.
password_login_update_internal_password	boolean Update internal authentik password when login succeeds with LDAP
sync_users	boolean
sync_users_password	boolean When a user changes their password, sync it back to LDAP. This can only be enabled on a single LDAP source.
sync_groups	boolean
sync_parent_group	string or null <uuid>
property_mappings	Array of strings <uuid> [ items <uuid > ]
property_mappings_group	Array of strings <uuid> [ items <uuid > ] Property mappings used for group creation/updating.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"user_path_template": "string",
"server_uri": "http://example.com",
"peer_certificate": "c7d691e9-2e1b-4056-8d98-41cfb97738a9",
"client_certificate": "5ccdc3a5-2005-4740-9e5f-d47c3a0bb418",
"bind_cn": "string",
"bind_password": "string",
"start_tls": true,
"sni": true,
"base_dn": "string",
"additional_user_dn": "string",
"additional_group_dn": "string",
"user_object_filter": "string",
"group_object_filter": "string",
"group_membership_field": "string",
"object_uniqueness_field": "string",
"password_login_update_internal_password": true,
"sync_users": true,
"sync_users_password": true,
"sync_groups": true,
"sync_parent_group": "45e76c5d-d86c-4b68-9230-81ee95bc199a",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"property_mappings_group": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string",
"server_uri": "http://example.com",
"peer_certificate": "c7d691e9-2e1b-4056-8d98-41cfb97738a9",
"client_certificate": "5ccdc3a5-2005-4740-9e5f-d47c3a0bb418",
"bind_cn": "string",
"start_tls": true,
"sni": true,
"base_dn": "string",
"additional_user_dn": "string",
"additional_group_dn": "string",
"user_object_filter": "string",
"group_object_filter": "string",
"group_membership_field": "string",
"object_uniqueness_field": "string",
"password_login_update_internal_password": true,
"sync_users": true,
"sync_users_password": true,
"sync_groups": true,
"sync_parent_group": "45e76c5d-d86c-4b68-9230-81ee95bc199a",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"property_mappings_group": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"connectivity": {"property1": {"property1": "string",
"property2": "string"
},
"property2": {"property1": "string",
"property2": "string"
}
}
}

sources_ldap_partial_update

LDAP Source Viewset

Authorizations:

authentik

path Parameters

slug

required

string

Internal source name, used in URLs.

Request Body schema: application/json

name	string non-empty Source's display Name.
slug	string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$ Internal source name, used in URLs.
enabled	boolean
authentication_flow	string or null <uuid> Flow to use when authenticating existing users.
enrollment_flow	string or null <uuid> Flow to use when enrolling new users.
policy_engine_mode	string (PolicyEngineMode) Enum: "all" "any"
user_matching_mode	string Enum: "identifier" "email_link" "email_deny" "username_link" "username_deny" How the source determines if an existing user should be authenticated or a new user enrolled.
user_path_template	string non-empty
server_uri	string <uri> non-empty
peer_certificate	string or null <uuid> Optionally verify the LDAP Server's Certificate against the CA Chain in this keypair.
client_certificate	string or null <uuid> Client certificate to authenticate against the LDAP Server's Certificate.
bind_cn	string
bind_password	string
start_tls	boolean (Enable Start TLS)
sni	boolean (Use Server URI for SNI verification)
base_dn	string non-empty
additional_user_dn	string (Addition User DN) Prepended to Base DN for User-queries.
additional_group_dn	string (Addition Group DN) Prepended to Base DN for Group-queries.
user_object_filter	string non-empty Consider Objects matching this filter to be Users.
group_object_filter	string non-empty Consider Objects matching this filter to be Groups.
group_membership_field	string non-empty Field which contains members of a group.
object_uniqueness_field	string non-empty Field which contains a unique Identifier.
password_login_update_internal_password	boolean Update internal authentik password when login succeeds with LDAP
sync_users	boolean
sync_users_password	boolean When a user changes their password, sync it back to LDAP. This can only be enabled on a single LDAP source.
sync_groups	boolean
sync_parent_group	string or null <uuid>
property_mappings	Array of strings <uuid> [ items <uuid > ]
property_mappings_group	Array of strings <uuid> [ items <uuid > ] Property mappings used for group creation/updating.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"user_path_template": "string",
"server_uri": "http://example.com",
"peer_certificate": "c7d691e9-2e1b-4056-8d98-41cfb97738a9",
"client_certificate": "5ccdc3a5-2005-4740-9e5f-d47c3a0bb418",
"bind_cn": "string",
"bind_password": "string",
"start_tls": true,
"sni": true,
"base_dn": "string",
"additional_user_dn": "string",
"additional_group_dn": "string",
"user_object_filter": "string",
"group_object_filter": "string",
"group_membership_field": "string",
"object_uniqueness_field": "string",
"password_login_update_internal_password": true,
"sync_users": true,
"sync_users_password": true,
"sync_groups": true,
"sync_parent_group": "45e76c5d-d86c-4b68-9230-81ee95bc199a",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"property_mappings_group": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string",
"server_uri": "http://example.com",
"peer_certificate": "c7d691e9-2e1b-4056-8d98-41cfb97738a9",
"client_certificate": "5ccdc3a5-2005-4740-9e5f-d47c3a0bb418",
"bind_cn": "string",
"start_tls": true,
"sni": true,
"base_dn": "string",
"additional_user_dn": "string",
"additional_group_dn": "string",
"user_object_filter": "string",
"group_object_filter": "string",
"group_membership_field": "string",
"object_uniqueness_field": "string",
"password_login_update_internal_password": true,
"sync_users": true,
"sync_users_password": true,
"sync_groups": true,
"sync_parent_group": "45e76c5d-d86c-4b68-9230-81ee95bc199a",
"property_mappings": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"property_mappings_group": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"connectivity": {"property1": {"property1": "string",
"property2": "string"
},
"property2": {"property1": "string",
"property2": "string"
}
}
}

sources_ldap_destroy

LDAP Source Viewset

Authorizations:

authentik

path Parameters

slug

required

string

Internal source name, used in URLs.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

sources_ldap_debug_retrieve

Get raw LDAP data to debug

Authorizations:

authentik

path Parameters

slug

required

string

Internal source name, used in URLs.

Responses

Response samples

200
400
403

Content type

application/json

{"user": [{"property1": null,
"property2": null
}
],
"group": [{"property1": null,
"property2": null
}
],
"membership": [{"property1": null,
"property2": null
}
]
}

sources_ldap_sync_status_retrieve

Get source's sync status

Authorizations:

authentik

path Parameters

slug

required

string

Internal source name, used in URLs.

Responses

Response samples

200
400
403

Content type

application/json

{"is_running": true,
"tasks": [{"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f",
"name": "string",
"full_name": "string",
"uid": "string",
"description": "string",
"start_timestamp": "2019-08-24T14:15:22Z",
"finish_timestamp": "2019-08-24T14:15:22Z",
"duration": 0.1,
"status": "unknown",
"messages": [{"timestamp": "2019-08-24T14:15:22Z",
"log_level": "critical",
"logger": "string",
"event": "string",
"attributes": {"property1": null,
"property2": null
}
}
]
}
]
}

sources_ldap_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

slug

required

string

Internal source name, used in URLs.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

sources_oauth_list

Source Viewset

Authorizations:

authentik

query Parameters

access_token_url	string
additional_scopes	string
authentication_flow	string <uuid>
authorization_url	string
consumer_key	string
enabled	boolean
enrollment_flow	string <uuid>
has_jwks	boolean Only return sources with JWKS data
name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
policy_engine_mode	string Enum: "all" "any"
profile_url	string
provider_type	string
request_token_url	string
search	string A search term.
slug	string
user_matching_mode	string Enum: "email_deny" "email_link" "identifier" "username_deny" "username_link" How the source determines if an existing user should be authenticated or a new user enrolled.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string",
"provider_type": "apple",
"request_token_url": "string",
"authorization_url": "string",
"access_token_url": "string",
"profile_url": "string",
"consumer_key": "string",
"callback_url": "string",
"additional_scopes": "string",
"type": {"name": "string",
"verbose_name": "string",
"urls_customizable": true,
"request_token_url": "string",
"authorization_url": "string",
"access_token_url": "string",
"profile_url": "string",
"oidc_well_known_url": "string",
"oidc_jwks_url": "string"
},
"oidc_well_known_url": "string",
"oidc_jwks_url": "string",
"oidc_jwks": null
}
]
}

sources_oauth_create

Source Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty Source's display Name.
slug required	string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$ Internal source name, used in URLs.
enabled	boolean
authentication_flow	string or null <uuid> Flow to use when authenticating existing users.
enrollment_flow	string or null <uuid> Flow to use when enrolling new users.
policy_engine_mode	string (PolicyEngineMode) Enum: "all" "any"
user_matching_mode	string Enum: "identifier" "email_link" "email_deny" "username_link" "username_deny" How the source determines if an existing user should be authenticated or a new user enrolled.
user_path_template	string non-empty
provider_type required	string (ProviderTypeEnum) Enum: "apple" "openidconnect" "azuread" "discord" "facebook" "github" "gitlab" "google" "mailcow" "okta" "patreon" "reddit" "twitch" "twitter"
request_token_url	string or null <= 255 characters URL used to request the initial token. This URL is only required for OAuth 1.
authorization_url	string or null <= 255 characters URL the user is redirect to to conest the flow.
access_token_url	string or null <= 255 characters URL used by authentik to retrieve tokens.
profile_url	string or null <= 255 characters URL used by authentik to get user information.
consumer_key required	string non-empty
consumer_secret required	string non-empty
additional_scopes	string
oidc_well_known_url	string
oidc_jwks_url	string
oidc_jwks	any

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"user_path_template": "string",
"provider_type": "apple",
"request_token_url": "string",
"authorization_url": "string",
"access_token_url": "string",
"profile_url": "string",
"consumer_key": "string",
"consumer_secret": "string",
"additional_scopes": "string",
"oidc_well_known_url": "string",
"oidc_jwks_url": "string",
"oidc_jwks": null
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string",
"provider_type": "apple",
"request_token_url": "string",
"authorization_url": "string",
"access_token_url": "string",
"profile_url": "string",
"consumer_key": "string",
"callback_url": "string",
"additional_scopes": "string",
"type": {"name": "string",
"verbose_name": "string",
"urls_customizable": true,
"request_token_url": "string",
"authorization_url": "string",
"access_token_url": "string",
"profile_url": "string",
"oidc_well_known_url": "string",
"oidc_jwks_url": "string"
},
"oidc_well_known_url": "string",
"oidc_jwks_url": "string",
"oidc_jwks": null
}

sources_oauth_retrieve

Source Viewset

Authorizations:

authentik

path Parameters

slug

required

string

Internal source name, used in URLs.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string",
"provider_type": "apple",
"request_token_url": "string",
"authorization_url": "string",
"access_token_url": "string",
"profile_url": "string",
"consumer_key": "string",
"callback_url": "string",
"additional_scopes": "string",
"type": {"name": "string",
"verbose_name": "string",
"urls_customizable": true,
"request_token_url": "string",
"authorization_url": "string",
"access_token_url": "string",
"profile_url": "string",
"oidc_well_known_url": "string",
"oidc_jwks_url": "string"
},
"oidc_well_known_url": "string",
"oidc_jwks_url": "string",
"oidc_jwks": null
}

sources_oauth_update

Source Viewset

Authorizations:

authentik

path Parameters

slug

required

string

Internal source name, used in URLs.

Request Body schema: application/json
required

name required	string non-empty Source's display Name.
slug required	string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$ Internal source name, used in URLs.
enabled	boolean
authentication_flow	string or null <uuid> Flow to use when authenticating existing users.
enrollment_flow	string or null <uuid> Flow to use when enrolling new users.
policy_engine_mode	string (PolicyEngineMode) Enum: "all" "any"
user_matching_mode	string Enum: "identifier" "email_link" "email_deny" "username_link" "username_deny" How the source determines if an existing user should be authenticated or a new user enrolled.
user_path_template	string non-empty
provider_type required	string (ProviderTypeEnum) Enum: "apple" "openidconnect" "azuread" "discord" "facebook" "github" "gitlab" "google" "mailcow" "okta" "patreon" "reddit" "twitch" "twitter"
request_token_url	string or null <= 255 characters URL used to request the initial token. This URL is only required for OAuth 1.
authorization_url	string or null <= 255 characters URL the user is redirect to to conest the flow.
access_token_url	string or null <= 255 characters URL used by authentik to retrieve tokens.
profile_url	string or null <= 255 characters URL used by authentik to get user information.
consumer_key required	string non-empty
consumer_secret required	string non-empty
additional_scopes	string
oidc_well_known_url	string
oidc_jwks_url	string
oidc_jwks	any

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"user_path_template": "string",
"provider_type": "apple",
"request_token_url": "string",
"authorization_url": "string",
"access_token_url": "string",
"profile_url": "string",
"consumer_key": "string",
"consumer_secret": "string",
"additional_scopes": "string",
"oidc_well_known_url": "string",
"oidc_jwks_url": "string",
"oidc_jwks": null
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string",
"provider_type": "apple",
"request_token_url": "string",
"authorization_url": "string",
"access_token_url": "string",
"profile_url": "string",
"consumer_key": "string",
"callback_url": "string",
"additional_scopes": "string",
"type": {"name": "string",
"verbose_name": "string",
"urls_customizable": true,
"request_token_url": "string",
"authorization_url": "string",
"access_token_url": "string",
"profile_url": "string",
"oidc_well_known_url": "string",
"oidc_jwks_url": "string"
},
"oidc_well_known_url": "string",
"oidc_jwks_url": "string",
"oidc_jwks": null
}

sources_oauth_partial_update

Source Viewset

Authorizations:

authentik

path Parameters

slug

required

string

Internal source name, used in URLs.

Request Body schema: application/json

name	string non-empty Source's display Name.
slug	string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$ Internal source name, used in URLs.
enabled	boolean
authentication_flow	string or null <uuid> Flow to use when authenticating existing users.
enrollment_flow	string or null <uuid> Flow to use when enrolling new users.
policy_engine_mode	string (PolicyEngineMode) Enum: "all" "any"
user_matching_mode	string Enum: "identifier" "email_link" "email_deny" "username_link" "username_deny" How the source determines if an existing user should be authenticated or a new user enrolled.
user_path_template	string non-empty
provider_type	string (ProviderTypeEnum) Enum: "apple" "openidconnect" "azuread" "discord" "facebook" "github" "gitlab" "google" "mailcow" "okta" "patreon" "reddit" "twitch" "twitter"
request_token_url	string or null <= 255 characters URL used to request the initial token. This URL is only required for OAuth 1.
authorization_url	string or null <= 255 characters URL the user is redirect to to conest the flow.
access_token_url	string or null <= 255 characters URL used by authentik to retrieve tokens.
profile_url	string or null <= 255 characters URL used by authentik to get user information.
consumer_key	string non-empty
consumer_secret	string non-empty
additional_scopes	string
oidc_well_known_url	string
oidc_jwks_url	string
oidc_jwks	any

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"user_path_template": "string",
"provider_type": "apple",
"request_token_url": "string",
"authorization_url": "string",
"access_token_url": "string",
"profile_url": "string",
"consumer_key": "string",
"consumer_secret": "string",
"additional_scopes": "string",
"oidc_well_known_url": "string",
"oidc_jwks_url": "string",
"oidc_jwks": null
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string",
"provider_type": "apple",
"request_token_url": "string",
"authorization_url": "string",
"access_token_url": "string",
"profile_url": "string",
"consumer_key": "string",
"callback_url": "string",
"additional_scopes": "string",
"type": {"name": "string",
"verbose_name": "string",
"urls_customizable": true,
"request_token_url": "string",
"authorization_url": "string",
"access_token_url": "string",
"profile_url": "string",
"oidc_well_known_url": "string",
"oidc_jwks_url": "string"
},
"oidc_well_known_url": "string",
"oidc_jwks_url": "string",
"oidc_jwks": null
}

sources_oauth_destroy

Source Viewset

Authorizations:

authentik

path Parameters

slug

required

string

Internal source name, used in URLs.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

sources_oauth_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

slug

required

string

Internal source name, used in URLs.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

sources_oauth_source_types_list

Get all creatable source types. If ?name is set, only returns the type for . If isn't found, returns the default type.

Authorizations:

authentik

query Parameters

name

string

Responses

Response samples

200
400
403

Content type

application/json

[{"name": "string",
"verbose_name": "string",
"urls_customizable": true,
"request_token_url": "string",
"authorization_url": "string",
"access_token_url": "string",
"profile_url": "string",
"oidc_well_known_url": "string",
"oidc_jwks_url": "string"
}
]

sources_plex_list

Plex source Viewset

Authorizations:

authentik

query Parameters

allow_friends	boolean
authentication_flow	string <uuid>
client_id	string
enabled	boolean
enrollment_flow	string <uuid>
name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
policy_engine_mode	string Enum: "all" "any"
search	string A search term.
slug	string
user_matching_mode	string Enum: "email_deny" "email_link" "identifier" "username_deny" "username_link" How the source determines if an existing user should be authenticated or a new user enrolled.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string",
"client_id": "string",
"allowed_servers": ["string"
],
"allow_friends": true,
"plex_token": "string"
}
]
}

sources_plex_create

Plex source Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty Source's display Name.
slug required	string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$ Internal source name, used in URLs.
enabled	boolean
authentication_flow	string or null <uuid> Flow to use when authenticating existing users.
enrollment_flow	string or null <uuid> Flow to use when enrolling new users.
policy_engine_mode	string (PolicyEngineMode) Enum: "all" "any"
user_matching_mode	string Enum: "identifier" "email_link" "email_deny" "username_link" "username_deny" How the source determines if an existing user should be authenticated or a new user enrolled.
user_path_template	string non-empty
client_id	string non-empty Client identifier used to talk to Plex.
allowed_servers	Array of strings[ items non-empty ] Which servers a user has to be a member of to be granted access. Empty list allows every server.
allow_friends	boolean Allow friends to authenticate, even if you don't share a server.
plex_token required	string non-empty Plex token used to check friends

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"user_path_template": "string",
"client_id": "string",
"allowed_servers": ["string"
],
"allow_friends": true,
"plex_token": "string"
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string",
"client_id": "string",
"allowed_servers": ["string"
],
"allow_friends": true,
"plex_token": "string"
}

sources_plex_retrieve

Plex source Viewset

Authorizations:

authentik

path Parameters

slug

required

string

Internal source name, used in URLs.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string",
"client_id": "string",
"allowed_servers": ["string"
],
"allow_friends": true,
"plex_token": "string"
}

sources_plex_update

Plex source Viewset

Authorizations:

authentik

path Parameters

slug

required

string

Internal source name, used in URLs.

Request Body schema: application/json
required

name required	string non-empty Source's display Name.
slug required	string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$ Internal source name, used in URLs.
enabled	boolean
authentication_flow	string or null <uuid> Flow to use when authenticating existing users.
enrollment_flow	string or null <uuid> Flow to use when enrolling new users.
policy_engine_mode	string (PolicyEngineMode) Enum: "all" "any"
user_matching_mode	string Enum: "identifier" "email_link" "email_deny" "username_link" "username_deny" How the source determines if an existing user should be authenticated or a new user enrolled.
user_path_template	string non-empty
client_id	string non-empty Client identifier used to talk to Plex.
allowed_servers	Array of strings[ items non-empty ] Which servers a user has to be a member of to be granted access. Empty list allows every server.
allow_friends	boolean Allow friends to authenticate, even if you don't share a server.
plex_token required	string non-empty Plex token used to check friends

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"user_path_template": "string",
"client_id": "string",
"allowed_servers": ["string"
],
"allow_friends": true,
"plex_token": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string",
"client_id": "string",
"allowed_servers": ["string"
],
"allow_friends": true,
"plex_token": "string"
}

sources_plex_partial_update

Plex source Viewset

Authorizations:

authentik

path Parameters

slug

required

string

Internal source name, used in URLs.

Request Body schema: application/json

name	string non-empty Source's display Name.
slug	string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$ Internal source name, used in URLs.
enabled	boolean
authentication_flow	string or null <uuid> Flow to use when authenticating existing users.
enrollment_flow	string or null <uuid> Flow to use when enrolling new users.
policy_engine_mode	string (PolicyEngineMode) Enum: "all" "any"
user_matching_mode	string Enum: "identifier" "email_link" "email_deny" "username_link" "username_deny" How the source determines if an existing user should be authenticated or a new user enrolled.
user_path_template	string non-empty
client_id	string non-empty Client identifier used to talk to Plex.
allowed_servers	Array of strings[ items non-empty ] Which servers a user has to be a member of to be granted access. Empty list allows every server.
allow_friends	boolean Allow friends to authenticate, even if you don't share a server.
plex_token	string non-empty Plex token used to check friends

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"user_path_template": "string",
"client_id": "string",
"allowed_servers": ["string"
],
"allow_friends": true,
"plex_token": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string",
"client_id": "string",
"allowed_servers": ["string"
],
"allow_friends": true,
"plex_token": "string"
}

sources_plex_destroy

Plex source Viewset

Authorizations:

authentik

path Parameters

slug

required

string

Internal source name, used in URLs.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

sources_plex_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

slug

required

string

Internal source name, used in URLs.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

sources_plex_redeem_token_create

Redeem a plex token, check it's access to resources against what's allowed for the source, and redirect to an authentication/enrollment flow.

Authorizations:

authentikNone

query Parameters

slug

string

Request Body schema: application/json
required

plex_token

required

string non-empty

Responses

Request samples

Payload

Content type

application/json

{"plex_token": "string"
}

Response samples

200

Content type

application/json

{"type": "native",
"flow_info": {"title": "string",
"background": "string",
"cancel_url": "string",
"layout": "stacked"
},
"component": "xak-flow-redirect",
"response_errors": {"property1": [{"string": "string",
"code": "string"
}
],
"property2": [{"string": "string",
"code": "string"
}
]
},
"to": "string"
}

sources_plex_redeem_token_authenticated_create

Redeem a plex token for an authenticated user, creating a connection

Authorizations:

authentik

query Parameters

slug

string

Request Body schema: application/json
required

plex_token

required

string non-empty

Responses

Request samples

Payload

Content type

application/json

{"plex_token": "string"
}

sources_saml_list

SAMLSource Viewset

Authorizations:

authentik

query Parameters

allow_idp_initiated	boolean
authentication_flow	string <uuid>
binding_type	string Enum: "POST" "POST_AUTO" "REDIRECT"
digest_algorithm	string Enum: "http://www.w3.org/2000/09/xmldsig#sha1" "http://www.w3.org/2001/04/xmldsig-more#sha384" "http://www.w3.org/2001/04/xmlenc#sha256" "http://www.w3.org/2001/04/xmlenc#sha512"
enabled	boolean
enrollment_flow	string <uuid>
issuer	string
managed	string
name	string
name_id_policy	string Enum: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" "urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName" "urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName" "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" "urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
policy_engine_mode	string Enum: "all" "any"
pre_authentication_flow	string <uuid>
search	string A search term.
signature_algorithm	string Enum: "http://www.w3.org/2000/09/xmldsig#dsa-sha1" "http://www.w3.org/2000/09/xmldsig#rsa-sha1" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"
signing_kp	string <uuid>
slo_url	string
slug	string
sso_url	string
temporary_user_delete_after	string
user_matching_mode	string Enum: "email_deny" "email_link" "identifier" "username_deny" "username_link" How the source determines if an existing user should be authenticated or a new user enrolled.
verification_kp	string <uuid>

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string",
"pre_authentication_flow": "c300ea9b-d659-4a88-87fa-cd5accf202fa",
"issuer": "string",
"sso_url": "http://example.com",
"slo_url": "http://example.com",
"allow_idp_initiated": true,
"name_id_policy": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"binding_type": "REDIRECT",
"verification_kp": "01673228-a4bf-408e-99ea-d26a2859b762",
"signing_kp": "b97ed510-ac46-447f-91e4-3a014dd2e993",
"digest_algorithm": "http://www.w3.org/2000/09/xmldsig#sha1",
"signature_algorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
"temporary_user_delete_after": "string"
}
]
}

sources_saml_create

SAMLSource Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty Source's display Name.
slug required	string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$ Internal source name, used in URLs.
enabled	boolean
authentication_flow	string or null <uuid> Flow to use when authenticating existing users.
enrollment_flow	string or null <uuid> Flow to use when enrolling new users.
policy_engine_mode	string (PolicyEngineMode) Enum: "all" "any"
user_matching_mode	string Enum: "identifier" "email_link" "email_deny" "username_link" "username_deny" How the source determines if an existing user should be authenticated or a new user enrolled.
user_path_template	string non-empty
pre_authentication_flow required	string <uuid> Flow used before authentication.
issuer	string Also known as Entity ID. Defaults the Metadata URL.
sso_url required	string <uri> [ 1 .. 200 ] characters URL that the initial Login request is sent to.
slo_url	string or null <uri> <= 200 characters Optional URL if your IDP supports Single-Logout.
allow_idp_initiated	boolean Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done.
name_id_policy	string Enum: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" "urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName" "urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName" "urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.
binding_type	string (BindingTypeEnum) Enum: "REDIRECT" "POST" "POST_AUTO"
verification_kp	string or null <uuid> (Verification Certificate) When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default.
signing_kp	string or null <uuid> (Signing Keypair) Keypair used to sign outgoing Responses going to the Identity Provider.
digest_algorithm	string (DigestAlgorithmEnum) Enum: "http://www.w3.org/2000/09/xmldsig#sha1" "http://www.w3.org/2001/04/xmlenc#sha256" "http://www.w3.org/2001/04/xmldsig-more#sha384" "http://www.w3.org/2001/04/xmlenc#sha512"
signature_algorithm	string (SignatureAlgorithmEnum) Enum: "http://www.w3.org/2000/09/xmldsig#rsa-sha1" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" "http://www.w3.org/2000/09/xmldsig#dsa-sha1"
temporary_user_delete_after	string (Delete temporary users after) non-empty Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. (Format: hours=1;minutes=2;seconds=3).

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"user_path_template": "string",
"pre_authentication_flow": "c300ea9b-d659-4a88-87fa-cd5accf202fa",
"issuer": "string",
"sso_url": "http://example.com",
"slo_url": "http://example.com",
"allow_idp_initiated": true,
"name_id_policy": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"binding_type": "REDIRECT",
"verification_kp": "01673228-a4bf-408e-99ea-d26a2859b762",
"signing_kp": "b97ed510-ac46-447f-91e4-3a014dd2e993",
"digest_algorithm": "http://www.w3.org/2000/09/xmldsig#sha1",
"signature_algorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
"temporary_user_delete_after": "string"
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string",
"pre_authentication_flow": "c300ea9b-d659-4a88-87fa-cd5accf202fa",
"issuer": "string",
"sso_url": "http://example.com",
"slo_url": "http://example.com",
"allow_idp_initiated": true,
"name_id_policy": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"binding_type": "REDIRECT",
"verification_kp": "01673228-a4bf-408e-99ea-d26a2859b762",
"signing_kp": "b97ed510-ac46-447f-91e4-3a014dd2e993",
"digest_algorithm": "http://www.w3.org/2000/09/xmldsig#sha1",
"signature_algorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
"temporary_user_delete_after": "string"
}

sources_saml_retrieve

SAMLSource Viewset

Authorizations:

authentik

path Parameters

slug

required

string

Internal source name, used in URLs.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string",
"pre_authentication_flow": "c300ea9b-d659-4a88-87fa-cd5accf202fa",
"issuer": "string",
"sso_url": "http://example.com",
"slo_url": "http://example.com",
"allow_idp_initiated": true,
"name_id_policy": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"binding_type": "REDIRECT",
"verification_kp": "01673228-a4bf-408e-99ea-d26a2859b762",
"signing_kp": "b97ed510-ac46-447f-91e4-3a014dd2e993",
"digest_algorithm": "http://www.w3.org/2000/09/xmldsig#sha1",
"signature_algorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
"temporary_user_delete_after": "string"
}

sources_saml_update

SAMLSource Viewset

Authorizations:

authentik

path Parameters

slug

required

string

Internal source name, used in URLs.

Request Body schema: application/json
required

name required	string non-empty Source's display Name.
slug required	string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$ Internal source name, used in URLs.
enabled	boolean
authentication_flow	string or null <uuid> Flow to use when authenticating existing users.
enrollment_flow	string or null <uuid> Flow to use when enrolling new users.
policy_engine_mode	string (PolicyEngineMode) Enum: "all" "any"
user_matching_mode	string Enum: "identifier" "email_link" "email_deny" "username_link" "username_deny" How the source determines if an existing user should be authenticated or a new user enrolled.
user_path_template	string non-empty
pre_authentication_flow required	string <uuid> Flow used before authentication.
issuer	string Also known as Entity ID. Defaults the Metadata URL.
sso_url required	string <uri> [ 1 .. 200 ] characters URL that the initial Login request is sent to.
slo_url	string or null <uri> <= 200 characters Optional URL if your IDP supports Single-Logout.
allow_idp_initiated	boolean Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done.
name_id_policy	string Enum: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" "urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName" "urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName" "urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.
binding_type	string (BindingTypeEnum) Enum: "REDIRECT" "POST" "POST_AUTO"
verification_kp	string or null <uuid> (Verification Certificate) When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default.
signing_kp	string or null <uuid> (Signing Keypair) Keypair used to sign outgoing Responses going to the Identity Provider.
digest_algorithm	string (DigestAlgorithmEnum) Enum: "http://www.w3.org/2000/09/xmldsig#sha1" "http://www.w3.org/2001/04/xmlenc#sha256" "http://www.w3.org/2001/04/xmldsig-more#sha384" "http://www.w3.org/2001/04/xmlenc#sha512"
signature_algorithm	string (SignatureAlgorithmEnum) Enum: "http://www.w3.org/2000/09/xmldsig#rsa-sha1" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" "http://www.w3.org/2000/09/xmldsig#dsa-sha1"
temporary_user_delete_after	string (Delete temporary users after) non-empty Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. (Format: hours=1;minutes=2;seconds=3).

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"user_path_template": "string",
"pre_authentication_flow": "c300ea9b-d659-4a88-87fa-cd5accf202fa",
"issuer": "string",
"sso_url": "http://example.com",
"slo_url": "http://example.com",
"allow_idp_initiated": true,
"name_id_policy": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"binding_type": "REDIRECT",
"verification_kp": "01673228-a4bf-408e-99ea-d26a2859b762",
"signing_kp": "b97ed510-ac46-447f-91e4-3a014dd2e993",
"digest_algorithm": "http://www.w3.org/2000/09/xmldsig#sha1",
"signature_algorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
"temporary_user_delete_after": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string",
"pre_authentication_flow": "c300ea9b-d659-4a88-87fa-cd5accf202fa",
"issuer": "string",
"sso_url": "http://example.com",
"slo_url": "http://example.com",
"allow_idp_initiated": true,
"name_id_policy": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"binding_type": "REDIRECT",
"verification_kp": "01673228-a4bf-408e-99ea-d26a2859b762",
"signing_kp": "b97ed510-ac46-447f-91e4-3a014dd2e993",
"digest_algorithm": "http://www.w3.org/2000/09/xmldsig#sha1",
"signature_algorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
"temporary_user_delete_after": "string"
}

sources_saml_partial_update

SAMLSource Viewset

Authorizations:

authentik

path Parameters

slug

required

string

Internal source name, used in URLs.

Request Body schema: application/json

name	string non-empty Source's display Name.
slug	string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$ Internal source name, used in URLs.
enabled	boolean
authentication_flow	string or null <uuid> Flow to use when authenticating existing users.
enrollment_flow	string or null <uuid> Flow to use when enrolling new users.
policy_engine_mode	string (PolicyEngineMode) Enum: "all" "any"
user_matching_mode	string Enum: "identifier" "email_link" "email_deny" "username_link" "username_deny" How the source determines if an existing user should be authenticated or a new user enrolled.
user_path_template	string non-empty
pre_authentication_flow	string <uuid> Flow used before authentication.
issuer	string Also known as Entity ID. Defaults the Metadata URL.
sso_url	string <uri> [ 1 .. 200 ] characters URL that the initial Login request is sent to.
slo_url	string or null <uri> <= 200 characters Optional URL if your IDP supports Single-Logout.
allow_idp_initiated	boolean Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done.
name_id_policy	string Enum: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" "urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName" "urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName" "urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.
binding_type	string (BindingTypeEnum) Enum: "REDIRECT" "POST" "POST_AUTO"
verification_kp	string or null <uuid> (Verification Certificate) When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default.
signing_kp	string or null <uuid> (Signing Keypair) Keypair used to sign outgoing Responses going to the Identity Provider.
digest_algorithm	string (DigestAlgorithmEnum) Enum: "http://www.w3.org/2000/09/xmldsig#sha1" "http://www.w3.org/2001/04/xmlenc#sha256" "http://www.w3.org/2001/04/xmldsig-more#sha384" "http://www.w3.org/2001/04/xmlenc#sha512"
signature_algorithm	string (SignatureAlgorithmEnum) Enum: "http://www.w3.org/2000/09/xmldsig#rsa-sha1" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384" "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" "http://www.w3.org/2000/09/xmldsig#dsa-sha1"
temporary_user_delete_after	string (Delete temporary users after) non-empty Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. (Format: hours=1;minutes=2;seconds=3).

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"user_path_template": "string",
"pre_authentication_flow": "c300ea9b-d659-4a88-87fa-cd5accf202fa",
"issuer": "string",
"sso_url": "http://example.com",
"slo_url": "http://example.com",
"allow_idp_initiated": true,
"name_id_policy": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"binding_type": "REDIRECT",
"verification_kp": "01673228-a4bf-408e-99ea-d26a2859b762",
"signing_kp": "b97ed510-ac46-447f-91e4-3a014dd2e993",
"digest_algorithm": "http://www.w3.org/2000/09/xmldsig#sha1",
"signature_algorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
"temporary_user_delete_after": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string",
"pre_authentication_flow": "c300ea9b-d659-4a88-87fa-cd5accf202fa",
"issuer": "string",
"sso_url": "http://example.com",
"slo_url": "http://example.com",
"allow_idp_initiated": true,
"name_id_policy": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"binding_type": "REDIRECT",
"verification_kp": "01673228-a4bf-408e-99ea-d26a2859b762",
"signing_kp": "b97ed510-ac46-447f-91e4-3a014dd2e993",
"digest_algorithm": "http://www.w3.org/2000/09/xmldsig#sha1",
"signature_algorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
"temporary_user_delete_after": "string"
}

sources_saml_destroy

SAMLSource Viewset

Authorizations:

authentik

path Parameters

slug

required

string

Internal source name, used in URLs.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

sources_saml_metadata_retrieve

Return metadata as XML string

Authorizations:

authentik

path Parameters

slug

required

string

Internal source name, used in URLs.

Responses

Response samples

200
400
403

Content type

application/json

{"metadata": "string",
"download_url": "string"
}

sources_saml_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

slug

required

string

Internal source name, used in URLs.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

sources_scim_list

SCIMSource Viewset

Authorizations:

authentik

query Parameters

name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.
slug	string

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"root_url": "string",
"token_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"managed": "string",
"identifier": "string",
"intent": "verification",
"user": 0,
"user_obj": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"is_superuser": true,
"groups": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"groups_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"attributes": {"property1": null,
"property2": null
}
}
],
"email": "user@example.com",
"avatar": "string",
"attributes": {"property1": null,
"property2": null
},
"uid": "string",
"path": "string",
"type": "internal",
"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f"
},
"description": "string",
"expires": "2019-08-24T14:15:22Z",
"expiring": true
}
}
]
}

sources_scim_create

SCIMSource Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty Source's display Name.
slug required	string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$ Internal source name, used in URLs.
enabled	boolean
user_matching_mode	string Enum: "identifier" "email_link" "email_deny" "username_link" "username_deny" How the source determines if an existing user should be authenticated or a new user enrolled.
user_path_template	string non-empty

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"slug": "string",
"enabled": true,
"user_matching_mode": "identifier",
"user_path_template": "string"
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"root_url": "string",
"token_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"managed": "string",
"identifier": "string",
"intent": "verification",
"user": 0,
"user_obj": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"is_superuser": true,
"groups": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"groups_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"attributes": {"property1": null,
"property2": null
}
}
],
"email": "user@example.com",
"avatar": "string",
"attributes": {"property1": null,
"property2": null
},
"uid": "string",
"path": "string",
"type": "internal",
"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f"
},
"description": "string",
"expires": "2019-08-24T14:15:22Z",
"expiring": true
}
}

sources_scim_retrieve

SCIMSource Viewset

Authorizations:

authentik

path Parameters

slug

required

string

Internal source name, used in URLs.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"root_url": "string",
"token_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"managed": "string",
"identifier": "string",
"intent": "verification",
"user": 0,
"user_obj": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"is_superuser": true,
"groups": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"groups_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"attributes": {"property1": null,
"property2": null
}
}
],
"email": "user@example.com",
"avatar": "string",
"attributes": {"property1": null,
"property2": null
},
"uid": "string",
"path": "string",
"type": "internal",
"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f"
},
"description": "string",
"expires": "2019-08-24T14:15:22Z",
"expiring": true
}
}

sources_scim_update

SCIMSource Viewset

Authorizations:

authentik

path Parameters

slug

required

string

Internal source name, used in URLs.

Request Body schema: application/json
required

name required	string non-empty Source's display Name.
slug required	string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$ Internal source name, used in URLs.
enabled	boolean
user_matching_mode	string Enum: "identifier" "email_link" "email_deny" "username_link" "username_deny" How the source determines if an existing user should be authenticated or a new user enrolled.
user_path_template	string non-empty

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"slug": "string",
"enabled": true,
"user_matching_mode": "identifier",
"user_path_template": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"root_url": "string",
"token_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"managed": "string",
"identifier": "string",
"intent": "verification",
"user": 0,
"user_obj": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"is_superuser": true,
"groups": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"groups_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"attributes": {"property1": null,
"property2": null
}
}
],
"email": "user@example.com",
"avatar": "string",
"attributes": {"property1": null,
"property2": null
},
"uid": "string",
"path": "string",
"type": "internal",
"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f"
},
"description": "string",
"expires": "2019-08-24T14:15:22Z",
"expiring": true
}
}

sources_scim_partial_update

SCIMSource Viewset

Authorizations:

authentik

path Parameters

slug

required

string

Internal source name, used in URLs.

Request Body schema: application/json

name	string non-empty Source's display Name.
slug	string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$ Internal source name, used in URLs.
enabled	boolean
user_matching_mode	string Enum: "identifier" "email_link" "email_deny" "username_link" "username_deny" How the source determines if an existing user should be authenticated or a new user enrolled.
user_path_template	string non-empty

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"slug": "string",
"enabled": true,
"user_matching_mode": "identifier",
"user_path_template": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"root_url": "string",
"token_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"managed": "string",
"identifier": "string",
"intent": "verification",
"user": 0,
"user_obj": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"is_superuser": true,
"groups": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"groups_obj": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"attributes": {"property1": null,
"property2": null
}
}
],
"email": "user@example.com",
"avatar": "string",
"attributes": {"property1": null,
"property2": null
},
"uid": "string",
"path": "string",
"type": "internal",
"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f"
},
"description": "string",
"expires": "2019-08-24T14:15:22Z",
"expiring": true
}
}

sources_scim_destroy

SCIMSource Viewset

Authorizations:

authentik

path Parameters

slug

required

string

Internal source name, used in URLs.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

sources_scim_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

slug

required

string

Internal source name, used in URLs.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

sources_scim_groups_list

SCIMSourceGroup Viewset

Authorizations:

authentik

query Parameters

group__group_uuid	string <uuid>
group__name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.
source__slug	string

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"id": "string",
"group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
"group_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"attributes": {"property1": null,
"property2": null
}
},
"source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
"attributes": null
}
]
}

sources_scim_groups_create

SCIMSourceGroup Viewset

Authorizations:

authentik

Request Body schema: application/json
required

id required	string non-empty
group required	string <uuid>
source required	string <uuid>
attributes	any

Responses

Request samples

Payload

Content type

application/json

{"id": "string",
"group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
"source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
"attributes": null
}

Response samples

201
400
403

Content type

application/json

{"id": "string",
"group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
"group_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"attributes": {"property1": null,
"property2": null
}
},
"source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
"attributes": null
}

sources_scim_groups_retrieve

SCIMSourceGroup Viewset

Authorizations:

authentik

path Parameters

id

required

string

A unique value identifying this scim source group.

Responses

Response samples

200
400
403

Content type

application/json

{"id": "string",
"group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
"group_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"attributes": {"property1": null,
"property2": null
}
},
"source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
"attributes": null
}

sources_scim_groups_update

SCIMSourceGroup Viewset

Authorizations:

authentik

path Parameters

id

required

string

A unique value identifying this scim source group.

Request Body schema: application/json
required

id required	string non-empty
group required	string <uuid>
source required	string <uuid>
attributes	any

Responses

Request samples

Payload

Content type

application/json

{"id": "string",
"group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
"source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
"attributes": null
}

Response samples

200
400
403

Content type

application/json

{"id": "string",
"group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
"group_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"attributes": {"property1": null,
"property2": null
}
},
"source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
"attributes": null
}

sources_scim_groups_partial_update

SCIMSourceGroup Viewset

Authorizations:

authentik

path Parameters

id

required

string

A unique value identifying this scim source group.

Request Body schema: application/json

id	string non-empty
group	string <uuid>
source	string <uuid>
attributes	any

Responses

Request samples

Payload

Content type

application/json

{"id": "string",
"group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
"source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
"attributes": null
}

Response samples

200
400
403

Content type

application/json

{"id": "string",
"group": "fbd899a6-8a66-4f51-a95d-68668de198ae",
"group_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"num_pk": 0,
"name": "string",
"is_superuser": true,
"parent": "42e2bc1b-6741-4e2e-b138-97b4a342c999",
"parent_name": "string",
"attributes": {"property1": null,
"property2": null
}
},
"source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
"attributes": null
}

sources_scim_groups_destroy

SCIMSourceGroup Viewset

Authorizations:

authentik

path Parameters

id

required

string

A unique value identifying this scim source group.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

sources_scim_groups_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

id

required

string

A unique value identifying this scim source group.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

sources_scim_users_list

SCIMSourceUser Viewset

Authorizations:

authentik

query Parameters

ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.
source__slug	string
user__id	integer
user__username	string

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"id": "string",
"user": 0,
"user_obj": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"email": "user@example.com",
"attributes": {"property1": null,
"property2": null
},
"uid": "string"
},
"source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
"attributes": null
}
]
}

sources_scim_users_create

SCIMSourceUser Viewset

Authorizations:

authentik

Request Body schema: application/json
required

id required	string non-empty
user required	integer
source required	string <uuid>
attributes	any

Responses

Request samples

Payload

Content type

application/json

{"id": "string",
"user": 0,
"source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
"attributes": null
}

Response samples

201
400
403

Content type

application/json

{"id": "string",
"user": 0,
"user_obj": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"email": "user@example.com",
"attributes": {"property1": null,
"property2": null
},
"uid": "string"
},
"source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
"attributes": null
}

sources_scim_users_retrieve

SCIMSourceUser Viewset

Authorizations:

authentik

path Parameters

id

required

string

A unique value identifying this scim source user.

Responses

Response samples

200
400
403

Content type

application/json

{"id": "string",
"user": 0,
"user_obj": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"email": "user@example.com",
"attributes": {"property1": null,
"property2": null
},
"uid": "string"
},
"source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
"attributes": null
}

sources_scim_users_update

SCIMSourceUser Viewset

Authorizations:

authentik

path Parameters

id

required

string

A unique value identifying this scim source user.

Request Body schema: application/json
required

id required	string non-empty
user required	integer
source required	string <uuid>
attributes	any

Responses

Request samples

Payload

Content type

application/json

{"id": "string",
"user": 0,
"source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
"attributes": null
}

Response samples

200
400
403

Content type

application/json

{"id": "string",
"user": 0,
"user_obj": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"email": "user@example.com",
"attributes": {"property1": null,
"property2": null
},
"uid": "string"
},
"source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
"attributes": null
}

sources_scim_users_partial_update

SCIMSourceUser Viewset

Authorizations:

authentik

path Parameters

id

required

string

A unique value identifying this scim source user.

Request Body schema: application/json

id	string non-empty
user	integer
source	string <uuid>
attributes	any

Responses

Request samples

Payload

Content type

application/json

{"id": "string",
"user": 0,
"source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
"attributes": null
}

Response samples

200
400
403

Content type

application/json

{"id": "string",
"user": 0,
"user_obj": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"email": "user@example.com",
"attributes": {"property1": null,
"property2": null
},
"uid": "string"
},
"source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
"attributes": null
}

sources_scim_users_destroy

SCIMSourceUser Viewset

Authorizations:

authentik

path Parameters

id

required

string

A unique value identifying this scim source user.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

sources_scim_users_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

id

required

string

A unique value identifying this scim source user.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

sources_user_connections_all_list

User-source connection Viewset

Authorizations:

authentik

query Parameters

ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.
user	integer

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": 0,
"user": 0,
"source": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string"
},
"created": "2019-08-24T14:15:22Z"
}
]
}

sources_user_connections_all_retrieve

User-source connection Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this user source connection.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"user": 0,
"source": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string"
},
"created": "2019-08-24T14:15:22Z"
}

sources_user_connections_all_update

User-source connection Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this user source connection.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"user": 0,
"source": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string"
},
"created": "2019-08-24T14:15:22Z"
}

sources_user_connections_all_partial_update

User-source connection Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this user source connection.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"user": 0,
"source": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string"
},
"created": "2019-08-24T14:15:22Z"
}

sources_user_connections_all_destroy

User-source connection Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this user source connection.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

sources_user_connections_all_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this user source connection.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

sources_user_connections_oauth_list

Source Viewset

Authorizations:

authentik

query Parameters

ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.
source__slug	string

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": 0,
"user": 0,
"source": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string"
},
"identifier": "string"
}
]
}

sources_user_connections_oauth_create

Source Viewset

Authorizations:

authentik

Request Body schema: application/json
required

user required	integer
identifier required	string [ 1 .. 255 ] characters
access_token	string or null

Responses

Request samples

Payload

Content type

application/json

{"user": 0,
"identifier": "string",
"access_token": "string"
}

Response samples

201
400
403

Content type

application/json

{"pk": 0,
"user": 0,
"source": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string"
},
"identifier": "string"
}

sources_user_connections_oauth_retrieve

Source Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this User OAuth Source Connection.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"user": 0,
"source": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string"
},
"identifier": "string"
}

sources_user_connections_oauth_update

Source Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this User OAuth Source Connection.

Request Body schema: application/json
required

user required	integer
identifier required	string [ 1 .. 255 ] characters
access_token	string or null

Responses

Request samples

Payload

Content type

application/json

{"user": 0,
"identifier": "string",
"access_token": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"user": 0,
"source": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string"
},
"identifier": "string"
}

sources_user_connections_oauth_partial_update

Source Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this User OAuth Source Connection.

Request Body schema: application/json

user	integer
identifier	string [ 1 .. 255 ] characters
access_token	string or null

Responses

Request samples

Payload

Content type

application/json

{"user": 0,
"identifier": "string",
"access_token": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"user": 0,
"source": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string"
},
"identifier": "string"
}

sources_user_connections_oauth_destroy

Source Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this User OAuth Source Connection.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

sources_user_connections_oauth_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this User OAuth Source Connection.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

sources_user_connections_plex_list

Plex Source connection Serializer

Authorizations:

authentik

query Parameters

ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.
source__slug	string

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": 0,
"user": 0,
"source": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string"
},
"identifier": "string",
"plex_token": "string"
}
]
}

sources_user_connections_plex_create

Plex Source connection Serializer

Authorizations:

authentik

Request Body schema: application/json
required

identifier required	string non-empty
plex_token required	string non-empty

Responses

Request samples

Payload

Content type

application/json

{"identifier": "string",
"plex_token": "string"
}

Response samples

201
400
403

Content type

application/json

{"pk": 0,
"user": 0,
"source": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string"
},
"identifier": "string",
"plex_token": "string"
}

sources_user_connections_plex_retrieve

Plex Source connection Serializer

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this User Plex Source Connection.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"user": 0,
"source": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string"
},
"identifier": "string",
"plex_token": "string"
}

sources_user_connections_plex_update

Plex Source connection Serializer

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this User Plex Source Connection.

Request Body schema: application/json
required

identifier required	string non-empty
plex_token required	string non-empty

Responses

Request samples

Payload

Content type

application/json

{"identifier": "string",
"plex_token": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"user": 0,
"source": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string"
},
"identifier": "string",
"plex_token": "string"
}

sources_user_connections_plex_partial_update

Plex Source connection Serializer

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this User Plex Source Connection.

Request Body schema: application/json

identifier	string non-empty
plex_token	string non-empty

Responses

Request samples

Payload

Content type

application/json

{"identifier": "string",
"plex_token": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"user": 0,
"source": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string"
},
"identifier": "string",
"plex_token": "string"
}

sources_user_connections_plex_destroy

Plex Source connection Serializer

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this User Plex Source Connection.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

sources_user_connections_plex_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this User Plex Source Connection.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

sources_user_connections_saml_list

Source Viewset

Authorizations:

authentik

query Parameters

ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.
source__slug	string

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": 0,
"user": 0,
"source": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string"
},
"identifier": "string"
}
]
}

sources_user_connections_saml_create

Source Viewset

Authorizations:

authentik

Request Body schema: application/json
required

user required	integer
identifier required	string non-empty

Responses

Request samples

Payload

Content type

application/json

{"user": 0,
"identifier": "string"
}

Response samples

201
400
403

Content type

application/json

{"pk": 0,
"user": 0,
"source": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string"
},
"identifier": "string"
}

sources_user_connections_saml_retrieve

Source Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this User SAML Source Connection.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"user": 0,
"source": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string"
},
"identifier": "string"
}

sources_user_connections_saml_update

Source Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this User SAML Source Connection.

Request Body schema: application/json
required

user required	integer
identifier required	string non-empty

Responses

Request samples

Payload

Content type

application/json

{"user": 0,
"identifier": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"user": 0,
"source": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string"
},
"identifier": "string"
}

sources_user_connections_saml_partial_update

Source Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this User SAML Source Connection.

Request Body schema: application/json

user	integer
identifier	string non-empty

Responses

Request samples

Payload

Content type

application/json

{"user": 0,
"identifier": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": 0,
"user": 0,
"source": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"slug": "string",
"enabled": true,
"authentication_flow": "b5daf2b2-15f4-42e3-b293-4b5d356d93aa",
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"policy_engine_mode": "all",
"user_matching_mode": "identifier",
"managed": "string",
"user_path_template": "string",
"icon": "string"
},
"identifier": "string"
}

sources_user_connections_saml_destroy

Source Viewset

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this User SAML Source Connection.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

sources_user_connections_saml_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

id

required

integer

A unique integer value identifying this User SAML Source Connection.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

stages

stages_all_list

Stage Viewset

Authorizations:

authentik

query Parameters

name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
]
}
]
}

stages_all_retrieve

Stage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this stage.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
]
}

stages_all_destroy

Stage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this stage.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

stages_all_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this stage.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

stages_all_types_list

Get all creatable stage types

Authorizations:

authentik

Responses

Response samples

200
400
403

Content type

application/json

[{"name": "string",
"description": "string",
"component": "string",
"model_name": "string",
"requires_enterprise": false
}
]

stages_all_user_settings_list

Get all stages the user can configure

Authorizations:

authentik

Responses

Response samples

200
400
403

Content type

application/json

[{"object_uid": "string",
"component": "string",
"title": "string",
"configure_url": "string",
"icon_url": "string"
}
]

stages_authenticator_duo_list

AuthenticatorDuoStage Viewset

Authorizations:

authentik

query Parameters

api_hostname	string
client_id	string
configure_flow	string <uuid>
name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"client_id": "string",
"api_hostname": "string",
"admin_integration_key": "string"
}
]
}

stages_authenticator_duo_create

AuthenticatorDuoStage Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)
configure_flow	string or null <uuid> Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage.
friendly_name	string or null non-empty
client_id required	string non-empty
client_secret required	string non-empty
api_hostname required	string non-empty
admin_integration_key	string
admin_secret_key	string

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"client_id": "string",
"client_secret": "string",
"api_hostname": "string",
"admin_integration_key": "string",
"admin_secret_key": "string"
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"client_id": "string",
"api_hostname": "string",
"admin_integration_key": "string"
}

stages_authenticator_duo_retrieve

AuthenticatorDuoStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Duo Authenticator Setup Stage.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"client_id": "string",
"api_hostname": "string",
"admin_integration_key": "string"
}

stages_authenticator_duo_update

AuthenticatorDuoStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Duo Authenticator Setup Stage.

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)
configure_flow	string or null <uuid> Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage.
friendly_name	string or null non-empty
client_id required	string non-empty
client_secret required	string non-empty
api_hostname required	string non-empty
admin_integration_key	string
admin_secret_key	string

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"client_id": "string",
"client_secret": "string",
"api_hostname": "string",
"admin_integration_key": "string",
"admin_secret_key": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"client_id": "string",
"api_hostname": "string",
"admin_integration_key": "string"
}

stages_authenticator_duo_partial_update

AuthenticatorDuoStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Duo Authenticator Setup Stage.

Request Body schema: application/json

name	string non-empty
	Array of objects (FlowSetRequest)
configure_flow	string or null <uuid> Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage.
friendly_name	string or null non-empty
client_id	string non-empty
client_secret	string non-empty
api_hostname	string non-empty
admin_integration_key	string
admin_secret_key	string

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"client_id": "string",
"client_secret": "string",
"api_hostname": "string",
"admin_integration_key": "string",
"admin_secret_key": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"client_id": "string",
"api_hostname": "string",
"admin_integration_key": "string"
}

stages_authenticator_duo_destroy

AuthenticatorDuoStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Duo Authenticator Setup Stage.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

stages_authenticator_duo_enrollment_status_create

Check enrollment status of user details in current session

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Duo Authenticator Setup Stage.

Responses

Response samples

200
400
403

Content type

application/json

{"duo_response": "success"
}

stages_authenticator_duo_import_device_manual_create

Import duo devices into authentik

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Duo Authenticator Setup Stage.

Request Body schema: application/json
required

duo_user_id required	string non-empty
username required	string non-empty

Responses

Request samples

Payload

Content type

application/json

{"duo_user_id": "string",
"username": "string"
}

Response samples

403

Content type

application/json

{"detail": "string",
"code": "string"
}

stages_authenticator_duo_import_devices_automatic_create

Import duo devices into authentik

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Duo Authenticator Setup Stage.

Responses

Response samples

200
403

Content type

application/json

{"count": 0,
"error": "string"
}

stages_authenticator_duo_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Duo Authenticator Setup Stage.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

stages_authenticator_sms_list

AuthenticatorSMSStage Viewset

Authorizations:

authentik

query Parameters

account_sid	string
auth	string
auth_password	string
auth_type	string Enum: "basic" "bearer"
configure_flow	string <uuid>
friendly_name	string
from_number	string
mapping	string <uuid>
name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
provider	string Enum: "generic" "twilio"
search	string A search term.
stage_uuid	string <uuid>
verify_only	boolean

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"provider": "twilio",
"from_number": "string",
"account_sid": "string",
"auth": "string",
"auth_password": "string",
"auth_type": "basic",
"verify_only": true,
"mapping": "cd845aba-a2ed-4c77-84a2-7d3ad6b8b9af"
}
]
}

stages_authenticator_sms_create

AuthenticatorSMSStage Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)
configure_flow	string or null <uuid> Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage.
friendly_name	string or null non-empty
provider required	string (ProviderEnum) Enum: "twilio" "generic"
from_number required	string non-empty
account_sid required	string non-empty
auth required	string non-empty
auth_password	string
auth_type	string (AuthTypeEnum) Enum: "basic" "bearer"
verify_only	boolean When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future.
mapping	string or null <uuid> Optionally modify the payload being sent to custom providers.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"provider": "twilio",
"from_number": "string",
"account_sid": "string",
"auth": "string",
"auth_password": "string",
"auth_type": "basic",
"verify_only": true,
"mapping": "cd845aba-a2ed-4c77-84a2-7d3ad6b8b9af"
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"provider": "twilio",
"from_number": "string",
"account_sid": "string",
"auth": "string",
"auth_password": "string",
"auth_type": "basic",
"verify_only": true,
"mapping": "cd845aba-a2ed-4c77-84a2-7d3ad6b8b9af"
}

stages_authenticator_sms_retrieve

AuthenticatorSMSStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this SMS Authenticator Setup Stage.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"provider": "twilio",
"from_number": "string",
"account_sid": "string",
"auth": "string",
"auth_password": "string",
"auth_type": "basic",
"verify_only": true,
"mapping": "cd845aba-a2ed-4c77-84a2-7d3ad6b8b9af"
}

stages_authenticator_sms_update

AuthenticatorSMSStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this SMS Authenticator Setup Stage.

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)
configure_flow	string or null <uuid> Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage.
friendly_name	string or null non-empty
provider required	string (ProviderEnum) Enum: "twilio" "generic"
from_number required	string non-empty
account_sid required	string non-empty
auth required	string non-empty
auth_password	string
auth_type	string (AuthTypeEnum) Enum: "basic" "bearer"
verify_only	boolean When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future.
mapping	string or null <uuid> Optionally modify the payload being sent to custom providers.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"provider": "twilio",
"from_number": "string",
"account_sid": "string",
"auth": "string",
"auth_password": "string",
"auth_type": "basic",
"verify_only": true,
"mapping": "cd845aba-a2ed-4c77-84a2-7d3ad6b8b9af"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"provider": "twilio",
"from_number": "string",
"account_sid": "string",
"auth": "string",
"auth_password": "string",
"auth_type": "basic",
"verify_only": true,
"mapping": "cd845aba-a2ed-4c77-84a2-7d3ad6b8b9af"
}

stages_authenticator_sms_partial_update

AuthenticatorSMSStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this SMS Authenticator Setup Stage.

Request Body schema: application/json

name	string non-empty
	Array of objects (FlowSetRequest)
configure_flow	string or null <uuid> Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage.
friendly_name	string or null non-empty
provider	string (ProviderEnum) Enum: "twilio" "generic"
from_number	string non-empty
account_sid	string non-empty
auth	string non-empty
auth_password	string
auth_type	string (AuthTypeEnum) Enum: "basic" "bearer"
verify_only	boolean When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future.
mapping	string or null <uuid> Optionally modify the payload being sent to custom providers.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"provider": "twilio",
"from_number": "string",
"account_sid": "string",
"auth": "string",
"auth_password": "string",
"auth_type": "basic",
"verify_only": true,
"mapping": "cd845aba-a2ed-4c77-84a2-7d3ad6b8b9af"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"provider": "twilio",
"from_number": "string",
"account_sid": "string",
"auth": "string",
"auth_password": "string",
"auth_type": "basic",
"verify_only": true,
"mapping": "cd845aba-a2ed-4c77-84a2-7d3ad6b8b9af"
}

stages_authenticator_sms_destroy

AuthenticatorSMSStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this SMS Authenticator Setup Stage.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

stages_authenticator_sms_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this SMS Authenticator Setup Stage.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

stages_authenticator_static_list

AuthenticatorStaticStage Viewset

Authorizations:

authentik

query Parameters

configure_flow	string <uuid>
friendly_name	string
name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.
stage_uuid	string <uuid>
token_count	integer
token_length	integer

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"token_count": 2147483647,
"token_length": 2147483647
}
]
}

stages_authenticator_static_create

AuthenticatorStaticStage Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)
configure_flow	string or null <uuid> Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage.
friendly_name	string or null non-empty
token_count	integer [ 0 .. 2147483647 ]
token_length	integer [ 0 .. 2147483647 ]

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"token_count": 2147483647,
"token_length": 2147483647
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"token_count": 2147483647,
"token_length": 2147483647
}

stages_authenticator_static_retrieve

AuthenticatorStaticStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Static Authenticator Setup Stage.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"token_count": 2147483647,
"token_length": 2147483647
}

stages_authenticator_static_update

AuthenticatorStaticStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Static Authenticator Setup Stage.

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)
configure_flow	string or null <uuid> Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage.
friendly_name	string or null non-empty
token_count	integer [ 0 .. 2147483647 ]
token_length	integer [ 0 .. 2147483647 ]

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"token_count": 2147483647,
"token_length": 2147483647
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"token_count": 2147483647,
"token_length": 2147483647
}

stages_authenticator_static_partial_update

AuthenticatorStaticStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Static Authenticator Setup Stage.

Request Body schema: application/json

name	string non-empty
	Array of objects (FlowSetRequest)
configure_flow	string or null <uuid> Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage.
friendly_name	string or null non-empty
token_count	integer [ 0 .. 2147483647 ]
token_length	integer [ 0 .. 2147483647 ]

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"token_count": 2147483647,
"token_length": 2147483647
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"token_count": 2147483647,
"token_length": 2147483647
}

stages_authenticator_static_destroy

AuthenticatorStaticStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Static Authenticator Setup Stage.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

stages_authenticator_static_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Static Authenticator Setup Stage.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

stages_authenticator_totp_list

AuthenticatorTOTPStage Viewset

Authorizations:

authentik

query Parameters

configure_flow	string <uuid>
digits	string Enum: "6" "8"
friendly_name	string
name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.
stage_uuid	string <uuid>

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"digits": "6"
}
]
}

stages_authenticator_totp_create

AuthenticatorTOTPStage Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)
configure_flow	string or null <uuid> Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage.
friendly_name	string or null non-empty
digits required	string (DigitsEnum) Enum: "6" "8"

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"digits": "6"
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"digits": "6"
}

stages_authenticator_totp_retrieve

AuthenticatorTOTPStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this TOTP Authenticator Setup Stage.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"digits": "6"
}

stages_authenticator_totp_update

AuthenticatorTOTPStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this TOTP Authenticator Setup Stage.

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)
configure_flow	string or null <uuid> Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage.
friendly_name	string or null non-empty
digits required	string (DigitsEnum) Enum: "6" "8"

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"digits": "6"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"digits": "6"
}

stages_authenticator_totp_partial_update

AuthenticatorTOTPStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this TOTP Authenticator Setup Stage.

Request Body schema: application/json

name	string non-empty
	Array of objects (FlowSetRequest)
configure_flow	string or null <uuid> Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage.
friendly_name	string or null non-empty
digits	string (DigitsEnum) Enum: "6" "8"

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"digits": "6"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"digits": "6"
}

stages_authenticator_totp_destroy

AuthenticatorTOTPStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this TOTP Authenticator Setup Stage.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

stages_authenticator_totp_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this TOTP Authenticator Setup Stage.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

stages_authenticator_validate_list

AuthenticatorValidateStage Viewset

Authorizations:

authentik

query Parameters

configuration_stages	Array of strings <uuid> [ items <uuid > ]
name	string
not_configured_action	string Enum: "configure" "deny" "skip"
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"not_configured_action": "skip",
"device_classes": ["static"
],
"configuration_stages": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"last_auth_threshold": "string",
"webauthn_user_verification": "required",
"webauthn_allowed_device_types": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"webauthn_allowed_device_types_obj": [{"aaguid": "e263c88c-bd50-489e-aacd-e4ea31523281",
"description": "string"
}
]
}
]
}

stages_authenticator_validate_create

AuthenticatorValidateStage Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)
not_configured_action	string (NotConfiguredActionEnum) Enum: "skip" "deny" "configure"
device_classes	Array of strings (DeviceClassesEnum) Items Enum: "static" "totp" "webauthn" "duo" "sms" Device classes which can be used to authenticate
configuration_stages	Array of strings <uuid> [ items <uuid > ] Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again.
last_auth_threshold	string non-empty If any of the user's device has been used within this threshold, this stage will be skipped
webauthn_user_verification	string Enum: "required" "preferred" "discouraged" Enforce user verification for WebAuthn devices.
webauthn_allowed_device_types	Array of strings <uuid> [ items <uuid > ]

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"not_configured_action": "skip",
"device_classes": ["static"
],
"configuration_stages": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"last_auth_threshold": "string",
"webauthn_user_verification": "required",
"webauthn_allowed_device_types": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"not_configured_action": "skip",
"device_classes": ["static"
],
"configuration_stages": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"last_auth_threshold": "string",
"webauthn_user_verification": "required",
"webauthn_allowed_device_types": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"webauthn_allowed_device_types_obj": [{"aaguid": "e263c88c-bd50-489e-aacd-e4ea31523281",
"description": "string"
}
]
}

stages_authenticator_validate_retrieve

AuthenticatorValidateStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Authenticator Validation Stage.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"not_configured_action": "skip",
"device_classes": ["static"
],
"configuration_stages": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"last_auth_threshold": "string",
"webauthn_user_verification": "required",
"webauthn_allowed_device_types": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"webauthn_allowed_device_types_obj": [{"aaguid": "e263c88c-bd50-489e-aacd-e4ea31523281",
"description": "string"
}
]
}

stages_authenticator_validate_update

AuthenticatorValidateStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Authenticator Validation Stage.

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)
not_configured_action	string (NotConfiguredActionEnum) Enum: "skip" "deny" "configure"
device_classes	Array of strings (DeviceClassesEnum) Items Enum: "static" "totp" "webauthn" "duo" "sms" Device classes which can be used to authenticate
configuration_stages	Array of strings <uuid> [ items <uuid > ] Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again.
last_auth_threshold	string non-empty If any of the user's device has been used within this threshold, this stage will be skipped
webauthn_user_verification	string Enum: "required" "preferred" "discouraged" Enforce user verification for WebAuthn devices.
webauthn_allowed_device_types	Array of strings <uuid> [ items <uuid > ]

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"not_configured_action": "skip",
"device_classes": ["static"
],
"configuration_stages": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"last_auth_threshold": "string",
"webauthn_user_verification": "required",
"webauthn_allowed_device_types": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"not_configured_action": "skip",
"device_classes": ["static"
],
"configuration_stages": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"last_auth_threshold": "string",
"webauthn_user_verification": "required",
"webauthn_allowed_device_types": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"webauthn_allowed_device_types_obj": [{"aaguid": "e263c88c-bd50-489e-aacd-e4ea31523281",
"description": "string"
}
]
}

stages_authenticator_validate_partial_update

AuthenticatorValidateStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Authenticator Validation Stage.

Request Body schema: application/json

name	string non-empty
	Array of objects (FlowSetRequest)
not_configured_action	string (NotConfiguredActionEnum) Enum: "skip" "deny" "configure"
device_classes	Array of strings (DeviceClassesEnum) Items Enum: "static" "totp" "webauthn" "duo" "sms" Device classes which can be used to authenticate
configuration_stages	Array of strings <uuid> [ items <uuid > ] Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again.
last_auth_threshold	string non-empty If any of the user's device has been used within this threshold, this stage will be skipped
webauthn_user_verification	string Enum: "required" "preferred" "discouraged" Enforce user verification for WebAuthn devices.
webauthn_allowed_device_types	Array of strings <uuid> [ items <uuid > ]

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"not_configured_action": "skip",
"device_classes": ["static"
],
"configuration_stages": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"last_auth_threshold": "string",
"webauthn_user_verification": "required",
"webauthn_allowed_device_types": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"not_configured_action": "skip",
"device_classes": ["static"
],
"configuration_stages": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"last_auth_threshold": "string",
"webauthn_user_verification": "required",
"webauthn_allowed_device_types": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"webauthn_allowed_device_types_obj": [{"aaguid": "e263c88c-bd50-489e-aacd-e4ea31523281",
"description": "string"
}
]
}

stages_authenticator_validate_destroy

AuthenticatorValidateStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Authenticator Validation Stage.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

stages_authenticator_validate_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Authenticator Validation Stage.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

stages_authenticator_webauthn_list

AuthenticatorWebAuthnStage Viewset

Authorizations:

authentik

query Parameters

authenticator_attachment	string or null Enum: "cross-platform" "platform"
configure_flow	string <uuid>
device_type_restrictions	Array of strings <uuid> [ items <uuid > ]
friendly_name	string
name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
resident_key_requirement	string Enum: "discouraged" "preferred" "required"
search	string A search term.
stage_uuid	string <uuid>
user_verification	string Enum: "discouraged" "preferred" "required"

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"user_verification": "required",
"authenticator_attachment": "platform",
"resident_key_requirement": "discouraged",
"device_type_restrictions": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"device_type_restrictions_obj": [{"aaguid": "e263c88c-bd50-489e-aacd-e4ea31523281",
"description": "string"
}
]
}
]
}

stages_authenticator_webauthn_create

AuthenticatorWebAuthnStage Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)
configure_flow	string or null <uuid> Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage.
friendly_name	string or null non-empty
user_verification	string (UserVerificationEnum) Enum: "required" "preferred" "discouraged"
authenticator_attachment	string or null Enum: "platform" "cross-platform"
resident_key_requirement	string (ResidentKeyRequirementEnum) Enum: "discouraged" "preferred" "required"
device_type_restrictions	Array of strings <uuid> [ items <uuid > ]

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"user_verification": "required",
"authenticator_attachment": "platform",
"resident_key_requirement": "discouraged",
"device_type_restrictions": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"user_verification": "required",
"authenticator_attachment": "platform",
"resident_key_requirement": "discouraged",
"device_type_restrictions": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"device_type_restrictions_obj": [{"aaguid": "e263c88c-bd50-489e-aacd-e4ea31523281",
"description": "string"
}
]
}

stages_authenticator_webauthn_retrieve

AuthenticatorWebAuthnStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this WebAuthn Authenticator Setup Stage.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"user_verification": "required",
"authenticator_attachment": "platform",
"resident_key_requirement": "discouraged",
"device_type_restrictions": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"device_type_restrictions_obj": [{"aaguid": "e263c88c-bd50-489e-aacd-e4ea31523281",
"description": "string"
}
]
}

stages_authenticator_webauthn_update

AuthenticatorWebAuthnStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this WebAuthn Authenticator Setup Stage.

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)
configure_flow	string or null <uuid> Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage.
friendly_name	string or null non-empty
user_verification	string (UserVerificationEnum) Enum: "required" "preferred" "discouraged"
authenticator_attachment	string or null Enum: "platform" "cross-platform"
resident_key_requirement	string (ResidentKeyRequirementEnum) Enum: "discouraged" "preferred" "required"
device_type_restrictions	Array of strings <uuid> [ items <uuid > ]

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"user_verification": "required",
"authenticator_attachment": "platform",
"resident_key_requirement": "discouraged",
"device_type_restrictions": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"user_verification": "required",
"authenticator_attachment": "platform",
"resident_key_requirement": "discouraged",
"device_type_restrictions": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"device_type_restrictions_obj": [{"aaguid": "e263c88c-bd50-489e-aacd-e4ea31523281",
"description": "string"
}
]
}

stages_authenticator_webauthn_partial_update

AuthenticatorWebAuthnStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this WebAuthn Authenticator Setup Stage.

Request Body schema: application/json

name	string non-empty
	Array of objects (FlowSetRequest)
configure_flow	string or null <uuid> Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage.
friendly_name	string or null non-empty
user_verification	string (UserVerificationEnum) Enum: "required" "preferred" "discouraged"
authenticator_attachment	string or null Enum: "platform" "cross-platform"
resident_key_requirement	string (ResidentKeyRequirementEnum) Enum: "discouraged" "preferred" "required"
device_type_restrictions	Array of strings <uuid> [ items <uuid > ]

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"user_verification": "required",
"authenticator_attachment": "platform",
"resident_key_requirement": "discouraged",
"device_type_restrictions": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"friendly_name": "string",
"user_verification": "required",
"authenticator_attachment": "platform",
"resident_key_requirement": "discouraged",
"device_type_restrictions": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"device_type_restrictions_obj": [{"aaguid": "e263c88c-bd50-489e-aacd-e4ea31523281",
"description": "string"
}
]
}

stages_authenticator_webauthn_destroy

AuthenticatorWebAuthnStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this WebAuthn Authenticator Setup Stage.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

stages_authenticator_webauthn_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this WebAuthn Authenticator Setup Stage.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

stages_authenticator_webauthn_device_types_list

WebAuthnDeviceType Viewset

Authorizations:

authentik

query Parameters

aaguid	string <uuid>
description	string
icon	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"aaguid": "e263c88c-bd50-489e-aacd-e4ea31523281",
"description": "string"
}
]
}

stages_authenticator_webauthn_device_types_retrieve

WebAuthnDeviceType Viewset

Authorizations:

authentik

path Parameters

aaguid

required

string <uuid>

A UUID string identifying this WebAuthn Device type.

Responses

Response samples

200
400
403

Content type

application/json

{"aaguid": "e263c88c-bd50-489e-aacd-e4ea31523281",
"description": "string"
}

stages_captcha_list

CaptchaStage Viewset

Authorizations:

authentik

query Parameters

name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
public_key	string
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"public_key": "string",
"js_url": "string",
"api_url": "string"
}
]
}

stages_captcha_create

CaptchaStage Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)
public_key required	string non-empty Public key, acquired your captcha Provider.
private_key required	string non-empty Private key, acquired your captcha Provider.
js_url	string non-empty
api_url	string non-empty

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"public_key": "string",
"private_key": "string",
"js_url": "string",
"api_url": "string"
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"public_key": "string",
"js_url": "string",
"api_url": "string"
}

stages_captcha_retrieve

CaptchaStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Captcha Stage.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"public_key": "string",
"js_url": "string",
"api_url": "string"
}

stages_captcha_update

CaptchaStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Captcha Stage.

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)
public_key required	string non-empty Public key, acquired your captcha Provider.
private_key required	string non-empty Private key, acquired your captcha Provider.
js_url	string non-empty
api_url	string non-empty

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"public_key": "string",
"private_key": "string",
"js_url": "string",
"api_url": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"public_key": "string",
"js_url": "string",
"api_url": "string"
}

stages_captcha_partial_update

CaptchaStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Captcha Stage.

Request Body schema: application/json

name	string non-empty
	Array of objects (FlowSetRequest)
public_key	string non-empty Public key, acquired your captcha Provider.
private_key	string non-empty Private key, acquired your captcha Provider.
js_url	string non-empty
api_url	string non-empty

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"public_key": "string",
"private_key": "string",
"js_url": "string",
"api_url": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"public_key": "string",
"js_url": "string",
"api_url": "string"
}

stages_captcha_destroy

CaptchaStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Captcha Stage.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

stages_captcha_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Captcha Stage.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

stages_consent_list

ConsentStage Viewset

Authorizations:

authentik

query Parameters

consent_expire_in	string
mode	string Enum: "always_require" "expiring" "permanent"
name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.
stage_uuid	string <uuid>

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"mode": "always_require",
"consent_expire_in": "string"
}
]
}

stages_consent_create

ConsentStage Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)
mode	string (ConsentStageModeEnum) Enum: "always_require" "permanent" "expiring"
consent_expire_in	string (Consent expires in) non-empty Offset after which consent expires. (Format: hours=1;minutes=2;seconds=3).

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"mode": "always_require",
"consent_expire_in": "string"
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"mode": "always_require",
"consent_expire_in": "string"
}

stages_consent_retrieve

ConsentStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Consent Stage.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"mode": "always_require",
"consent_expire_in": "string"
}

stages_consent_update

ConsentStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Consent Stage.

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)
mode	string (ConsentStageModeEnum) Enum: "always_require" "permanent" "expiring"
consent_expire_in	string (Consent expires in) non-empty Offset after which consent expires. (Format: hours=1;minutes=2;seconds=3).

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"mode": "always_require",
"consent_expire_in": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"mode": "always_require",
"consent_expire_in": "string"
}

stages_consent_partial_update

ConsentStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Consent Stage.

Request Body schema: application/json

name	string non-empty
	Array of objects (FlowSetRequest)
mode	string (ConsentStageModeEnum) Enum: "always_require" "permanent" "expiring"
consent_expire_in	string (Consent expires in) non-empty Offset after which consent expires. (Format: hours=1;minutes=2;seconds=3).

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"mode": "always_require",
"consent_expire_in": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"mode": "always_require",
"consent_expire_in": "string"
}

stages_consent_destroy

ConsentStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Consent Stage.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

stages_consent_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Consent Stage.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

stages_deny_list

DenyStage Viewset

Authorizations:

authentik

query Parameters

deny_message	string
name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.
stage_uuid	string <uuid>

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"deny_message": "string"
}
]
}

stages_deny_create

DenyStage Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)
deny_message	string

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"deny_message": "string"
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"deny_message": "string"
}

stages_deny_retrieve

DenyStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Deny Stage.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"deny_message": "string"
}

stages_deny_update

DenyStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Deny Stage.

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)
deny_message	string

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"deny_message": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"deny_message": "string"
}

stages_deny_partial_update

DenyStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Deny Stage.

Request Body schema: application/json

name	string non-empty
	Array of objects (FlowSetRequest)
deny_message	string

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"deny_message": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"deny_message": "string"
}

stages_deny_destroy

DenyStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Deny Stage.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

stages_deny_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Deny Stage.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

stages_dummy_list

DummyStage Viewset

Authorizations:

authentik

query Parameters

name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.
stage_uuid	string <uuid>
throw_error	boolean

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"throw_error": true
}
]
}

stages_dummy_create

DummyStage Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)
throw_error	boolean

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"throw_error": true
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"throw_error": true
}

stages_dummy_retrieve

DummyStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Dummy Stage.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"throw_error": true
}

stages_dummy_update

DummyStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Dummy Stage.

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)
throw_error	boolean

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"throw_error": true
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"throw_error": true
}

stages_dummy_partial_update

DummyStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Dummy Stage.

Request Body schema: application/json

name	string non-empty
	Array of objects (FlowSetRequest)
throw_error	boolean

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"throw_error": true
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"throw_error": true
}

stages_dummy_destroy

DummyStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Dummy Stage.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

stages_dummy_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Dummy Stage.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

stages_email_list

EmailStage Viewset

Authorizations:

authentik

query Parameters

activate_user_on_success	boolean
from_address	string
host	string
name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
port	integer
search	string A search term.
subject	string
template	string
timeout	integer
token_expiry	integer
use_global_settings	boolean
use_ssl	boolean
use_tls	boolean
username	string

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"use_global_settings": true,
"host": "string",
"port": -2147483648,
"username": "string",
"use_tls": true,
"use_ssl": true,
"timeout": -2147483648,
"from_address": "user@example.com",
"token_expiry": -2147483648,
"subject": "string",
"template": "string",
"activate_user_on_success": true
}
]
}

stages_email_create

EmailStage Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)
use_global_settings	boolean When enabled, global Email connection settings will be used and connection settings below will be ignored.
host	string non-empty
port	integer [ -2147483648 .. 2147483647 ]
username	string
password	string
use_tls	boolean
use_ssl	boolean
timeout	integer [ -2147483648 .. 2147483647 ]
from_address	string <email> [ 1 .. 254 ] characters
token_expiry	integer [ -2147483648 .. 2147483647 ] Time in minutes the token sent is valid.
subject	string non-empty
template	string non-empty
activate_user_on_success	boolean Activate users upon completion of stage.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"use_global_settings": true,
"host": "string",
"port": -2147483648,
"username": "string",
"password": "string",
"use_tls": true,
"use_ssl": true,
"timeout": -2147483648,
"from_address": "user@example.com",
"token_expiry": -2147483648,
"subject": "string",
"template": "string",
"activate_user_on_success": true
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"use_global_settings": true,
"host": "string",
"port": -2147483648,
"username": "string",
"use_tls": true,
"use_ssl": true,
"timeout": -2147483648,
"from_address": "user@example.com",
"token_expiry": -2147483648,
"subject": "string",
"template": "string",
"activate_user_on_success": true
}

stages_email_retrieve

EmailStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Email Stage.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"use_global_settings": true,
"host": "string",
"port": -2147483648,
"username": "string",
"use_tls": true,
"use_ssl": true,
"timeout": -2147483648,
"from_address": "user@example.com",
"token_expiry": -2147483648,
"subject": "string",
"template": "string",
"activate_user_on_success": true
}

stages_email_update

EmailStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Email Stage.

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)
use_global_settings	boolean When enabled, global Email connection settings will be used and connection settings below will be ignored.
host	string non-empty
port	integer [ -2147483648 .. 2147483647 ]
username	string
password	string
use_tls	boolean
use_ssl	boolean
timeout	integer [ -2147483648 .. 2147483647 ]
from_address	string <email> [ 1 .. 254 ] characters
token_expiry	integer [ -2147483648 .. 2147483647 ] Time in minutes the token sent is valid.
subject	string non-empty
template	string non-empty
activate_user_on_success	boolean Activate users upon completion of stage.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"use_global_settings": true,
"host": "string",
"port": -2147483648,
"username": "string",
"password": "string",
"use_tls": true,
"use_ssl": true,
"timeout": -2147483648,
"from_address": "user@example.com",
"token_expiry": -2147483648,
"subject": "string",
"template": "string",
"activate_user_on_success": true
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"use_global_settings": true,
"host": "string",
"port": -2147483648,
"username": "string",
"use_tls": true,
"use_ssl": true,
"timeout": -2147483648,
"from_address": "user@example.com",
"token_expiry": -2147483648,
"subject": "string",
"template": "string",
"activate_user_on_success": true
}

stages_email_partial_update

EmailStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Email Stage.

Request Body schema: application/json

name	string non-empty
	Array of objects (FlowSetRequest)
use_global_settings	boolean When enabled, global Email connection settings will be used and connection settings below will be ignored.
host	string non-empty
port	integer [ -2147483648 .. 2147483647 ]
username	string
password	string
use_tls	boolean
use_ssl	boolean
timeout	integer [ -2147483648 .. 2147483647 ]
from_address	string <email> [ 1 .. 254 ] characters
token_expiry	integer [ -2147483648 .. 2147483647 ] Time in minutes the token sent is valid.
subject	string non-empty
template	string non-empty
activate_user_on_success	boolean Activate users upon completion of stage.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"use_global_settings": true,
"host": "string",
"port": -2147483648,
"username": "string",
"password": "string",
"use_tls": true,
"use_ssl": true,
"timeout": -2147483648,
"from_address": "user@example.com",
"token_expiry": -2147483648,
"subject": "string",
"template": "string",
"activate_user_on_success": true
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"use_global_settings": true,
"host": "string",
"port": -2147483648,
"username": "string",
"use_tls": true,
"use_ssl": true,
"timeout": -2147483648,
"from_address": "user@example.com",
"token_expiry": -2147483648,
"subject": "string",
"template": "string",
"activate_user_on_success": true
}

stages_email_destroy

EmailStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Email Stage.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

stages_email_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Email Stage.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

stages_email_templates_list

Get all available templates, including custom templates

Authorizations:

authentik

Responses

Response samples

200
400
403

Content type

application/json

[{"name": "string",
"description": "string",
"component": "string",
"model_name": "string",
"requires_enterprise": false
}
]

stages_identification_list

IdentificationStage Viewset

Authorizations:

authentik

query Parameters

case_insensitive_matching	boolean
enrollment_flow	string <uuid>
name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
password_stage	string <uuid>
passwordless_flow	string <uuid>
recovery_flow	string <uuid>
search	string A search term.
show_matched_user	boolean
show_source_labels	boolean

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"user_fields": ["email"
],
"password_stage": "9f1c379e-f684-4b6b-9554-f71e3c11c4fc",
"case_insensitive_matching": true,
"show_matched_user": true,
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"recovery_flow": "d2d6cb9a-8e0c-444c-bb4e-99e6fbff3606",
"passwordless_flow": "c61e78c5-7666-4552-85c3-fe055dbe7ea9",
"sources": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"show_source_labels": true,
"pretend_user_exists": true
}
]
}

stages_identification_create

IdentificationStage Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)
user_fields	Array of strings (UserFieldsEnum) Items Enum: "email" "username" "upn" Fields of the user object to match against. (Hold shift to select multiple options)
password_stage	string or null <uuid> When set, shows a password field, instead of showing the password field as seaprate step.
case_insensitive_matching	boolean When enabled, user fields are matched regardless of their casing.
show_matched_user	boolean When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown
enrollment_flow	string or null <uuid> Optional enrollment flow, which is linked at the bottom of the page.
recovery_flow	string or null <uuid> Optional recovery flow, which is linked at the bottom of the page.
passwordless_flow	string or null <uuid> Optional passwordless flow, which is linked at the bottom of the page.
sources	Array of strings <uuid> [ items <uuid > ] Specify which sources should be shown.
show_source_labels	boolean
pretend_user_exists	boolean When enabled, the stage will succeed and continue even when incorrect user info is entered.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"user_fields": ["email"
],
"password_stage": "9f1c379e-f684-4b6b-9554-f71e3c11c4fc",
"case_insensitive_matching": true,
"show_matched_user": true,
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"recovery_flow": "d2d6cb9a-8e0c-444c-bb4e-99e6fbff3606",
"passwordless_flow": "c61e78c5-7666-4552-85c3-fe055dbe7ea9",
"sources": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"show_source_labels": true,
"pretend_user_exists": true
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"user_fields": ["email"
],
"password_stage": "9f1c379e-f684-4b6b-9554-f71e3c11c4fc",
"case_insensitive_matching": true,
"show_matched_user": true,
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"recovery_flow": "d2d6cb9a-8e0c-444c-bb4e-99e6fbff3606",
"passwordless_flow": "c61e78c5-7666-4552-85c3-fe055dbe7ea9",
"sources": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"show_source_labels": true,
"pretend_user_exists": true
}

stages_identification_retrieve

IdentificationStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Identification Stage.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"user_fields": ["email"
],
"password_stage": "9f1c379e-f684-4b6b-9554-f71e3c11c4fc",
"case_insensitive_matching": true,
"show_matched_user": true,
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"recovery_flow": "d2d6cb9a-8e0c-444c-bb4e-99e6fbff3606",
"passwordless_flow": "c61e78c5-7666-4552-85c3-fe055dbe7ea9",
"sources": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"show_source_labels": true,
"pretend_user_exists": true
}

stages_identification_update

IdentificationStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Identification Stage.

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)
user_fields	Array of strings (UserFieldsEnum) Items Enum: "email" "username" "upn" Fields of the user object to match against. (Hold shift to select multiple options)
password_stage	string or null <uuid> When set, shows a password field, instead of showing the password field as seaprate step.
case_insensitive_matching	boolean When enabled, user fields are matched regardless of their casing.
show_matched_user	boolean When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown
enrollment_flow	string or null <uuid> Optional enrollment flow, which is linked at the bottom of the page.
recovery_flow	string or null <uuid> Optional recovery flow, which is linked at the bottom of the page.
passwordless_flow	string or null <uuid> Optional passwordless flow, which is linked at the bottom of the page.
sources	Array of strings <uuid> [ items <uuid > ] Specify which sources should be shown.
show_source_labels	boolean
pretend_user_exists	boolean When enabled, the stage will succeed and continue even when incorrect user info is entered.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"user_fields": ["email"
],
"password_stage": "9f1c379e-f684-4b6b-9554-f71e3c11c4fc",
"case_insensitive_matching": true,
"show_matched_user": true,
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"recovery_flow": "d2d6cb9a-8e0c-444c-bb4e-99e6fbff3606",
"passwordless_flow": "c61e78c5-7666-4552-85c3-fe055dbe7ea9",
"sources": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"show_source_labels": true,
"pretend_user_exists": true
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"user_fields": ["email"
],
"password_stage": "9f1c379e-f684-4b6b-9554-f71e3c11c4fc",
"case_insensitive_matching": true,
"show_matched_user": true,
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"recovery_flow": "d2d6cb9a-8e0c-444c-bb4e-99e6fbff3606",
"passwordless_flow": "c61e78c5-7666-4552-85c3-fe055dbe7ea9",
"sources": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"show_source_labels": true,
"pretend_user_exists": true
}

stages_identification_partial_update

IdentificationStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Identification Stage.

Request Body schema: application/json

name	string non-empty
	Array of objects (FlowSetRequest)
user_fields	Array of strings (UserFieldsEnum) Items Enum: "email" "username" "upn" Fields of the user object to match against. (Hold shift to select multiple options)
password_stage	string or null <uuid> When set, shows a password field, instead of showing the password field as seaprate step.
case_insensitive_matching	boolean When enabled, user fields are matched regardless of their casing.
show_matched_user	boolean When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown
enrollment_flow	string or null <uuid> Optional enrollment flow, which is linked at the bottom of the page.
recovery_flow	string or null <uuid> Optional recovery flow, which is linked at the bottom of the page.
passwordless_flow	string or null <uuid> Optional passwordless flow, which is linked at the bottom of the page.
sources	Array of strings <uuid> [ items <uuid > ] Specify which sources should be shown.
show_source_labels	boolean
pretend_user_exists	boolean When enabled, the stage will succeed and continue even when incorrect user info is entered.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"user_fields": ["email"
],
"password_stage": "9f1c379e-f684-4b6b-9554-f71e3c11c4fc",
"case_insensitive_matching": true,
"show_matched_user": true,
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"recovery_flow": "d2d6cb9a-8e0c-444c-bb4e-99e6fbff3606",
"passwordless_flow": "c61e78c5-7666-4552-85c3-fe055dbe7ea9",
"sources": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"show_source_labels": true,
"pretend_user_exists": true
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"user_fields": ["email"
],
"password_stage": "9f1c379e-f684-4b6b-9554-f71e3c11c4fc",
"case_insensitive_matching": true,
"show_matched_user": true,
"enrollment_flow": "0e42df23-90f2-4815-9a79-e5826d8edf87",
"recovery_flow": "d2d6cb9a-8e0c-444c-bb4e-99e6fbff3606",
"passwordless_flow": "c61e78c5-7666-4552-85c3-fe055dbe7ea9",
"sources": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"show_source_labels": true,
"pretend_user_exists": true
}

stages_identification_destroy

IdentificationStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Identification Stage.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

stages_identification_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Identification Stage.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

stages_invitation_invitations_list

Invitation Viewset

Authorizations:

authentik

query Parameters

created_by__username	string
expires	string <date-time>
flow__slug	string
name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"expires": "2019-08-24T14:15:22Z",
"fixed_data": {"property1": null,
"property2": null
},
"created_by": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"email": "user@example.com",
"attributes": {"property1": null,
"property2": null
},
"uid": "string"
},
"single_use": true,
"flow": "92fe31c9-39b9-47ea-906d-cf09a4c3fa9a",
"flow_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"stages": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"policies": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"cache_count": 0,
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue",
"authentication": "none"
}
}
]
}

stages_invitation_invitations_create

Invitation Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$
expires	string or null <date-time>
	object
single_use	boolean When enabled, the invitation will be deleted after usage.
flow	string or null <uuid> When set, only the configured flow can use this invitation.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"expires": "2019-08-24T14:15:22Z",
"fixed_data": {"property1": null,
"property2": null
},
"single_use": true,
"flow": "92fe31c9-39b9-47ea-906d-cf09a4c3fa9a"
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"expires": "2019-08-24T14:15:22Z",
"fixed_data": {"property1": null,
"property2": null
},
"created_by": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"email": "user@example.com",
"attributes": {"property1": null,
"property2": null
},
"uid": "string"
},
"single_use": true,
"flow": "92fe31c9-39b9-47ea-906d-cf09a4c3fa9a",
"flow_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"stages": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"policies": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"cache_count": 0,
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue",
"authentication": "none"
}
}

stages_invitation_invitations_retrieve

Invitation Viewset

Authorizations:

authentik

path Parameters

invite_uuid

required

string <uuid>

A UUID string identifying this Invitation.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"expires": "2019-08-24T14:15:22Z",
"fixed_data": {"property1": null,
"property2": null
},
"created_by": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"email": "user@example.com",
"attributes": {"property1": null,
"property2": null
},
"uid": "string"
},
"single_use": true,
"flow": "92fe31c9-39b9-47ea-906d-cf09a4c3fa9a",
"flow_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"stages": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"policies": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"cache_count": 0,
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue",
"authentication": "none"
}
}

stages_invitation_invitations_update

Invitation Viewset

Authorizations:

authentik

path Parameters

invite_uuid

required

string <uuid>

A UUID string identifying this Invitation.

Request Body schema: application/json
required

name required	string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$
expires	string or null <date-time>
	object
single_use	boolean When enabled, the invitation will be deleted after usage.
flow	string or null <uuid> When set, only the configured flow can use this invitation.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"expires": "2019-08-24T14:15:22Z",
"fixed_data": {"property1": null,
"property2": null
},
"single_use": true,
"flow": "92fe31c9-39b9-47ea-906d-cf09a4c3fa9a"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"expires": "2019-08-24T14:15:22Z",
"fixed_data": {"property1": null,
"property2": null
},
"created_by": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"email": "user@example.com",
"attributes": {"property1": null,
"property2": null
},
"uid": "string"
},
"single_use": true,
"flow": "92fe31c9-39b9-47ea-906d-cf09a4c3fa9a",
"flow_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"stages": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"policies": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"cache_count": 0,
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue",
"authentication": "none"
}
}

stages_invitation_invitations_partial_update

Invitation Viewset

Authorizations:

authentik

path Parameters

invite_uuid

required

string <uuid>

A UUID string identifying this Invitation.

Request Body schema: application/json

name	string [ 1 .. 50 ] characters ^[-a-zA-Z0-9_]+$
expires	string or null <date-time>
	object
single_use	boolean When enabled, the invitation will be deleted after usage.
flow	string or null <uuid> When set, only the configured flow can use this invitation.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"expires": "2019-08-24T14:15:22Z",
"fixed_data": {"property1": null,
"property2": null
},
"single_use": true,
"flow": "92fe31c9-39b9-47ea-906d-cf09a4c3fa9a"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"expires": "2019-08-24T14:15:22Z",
"fixed_data": {"property1": null,
"property2": null
},
"created_by": {"pk": 0,
"username": "string",
"name": "string",
"is_active": true,
"last_login": "2019-08-24T14:15:22Z",
"email": "user@example.com",
"attributes": {"property1": null,
"property2": null
},
"uid": "string"
},
"single_use": true,
"flow": "92fe31c9-39b9-47ea-906d-cf09a4c3fa9a",
"flow_obj": {"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"stages": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"policies": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"cache_count": 0,
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue",
"authentication": "none"
}
}

stages_invitation_invitations_destroy

Invitation Viewset

Authorizations:

authentik

path Parameters

invite_uuid

required

string <uuid>

A UUID string identifying this Invitation.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

stages_invitation_invitations_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

invite_uuid

required

string <uuid>

A UUID string identifying this Invitation.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

stages_invitation_stages_list

InvitationStage Viewset

Authorizations:

authentik

query Parameters

continue_flow_without_invitation	boolean
name	string
no_flows	boolean
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.
stage_uuid	string <uuid>

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"continue_flow_without_invitation": true
}
]
}

stages_invitation_stages_create

InvitationStage Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)
continue_flow_without_invitation	boolean If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"continue_flow_without_invitation": true
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"continue_flow_without_invitation": true
}

stages_invitation_stages_retrieve

InvitationStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Invitation Stage.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"continue_flow_without_invitation": true
}

stages_invitation_stages_update

InvitationStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Invitation Stage.

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)
continue_flow_without_invitation	boolean If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"continue_flow_without_invitation": true
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"continue_flow_without_invitation": true
}

stages_invitation_stages_partial_update

InvitationStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Invitation Stage.

Request Body schema: application/json

name	string non-empty
	Array of objects (FlowSetRequest)
continue_flow_without_invitation	boolean If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"continue_flow_without_invitation": true
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"continue_flow_without_invitation": true
}

stages_invitation_stages_destroy

InvitationStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Invitation Stage.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

stages_invitation_stages_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Invitation Stage.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

stages_password_list

PasswordStage Viewset

Authorizations:

authentik

query Parameters

configure_flow	string <uuid>
failed_attempts_before_cancel	integer
name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"backends": ["authentik.core.auth.InbuiltBackend"
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"failed_attempts_before_cancel": -2147483648
}
]
}

stages_password_create

PasswordStage Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)
backends required	Array of strings (BackendsEnum) Items Enum: "authentik.core.auth.InbuiltBackend" "authentik.core.auth.TokenBackend" "authentik.sources.ldap.auth.LDAPBackend" Selection of backends to test the password against.
configure_flow	string or null <uuid> Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage.
failed_attempts_before_cancel	integer [ -2147483648 .. 2147483647 ] How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"backends": ["authentik.core.auth.InbuiltBackend"
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"failed_attempts_before_cancel": -2147483648
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"backends": ["authentik.core.auth.InbuiltBackend"
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"failed_attempts_before_cancel": -2147483648
}

stages_password_retrieve

PasswordStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Password Stage.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"backends": ["authentik.core.auth.InbuiltBackend"
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"failed_attempts_before_cancel": -2147483648
}

stages_password_update

PasswordStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Password Stage.

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)
backends required	Array of strings (BackendsEnum) Items Enum: "authentik.core.auth.InbuiltBackend" "authentik.core.auth.TokenBackend" "authentik.sources.ldap.auth.LDAPBackend" Selection of backends to test the password against.
configure_flow	string or null <uuid> Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage.
failed_attempts_before_cancel	integer [ -2147483648 .. 2147483647 ] How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"backends": ["authentik.core.auth.InbuiltBackend"
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"failed_attempts_before_cancel": -2147483648
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"backends": ["authentik.core.auth.InbuiltBackend"
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"failed_attempts_before_cancel": -2147483648
}

stages_password_partial_update

PasswordStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Password Stage.

Request Body schema: application/json

name	string non-empty
	Array of objects (FlowSetRequest)
backends	Array of strings (BackendsEnum) Items Enum: "authentik.core.auth.InbuiltBackend" "authentik.core.auth.TokenBackend" "authentik.sources.ldap.auth.LDAPBackend" Selection of backends to test the password against.
configure_flow	string or null <uuid> Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage.
failed_attempts_before_cancel	integer [ -2147483648 .. 2147483647 ] How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"backends": ["authentik.core.auth.InbuiltBackend"
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"failed_attempts_before_cancel": -2147483648
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"backends": ["authentik.core.auth.InbuiltBackend"
],
"configure_flow": "496cc37e-5cdd-4f4a-b8e2-0fc65f286142",
"failed_attempts_before_cancel": -2147483648
}

stages_password_destroy

PasswordStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Password Stage.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

stages_password_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Password Stage.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

stages_prompt_prompts_list

Prompt Viewset

Authorizations:

authentik

query Parameters

field_key	string
label	string
name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
placeholder	string
search	string A search term.
type	string Enum: "ak-locale" "checkbox" "date" "date-time" "dropdown" "email" "file" "hidden" "number" "password" "radio-button-group" "separator" "static" "text" "text_area" "text_area_read_only" "text_read_only" "username"

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"field_key": "string",
"label": "string",
"type": "text",
"required": true,
"placeholder": "string",
"initial_value": "string",
"order": -2147483648,
"promptstage_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
]
}
],
"sub_text": "string",
"placeholder_expression": true,
"initial_value_expression": true
}
]
}

stages_prompt_prompts_create

Prompt Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
field_key required	string non-empty Name of the form field, also used to store the value
label required	string non-empty
type required	string (PromptTypeEnum) Enum: "text" "text_area" "text_read_only" "text_area_read_only" "username" "email" "password" "number" "checkbox" "radio-button-group" "dropdown" "date" "date-time" "file" "separator" "hidden" "static" "ak-locale"
required	boolean
placeholder	string Optionally provide a short hint that describes the expected input value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple choices.
initial_value	string Optionally pre-fill the input with an initial value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple default choices.
order	integer [ -2147483648 .. 2147483647 ]
	Array of objects (StageRequest)
sub_text	string
placeholder_expression	boolean
initial_value_expression	boolean

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"field_key": "string",
"label": "string",
"type": "text",
"required": true,
"placeholder": "string",
"initial_value": "string",
"order": -2147483648,
"promptstage_set": [{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
]
}
],
"sub_text": "string",
"placeholder_expression": true,
"initial_value_expression": true
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"field_key": "string",
"label": "string",
"type": "text",
"required": true,
"placeholder": "string",
"initial_value": "string",
"order": -2147483648,
"promptstage_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
]
}
],
"sub_text": "string",
"placeholder_expression": true,
"initial_value_expression": true
}

stages_prompt_prompts_retrieve

Prompt Viewset

Authorizations:

authentik

path Parameters

prompt_uuid

required

string <uuid>

A UUID string identifying this Prompt.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"field_key": "string",
"label": "string",
"type": "text",
"required": true,
"placeholder": "string",
"initial_value": "string",
"order": -2147483648,
"promptstage_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
]
}
],
"sub_text": "string",
"placeholder_expression": true,
"initial_value_expression": true
}

stages_prompt_prompts_update

Prompt Viewset

Authorizations:

authentik

path Parameters

prompt_uuid

required

string <uuid>

A UUID string identifying this Prompt.

Request Body schema: application/json
required

name required	string non-empty
field_key required	string non-empty Name of the form field, also used to store the value
label required	string non-empty
type required	string (PromptTypeEnum) Enum: "text" "text_area" "text_read_only" "text_area_read_only" "username" "email" "password" "number" "checkbox" "radio-button-group" "dropdown" "date" "date-time" "file" "separator" "hidden" "static" "ak-locale"
required	boolean
placeholder	string Optionally provide a short hint that describes the expected input value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple choices.
initial_value	string Optionally pre-fill the input with an initial value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple default choices.
order	integer [ -2147483648 .. 2147483647 ]
	Array of objects (StageRequest)
sub_text	string
placeholder_expression	boolean
initial_value_expression	boolean

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"field_key": "string",
"label": "string",
"type": "text",
"required": true,
"placeholder": "string",
"initial_value": "string",
"order": -2147483648,
"promptstage_set": [{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
]
}
],
"sub_text": "string",
"placeholder_expression": true,
"initial_value_expression": true
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"field_key": "string",
"label": "string",
"type": "text",
"required": true,
"placeholder": "string",
"initial_value": "string",
"order": -2147483648,
"promptstage_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
]
}
],
"sub_text": "string",
"placeholder_expression": true,
"initial_value_expression": true
}

stages_prompt_prompts_partial_update

Prompt Viewset

Authorizations:

authentik

path Parameters

prompt_uuid

required

string <uuid>

A UUID string identifying this Prompt.

Request Body schema: application/json

name	string non-empty
field_key	string non-empty Name of the form field, also used to store the value
label	string non-empty
type	string (PromptTypeEnum) Enum: "text" "text_area" "text_read_only" "text_area_read_only" "username" "email" "password" "number" "checkbox" "radio-button-group" "dropdown" "date" "date-time" "file" "separator" "hidden" "static" "ak-locale"
required	boolean
placeholder	string Optionally provide a short hint that describes the expected input value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple choices.
initial_value	string Optionally pre-fill the input with an initial value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple default choices.
order	integer [ -2147483648 .. 2147483647 ]
	Array of objects (StageRequest)
sub_text	string
placeholder_expression	boolean
initial_value_expression	boolean

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"field_key": "string",
"label": "string",
"type": "text",
"required": true,
"placeholder": "string",
"initial_value": "string",
"order": -2147483648,
"promptstage_set": [{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
]
}
],
"sub_text": "string",
"placeholder_expression": true,
"initial_value_expression": true
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"field_key": "string",
"label": "string",
"type": "text",
"required": true,
"placeholder": "string",
"initial_value": "string",
"order": -2147483648,
"promptstage_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
]
}
],
"sub_text": "string",
"placeholder_expression": true,
"initial_value_expression": true
}

stages_prompt_prompts_destroy

Prompt Viewset

Authorizations:

authentik

path Parameters

prompt_uuid

required

string <uuid>

A UUID string identifying this Prompt.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

stages_prompt_prompts_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

prompt_uuid

required

string <uuid>

A UUID string identifying this Prompt.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

stages_prompt_prompts_preview_create

Preview a prompt as a challenge, just like a flow would receive

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
field_key required	string non-empty Name of the form field, also used to store the value
label required	string non-empty
type required	string (PromptTypeEnum) Enum: "text" "text_area" "text_read_only" "text_area_read_only" "username" "email" "password" "number" "checkbox" "radio-button-group" "dropdown" "date" "date-time" "file" "separator" "hidden" "static" "ak-locale"
required	boolean
placeholder	string Optionally provide a short hint that describes the expected input value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple choices.
initial_value	string Optionally pre-fill the input with an initial value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple default choices.
order	integer [ -2147483648 .. 2147483647 ]
	Array of objects (StageRequest)
sub_text	string
placeholder_expression	boolean
initial_value_expression	boolean

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"field_key": "string",
"label": "string",
"type": "text",
"required": true,
"placeholder": "string",
"initial_value": "string",
"order": -2147483648,
"promptstage_set": [{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
]
}
],
"sub_text": "string",
"placeholder_expression": true,
"initial_value_expression": true
}

Response samples

200
400
403

Content type

application/json

{"type": "native",
"flow_info": {"title": "string",
"background": "string",
"cancel_url": "string",
"layout": "stacked"
},
"component": "ak-stage-prompt",
"response_errors": {"property1": [{"string": "string",
"code": "string"
}
],
"property2": [{"string": "string",
"code": "string"
}
]
},
"fields": [{"field_key": "string",
"label": "string",
"type": "text",
"required": true,
"placeholder": "string",
"initial_value": "string",
"order": 0,
"sub_text": "string",
"choices": ["string"
]
}
]
}

stages_prompt_stages_list

PromptStage Viewset

Authorizations:

authentik

query Parameters

fields	Array of strings <uuid> [ items <uuid > ]
name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.
stage_uuid	string <uuid>
validation_policies	Array of strings <uuid> [ items <uuid > ]

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"fields": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"validation_policies": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}
]
}

stages_prompt_stages_create

PromptStage Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)
fields required	Array of strings <uuid> [ items <uuid > ]
validation_policies	Array of strings <uuid> [ items <uuid > ]

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"fields": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"validation_policies": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"fields": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"validation_policies": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

stages_prompt_stages_retrieve

PromptStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Prompt Stage.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"fields": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"validation_policies": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

stages_prompt_stages_update

PromptStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Prompt Stage.

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)
fields required	Array of strings <uuid> [ items <uuid > ]
validation_policies	Array of strings <uuid> [ items <uuid > ]

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"fields": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"validation_policies": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"fields": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"validation_policies": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

stages_prompt_stages_partial_update

PromptStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Prompt Stage.

Request Body schema: application/json

name	string non-empty
	Array of objects (FlowSetRequest)
fields	Array of strings <uuid> [ items <uuid > ]
validation_policies	Array of strings <uuid> [ items <uuid > ]

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"fields": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"validation_policies": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"fields": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"validation_policies": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

stages_prompt_stages_destroy

PromptStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Prompt Stage.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

stages_prompt_stages_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Prompt Stage.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

stages_source_list

SourceStage Viewset

Authorizations:

authentik

query Parameters

name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
resume_timeout	string
search	string A search term.
source	string <uuid>
stage_uuid	string <uuid>

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
"resume_timeout": "string"
}
]
}

stages_source_create

SourceStage Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)
source required	string <uuid>
resume_timeout	string non-empty Amount of time a user can take to return from the source to continue the flow (Format: hours=-1;minutes=-2;seconds=-3)

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
"resume_timeout": "string"
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
"resume_timeout": "string"
}

stages_source_retrieve

SourceStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Source Stage.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
"resume_timeout": "string"
}

stages_source_update

SourceStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Source Stage.

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)
source required	string <uuid>
resume_timeout	string non-empty Amount of time a user can take to return from the source to continue the flow (Format: hours=-1;minutes=-2;seconds=-3)

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
"resume_timeout": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
"resume_timeout": "string"
}

stages_source_partial_update

SourceStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Source Stage.

Request Body schema: application/json

name	string non-empty
	Array of objects (FlowSetRequest)
source	string <uuid>
resume_timeout	string non-empty Amount of time a user can take to return from the source to continue the flow (Format: hours=-1;minutes=-2;seconds=-3)

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
"resume_timeout": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"source": "07b8e003-7027-443f-88b0-24a5eb1cc68b",
"resume_timeout": "string"
}

stages_source_destroy

SourceStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Source Stage.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

stages_source_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this Source Stage.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

stages_user_delete_list

UserDeleteStage Viewset

Authorizations:

authentik

query Parameters

name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.
stage_uuid	string <uuid>

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
]
}
]
}

stages_user_delete_create

UserDeleteStage Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
]
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
]
}

stages_user_delete_retrieve

UserDeleteStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this User Delete Stage.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
]
}

stages_user_delete_update

UserDeleteStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this User Delete Stage.

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
]
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
]
}

stages_user_delete_partial_update

UserDeleteStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this User Delete Stage.

Request Body schema: application/json

name	string non-empty
	Array of objects (FlowSetRequest)

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
]
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
]
}

stages_user_delete_destroy

UserDeleteStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this User Delete Stage.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

stages_user_delete_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this User Delete Stage.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

stages_user_login_list

UserLoginStage Viewset

Authorizations:

authentik

query Parameters

geoip_binding	string Enum: "bind_continent" "bind_continent_country" "bind_continent_country_city" "no_binding" Bind sessions created by this stage to the configured GeoIP location
name	string
network_binding	string Enum: "bind_asn" "bind_asn_network" "bind_asn_network_ip" "no_binding" Bind sessions created by this stage to the configured network
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
remember_me_offset	string
search	string A search term.
session_duration	string
stage_uuid	string <uuid>
terminate_other_sessions	boolean

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"session_duration": "string",
"terminate_other_sessions": true,
"remember_me_offset": "string",
"network_binding": "no_binding",
"geoip_binding": "no_binding"
}
]
}

stages_user_login_create

UserLoginStage Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)
session_duration	string non-empty Determines how long a session lasts. Default of 0 means that the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)
terminate_other_sessions	boolean Terminate all other sessions of the user logging in.
remember_me_offset	string non-empty Offset the session will be extended by when the user picks the remember me option. Default of 0 means that the remember me option will not be shown. (Format: hours=-1;minutes=-2;seconds=-3)
network_binding	string Enum: "no_binding" "bind_asn" "bind_asn_network" "bind_asn_network_ip" Bind sessions created by this stage to the configured network
geoip_binding	string Enum: "no_binding" "bind_continent" "bind_continent_country" "bind_continent_country_city" Bind sessions created by this stage to the configured GeoIP location

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"session_duration": "string",
"terminate_other_sessions": true,
"remember_me_offset": "string",
"network_binding": "no_binding",
"geoip_binding": "no_binding"
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"session_duration": "string",
"terminate_other_sessions": true,
"remember_me_offset": "string",
"network_binding": "no_binding",
"geoip_binding": "no_binding"
}

stages_user_login_retrieve

UserLoginStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this User Login Stage.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"session_duration": "string",
"terminate_other_sessions": true,
"remember_me_offset": "string",
"network_binding": "no_binding",
"geoip_binding": "no_binding"
}

stages_user_login_update

UserLoginStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this User Login Stage.

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)
session_duration	string non-empty Determines how long a session lasts. Default of 0 means that the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)
terminate_other_sessions	boolean Terminate all other sessions of the user logging in.
remember_me_offset	string non-empty Offset the session will be extended by when the user picks the remember me option. Default of 0 means that the remember me option will not be shown. (Format: hours=-1;minutes=-2;seconds=-3)
network_binding	string Enum: "no_binding" "bind_asn" "bind_asn_network" "bind_asn_network_ip" Bind sessions created by this stage to the configured network
geoip_binding	string Enum: "no_binding" "bind_continent" "bind_continent_country" "bind_continent_country_city" Bind sessions created by this stage to the configured GeoIP location

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"session_duration": "string",
"terminate_other_sessions": true,
"remember_me_offset": "string",
"network_binding": "no_binding",
"geoip_binding": "no_binding"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"session_duration": "string",
"terminate_other_sessions": true,
"remember_me_offset": "string",
"network_binding": "no_binding",
"geoip_binding": "no_binding"
}

stages_user_login_partial_update

UserLoginStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this User Login Stage.

Request Body schema: application/json

name	string non-empty
	Array of objects (FlowSetRequest)
session_duration	string non-empty Determines how long a session lasts. Default of 0 means that the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)
terminate_other_sessions	boolean Terminate all other sessions of the user logging in.
remember_me_offset	string non-empty Offset the session will be extended by when the user picks the remember me option. Default of 0 means that the remember me option will not be shown. (Format: hours=-1;minutes=-2;seconds=-3)
network_binding	string Enum: "no_binding" "bind_asn" "bind_asn_network" "bind_asn_network_ip" Bind sessions created by this stage to the configured network
geoip_binding	string Enum: "no_binding" "bind_continent" "bind_continent_country" "bind_continent_country_city" Bind sessions created by this stage to the configured GeoIP location

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"session_duration": "string",
"terminate_other_sessions": true,
"remember_me_offset": "string",
"network_binding": "no_binding",
"geoip_binding": "no_binding"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"session_duration": "string",
"terminate_other_sessions": true,
"remember_me_offset": "string",
"network_binding": "no_binding",
"geoip_binding": "no_binding"
}

stages_user_login_destroy

UserLoginStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this User Login Stage.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

stages_user_login_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this User Login Stage.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

stages_user_logout_list

UserLogoutStage Viewset

Authorizations:

authentik

query Parameters

name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.
stage_uuid	string <uuid>

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
]
}
]
}

stages_user_logout_create

UserLogoutStage Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
]
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
]
}

stages_user_logout_retrieve

UserLogoutStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this User Logout Stage.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
]
}

stages_user_logout_update

UserLogoutStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this User Logout Stage.

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
]
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
]
}

stages_user_logout_partial_update

UserLogoutStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this User Logout Stage.

Request Body schema: application/json

name	string non-empty
	Array of objects (FlowSetRequest)

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
]
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
]
}

stages_user_logout_destroy

UserLogoutStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this User Logout Stage.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

stages_user_logout_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this User Logout Stage.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

stages_user_write_list

UserWriteStage Viewset

Authorizations:

authentik

query Parameters

create_users_as_inactive	boolean
create_users_group	string <uuid>
name	string
ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.
stage_uuid	string <uuid>
user_creation_mode	string Enum: "always_create" "create_when_required" "never_create"
user_path_template	string
user_type	string Enum: "external" "internal" "internal_service_account" "service_account"

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"user_creation_mode": "never_create",
"create_users_as_inactive": true,
"create_users_group": "8ffb4ba8-5616-421c-9560-a1092d18578f",
"user_type": "internal",
"user_path_template": "string"
}
]
}

stages_user_write_create

UserWriteStage Viewset

Authorizations:

authentik

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)
user_creation_mode	string (UserCreationModeEnum) Enum: "never_create" "create_when_required" "always_create"
create_users_as_inactive	boolean When set, newly created users are inactive and cannot login.
create_users_group	string or null <uuid> Optionally add newly created users to this group.
user_type	string (UserTypeEnum) Enum: "internal" "external" "service_account" "internal_service_account"
user_path_template	string

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"user_creation_mode": "never_create",
"create_users_as_inactive": true,
"create_users_group": "8ffb4ba8-5616-421c-9560-a1092d18578f",
"user_type": "internal",
"user_path_template": "string"
}

Response samples

201
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"user_creation_mode": "never_create",
"create_users_as_inactive": true,
"create_users_group": "8ffb4ba8-5616-421c-9560-a1092d18578f",
"user_type": "internal",
"user_path_template": "string"
}

stages_user_write_retrieve

UserWriteStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this User Write Stage.

Responses

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"user_creation_mode": "never_create",
"create_users_as_inactive": true,
"create_users_group": "8ffb4ba8-5616-421c-9560-a1092d18578f",
"user_type": "internal",
"user_path_template": "string"
}

stages_user_write_update

UserWriteStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this User Write Stage.

Request Body schema: application/json
required

name required	string non-empty
	Array of objects (FlowSetRequest)
user_creation_mode	string (UserCreationModeEnum) Enum: "never_create" "create_when_required" "always_create"
create_users_as_inactive	boolean When set, newly created users are inactive and cannot login.
create_users_group	string or null <uuid> Optionally add newly created users to this group.
user_type	string (UserTypeEnum) Enum: "internal" "external" "service_account" "internal_service_account"
user_path_template	string

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"user_creation_mode": "never_create",
"create_users_as_inactive": true,
"create_users_group": "8ffb4ba8-5616-421c-9560-a1092d18578f",
"user_type": "internal",
"user_path_template": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"user_creation_mode": "never_create",
"create_users_as_inactive": true,
"create_users_group": "8ffb4ba8-5616-421c-9560-a1092d18578f",
"user_type": "internal",
"user_path_template": "string"
}

stages_user_write_partial_update

UserWriteStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this User Write Stage.

Request Body schema: application/json

name	string non-empty
	Array of objects (FlowSetRequest)
user_creation_mode	string (UserCreationModeEnum) Enum: "never_create" "create_when_required" "always_create"
create_users_as_inactive	boolean When set, newly created users are inactive and cannot login.
create_users_group	string or null <uuid> Optionally add newly created users to this group.
user_type	string (UserTypeEnum) Enum: "internal" "external" "service_account" "internal_service_account"
user_path_template	string

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"flow_set": [{"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"policy_engine_mode": "all",
"compatibility_mode": true,
"layout": "stacked",
"denied_action": "message_continue"
}
],
"user_creation_mode": "never_create",
"create_users_as_inactive": true,
"create_users_group": "8ffb4ba8-5616-421c-9560-a1092d18578f",
"user_type": "internal",
"user_path_template": "string"
}

Response samples

200
400
403

Content type

application/json

{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"name": "string",
"component": "string",
"verbose_name": "string",
"verbose_name_plural": "string",
"meta_model_name": "string",
"flow_set": [{"pk": "4af43191-2f37-4a16-8471-4e8e40c314af",
"policybindingmodel_ptr_id": "f5434a60-0e84-4110-bfa0-c2ca0264532e",
"name": "string",
"slug": "string",
"title": "string",
"designation": "authentication",
"background": "string",
"policy_engine_mode": "all",
"compatibility_mode": true,
"export_url": "string",
"layout": "stacked",
"denied_action": "message_continue"
}
],
"user_creation_mode": "never_create",
"create_users_as_inactive": true,
"create_users_group": "8ffb4ba8-5616-421c-9560-a1092d18578f",
"user_type": "internal",
"user_path_template": "string"
}

stages_user_write_destroy

UserWriteStage Viewset

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this User Write Stage.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

stages_user_write_used_by_list

Get a list of all objects that use this object

Authorizations:

authentik

path Parameters

stage_uuid

required

string <uuid>

A UUID string identifying this User Write Stage.

Responses

Response samples

200
400
403

Content type

application/json

[{"app": "string",
"model_name": "string",
"pk": "string",
"name": "string",
"action": "cascade"
}
]

tenants

tenants_domains_list

Domain ViewSet

query Parameters

ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"id": 0,
"domain": "string",
"is_primary": true,
"tenant": "93360892-48a4-4f76-a117-3304c9c61771"
}
]
}

tenants_domains_create

Domain ViewSet

Request Body schema: application/json
required

domain required	string [ 1 .. 253 ] characters
is_primary	boolean
tenant required	string <uuid>

Responses

Request samples

Payload

Content type

application/json

{"domain": "string",
"is_primary": true,
"tenant": "93360892-48a4-4f76-a117-3304c9c61771"
}

Response samples

201
400
403

Content type

application/json

{"id": 0,
"domain": "string",
"is_primary": true,
"tenant": "93360892-48a4-4f76-a117-3304c9c61771"
}

tenants_domains_retrieve

Domain ViewSet

path Parameters

id

required

integer

A unique integer value identifying this Domain.

Responses

Response samples

200
400
403

Content type

application/json

{"id": 0,
"domain": "string",
"is_primary": true,
"tenant": "93360892-48a4-4f76-a117-3304c9c61771"
}

tenants_domains_update

Domain ViewSet

path Parameters

id

required

integer

A unique integer value identifying this Domain.

Request Body schema: application/json
required

domain required	string [ 1 .. 253 ] characters
is_primary	boolean
tenant required	string <uuid>

Responses

Request samples

Payload

Content type

application/json

{"domain": "string",
"is_primary": true,
"tenant": "93360892-48a4-4f76-a117-3304c9c61771"
}

Response samples

200
400
403

Content type

application/json

{"id": 0,
"domain": "string",
"is_primary": true,
"tenant": "93360892-48a4-4f76-a117-3304c9c61771"
}

tenants_domains_partial_update

Domain ViewSet

path Parameters

id

required

integer

A unique integer value identifying this Domain.

Request Body schema: application/json

domain	string [ 1 .. 253 ] characters
is_primary	boolean
tenant	string <uuid>

Responses

Request samples

Payload

Content type

application/json

{"domain": "string",
"is_primary": true,
"tenant": "93360892-48a4-4f76-a117-3304c9c61771"
}

Response samples

200
400
403

Content type

application/json

{"id": 0,
"domain": "string",
"is_primary": true,
"tenant": "93360892-48a4-4f76-a117-3304c9c61771"
}

tenants_domains_destroy

Domain ViewSet

path Parameters

id

required

integer

A unique integer value identifying this Domain.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

tenants_tenants_list

Tenant Viewset

query Parameters

ordering	string Which field to use when ordering the results.
page	integer A page number within the paginated result set.
page_size	integer Number of results to return per page.
search	string A search term.

Responses

Response samples

200
400
403

Content type

application/json

{"pagination": {"next": 0,
"previous": 0,
"count": 0,
"current": 0,
"total_pages": 0,
"start_index": 0,
"end_index": 0
},
"results": [{"tenant_uuid": "3467989a-e428-43d0-b560-aedbbec33ae0",
"schema_name": "string",
"name": "string",
"ready": true
}
]
}

tenants_tenants_create

Tenant Viewset

Request Body schema: application/json
required

schema_name required	string [ 1 .. 63 ] characters
name required	string non-empty
ready	boolean

Responses

Request samples

Payload

Content type

application/json

{"schema_name": "string",
"name": "string",
"ready": true
}

Response samples

201
400
403

Content type

application/json

{"tenant_uuid": "3467989a-e428-43d0-b560-aedbbec33ae0",
"schema_name": "string",
"name": "string",
"ready": true
}

tenants_tenants_retrieve

Tenant Viewset

path Parameters

tenant_uuid

required

string <uuid>

A UUID string identifying this Tenant.

Responses

Response samples

200
400
403

Content type

application/json

{"tenant_uuid": "3467989a-e428-43d0-b560-aedbbec33ae0",
"schema_name": "string",
"name": "string",
"ready": true
}

tenants_tenants_update

Tenant Viewset

path Parameters

tenant_uuid

required

string <uuid>

A UUID string identifying this Tenant.

Request Body schema: application/json
required

schema_name required	string [ 1 .. 63 ] characters
name required	string non-empty
ready	boolean

Responses

Request samples

Payload

Content type

application/json

{"schema_name": "string",
"name": "string",
"ready": true
}

Response samples

200
400
403

Content type

application/json

{"tenant_uuid": "3467989a-e428-43d0-b560-aedbbec33ae0",
"schema_name": "string",
"name": "string",
"ready": true
}

tenants_tenants_partial_update

Tenant Viewset

path Parameters

tenant_uuid

required

string <uuid>

A UUID string identifying this Tenant.

Request Body schema: application/json

schema_name	string [ 1 .. 63 ] characters
name	string non-empty
ready	boolean

Responses

Request samples

Payload

Content type

application/json

{"schema_name": "string",
"name": "string",
"ready": true
}

Response samples

200
400
403

Content type

application/json

{"tenant_uuid": "3467989a-e428-43d0-b560-aedbbec33ae0",
"schema_name": "string",
"name": "string",
"ready": true
}

tenants_tenants_destroy

Tenant Viewset

path Parameters

tenant_uuid

required

string <uuid>

A UUID string identifying this Tenant.

Responses

Response samples

400
403

Content type

application/json

{"non_field_errors": ["string"
],
"code": "string",
"property1": null,
"property2": null
}

tenants_tenants_create_admin_group_create

Create admin group and add user to it.

path Parameters

tenant_uuid

required

string <uuid>

A UUID string identifying this Tenant.

Request Body schema: application/json
required

user

required

string non-empty

Responses

Request samples

Payload

Content type

application/json

{"user": "string"
}

Response samples

403

Content type

application/json

{"detail": "string",
"code": "string"
}

tenants_tenants_create_recovery_key_create

Create recovery key for user.

path Parameters

tenant_uuid

required

string <uuid>

A UUID string identifying this Tenant.

Request Body schema: application/json
required

user required	string non-empty
duration_days required	integer

Responses

Request samples

Payload

Content type

application/json

{"user": "string",
"duration_days": 0
}

Response samples

200
403

Content type

application/json

{"expiry": "2019-08-24T14:15:22Z",
"url": "string"
}

API Browser

authentik (2024.4.0)

admin

admin_apps_list

Authorizations:

Responses

Response samples

admin_metrics_retrieve

Authorizations:

Responses

Response samples

admin_models_list

Authorizations:

Responses

Response samples

admin_settings_retrieve

Authorizations:

Responses

Response samples

admin_settings_update

Authorizations:

Request Body schema: application/json

Responses

Request samples

Response samples

admin_settings_partial_update

Authorizations:

Request Body schema: application/json

Responses

Request samples

Response samples

admin_system_retrieve

Authorizations:

Responses

Response samples

admin_system_create

Authorizations:

Responses

Response samples

admin_version_retrieve

Authorizations:

Responses

Response samples

admin_workers_retrieve

Authorizations:

Responses

Response samples

authenticators

authenticators_admin_all_list

Authorizations:

query Parameters

Responses

Response samples

authenticators_admin_duo_list

Authorizations:

query Parameters

Responses

Response samples

authenticators_admin_duo_create

Authorizations:

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

authenticators_admin_duo_retrieve

Authorizations:

path Parameters

Responses

Response samples

authenticators_admin_duo_update

Authorizations:

path Parameters

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

authenticators_admin_duo_partial_update

Authorizations:

path Parameters

Request Body schema: application/json

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required