openapi: 3.0.3 info: title: authentik version: 2022.6.3 description: Making authentication simple. contact: email: hello@goauthentik.io license: name: GNU GPLv3 url: https://github.com/goauthentik/authentik/blob/main/LICENSE paths: /admin/apps/: get: operationId: admin_apps_list description: List current messages and pass into Serializer tags: - admin security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/App' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /admin/metrics/: get: operationId: admin_metrics_retrieve description: Login Metrics per 1h tags: - admin security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/LoginMetrics' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /admin/system/: get: operationId: admin_system_retrieve description: Get system information. tags: - admin security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/System' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /admin/system_tasks/: get: operationId: admin_system_tasks_list description: List system tasks tags: - admin security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/Task' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /admin/system_tasks/{id}/: get: operationId: admin_system_tasks_retrieve description: Get a single system task parameters: - in: path name: id schema: type: string required: true tags: - admin security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Task' description: '' '404': description: Task not found '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /admin/system_tasks/{id}/retry/: post: operationId: admin_system_tasks_retry_create description: Retry task parameters: - in: path name: id schema: type: string required: true tags: - admin security: - authentik: [] responses: '204': description: Task retried successfully '404': description: Task not found '500': description: Failed to retry task '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /admin/version/: get: operationId: admin_version_retrieve description: Get running and latest version. tags: - admin security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Version' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /admin/workers/: get: operationId: admin_workers_retrieve description: Get currently connected worker count. tags: - admin security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Workers' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /authenticators/admin/duo/: get: operationId: authenticators_admin_duo_list description: Viewset for Duo authenticator devices (for admins) parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedDuoDeviceList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: authenticators_admin_duo_create description: Viewset for Duo authenticator devices (for admins) tags: - authenticators requestBody: content: application/json: schema: $ref: '#/components/schemas/DuoDeviceRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/DuoDevice' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /authenticators/admin/duo/{id}/: get: operationId: authenticators_admin_duo_retrieve description: Viewset for Duo authenticator devices (for admins) parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Duo Device. required: true tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/DuoDevice' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: authenticators_admin_duo_update description: Viewset for Duo authenticator devices (for admins) parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Duo Device. required: true tags: - authenticators requestBody: content: application/json: schema: $ref: '#/components/schemas/DuoDeviceRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/DuoDevice' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: authenticators_admin_duo_partial_update description: Viewset for Duo authenticator devices (for admins) parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Duo Device. required: true tags: - authenticators requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedDuoDeviceRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/DuoDevice' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: authenticators_admin_duo_destroy description: Viewset for Duo authenticator devices (for admins) parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Duo Device. required: true tags: - authenticators security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /authenticators/admin/sms/: get: operationId: authenticators_admin_sms_list description: Viewset for sms authenticator devices (for admins) parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedSMSDeviceList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /authenticators/admin/sms/{id}/: get: operationId: authenticators_admin_sms_retrieve description: Viewset for sms authenticator devices (for admins) parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this SMS Device. required: true tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SMSDevice' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /authenticators/admin/static/: get: operationId: authenticators_admin_static_list description: Viewset for static authenticator devices (for admins) parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedStaticDeviceList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /authenticators/admin/static/{id}/: get: operationId: authenticators_admin_static_retrieve description: Viewset for static authenticator devices (for admins) parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this static device. required: true tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/StaticDevice' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /authenticators/admin/totp/: get: operationId: authenticators_admin_totp_list description: Viewset for totp authenticator devices (for admins) parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedTOTPDeviceList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /authenticators/admin/totp/{id}/: get: operationId: authenticators_admin_totp_retrieve description: Viewset for totp authenticator devices (for admins) parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this TOTP device. required: true tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/TOTPDevice' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /authenticators/admin/webauthn/: get: operationId: authenticators_admin_webauthn_list description: Viewset for WebAuthn authenticator devices (for admins) parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedWebAuthnDeviceList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /authenticators/admin/webauthn/{id}/: get: operationId: authenticators_admin_webauthn_retrieve description: Viewset for WebAuthn authenticator devices (for admins) parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this WebAuthn Device. required: true tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/WebAuthnDevice' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /authenticators/all/: get: operationId: authenticators_all_list description: Get all devices for current user tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/Device' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /authenticators/duo/: get: operationId: authenticators_duo_list description: Viewset for Duo authenticator devices parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedDuoDeviceList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /authenticators/duo/{id}/: get: operationId: authenticators_duo_retrieve description: Viewset for Duo authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Duo Device. required: true tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/DuoDevice' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: authenticators_duo_update description: Viewset for Duo authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Duo Device. required: true tags: - authenticators requestBody: content: application/json: schema: $ref: '#/components/schemas/DuoDeviceRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/DuoDevice' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: authenticators_duo_partial_update description: Viewset for Duo authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Duo Device. required: true tags: - authenticators requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedDuoDeviceRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/DuoDevice' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: authenticators_duo_destroy description: Viewset for Duo authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Duo Device. required: true tags: - authenticators security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /authenticators/duo/{id}/used_by/: get: operationId: authenticators_duo_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Duo Device. required: true tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /authenticators/sms/: get: operationId: authenticators_sms_list description: Viewset for sms authenticator devices parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedSMSDeviceList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /authenticators/sms/{id}/: get: operationId: authenticators_sms_retrieve description: Viewset for sms authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this SMS Device. required: true tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SMSDevice' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: authenticators_sms_update description: Viewset for sms authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this SMS Device. required: true tags: - authenticators requestBody: content: application/json: schema: $ref: '#/components/schemas/SMSDeviceRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SMSDevice' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: authenticators_sms_partial_update description: Viewset for sms authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this SMS Device. required: true tags: - authenticators requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedSMSDeviceRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SMSDevice' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: authenticators_sms_destroy description: Viewset for sms authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this SMS Device. required: true tags: - authenticators security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /authenticators/sms/{id}/used_by/: get: operationId: authenticators_sms_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this SMS Device. required: true tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /authenticators/static/: get: operationId: authenticators_static_list description: Viewset for static authenticator devices parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedStaticDeviceList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /authenticators/static/{id}/: get: operationId: authenticators_static_retrieve description: Viewset for static authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this static device. required: true tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/StaticDevice' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: authenticators_static_update description: Viewset for static authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this static device. required: true tags: - authenticators requestBody: content: application/json: schema: $ref: '#/components/schemas/StaticDeviceRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/StaticDevice' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: authenticators_static_partial_update description: Viewset for static authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this static device. required: true tags: - authenticators requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedStaticDeviceRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/StaticDevice' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: authenticators_static_destroy description: Viewset for static authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this static device. required: true tags: - authenticators security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /authenticators/static/{id}/used_by/: get: operationId: authenticators_static_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this static device. required: true tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /authenticators/totp/: get: operationId: authenticators_totp_list description: Viewset for totp authenticator devices parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedTOTPDeviceList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /authenticators/totp/{id}/: get: operationId: authenticators_totp_retrieve description: Viewset for totp authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this TOTP device. required: true tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/TOTPDevice' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: authenticators_totp_update description: Viewset for totp authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this TOTP device. required: true tags: - authenticators requestBody: content: application/json: schema: $ref: '#/components/schemas/TOTPDeviceRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/TOTPDevice' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: authenticators_totp_partial_update description: Viewset for totp authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this TOTP device. required: true tags: - authenticators requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedTOTPDeviceRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/TOTPDevice' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: authenticators_totp_destroy description: Viewset for totp authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this TOTP device. required: true tags: - authenticators security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /authenticators/totp/{id}/used_by/: get: operationId: authenticators_totp_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this TOTP device. required: true tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /authenticators/webauthn/: get: operationId: authenticators_webauthn_list description: Viewset for WebAuthn authenticator devices parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedWebAuthnDeviceList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /authenticators/webauthn/{id}/: get: operationId: authenticators_webauthn_retrieve description: Viewset for WebAuthn authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this WebAuthn Device. required: true tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/WebAuthnDevice' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: authenticators_webauthn_update description: Viewset for WebAuthn authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this WebAuthn Device. required: true tags: - authenticators requestBody: content: application/json: schema: $ref: '#/components/schemas/WebAuthnDeviceRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/WebAuthnDevice' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: authenticators_webauthn_partial_update description: Viewset for WebAuthn authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this WebAuthn Device. required: true tags: - authenticators requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedWebAuthnDeviceRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/WebAuthnDevice' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: authenticators_webauthn_destroy description: Viewset for WebAuthn authenticator devices parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this WebAuthn Device. required: true tags: - authenticators security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /authenticators/webauthn/{id}/used_by/: get: operationId: authenticators_webauthn_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this WebAuthn Device. required: true tags: - authenticators security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /core/applications/: get: operationId: core_applications_list description: Custom list method that checks Policy based access instead of guardian parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: slug schema: type: string - in: query name: superuser_full_list schema: type: boolean tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedApplicationList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: core_applications_create description: Application Viewset tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/ApplicationRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/Application' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /core/applications/{slug}/: get: operationId: core_applications_retrieve description: Application Viewset parameters: - in: path name: slug schema: type: string description: Internal application name, used in URLs. required: true tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Application' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: core_applications_update description: Application Viewset parameters: - in: path name: slug schema: type: string description: Internal application name, used in URLs. required: true tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/ApplicationRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Application' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: core_applications_partial_update description: Application Viewset parameters: - in: path name: slug schema: type: string description: Internal application name, used in URLs. required: true tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedApplicationRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Application' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: core_applications_destroy description: Application Viewset parameters: - in: path name: slug schema: type: string description: Internal application name, used in URLs. required: true tags: - core security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /core/applications/{slug}/check_access/: get: operationId: core_applications_check_access_retrieve description: Check access to a single application by slug parameters: - in: query name: for_user schema: type: integer - in: path name: slug schema: type: string description: Internal application name, used in URLs. required: true tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PolicyTestResult' description: '' '404': description: for_user user not found '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /core/applications/{slug}/metrics/: get: operationId: core_applications_metrics_list description: Metrics for application logins parameters: - in: path name: slug schema: type: string description: Internal application name, used in URLs. required: true tags: - core security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/Coordinate' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /core/applications/{slug}/set_icon/: post: operationId: core_applications_set_icon_create description: Set application icon parameters: - in: path name: slug schema: type: string description: Internal application name, used in URLs. required: true tags: - core requestBody: content: multipart/form-data: schema: $ref: '#/components/schemas/FileUploadRequest' security: - authentik: [] responses: '200': description: Success '400': description: Bad request '403': $ref: '#/components/schemas/GenericError' /core/applications/{slug}/set_icon_url/: post: operationId: core_applications_set_icon_url_create description: Set application icon (as URL) parameters: - in: path name: slug schema: type: string description: Internal application name, used in URLs. required: true tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/FilePathRequest' required: true security: - authentik: [] responses: '200': description: Success '400': description: Bad request '403': $ref: '#/components/schemas/GenericError' /core/applications/{slug}/used_by/: get: operationId: core_applications_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: slug schema: type: string description: Internal application name, used in URLs. required: true tags: - core security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /core/authenticated_sessions/: get: operationId: core_authenticated_sessions_list description: AuthenticatedSession Viewset parameters: - in: query name: last_ip schema: type: string - in: query name: last_user_agent schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: user__username schema: type: string tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedAuthenticatedSessionList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /core/authenticated_sessions/{uuid}/: get: operationId: core_authenticated_sessions_retrieve description: AuthenticatedSession Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Authenticated Session. required: true tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticatedSession' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: core_authenticated_sessions_destroy description: AuthenticatedSession Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Authenticated Session. required: true tags: - core security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /core/authenticated_sessions/{uuid}/used_by/: get: operationId: core_authenticated_sessions_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Authenticated Session. required: true tags: - core security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /core/groups/: get: operationId: core_groups_list description: Group Viewset parameters: - in: query name: attributes schema: type: string description: Attributes - in: query name: is_superuser schema: type: boolean - in: query name: members_by_pk schema: type: array items: type: integer explode: true style: form - in: query name: members_by_username schema: type: array items: type: string description: Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only. explode: true style: form - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedGroupList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: core_groups_create description: Group Viewset tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/GroupRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/Group' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /core/groups/{group_uuid}/: get: operationId: core_groups_retrieve description: Group Viewset parameters: - in: path name: group_uuid schema: type: string format: uuid description: A UUID string identifying this group. required: true tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Group' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: core_groups_update description: Group Viewset parameters: - in: path name: group_uuid schema: type: string format: uuid description: A UUID string identifying this group. required: true tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/GroupRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Group' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: core_groups_partial_update description: Group Viewset parameters: - in: path name: group_uuid schema: type: string format: uuid description: A UUID string identifying this group. required: true tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedGroupRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Group' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: core_groups_destroy description: Group Viewset parameters: - in: path name: group_uuid schema: type: string format: uuid description: A UUID string identifying this group. required: true tags: - core security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /core/groups/{group_uuid}/used_by/: get: operationId: core_groups_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: group_uuid schema: type: string format: uuid description: A UUID string identifying this group. required: true tags: - core security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /core/tenants/: get: operationId: core_tenants_list description: Tenant Viewset parameters: - in: query name: branding_favicon schema: type: string - in: query name: branding_logo schema: type: string - in: query name: branding_title schema: type: string - in: query name: default schema: type: boolean - in: query name: domain schema: type: string - in: query name: event_retention schema: type: string - in: query name: flow_authentication schema: type: string format: uuid - in: query name: flow_invalidation schema: type: string format: uuid - in: query name: flow_recovery schema: type: string format: uuid - in: query name: flow_unenrollment schema: type: string format: uuid - in: query name: flow_user_settings schema: type: string format: uuid - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: tenant_uuid schema: type: string format: uuid - in: query name: web_certificate schema: type: string format: uuid tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedTenantList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: core_tenants_create description: Tenant Viewset tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/TenantRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/Tenant' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /core/tenants/{tenant_uuid}/: get: operationId: core_tenants_retrieve description: Tenant Viewset parameters: - in: path name: tenant_uuid schema: type: string format: uuid description: A UUID string identifying this Tenant. required: true tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Tenant' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: core_tenants_update description: Tenant Viewset parameters: - in: path name: tenant_uuid schema: type: string format: uuid description: A UUID string identifying this Tenant. required: true tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/TenantRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Tenant' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: core_tenants_partial_update description: Tenant Viewset parameters: - in: path name: tenant_uuid schema: type: string format: uuid description: A UUID string identifying this Tenant. required: true tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedTenantRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Tenant' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: core_tenants_destroy description: Tenant Viewset parameters: - in: path name: tenant_uuid schema: type: string format: uuid description: A UUID string identifying this Tenant. required: true tags: - core security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /core/tenants/{tenant_uuid}/used_by/: get: operationId: core_tenants_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: tenant_uuid schema: type: string format: uuid description: A UUID string identifying this Tenant. required: true tags: - core security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /core/tenants/current/: get: operationId: core_tenants_current_retrieve description: Get current tenant tags: - core security: - authentik: [] - {} responses: '200': content: application/json: schema: $ref: '#/components/schemas/CurrentTenant' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /core/tokens/: get: operationId: core_tokens_list description: Token Viewset parameters: - in: query name: description schema: type: string - in: query name: expires schema: type: string format: date-time - in: query name: expiring schema: type: boolean - in: query name: identifier schema: type: string - in: query name: intent schema: type: string enum: - api - app_password - recovery - verification - in: query name: managed schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: user__username schema: type: string tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedTokenList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: core_tokens_create description: Token Viewset tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/TokenRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/Token' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /core/tokens/{identifier}/: get: operationId: core_tokens_retrieve description: Token Viewset parameters: - in: path name: identifier schema: type: string required: true tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Token' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: core_tokens_update description: Token Viewset parameters: - in: path name: identifier schema: type: string required: true tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/TokenRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Token' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: core_tokens_partial_update description: Token Viewset parameters: - in: path name: identifier schema: type: string required: true tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedTokenRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Token' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: core_tokens_destroy description: Token Viewset parameters: - in: path name: identifier schema: type: string required: true tags: - core security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /core/tokens/{identifier}/set_key/: post: operationId: core_tokens_set_key_create description: Return token key and log access parameters: - in: path name: identifier schema: type: string required: true tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/TokenSetKeyRequest' required: true security: - authentik: [] responses: '204': description: Successfully changed key '400': description: Missing key '404': description: Token not found or expired '403': $ref: '#/components/schemas/GenericError' /core/tokens/{identifier}/used_by/: get: operationId: core_tokens_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: identifier schema: type: string required: true tags: - core security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /core/tokens/{identifier}/view_key/: get: operationId: core_tokens_view_key_retrieve description: Return token key and log access parameters: - in: path name: identifier schema: type: string required: true tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/TokenView' description: '' '404': description: Token not found or expired '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /core/user_consent/: get: operationId: core_user_consent_list description: UserConsent Viewset parameters: - in: query name: application schema: type: string format: uuid - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: user schema: type: integer tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedUserConsentList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /core/user_consent/{id}/: get: operationId: core_user_consent_retrieve description: UserConsent Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User Consent. required: true tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserConsent' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: core_user_consent_destroy description: UserConsent Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User Consent. required: true tags: - core security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /core/user_consent/{id}/used_by/: get: operationId: core_user_consent_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User Consent. required: true tags: - core security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /core/users/: get: operationId: core_users_list description: User Viewset parameters: - in: query name: attributes schema: type: string description: Attributes - in: query name: email schema: type: string - in: query name: groups_by_name schema: type: array items: type: string explode: true style: form - in: query name: groups_by_pk schema: type: array items: type: string format: uuid explode: true style: form - in: query name: is_active schema: type: boolean - in: query name: is_superuser schema: type: boolean - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: path schema: type: string - in: query name: path_startswith schema: type: string - name: search required: false in: query description: A search term. schema: type: string - in: query name: username schema: type: string - in: query name: uuid schema: type: string tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedUserList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: core_users_create description: User Viewset tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/UserRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/User' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /core/users/{id}/: get: operationId: core_users_retrieve description: User Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User. required: true tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/User' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: core_users_update description: User Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User. required: true tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/UserRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/User' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: core_users_partial_update description: User Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User. required: true tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedUserRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/User' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: core_users_destroy description: User Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User. required: true tags: - core security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /core/users/{id}/metrics/: get: operationId: core_users_metrics_retrieve description: User metrics per 1h parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User. required: true tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserMetrics' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /core/users/{id}/recovery/: get: operationId: core_users_recovery_retrieve description: Create a temporary link that a user can use to recover their accounts parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User. required: true tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Link' description: '' '404': content: application/json: schema: $ref: '#/components/schemas/Link' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /core/users/{id}/recovery_email/: get: operationId: core_users_recovery_email_retrieve description: Create a temporary link that a user can use to recover their accounts parameters: - in: query name: email_stage schema: type: string required: true - in: path name: id schema: type: integer description: A unique integer value identifying this User. required: true tags: - core security: - authentik: [] responses: '204': description: Successfully sent recover email '404': description: Bad request '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /core/users/{id}/set_password/: post: operationId: core_users_set_password_create description: Set password for user parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User. required: true tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/UserPasswordSetRequest' required: true security: - authentik: [] responses: '204': description: Successfully changed password '400': description: Bad request '403': $ref: '#/components/schemas/GenericError' /core/users/{id}/used_by/: get: operationId: core_users_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User. required: true tags: - core security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /core/users/me/: get: operationId: core_users_me_retrieve description: Get information about current user tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SessionUser' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /core/users/paths/: get: operationId: core_users_paths_retrieve description: Get all user paths parameters: - in: query name: search schema: type: string tags: - core security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserPath' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /core/users/service_account/: post: operationId: core_users_service_account_create description: Create a new user account that is marked as a service account tags: - core requestBody: content: application/json: schema: $ref: '#/components/schemas/UserServiceAccountRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserServiceAccountResponse' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /crypto/certificatekeypairs/: get: operationId: crypto_certificatekeypairs_list description: CertificateKeyPair Viewset parameters: - in: query name: has_key schema: type: boolean description: Only return certificate-key pairs with keys - in: query name: managed schema: type: string - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - crypto security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedCertificateKeyPairList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: crypto_certificatekeypairs_create description: CertificateKeyPair Viewset tags: - crypto requestBody: content: application/json: schema: $ref: '#/components/schemas/CertificateKeyPairRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/CertificateKeyPair' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /crypto/certificatekeypairs/{kp_uuid}/: get: operationId: crypto_certificatekeypairs_retrieve description: CertificateKeyPair Viewset parameters: - in: path name: kp_uuid schema: type: string format: uuid description: A UUID string identifying this Certificate-Key Pair. required: true tags: - crypto security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/CertificateKeyPair' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: crypto_certificatekeypairs_update description: CertificateKeyPair Viewset parameters: - in: path name: kp_uuid schema: type: string format: uuid description: A UUID string identifying this Certificate-Key Pair. required: true tags: - crypto requestBody: content: application/json: schema: $ref: '#/components/schemas/CertificateKeyPairRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/CertificateKeyPair' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: crypto_certificatekeypairs_partial_update description: CertificateKeyPair Viewset parameters: - in: path name: kp_uuid schema: type: string format: uuid description: A UUID string identifying this Certificate-Key Pair. required: true tags: - crypto requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedCertificateKeyPairRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/CertificateKeyPair' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: crypto_certificatekeypairs_destroy description: CertificateKeyPair Viewset parameters: - in: path name: kp_uuid schema: type: string format: uuid description: A UUID string identifying this Certificate-Key Pair. required: true tags: - crypto security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /crypto/certificatekeypairs/{kp_uuid}/used_by/: get: operationId: crypto_certificatekeypairs_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: kp_uuid schema: type: string format: uuid description: A UUID string identifying this Certificate-Key Pair. required: true tags: - crypto security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /crypto/certificatekeypairs/{kp_uuid}/view_certificate/: get: operationId: crypto_certificatekeypairs_view_certificate_retrieve description: Return certificate-key pairs certificate and log access parameters: - in: query name: download schema: type: boolean - in: path name: kp_uuid schema: type: string format: uuid description: A UUID string identifying this Certificate-Key Pair. required: true tags: - crypto security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/CertificateData' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /crypto/certificatekeypairs/{kp_uuid}/view_private_key/: get: operationId: crypto_certificatekeypairs_view_private_key_retrieve description: Return certificate-key pairs private key and log access parameters: - in: query name: download schema: type: boolean - in: path name: kp_uuid schema: type: string format: uuid description: A UUID string identifying this Certificate-Key Pair. required: true tags: - crypto security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/CertificateData' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /crypto/certificatekeypairs/generate/: post: operationId: crypto_certificatekeypairs_generate_create description: Generate a new, self-signed certificate-key pair tags: - crypto requestBody: content: application/json: schema: $ref: '#/components/schemas/CertificateGenerationRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/CertificateKeyPair' description: '' '400': description: Bad request '403': $ref: '#/components/schemas/GenericError' /events/events/: get: operationId: events_events_list description: Event Read-Only Viewset parameters: - in: query name: action schema: type: string - in: query name: client_ip schema: type: string - in: query name: context_authorized_app schema: type: string description: Context Authorized application - in: query name: context_model_app schema: type: string description: Context Model App - in: query name: context_model_name schema: type: string description: Context Model Name - in: query name: context_model_pk schema: type: string description: Context Model Primary Key - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: tenant_name schema: type: string description: Tenant name - in: query name: username schema: type: string description: Username tags: - events security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedEventList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: events_events_create description: Event Read-Only Viewset tags: - events requestBody: content: application/json: schema: $ref: '#/components/schemas/EventRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/Event' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /events/events/{event_uuid}/: get: operationId: events_events_retrieve description: Event Read-Only Viewset parameters: - in: path name: event_uuid schema: type: string format: uuid description: A UUID string identifying this Event. required: true tags: - events security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Event' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: events_events_update description: Event Read-Only Viewset parameters: - in: path name: event_uuid schema: type: string format: uuid description: A UUID string identifying this Event. required: true tags: - events requestBody: content: application/json: schema: $ref: '#/components/schemas/EventRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Event' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: events_events_partial_update description: Event Read-Only Viewset parameters: - in: path name: event_uuid schema: type: string format: uuid description: A UUID string identifying this Event. required: true tags: - events requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedEventRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Event' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: events_events_destroy description: Event Read-Only Viewset parameters: - in: path name: event_uuid schema: type: string format: uuid description: A UUID string identifying this Event. required: true tags: - events security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /events/events/actions/: get: operationId: events_events_actions_list description: Get all actions tags: - events security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/TypeCreate' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /events/events/per_month/: get: operationId: events_events_per_month_list description: Get the count of events per month parameters: - in: query name: action schema: type: string - in: query name: query schema: type: string tags: - events security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/Coordinate' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /events/events/top_per_user/: get: operationId: events_events_top_per_user_list description: Get the top_n events grouped by user count parameters: - in: query name: action schema: type: string - in: query name: top_n schema: type: integer tags: - events security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/EventTopPerUser' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /events/notifications/: get: operationId: events_notifications_list description: Notification Viewset parameters: - in: query name: body schema: type: string - in: query name: created schema: type: string format: date-time - in: query name: event schema: type: string format: uuid - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: seen schema: type: boolean - in: query name: severity schema: type: string enum: - alert - notice - warning - in: query name: user schema: type: integer tags: - events security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedNotificationList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /events/notifications/{uuid}/: get: operationId: events_notifications_retrieve description: Notification Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Notification. required: true tags: - events security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Notification' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: events_notifications_update description: Notification Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Notification. required: true tags: - events requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Notification' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: events_notifications_partial_update description: Notification Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Notification. required: true tags: - events requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedNotificationRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Notification' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: events_notifications_destroy description: Notification Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Notification. required: true tags: - events security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /events/notifications/{uuid}/used_by/: get: operationId: events_notifications_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Notification. required: true tags: - events security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /events/notifications/mark_all_seen/: post: operationId: events_notifications_mark_all_seen_create description: Mark all the user's notifications as seen tags: - events security: - authentik: [] responses: '204': description: Marked tasks as read successfully. '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /events/rules/: get: operationId: events_rules_list description: NotificationRule Viewset parameters: - in: query name: group__name schema: type: string - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: severity schema: type: string enum: - alert - notice - warning description: Controls which severity level the created notifications will have. tags: - events security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedNotificationRuleList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: events_rules_create description: NotificationRule Viewset tags: - events requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationRuleRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/NotificationRule' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /events/rules/{pbm_uuid}/: get: operationId: events_rules_retrieve description: NotificationRule Viewset parameters: - in: path name: pbm_uuid schema: type: string format: uuid description: A UUID string identifying this Notification Rule. required: true tags: - events security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/NotificationRule' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: events_rules_update description: NotificationRule Viewset parameters: - in: path name: pbm_uuid schema: type: string format: uuid description: A UUID string identifying this Notification Rule. required: true tags: - events requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationRuleRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/NotificationRule' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: events_rules_partial_update description: NotificationRule Viewset parameters: - in: path name: pbm_uuid schema: type: string format: uuid description: A UUID string identifying this Notification Rule. required: true tags: - events requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedNotificationRuleRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/NotificationRule' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: events_rules_destroy description: NotificationRule Viewset parameters: - in: path name: pbm_uuid schema: type: string format: uuid description: A UUID string identifying this Notification Rule. required: true tags: - events security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /events/rules/{pbm_uuid}/used_by/: get: operationId: events_rules_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: pbm_uuid schema: type: string format: uuid description: A UUID string identifying this Notification Rule. required: true tags: - events security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /events/transports/: get: operationId: events_transports_list description: NotificationTransport Viewset parameters: - in: query name: mode schema: type: string enum: - email - local - webhook - webhook_slack - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: send_once schema: type: boolean - in: query name: webhook_url schema: type: string tags: - events security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedNotificationTransportList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: events_transports_create description: NotificationTransport Viewset tags: - events requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationTransportRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/NotificationTransport' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /events/transports/{uuid}/: get: operationId: events_transports_retrieve description: NotificationTransport Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Notification Transport. required: true tags: - events security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/NotificationTransport' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: events_transports_update description: NotificationTransport Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Notification Transport. required: true tags: - events requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationTransportRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/NotificationTransport' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: events_transports_partial_update description: NotificationTransport Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Notification Transport. required: true tags: - events requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedNotificationTransportRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/NotificationTransport' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: events_transports_destroy description: NotificationTransport Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Notification Transport. required: true tags: - events security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /events/transports/{uuid}/test/: post: operationId: events_transports_test_create description: |- Send example notification using selected transport. Requires Modify permissions. parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Notification Transport. required: true tags: - events security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/NotificationTransportTest' description: '' '500': description: Failed to test transport '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /events/transports/{uuid}/used_by/: get: operationId: events_transports_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Notification Transport. required: true tags: - events security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /flows/bindings/: get: operationId: flows_bindings_list description: FlowStageBinding Viewset parameters: - in: query name: evaluate_on_plan schema: type: boolean - in: query name: fsb_uuid schema: type: string format: uuid - in: query name: invalid_response_action schema: type: string enum: - restart - restart_with_context - retry description: Configure how the flow executor should handle an invalid response to a challenge. RETRY returns the error message and a similar challenge to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT restarts the flow while keeping the current context. - in: query name: order schema: type: integer - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: pbm_uuid schema: type: string format: uuid - in: query name: policies schema: type: array items: type: string format: uuid explode: true style: form - in: query name: policy_engine_mode schema: type: string enum: - all - any - in: query name: re_evaluate_policies schema: type: boolean - name: search required: false in: query description: A search term. schema: type: string - in: query name: stage schema: type: string format: uuid - in: query name: target schema: type: string format: uuid tags: - flows security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedFlowStageBindingList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: flows_bindings_create description: FlowStageBinding Viewset tags: - flows requestBody: content: application/json: schema: $ref: '#/components/schemas/FlowStageBindingRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/FlowStageBinding' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /flows/bindings/{fsb_uuid}/: get: operationId: flows_bindings_retrieve description: FlowStageBinding Viewset parameters: - in: path name: fsb_uuid schema: type: string format: uuid description: A UUID string identifying this Flow Stage Binding. required: true tags: - flows security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/FlowStageBinding' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: flows_bindings_update description: FlowStageBinding Viewset parameters: - in: path name: fsb_uuid schema: type: string format: uuid description: A UUID string identifying this Flow Stage Binding. required: true tags: - flows requestBody: content: application/json: schema: $ref: '#/components/schemas/FlowStageBindingRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/FlowStageBinding' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: flows_bindings_partial_update description: FlowStageBinding Viewset parameters: - in: path name: fsb_uuid schema: type: string format: uuid description: A UUID string identifying this Flow Stage Binding. required: true tags: - flows requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedFlowStageBindingRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/FlowStageBinding' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: flows_bindings_destroy description: FlowStageBinding Viewset parameters: - in: path name: fsb_uuid schema: type: string format: uuid description: A UUID string identifying this Flow Stage Binding. required: true tags: - flows security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /flows/bindings/{fsb_uuid}/used_by/: get: operationId: flows_bindings_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: fsb_uuid schema: type: string format: uuid description: A UUID string identifying this Flow Stage Binding. required: true tags: - flows security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /flows/executor/{flow_slug}/: get: operationId: flows_executor_get description: Get the next pending challenge from the currently active flow. parameters: - in: path name: flow_slug schema: type: string required: true - in: query name: query schema: type: string description: Querystring as received required: true tags: - flows security: - authentik: [] - {} responses: '200': content: application/json: schema: $ref: '#/components/schemas/ChallengeTypes' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: flows_executor_solve description: Solve the previously retrieved challenge and advanced to the next stage. parameters: - in: path name: flow_slug schema: type: string required: true - in: query name: query schema: type: string description: Querystring as received required: true tags: - flows requestBody: content: application/json: schema: $ref: '#/components/schemas/FlowChallengeResponseRequest' security: - authentik: [] - {} responses: '200': content: application/json: schema: $ref: '#/components/schemas/ChallengeTypes' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /flows/inspector/{flow_slug}/: get: operationId: flows_inspector_get description: Get current flow state and record it parameters: - in: path name: flow_slug schema: type: string required: true tags: - flows security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/FlowInspection' description: '' '400': description: No flow plan in session. '403': $ref: '#/components/schemas/GenericError' /flows/instances/: get: operationId: flows_instances_list description: Flow Viewset parameters: - in: query name: designation schema: type: string enum: - authentication - authorization - enrollment - invalidation - recovery - stage_configuration - unenrollment description: Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik. - in: query name: flow_uuid schema: type: string format: uuid - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: slug schema: type: string tags: - flows security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedFlowList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: flows_instances_create description: Flow Viewset tags: - flows requestBody: content: application/json: schema: $ref: '#/components/schemas/FlowRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/Flow' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /flows/instances/{slug}/: get: operationId: flows_instances_retrieve description: Flow Viewset parameters: - in: path name: slug schema: type: string description: Visible in the URL. required: true tags: - flows security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Flow' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: flows_instances_update description: Flow Viewset parameters: - in: path name: slug schema: type: string description: Visible in the URL. required: true tags: - flows requestBody: content: application/json: schema: $ref: '#/components/schemas/FlowRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Flow' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: flows_instances_partial_update description: Flow Viewset parameters: - in: path name: slug schema: type: string description: Visible in the URL. required: true tags: - flows requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedFlowRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Flow' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: flows_instances_destroy description: Flow Viewset parameters: - in: path name: slug schema: type: string description: Visible in the URL. required: true tags: - flows security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /flows/instances/{slug}/diagram/: get: operationId: flows_instances_diagram_retrieve description: Return diagram for flow with slug `slug`, in the format used by flowchart.js parameters: - in: path name: slug schema: type: string description: Visible in the URL. required: true tags: - flows security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/FlowDiagram' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /flows/instances/{slug}/execute/: get: operationId: flows_instances_execute_retrieve description: Execute flow for current user parameters: - in: path name: slug schema: type: string description: Visible in the URL. required: true tags: - flows security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Link' description: '' '400': description: Flow not applicable '403': $ref: '#/components/schemas/GenericError' /flows/instances/{slug}/export/: get: operationId: flows_instances_export_retrieve description: Export flow to .akflow file parameters: - in: path name: slug schema: type: string description: Visible in the URL. required: true tags: - flows security: - authentik: [] responses: '200': content: application/json: schema: type: string format: binary description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /flows/instances/{slug}/set_background/: post: operationId: flows_instances_set_background_create description: Set Flow background parameters: - in: path name: slug schema: type: string description: Visible in the URL. required: true tags: - flows requestBody: content: multipart/form-data: schema: $ref: '#/components/schemas/FileUploadRequest' security: - authentik: [] responses: '200': description: Success '400': description: Bad request '403': $ref: '#/components/schemas/GenericError' /flows/instances/{slug}/set_background_url/: post: operationId: flows_instances_set_background_url_create description: Set Flow background (as URL) parameters: - in: path name: slug schema: type: string description: Visible in the URL. required: true tags: - flows requestBody: content: application/json: schema: $ref: '#/components/schemas/FilePathRequest' required: true security: - authentik: [] responses: '200': description: Success '400': description: Bad request '403': $ref: '#/components/schemas/GenericError' /flows/instances/{slug}/used_by/: get: operationId: flows_instances_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: slug schema: type: string description: Visible in the URL. required: true tags: - flows security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /flows/instances/cache_clear/: post: operationId: flows_instances_cache_clear_create description: Clear flow cache tags: - flows security: - authentik: [] responses: '204': description: Successfully cleared cache '400': description: Bad request '403': $ref: '#/components/schemas/GenericError' /flows/instances/cache_info/: get: operationId: flows_instances_cache_info_retrieve description: Info about cached flows tags: - flows security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Cache' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /flows/instances/import_flow/: post: operationId: flows_instances_import_flow_create description: Import flow from .akflow file tags: - flows requestBody: content: multipart/form-data: schema: $ref: '#/components/schemas/FileUploadRequest' security: - authentik: [] responses: '204': description: Successfully imported flow '400': description: Bad request '403': $ref: '#/components/schemas/GenericError' /oauth2/authorization_codes/: get: operationId: oauth2_authorization_codes_list description: AuthorizationCode Viewset parameters: - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: provider schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: user schema: type: integer tags: - oauth2 security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedExpiringBaseGrantModelList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /oauth2/authorization_codes/{id}/: get: operationId: oauth2_authorization_codes_retrieve description: AuthorizationCode Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Authorization Code. required: true tags: - oauth2 security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/ExpiringBaseGrantModel' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: oauth2_authorization_codes_destroy description: AuthorizationCode Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Authorization Code. required: true tags: - oauth2 security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /oauth2/authorization_codes/{id}/used_by/: get: operationId: oauth2_authorization_codes_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Authorization Code. required: true tags: - oauth2 security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /oauth2/refresh_tokens/: get: operationId: oauth2_refresh_tokens_list description: RefreshToken Viewset parameters: - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: provider schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: user schema: type: integer tags: - oauth2 security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedRefreshTokenModelList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /oauth2/refresh_tokens/{id}/: get: operationId: oauth2_refresh_tokens_retrieve description: RefreshToken Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this OAuth2 Token. required: true tags: - oauth2 security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/RefreshTokenModel' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: oauth2_refresh_tokens_destroy description: RefreshToken Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this OAuth2 Token. required: true tags: - oauth2 security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /oauth2/refresh_tokens/{id}/used_by/: get: operationId: oauth2_refresh_tokens_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this OAuth2 Token. required: true tags: - oauth2 security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /outposts/instances/: get: operationId: outposts_instances_list description: Outpost Viewset parameters: - in: query name: managed__icontains schema: type: string - in: query name: managed__iexact schema: type: string - in: query name: name__icontains schema: type: string - in: query name: name__iexact schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: providers__isnull schema: type: boolean - in: query name: providers_by_pk schema: type: array items: type: integer explode: true style: form - name: search required: false in: query description: A search term. schema: type: string - in: query name: service_connection__name__icontains schema: type: string - in: query name: service_connection__name__iexact schema: type: string tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedOutpostList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: outposts_instances_create description: Outpost Viewset tags: - outposts requestBody: content: application/json: schema: $ref: '#/components/schemas/OutpostRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/Outpost' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /outposts/instances/{uuid}/: get: operationId: outposts_instances_retrieve description: Outpost Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this outpost. required: true tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Outpost' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: outposts_instances_update description: Outpost Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this outpost. required: true tags: - outposts requestBody: content: application/json: schema: $ref: '#/components/schemas/OutpostRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Outpost' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: outposts_instances_partial_update description: Outpost Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this outpost. required: true tags: - outposts requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedOutpostRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Outpost' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: outposts_instances_destroy description: Outpost Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this outpost. required: true tags: - outposts security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /outposts/instances/{uuid}/health/: get: operationId: outposts_instances_health_list description: Get outposts current health parameters: - in: query name: managed__icontains schema: type: string - in: query name: managed__iexact schema: type: string - in: query name: name__icontains schema: type: string - in: query name: name__iexact schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - in: query name: providers__isnull schema: type: boolean - in: query name: providers_by_pk schema: type: array items: type: integer explode: true style: form - name: search required: false in: query description: A search term. schema: type: string - in: query name: service_connection__name__icontains schema: type: string - in: query name: service_connection__name__iexact schema: type: string - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this outpost. required: true tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/OutpostHealth' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /outposts/instances/{uuid}/used_by/: get: operationId: outposts_instances_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this outpost. required: true tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /outposts/instances/default_settings/: get: operationId: outposts_instances_default_settings_retrieve description: Global default outpost config tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/OutpostDefaultConfig' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /outposts/ldap/: get: operationId: outposts_ldap_list description: LDAPProvider Viewset parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedLDAPOutpostConfigList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /outposts/ldap/{id}/: get: operationId: outposts_ldap_retrieve description: LDAPProvider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this LDAP Provider. required: true tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/LDAPOutpostConfig' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /outposts/proxy/: get: operationId: outposts_proxy_list description: ProxyProvider Viewset parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedProxyOutpostConfigList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /outposts/proxy/{id}/: get: operationId: outposts_proxy_retrieve description: ProxyProvider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Proxy Provider. required: true tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/ProxyOutpostConfig' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /outposts/service_connections/all/: get: operationId: outposts_service_connections_all_list description: ServiceConnection Viewset parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedServiceConnectionList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /outposts/service_connections/all/{uuid}/: get: operationId: outposts_service_connections_all_retrieve description: ServiceConnection Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Outpost Service-Connection. required: true tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/ServiceConnection' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: outposts_service_connections_all_destroy description: ServiceConnection Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Outpost Service-Connection. required: true tags: - outposts security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /outposts/service_connections/all/{uuid}/state/: get: operationId: outposts_service_connections_all_state_retrieve description: Get the service connection's state parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Outpost Service-Connection. required: true tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/ServiceConnectionState' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /outposts/service_connections/all/{uuid}/used_by/: get: operationId: outposts_service_connections_all_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Outpost Service-Connection. required: true tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /outposts/service_connections/all/types/: get: operationId: outposts_service_connections_all_types_list description: Get all creatable service connection types tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/TypeCreate' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /outposts/service_connections/docker/: get: operationId: outposts_service_connections_docker_list description: DockerServiceConnection Viewset parameters: - in: query name: local schema: type: boolean - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: tls_authentication schema: type: string format: uuid - in: query name: tls_verification schema: type: string format: uuid - in: query name: url schema: type: string tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedDockerServiceConnectionList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: outposts_service_connections_docker_create description: DockerServiceConnection Viewset tags: - outposts requestBody: content: application/json: schema: $ref: '#/components/schemas/DockerServiceConnectionRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/DockerServiceConnection' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /outposts/service_connections/docker/{uuid}/: get: operationId: outposts_service_connections_docker_retrieve description: DockerServiceConnection Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Docker Service-Connection. required: true tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/DockerServiceConnection' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: outposts_service_connections_docker_update description: DockerServiceConnection Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Docker Service-Connection. required: true tags: - outposts requestBody: content: application/json: schema: $ref: '#/components/schemas/DockerServiceConnectionRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/DockerServiceConnection' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: outposts_service_connections_docker_partial_update description: DockerServiceConnection Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Docker Service-Connection. required: true tags: - outposts requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedDockerServiceConnectionRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/DockerServiceConnection' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: outposts_service_connections_docker_destroy description: DockerServiceConnection Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Docker Service-Connection. required: true tags: - outposts security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /outposts/service_connections/docker/{uuid}/used_by/: get: operationId: outposts_service_connections_docker_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Docker Service-Connection. required: true tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /outposts/service_connections/kubernetes/: get: operationId: outposts_service_connections_kubernetes_list description: KubernetesServiceConnection Viewset parameters: - in: query name: local schema: type: boolean - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedKubernetesServiceConnectionList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: outposts_service_connections_kubernetes_create description: KubernetesServiceConnection Viewset tags: - outposts requestBody: content: application/json: schema: $ref: '#/components/schemas/KubernetesServiceConnectionRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/KubernetesServiceConnection' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /outposts/service_connections/kubernetes/{uuid}/: get: operationId: outposts_service_connections_kubernetes_retrieve description: KubernetesServiceConnection Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Kubernetes Service-Connection. required: true tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/KubernetesServiceConnection' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: outposts_service_connections_kubernetes_update description: KubernetesServiceConnection Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Kubernetes Service-Connection. required: true tags: - outposts requestBody: content: application/json: schema: $ref: '#/components/schemas/KubernetesServiceConnectionRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/KubernetesServiceConnection' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: outposts_service_connections_kubernetes_partial_update description: KubernetesServiceConnection Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Kubernetes Service-Connection. required: true tags: - outposts requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedKubernetesServiceConnectionRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/KubernetesServiceConnection' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: outposts_service_connections_kubernetes_destroy description: KubernetesServiceConnection Viewset parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Kubernetes Service-Connection. required: true tags: - outposts security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /outposts/service_connections/kubernetes/{uuid}/used_by/: get: operationId: outposts_service_connections_kubernetes_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: uuid schema: type: string format: uuid description: A UUID string identifying this Kubernetes Service-Connection. required: true tags: - outposts security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /policies/all/: get: operationId: policies_all_list description: Policy Viewset parameters: - in: query name: bindings__isnull schema: type: boolean - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: promptstage__isnull schema: type: boolean - name: search required: false in: query description: A search term. schema: type: string tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedPolicyList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /policies/all/{policy_uuid}/: get: operationId: policies_all_retrieve description: Policy Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Policy. required: true tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Policy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: policies_all_destroy description: Policy Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Policy. required: true tags: - policies security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /policies/all/{policy_uuid}/test/: post: operationId: policies_all_test_create description: Test policy parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Policy. required: true tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/PolicyTestRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PolicyTestResult' description: '' '400': description: Invalid parameters '403': $ref: '#/components/schemas/GenericError' /policies/all/{policy_uuid}/used_by/: get: operationId: policies_all_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Policy. required: true tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /policies/all/cache_clear/: post: operationId: policies_all_cache_clear_create description: Clear policy cache tags: - policies security: - authentik: [] responses: '204': description: Successfully cleared cache '400': description: Bad request '403': $ref: '#/components/schemas/GenericError' /policies/all/cache_info/: get: operationId: policies_all_cache_info_retrieve description: Info about cached policies tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Cache' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /policies/all/types/: get: operationId: policies_all_types_list description: Get all creatable policy types tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/TypeCreate' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /policies/bindings/: get: operationId: policies_bindings_list description: PolicyBinding Viewset parameters: - in: query name: enabled schema: type: boolean - in: query name: order schema: type: integer - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: policy schema: type: string format: uuid - in: query name: policy__isnull schema: type: boolean - name: search required: false in: query description: A search term. schema: type: string - in: query name: target schema: type: string format: uuid - in: query name: target_in schema: type: array items: type: string format: uuid explode: true style: form - in: query name: timeout schema: type: integer tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedPolicyBindingList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: policies_bindings_create description: PolicyBinding Viewset tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/PolicyBindingRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/PolicyBinding' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /policies/bindings/{policy_binding_uuid}/: get: operationId: policies_bindings_retrieve description: PolicyBinding Viewset parameters: - in: path name: policy_binding_uuid schema: type: string format: uuid description: A UUID string identifying this Policy Binding. required: true tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PolicyBinding' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: policies_bindings_update description: PolicyBinding Viewset parameters: - in: path name: policy_binding_uuid schema: type: string format: uuid description: A UUID string identifying this Policy Binding. required: true tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/PolicyBindingRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PolicyBinding' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: policies_bindings_partial_update description: PolicyBinding Viewset parameters: - in: path name: policy_binding_uuid schema: type: string format: uuid description: A UUID string identifying this Policy Binding. required: true tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedPolicyBindingRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PolicyBinding' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: policies_bindings_destroy description: PolicyBinding Viewset parameters: - in: path name: policy_binding_uuid schema: type: string format: uuid description: A UUID string identifying this Policy Binding. required: true tags: - policies security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /policies/bindings/{policy_binding_uuid}/used_by/: get: operationId: policies_bindings_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: policy_binding_uuid schema: type: string format: uuid description: A UUID string identifying this Policy Binding. required: true tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /policies/dummy/: get: operationId: policies_dummy_list description: Dummy Viewset parameters: - in: query name: created schema: type: string format: date-time - in: query name: execution_logging schema: type: boolean - in: query name: last_updated schema: type: string format: date-time - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: policy_uuid schema: type: string format: uuid - in: query name: result schema: type: boolean - name: search required: false in: query description: A search term. schema: type: string - in: query name: wait_max schema: type: integer - in: query name: wait_min schema: type: integer tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedDummyPolicyList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: policies_dummy_create description: Dummy Viewset tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/DummyPolicyRequest' security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/DummyPolicy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /policies/dummy/{policy_uuid}/: get: operationId: policies_dummy_retrieve description: Dummy Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Dummy Policy. required: true tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/DummyPolicy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: policies_dummy_update description: Dummy Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Dummy Policy. required: true tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/DummyPolicyRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/DummyPolicy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: policies_dummy_partial_update description: Dummy Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Dummy Policy. required: true tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedDummyPolicyRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/DummyPolicy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: policies_dummy_destroy description: Dummy Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Dummy Policy. required: true tags: - policies security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /policies/dummy/{policy_uuid}/used_by/: get: operationId: policies_dummy_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Dummy Policy. required: true tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /policies/event_matcher/: get: operationId: policies_event_matcher_list description: Event Matcher Policy Viewset parameters: - in: query name: action schema: type: string enum: - authorize_application - configuration_error - custom_ - email_sent - flow_execution - impersonation_ended - impersonation_started - invitation_used - login - login_failed - logout - model_created - model_deleted - model_updated - password_set - policy_exception - policy_execution - property_mapping_exception - secret_rotate - secret_view - source_linked - suspicious_request - system_exception - system_task_exception - system_task_execution - update_available - user_write description: Match created events with this action type. When left empty, all action types will be matched. - in: query name: app schema: type: string enum: - authentik.admin - authentik.api - authentik.core - authentik.crypto - authentik.events - authentik.flows - authentik.lib - authentik.managed - authentik.outposts - authentik.policies - authentik.policies.dummy - authentik.policies.event_matcher - authentik.policies.expiry - authentik.policies.expression - authentik.policies.hibp - authentik.policies.password - authentik.policies.reputation - authentik.providers.ldap - authentik.providers.oauth2 - authentik.providers.proxy - authentik.providers.saml - authentik.recovery - authentik.sources.ldap - authentik.sources.oauth - authentik.sources.plex - authentik.sources.saml - authentik.stages.authenticator_duo - authentik.stages.authenticator_sms - authentik.stages.authenticator_static - authentik.stages.authenticator_totp - authentik.stages.authenticator_validate - authentik.stages.authenticator_webauthn - authentik.stages.captcha - authentik.stages.consent - authentik.stages.deny - authentik.stages.dummy - authentik.stages.email - authentik.stages.identification - authentik.stages.invitation - authentik.stages.password - authentik.stages.prompt - authentik.stages.user_delete - authentik.stages.user_login - authentik.stages.user_logout - authentik.stages.user_write - authentik.tenants description: Match events created by selected application. When left empty, all applications are matched. - in: query name: client_ip schema: type: string - in: query name: created schema: type: string format: date-time - in: query name: execution_logging schema: type: boolean - in: query name: last_updated schema: type: string format: date-time - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: policy_uuid schema: type: string format: uuid - name: search required: false in: query description: A search term. schema: type: string tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedEventMatcherPolicyList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: policies_event_matcher_create description: Event Matcher Policy Viewset tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/EventMatcherPolicyRequest' security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/EventMatcherPolicy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /policies/event_matcher/{policy_uuid}/: get: operationId: policies_event_matcher_retrieve description: Event Matcher Policy Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Event Matcher Policy. required: true tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/EventMatcherPolicy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: policies_event_matcher_update description: Event Matcher Policy Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Event Matcher Policy. required: true tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/EventMatcherPolicyRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/EventMatcherPolicy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: policies_event_matcher_partial_update description: Event Matcher Policy Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Event Matcher Policy. required: true tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedEventMatcherPolicyRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/EventMatcherPolicy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: policies_event_matcher_destroy description: Event Matcher Policy Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Event Matcher Policy. required: true tags: - policies security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /policies/event_matcher/{policy_uuid}/used_by/: get: operationId: policies_event_matcher_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Event Matcher Policy. required: true tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /policies/expression/: get: operationId: policies_expression_list description: Source Viewset parameters: - in: query name: created schema: type: string format: date-time - in: query name: execution_logging schema: type: boolean - in: query name: expression schema: type: string - in: query name: last_updated schema: type: string format: date-time - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: policy_uuid schema: type: string format: uuid - name: search required: false in: query description: A search term. schema: type: string tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedExpressionPolicyList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: policies_expression_create description: Source Viewset tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/ExpressionPolicyRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/ExpressionPolicy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /policies/expression/{policy_uuid}/: get: operationId: policies_expression_retrieve description: Source Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Expression Policy. required: true tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/ExpressionPolicy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: policies_expression_update description: Source Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Expression Policy. required: true tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/ExpressionPolicyRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/ExpressionPolicy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: policies_expression_partial_update description: Source Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Expression Policy. required: true tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedExpressionPolicyRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/ExpressionPolicy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: policies_expression_destroy description: Source Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Expression Policy. required: true tags: - policies security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /policies/expression/{policy_uuid}/used_by/: get: operationId: policies_expression_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Expression Policy. required: true tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /policies/haveibeenpwned/: get: operationId: policies_haveibeenpwned_list description: Source Viewset parameters: - in: query name: allowed_count schema: type: integer - in: query name: created schema: type: string format: date-time - in: query name: execution_logging schema: type: boolean - in: query name: last_updated schema: type: string format: date-time - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: password_field schema: type: string - in: query name: policy_uuid schema: type: string format: uuid - name: search required: false in: query description: A search term. schema: type: string tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedHaveIBeenPwendPolicyList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: policies_haveibeenpwned_create description: Source Viewset tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/HaveIBeenPwendPolicyRequest' security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/HaveIBeenPwendPolicy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /policies/haveibeenpwned/{policy_uuid}/: get: operationId: policies_haveibeenpwned_retrieve description: Source Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Have I Been Pwned Policy. required: true tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/HaveIBeenPwendPolicy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: policies_haveibeenpwned_update description: Source Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Have I Been Pwned Policy. required: true tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/HaveIBeenPwendPolicyRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/HaveIBeenPwendPolicy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: policies_haveibeenpwned_partial_update description: Source Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Have I Been Pwned Policy. required: true tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedHaveIBeenPwendPolicyRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/HaveIBeenPwendPolicy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: policies_haveibeenpwned_destroy description: Source Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Have I Been Pwned Policy. required: true tags: - policies security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /policies/haveibeenpwned/{policy_uuid}/used_by/: get: operationId: policies_haveibeenpwned_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Have I Been Pwned Policy. required: true tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /policies/password/: get: operationId: policies_password_list description: Password Policy Viewset parameters: - in: query name: amount_digits schema: type: integer - in: query name: amount_lowercase schema: type: integer - in: query name: amount_symbols schema: type: integer - in: query name: amount_uppercase schema: type: integer - in: query name: created schema: type: string format: date-time - in: query name: error_message schema: type: string - in: query name: execution_logging schema: type: boolean - in: query name: last_updated schema: type: string format: date-time - in: query name: length_min schema: type: integer - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: password_field schema: type: string - in: query name: policy_uuid schema: type: string format: uuid - name: search required: false in: query description: A search term. schema: type: string - in: query name: symbol_charset schema: type: string tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedPasswordPolicyList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: policies_password_create description: Password Policy Viewset tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/PasswordPolicyRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/PasswordPolicy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /policies/password/{policy_uuid}/: get: operationId: policies_password_retrieve description: Password Policy Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Password Policy. required: true tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PasswordPolicy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: policies_password_update description: Password Policy Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Password Policy. required: true tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/PasswordPolicyRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PasswordPolicy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: policies_password_partial_update description: Password Policy Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Password Policy. required: true tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedPasswordPolicyRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PasswordPolicy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: policies_password_destroy description: Password Policy Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Password Policy. required: true tags: - policies security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /policies/password/{policy_uuid}/used_by/: get: operationId: policies_password_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Password Policy. required: true tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /policies/password_expiry/: get: operationId: policies_password_expiry_list description: Password Expiry Viewset parameters: - in: query name: created schema: type: string format: date-time - in: query name: days schema: type: integer - in: query name: deny_only schema: type: boolean - in: query name: execution_logging schema: type: boolean - in: query name: last_updated schema: type: string format: date-time - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: policy_uuid schema: type: string format: uuid - name: search required: false in: query description: A search term. schema: type: string tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedPasswordExpiryPolicyList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: policies_password_expiry_create description: Password Expiry Viewset tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/PasswordExpiryPolicyRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/PasswordExpiryPolicy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /policies/password_expiry/{policy_uuid}/: get: operationId: policies_password_expiry_retrieve description: Password Expiry Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Password Expiry Policy. required: true tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PasswordExpiryPolicy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: policies_password_expiry_update description: Password Expiry Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Password Expiry Policy. required: true tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/PasswordExpiryPolicyRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PasswordExpiryPolicy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: policies_password_expiry_partial_update description: Password Expiry Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Password Expiry Policy. required: true tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedPasswordExpiryPolicyRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PasswordExpiryPolicy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: policies_password_expiry_destroy description: Password Expiry Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Password Expiry Policy. required: true tags: - policies security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /policies/password_expiry/{policy_uuid}/used_by/: get: operationId: policies_password_expiry_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Password Expiry Policy. required: true tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /policies/reputation/: get: operationId: policies_reputation_list description: Reputation Policy Viewset parameters: - in: query name: check_ip schema: type: boolean - in: query name: check_username schema: type: boolean - in: query name: created schema: type: string format: date-time - in: query name: execution_logging schema: type: boolean - in: query name: last_updated schema: type: string format: date-time - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: policy_uuid schema: type: string format: uuid - name: search required: false in: query description: A search term. schema: type: string - in: query name: threshold schema: type: integer tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedReputationPolicyList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: policies_reputation_create description: Reputation Policy Viewset tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/ReputationPolicyRequest' security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/ReputationPolicy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /policies/reputation/{policy_uuid}/: get: operationId: policies_reputation_retrieve description: Reputation Policy Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Reputation Policy. required: true tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/ReputationPolicy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: policies_reputation_update description: Reputation Policy Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Reputation Policy. required: true tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/ReputationPolicyRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/ReputationPolicy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: policies_reputation_partial_update description: Reputation Policy Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Reputation Policy. required: true tags: - policies requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedReputationPolicyRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/ReputationPolicy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: policies_reputation_destroy description: Reputation Policy Viewset parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Reputation Policy. required: true tags: - policies security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /policies/reputation/{policy_uuid}/used_by/: get: operationId: policies_reputation_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: policy_uuid schema: type: string format: uuid description: A UUID string identifying this Reputation Policy. required: true tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /policies/reputation/scores/: get: operationId: policies_reputation_scores_list description: Reputation Viewset parameters: - in: query name: identifier schema: type: string - in: query name: ip schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: score schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedReputationList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /policies/reputation/scores/{reputation_uuid}/: get: operationId: policies_reputation_scores_retrieve description: Reputation Viewset parameters: - in: path name: reputation_uuid schema: type: string format: uuid description: A UUID string identifying this reputation. required: true tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Reputation' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: policies_reputation_scores_destroy description: Reputation Viewset parameters: - in: path name: reputation_uuid schema: type: string format: uuid description: A UUID string identifying this reputation. required: true tags: - policies security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /policies/reputation/scores/{reputation_uuid}/used_by/: get: operationId: policies_reputation_scores_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: reputation_uuid schema: type: string format: uuid description: A UUID string identifying this reputation. required: true tags: - policies security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /propertymappings/all/: get: operationId: propertymappings_all_list description: PropertyMapping Viewset parameters: - in: query name: managed__isnull schema: type: boolean - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - propertymappings security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedPropertyMappingList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /propertymappings/all/{pm_uuid}/: get: operationId: propertymappings_all_retrieve description: PropertyMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this Property Mapping. required: true tags: - propertymappings security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PropertyMapping' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: propertymappings_all_destroy description: PropertyMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this Property Mapping. required: true tags: - propertymappings security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /propertymappings/all/{pm_uuid}/test/: post: operationId: propertymappings_all_test_create description: Test Property Mapping parameters: - in: query name: format_result schema: type: boolean - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this Property Mapping. required: true tags: - propertymappings requestBody: content: application/json: schema: $ref: '#/components/schemas/PolicyTestRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PropertyMappingTestResult' description: '' '400': description: Invalid parameters '403': $ref: '#/components/schemas/GenericError' /propertymappings/all/{pm_uuid}/used_by/: get: operationId: propertymappings_all_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this Property Mapping. required: true tags: - propertymappings security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /propertymappings/all/types/: get: operationId: propertymappings_all_types_list description: Get all creatable property-mapping types tags: - propertymappings security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/TypeCreate' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /propertymappings/ldap/: get: operationId: propertymappings_ldap_list description: LDAP PropertyMapping Viewset parameters: - in: query name: expression schema: type: string - in: query name: managed schema: type: array items: type: string explode: true style: form - in: query name: name schema: type: string - in: query name: object_field schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: pm_uuid schema: type: string format: uuid - name: search required: false in: query description: A search term. schema: type: string tags: - propertymappings security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedLDAPPropertyMappingList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: propertymappings_ldap_create description: LDAP PropertyMapping Viewset tags: - propertymappings requestBody: content: application/json: schema: $ref: '#/components/schemas/LDAPPropertyMappingRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/LDAPPropertyMapping' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /propertymappings/ldap/{pm_uuid}/: get: operationId: propertymappings_ldap_retrieve description: LDAP PropertyMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this LDAP Property Mapping. required: true tags: - propertymappings security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/LDAPPropertyMapping' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: propertymappings_ldap_update description: LDAP PropertyMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this LDAP Property Mapping. required: true tags: - propertymappings requestBody: content: application/json: schema: $ref: '#/components/schemas/LDAPPropertyMappingRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/LDAPPropertyMapping' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: propertymappings_ldap_partial_update description: LDAP PropertyMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this LDAP Property Mapping. required: true tags: - propertymappings requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedLDAPPropertyMappingRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/LDAPPropertyMapping' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: propertymappings_ldap_destroy description: LDAP PropertyMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this LDAP Property Mapping. required: true tags: - propertymappings security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /propertymappings/ldap/{pm_uuid}/used_by/: get: operationId: propertymappings_ldap_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this LDAP Property Mapping. required: true tags: - propertymappings security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /propertymappings/notification/: get: operationId: propertymappings_notification_list description: NotificationWebhookMapping Viewset parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - propertymappings security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedNotificationWebhookMappingList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: propertymappings_notification_create description: NotificationWebhookMapping Viewset tags: - propertymappings requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationWebhookMappingRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/NotificationWebhookMapping' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /propertymappings/notification/{pm_uuid}/: get: operationId: propertymappings_notification_retrieve description: NotificationWebhookMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this Notification Webhook Mapping. required: true tags: - propertymappings security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/NotificationWebhookMapping' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: propertymappings_notification_update description: NotificationWebhookMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this Notification Webhook Mapping. required: true tags: - propertymappings requestBody: content: application/json: schema: $ref: '#/components/schemas/NotificationWebhookMappingRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/NotificationWebhookMapping' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: propertymappings_notification_partial_update description: NotificationWebhookMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this Notification Webhook Mapping. required: true tags: - propertymappings requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedNotificationWebhookMappingRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/NotificationWebhookMapping' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: propertymappings_notification_destroy description: NotificationWebhookMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this Notification Webhook Mapping. required: true tags: - propertymappings security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /propertymappings/notification/{pm_uuid}/used_by/: get: operationId: propertymappings_notification_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this Notification Webhook Mapping. required: true tags: - propertymappings security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /propertymappings/saml/: get: operationId: propertymappings_saml_list description: SAMLPropertyMapping Viewset parameters: - in: query name: expression schema: type: string - in: query name: friendly_name schema: type: string - in: query name: managed schema: type: array items: type: string explode: true style: form - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: pm_uuid schema: type: string format: uuid - in: query name: saml_name schema: type: string - name: search required: false in: query description: A search term. schema: type: string tags: - propertymappings security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedSAMLPropertyMappingList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: propertymappings_saml_create description: SAMLPropertyMapping Viewset tags: - propertymappings requestBody: content: application/json: schema: $ref: '#/components/schemas/SAMLPropertyMappingRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/SAMLPropertyMapping' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /propertymappings/saml/{pm_uuid}/: get: operationId: propertymappings_saml_retrieve description: SAMLPropertyMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this SAML Property Mapping. required: true tags: - propertymappings security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SAMLPropertyMapping' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: propertymappings_saml_update description: SAMLPropertyMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this SAML Property Mapping. required: true tags: - propertymappings requestBody: content: application/json: schema: $ref: '#/components/schemas/SAMLPropertyMappingRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SAMLPropertyMapping' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: propertymappings_saml_partial_update description: SAMLPropertyMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this SAML Property Mapping. required: true tags: - propertymappings requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedSAMLPropertyMappingRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SAMLPropertyMapping' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: propertymappings_saml_destroy description: SAMLPropertyMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this SAML Property Mapping. required: true tags: - propertymappings security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /propertymappings/saml/{pm_uuid}/used_by/: get: operationId: propertymappings_saml_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this SAML Property Mapping. required: true tags: - propertymappings security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /propertymappings/scope/: get: operationId: propertymappings_scope_list description: ScopeMapping Viewset parameters: - in: query name: managed schema: type: array items: type: string explode: true style: form - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: scope_name schema: type: string - name: search required: false in: query description: A search term. schema: type: string tags: - propertymappings security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedScopeMappingList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: propertymappings_scope_create description: ScopeMapping Viewset tags: - propertymappings requestBody: content: application/json: schema: $ref: '#/components/schemas/ScopeMappingRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/ScopeMapping' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /propertymappings/scope/{pm_uuid}/: get: operationId: propertymappings_scope_retrieve description: ScopeMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this Scope Mapping. required: true tags: - propertymappings security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/ScopeMapping' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: propertymappings_scope_update description: ScopeMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this Scope Mapping. required: true tags: - propertymappings requestBody: content: application/json: schema: $ref: '#/components/schemas/ScopeMappingRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/ScopeMapping' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: propertymappings_scope_partial_update description: ScopeMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this Scope Mapping. required: true tags: - propertymappings requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedScopeMappingRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/ScopeMapping' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: propertymappings_scope_destroy description: ScopeMapping Viewset parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this Scope Mapping. required: true tags: - propertymappings security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /propertymappings/scope/{pm_uuid}/used_by/: get: operationId: propertymappings_scope_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: pm_uuid schema: type: string format: uuid description: A UUID string identifying this Scope Mapping. required: true tags: - propertymappings security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /providers/all/: get: operationId: providers_all_list description: Provider Viewset parameters: - in: query name: application__isnull schema: type: boolean - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedProviderList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /providers/all/{id}/: get: operationId: providers_all_retrieve description: Provider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this provider. required: true tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Provider' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: providers_all_destroy description: Provider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this provider. required: true tags: - providers security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /providers/all/{id}/used_by/: get: operationId: providers_all_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this provider. required: true tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /providers/all/types/: get: operationId: providers_all_types_list description: Get all creatable provider types tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/TypeCreate' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /providers/ldap/: get: operationId: providers_ldap_list description: LDAPProvider Viewset parameters: - in: query name: application__isnull schema: type: boolean - in: query name: authorization_flow__slug__iexact schema: type: string - in: query name: base_dn__iexact schema: type: string - in: query name: certificate__kp_uuid__iexact schema: type: string format: uuid - in: query name: certificate__name__iexact schema: type: string - in: query name: gid_start_number__iexact schema: type: integer - in: query name: name__iexact schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: search_group__group_uuid__iexact schema: type: string format: uuid - in: query name: search_group__name__iexact schema: type: string - in: query name: tls_server_name__iexact schema: type: string - in: query name: uid_start_number__iexact schema: type: integer tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedLDAPProviderList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: providers_ldap_create description: LDAPProvider Viewset tags: - providers requestBody: content: application/json: schema: $ref: '#/components/schemas/LDAPProviderRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/LDAPProvider' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /providers/ldap/{id}/: get: operationId: providers_ldap_retrieve description: LDAPProvider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this LDAP Provider. required: true tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/LDAPProvider' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: providers_ldap_update description: LDAPProvider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this LDAP Provider. required: true tags: - providers requestBody: content: application/json: schema: $ref: '#/components/schemas/LDAPProviderRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/LDAPProvider' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: providers_ldap_partial_update description: LDAPProvider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this LDAP Provider. required: true tags: - providers requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedLDAPProviderRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/LDAPProvider' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: providers_ldap_destroy description: LDAPProvider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this LDAP Provider. required: true tags: - providers security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /providers/ldap/{id}/used_by/: get: operationId: providers_ldap_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this LDAP Provider. required: true tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /providers/oauth2/: get: operationId: providers_oauth2_list description: OAuth2Provider Viewset parameters: - in: query name: access_code_validity schema: type: string - in: query name: application schema: type: string format: uuid - in: query name: authorization_flow schema: type: string format: uuid - in: query name: client_id schema: type: string - in: query name: client_type schema: type: string enum: - confidential - public description: |- Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable. - in: query name: include_claims_in_id_token schema: type: boolean - in: query name: issuer_mode schema: type: string enum: - global - per_provider description: Configure how the issuer field of the ID Token should be filled. - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: property_mappings schema: type: array items: type: string format: uuid explode: true style: form - in: query name: redirect_uris schema: type: string - name: search required: false in: query description: A search term. schema: type: string - in: query name: signing_key schema: type: string format: uuid - in: query name: sub_mode schema: type: string enum: - hashed_user_id - user_email - user_upn - user_username description: Configure what data should be used as unique User Identifier. For most cases, the default should be fine. - in: query name: token_validity schema: type: string tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedOAuth2ProviderList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: providers_oauth2_create description: OAuth2Provider Viewset tags: - providers requestBody: content: application/json: schema: $ref: '#/components/schemas/OAuth2ProviderRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/OAuth2Provider' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /providers/oauth2/{id}/: get: operationId: providers_oauth2_retrieve description: OAuth2Provider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this OAuth2/OpenID Provider. required: true tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/OAuth2Provider' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: providers_oauth2_update description: OAuth2Provider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this OAuth2/OpenID Provider. required: true tags: - providers requestBody: content: application/json: schema: $ref: '#/components/schemas/OAuth2ProviderRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/OAuth2Provider' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: providers_oauth2_partial_update description: OAuth2Provider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this OAuth2/OpenID Provider. required: true tags: - providers requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedOAuth2ProviderRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/OAuth2Provider' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: providers_oauth2_destroy description: OAuth2Provider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this OAuth2/OpenID Provider. required: true tags: - providers security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /providers/oauth2/{id}/setup_urls/: get: operationId: providers_oauth2_setup_urls_retrieve description: Get Providers setup URLs parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this OAuth2/OpenID Provider. required: true tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/OAuth2ProviderSetupURLs' description: '' '404': description: Provider has no application assigned '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /providers/oauth2/{id}/used_by/: get: operationId: providers_oauth2_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this OAuth2/OpenID Provider. required: true tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /providers/proxy/: get: operationId: providers_proxy_list description: ProxyProvider Viewset parameters: - in: query name: application__isnull schema: type: boolean - in: query name: authorization_flow__slug__iexact schema: type: string - in: query name: basic_auth_enabled__iexact schema: type: boolean - in: query name: basic_auth_password_attribute__iexact schema: type: string - in: query name: basic_auth_user_attribute__iexact schema: type: string - in: query name: certificate__kp_uuid__iexact schema: type: string format: uuid - in: query name: certificate__name__iexact schema: type: string - in: query name: cookie_domain__iexact schema: type: string - in: query name: external_host__iexact schema: type: string - in: query name: internal_host__iexact schema: type: string - in: query name: internal_host_ssl_validation__iexact schema: type: boolean - in: query name: mode__iexact schema: type: string - in: query name: name__iexact schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: property_mappings__iexact schema: type: array items: type: string format: uuid explode: true style: form - in: query name: redirect_uris__iexact schema: type: string - name: search required: false in: query description: A search term. schema: type: string - in: query name: skip_path_regex__iexact schema: type: string tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedProxyProviderList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: providers_proxy_create description: ProxyProvider Viewset tags: - providers requestBody: content: application/json: schema: $ref: '#/components/schemas/ProxyProviderRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/ProxyProvider' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /providers/proxy/{id}/: get: operationId: providers_proxy_retrieve description: ProxyProvider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Proxy Provider. required: true tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/ProxyProvider' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: providers_proxy_update description: ProxyProvider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Proxy Provider. required: true tags: - providers requestBody: content: application/json: schema: $ref: '#/components/schemas/ProxyProviderRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/ProxyProvider' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: providers_proxy_partial_update description: ProxyProvider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Proxy Provider. required: true tags: - providers requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedProxyProviderRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/ProxyProvider' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: providers_proxy_destroy description: ProxyProvider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Proxy Provider. required: true tags: - providers security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /providers/proxy/{id}/used_by/: get: operationId: providers_proxy_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this Proxy Provider. required: true tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /providers/saml/: get: operationId: providers_saml_list description: SAMLProvider Viewset parameters: - in: query name: acs_url schema: type: string - in: query name: assertion_valid_not_before schema: type: string - in: query name: assertion_valid_not_on_or_after schema: type: string - in: query name: audience schema: type: string - in: query name: authorization_flow schema: type: string format: uuid - in: query name: digest_algorithm schema: type: string enum: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmlenc#sha512 - in: query name: issuer schema: type: string - in: query name: name schema: type: string - in: query name: name_id_mapping schema: type: string format: uuid - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: property_mappings schema: type: array items: type: string format: uuid explode: true style: form - name: search required: false in: query description: A search term. schema: type: string - in: query name: session_valid_not_on_or_after schema: type: string - in: query name: signature_algorithm schema: type: string enum: - http://www.w3.org/2000/09/xmldsig#dsa-sha1 - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - in: query name: signing_kp schema: type: string format: uuid - in: query name: sp_binding schema: type: string title: Service Provider Binding enum: - post - redirect description: This determines how authentik sends the response back to the Service Provider. - in: query name: verification_kp schema: type: string format: uuid tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedSAMLProviderList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: providers_saml_create description: SAMLProvider Viewset tags: - providers requestBody: content: application/json: schema: $ref: '#/components/schemas/SAMLProviderRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/SAMLProvider' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /providers/saml/{id}/: get: operationId: providers_saml_retrieve description: SAMLProvider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this SAML Provider. required: true tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SAMLProvider' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: providers_saml_update description: SAMLProvider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this SAML Provider. required: true tags: - providers requestBody: content: application/json: schema: $ref: '#/components/schemas/SAMLProviderRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SAMLProvider' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: providers_saml_partial_update description: SAMLProvider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this SAML Provider. required: true tags: - providers requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedSAMLProviderRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SAMLProvider' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: providers_saml_destroy description: SAMLProvider Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this SAML Provider. required: true tags: - providers security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /providers/saml/{id}/metadata/: get: operationId: providers_saml_metadata_retrieve description: Return metadata as XML string parameters: - in: query name: download schema: type: boolean - in: query name: force_binding schema: type: string enum: - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect description: Optionally force the metadata to only include one binding. - in: path name: id schema: type: integer description: A unique integer value identifying this SAML Provider. required: true tags: - providers security: - authentik: [] - {} responses: '200': content: application/json: schema: $ref: '#/components/schemas/SAMLMetadata' description: '' '404': description: Provider has no application assigned '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /providers/saml/{id}/used_by/: get: operationId: providers_saml_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this SAML Provider. required: true tags: - providers security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /providers/saml/import_metadata/: post: operationId: providers_saml_import_metadata_create description: Create provider from SAML Metadata tags: - providers requestBody: content: multipart/form-data: schema: $ref: '#/components/schemas/SAMLProviderImportRequest' required: true security: - authentik: [] responses: '204': description: Successfully imported provider '400': description: Bad request '403': $ref: '#/components/schemas/GenericError' /root/config/: get: operationId: root_config_retrieve description: Retrieve public configuration options tags: - root security: - authentik: [] - {} responses: '200': content: application/json: schema: $ref: '#/components/schemas/Config' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /schema/: get: operationId: schema_retrieve description: |- OpenApi3 schema for this API. Format can be selected via content negotiation. - YAML: application/vnd.oai.openapi - JSON: application/vnd.oai.openapi+json parameters: - in: query name: format schema: type: string enum: - json - yaml - in: query name: lang schema: type: string enum: - af - ar - ar-dz - ast - az - be - bg - bn - br - bs - ca - cs - cy - da - de - dsb - el - en - en-au - en-gb - eo - es - es-ar - es-co - es-mx - es-ni - es-ve - et - eu - fa - fi - fr - fy - ga - gd - gl - he - hi - hr - hsb - hu - hy - ia - id - ig - io - is - it - ja - ka - kab - kk - km - kn - ko - ky - lb - lt - lv - mk - ml - mn - mr - ms - my - nb - ne - nl - nn - os - pa - pl - pt - pt-br - ro - ru - sk - sl - sq - sr - sr-latn - sv - sw - ta - te - tg - th - tk - tr - tt - udm - uk - ur - uz - vi - zh-hans - zh-hant tags: - schema security: - authentik: [] - {} responses: '200': content: application/vnd.oai.openapi: schema: type: object additionalProperties: {} application/yaml: schema: type: object additionalProperties: {} application/vnd.oai.openapi+json: schema: type: object additionalProperties: {} application/json: schema: type: object additionalProperties: {} description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /sources/all/: get: operationId: sources_all_list description: Source Viewset parameters: - in: query name: managed schema: type: string - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: slug schema: type: string tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedSourceList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /sources/all/{slug}/: get: operationId: sources_all_retrieve description: Source Viewset parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Source' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: sources_all_destroy description: Source Viewset parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /sources/all/{slug}/used_by/: get: operationId: sources_all_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /sources/all/types/: get: operationId: sources_all_types_list description: Get all creatable source types tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/TypeCreate' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /sources/all/user_settings/: get: operationId: sources_all_user_settings_list description: Get all sources the user can configure tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UserSetting' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /sources/ldap/: get: operationId: sources_ldap_list description: LDAP Source Viewset parameters: - in: query name: additional_group_dn schema: type: string - in: query name: additional_user_dn schema: type: string - in: query name: base_dn schema: type: string - in: query name: bind_cn schema: type: string - in: query name: enabled schema: type: boolean - in: query name: group_membership_field schema: type: string - in: query name: group_object_filter schema: type: string - in: query name: name schema: type: string - in: query name: object_uniqueness_field schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: peer_certificate schema: type: string format: uuid - in: query name: property_mappings schema: type: array items: type: string format: uuid explode: true style: form - in: query name: property_mappings_group schema: type: array items: type: string format: uuid explode: true style: form - name: search required: false in: query description: A search term. schema: type: string - in: query name: server_uri schema: type: string - in: query name: slug schema: type: string - in: query name: start_tls schema: type: boolean - in: query name: sync_groups schema: type: boolean - in: query name: sync_parent_group schema: type: string format: uuid - in: query name: sync_users schema: type: boolean - in: query name: sync_users_password schema: type: boolean - in: query name: user_object_filter schema: type: string tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedLDAPSourceList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: sources_ldap_create description: LDAP Source Viewset tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/LDAPSourceRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/LDAPSource' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /sources/ldap/{slug}/: get: operationId: sources_ldap_retrieve description: LDAP Source Viewset parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/LDAPSource' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: sources_ldap_update description: LDAP Source Viewset parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/LDAPSourceRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/LDAPSource' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: sources_ldap_partial_update description: LDAP Source Viewset parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedLDAPSourceRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/LDAPSource' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: sources_ldap_destroy description: LDAP Source Viewset parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /sources/ldap/{slug}/sync_status/: get: operationId: sources_ldap_sync_status_list description: Get source's sync status parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/Task' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /sources/ldap/{slug}/used_by/: get: operationId: sources_ldap_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /sources/oauth/: get: operationId: sources_oauth_list description: Source Viewset parameters: - in: query name: access_token_url schema: type: string - in: query name: additional_scopes schema: type: string - in: query name: authentication_flow schema: type: string format: uuid - in: query name: authorization_url schema: type: string - in: query name: consumer_key schema: type: string - in: query name: enabled schema: type: boolean - in: query name: enrollment_flow schema: type: string format: uuid - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: policy_engine_mode schema: type: string enum: - all - any - in: query name: profile_url schema: type: string - in: query name: provider_type schema: type: string - in: query name: request_token_url schema: type: string - name: search required: false in: query description: A search term. schema: type: string - in: query name: slug schema: type: string - in: query name: user_matching_mode schema: type: string enum: - email_deny - email_link - identifier - username_deny - username_link description: How the source determines if an existing user should be authenticated or a new user enrolled. tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedOAuthSourceList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: sources_oauth_create description: Source Viewset tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/OAuthSourceRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/OAuthSource' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /sources/oauth/{slug}/: get: operationId: sources_oauth_retrieve description: Source Viewset parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/OAuthSource' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: sources_oauth_update description: Source Viewset parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/OAuthSourceRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/OAuthSource' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: sources_oauth_partial_update description: Source Viewset parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedOAuthSourceRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/OAuthSource' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: sources_oauth_destroy description: Source Viewset parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /sources/oauth/{slug}/used_by/: get: operationId: sources_oauth_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /sources/oauth/source_types/: get: operationId: sources_oauth_source_types_list description: |- Get all creatable source types. If ?name is set, only returns the type for . If isn't found, returns the default type. parameters: - in: query name: name schema: type: string tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/SourceType' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /sources/plex/: get: operationId: sources_plex_list description: Plex source Viewset parameters: - in: query name: allow_friends schema: type: boolean - in: query name: authentication_flow schema: type: string format: uuid - in: query name: client_id schema: type: string - in: query name: enabled schema: type: boolean - in: query name: enrollment_flow schema: type: string format: uuid - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: policy_engine_mode schema: type: string enum: - all - any - name: search required: false in: query description: A search term. schema: type: string - in: query name: slug schema: type: string - in: query name: user_matching_mode schema: type: string enum: - email_deny - email_link - identifier - username_deny - username_link description: How the source determines if an existing user should be authenticated or a new user enrolled. tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedPlexSourceList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: sources_plex_create description: Plex source Viewset tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/PlexSourceRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/PlexSource' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /sources/plex/{slug}/: get: operationId: sources_plex_retrieve description: Plex source Viewset parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PlexSource' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: sources_plex_update description: Plex source Viewset parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/PlexSourceRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PlexSource' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: sources_plex_partial_update description: Plex source Viewset parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedPlexSourceRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PlexSource' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: sources_plex_destroy description: Plex source Viewset parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /sources/plex/{slug}/used_by/: get: operationId: sources_plex_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /sources/plex/redeem_token/: post: operationId: sources_plex_redeem_token_create description: |- Redeem a plex token, check it's access to resources against what's allowed for the source, and redirect to an authentication/enrollment flow. parameters: - in: query name: slug schema: type: string tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/PlexTokenRedeemRequest' required: true security: - authentik: [] - {} responses: '200': content: application/json: schema: $ref: '#/components/schemas/RedirectChallenge' description: '' '400': description: Token not found '403': description: Access denied /sources/plex/redeem_token_authenticated/: post: operationId: sources_plex_redeem_token_authenticated_create description: Redeem a plex token for an authenticated user, creating a connection parameters: - in: query name: slug schema: type: string tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/PlexTokenRedeemRequest' required: true security: - authentik: [] responses: '204': description: No response body '400': description: Token not found '403': description: Access denied /sources/saml/: get: operationId: sources_saml_list description: SAMLSource Viewset parameters: - in: query name: allow_idp_initiated schema: type: boolean - in: query name: authentication_flow schema: type: string format: uuid - in: query name: binding_type schema: type: string enum: - POST - POST_AUTO - REDIRECT - in: query name: digest_algorithm schema: type: string enum: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmlenc#sha512 - in: query name: enabled schema: type: boolean - in: query name: enrollment_flow schema: type: string format: uuid - in: query name: issuer schema: type: string - in: query name: managed schema: type: string - in: query name: name schema: type: string - in: query name: name_id_policy schema: type: string enum: - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress - urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName - urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent - urn:oasis:names:tc:SAML:2.0:nameid-format:transient description: NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent. - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: pbm_uuid schema: type: string format: uuid - in: query name: policies schema: type: array items: type: string format: uuid explode: true style: form - in: query name: policy_engine_mode schema: type: string enum: - all - any - in: query name: pre_authentication_flow schema: type: string format: uuid - in: query name: property_mappings schema: type: array items: type: string format: uuid explode: true style: form - name: search required: false in: query description: A search term. schema: type: string - in: query name: signature_algorithm schema: type: string enum: - http://www.w3.org/2000/09/xmldsig#dsa-sha1 - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - in: query name: signing_kp schema: type: string format: uuid - in: query name: slo_url schema: type: string - in: query name: slug schema: type: string - in: query name: sso_url schema: type: string - in: query name: temporary_user_delete_after schema: type: string - in: query name: user_matching_mode schema: type: string enum: - email_deny - email_link - identifier - username_deny - username_link description: How the source determines if an existing user should be authenticated or a new user enrolled. - in: query name: user_path_template schema: type: string tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedSAMLSourceList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: sources_saml_create description: SAMLSource Viewset tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/SAMLSourceRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/SAMLSource' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /sources/saml/{slug}/: get: operationId: sources_saml_retrieve description: SAMLSource Viewset parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SAMLSource' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: sources_saml_update description: SAMLSource Viewset parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/SAMLSourceRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SAMLSource' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: sources_saml_partial_update description: SAMLSource Viewset parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedSAMLSourceRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SAMLSource' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: sources_saml_destroy description: SAMLSource Viewset parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /sources/saml/{slug}/metadata/: get: operationId: sources_saml_metadata_retrieve description: Return metadata as XML string parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/SAMLMetadata' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /sources/saml/{slug}/used_by/: get: operationId: sources_saml_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: slug schema: type: string description: Internal source name, used in URLs. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /sources/user_connections/all/: get: operationId: sources_user_connections_all_list description: User-source connection Viewset parameters: - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedUserSourceConnectionList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /sources/user_connections/all/{id}/: get: operationId: sources_user_connections_all_retrieve description: User-source connection Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this user source connection. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserSourceConnection' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: sources_user_connections_all_update description: User-source connection Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this user source connection. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserSourceConnection' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: sources_user_connections_all_partial_update description: User-source connection Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this user source connection. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserSourceConnection' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: sources_user_connections_all_destroy description: User-source connection Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this user source connection. required: true tags: - sources security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /sources/user_connections/all/{id}/used_by/: get: operationId: sources_user_connections_all_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this user source connection. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /sources/user_connections/oauth/: get: operationId: sources_user_connections_oauth_list description: Source Viewset parameters: - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: source__slug schema: type: string tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedUserOAuthSourceConnectionList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: sources_user_connections_oauth_create description: Source Viewset tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/UserOAuthSourceConnectionRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/UserOAuthSourceConnection' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /sources/user_connections/oauth/{id}/: get: operationId: sources_user_connections_oauth_retrieve description: Source Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User OAuth Source Connection. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserOAuthSourceConnection' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: sources_user_connections_oauth_update description: Source Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User OAuth Source Connection. required: true tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/UserOAuthSourceConnectionRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserOAuthSourceConnection' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: sources_user_connections_oauth_partial_update description: Source Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User OAuth Source Connection. required: true tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedUserOAuthSourceConnectionRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserOAuthSourceConnection' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: sources_user_connections_oauth_destroy description: Source Viewset parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User OAuth Source Connection. required: true tags: - sources security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /sources/user_connections/oauth/{id}/used_by/: get: operationId: sources_user_connections_oauth_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User OAuth Source Connection. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /sources/user_connections/plex/: get: operationId: sources_user_connections_plex_list description: Plex Source connection Serializer parameters: - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: source__slug schema: type: string tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedPlexSourceConnectionList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: sources_user_connections_plex_create description: Plex Source connection Serializer tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/PlexSourceConnectionRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/PlexSourceConnection' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /sources/user_connections/plex/{id}/: get: operationId: sources_user_connections_plex_retrieve description: Plex Source connection Serializer parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User Plex Source Connection. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PlexSourceConnection' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: sources_user_connections_plex_update description: Plex Source connection Serializer parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User Plex Source Connection. required: true tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/PlexSourceConnectionRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PlexSourceConnection' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: sources_user_connections_plex_partial_update description: Plex Source connection Serializer parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User Plex Source Connection. required: true tags: - sources requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedPlexSourceConnectionRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PlexSourceConnection' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: sources_user_connections_plex_destroy description: Plex Source connection Serializer parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User Plex Source Connection. required: true tags: - sources security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /sources/user_connections/plex/{id}/used_by/: get: operationId: sources_user_connections_plex_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: id schema: type: integer description: A unique integer value identifying this User Plex Source Connection. required: true tags: - sources security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/all/: get: operationId: stages_all_list description: Stage Viewset parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedStageList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/all/{stage_uuid}/: get: operationId: stages_all_retrieve description: Stage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Stage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: stages_all_destroy description: Stage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/all/{stage_uuid}/used_by/: get: operationId: stages_all_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/all/types/: get: operationId: stages_all_types_list description: Get all creatable stage types tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/TypeCreate' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/all/user_settings/: get: operationId: stages_all_user_settings_list description: Get all stages the user can configure tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UserSetting' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/authenticator/duo/: get: operationId: stages_authenticator_duo_list description: AuthenticatorDuoStage Viewset parameters: - in: query name: api_hostname schema: type: string - in: query name: client_id schema: type: string - in: query name: configure_flow schema: type: string format: uuid - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedAuthenticatorDuoStageList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: stages_authenticator_duo_create description: AuthenticatorDuoStage Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthenticatorDuoStageRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorDuoStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/authenticator/duo/{stage_uuid}/: get: operationId: stages_authenticator_duo_retrieve description: AuthenticatorDuoStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Duo Authenticator Setup Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorDuoStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: stages_authenticator_duo_update description: AuthenticatorDuoStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Duo Authenticator Setup Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthenticatorDuoStageRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorDuoStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: stages_authenticator_duo_partial_update description: AuthenticatorDuoStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Duo Authenticator Setup Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedAuthenticatorDuoStageRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorDuoStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: stages_authenticator_duo_destroy description: AuthenticatorDuoStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Duo Authenticator Setup Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/authenticator/duo/{stage_uuid}/enrollment_status/: post: operationId: stages_authenticator_duo_enrollment_status_create description: Check enrollment status of user details in current session parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Duo Authenticator Setup Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: Enrollment successful '420': description: Enrollment pending/failed '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/authenticator/duo/{stage_uuid}/import_devices/: post: operationId: stages_authenticator_duo_import_devices_create description: Import duo devices into authentik parameters: - in: query name: duo_user_id schema: type: string - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Duo Authenticator Setup Stage. required: true - in: query name: username schema: type: string tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthenticatorDuoStageRequest' required: true security: - authentik: [] responses: '204': description: Enrollment successful '400': description: Device exists already '403': $ref: '#/components/schemas/GenericError' /stages/authenticator/duo/{stage_uuid}/used_by/: get: operationId: stages_authenticator_duo_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Duo Authenticator Setup Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/authenticator/sms/: get: operationId: stages_authenticator_sms_list description: AuthenticatorSMSStage Viewset parameters: - in: query name: account_sid schema: type: string - in: query name: auth schema: type: string - in: query name: auth_password schema: type: string - in: query name: auth_type schema: type: string enum: - basic - bearer - in: query name: configure_flow schema: type: string format: uuid - in: query name: from_number schema: type: string - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: provider schema: type: string enum: - generic - twilio - name: search required: false in: query description: A search term. schema: type: string - in: query name: stage_uuid schema: type: string format: uuid - in: query name: verify_only schema: type: boolean tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedAuthenticatorSMSStageList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: stages_authenticator_sms_create description: AuthenticatorSMSStage Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthenticatorSMSStageRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorSMSStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/authenticator/sms/{stage_uuid}/: get: operationId: stages_authenticator_sms_retrieve description: AuthenticatorSMSStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this SMS Authenticator Setup Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorSMSStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: stages_authenticator_sms_update description: AuthenticatorSMSStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this SMS Authenticator Setup Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthenticatorSMSStageRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorSMSStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: stages_authenticator_sms_partial_update description: AuthenticatorSMSStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this SMS Authenticator Setup Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedAuthenticatorSMSStageRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorSMSStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: stages_authenticator_sms_destroy description: AuthenticatorSMSStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this SMS Authenticator Setup Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/authenticator/sms/{stage_uuid}/used_by/: get: operationId: stages_authenticator_sms_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this SMS Authenticator Setup Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/authenticator/static/: get: operationId: stages_authenticator_static_list description: AuthenticatorStaticStage Viewset parameters: - in: query name: configure_flow schema: type: string format: uuid - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: stage_uuid schema: type: string format: uuid - in: query name: token_count schema: type: integer tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedAuthenticatorStaticStageList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: stages_authenticator_static_create description: AuthenticatorStaticStage Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthenticatorStaticStageRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorStaticStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/authenticator/static/{stage_uuid}/: get: operationId: stages_authenticator_static_retrieve description: AuthenticatorStaticStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Static Authenticator Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorStaticStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: stages_authenticator_static_update description: AuthenticatorStaticStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Static Authenticator Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthenticatorStaticStageRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorStaticStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: stages_authenticator_static_partial_update description: AuthenticatorStaticStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Static Authenticator Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedAuthenticatorStaticStageRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorStaticStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: stages_authenticator_static_destroy description: AuthenticatorStaticStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Static Authenticator Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/authenticator/static/{stage_uuid}/used_by/: get: operationId: stages_authenticator_static_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Static Authenticator Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/authenticator/totp/: get: operationId: stages_authenticator_totp_list description: AuthenticatorTOTPStage Viewset parameters: - in: query name: configure_flow schema: type: string format: uuid - in: query name: digits schema: type: integer enum: - 6 - 8 - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: stage_uuid schema: type: string format: uuid tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedAuthenticatorTOTPStageList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: stages_authenticator_totp_create description: AuthenticatorTOTPStage Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthenticatorTOTPStageRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorTOTPStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/authenticator/totp/{stage_uuid}/: get: operationId: stages_authenticator_totp_retrieve description: AuthenticatorTOTPStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this TOTP Authenticator Setup Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorTOTPStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: stages_authenticator_totp_update description: AuthenticatorTOTPStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this TOTP Authenticator Setup Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthenticatorTOTPStageRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorTOTPStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: stages_authenticator_totp_partial_update description: AuthenticatorTOTPStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this TOTP Authenticator Setup Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedAuthenticatorTOTPStageRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorTOTPStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: stages_authenticator_totp_destroy description: AuthenticatorTOTPStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this TOTP Authenticator Setup Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/authenticator/totp/{stage_uuid}/used_by/: get: operationId: stages_authenticator_totp_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this TOTP Authenticator Setup Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/authenticator/validate/: get: operationId: stages_authenticator_validate_list description: AuthenticatorValidateStage Viewset parameters: - in: query name: configuration_stages schema: type: array items: type: string format: uuid explode: true style: form - in: query name: name schema: type: string - in: query name: not_configured_action schema: type: string enum: - configure - deny - skip - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedAuthenticatorValidateStageList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: stages_authenticator_validate_create description: AuthenticatorValidateStage Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthenticatorValidateStageRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorValidateStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/authenticator/validate/{stage_uuid}/: get: operationId: stages_authenticator_validate_retrieve description: AuthenticatorValidateStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Authenticator Validation Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorValidateStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: stages_authenticator_validate_update description: AuthenticatorValidateStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Authenticator Validation Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthenticatorValidateStageRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorValidateStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: stages_authenticator_validate_partial_update description: AuthenticatorValidateStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Authenticator Validation Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedAuthenticatorValidateStageRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticatorValidateStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: stages_authenticator_validate_destroy description: AuthenticatorValidateStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Authenticator Validation Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/authenticator/validate/{stage_uuid}/used_by/: get: operationId: stages_authenticator_validate_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Authenticator Validation Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/authenticator/webauthn/: get: operationId: stages_authenticator_webauthn_list description: AuthenticateWebAuthnStage Viewset parameters: - in: query name: authenticator_attachment schema: type: string nullable: true enum: - cross-platform - platform - in: query name: configure_flow schema: type: string format: uuid - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: resident_key_requirement schema: type: string enum: - discouraged - preferred - required - name: search required: false in: query description: A search term. schema: type: string - in: query name: stage_uuid schema: type: string format: uuid - in: query name: user_verification schema: type: string enum: - discouraged - preferred - required tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedAuthenticateWebAuthnStageList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: stages_authenticator_webauthn_create description: AuthenticateWebAuthnStage Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthenticateWebAuthnStageRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/AuthenticateWebAuthnStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/authenticator/webauthn/{stage_uuid}/: get: operationId: stages_authenticator_webauthn_retrieve description: AuthenticateWebAuthnStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this WebAuthn Authenticator Setup Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticateWebAuthnStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: stages_authenticator_webauthn_update description: AuthenticateWebAuthnStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this WebAuthn Authenticator Setup Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthenticateWebAuthnStageRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticateWebAuthnStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: stages_authenticator_webauthn_partial_update description: AuthenticateWebAuthnStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this WebAuthn Authenticator Setup Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedAuthenticateWebAuthnStageRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthenticateWebAuthnStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: stages_authenticator_webauthn_destroy description: AuthenticateWebAuthnStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this WebAuthn Authenticator Setup Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/authenticator/webauthn/{stage_uuid}/used_by/: get: operationId: stages_authenticator_webauthn_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this WebAuthn Authenticator Setup Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/captcha/: get: operationId: stages_captcha_list description: CaptchaStage Viewset parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: public_key schema: type: string - name: search required: false in: query description: A search term. schema: type: string tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedCaptchaStageList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: stages_captcha_create description: CaptchaStage Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/CaptchaStageRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/CaptchaStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/captcha/{stage_uuid}/: get: operationId: stages_captcha_retrieve description: CaptchaStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Captcha Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/CaptchaStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: stages_captcha_update description: CaptchaStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Captcha Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/CaptchaStageRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/CaptchaStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: stages_captcha_partial_update description: CaptchaStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Captcha Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedCaptchaStageRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/CaptchaStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: stages_captcha_destroy description: CaptchaStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Captcha Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/captcha/{stage_uuid}/used_by/: get: operationId: stages_captcha_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Captcha Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/consent/: get: operationId: stages_consent_list description: ConsentStage Viewset parameters: - in: query name: consent_expire_in schema: type: string - in: query name: mode schema: type: string enum: - always_require - expiring - permanent - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: stage_uuid schema: type: string format: uuid tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedConsentStageList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: stages_consent_create description: ConsentStage Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/ConsentStageRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/ConsentStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/consent/{stage_uuid}/: get: operationId: stages_consent_retrieve description: ConsentStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Consent Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/ConsentStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: stages_consent_update description: ConsentStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Consent Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/ConsentStageRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/ConsentStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: stages_consent_partial_update description: ConsentStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Consent Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedConsentStageRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/ConsentStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: stages_consent_destroy description: ConsentStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Consent Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/consent/{stage_uuid}/used_by/: get: operationId: stages_consent_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Consent Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/deny/: get: operationId: stages_deny_list description: DenyStage Viewset parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: stage_uuid schema: type: string format: uuid tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedDenyStageList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: stages_deny_create description: DenyStage Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/DenyStageRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/DenyStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/deny/{stage_uuid}/: get: operationId: stages_deny_retrieve description: DenyStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Deny Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/DenyStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: stages_deny_update description: DenyStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Deny Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/DenyStageRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/DenyStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: stages_deny_partial_update description: DenyStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Deny Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedDenyStageRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/DenyStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: stages_deny_destroy description: DenyStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Deny Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/deny/{stage_uuid}/used_by/: get: operationId: stages_deny_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Deny Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/dummy/: get: operationId: stages_dummy_list description: DummyStage Viewset parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: stage_uuid schema: type: string format: uuid tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedDummyStageList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: stages_dummy_create description: DummyStage Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/DummyStageRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/DummyStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/dummy/{stage_uuid}/: get: operationId: stages_dummy_retrieve description: DummyStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Dummy Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/DummyStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: stages_dummy_update description: DummyStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Dummy Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/DummyStageRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/DummyStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: stages_dummy_partial_update description: DummyStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Dummy Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedDummyStageRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/DummyStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: stages_dummy_destroy description: DummyStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Dummy Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/dummy/{stage_uuid}/used_by/: get: operationId: stages_dummy_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Dummy Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/email/: get: operationId: stages_email_list description: EmailStage Viewset parameters: - in: query name: activate_user_on_success schema: type: boolean - in: query name: from_address schema: type: string - in: query name: host schema: type: string - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: port schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: subject schema: type: string - in: query name: template schema: type: string - in: query name: timeout schema: type: integer - in: query name: token_expiry schema: type: integer - in: query name: use_global_settings schema: type: boolean - in: query name: use_ssl schema: type: boolean - in: query name: use_tls schema: type: boolean - in: query name: username schema: type: string tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedEmailStageList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: stages_email_create description: EmailStage Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/EmailStageRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/EmailStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/email/{stage_uuid}/: get: operationId: stages_email_retrieve description: EmailStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Email Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/EmailStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: stages_email_update description: EmailStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Email Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/EmailStageRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/EmailStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: stages_email_partial_update description: EmailStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Email Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedEmailStageRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/EmailStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: stages_email_destroy description: EmailStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Email Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/email/{stage_uuid}/used_by/: get: operationId: stages_email_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Email Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/email/templates/: get: operationId: stages_email_templates_list description: Get all available templates, including custom templates tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/TypeCreate' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/identification/: get: operationId: stages_identification_list description: IdentificationStage Viewset parameters: - in: query name: case_insensitive_matching schema: type: boolean - in: query name: enrollment_flow schema: type: string format: uuid - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: password_stage schema: type: string format: uuid - in: query name: passwordless_flow schema: type: string format: uuid - in: query name: recovery_flow schema: type: string format: uuid - name: search required: false in: query description: A search term. schema: type: string - in: query name: show_matched_user schema: type: boolean - in: query name: show_source_labels schema: type: boolean tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedIdentificationStageList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: stages_identification_create description: IdentificationStage Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/IdentificationStageRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/IdentificationStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/identification/{stage_uuid}/: get: operationId: stages_identification_retrieve description: IdentificationStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Identification Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/IdentificationStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: stages_identification_update description: IdentificationStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Identification Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/IdentificationStageRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/IdentificationStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: stages_identification_partial_update description: IdentificationStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Identification Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedIdentificationStageRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/IdentificationStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: stages_identification_destroy description: IdentificationStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Identification Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/identification/{stage_uuid}/used_by/: get: operationId: stages_identification_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Identification Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/invitation/invitations/: get: operationId: stages_invitation_invitations_list description: Invitation Viewset parameters: - in: query name: created_by__username schema: type: string - in: query name: expires schema: type: string format: date-time - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedInvitationList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: stages_invitation_invitations_create description: Invitation Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/InvitationRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/Invitation' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/invitation/invitations/{invite_uuid}/: get: operationId: stages_invitation_invitations_retrieve description: Invitation Viewset parameters: - in: path name: invite_uuid schema: type: string format: uuid description: A UUID string identifying this Invitation. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Invitation' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: stages_invitation_invitations_update description: Invitation Viewset parameters: - in: path name: invite_uuid schema: type: string format: uuid description: A UUID string identifying this Invitation. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/InvitationRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Invitation' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: stages_invitation_invitations_partial_update description: Invitation Viewset parameters: - in: path name: invite_uuid schema: type: string format: uuid description: A UUID string identifying this Invitation. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedInvitationRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Invitation' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: stages_invitation_invitations_destroy description: Invitation Viewset parameters: - in: path name: invite_uuid schema: type: string format: uuid description: A UUID string identifying this Invitation. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/invitation/invitations/{invite_uuid}/used_by/: get: operationId: stages_invitation_invitations_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: invite_uuid schema: type: string format: uuid description: A UUID string identifying this Invitation. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/invitation/stages/: get: operationId: stages_invitation_stages_list description: InvitationStage Viewset parameters: - in: query name: continue_flow_without_invitation schema: type: boolean - in: query name: name schema: type: string - in: query name: no_flows schema: type: boolean - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: stage_uuid schema: type: string format: uuid tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedInvitationStageList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: stages_invitation_stages_create description: InvitationStage Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/InvitationStageRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/InvitationStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/invitation/stages/{stage_uuid}/: get: operationId: stages_invitation_stages_retrieve description: InvitationStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Invitation Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/InvitationStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: stages_invitation_stages_update description: InvitationStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Invitation Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/InvitationStageRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/InvitationStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: stages_invitation_stages_partial_update description: InvitationStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Invitation Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedInvitationStageRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/InvitationStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: stages_invitation_stages_destroy description: InvitationStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Invitation Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/invitation/stages/{stage_uuid}/used_by/: get: operationId: stages_invitation_stages_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Invitation Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/password/: get: operationId: stages_password_list description: PasswordStage Viewset parameters: - in: query name: configure_flow schema: type: string format: uuid - in: query name: failed_attempts_before_cancel schema: type: integer - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedPasswordStageList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: stages_password_create description: PasswordStage Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PasswordStageRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/PasswordStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/password/{stage_uuid}/: get: operationId: stages_password_retrieve description: PasswordStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Password Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PasswordStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: stages_password_update description: PasswordStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Password Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PasswordStageRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PasswordStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: stages_password_partial_update description: PasswordStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Password Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedPasswordStageRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PasswordStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: stages_password_destroy description: PasswordStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Password Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/password/{stage_uuid}/used_by/: get: operationId: stages_password_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Password Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/prompt/prompts/: get: operationId: stages_prompt_prompts_list description: Prompt Viewset parameters: - in: query name: field_key schema: type: string - in: query name: label schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: placeholder schema: type: string - name: search required: false in: query description: A search term. schema: type: string - in: query name: type schema: type: string enum: - ak-locale - checkbox - date - date-time - email - hidden - number - password - separator - static - text - text_read_only - username tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedPromptList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: stages_prompt_prompts_create description: Prompt Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PromptRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/Prompt' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/prompt/prompts/{prompt_uuid}/: get: operationId: stages_prompt_prompts_retrieve description: Prompt Viewset parameters: - in: path name: prompt_uuid schema: type: string format: uuid description: A UUID string identifying this Prompt. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Prompt' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: stages_prompt_prompts_update description: Prompt Viewset parameters: - in: path name: prompt_uuid schema: type: string format: uuid description: A UUID string identifying this Prompt. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PromptRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Prompt' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: stages_prompt_prompts_partial_update description: Prompt Viewset parameters: - in: path name: prompt_uuid schema: type: string format: uuid description: A UUID string identifying this Prompt. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedPromptRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/Prompt' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: stages_prompt_prompts_destroy description: Prompt Viewset parameters: - in: path name: prompt_uuid schema: type: string format: uuid description: A UUID string identifying this Prompt. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/prompt/prompts/{prompt_uuid}/used_by/: get: operationId: stages_prompt_prompts_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: prompt_uuid schema: type: string format: uuid description: A UUID string identifying this Prompt. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/prompt/stages/: get: operationId: stages_prompt_stages_list description: PromptStage Viewset parameters: - in: query name: fields schema: type: array items: type: string format: uuid explode: true style: form - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: stage_uuid schema: type: string format: uuid - in: query name: validation_policies schema: type: array items: type: string format: uuid explode: true style: form tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedPromptStageList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: stages_prompt_stages_create description: PromptStage Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PromptStageRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/PromptStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/prompt/stages/{stage_uuid}/: get: operationId: stages_prompt_stages_retrieve description: PromptStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Prompt Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PromptStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: stages_prompt_stages_update description: PromptStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Prompt Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PromptStageRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PromptStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: stages_prompt_stages_partial_update description: PromptStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Prompt Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedPromptStageRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PromptStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: stages_prompt_stages_destroy description: PromptStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Prompt Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/prompt/stages/{stage_uuid}/used_by/: get: operationId: stages_prompt_stages_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this Prompt Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/user_delete/: get: operationId: stages_user_delete_list description: UserDeleteStage Viewset parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: stage_uuid schema: type: string format: uuid tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedUserDeleteStageList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: stages_user_delete_create description: UserDeleteStage Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/UserDeleteStageRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/UserDeleteStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/user_delete/{stage_uuid}/: get: operationId: stages_user_delete_retrieve description: UserDeleteStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Delete Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserDeleteStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: stages_user_delete_update description: UserDeleteStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Delete Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/UserDeleteStageRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserDeleteStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: stages_user_delete_partial_update description: UserDeleteStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Delete Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedUserDeleteStageRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserDeleteStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: stages_user_delete_destroy description: UserDeleteStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Delete Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/user_delete/{stage_uuid}/used_by/: get: operationId: stages_user_delete_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Delete Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/user_login/: get: operationId: stages_user_login_list description: UserLoginStage Viewset parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: session_duration schema: type: string - in: query name: stage_uuid schema: type: string format: uuid tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedUserLoginStageList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: stages_user_login_create description: UserLoginStage Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/UserLoginStageRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/UserLoginStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/user_login/{stage_uuid}/: get: operationId: stages_user_login_retrieve description: UserLoginStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Login Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserLoginStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: stages_user_login_update description: UserLoginStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Login Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/UserLoginStageRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserLoginStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: stages_user_login_partial_update description: UserLoginStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Login Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedUserLoginStageRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserLoginStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: stages_user_login_destroy description: UserLoginStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Login Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/user_login/{stage_uuid}/used_by/: get: operationId: stages_user_login_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Login Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/user_logout/: get: operationId: stages_user_logout_list description: UserLogoutStage Viewset parameters: - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: stage_uuid schema: type: string format: uuid tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedUserLogoutStageList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: stages_user_logout_create description: UserLogoutStage Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/UserLogoutStageRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/UserLogoutStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/user_logout/{stage_uuid}/: get: operationId: stages_user_logout_retrieve description: UserLogoutStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Logout Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserLogoutStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: stages_user_logout_update description: UserLogoutStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Logout Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/UserLogoutStageRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserLogoutStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: stages_user_logout_partial_update description: UserLogoutStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Logout Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedUserLogoutStageRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserLogoutStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: stages_user_logout_destroy description: UserLogoutStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Logout Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/user_logout/{stage_uuid}/used_by/: get: operationId: stages_user_logout_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Logout Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/user_write/: get: operationId: stages_user_write_list description: UserWriteStage Viewset parameters: - in: query name: create_users_as_inactive schema: type: boolean - in: query name: create_users_group schema: type: string format: uuid - in: query name: name schema: type: string - name: ordering required: false in: query description: Which field to use when ordering the results. schema: type: string - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - name: search required: false in: query description: A search term. schema: type: string - in: query name: stage_uuid schema: type: string format: uuid - in: query name: user_path_template schema: type: string tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedUserWriteStageList' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' post: operationId: stages_user_write_create description: UserWriteStage Viewset tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/UserWriteStageRequest' required: true security: - authentik: [] responses: '201': content: application/json: schema: $ref: '#/components/schemas/UserWriteStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/user_write/{stage_uuid}/: get: operationId: stages_user_write_retrieve description: UserWriteStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Write Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserWriteStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' put: operationId: stages_user_write_update description: UserWriteStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Write Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/UserWriteStageRequest' required: true security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserWriteStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' patch: operationId: stages_user_write_partial_update description: UserWriteStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Write Stage. required: true tags: - stages requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchedUserWriteStageRequest' security: - authentik: [] responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserWriteStage' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' delete: operationId: stages_user_write_destroy description: UserWriteStage Viewset parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Write Stage. required: true tags: - stages security: - authentik: [] responses: '204': description: No response body '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' /stages/user_write/{stage_uuid}/used_by/: get: operationId: stages_user_write_used_by_list description: Get a list of all objects that use this object parameters: - in: path name: stage_uuid schema: type: string format: uuid description: A UUID string identifying this User Write Stage. required: true tags: - stages security: - authentik: [] responses: '200': content: application/json: schema: type: array items: $ref: '#/components/schemas/UsedBy' description: '' '400': $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' components: schemas: AccessDeniedChallenge: type: object description: Challenge when a flow's active stage calls `stage_invalid()`. properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: ak-stage-access-denied response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' pending_user: type: string pending_user_avatar: type: string error_message: type: string required: - pending_user - pending_user_avatar - type App: type: object description: Serialize Application info properties: name: type: string label: type: string required: - label - name AppEnum: enum: - authentik.admin - authentik.api - authentik.crypto - authentik.events - authentik.flows - authentik.lib - authentik.outposts - authentik.policies.dummy - authentik.policies.event_matcher - authentik.policies.expiry - authentik.policies.expression - authentik.policies.hibp - authentik.policies.password - authentik.policies.reputation - authentik.policies - authentik.providers.ldap - authentik.providers.oauth2 - authentik.providers.proxy - authentik.providers.saml - authentik.recovery - authentik.sources.ldap - authentik.sources.oauth - authentik.sources.plex - authentik.sources.saml - authentik.stages.authenticator_duo - authentik.stages.authenticator_sms - authentik.stages.authenticator_static - authentik.stages.authenticator_totp - authentik.stages.authenticator_validate - authentik.stages.authenticator_webauthn - authentik.stages.captcha - authentik.stages.consent - authentik.stages.deny - authentik.stages.dummy - authentik.stages.email - authentik.stages.identification - authentik.stages.invitation - authentik.stages.password - authentik.stages.prompt - authentik.stages.user_delete - authentik.stages.user_login - authentik.stages.user_logout - authentik.stages.user_write - authentik.tenants - authentik.managed - authentik.core type: string AppleChallengeResponseRequest: type: object description: Pseudo class for plex response properties: component: type: string minLength: 1 default: ak-flow-sources-oauth-apple AppleLoginChallenge: type: object description: Special challenge for apple-native authentication flow, which happens on the client. properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: ak-flow-sources-oauth-apple response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' client_id: type: string scope: type: string redirect_uri: type: string state: type: string required: - client_id - redirect_uri - scope - state - type Application: type: object description: Application Serializer properties: pk: type: string format: uuid readOnly: true title: Pbm uuid name: type: string description: Application's display Name. slug: type: string description: Internal application name, used in URLs. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ provider: type: integer nullable: true provider_obj: allOf: - $ref: '#/components/schemas/Provider' readOnly: true launch_url: type: string nullable: true readOnly: true open_in_new_tab: type: boolean description: Open launch URL in a new browser tab or window. meta_launch_url: type: string format: uri meta_icon: type: string nullable: true readOnly: true meta_description: type: string meta_publisher: type: string policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' group: type: string required: - launch_url - meta_icon - name - pk - provider_obj - slug ApplicationRequest: type: object description: Application Serializer properties: name: type: string minLength: 1 description: Application's display Name. slug: type: string minLength: 1 description: Internal application name, used in URLs. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ provider: type: integer nullable: true open_in_new_tab: type: boolean description: Open launch URL in a new browser tab or window. meta_launch_url: type: string format: uri meta_description: type: string meta_publisher: type: string policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' group: type: string required: - name - slug AuthTypeEnum: enum: - basic - bearer type: string AuthenticateWebAuthnStage: type: object description: AuthenticateWebAuthnStage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true flow_set: type: array items: $ref: '#/components/schemas/Flow' configure_flow: type: string format: uuid nullable: true description: Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. user_verification: $ref: '#/components/schemas/UserVerificationEnum' authenticator_attachment: allOf: - $ref: '#/components/schemas/AuthenticatorAttachmentEnum' nullable: true resident_key_requirement: $ref: '#/components/schemas/ResidentKeyRequirementEnum' required: - component - meta_model_name - name - pk - verbose_name - verbose_name_plural AuthenticateWebAuthnStageRequest: type: object description: AuthenticateWebAuthnStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' configure_flow: type: string format: uuid nullable: true description: Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. user_verification: $ref: '#/components/schemas/UserVerificationEnum' authenticator_attachment: allOf: - $ref: '#/components/schemas/AuthenticatorAttachmentEnum' nullable: true resident_key_requirement: $ref: '#/components/schemas/ResidentKeyRequirementEnum' required: - name AuthenticatedSession: type: object description: AuthenticatedSession Serializer properties: uuid: type: string format: uuid current: type: boolean readOnly: true user_agent: type: object description: User agent details properties: device: type: object description: User agent device properties: brand: type: string family: type: string model: type: string required: - brand - family - model os: type: object description: User agent os properties: family: type: string major: type: string minor: type: string patch: type: string patch_minor: type: string required: - family - major - minor - patch - patch_minor user_agent: type: object description: User agent browser properties: family: type: string major: type: string minor: type: string patch: type: string required: - family - major - minor - patch string: type: string required: - device - os - string - user_agent readOnly: true geo_ip: type: object description: GeoIP Details properties: continent: type: string country: type: string lat: type: number format: double long: type: number format: double city: type: string required: - city - continent - country - lat - long nullable: true readOnly: true user: type: integer last_ip: type: string last_user_agent: type: string last_used: type: string format: date-time readOnly: true expires: type: string format: date-time required: - current - geo_ip - last_ip - last_used - user - user_agent AuthenticatorAttachmentEnum: enum: - platform - cross-platform type: string AuthenticatorDuoChallenge: type: object description: Duo Challenge properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: ak-stage-authenticator-duo response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' pending_user: type: string pending_user_avatar: type: string activation_barcode: type: string activation_code: type: string stage_uuid: type: string required: - activation_barcode - activation_code - pending_user - pending_user_avatar - stage_uuid - type AuthenticatorDuoChallengeResponseRequest: type: object description: Pseudo class for duo response properties: component: type: string minLength: 1 default: ak-stage-authenticator-duo AuthenticatorDuoStage: type: object description: AuthenticatorDuoStage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true flow_set: type: array items: $ref: '#/components/schemas/Flow' configure_flow: type: string format: uuid nullable: true description: Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. client_id: type: string api_hostname: type: string required: - api_hostname - client_id - component - meta_model_name - name - pk - verbose_name - verbose_name_plural AuthenticatorDuoStageRequest: type: object description: AuthenticatorDuoStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' configure_flow: type: string format: uuid nullable: true description: Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. client_id: type: string minLength: 1 client_secret: type: string writeOnly: true minLength: 1 api_hostname: type: string minLength: 1 required: - api_hostname - client_id - client_secret - name AuthenticatorSMSChallenge: type: object description: SMS Setup challenge properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: ak-stage-authenticator-sms response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' pending_user: type: string pending_user_avatar: type: string phone_number_required: type: boolean default: true required: - pending_user - pending_user_avatar - type AuthenticatorSMSChallengeResponseRequest: type: object description: SMS Challenge response, device is set by get_response_instance properties: component: type: string minLength: 1 default: ak-stage-authenticator-sms code: type: integer phone_number: type: string minLength: 1 AuthenticatorSMSStage: type: object description: AuthenticatorSMSStage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true flow_set: type: array items: $ref: '#/components/schemas/Flow' configure_flow: type: string format: uuid nullable: true description: Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. provider: $ref: '#/components/schemas/ProviderEnum' from_number: type: string account_sid: type: string auth: type: string auth_password: type: string auth_type: $ref: '#/components/schemas/AuthTypeEnum' verify_only: type: boolean description: When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not re-used in the future. required: - account_sid - auth - component - from_number - meta_model_name - name - pk - provider - verbose_name - verbose_name_plural AuthenticatorSMSStageRequest: type: object description: AuthenticatorSMSStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' configure_flow: type: string format: uuid nullable: true description: Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. provider: $ref: '#/components/schemas/ProviderEnum' from_number: type: string minLength: 1 account_sid: type: string minLength: 1 auth: type: string minLength: 1 auth_password: type: string auth_type: $ref: '#/components/schemas/AuthTypeEnum' verify_only: type: boolean description: When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not re-used in the future. required: - account_sid - auth - from_number - name - provider AuthenticatorStaticChallenge: type: object description: Static authenticator challenge properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: ak-stage-authenticator-static response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' pending_user: type: string pending_user_avatar: type: string codes: type: array items: type: string required: - codes - pending_user - pending_user_avatar - type AuthenticatorStaticChallengeResponseRequest: type: object description: Pseudo class for static response properties: component: type: string minLength: 1 default: ak-stage-authenticator-static AuthenticatorStaticStage: type: object description: AuthenticatorStaticStage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true flow_set: type: array items: $ref: '#/components/schemas/Flow' configure_flow: type: string format: uuid nullable: true description: Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. token_count: type: integer maximum: 2147483647 minimum: -2147483648 required: - component - meta_model_name - name - pk - verbose_name - verbose_name_plural AuthenticatorStaticStageRequest: type: object description: AuthenticatorStaticStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' configure_flow: type: string format: uuid nullable: true description: Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. token_count: type: integer maximum: 2147483647 minimum: -2147483648 required: - name AuthenticatorTOTPChallenge: type: object description: TOTP Setup challenge properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: ak-stage-authenticator-totp response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' pending_user: type: string pending_user_avatar: type: string config_url: type: string required: - config_url - pending_user - pending_user_avatar - type AuthenticatorTOTPChallengeResponseRequest: type: object description: TOTP Challenge response, device is set by get_response_instance properties: component: type: string minLength: 1 default: ak-stage-authenticator-totp code: type: integer required: - code AuthenticatorTOTPStage: type: object description: AuthenticatorTOTPStage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true flow_set: type: array items: $ref: '#/components/schemas/Flow' configure_flow: type: string format: uuid nullable: true description: Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. digits: allOf: - $ref: '#/components/schemas/DigitsEnum' minimum: -2147483648 maximum: 2147483647 required: - component - digits - meta_model_name - name - pk - verbose_name - verbose_name_plural AuthenticatorTOTPStageRequest: type: object description: AuthenticatorTOTPStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' configure_flow: type: string format: uuid nullable: true description: Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. digits: allOf: - $ref: '#/components/schemas/DigitsEnum' minimum: -2147483648 maximum: 2147483647 required: - digits - name AuthenticatorValidateStage: type: object description: AuthenticatorValidateStage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true flow_set: type: array items: $ref: '#/components/schemas/Flow' not_configured_action: $ref: '#/components/schemas/NotConfiguredActionEnum' device_classes: type: array items: $ref: '#/components/schemas/DeviceClassesEnum' description: Device classes which can be used to authenticate configuration_stages: type: array items: type: string format: uuid description: Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again. last_auth_threshold: type: string description: If any of the user's device has been used within this threshold, this stage will be skipped required: - component - meta_model_name - name - pk - verbose_name - verbose_name_plural AuthenticatorValidateStageRequest: type: object description: AuthenticatorValidateStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' not_configured_action: $ref: '#/components/schemas/NotConfiguredActionEnum' device_classes: type: array items: $ref: '#/components/schemas/DeviceClassesEnum' description: Device classes which can be used to authenticate configuration_stages: type: array items: type: string format: uuid description: Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again. last_auth_threshold: type: string minLength: 1 description: If any of the user's device has been used within this threshold, this stage will be skipped required: - name AuthenticatorValidationChallenge: type: object description: Authenticator challenge properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: ak-stage-authenticator-validate response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' pending_user: type: string pending_user_avatar: type: string device_challenges: type: array items: $ref: '#/components/schemas/DeviceChallenge' configuration_stages: type: array items: $ref: '#/components/schemas/SelectableStage' required: - configuration_stages - device_challenges - pending_user - pending_user_avatar - type AuthenticatorValidationChallengeResponseRequest: type: object description: Challenge used for Code-based and WebAuthn authenticators properties: component: type: string minLength: 1 default: ak-stage-authenticator-validate selected_challenge: $ref: '#/components/schemas/DeviceChallengeRequest' selected_stage: type: string minLength: 1 code: type: string minLength: 1 webauthn: type: object additionalProperties: {} duo: type: integer AuthenticatorWebAuthnChallenge: type: object description: WebAuthn Challenge properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: ak-stage-authenticator-webauthn response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' pending_user: type: string pending_user_avatar: type: string registration: type: object additionalProperties: {} required: - pending_user - pending_user_avatar - registration - type AuthenticatorWebAuthnChallengeResponseRequest: type: object description: WebAuthn Challenge response properties: component: type: string minLength: 1 default: ak-stage-authenticator-webauthn response: type: object additionalProperties: {} required: - response AutoSubmitChallengeResponseRequest: type: object description: Pseudo class for autosubmit response properties: component: type: string minLength: 1 default: ak-stage-autosubmit AutosubmitChallenge: type: object description: Autosubmit challenge used to send and navigate a POST request properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: ak-stage-autosubmit response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' url: type: string attrs: type: object additionalProperties: type: string title: type: string required: - attrs - type - url BackendsEnum: enum: - authentik.core.auth.InbuiltBackend - authentik.core.auth.TokenBackend - authentik.sources.ldap.auth.LDAPBackend type: string BindingTypeEnum: enum: - REDIRECT - POST - POST_AUTO type: string Cache: type: object description: Generic cache stats for an object properties: count: type: integer readOnly: true required: - count CapabilitiesEnum: enum: - can_save_media - can_geo_ip - can_impersonate type: string CaptchaChallenge: type: object description: Site public key properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: ak-stage-captcha response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' pending_user: type: string pending_user_avatar: type: string site_key: type: string required: - pending_user - pending_user_avatar - site_key - type CaptchaChallengeResponseRequest: type: object description: Validate captcha token properties: component: type: string minLength: 1 default: ak-stage-captcha token: type: string minLength: 1 required: - token CaptchaStage: type: object description: CaptchaStage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true flow_set: type: array items: $ref: '#/components/schemas/Flow' public_key: type: string description: Public key, acquired from https://www.google.com/recaptcha/intro/v3.html required: - component - meta_model_name - name - pk - public_key - verbose_name - verbose_name_plural CaptchaStageRequest: type: object description: CaptchaStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' public_key: type: string minLength: 1 description: Public key, acquired from https://www.google.com/recaptcha/intro/v3.html private_key: type: string writeOnly: true minLength: 1 description: Private key, acquired from https://www.google.com/recaptcha/intro/v3.html required: - name - private_key - public_key CertificateData: type: object description: Get CertificateKeyPair's data properties: data: type: string readOnly: true required: - data CertificateGenerationRequest: type: object description: Certificate generation parameters properties: common_name: type: string minLength: 1 subject_alt_name: type: string validity_days: type: integer required: - common_name - validity_days CertificateKeyPair: type: object description: CertificateKeyPair Serializer properties: pk: type: string format: uuid readOnly: true title: Kp uuid name: type: string fingerprint_sha256: type: string readOnly: true fingerprint_sha1: type: string readOnly: true cert_expiry: type: string format: date-time readOnly: true cert_subject: type: string readOnly: true private_key_available: type: boolean readOnly: true private_key_type: type: string nullable: true readOnly: true certificate_download_url: type: string readOnly: true private_key_download_url: type: string readOnly: true managed: type: string nullable: true title: Managed by authentik description: Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. required: - cert_expiry - cert_subject - certificate_download_url - fingerprint_sha1 - fingerprint_sha256 - name - pk - private_key_available - private_key_download_url - private_key_type CertificateKeyPairRequest: type: object description: CertificateKeyPair Serializer properties: name: type: string minLength: 1 certificate_data: type: string writeOnly: true minLength: 1 description: PEM-encoded Certificate data key_data: type: string writeOnly: true description: Optional Private Key. If this is set, you can use this keypair for encryption. managed: type: string nullable: true minLength: 1 title: Managed by authentik description: Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. required: - certificate_data - name ChallengeChoices: enum: - native - shell - redirect type: string ChallengeTypes: oneOf: - $ref: '#/components/schemas/AccessDeniedChallenge' - $ref: '#/components/schemas/AppleLoginChallenge' - $ref: '#/components/schemas/AuthenticatorDuoChallenge' - $ref: '#/components/schemas/AuthenticatorSMSChallenge' - $ref: '#/components/schemas/AuthenticatorStaticChallenge' - $ref: '#/components/schemas/AuthenticatorTOTPChallenge' - $ref: '#/components/schemas/AuthenticatorValidationChallenge' - $ref: '#/components/schemas/AuthenticatorWebAuthnChallenge' - $ref: '#/components/schemas/AutosubmitChallenge' - $ref: '#/components/schemas/CaptchaChallenge' - $ref: '#/components/schemas/ConsentChallenge' - $ref: '#/components/schemas/DummyChallenge' - $ref: '#/components/schemas/EmailChallenge' - $ref: '#/components/schemas/IdentificationChallenge' - $ref: '#/components/schemas/PasswordChallenge' - $ref: '#/components/schemas/PlexAuthenticationChallenge' - $ref: '#/components/schemas/PromptChallenge' - $ref: '#/components/schemas/RedirectChallenge' - $ref: '#/components/schemas/ShellChallenge' discriminator: propertyName: component mapping: ak-stage-access-denied: '#/components/schemas/AccessDeniedChallenge' ak-flow-sources-oauth-apple: '#/components/schemas/AppleLoginChallenge' ak-stage-authenticator-duo: '#/components/schemas/AuthenticatorDuoChallenge' ak-stage-authenticator-sms: '#/components/schemas/AuthenticatorSMSChallenge' ak-stage-authenticator-static: '#/components/schemas/AuthenticatorStaticChallenge' ak-stage-authenticator-totp: '#/components/schemas/AuthenticatorTOTPChallenge' ak-stage-authenticator-validate: '#/components/schemas/AuthenticatorValidationChallenge' ak-stage-authenticator-webauthn: '#/components/schemas/AuthenticatorWebAuthnChallenge' ak-stage-autosubmit: '#/components/schemas/AutosubmitChallenge' ak-stage-captcha: '#/components/schemas/CaptchaChallenge' ak-stage-consent: '#/components/schemas/ConsentChallenge' ak-stage-dummy: '#/components/schemas/DummyChallenge' ak-stage-email: '#/components/schemas/EmailChallenge' ak-stage-identification: '#/components/schemas/IdentificationChallenge' ak-stage-password: '#/components/schemas/PasswordChallenge' ak-flow-sources-plex: '#/components/schemas/PlexAuthenticationChallenge' ak-stage-prompt: '#/components/schemas/PromptChallenge' xak-flow-redirect: '#/components/schemas/RedirectChallenge' xak-flow-shell: '#/components/schemas/ShellChallenge' ClientTypeEnum: enum: - confidential - public type: string Config: type: object description: Serialize authentik Config into DRF Object properties: error_reporting: $ref: '#/components/schemas/ErrorReportingConfig' capabilities: type: array items: $ref: '#/components/schemas/CapabilitiesEnum' cache_timeout: type: integer cache_timeout_flows: type: integer cache_timeout_policies: type: integer cache_timeout_reputation: type: integer required: - cache_timeout - cache_timeout_flows - cache_timeout_policies - cache_timeout_reputation - capabilities - error_reporting ConsentChallenge: type: object description: Challenge info for consent screens properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: ak-stage-consent response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' pending_user: type: string pending_user_avatar: type: string header_text: type: string permissions: type: array items: $ref: '#/components/schemas/Permission' required: - header_text - pending_user - pending_user_avatar - permissions - type ConsentChallengeResponseRequest: type: object description: Consent challenge response, any valid response request is valid properties: component: type: string minLength: 1 default: ak-stage-consent ConsentStage: type: object description: ConsentStage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true flow_set: type: array items: $ref: '#/components/schemas/Flow' mode: $ref: '#/components/schemas/ConsentStageModeEnum' consent_expire_in: type: string title: Consent expires in description: 'Offset after which consent expires. (Format: hours=1;minutes=2;seconds=3).' required: - component - meta_model_name - name - pk - verbose_name - verbose_name_plural ConsentStageModeEnum: enum: - always_require - permanent - expiring type: string ConsentStageRequest: type: object description: ConsentStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' mode: $ref: '#/components/schemas/ConsentStageModeEnum' consent_expire_in: type: string minLength: 1 title: Consent expires in description: 'Offset after which consent expires. (Format: hours=1;minutes=2;seconds=3).' required: - name ContextualFlowInfo: type: object description: Contextual flow information for a challenge properties: title: type: string background: type: string cancel_url: type: string layout: $ref: '#/components/schemas/LayoutEnum' required: - cancel_url - layout Coordinate: type: object description: Coordinates for diagrams properties: x_cord: type: integer readOnly: true y_cord: type: integer readOnly: true required: - x_cord - y_cord CurrentTenant: type: object description: Partial tenant information for styling properties: matched_domain: type: string branding_title: type: string branding_logo: type: string branding_favicon: type: string ui_footer_links: type: array items: $ref: '#/components/schemas/FooterLink' readOnly: true default: [] flow_authentication: type: string flow_invalidation: type: string flow_recovery: type: string flow_unenrollment: type: string flow_user_settings: type: string required: - branding_favicon - branding_logo - branding_title - matched_domain - ui_footer_links DenyStage: type: object description: DenyStage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true flow_set: type: array items: $ref: '#/components/schemas/Flow' required: - component - meta_model_name - name - pk - verbose_name - verbose_name_plural DenyStageRequest: type: object description: DenyStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' required: - name Device: type: object description: Serializer for Duo authenticator devices properties: verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true pk: type: integer name: type: string type: type: string readOnly: true required: - meta_model_name - name - pk - type - verbose_name - verbose_name_plural DeviceChallenge: type: object description: Single device challenge properties: device_class: type: string device_uid: type: string challenge: type: object additionalProperties: {} required: - challenge - device_class - device_uid DeviceChallengeRequest: type: object description: Single device challenge properties: device_class: type: string minLength: 1 device_uid: type: string minLength: 1 challenge: type: object additionalProperties: {} required: - challenge - device_class - device_uid DeviceClassesEnum: enum: - static - totp - webauthn - duo - sms type: string DigestAlgorithmEnum: enum: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha512 type: string DigitsEnum: enum: - 6 - 8 type: integer DockerServiceConnection: type: object description: DockerServiceConnection Serializer properties: pk: type: string format: uuid readOnly: true title: Uuid name: type: string local: type: boolean description: If enabled, use the local connection. Required Docker socket/Kubernetes Integration component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true url: type: string description: Can be in the format of 'unix://' when connecting to a local docker daemon, or 'https://:2376' when connecting to a remote system. tls_verification: type: string format: uuid nullable: true description: CA which the endpoint's Certificate is verified against. Can be left empty for no validation. tls_authentication: type: string format: uuid nullable: true description: Certificate/Key used for authentication. Can be left empty for no authentication. required: - component - meta_model_name - name - pk - url - verbose_name - verbose_name_plural DockerServiceConnectionRequest: type: object description: DockerServiceConnection Serializer properties: name: type: string minLength: 1 local: type: boolean description: If enabled, use the local connection. Required Docker socket/Kubernetes Integration url: type: string minLength: 1 description: Can be in the format of 'unix://' when connecting to a local docker daemon, or 'https://:2376' when connecting to a remote system. tls_verification: type: string format: uuid nullable: true description: CA which the endpoint's Certificate is verified against. Can be left empty for no validation. tls_authentication: type: string format: uuid nullable: true description: Certificate/Key used for authentication. Can be left empty for no authentication. required: - name - url DummyChallenge: type: object description: Dummy challenge properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: ak-stage-dummy response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' required: - type DummyChallengeResponseRequest: type: object description: Dummy challenge response properties: component: type: string minLength: 1 default: ak-stage-dummy DummyPolicy: type: object description: Dummy Policy Serializer properties: pk: type: string format: uuid readOnly: true title: Policy uuid name: type: string nullable: true execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true bound_to: type: integer readOnly: true result: type: boolean wait_min: type: integer maximum: 2147483647 minimum: -2147483648 wait_max: type: integer maximum: 2147483647 minimum: -2147483648 required: - bound_to - component - meta_model_name - pk - verbose_name - verbose_name_plural DummyPolicyRequest: type: object description: Dummy Policy Serializer properties: name: type: string nullable: true execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. result: type: boolean wait_min: type: integer maximum: 2147483647 minimum: -2147483648 wait_max: type: integer maximum: 2147483647 minimum: -2147483648 DummyStage: type: object description: DummyStage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true flow_set: type: array items: $ref: '#/components/schemas/Flow' required: - component - meta_model_name - name - pk - verbose_name - verbose_name_plural DummyStageRequest: type: object description: DummyStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' required: - name DuoDevice: type: object description: Serializer for Duo authenticator devices properties: pk: type: integer readOnly: true title: ID name: type: string description: The human-readable name of this device. maxLength: 64 required: - name - pk DuoDeviceRequest: type: object description: Serializer for Duo authenticator devices properties: name: type: string minLength: 1 description: The human-readable name of this device. maxLength: 64 required: - name EmailChallenge: type: object description: Email challenge properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: ak-stage-email response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' required: - type EmailChallengeResponseRequest: type: object description: |- Email challenge resposen. No fields. This challenge is always declared invalid to give the user a chance to retry properties: component: type: string minLength: 1 default: ak-stage-email EmailStage: type: object description: EmailStage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true flow_set: type: array items: $ref: '#/components/schemas/Flow' use_global_settings: type: boolean description: When enabled, global Email connection settings will be used and connection settings below will be ignored. host: type: string port: type: integer maximum: 2147483647 minimum: -2147483648 username: type: string use_tls: type: boolean use_ssl: type: boolean timeout: type: integer maximum: 2147483647 minimum: -2147483648 from_address: type: string format: email maxLength: 254 token_expiry: type: integer maximum: 2147483647 minimum: -2147483648 description: Time in minutes the token sent is valid. subject: type: string template: type: string activate_user_on_success: type: boolean description: Activate users upon completion of stage. required: - component - meta_model_name - name - pk - verbose_name - verbose_name_plural EmailStageRequest: type: object description: EmailStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' use_global_settings: type: boolean description: When enabled, global Email connection settings will be used and connection settings below will be ignored. host: type: string minLength: 1 port: type: integer maximum: 2147483647 minimum: -2147483648 username: type: string password: type: string writeOnly: true use_tls: type: boolean use_ssl: type: boolean timeout: type: integer maximum: 2147483647 minimum: -2147483648 from_address: type: string format: email minLength: 1 maxLength: 254 token_expiry: type: integer maximum: 2147483647 minimum: -2147483648 description: Time in minutes the token sent is valid. subject: type: string minLength: 1 template: type: string minLength: 1 activate_user_on_success: type: boolean description: Activate users upon completion of stage. required: - name ErrorDetail: type: object description: Serializer for rest_framework's error messages properties: string: type: string code: type: string required: - code - string ErrorReportingConfig: type: object description: Config for error reporting properties: enabled: type: boolean readOnly: true environment: type: string readOnly: true send_pii: type: boolean readOnly: true traces_sample_rate: type: number format: double readOnly: true required: - enabled - environment - send_pii - traces_sample_rate Event: type: object description: Event Serializer properties: pk: type: string format: uuid readOnly: true title: Event uuid user: type: object additionalProperties: {} action: $ref: '#/components/schemas/EventActions' app: type: string context: type: object additionalProperties: {} client_ip: type: string nullable: true created: type: string format: date-time readOnly: true expires: type: string format: date-time tenant: type: object additionalProperties: {} required: - action - app - created - pk EventActions: enum: - login - login_failed - logout - user_write - suspicious_request - password_set - secret_view - secret_rotate - invitation_used - authorize_application - source_linked - impersonation_started - impersonation_ended - flow_execution - policy_execution - policy_exception - property_mapping_exception - system_task_execution - system_task_exception - system_exception - configuration_error - model_created - model_updated - model_deleted - email_sent - update_available - custom_ type: string EventMatcherPolicy: type: object description: Event Matcher Policy Serializer properties: pk: type: string format: uuid readOnly: true title: Policy uuid name: type: string nullable: true execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true bound_to: type: integer readOnly: true action: allOf: - $ref: '#/components/schemas/EventActions' description: Match created events with this action type. When left empty, all action types will be matched. client_ip: type: string description: Matches Event's Client IP (strict matching, for network matching use an Expression Policy) app: allOf: - $ref: '#/components/schemas/AppEnum' description: Match events created by selected application. When left empty, all applications are matched. required: - bound_to - component - meta_model_name - pk - verbose_name - verbose_name_plural EventMatcherPolicyRequest: type: object description: Event Matcher Policy Serializer properties: name: type: string nullable: true execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. action: allOf: - $ref: '#/components/schemas/EventActions' description: Match created events with this action type. When left empty, all action types will be matched. client_ip: type: string description: Matches Event's Client IP (strict matching, for network matching use an Expression Policy) app: allOf: - $ref: '#/components/schemas/AppEnum' description: Match events created by selected application. When left empty, all applications are matched. EventRequest: type: object description: Event Serializer properties: user: type: object additionalProperties: {} action: $ref: '#/components/schemas/EventActions' app: type: string minLength: 1 context: type: object additionalProperties: {} client_ip: type: string nullable: true minLength: 1 expires: type: string format: date-time tenant: type: object additionalProperties: {} required: - action - app EventTopPerUser: type: object description: Response object of Event's top_per_user properties: application: type: object additionalProperties: {} counted_events: type: integer unique_users: type: integer required: - application - counted_events - unique_users ExpiringBaseGrantModel: type: object description: Serializer for BaseGrantModel and ExpiringBaseGrant properties: pk: type: integer readOnly: true title: ID provider: $ref: '#/components/schemas/OAuth2Provider' user: $ref: '#/components/schemas/User' is_expired: type: boolean readOnly: true expires: type: string format: date-time scope: type: array items: type: string required: - is_expired - pk - provider - scope - user ExpressionPolicy: type: object description: Group Membership Policy Serializer properties: pk: type: string format: uuid readOnly: true title: Policy uuid name: type: string nullable: true execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true bound_to: type: integer readOnly: true expression: type: string required: - bound_to - component - expression - meta_model_name - pk - verbose_name - verbose_name_plural ExpressionPolicyRequest: type: object description: Group Membership Policy Serializer properties: name: type: string nullable: true execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. expression: type: string minLength: 1 required: - expression FilePathRequest: type: object description: Serializer to upload file properties: url: type: string minLength: 1 required: - url FileUploadRequest: type: object description: Serializer to upload file properties: file: type: string format: binary clear: type: boolean default: false Flow: type: object description: Flow Serializer properties: pk: type: string format: uuid readOnly: true title: Flow uuid policybindingmodel_ptr_id: type: string format: uuid readOnly: true name: type: string slug: type: string description: Visible in the URL. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ title: type: string description: Shown as the Title in Flow pages. designation: allOf: - $ref: '#/components/schemas/FlowDesignationEnum' description: Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik. background: type: string readOnly: true stages: type: array items: type: string format: uuid readOnly: true policies: type: array items: type: string format: uuid readOnly: true cache_count: type: integer readOnly: true policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' compatibility_mode: type: boolean description: Enable compatibility mode, increases compatibility with password managers on mobile devices. export_url: type: string readOnly: true layout: $ref: '#/components/schemas/LayoutEnum' required: - background - cache_count - designation - export_url - name - pk - policies - policybindingmodel_ptr_id - slug - stages - title FlowChallengeResponseRequest: oneOf: - $ref: '#/components/schemas/AppleChallengeResponseRequest' - $ref: '#/components/schemas/AuthenticatorDuoChallengeResponseRequest' - $ref: '#/components/schemas/AuthenticatorSMSChallengeResponseRequest' - $ref: '#/components/schemas/AuthenticatorStaticChallengeResponseRequest' - $ref: '#/components/schemas/AuthenticatorTOTPChallengeResponseRequest' - $ref: '#/components/schemas/AuthenticatorValidationChallengeResponseRequest' - $ref: '#/components/schemas/AuthenticatorWebAuthnChallengeResponseRequest' - $ref: '#/components/schemas/AutoSubmitChallengeResponseRequest' - $ref: '#/components/schemas/CaptchaChallengeResponseRequest' - $ref: '#/components/schemas/ConsentChallengeResponseRequest' - $ref: '#/components/schemas/DummyChallengeResponseRequest' - $ref: '#/components/schemas/EmailChallengeResponseRequest' - $ref: '#/components/schemas/IdentificationChallengeResponseRequest' - $ref: '#/components/schemas/PasswordChallengeResponseRequest' - $ref: '#/components/schemas/PlexAuthenticationChallengeResponseRequest' - $ref: '#/components/schemas/PromptChallengeResponseRequest' discriminator: propertyName: component mapping: ak-flow-sources-oauth-apple: '#/components/schemas/AppleChallengeResponseRequest' ak-stage-authenticator-duo: '#/components/schemas/AuthenticatorDuoChallengeResponseRequest' ak-stage-authenticator-sms: '#/components/schemas/AuthenticatorSMSChallengeResponseRequest' ak-stage-authenticator-static: '#/components/schemas/AuthenticatorStaticChallengeResponseRequest' ak-stage-authenticator-totp: '#/components/schemas/AuthenticatorTOTPChallengeResponseRequest' ak-stage-authenticator-validate: '#/components/schemas/AuthenticatorValidationChallengeResponseRequest' ak-stage-authenticator-webauthn: '#/components/schemas/AuthenticatorWebAuthnChallengeResponseRequest' ak-stage-autosubmit: '#/components/schemas/AutoSubmitChallengeResponseRequest' ak-stage-captcha: '#/components/schemas/CaptchaChallengeResponseRequest' ak-stage-consent: '#/components/schemas/ConsentChallengeResponseRequest' ak-stage-dummy: '#/components/schemas/DummyChallengeResponseRequest' ak-stage-email: '#/components/schemas/EmailChallengeResponseRequest' ak-stage-identification: '#/components/schemas/IdentificationChallengeResponseRequest' ak-stage-password: '#/components/schemas/PasswordChallengeResponseRequest' ak-flow-sources-plex: '#/components/schemas/PlexAuthenticationChallengeResponseRequest' ak-stage-prompt: '#/components/schemas/PromptChallengeResponseRequest' FlowDesignationEnum: enum: - authentication - authorization - invalidation - enrollment - unenrollment - recovery - stage_configuration type: string FlowDiagram: type: object description: response of the flow's diagram action properties: diagram: type: string readOnly: true required: - diagram FlowInspection: type: object description: Serializer for inspect endpoint properties: plans: type: array items: $ref: '#/components/schemas/FlowInspectorPlan' current_plan: $ref: '#/components/schemas/FlowInspectorPlan' is_completed: type: boolean required: - is_completed - plans FlowInspectorPlan: type: object description: Serializer for an active FlowPlan properties: current_stage: allOf: - $ref: '#/components/schemas/FlowStageBinding' readOnly: true next_planned_stage: allOf: - $ref: '#/components/schemas/FlowStageBinding' readOnly: true plan_context: type: object additionalProperties: {} readOnly: true session_id: type: string readOnly: true required: - current_stage - next_planned_stage - plan_context - session_id FlowRequest: type: object description: Flow Serializer properties: name: type: string minLength: 1 slug: type: string minLength: 1 description: Visible in the URL. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ title: type: string minLength: 1 description: Shown as the Title in Flow pages. designation: allOf: - $ref: '#/components/schemas/FlowDesignationEnum' description: Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik. policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' compatibility_mode: type: boolean description: Enable compatibility mode, increases compatibility with password managers on mobile devices. layout: $ref: '#/components/schemas/LayoutEnum' required: - designation - name - slug - title FlowStageBinding: type: object description: FlowStageBinding Serializer properties: pk: type: string format: uuid readOnly: true title: Fsb uuid policybindingmodel_ptr_id: type: string format: uuid readOnly: true target: type: string format: uuid stage: type: string format: uuid stage_obj: allOf: - $ref: '#/components/schemas/Stage' readOnly: true evaluate_on_plan: type: boolean description: Evaluate policies during the Flow planning process. Disable this for input-based policies. re_evaluate_policies: type: boolean description: Evaluate policies when the Stage is present to the user. order: type: integer maximum: 2147483647 minimum: -2147483648 policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' invalid_response_action: allOf: - $ref: '#/components/schemas/InvalidResponseActionEnum' description: Configure how the flow executor should handle an invalid response to a challenge. RETRY returns the error message and a similar challenge to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT restarts the flow while keeping the current context. required: - order - pk - policybindingmodel_ptr_id - stage - stage_obj - target FlowStageBindingRequest: type: object description: FlowStageBinding Serializer properties: target: type: string format: uuid stage: type: string format: uuid evaluate_on_plan: type: boolean description: Evaluate policies during the Flow planning process. Disable this for input-based policies. re_evaluate_policies: type: boolean description: Evaluate policies when the Stage is present to the user. order: type: integer maximum: 2147483647 minimum: -2147483648 policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' invalid_response_action: allOf: - $ref: '#/components/schemas/InvalidResponseActionEnum' description: Configure how the flow executor should handle an invalid response to a challenge. RETRY returns the error message and a similar challenge to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT restarts the flow while keeping the current context. required: - order - stage - target FooterLink: type: object description: Links returned in Config API properties: href: type: string readOnly: true name: type: string readOnly: true required: - href - name GenericError: type: object description: Generic API Error properties: detail: type: string code: type: string required: - detail Group: type: object description: Group Serializer properties: pk: type: string format: uuid readOnly: true title: Group uuid num_pk: type: integer readOnly: true name: type: string maxLength: 80 is_superuser: type: boolean description: Users added to this group will be superusers. parent: type: string format: uuid nullable: true parent_name: type: string readOnly: true users: type: array items: type: integer attributes: type: object additionalProperties: {} users_obj: type: array items: $ref: '#/components/schemas/GroupMember' readOnly: true required: - name - num_pk - parent - parent_name - pk - users - users_obj GroupMember: type: object description: Stripped down user serializer to show relevant users for groups properties: pk: type: integer readOnly: true title: ID username: type: string description: Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only. pattern: ^[\w.@+-]+$ maxLength: 150 name: type: string description: User's display name. is_active: type: boolean title: Active description: Designates whether this user should be treated as active. Unselect this instead of deleting accounts. last_login: type: string format: date-time nullable: true email: type: string format: email title: Email address maxLength: 254 avatar: type: string readOnly: true attributes: type: object additionalProperties: {} uid: type: string readOnly: true required: - avatar - name - pk - uid - username GroupMemberRequest: type: object description: Stripped down user serializer to show relevant users for groups properties: username: type: string minLength: 1 description: Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only. pattern: ^[\w.@+-]+$ maxLength: 150 name: type: string minLength: 1 description: User's display name. is_active: type: boolean title: Active description: Designates whether this user should be treated as active. Unselect this instead of deleting accounts. last_login: type: string format: date-time nullable: true email: type: string format: email title: Email address maxLength: 254 attributes: type: object additionalProperties: {} required: - name - username GroupRequest: type: object description: Group Serializer properties: name: type: string minLength: 1 maxLength: 80 is_superuser: type: boolean description: Users added to this group will be superusers. parent: type: string format: uuid nullable: true users: type: array items: type: integer attributes: type: object additionalProperties: {} required: - name - parent - users HaveIBeenPwendPolicy: type: object description: Have I Been Pwned Policy Serializer properties: pk: type: string format: uuid readOnly: true title: Policy uuid name: type: string nullable: true execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true bound_to: type: integer readOnly: true password_field: type: string description: Field key to check, field keys defined in Prompt stages are available. allowed_count: type: integer maximum: 2147483647 minimum: -2147483648 required: - bound_to - component - meta_model_name - pk - verbose_name - verbose_name_plural HaveIBeenPwendPolicyRequest: type: object description: Have I Been Pwned Policy Serializer properties: name: type: string nullable: true execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. password_field: type: string minLength: 1 description: Field key to check, field keys defined in Prompt stages are available. allowed_count: type: integer maximum: 2147483647 minimum: -2147483648 IdentificationChallenge: type: object description: Identification challenges with all UI elements properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: ak-stage-identification response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' user_fields: type: array items: type: string nullable: true password_fields: type: boolean application_pre: type: string enroll_url: type: string recovery_url: type: string passwordless_url: type: string primary_action: type: string sources: type: array items: $ref: '#/components/schemas/LoginSource' show_source_labels: type: boolean required: - password_fields - primary_action - show_source_labels - type - user_fields IdentificationChallengeResponseRequest: type: object description: Identification challenge properties: component: type: string minLength: 1 default: ak-stage-identification uid_field: type: string minLength: 1 password: type: string nullable: true required: - uid_field IdentificationStage: type: object description: IdentificationStage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true flow_set: type: array items: $ref: '#/components/schemas/Flow' user_fields: type: array items: $ref: '#/components/schemas/UserFieldsEnum' description: Fields of the user object to match against. (Hold shift to select multiple options) password_stage: type: string format: uuid nullable: true description: When set, shows a password field, instead of showing the password field as seaprate step. case_insensitive_matching: type: boolean description: When enabled, user fields are matched regardless of their casing. show_matched_user: type: boolean description: When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown enrollment_flow: type: string format: uuid nullable: true description: Optional enrollment flow, which is linked at the bottom of the page. recovery_flow: type: string format: uuid nullable: true description: Optional recovery flow, which is linked at the bottom of the page. passwordless_flow: type: string format: uuid nullable: true description: Optional passwordless flow, which is linked at the bottom of the page. sources: type: array items: type: string format: uuid description: Specify which sources should be shown. show_source_labels: type: boolean required: - component - meta_model_name - name - pk - verbose_name - verbose_name_plural IdentificationStageRequest: type: object description: IdentificationStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' user_fields: type: array items: $ref: '#/components/schemas/UserFieldsEnum' description: Fields of the user object to match against. (Hold shift to select multiple options) password_stage: type: string format: uuid nullable: true description: When set, shows a password field, instead of showing the password field as seaprate step. case_insensitive_matching: type: boolean description: When enabled, user fields are matched regardless of their casing. show_matched_user: type: boolean description: When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown enrollment_flow: type: string format: uuid nullable: true description: Optional enrollment flow, which is linked at the bottom of the page. recovery_flow: type: string format: uuid nullable: true description: Optional recovery flow, which is linked at the bottom of the page. passwordless_flow: type: string format: uuid nullable: true description: Optional passwordless flow, which is linked at the bottom of the page. sources: type: array items: type: string format: uuid description: Specify which sources should be shown. show_source_labels: type: boolean required: - name IntentEnum: enum: - verification - api - recovery - app_password type: string InvalidResponseActionEnum: enum: - retry - restart - restart_with_context type: string Invitation: type: object description: Invitation Serializer properties: pk: type: string format: uuid readOnly: true title: Invite uuid name: type: string maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ expires: type: string format: date-time fixed_data: type: object additionalProperties: {} created_by: allOf: - $ref: '#/components/schemas/GroupMember' readOnly: true single_use: type: boolean description: When enabled, the invitation will be deleted after usage. required: - created_by - name - pk InvitationRequest: type: object description: Invitation Serializer properties: name: type: string minLength: 1 maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ expires: type: string format: date-time fixed_data: type: object additionalProperties: {} single_use: type: boolean description: When enabled, the invitation will be deleted after usage. required: - name InvitationStage: type: object description: InvitationStage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true flow_set: type: array items: $ref: '#/components/schemas/Flow' continue_flow_without_invitation: type: boolean description: If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given. required: - component - meta_model_name - name - pk - verbose_name - verbose_name_plural InvitationStageRequest: type: object description: InvitationStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' continue_flow_without_invitation: type: boolean description: If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given. required: - name IssuerModeEnum: enum: - global - per_provider type: string KubernetesServiceConnection: type: object description: KubernetesServiceConnection Serializer properties: pk: type: string format: uuid readOnly: true title: Uuid name: type: string local: type: boolean description: If enabled, use the local connection. Required Docker socket/Kubernetes Integration component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true kubeconfig: type: object additionalProperties: {} description: Paste your kubeconfig here. authentik will automatically use the currently selected context. required: - component - meta_model_name - name - pk - verbose_name - verbose_name_plural KubernetesServiceConnectionRequest: type: object description: KubernetesServiceConnection Serializer properties: name: type: string minLength: 1 local: type: boolean description: If enabled, use the local connection. Required Docker socket/Kubernetes Integration kubeconfig: type: object additionalProperties: {} description: Paste your kubeconfig here. authentik will automatically use the currently selected context. required: - name LDAPAPIAccessMode: enum: - direct - cached type: string LDAPOutpostConfig: type: object description: LDAPProvider Serializer properties: pk: type: integer readOnly: true title: ID name: type: string base_dn: type: string description: DN under which objects are accessible. bind_flow_slug: type: string application_slug: type: string search_group: type: string format: uuid nullable: true description: Users in this group can do search queries. If not set, every user can execute search queries. certificate: type: string format: uuid nullable: true tls_server_name: type: string uid_start_number: type: integer maximum: 2147483647 minimum: -2147483648 description: The start for uidNumbers, this number is added to the user.Pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber gid_start_number: type: integer maximum: 2147483647 minimum: -2147483648 description: The start for gidNumbers, this number is added to a number generated from the group.Pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber search_mode: $ref: '#/components/schemas/LDAPAPIAccessMode' bind_mode: $ref: '#/components/schemas/LDAPAPIAccessMode' required: - application_slug - bind_flow_slug - name - pk LDAPPropertyMapping: type: object description: LDAP PropertyMapping Serializer properties: pk: type: string format: uuid readOnly: true title: Pm uuid managed: type: string nullable: true title: Managed by authentik description: Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. name: type: string expression: type: string component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true object_field: type: string required: - component - expression - meta_model_name - name - object_field - pk - verbose_name - verbose_name_plural LDAPPropertyMappingRequest: type: object description: LDAP PropertyMapping Serializer properties: managed: type: string nullable: true minLength: 1 title: Managed by authentik description: Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. name: type: string minLength: 1 expression: type: string minLength: 1 object_field: type: string minLength: 1 required: - expression - name - object_field LDAPProvider: type: object description: LDAPProvider Serializer properties: pk: type: integer readOnly: true title: ID name: type: string authorization_flow: type: string format: uuid description: Flow used when authorizing this provider. property_mappings: type: array items: type: string format: uuid component: type: string readOnly: true assigned_application_slug: type: string description: Internal application name, used in URLs. readOnly: true assigned_application_name: type: string description: Application's display Name. readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true base_dn: type: string description: DN under which objects are accessible. search_group: type: string format: uuid nullable: true description: Users in this group can do search queries. If not set, every user can execute search queries. certificate: type: string format: uuid nullable: true tls_server_name: type: string uid_start_number: type: integer maximum: 2147483647 minimum: -2147483648 description: The start for uidNumbers, this number is added to the user.Pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber gid_start_number: type: integer maximum: 2147483647 minimum: -2147483648 description: The start for gidNumbers, this number is added to a number generated from the group.Pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber outpost_set: type: array items: type: string readOnly: true search_mode: $ref: '#/components/schemas/LDAPAPIAccessMode' bind_mode: $ref: '#/components/schemas/LDAPAPIAccessMode' required: - assigned_application_name - assigned_application_slug - authorization_flow - component - meta_model_name - name - outpost_set - pk - verbose_name - verbose_name_plural LDAPProviderRequest: type: object description: LDAPProvider Serializer properties: name: type: string minLength: 1 authorization_flow: type: string format: uuid description: Flow used when authorizing this provider. property_mappings: type: array items: type: string format: uuid base_dn: type: string minLength: 1 description: DN under which objects are accessible. search_group: type: string format: uuid nullable: true description: Users in this group can do search queries. If not set, every user can execute search queries. certificate: type: string format: uuid nullable: true tls_server_name: type: string uid_start_number: type: integer maximum: 2147483647 minimum: -2147483648 description: The start for uidNumbers, this number is added to the user.Pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber gid_start_number: type: integer maximum: 2147483647 minimum: -2147483648 description: The start for gidNumbers, this number is added to a number generated from the group.Pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber search_mode: $ref: '#/components/schemas/LDAPAPIAccessMode' bind_mode: $ref: '#/components/schemas/LDAPAPIAccessMode' required: - authorization_flow - name LDAPSource: type: object description: LDAP Source Serializer properties: pk: type: string format: uuid readOnly: true title: Pbm uuid name: type: string description: Source's display Name. slug: type: string description: Internal source name, used in URLs. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ enabled: type: boolean authentication_flow: type: string format: uuid nullable: true description: Flow to use when authenticating existing users. enrollment_flow: type: string format: uuid nullable: true description: Flow to use when enrolling new users. component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' user_matching_mode: allOf: - $ref: '#/components/schemas/UserMatchingModeEnum' description: How the source determines if an existing user should be authenticated or a new user enrolled. managed: type: string nullable: true title: Managed by authentik description: Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. readOnly: true user_path_template: type: string server_uri: type: string format: uri peer_certificate: type: string format: uuid nullable: true description: Optionally verify the LDAP Server's Certificate against the CA Chain in this keypair. bind_cn: type: string start_tls: type: boolean title: Enable Start TLS base_dn: type: string additional_user_dn: type: string title: Addition User DN description: Prepended to Base DN for User-queries. additional_group_dn: type: string title: Addition Group DN description: Prepended to Base DN for Group-queries. user_object_filter: type: string description: Consider Objects matching this filter to be Users. group_object_filter: type: string description: Consider Objects matching this filter to be Groups. group_membership_field: type: string description: Field which contains members of a group. object_uniqueness_field: type: string description: Field which contains a unique Identifier. sync_users: type: boolean sync_users_password: type: boolean description: When a user changes their password, sync it back to LDAP. This can only be enabled on a single LDAP source. sync_groups: type: boolean sync_parent_group: type: string format: uuid nullable: true property_mappings: type: array items: type: string format: uuid property_mappings_group: type: array items: type: string format: uuid description: Property mappings used for group creation/updating. required: - base_dn - component - managed - meta_model_name - name - pk - server_uri - slug - verbose_name - verbose_name_plural LDAPSourceRequest: type: object description: LDAP Source Serializer properties: name: type: string minLength: 1 description: Source's display Name. slug: type: string minLength: 1 description: Internal source name, used in URLs. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ enabled: type: boolean authentication_flow: type: string format: uuid nullable: true description: Flow to use when authenticating existing users. enrollment_flow: type: string format: uuid nullable: true description: Flow to use when enrolling new users. policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' user_matching_mode: allOf: - $ref: '#/components/schemas/UserMatchingModeEnum' description: How the source determines if an existing user should be authenticated or a new user enrolled. user_path_template: type: string minLength: 1 server_uri: type: string minLength: 1 format: uri peer_certificate: type: string format: uuid nullable: true description: Optionally verify the LDAP Server's Certificate against the CA Chain in this keypair. bind_cn: type: string bind_password: type: string writeOnly: true start_tls: type: boolean title: Enable Start TLS base_dn: type: string minLength: 1 additional_user_dn: type: string title: Addition User DN description: Prepended to Base DN for User-queries. additional_group_dn: type: string title: Addition Group DN description: Prepended to Base DN for Group-queries. user_object_filter: type: string minLength: 1 description: Consider Objects matching this filter to be Users. group_object_filter: type: string minLength: 1 description: Consider Objects matching this filter to be Groups. group_membership_field: type: string minLength: 1 description: Field which contains members of a group. object_uniqueness_field: type: string minLength: 1 description: Field which contains a unique Identifier. sync_users: type: boolean sync_users_password: type: boolean description: When a user changes their password, sync it back to LDAP. This can only be enabled on a single LDAP source. sync_groups: type: boolean sync_parent_group: type: string format: uuid nullable: true property_mappings: type: array items: type: string format: uuid property_mappings_group: type: array items: type: string format: uuid description: Property mappings used for group creation/updating. required: - base_dn - name - server_uri - slug LayoutEnum: enum: - stacked - content_left - content_right - sidebar_left - sidebar_right type: string Link: type: object description: Returns a single link properties: link: type: string required: - link LoginChallengeTypes: oneOf: - $ref: '#/components/schemas/RedirectChallenge' - $ref: '#/components/schemas/PlexAuthenticationChallenge' - $ref: '#/components/schemas/AppleLoginChallenge' discriminator: propertyName: component mapping: xak-flow-redirect: '#/components/schemas/RedirectChallenge' ak-flow-sources-plex: '#/components/schemas/PlexAuthenticationChallenge' ak-flow-sources-oauth-apple: '#/components/schemas/AppleLoginChallenge' LoginMetrics: type: object description: Login Metrics per 1h properties: logins_per_1h: type: array items: $ref: '#/components/schemas/Coordinate' readOnly: true logins_failed_per_1h: type: array items: $ref: '#/components/schemas/Coordinate' readOnly: true required: - logins_failed_per_1h - logins_per_1h LoginSource: type: object description: Serializer for Login buttons of sources properties: name: type: string icon_url: type: string nullable: true challenge: $ref: '#/components/schemas/LoginChallengeTypes' required: - challenge - name NameIdPolicyEnum: enum: - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent - urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName - urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName - urn:oasis:names:tc:SAML:2.0:nameid-format:transient type: string NotConfiguredActionEnum: enum: - skip - deny - configure type: string Notification: type: object description: Notification Serializer properties: pk: type: string format: uuid readOnly: true title: Uuid severity: allOf: - $ref: '#/components/schemas/SeverityEnum' readOnly: true body: type: string readOnly: true created: type: string format: date-time readOnly: true event: $ref: '#/components/schemas/Event' seen: type: boolean required: - body - created - pk - severity NotificationRequest: type: object description: Notification Serializer properties: event: $ref: '#/components/schemas/EventRequest' seen: type: boolean NotificationRule: type: object description: NotificationRule Serializer properties: pk: type: string format: uuid readOnly: true title: Pbm uuid name: type: string transports: type: array items: type: string format: uuid description: Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI. severity: allOf: - $ref: '#/components/schemas/SeverityEnum' description: Controls which severity level the created notifications will have. group: type: string format: uuid nullable: true description: Define which group of users this notification should be sent and shown to. If left empty, Notification won't ben sent. group_obj: allOf: - $ref: '#/components/schemas/Group' readOnly: true required: - group_obj - name - pk NotificationRuleRequest: type: object description: NotificationRule Serializer properties: name: type: string minLength: 1 transports: type: array items: type: string format: uuid description: Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI. severity: allOf: - $ref: '#/components/schemas/SeverityEnum' description: Controls which severity level the created notifications will have. group: type: string format: uuid nullable: true description: Define which group of users this notification should be sent and shown to. If left empty, Notification won't ben sent. required: - name NotificationTransport: type: object description: NotificationTransport Serializer properties: pk: type: string format: uuid readOnly: true title: Uuid name: type: string mode: $ref: '#/components/schemas/NotificationTransportModeEnum' mode_verbose: type: string readOnly: true webhook_url: type: string format: uri webhook_mapping: type: string format: uuid nullable: true send_once: type: boolean description: Only send notification once, for example when sending a webhook into a chat channel. required: - mode_verbose - name - pk NotificationTransportModeEnum: enum: - local - webhook - webhook_slack - email type: string NotificationTransportRequest: type: object description: NotificationTransport Serializer properties: name: type: string minLength: 1 mode: $ref: '#/components/schemas/NotificationTransportModeEnum' webhook_url: type: string format: uri webhook_mapping: type: string format: uuid nullable: true send_once: type: boolean description: Only send notification once, for example when sending a webhook into a chat channel. required: - name NotificationTransportTest: type: object description: Notification test serializer properties: messages: type: array items: type: string required: - messages NotificationWebhookMapping: type: object description: NotificationWebhookMapping Serializer properties: pk: type: string format: uuid readOnly: true title: Pm uuid name: type: string expression: type: string required: - expression - name - pk NotificationWebhookMappingRequest: type: object description: NotificationWebhookMapping Serializer properties: name: type: string minLength: 1 expression: type: string minLength: 1 required: - expression - name OAuth2Provider: type: object description: OAuth2Provider Serializer properties: pk: type: integer readOnly: true title: ID name: type: string authorization_flow: type: string format: uuid description: Flow used when authorizing this provider. property_mappings: type: array items: type: string format: uuid component: type: string readOnly: true assigned_application_slug: type: string description: Internal application name, used in URLs. readOnly: true assigned_application_name: type: string description: Application's display Name. readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true client_type: allOf: - $ref: '#/components/schemas/ClientTypeEnum' description: |- Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable. client_id: type: string maxLength: 255 client_secret: type: string maxLength: 255 access_code_validity: type: string description: 'Access codes not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).' token_validity: type: string description: 'Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).' include_claims_in_id_token: type: boolean description: Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint. signing_key: type: string format: uuid nullable: true description: Key used to sign the tokens. Only required when JWT Algorithm is set to RS256. redirect_uris: type: string description: Enter each URI on a new line. sub_mode: allOf: - $ref: '#/components/schemas/SubModeEnum' description: Configure what data should be used as unique User Identifier. For most cases, the default should be fine. issuer_mode: allOf: - $ref: '#/components/schemas/IssuerModeEnum' description: Configure how the issuer field of the ID Token should be filled. jwks_sources: type: array items: type: string format: uuid title: Any JWT signed by the JWK of the selected source can be used to authenticate. title: Any JWT signed by the JWK of the selected source can be used to authenticate. required: - assigned_application_name - assigned_application_slug - authorization_flow - component - meta_model_name - name - pk - verbose_name - verbose_name_plural OAuth2ProviderRequest: type: object description: OAuth2Provider Serializer properties: name: type: string minLength: 1 authorization_flow: type: string format: uuid description: Flow used when authorizing this provider. property_mappings: type: array items: type: string format: uuid client_type: allOf: - $ref: '#/components/schemas/ClientTypeEnum' description: |- Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable. client_id: type: string minLength: 1 maxLength: 255 client_secret: type: string maxLength: 255 access_code_validity: type: string minLength: 1 description: 'Access codes not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).' token_validity: type: string minLength: 1 description: 'Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).' include_claims_in_id_token: type: boolean description: Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint. signing_key: type: string format: uuid nullable: true description: Key used to sign the tokens. Only required when JWT Algorithm is set to RS256. redirect_uris: type: string description: Enter each URI on a new line. sub_mode: allOf: - $ref: '#/components/schemas/SubModeEnum' description: Configure what data should be used as unique User Identifier. For most cases, the default should be fine. issuer_mode: allOf: - $ref: '#/components/schemas/IssuerModeEnum' description: Configure how the issuer field of the ID Token should be filled. jwks_sources: type: array items: type: string format: uuid title: Any JWT signed by the JWK of the selected source can be used to authenticate. title: Any JWT signed by the JWK of the selected source can be used to authenticate. required: - authorization_flow - name OAuth2ProviderSetupURLs: type: object description: OAuth2 Provider Metadata serializer properties: issuer: type: string readOnly: true authorize: type: string readOnly: true token: type: string readOnly: true user_info: type: string readOnly: true provider_info: type: string readOnly: true logout: type: string readOnly: true jwks: type: string readOnly: true required: - authorize - issuer - jwks - logout - provider_info - token - user_info OAuthSource: type: object description: OAuth Source Serializer properties: pk: type: string format: uuid readOnly: true title: Pbm uuid name: type: string description: Source's display Name. slug: type: string description: Internal source name, used in URLs. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ enabled: type: boolean authentication_flow: type: string format: uuid nullable: true description: Flow to use when authenticating existing users. enrollment_flow: type: string format: uuid nullable: true description: Flow to use when enrolling new users. component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' user_matching_mode: allOf: - $ref: '#/components/schemas/UserMatchingModeEnum' description: How the source determines if an existing user should be authenticated or a new user enrolled. managed: type: string nullable: true title: Managed by authentik description: Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. readOnly: true user_path_template: type: string provider_type: $ref: '#/components/schemas/ProviderTypeEnum' request_token_url: type: string nullable: true description: URL used to request the initial token. This URL is only required for OAuth 1. maxLength: 255 authorization_url: type: string nullable: true description: URL the user is redirect to to conest the flow. maxLength: 255 access_token_url: type: string nullable: true description: URL used by authentik to retrieve tokens. maxLength: 255 profile_url: type: string nullable: true description: URL used by authentik to get user information. maxLength: 255 consumer_key: type: string callback_url: type: string readOnly: true additional_scopes: type: string type: allOf: - $ref: '#/components/schemas/SourceType' readOnly: true oidc_well_known_url: type: string oidc_jwks_url: type: string oidc_jwks: type: object additionalProperties: {} required: - callback_url - component - consumer_key - managed - meta_model_name - name - pk - provider_type - slug - type - verbose_name - verbose_name_plural OAuthSourceRequest: type: object description: OAuth Source Serializer properties: name: type: string minLength: 1 description: Source's display Name. slug: type: string minLength: 1 description: Internal source name, used in URLs. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ enabled: type: boolean authentication_flow: type: string format: uuid nullable: true description: Flow to use when authenticating existing users. enrollment_flow: type: string format: uuid nullable: true description: Flow to use when enrolling new users. policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' user_matching_mode: allOf: - $ref: '#/components/schemas/UserMatchingModeEnum' description: How the source determines if an existing user should be authenticated or a new user enrolled. user_path_template: type: string minLength: 1 provider_type: $ref: '#/components/schemas/ProviderTypeEnum' request_token_url: type: string nullable: true minLength: 1 description: URL used to request the initial token. This URL is only required for OAuth 1. maxLength: 255 authorization_url: type: string nullable: true minLength: 1 description: URL the user is redirect to to conest the flow. maxLength: 255 access_token_url: type: string nullable: true minLength: 1 description: URL used by authentik to retrieve tokens. maxLength: 255 profile_url: type: string nullable: true minLength: 1 description: URL used by authentik to get user information. maxLength: 255 consumer_key: type: string minLength: 1 consumer_secret: type: string writeOnly: true minLength: 1 additional_scopes: type: string oidc_well_known_url: type: string oidc_jwks_url: type: string oidc_jwks: type: object additionalProperties: {} required: - consumer_key - consumer_secret - name - provider_type - slug OpenIDConnectConfiguration: type: object description: rest_framework Serializer for OIDC Configuration properties: issuer: type: string authorization_endpoint: type: string token_endpoint: type: string userinfo_endpoint: type: string end_session_endpoint: type: string introspection_endpoint: type: string jwks_uri: type: string response_types_supported: type: array items: type: string id_token_signing_alg_values_supported: type: array items: type: string subject_types_supported: type: array items: type: string token_endpoint_auth_methods_supported: type: array items: type: string required: - authorization_endpoint - end_session_endpoint - id_token_signing_alg_values_supported - introspection_endpoint - issuer - jwks_uri - response_types_supported - subject_types_supported - token_endpoint - token_endpoint_auth_methods_supported - userinfo_endpoint Outpost: type: object description: Outpost Serializer properties: pk: type: string format: uuid readOnly: true title: Uuid name: type: string type: $ref: '#/components/schemas/OutpostTypeEnum' providers: type: array items: type: integer providers_obj: type: array items: $ref: '#/components/schemas/Provider' readOnly: true service_connection: type: string format: uuid nullable: true description: Select Service-Connection authentik should use to manage this outpost. Leave empty if authentik should not handle the deployment. service_connection_obj: allOf: - $ref: '#/components/schemas/ServiceConnection' readOnly: true token_identifier: type: string readOnly: true config: type: object additionalProperties: {} managed: type: string nullable: true title: Managed by authentik description: Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. required: - config - name - pk - providers - providers_obj - service_connection_obj - token_identifier - type OutpostDefaultConfig: type: object description: Global default outpost config properties: config: type: object additionalProperties: {} readOnly: true required: - config OutpostHealth: type: object description: Outpost health status properties: last_seen: type: string format: date-time readOnly: true version: type: string readOnly: true version_should: type: string readOnly: true version_outdated: type: boolean readOnly: true build_hash: type: string readOnly: true build_hash_should: type: string readOnly: true required: - build_hash - build_hash_should - last_seen - version - version_outdated - version_should OutpostRequest: type: object description: Outpost Serializer properties: name: type: string minLength: 1 type: $ref: '#/components/schemas/OutpostTypeEnum' providers: type: array items: type: integer service_connection: type: string format: uuid nullable: true description: Select Service-Connection authentik should use to manage this outpost. Leave empty if authentik should not handle the deployment. config: type: object additionalProperties: {} managed: type: string nullable: true minLength: 1 title: Managed by authentik description: Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. required: - config - name - providers - type OutpostTypeEnum: enum: - proxy - ldap type: string PaginatedApplicationList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/Application' required: - pagination - results PaginatedAuthenticateWebAuthnStageList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/AuthenticateWebAuthnStage' required: - pagination - results PaginatedAuthenticatedSessionList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/AuthenticatedSession' required: - pagination - results PaginatedAuthenticatorDuoStageList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/AuthenticatorDuoStage' required: - pagination - results PaginatedAuthenticatorSMSStageList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/AuthenticatorSMSStage' required: - pagination - results PaginatedAuthenticatorStaticStageList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/AuthenticatorStaticStage' required: - pagination - results PaginatedAuthenticatorTOTPStageList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/AuthenticatorTOTPStage' required: - pagination - results PaginatedAuthenticatorValidateStageList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/AuthenticatorValidateStage' required: - pagination - results PaginatedCaptchaStageList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/CaptchaStage' required: - pagination - results PaginatedCertificateKeyPairList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/CertificateKeyPair' required: - pagination - results PaginatedConsentStageList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/ConsentStage' required: - pagination - results PaginatedDenyStageList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/DenyStage' required: - pagination - results PaginatedDockerServiceConnectionList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/DockerServiceConnection' required: - pagination - results PaginatedDummyPolicyList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/DummyPolicy' required: - pagination - results PaginatedDummyStageList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/DummyStage' required: - pagination - results PaginatedDuoDeviceList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/DuoDevice' required: - pagination - results PaginatedEmailStageList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/EmailStage' required: - pagination - results PaginatedEventList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/Event' required: - pagination - results PaginatedEventMatcherPolicyList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/EventMatcherPolicy' required: - pagination - results PaginatedExpiringBaseGrantModelList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/ExpiringBaseGrantModel' required: - pagination - results PaginatedExpressionPolicyList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/ExpressionPolicy' required: - pagination - results PaginatedFlowList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/Flow' required: - pagination - results PaginatedFlowStageBindingList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/FlowStageBinding' required: - pagination - results PaginatedGroupList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/Group' required: - pagination - results PaginatedHaveIBeenPwendPolicyList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/HaveIBeenPwendPolicy' required: - pagination - results PaginatedIdentificationStageList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/IdentificationStage' required: - pagination - results PaginatedInvitationList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/Invitation' required: - pagination - results PaginatedInvitationStageList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/InvitationStage' required: - pagination - results PaginatedKubernetesServiceConnectionList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/KubernetesServiceConnection' required: - pagination - results PaginatedLDAPOutpostConfigList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/LDAPOutpostConfig' required: - pagination - results PaginatedLDAPPropertyMappingList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/LDAPPropertyMapping' required: - pagination - results PaginatedLDAPProviderList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/LDAPProvider' required: - pagination - results PaginatedLDAPSourceList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/LDAPSource' required: - pagination - results PaginatedNotificationList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/Notification' required: - pagination - results PaginatedNotificationRuleList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/NotificationRule' required: - pagination - results PaginatedNotificationTransportList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/NotificationTransport' required: - pagination - results PaginatedNotificationWebhookMappingList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/NotificationWebhookMapping' required: - pagination - results PaginatedOAuth2ProviderList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/OAuth2Provider' required: - pagination - results PaginatedOAuthSourceList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/OAuthSource' required: - pagination - results PaginatedOutpostList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/Outpost' required: - pagination - results PaginatedPasswordExpiryPolicyList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/PasswordExpiryPolicy' required: - pagination - results PaginatedPasswordPolicyList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/PasswordPolicy' required: - pagination - results PaginatedPasswordStageList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/PasswordStage' required: - pagination - results PaginatedPlexSourceConnectionList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/PlexSourceConnection' required: - pagination - results PaginatedPlexSourceList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/PlexSource' required: - pagination - results PaginatedPolicyBindingList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/PolicyBinding' required: - pagination - results PaginatedPolicyList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/Policy' required: - pagination - results PaginatedPromptList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/Prompt' required: - pagination - results PaginatedPromptStageList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/PromptStage' required: - pagination - results PaginatedPropertyMappingList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/PropertyMapping' required: - pagination - results PaginatedProviderList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/Provider' required: - pagination - results PaginatedProxyOutpostConfigList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/ProxyOutpostConfig' required: - pagination - results PaginatedProxyProviderList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/ProxyProvider' required: - pagination - results PaginatedRefreshTokenModelList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/RefreshTokenModel' required: - pagination - results PaginatedReputationList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/Reputation' required: - pagination - results PaginatedReputationPolicyList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/ReputationPolicy' required: - pagination - results PaginatedSAMLPropertyMappingList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/SAMLPropertyMapping' required: - pagination - results PaginatedSAMLProviderList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/SAMLProvider' required: - pagination - results PaginatedSAMLSourceList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/SAMLSource' required: - pagination - results PaginatedSMSDeviceList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/SMSDevice' required: - pagination - results PaginatedScopeMappingList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/ScopeMapping' required: - pagination - results PaginatedServiceConnectionList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/ServiceConnection' required: - pagination - results PaginatedSourceList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/Source' required: - pagination - results PaginatedStageList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/Stage' required: - pagination - results PaginatedStaticDeviceList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/StaticDevice' required: - pagination - results PaginatedTOTPDeviceList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/TOTPDevice' required: - pagination - results PaginatedTenantList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/Tenant' required: - pagination - results PaginatedTokenList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/Token' required: - pagination - results PaginatedUserConsentList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/UserConsent' required: - pagination - results PaginatedUserDeleteStageList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/UserDeleteStage' required: - pagination - results PaginatedUserList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/User' required: - pagination - results PaginatedUserLoginStageList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/UserLoginStage' required: - pagination - results PaginatedUserLogoutStageList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/UserLogoutStage' required: - pagination - results PaginatedUserOAuthSourceConnectionList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/UserOAuthSourceConnection' required: - pagination - results PaginatedUserSourceConnectionList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/UserSourceConnection' required: - pagination - results PaginatedUserWriteStageList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/UserWriteStage' required: - pagination - results PaginatedWebAuthnDeviceList: type: object properties: pagination: type: object properties: next: type: number previous: type: number count: type: number current: type: number total_pages: type: number start_index: type: number end_index: type: number required: - next - previous - count - current - total_pages - start_index - end_index results: type: array items: $ref: '#/components/schemas/WebAuthnDevice' required: - pagination - results PasswordChallenge: type: object description: Password challenge UI fields properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: ak-stage-password response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' pending_user: type: string pending_user_avatar: type: string recovery_url: type: string required: - pending_user - pending_user_avatar - type PasswordChallengeResponseRequest: type: object description: Password challenge response properties: component: type: string minLength: 1 default: ak-stage-password password: type: string minLength: 1 required: - password PasswordExpiryPolicy: type: object description: Password Expiry Policy Serializer properties: pk: type: string format: uuid readOnly: true title: Policy uuid name: type: string nullable: true execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true bound_to: type: integer readOnly: true days: type: integer maximum: 2147483647 minimum: -2147483648 deny_only: type: boolean required: - bound_to - component - days - meta_model_name - pk - verbose_name - verbose_name_plural PasswordExpiryPolicyRequest: type: object description: Password Expiry Policy Serializer properties: name: type: string nullable: true execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. days: type: integer maximum: 2147483647 minimum: -2147483648 deny_only: type: boolean required: - days PasswordPolicy: type: object description: Password Policy Serializer properties: pk: type: string format: uuid readOnly: true title: Policy uuid name: type: string nullable: true execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true bound_to: type: integer readOnly: true password_field: type: string description: Field key to check, field keys defined in Prompt stages are available. amount_digits: type: integer maximum: 2147483647 minimum: 0 amount_uppercase: type: integer maximum: 2147483647 minimum: 0 amount_lowercase: type: integer maximum: 2147483647 minimum: 0 amount_symbols: type: integer maximum: 2147483647 minimum: 0 length_min: type: integer maximum: 2147483647 minimum: 0 symbol_charset: type: string error_message: type: string required: - bound_to - component - error_message - meta_model_name - pk - verbose_name - verbose_name_plural PasswordPolicyRequest: type: object description: Password Policy Serializer properties: name: type: string nullable: true execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. password_field: type: string minLength: 1 description: Field key to check, field keys defined in Prompt stages are available. amount_digits: type: integer maximum: 2147483647 minimum: 0 amount_uppercase: type: integer maximum: 2147483647 minimum: 0 amount_lowercase: type: integer maximum: 2147483647 minimum: 0 amount_symbols: type: integer maximum: 2147483647 minimum: 0 length_min: type: integer maximum: 2147483647 minimum: 0 symbol_charset: type: string minLength: 1 error_message: type: string minLength: 1 required: - error_message PasswordStage: type: object description: PasswordStage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true flow_set: type: array items: $ref: '#/components/schemas/Flow' backends: type: array items: $ref: '#/components/schemas/BackendsEnum' description: Selection of backends to test the password against. configure_flow: type: string format: uuid nullable: true description: Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. failed_attempts_before_cancel: type: integer maximum: 2147483647 minimum: -2147483648 description: How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage. required: - backends - component - meta_model_name - name - pk - verbose_name - verbose_name_plural PasswordStageRequest: type: object description: PasswordStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' backends: type: array items: $ref: '#/components/schemas/BackendsEnum' description: Selection of backends to test the password against. configure_flow: type: string format: uuid nullable: true description: Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. failed_attempts_before_cancel: type: integer maximum: 2147483647 minimum: -2147483648 description: How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage. required: - backends - name PatchedApplicationRequest: type: object description: Application Serializer properties: name: type: string minLength: 1 description: Application's display Name. slug: type: string minLength: 1 description: Internal application name, used in URLs. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ provider: type: integer nullable: true open_in_new_tab: type: boolean description: Open launch URL in a new browser tab or window. meta_launch_url: type: string format: uri meta_description: type: string meta_publisher: type: string policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' group: type: string PatchedAuthenticateWebAuthnStageRequest: type: object description: AuthenticateWebAuthnStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' configure_flow: type: string format: uuid nullable: true description: Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. user_verification: $ref: '#/components/schemas/UserVerificationEnum' authenticator_attachment: allOf: - $ref: '#/components/schemas/AuthenticatorAttachmentEnum' nullable: true resident_key_requirement: $ref: '#/components/schemas/ResidentKeyRequirementEnum' PatchedAuthenticatorDuoStageRequest: type: object description: AuthenticatorDuoStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' configure_flow: type: string format: uuid nullable: true description: Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. client_id: type: string minLength: 1 client_secret: type: string writeOnly: true minLength: 1 api_hostname: type: string minLength: 1 PatchedAuthenticatorSMSStageRequest: type: object description: AuthenticatorSMSStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' configure_flow: type: string format: uuid nullable: true description: Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. provider: $ref: '#/components/schemas/ProviderEnum' from_number: type: string minLength: 1 account_sid: type: string minLength: 1 auth: type: string minLength: 1 auth_password: type: string auth_type: $ref: '#/components/schemas/AuthTypeEnum' verify_only: type: boolean description: When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not re-used in the future. PatchedAuthenticatorStaticStageRequest: type: object description: AuthenticatorStaticStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' configure_flow: type: string format: uuid nullable: true description: Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. token_count: type: integer maximum: 2147483647 minimum: -2147483648 PatchedAuthenticatorTOTPStageRequest: type: object description: AuthenticatorTOTPStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' configure_flow: type: string format: uuid nullable: true description: Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. digits: allOf: - $ref: '#/components/schemas/DigitsEnum' minimum: -2147483648 maximum: 2147483647 PatchedAuthenticatorValidateStageRequest: type: object description: AuthenticatorValidateStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' not_configured_action: $ref: '#/components/schemas/NotConfiguredActionEnum' device_classes: type: array items: $ref: '#/components/schemas/DeviceClassesEnum' description: Device classes which can be used to authenticate configuration_stages: type: array items: type: string format: uuid description: Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again. last_auth_threshold: type: string minLength: 1 description: If any of the user's device has been used within this threshold, this stage will be skipped PatchedCaptchaStageRequest: type: object description: CaptchaStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' public_key: type: string minLength: 1 description: Public key, acquired from https://www.google.com/recaptcha/intro/v3.html private_key: type: string writeOnly: true minLength: 1 description: Private key, acquired from https://www.google.com/recaptcha/intro/v3.html PatchedCertificateKeyPairRequest: type: object description: CertificateKeyPair Serializer properties: name: type: string minLength: 1 certificate_data: type: string writeOnly: true minLength: 1 description: PEM-encoded Certificate data key_data: type: string writeOnly: true description: Optional Private Key. If this is set, you can use this keypair for encryption. managed: type: string nullable: true minLength: 1 title: Managed by authentik description: Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. PatchedConsentStageRequest: type: object description: ConsentStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' mode: $ref: '#/components/schemas/ConsentStageModeEnum' consent_expire_in: type: string minLength: 1 title: Consent expires in description: 'Offset after which consent expires. (Format: hours=1;minutes=2;seconds=3).' PatchedDenyStageRequest: type: object description: DenyStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' PatchedDockerServiceConnectionRequest: type: object description: DockerServiceConnection Serializer properties: name: type: string minLength: 1 local: type: boolean description: If enabled, use the local connection. Required Docker socket/Kubernetes Integration url: type: string minLength: 1 description: Can be in the format of 'unix://' when connecting to a local docker daemon, or 'https://:2376' when connecting to a remote system. tls_verification: type: string format: uuid nullable: true description: CA which the endpoint's Certificate is verified against. Can be left empty for no validation. tls_authentication: type: string format: uuid nullable: true description: Certificate/Key used for authentication. Can be left empty for no authentication. PatchedDummyPolicyRequest: type: object description: Dummy Policy Serializer properties: name: type: string nullable: true execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. result: type: boolean wait_min: type: integer maximum: 2147483647 minimum: -2147483648 wait_max: type: integer maximum: 2147483647 minimum: -2147483648 PatchedDummyStageRequest: type: object description: DummyStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' PatchedDuoDeviceRequest: type: object description: Serializer for Duo authenticator devices properties: name: type: string minLength: 1 description: The human-readable name of this device. maxLength: 64 PatchedEmailStageRequest: type: object description: EmailStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' use_global_settings: type: boolean description: When enabled, global Email connection settings will be used and connection settings below will be ignored. host: type: string minLength: 1 port: type: integer maximum: 2147483647 minimum: -2147483648 username: type: string password: type: string writeOnly: true use_tls: type: boolean use_ssl: type: boolean timeout: type: integer maximum: 2147483647 minimum: -2147483648 from_address: type: string format: email minLength: 1 maxLength: 254 token_expiry: type: integer maximum: 2147483647 minimum: -2147483648 description: Time in minutes the token sent is valid. subject: type: string minLength: 1 template: type: string minLength: 1 activate_user_on_success: type: boolean description: Activate users upon completion of stage. PatchedEventMatcherPolicyRequest: type: object description: Event Matcher Policy Serializer properties: name: type: string nullable: true execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. action: allOf: - $ref: '#/components/schemas/EventActions' description: Match created events with this action type. When left empty, all action types will be matched. client_ip: type: string description: Matches Event's Client IP (strict matching, for network matching use an Expression Policy) app: allOf: - $ref: '#/components/schemas/AppEnum' description: Match events created by selected application. When left empty, all applications are matched. PatchedEventRequest: type: object description: Event Serializer properties: user: type: object additionalProperties: {} action: $ref: '#/components/schemas/EventActions' app: type: string minLength: 1 context: type: object additionalProperties: {} client_ip: type: string nullable: true minLength: 1 expires: type: string format: date-time tenant: type: object additionalProperties: {} PatchedExpressionPolicyRequest: type: object description: Group Membership Policy Serializer properties: name: type: string nullable: true execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. expression: type: string minLength: 1 PatchedFlowRequest: type: object description: Flow Serializer properties: name: type: string minLength: 1 slug: type: string minLength: 1 description: Visible in the URL. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ title: type: string minLength: 1 description: Shown as the Title in Flow pages. designation: allOf: - $ref: '#/components/schemas/FlowDesignationEnum' description: Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik. policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' compatibility_mode: type: boolean description: Enable compatibility mode, increases compatibility with password managers on mobile devices. layout: $ref: '#/components/schemas/LayoutEnum' PatchedFlowStageBindingRequest: type: object description: FlowStageBinding Serializer properties: target: type: string format: uuid stage: type: string format: uuid evaluate_on_plan: type: boolean description: Evaluate policies during the Flow planning process. Disable this for input-based policies. re_evaluate_policies: type: boolean description: Evaluate policies when the Stage is present to the user. order: type: integer maximum: 2147483647 minimum: -2147483648 policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' invalid_response_action: allOf: - $ref: '#/components/schemas/InvalidResponseActionEnum' description: Configure how the flow executor should handle an invalid response to a challenge. RETRY returns the error message and a similar challenge to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT restarts the flow while keeping the current context. PatchedGroupRequest: type: object description: Group Serializer properties: name: type: string minLength: 1 maxLength: 80 is_superuser: type: boolean description: Users added to this group will be superusers. parent: type: string format: uuid nullable: true users: type: array items: type: integer attributes: type: object additionalProperties: {} PatchedHaveIBeenPwendPolicyRequest: type: object description: Have I Been Pwned Policy Serializer properties: name: type: string nullable: true execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. password_field: type: string minLength: 1 description: Field key to check, field keys defined in Prompt stages are available. allowed_count: type: integer maximum: 2147483647 minimum: -2147483648 PatchedIdentificationStageRequest: type: object description: IdentificationStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' user_fields: type: array items: $ref: '#/components/schemas/UserFieldsEnum' description: Fields of the user object to match against. (Hold shift to select multiple options) password_stage: type: string format: uuid nullable: true description: When set, shows a password field, instead of showing the password field as seaprate step. case_insensitive_matching: type: boolean description: When enabled, user fields are matched regardless of their casing. show_matched_user: type: boolean description: When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown enrollment_flow: type: string format: uuid nullable: true description: Optional enrollment flow, which is linked at the bottom of the page. recovery_flow: type: string format: uuid nullable: true description: Optional recovery flow, which is linked at the bottom of the page. passwordless_flow: type: string format: uuid nullable: true description: Optional passwordless flow, which is linked at the bottom of the page. sources: type: array items: type: string format: uuid description: Specify which sources should be shown. show_source_labels: type: boolean PatchedInvitationRequest: type: object description: Invitation Serializer properties: name: type: string minLength: 1 maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ expires: type: string format: date-time fixed_data: type: object additionalProperties: {} single_use: type: boolean description: When enabled, the invitation will be deleted after usage. PatchedInvitationStageRequest: type: object description: InvitationStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' continue_flow_without_invitation: type: boolean description: If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given. PatchedKubernetesServiceConnectionRequest: type: object description: KubernetesServiceConnection Serializer properties: name: type: string minLength: 1 local: type: boolean description: If enabled, use the local connection. Required Docker socket/Kubernetes Integration kubeconfig: type: object additionalProperties: {} description: Paste your kubeconfig here. authentik will automatically use the currently selected context. PatchedLDAPPropertyMappingRequest: type: object description: LDAP PropertyMapping Serializer properties: managed: type: string nullable: true minLength: 1 title: Managed by authentik description: Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. name: type: string minLength: 1 expression: type: string minLength: 1 object_field: type: string minLength: 1 PatchedLDAPProviderRequest: type: object description: LDAPProvider Serializer properties: name: type: string minLength: 1 authorization_flow: type: string format: uuid description: Flow used when authorizing this provider. property_mappings: type: array items: type: string format: uuid base_dn: type: string minLength: 1 description: DN under which objects are accessible. search_group: type: string format: uuid nullable: true description: Users in this group can do search queries. If not set, every user can execute search queries. certificate: type: string format: uuid nullable: true tls_server_name: type: string uid_start_number: type: integer maximum: 2147483647 minimum: -2147483648 description: The start for uidNumbers, this number is added to the user.Pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber gid_start_number: type: integer maximum: 2147483647 minimum: -2147483648 description: The start for gidNumbers, this number is added to a number generated from the group.Pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber search_mode: $ref: '#/components/schemas/LDAPAPIAccessMode' bind_mode: $ref: '#/components/schemas/LDAPAPIAccessMode' PatchedLDAPSourceRequest: type: object description: LDAP Source Serializer properties: name: type: string minLength: 1 description: Source's display Name. slug: type: string minLength: 1 description: Internal source name, used in URLs. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ enabled: type: boolean authentication_flow: type: string format: uuid nullable: true description: Flow to use when authenticating existing users. enrollment_flow: type: string format: uuid nullable: true description: Flow to use when enrolling new users. policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' user_matching_mode: allOf: - $ref: '#/components/schemas/UserMatchingModeEnum' description: How the source determines if an existing user should be authenticated or a new user enrolled. user_path_template: type: string minLength: 1 server_uri: type: string minLength: 1 format: uri peer_certificate: type: string format: uuid nullable: true description: Optionally verify the LDAP Server's Certificate against the CA Chain in this keypair. bind_cn: type: string bind_password: type: string writeOnly: true start_tls: type: boolean title: Enable Start TLS base_dn: type: string minLength: 1 additional_user_dn: type: string title: Addition User DN description: Prepended to Base DN for User-queries. additional_group_dn: type: string title: Addition Group DN description: Prepended to Base DN for Group-queries. user_object_filter: type: string minLength: 1 description: Consider Objects matching this filter to be Users. group_object_filter: type: string minLength: 1 description: Consider Objects matching this filter to be Groups. group_membership_field: type: string minLength: 1 description: Field which contains members of a group. object_uniqueness_field: type: string minLength: 1 description: Field which contains a unique Identifier. sync_users: type: boolean sync_users_password: type: boolean description: When a user changes their password, sync it back to LDAP. This can only be enabled on a single LDAP source. sync_groups: type: boolean sync_parent_group: type: string format: uuid nullable: true property_mappings: type: array items: type: string format: uuid property_mappings_group: type: array items: type: string format: uuid description: Property mappings used for group creation/updating. PatchedNotificationRequest: type: object description: Notification Serializer properties: event: $ref: '#/components/schemas/EventRequest' seen: type: boolean PatchedNotificationRuleRequest: type: object description: NotificationRule Serializer properties: name: type: string minLength: 1 transports: type: array items: type: string format: uuid description: Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI. severity: allOf: - $ref: '#/components/schemas/SeverityEnum' description: Controls which severity level the created notifications will have. group: type: string format: uuid nullable: true description: Define which group of users this notification should be sent and shown to. If left empty, Notification won't ben sent. PatchedNotificationTransportRequest: type: object description: NotificationTransport Serializer properties: name: type: string minLength: 1 mode: $ref: '#/components/schemas/NotificationTransportModeEnum' webhook_url: type: string format: uri webhook_mapping: type: string format: uuid nullable: true send_once: type: boolean description: Only send notification once, for example when sending a webhook into a chat channel. PatchedNotificationWebhookMappingRequest: type: object description: NotificationWebhookMapping Serializer properties: name: type: string minLength: 1 expression: type: string minLength: 1 PatchedOAuth2ProviderRequest: type: object description: OAuth2Provider Serializer properties: name: type: string minLength: 1 authorization_flow: type: string format: uuid description: Flow used when authorizing this provider. property_mappings: type: array items: type: string format: uuid client_type: allOf: - $ref: '#/components/schemas/ClientTypeEnum' description: |- Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable. client_id: type: string minLength: 1 maxLength: 255 client_secret: type: string maxLength: 255 access_code_validity: type: string minLength: 1 description: 'Access codes not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).' token_validity: type: string minLength: 1 description: 'Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).' include_claims_in_id_token: type: boolean description: Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint. signing_key: type: string format: uuid nullable: true description: Key used to sign the tokens. Only required when JWT Algorithm is set to RS256. redirect_uris: type: string description: Enter each URI on a new line. sub_mode: allOf: - $ref: '#/components/schemas/SubModeEnum' description: Configure what data should be used as unique User Identifier. For most cases, the default should be fine. issuer_mode: allOf: - $ref: '#/components/schemas/IssuerModeEnum' description: Configure how the issuer field of the ID Token should be filled. jwks_sources: type: array items: type: string format: uuid title: Any JWT signed by the JWK of the selected source can be used to authenticate. title: Any JWT signed by the JWK of the selected source can be used to authenticate. PatchedOAuthSourceRequest: type: object description: OAuth Source Serializer properties: name: type: string minLength: 1 description: Source's display Name. slug: type: string minLength: 1 description: Internal source name, used in URLs. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ enabled: type: boolean authentication_flow: type: string format: uuid nullable: true description: Flow to use when authenticating existing users. enrollment_flow: type: string format: uuid nullable: true description: Flow to use when enrolling new users. policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' user_matching_mode: allOf: - $ref: '#/components/schemas/UserMatchingModeEnum' description: How the source determines if an existing user should be authenticated or a new user enrolled. user_path_template: type: string minLength: 1 provider_type: $ref: '#/components/schemas/ProviderTypeEnum' request_token_url: type: string nullable: true minLength: 1 description: URL used to request the initial token. This URL is only required for OAuth 1. maxLength: 255 authorization_url: type: string nullable: true minLength: 1 description: URL the user is redirect to to conest the flow. maxLength: 255 access_token_url: type: string nullable: true minLength: 1 description: URL used by authentik to retrieve tokens. maxLength: 255 profile_url: type: string nullable: true minLength: 1 description: URL used by authentik to get user information. maxLength: 255 consumer_key: type: string minLength: 1 consumer_secret: type: string writeOnly: true minLength: 1 additional_scopes: type: string oidc_well_known_url: type: string oidc_jwks_url: type: string oidc_jwks: type: object additionalProperties: {} PatchedOutpostRequest: type: object description: Outpost Serializer properties: name: type: string minLength: 1 type: $ref: '#/components/schemas/OutpostTypeEnum' providers: type: array items: type: integer service_connection: type: string format: uuid nullable: true description: Select Service-Connection authentik should use to manage this outpost. Leave empty if authentik should not handle the deployment. config: type: object additionalProperties: {} managed: type: string nullable: true minLength: 1 title: Managed by authentik description: Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. PatchedPasswordExpiryPolicyRequest: type: object description: Password Expiry Policy Serializer properties: name: type: string nullable: true execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. days: type: integer maximum: 2147483647 minimum: -2147483648 deny_only: type: boolean PatchedPasswordPolicyRequest: type: object description: Password Policy Serializer properties: name: type: string nullable: true execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. password_field: type: string minLength: 1 description: Field key to check, field keys defined in Prompt stages are available. amount_digits: type: integer maximum: 2147483647 minimum: 0 amount_uppercase: type: integer maximum: 2147483647 minimum: 0 amount_lowercase: type: integer maximum: 2147483647 minimum: 0 amount_symbols: type: integer maximum: 2147483647 minimum: 0 length_min: type: integer maximum: 2147483647 minimum: 0 symbol_charset: type: string minLength: 1 error_message: type: string minLength: 1 PatchedPasswordStageRequest: type: object description: PasswordStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' backends: type: array items: $ref: '#/components/schemas/BackendsEnum' description: Selection of backends to test the password against. configure_flow: type: string format: uuid nullable: true description: Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. failed_attempts_before_cancel: type: integer maximum: 2147483647 minimum: -2147483648 description: How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage. PatchedPlexSourceConnectionRequest: type: object description: Plex Source connection Serializer properties: identifier: type: string minLength: 1 plex_token: type: string minLength: 1 PatchedPlexSourceRequest: type: object description: Plex Source Serializer properties: name: type: string minLength: 1 description: Source's display Name. slug: type: string minLength: 1 description: Internal source name, used in URLs. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ enabled: type: boolean authentication_flow: type: string format: uuid nullable: true description: Flow to use when authenticating existing users. enrollment_flow: type: string format: uuid nullable: true description: Flow to use when enrolling new users. policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' user_matching_mode: allOf: - $ref: '#/components/schemas/UserMatchingModeEnum' description: How the source determines if an existing user should be authenticated or a new user enrolled. user_path_template: type: string minLength: 1 client_id: type: string minLength: 1 description: Client identifier used to talk to Plex. allowed_servers: type: array items: type: string minLength: 1 description: Which servers a user has to be a member of to be granted access. Empty list allows every server. allow_friends: type: boolean description: Allow friends to authenticate, even if you don't share a server. plex_token: type: string minLength: 1 description: Plex token used to check friends PatchedPolicyBindingRequest: type: object description: PolicyBinding Serializer properties: policy: type: string format: uuid nullable: true group: type: string format: uuid nullable: true user: type: integer nullable: true target: type: string format: uuid negate: type: boolean description: Negates the outcome of the policy. Messages are unaffected. enabled: type: boolean order: type: integer maximum: 2147483647 minimum: -2147483648 timeout: type: integer maximum: 2147483647 minimum: -2147483648 description: Timeout after which Policy execution is terminated. PatchedPromptRequest: type: object description: Prompt Serializer properties: field_key: type: string minLength: 1 description: Name of the form field, also used to store the value label: type: string minLength: 1 type: $ref: '#/components/schemas/PromptTypeEnum' required: type: boolean placeholder: type: string order: type: integer maximum: 2147483647 minimum: -2147483648 promptstage_set: type: array items: $ref: '#/components/schemas/StageRequest' sub_text: type: string placeholder_expression: type: boolean PatchedPromptStageRequest: type: object description: PromptStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' fields: type: array items: type: string format: uuid validation_policies: type: array items: type: string format: uuid PatchedProxyProviderRequest: type: object description: ProxyProvider Serializer properties: name: type: string minLength: 1 authorization_flow: type: string format: uuid description: Flow used when authorizing this provider. property_mappings: type: array items: type: string format: uuid internal_host: type: string format: uri external_host: type: string minLength: 1 format: uri internal_host_ssl_validation: type: boolean description: Validate SSL Certificates of upstream servers certificate: type: string format: uuid nullable: true skip_path_regex: type: string description: Regular expressions for which authentication is not required. Each new line is interpreted as a new Regular Expression. basic_auth_enabled: type: boolean title: Set HTTP-Basic Authentication description: Set a custom HTTP-Basic Authentication header based on values from authentik. basic_auth_password_attribute: type: string title: HTTP-Basic Password Key description: User/Group Attribute used for the password part of the HTTP-Basic Header. basic_auth_user_attribute: type: string title: HTTP-Basic Username Key description: User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used. mode: allOf: - $ref: '#/components/schemas/ProxyMode' description: Enable support for forwardAuth in traefik and nginx auth_request. Exclusive with internal_host. cookie_domain: type: string token_validity: type: string minLength: 1 description: 'Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).' PatchedReputationPolicyRequest: type: object description: Reputation Policy Serializer properties: name: type: string nullable: true execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. check_ip: type: boolean check_username: type: boolean threshold: type: integer maximum: 2147483647 minimum: -2147483648 PatchedSAMLPropertyMappingRequest: type: object description: SAMLPropertyMapping Serializer properties: managed: type: string nullable: true minLength: 1 title: Managed by authentik description: Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. name: type: string minLength: 1 expression: type: string minLength: 1 saml_name: type: string minLength: 1 friendly_name: type: string nullable: true PatchedSAMLProviderRequest: type: object description: SAMLProvider Serializer properties: name: type: string minLength: 1 authorization_flow: type: string format: uuid description: Flow used when authorizing this provider. property_mappings: type: array items: type: string format: uuid acs_url: type: string format: uri minLength: 1 maxLength: 200 audience: type: string description: Value of the audience restriction field of the assertion. When left empty, no audience restriction will be added. issuer: type: string minLength: 1 description: Also known as EntityID assertion_valid_not_before: type: string minLength: 1 description: 'Assertion valid not before current time + this value (Format: hours=-1;minutes=-2;seconds=-3).' assertion_valid_not_on_or_after: type: string minLength: 1 description: 'Assertion not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).' session_valid_not_on_or_after: type: string minLength: 1 description: 'Session not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).' name_id_mapping: type: string format: uuid nullable: true title: NameID Property Mapping description: Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be considered digest_algorithm: $ref: '#/components/schemas/DigestAlgorithmEnum' signature_algorithm: $ref: '#/components/schemas/SignatureAlgorithmEnum' signing_kp: type: string format: uuid nullable: true title: Signing Keypair description: Keypair used to sign outgoing Responses going to the Service Provider. verification_kp: type: string format: uuid nullable: true title: Verification Certificate description: When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. sp_binding: allOf: - $ref: '#/components/schemas/SpBindingEnum' title: Service Provider Binding description: This determines how authentik sends the response back to the Service Provider. PatchedSAMLSourceRequest: type: object description: SAMLSource Serializer properties: name: type: string minLength: 1 description: Source's display Name. slug: type: string minLength: 1 description: Internal source name, used in URLs. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ enabled: type: boolean authentication_flow: type: string format: uuid nullable: true description: Flow to use when authenticating existing users. enrollment_flow: type: string format: uuid nullable: true description: Flow to use when enrolling new users. policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' user_matching_mode: allOf: - $ref: '#/components/schemas/UserMatchingModeEnum' description: How the source determines if an existing user should be authenticated or a new user enrolled. user_path_template: type: string minLength: 1 pre_authentication_flow: type: string format: uuid description: Flow used before authentication. issuer: type: string description: Also known as Entity ID. Defaults the Metadata URL. sso_url: type: string format: uri minLength: 1 description: URL that the initial Login request is sent to. maxLength: 200 slo_url: type: string format: uri nullable: true description: Optional URL if your IDP supports Single-Logout. maxLength: 200 allow_idp_initiated: type: boolean description: Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done. name_id_policy: allOf: - $ref: '#/components/schemas/NameIdPolicyEnum' description: NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent. binding_type: $ref: '#/components/schemas/BindingTypeEnum' signing_kp: type: string format: uuid nullable: true title: Signing Keypair description: Keypair which is used to sign outgoing requests. Leave empty to disable signing. digest_algorithm: $ref: '#/components/schemas/DigestAlgorithmEnum' signature_algorithm: $ref: '#/components/schemas/SignatureAlgorithmEnum' temporary_user_delete_after: type: string minLength: 1 title: Delete temporary users after description: 'Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format ''transient'', and the user doesn''t log out manually. (Format: hours=1;minutes=2;seconds=3).' PatchedSMSDeviceRequest: type: object description: Serializer for sms authenticator devices properties: name: type: string minLength: 1 description: The human-readable name of this device. maxLength: 64 PatchedScopeMappingRequest: type: object description: ScopeMapping Serializer properties: managed: type: string nullable: true minLength: 1 title: Managed by authentik description: Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. name: type: string minLength: 1 expression: type: string minLength: 1 scope_name: type: string minLength: 1 description: Scope used by the client description: type: string description: Description shown to the user when consenting. If left empty, the user won't be informed. PatchedStaticDeviceRequest: type: object description: Serializer for static authenticator devices properties: name: type: string minLength: 1 description: The human-readable name of this device. maxLength: 64 PatchedTOTPDeviceRequest: type: object description: Serializer for totp authenticator devices properties: name: type: string minLength: 1 description: The human-readable name of this device. maxLength: 64 PatchedTenantRequest: type: object description: Tenant Serializer properties: domain: type: string minLength: 1 description: Domain that activates this tenant. Can be a superset, i.e. `a.b` for `aa.b` and `ba.b` default: type: boolean branding_title: type: string minLength: 1 branding_logo: type: string minLength: 1 branding_favicon: type: string minLength: 1 flow_authentication: type: string format: uuid nullable: true flow_invalidation: type: string format: uuid nullable: true flow_recovery: type: string format: uuid nullable: true flow_unenrollment: type: string format: uuid nullable: true flow_user_settings: type: string format: uuid nullable: true event_retention: type: string minLength: 1 description: 'Events will be deleted after this duration.(Format: weeks=3;days=2;hours=3,seconds=2).' web_certificate: type: string format: uuid nullable: true description: Web Certificate used by the authentik Core webserver. attributes: type: object additionalProperties: {} PatchedTokenRequest: type: object description: Token Serializer properties: managed: type: string nullable: true minLength: 1 title: Managed by authentik description: Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. identifier: type: string minLength: 1 maxLength: 255 pattern: ^[-a-zA-Z0-9_]+$ intent: $ref: '#/components/schemas/IntentEnum' user: type: integer description: type: string expires: type: string format: date-time expiring: type: boolean PatchedUserDeleteStageRequest: type: object description: UserDeleteStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' PatchedUserLoginStageRequest: type: object description: UserLoginStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' session_duration: type: string minLength: 1 description: 'Determines how long a session lasts. Default of 0 means that the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)' PatchedUserLogoutStageRequest: type: object description: UserLogoutStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' PatchedUserOAuthSourceConnectionRequest: type: object description: OAuth Source Serializer properties: user: type: integer identifier: type: string minLength: 1 maxLength: 255 access_token: type: string writeOnly: true nullable: true PatchedUserRequest: type: object description: User Serializer properties: username: type: string minLength: 1 maxLength: 150 name: type: string description: User's display name. is_active: type: boolean title: Active description: Designates whether this user should be treated as active. Unselect this instead of deleting accounts. last_login: type: string format: date-time nullable: true groups: type: array items: type: string format: uuid email: type: string format: email title: Email address maxLength: 254 attributes: type: object additionalProperties: {} path: type: string minLength: 1 PatchedUserWriteStageRequest: type: object description: UserWriteStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' create_users_as_inactive: type: boolean description: When set, newly created users are inactive and cannot login. create_users_group: type: string format: uuid nullable: true description: Optionally add newly created users to this group. user_path_template: type: string PatchedWebAuthnDeviceRequest: type: object description: Serializer for WebAuthn authenticator devices properties: name: type: string minLength: 1 maxLength: 200 Permission: type: object description: Permission used for consent properties: name: type: string id: type: string required: - id - name PlexAuthenticationChallenge: type: object description: Challenge shown to the user in identification stage properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: ak-flow-sources-plex response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' client_id: type: string slug: type: string required: - client_id - slug - type PlexAuthenticationChallengeResponseRequest: type: object description: Pseudo class for plex response properties: component: type: string minLength: 1 default: ak-flow-sources-plex PlexSource: type: object description: Plex Source Serializer properties: pk: type: string format: uuid readOnly: true title: Pbm uuid name: type: string description: Source's display Name. slug: type: string description: Internal source name, used in URLs. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ enabled: type: boolean authentication_flow: type: string format: uuid nullable: true description: Flow to use when authenticating existing users. enrollment_flow: type: string format: uuid nullable: true description: Flow to use when enrolling new users. component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' user_matching_mode: allOf: - $ref: '#/components/schemas/UserMatchingModeEnum' description: How the source determines if an existing user should be authenticated or a new user enrolled. managed: type: string nullable: true title: Managed by authentik description: Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. readOnly: true user_path_template: type: string client_id: type: string description: Client identifier used to talk to Plex. allowed_servers: type: array items: type: string description: Which servers a user has to be a member of to be granted access. Empty list allows every server. allow_friends: type: boolean description: Allow friends to authenticate, even if you don't share a server. plex_token: type: string description: Plex token used to check friends required: - component - managed - meta_model_name - name - pk - plex_token - slug - verbose_name - verbose_name_plural PlexSourceConnection: type: object description: Plex Source connection Serializer properties: pk: type: integer readOnly: true title: ID user: type: integer readOnly: true source: allOf: - $ref: '#/components/schemas/Source' readOnly: true identifier: type: string plex_token: type: string required: - identifier - pk - plex_token - source - user PlexSourceConnectionRequest: type: object description: Plex Source connection Serializer properties: identifier: type: string minLength: 1 plex_token: type: string minLength: 1 required: - identifier - plex_token PlexSourceRequest: type: object description: Plex Source Serializer properties: name: type: string minLength: 1 description: Source's display Name. slug: type: string minLength: 1 description: Internal source name, used in URLs. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ enabled: type: boolean authentication_flow: type: string format: uuid nullable: true description: Flow to use when authenticating existing users. enrollment_flow: type: string format: uuid nullable: true description: Flow to use when enrolling new users. policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' user_matching_mode: allOf: - $ref: '#/components/schemas/UserMatchingModeEnum' description: How the source determines if an existing user should be authenticated or a new user enrolled. user_path_template: type: string minLength: 1 client_id: type: string minLength: 1 description: Client identifier used to talk to Plex. allowed_servers: type: array items: type: string minLength: 1 description: Which servers a user has to be a member of to be granted access. Empty list allows every server. allow_friends: type: boolean description: Allow friends to authenticate, even if you don't share a server. plex_token: type: string minLength: 1 description: Plex token used to check friends required: - name - plex_token - slug PlexTokenRedeemRequest: type: object description: Serializer to redeem a plex token properties: plex_token: type: string minLength: 1 required: - plex_token Policy: type: object description: Policy Serializer properties: pk: type: string format: uuid readOnly: true title: Policy uuid name: type: string nullable: true execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true bound_to: type: integer readOnly: true required: - bound_to - component - meta_model_name - pk - verbose_name - verbose_name_plural PolicyBinding: type: object description: PolicyBinding Serializer properties: pk: type: string format: uuid readOnly: true title: Policy binding uuid policy: type: string format: uuid nullable: true group: type: string format: uuid nullable: true user: type: integer nullable: true policy_obj: allOf: - $ref: '#/components/schemas/Policy' readOnly: true group_obj: allOf: - $ref: '#/components/schemas/Group' readOnly: true user_obj: allOf: - $ref: '#/components/schemas/User' readOnly: true target: type: string format: uuid negate: type: boolean description: Negates the outcome of the policy. Messages are unaffected. enabled: type: boolean order: type: integer maximum: 2147483647 minimum: -2147483648 timeout: type: integer maximum: 2147483647 minimum: -2147483648 description: Timeout after which Policy execution is terminated. required: - group_obj - order - pk - policy_obj - target - user_obj PolicyBindingRequest: type: object description: PolicyBinding Serializer properties: policy: type: string format: uuid nullable: true group: type: string format: uuid nullable: true user: type: integer nullable: true target: type: string format: uuid negate: type: boolean description: Negates the outcome of the policy. Messages are unaffected. enabled: type: boolean order: type: integer maximum: 2147483647 minimum: -2147483648 timeout: type: integer maximum: 2147483647 minimum: -2147483648 description: Timeout after which Policy execution is terminated. required: - order - target PolicyEngineMode: enum: - all - any type: string PolicyRequest: type: object description: Policy Serializer properties: name: type: string nullable: true execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. PolicyTestRequest: type: object description: Test policy execution for a user with context properties: user: type: integer context: type: object additionalProperties: {} required: - user PolicyTestResult: type: object description: result of a policy test properties: passing: type: boolean messages: type: array items: type: string readOnly: true log_messages: type: array items: type: object additionalProperties: {} readOnly: true required: - log_messages - messages - passing Prompt: type: object description: Prompt Serializer properties: pk: type: string format: uuid readOnly: true title: Prompt uuid field_key: type: string description: Name of the form field, also used to store the value label: type: string type: $ref: '#/components/schemas/PromptTypeEnum' required: type: boolean placeholder: type: string order: type: integer maximum: 2147483647 minimum: -2147483648 promptstage_set: type: array items: $ref: '#/components/schemas/Stage' sub_text: type: string placeholder_expression: type: boolean required: - field_key - label - pk - type PromptChallenge: type: object description: Initial challenge being sent, define fields properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: ak-stage-prompt response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' fields: type: array items: $ref: '#/components/schemas/StagePrompt' required: - fields - type PromptChallengeResponseRequest: type: object description: |- Validate response, fields are dynamically created based on the stage properties: component: type: string minLength: 1 default: ak-stage-prompt additionalProperties: {} PromptRequest: type: object description: Prompt Serializer properties: field_key: type: string minLength: 1 description: Name of the form field, also used to store the value label: type: string minLength: 1 type: $ref: '#/components/schemas/PromptTypeEnum' required: type: boolean placeholder: type: string order: type: integer maximum: 2147483647 minimum: -2147483648 promptstage_set: type: array items: $ref: '#/components/schemas/StageRequest' sub_text: type: string placeholder_expression: type: boolean required: - field_key - label - type PromptStage: type: object description: PromptStage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true flow_set: type: array items: $ref: '#/components/schemas/Flow' fields: type: array items: type: string format: uuid validation_policies: type: array items: type: string format: uuid required: - component - fields - meta_model_name - name - pk - verbose_name - verbose_name_plural PromptStageRequest: type: object description: PromptStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' fields: type: array items: type: string format: uuid validation_policies: type: array items: type: string format: uuid required: - fields - name PromptTypeEnum: enum: - text - text_read_only - username - email - password - number - checkbox - date - date-time - separator - hidden - static - ak-locale type: string PropertyMapping: type: object description: PropertyMapping Serializer properties: pk: type: string format: uuid readOnly: true title: Pm uuid managed: type: string nullable: true title: Managed by authentik description: Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. name: type: string expression: type: string component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true required: - component - expression - meta_model_name - name - pk - verbose_name - verbose_name_plural PropertyMappingTestResult: type: object description: Result of a Property-mapping test properties: result: type: string readOnly: true successful: type: boolean readOnly: true required: - result - successful Provider: type: object description: Provider Serializer properties: pk: type: integer readOnly: true title: ID name: type: string authorization_flow: type: string format: uuid description: Flow used when authorizing this provider. property_mappings: type: array items: type: string format: uuid component: type: string readOnly: true assigned_application_slug: type: string description: Internal application name, used in URLs. readOnly: true assigned_application_name: type: string description: Application's display Name. readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true required: - assigned_application_name - assigned_application_slug - authorization_flow - component - meta_model_name - name - pk - verbose_name - verbose_name_plural ProviderEnum: enum: - twilio - generic type: string ProviderRequest: type: object description: Provider Serializer properties: name: type: string minLength: 1 authorization_flow: type: string format: uuid description: Flow used when authorizing this provider. property_mappings: type: array items: type: string format: uuid required: - authorization_flow - name ProviderTypeEnum: enum: - apple - azuread - discord - facebook - github - google - openidconnect - okta - reddit - twitter - mailcow type: string ProxyMode: enum: - proxy - forward_single - forward_domain type: string ProxyOutpostConfig: type: object description: Proxy provider serializer for outposts properties: pk: type: integer readOnly: true title: ID name: type: string internal_host: type: string format: uri external_host: type: string format: uri internal_host_ssl_validation: type: boolean description: Validate SSL Certificates of upstream servers client_id: type: string maxLength: 255 client_secret: type: string maxLength: 255 oidc_configuration: allOf: - $ref: '#/components/schemas/OpenIDConnectConfiguration' readOnly: true cookie_secret: type: string certificate: type: string format: uuid nullable: true skip_path_regex: type: string description: Regular expressions for which authentication is not required. Each new line is interpreted as a new Regular Expression. basic_auth_enabled: type: boolean title: Set HTTP-Basic Authentication description: Set a custom HTTP-Basic Authentication header based on values from authentik. basic_auth_password_attribute: type: string title: HTTP-Basic Password Key description: User/Group Attribute used for the password part of the HTTP-Basic Header. basic_auth_user_attribute: type: string title: HTTP-Basic Username Key description: User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used. mode: allOf: - $ref: '#/components/schemas/ProxyMode' description: Enable support for forwardAuth in traefik and nginx auth_request. Exclusive with internal_host. cookie_domain: type: string token_validity: type: number format: double nullable: true readOnly: true scopes_to_request: type: array items: type: string readOnly: true assigned_application_slug: type: string description: Internal application name, used in URLs. readOnly: true assigned_application_name: type: string description: Application's display Name. readOnly: true required: - assigned_application_name - assigned_application_slug - external_host - name - oidc_configuration - pk - scopes_to_request - token_validity ProxyProvider: type: object description: ProxyProvider Serializer properties: pk: type: integer readOnly: true title: ID name: type: string authorization_flow: type: string format: uuid description: Flow used when authorizing this provider. property_mappings: type: array items: type: string format: uuid component: type: string readOnly: true assigned_application_slug: type: string description: Internal application name, used in URLs. readOnly: true assigned_application_name: type: string description: Application's display Name. readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true internal_host: type: string format: uri external_host: type: string format: uri internal_host_ssl_validation: type: boolean description: Validate SSL Certificates of upstream servers certificate: type: string format: uuid nullable: true skip_path_regex: type: string description: Regular expressions for which authentication is not required. Each new line is interpreted as a new Regular Expression. basic_auth_enabled: type: boolean title: Set HTTP-Basic Authentication description: Set a custom HTTP-Basic Authentication header based on values from authentik. basic_auth_password_attribute: type: string title: HTTP-Basic Password Key description: User/Group Attribute used for the password part of the HTTP-Basic Header. basic_auth_user_attribute: type: string title: HTTP-Basic Username Key description: User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used. mode: allOf: - $ref: '#/components/schemas/ProxyMode' description: Enable support for forwardAuth in traefik and nginx auth_request. Exclusive with internal_host. redirect_uris: type: string readOnly: true cookie_domain: type: string token_validity: type: string description: 'Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).' outpost_set: type: array items: type: string readOnly: true required: - assigned_application_name - assigned_application_slug - authorization_flow - component - external_host - meta_model_name - name - outpost_set - pk - redirect_uris - verbose_name - verbose_name_plural ProxyProviderRequest: type: object description: ProxyProvider Serializer properties: name: type: string minLength: 1 authorization_flow: type: string format: uuid description: Flow used when authorizing this provider. property_mappings: type: array items: type: string format: uuid internal_host: type: string format: uri external_host: type: string minLength: 1 format: uri internal_host_ssl_validation: type: boolean description: Validate SSL Certificates of upstream servers certificate: type: string format: uuid nullable: true skip_path_regex: type: string description: Regular expressions for which authentication is not required. Each new line is interpreted as a new Regular Expression. basic_auth_enabled: type: boolean title: Set HTTP-Basic Authentication description: Set a custom HTTP-Basic Authentication header based on values from authentik. basic_auth_password_attribute: type: string title: HTTP-Basic Password Key description: User/Group Attribute used for the password part of the HTTP-Basic Header. basic_auth_user_attribute: type: string title: HTTP-Basic Username Key description: User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used. mode: allOf: - $ref: '#/components/schemas/ProxyMode' description: Enable support for forwardAuth in traefik and nginx auth_request. Exclusive with internal_host. cookie_domain: type: string token_validity: type: string minLength: 1 description: 'Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).' required: - authorization_flow - external_host - name RedirectChallenge: type: object description: Challenge type to redirect the client properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: xak-flow-redirect response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' to: type: string required: - to - type RefreshTokenModel: type: object description: Serializer for BaseGrantModel and RefreshToken properties: pk: type: integer readOnly: true title: ID provider: $ref: '#/components/schemas/OAuth2Provider' user: $ref: '#/components/schemas/User' is_expired: type: boolean readOnly: true expires: type: string format: date-time scope: type: array items: type: string id_token: type: string readOnly: true revoked: type: boolean required: - id_token - is_expired - pk - provider - scope - user Reputation: type: object description: Reputation Serializer properties: pk: type: string format: uuid title: Reputation uuid identifier: type: string ip: type: string ip_geo_data: type: object additionalProperties: {} score: type: integer maximum: 9223372036854775807 minimum: -9223372036854775808 format: int64 updated: type: string format: date-time readOnly: true required: - identifier - ip - updated ReputationPolicy: type: object description: Reputation Policy Serializer properties: pk: type: string format: uuid readOnly: true title: Policy uuid name: type: string nullable: true execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true bound_to: type: integer readOnly: true check_ip: type: boolean check_username: type: boolean threshold: type: integer maximum: 2147483647 minimum: -2147483648 required: - bound_to - component - meta_model_name - pk - verbose_name - verbose_name_plural ReputationPolicyRequest: type: object description: Reputation Policy Serializer properties: name: type: string nullable: true execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. check_ip: type: boolean check_username: type: boolean threshold: type: integer maximum: 2147483647 minimum: -2147483648 ResidentKeyRequirementEnum: enum: - discouraged - preferred - required type: string SAMLMetadata: type: object description: SAML Provider Metadata serializer properties: metadata: type: string readOnly: true download_url: type: string readOnly: true required: - download_url - metadata SAMLPropertyMapping: type: object description: SAMLPropertyMapping Serializer properties: pk: type: string format: uuid readOnly: true title: Pm uuid managed: type: string nullable: true title: Managed by authentik description: Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. name: type: string expression: type: string component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true saml_name: type: string friendly_name: type: string nullable: true required: - component - expression - meta_model_name - name - pk - saml_name - verbose_name - verbose_name_plural SAMLPropertyMappingRequest: type: object description: SAMLPropertyMapping Serializer properties: managed: type: string nullable: true minLength: 1 title: Managed by authentik description: Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. name: type: string minLength: 1 expression: type: string minLength: 1 saml_name: type: string minLength: 1 friendly_name: type: string nullable: true required: - expression - name - saml_name SAMLProvider: type: object description: SAMLProvider Serializer properties: pk: type: integer readOnly: true title: ID name: type: string authorization_flow: type: string format: uuid description: Flow used when authorizing this provider. property_mappings: type: array items: type: string format: uuid component: type: string readOnly: true assigned_application_slug: type: string description: Internal application name, used in URLs. readOnly: true assigned_application_name: type: string description: Application's display Name. readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true acs_url: type: string format: uri maxLength: 200 audience: type: string description: Value of the audience restriction field of the assertion. When left empty, no audience restriction will be added. issuer: type: string description: Also known as EntityID assertion_valid_not_before: type: string description: 'Assertion valid not before current time + this value (Format: hours=-1;minutes=-2;seconds=-3).' assertion_valid_not_on_or_after: type: string description: 'Assertion not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).' session_valid_not_on_or_after: type: string description: 'Session not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).' name_id_mapping: type: string format: uuid nullable: true title: NameID Property Mapping description: Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be considered digest_algorithm: $ref: '#/components/schemas/DigestAlgorithmEnum' signature_algorithm: $ref: '#/components/schemas/SignatureAlgorithmEnum' signing_kp: type: string format: uuid nullable: true title: Signing Keypair description: Keypair used to sign outgoing Responses going to the Service Provider. verification_kp: type: string format: uuid nullable: true title: Verification Certificate description: When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. sp_binding: allOf: - $ref: '#/components/schemas/SpBindingEnum' title: Service Provider Binding description: This determines how authentik sends the response back to the Service Provider. metadata_download_url: type: string readOnly: true required: - acs_url - assigned_application_name - assigned_application_slug - authorization_flow - component - meta_model_name - metadata_download_url - name - pk - verbose_name - verbose_name_plural SAMLProviderImportRequest: type: object description: Import saml provider from XML Metadata properties: name: type: string minLength: 1 authorization_flow: type: string file: type: string format: binary required: - authorization_flow - file - name SAMLProviderRequest: type: object description: SAMLProvider Serializer properties: name: type: string minLength: 1 authorization_flow: type: string format: uuid description: Flow used when authorizing this provider. property_mappings: type: array items: type: string format: uuid acs_url: type: string format: uri minLength: 1 maxLength: 200 audience: type: string description: Value of the audience restriction field of the assertion. When left empty, no audience restriction will be added. issuer: type: string minLength: 1 description: Also known as EntityID assertion_valid_not_before: type: string minLength: 1 description: 'Assertion valid not before current time + this value (Format: hours=-1;minutes=-2;seconds=-3).' assertion_valid_not_on_or_after: type: string minLength: 1 description: 'Assertion not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).' session_valid_not_on_or_after: type: string minLength: 1 description: 'Session not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).' name_id_mapping: type: string format: uuid nullable: true title: NameID Property Mapping description: Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be considered digest_algorithm: $ref: '#/components/schemas/DigestAlgorithmEnum' signature_algorithm: $ref: '#/components/schemas/SignatureAlgorithmEnum' signing_kp: type: string format: uuid nullable: true title: Signing Keypair description: Keypair used to sign outgoing Responses going to the Service Provider. verification_kp: type: string format: uuid nullable: true title: Verification Certificate description: When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. sp_binding: allOf: - $ref: '#/components/schemas/SpBindingEnum' title: Service Provider Binding description: This determines how authentik sends the response back to the Service Provider. required: - acs_url - authorization_flow - name SAMLSource: type: object description: SAMLSource Serializer properties: pk: type: string format: uuid readOnly: true title: Pbm uuid name: type: string description: Source's display Name. slug: type: string description: Internal source name, used in URLs. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ enabled: type: boolean authentication_flow: type: string format: uuid nullable: true description: Flow to use when authenticating existing users. enrollment_flow: type: string format: uuid nullable: true description: Flow to use when enrolling new users. component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' user_matching_mode: allOf: - $ref: '#/components/schemas/UserMatchingModeEnum' description: How the source determines if an existing user should be authenticated or a new user enrolled. managed: type: string nullable: true title: Managed by authentik description: Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. readOnly: true user_path_template: type: string pre_authentication_flow: type: string format: uuid description: Flow used before authentication. issuer: type: string description: Also known as Entity ID. Defaults the Metadata URL. sso_url: type: string format: uri description: URL that the initial Login request is sent to. maxLength: 200 slo_url: type: string format: uri nullable: true description: Optional URL if your IDP supports Single-Logout. maxLength: 200 allow_idp_initiated: type: boolean description: Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done. name_id_policy: allOf: - $ref: '#/components/schemas/NameIdPolicyEnum' description: NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent. binding_type: $ref: '#/components/schemas/BindingTypeEnum' signing_kp: type: string format: uuid nullable: true title: Signing Keypair description: Keypair which is used to sign outgoing requests. Leave empty to disable signing. digest_algorithm: $ref: '#/components/schemas/DigestAlgorithmEnum' signature_algorithm: $ref: '#/components/schemas/SignatureAlgorithmEnum' temporary_user_delete_after: type: string title: Delete temporary users after description: 'Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format ''transient'', and the user doesn''t log out manually. (Format: hours=1;minutes=2;seconds=3).' required: - component - managed - meta_model_name - name - pk - pre_authentication_flow - slug - sso_url - verbose_name - verbose_name_plural SAMLSourceRequest: type: object description: SAMLSource Serializer properties: name: type: string minLength: 1 description: Source's display Name. slug: type: string minLength: 1 description: Internal source name, used in URLs. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ enabled: type: boolean authentication_flow: type: string format: uuid nullable: true description: Flow to use when authenticating existing users. enrollment_flow: type: string format: uuid nullable: true description: Flow to use when enrolling new users. policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' user_matching_mode: allOf: - $ref: '#/components/schemas/UserMatchingModeEnum' description: How the source determines if an existing user should be authenticated or a new user enrolled. user_path_template: type: string minLength: 1 pre_authentication_flow: type: string format: uuid description: Flow used before authentication. issuer: type: string description: Also known as Entity ID. Defaults the Metadata URL. sso_url: type: string format: uri minLength: 1 description: URL that the initial Login request is sent to. maxLength: 200 slo_url: type: string format: uri nullable: true description: Optional URL if your IDP supports Single-Logout. maxLength: 200 allow_idp_initiated: type: boolean description: Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done. name_id_policy: allOf: - $ref: '#/components/schemas/NameIdPolicyEnum' description: NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent. binding_type: $ref: '#/components/schemas/BindingTypeEnum' signing_kp: type: string format: uuid nullable: true title: Signing Keypair description: Keypair which is used to sign outgoing requests. Leave empty to disable signing. digest_algorithm: $ref: '#/components/schemas/DigestAlgorithmEnum' signature_algorithm: $ref: '#/components/schemas/SignatureAlgorithmEnum' temporary_user_delete_after: type: string minLength: 1 title: Delete temporary users after description: 'Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format ''transient'', and the user doesn''t log out manually. (Format: hours=1;minutes=2;seconds=3).' required: - name - pre_authentication_flow - slug - sso_url SMSDevice: type: object description: Serializer for sms authenticator devices properties: name: type: string description: The human-readable name of this device. maxLength: 64 pk: type: integer readOnly: true title: ID phone_number: type: string readOnly: true required: - name - phone_number - pk SMSDeviceRequest: type: object description: Serializer for sms authenticator devices properties: name: type: string minLength: 1 description: The human-readable name of this device. maxLength: 64 required: - name ScopeMapping: type: object description: ScopeMapping Serializer properties: pk: type: string format: uuid readOnly: true title: Pm uuid managed: type: string nullable: true title: Managed by authentik description: Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. name: type: string expression: type: string component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true scope_name: type: string description: Scope used by the client description: type: string description: Description shown to the user when consenting. If left empty, the user won't be informed. required: - component - expression - meta_model_name - name - pk - scope_name - verbose_name - verbose_name_plural ScopeMappingRequest: type: object description: ScopeMapping Serializer properties: managed: type: string nullable: true minLength: 1 title: Managed by authentik description: Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. name: type: string minLength: 1 expression: type: string minLength: 1 scope_name: type: string minLength: 1 description: Scope used by the client description: type: string description: Description shown to the user when consenting. If left empty, the user won't be informed. required: - expression - name - scope_name SelectableStage: type: object description: Serializer for stages which can be selected by users properties: pk: type: string format: uuid name: type: string verbose_name: type: string meta_model_name: type: string required: - meta_model_name - name - pk - verbose_name ServiceConnection: type: object description: ServiceConnection Serializer properties: pk: type: string format: uuid readOnly: true title: Uuid name: type: string local: type: boolean description: If enabled, use the local connection. Required Docker socket/Kubernetes Integration component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true required: - component - meta_model_name - name - pk - verbose_name - verbose_name_plural ServiceConnectionRequest: type: object description: ServiceConnection Serializer properties: name: type: string minLength: 1 local: type: boolean description: If enabled, use the local connection. Required Docker socket/Kubernetes Integration required: - name ServiceConnectionState: type: object description: Serializer for Service connection state properties: healthy: type: boolean readOnly: true version: type: string readOnly: true required: - healthy - version SessionUser: type: object description: |- Response for the /user/me endpoint, returns the currently active user (as `user` property) and, if this user is being impersonated, the original user in the `original` property. properties: user: $ref: '#/components/schemas/UserSelf' original: $ref: '#/components/schemas/UserSelf' required: - user SeverityEnum: enum: - notice - warning - alert type: string ShellChallenge: type: object description: challenge type to render HTML as-is properties: type: $ref: '#/components/schemas/ChallengeChoices' flow_info: $ref: '#/components/schemas/ContextualFlowInfo' component: type: string default: xak-flow-shell response_errors: type: object additionalProperties: type: array items: $ref: '#/components/schemas/ErrorDetail' body: type: string required: - body - type SignatureAlgorithmEnum: enum: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - http://www.w3.org/2000/09/xmldsig#dsa-sha1 type: string Source: type: object description: Source Serializer properties: pk: type: string format: uuid readOnly: true title: Pbm uuid name: type: string description: Source's display Name. slug: type: string description: Internal source name, used in URLs. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ enabled: type: boolean authentication_flow: type: string format: uuid nullable: true description: Flow to use when authenticating existing users. enrollment_flow: type: string format: uuid nullable: true description: Flow to use when enrolling new users. component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' user_matching_mode: allOf: - $ref: '#/components/schemas/UserMatchingModeEnum' description: How the source determines if an existing user should be authenticated or a new user enrolled. managed: type: string nullable: true title: Managed by authentik description: Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. readOnly: true user_path_template: type: string required: - component - managed - meta_model_name - name - pk - slug - verbose_name - verbose_name_plural SourceRequest: type: object description: Source Serializer properties: name: type: string minLength: 1 description: Source's display Name. slug: type: string minLength: 1 description: Internal source name, used in URLs. maxLength: 50 pattern: ^[-a-zA-Z0-9_]+$ enabled: type: boolean authentication_flow: type: string format: uuid nullable: true description: Flow to use when authenticating existing users. enrollment_flow: type: string format: uuid nullable: true description: Flow to use when enrolling new users. policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' user_matching_mode: allOf: - $ref: '#/components/schemas/UserMatchingModeEnum' description: How the source determines if an existing user should be authenticated or a new user enrolled. user_path_template: type: string minLength: 1 required: - name - slug SourceType: type: object description: Serializer for SourceType properties: name: type: string slug: type: string urls_customizable: type: boolean request_token_url: type: string readOnly: true nullable: true authorization_url: type: string readOnly: true nullable: true access_token_url: type: string readOnly: true nullable: true profile_url: type: string readOnly: true nullable: true required: - access_token_url - authorization_url - name - profile_url - request_token_url - slug - urls_customizable SpBindingEnum: enum: - redirect - post type: string Stage: type: object description: Stage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true flow_set: type: array items: $ref: '#/components/schemas/Flow' required: - component - meta_model_name - name - pk - verbose_name - verbose_name_plural StagePrompt: type: object description: Serializer for a single Prompt field properties: field_key: type: string label: type: string type: $ref: '#/components/schemas/PromptTypeEnum' required: type: boolean placeholder: type: string order: type: integer sub_text: type: string required: - field_key - label - order - placeholder - required - sub_text - type StageRequest: type: object description: Stage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' required: - name StaticDevice: type: object description: Serializer for static authenticator devices properties: name: type: string description: The human-readable name of this device. maxLength: 64 token_set: type: array items: $ref: '#/components/schemas/StaticDeviceToken' readOnly: true pk: type: integer readOnly: true title: ID required: - name - pk - token_set StaticDeviceRequest: type: object description: Serializer for static authenticator devices properties: name: type: string minLength: 1 description: The human-readable name of this device. maxLength: 64 required: - name StaticDeviceToken: type: object description: Serializer for static device's tokens properties: token: type: string maxLength: 16 required: - token StaticDeviceTokenRequest: type: object description: Serializer for static device's tokens properties: token: type: string minLength: 1 maxLength: 16 required: - token StatusEnum: enum: - SUCCESSFUL - WARNING - ERROR - UNKNOWN type: string SubModeEnum: enum: - hashed_user_id - user_username - user_email - user_upn type: string System: type: object description: Get system information. properties: env: type: object additionalProperties: type: string readOnly: true http_headers: type: object additionalProperties: type: string readOnly: true http_host: type: string readOnly: true http_is_secure: type: boolean readOnly: true runtime: type: object description: Runtime information properties: python_version: type: string gunicorn_version: type: string environment: type: string architecture: type: string platform: type: string uname: type: string required: - architecture - environment - gunicorn_version - platform - python_version - uname readOnly: true tenant: type: string readOnly: true server_time: type: string format: date-time readOnly: true embedded_outpost_host: type: string readOnly: true required: - embedded_outpost_host - env - http_headers - http_host - http_is_secure - runtime - server_time - tenant TOTPDevice: type: object description: Serializer for totp authenticator devices properties: name: type: string description: The human-readable name of this device. maxLength: 64 pk: type: integer readOnly: true title: ID required: - name - pk TOTPDeviceRequest: type: object description: Serializer for totp authenticator devices properties: name: type: string minLength: 1 description: The human-readable name of this device. maxLength: 64 required: - name Task: type: object description: Serialize TaskInfo and TaskResult properties: task_name: type: string task_description: type: string task_finish_timestamp: type: string format: date-time status: $ref: '#/components/schemas/StatusEnum' messages: type: array items: {} required: - messages - status - task_description - task_finish_timestamp - task_name Tenant: type: object description: Tenant Serializer properties: tenant_uuid: type: string format: uuid readOnly: true domain: type: string description: Domain that activates this tenant. Can be a superset, i.e. `a.b` for `aa.b` and `ba.b` default: type: boolean branding_title: type: string branding_logo: type: string branding_favicon: type: string flow_authentication: type: string format: uuid nullable: true flow_invalidation: type: string format: uuid nullable: true flow_recovery: type: string format: uuid nullable: true flow_unenrollment: type: string format: uuid nullable: true flow_user_settings: type: string format: uuid nullable: true event_retention: type: string description: 'Events will be deleted after this duration.(Format: weeks=3;days=2;hours=3,seconds=2).' web_certificate: type: string format: uuid nullable: true description: Web Certificate used by the authentik Core webserver. attributes: type: object additionalProperties: {} required: - domain - tenant_uuid TenantRequest: type: object description: Tenant Serializer properties: domain: type: string minLength: 1 description: Domain that activates this tenant. Can be a superset, i.e. `a.b` for `aa.b` and `ba.b` default: type: boolean branding_title: type: string minLength: 1 branding_logo: type: string minLength: 1 branding_favicon: type: string minLength: 1 flow_authentication: type: string format: uuid nullable: true flow_invalidation: type: string format: uuid nullable: true flow_recovery: type: string format: uuid nullable: true flow_unenrollment: type: string format: uuid nullable: true flow_user_settings: type: string format: uuid nullable: true event_retention: type: string minLength: 1 description: 'Events will be deleted after this duration.(Format: weeks=3;days=2;hours=3,seconds=2).' web_certificate: type: string format: uuid nullable: true description: Web Certificate used by the authentik Core webserver. attributes: type: object additionalProperties: {} required: - domain Token: type: object description: Token Serializer properties: pk: type: string format: uuid readOnly: true title: Token uuid managed: type: string nullable: true title: Managed by authentik description: Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. identifier: type: string maxLength: 255 pattern: ^[-a-zA-Z0-9_]+$ intent: $ref: '#/components/schemas/IntentEnum' user: type: integer user_obj: allOf: - $ref: '#/components/schemas/User' readOnly: true description: type: string expires: type: string format: date-time expiring: type: boolean required: - identifier - pk - user_obj TokenRequest: type: object description: Token Serializer properties: managed: type: string nullable: true minLength: 1 title: Managed by authentik description: Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. identifier: type: string minLength: 1 maxLength: 255 pattern: ^[-a-zA-Z0-9_]+$ intent: $ref: '#/components/schemas/IntentEnum' user: type: integer description: type: string expires: type: string format: date-time expiring: type: boolean required: - identifier TokenSetKeyRequest: type: object properties: key: type: string minLength: 1 required: - key TokenView: type: object description: Show token's current key properties: key: type: string readOnly: true required: - key TypeCreate: type: object description: Types of an object that can be created properties: name: type: string description: type: string component: type: string model_name: type: string required: - component - description - model_name - name UsedBy: type: object description: A list of all objects referencing the queried object properties: app: type: string model_name: type: string pk: type: string name: type: string action: $ref: '#/components/schemas/UsedByActionEnum' required: - action - app - model_name - name - pk UsedByActionEnum: enum: - CASCADE - CASCADE_MANY - SET_NULL - SET_DEFAULT type: string User: type: object description: User Serializer properties: pk: type: integer readOnly: true title: ID username: type: string maxLength: 150 name: type: string description: User's display name. is_active: type: boolean title: Active description: Designates whether this user should be treated as active. Unselect this instead of deleting accounts. last_login: type: string format: date-time nullable: true is_superuser: type: boolean readOnly: true groups: type: array items: type: string format: uuid groups_obj: type: array items: $ref: '#/components/schemas/Group' readOnly: true email: type: string format: email title: Email address maxLength: 254 avatar: type: string readOnly: true attributes: type: object additionalProperties: {} uid: type: string readOnly: true path: type: string required: - avatar - groups - groups_obj - is_superuser - name - pk - uid - username UserConsent: type: object description: UserConsent Serializer properties: pk: type: integer readOnly: true title: ID expires: type: string format: date-time user: $ref: '#/components/schemas/User' application: $ref: '#/components/schemas/Application' required: - application - pk - user UserDeleteStage: type: object description: UserDeleteStage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true flow_set: type: array items: $ref: '#/components/schemas/Flow' required: - component - meta_model_name - name - pk - verbose_name - verbose_name_plural UserDeleteStageRequest: type: object description: UserDeleteStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' required: - name UserFieldsEnum: enum: - email - username - upn type: string UserLoginStage: type: object description: UserLoginStage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true flow_set: type: array items: $ref: '#/components/schemas/Flow' session_duration: type: string description: 'Determines how long a session lasts. Default of 0 means that the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)' required: - component - meta_model_name - name - pk - verbose_name - verbose_name_plural UserLoginStageRequest: type: object description: UserLoginStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' session_duration: type: string minLength: 1 description: 'Determines how long a session lasts. Default of 0 means that the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)' required: - name UserLogoutStage: type: object description: UserLogoutStage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true flow_set: type: array items: $ref: '#/components/schemas/Flow' required: - component - meta_model_name - name - pk - verbose_name - verbose_name_plural UserLogoutStageRequest: type: object description: UserLogoutStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' required: - name UserMatchingModeEnum: enum: - identifier - email_link - email_deny - username_link - username_deny type: string UserMetrics: type: object description: User Metrics properties: logins_per_1h: type: array items: $ref: '#/components/schemas/Coordinate' readOnly: true logins_failed_per_1h: type: array items: $ref: '#/components/schemas/Coordinate' readOnly: true authorizations_per_1h: type: array items: $ref: '#/components/schemas/Coordinate' readOnly: true required: - authorizations_per_1h - logins_failed_per_1h - logins_per_1h UserOAuthSourceConnection: type: object description: OAuth Source Serializer properties: pk: type: integer readOnly: true title: ID user: type: integer source: allOf: - $ref: '#/components/schemas/Source' readOnly: true identifier: type: string maxLength: 255 required: - identifier - pk - source - user UserOAuthSourceConnectionRequest: type: object description: OAuth Source Serializer properties: user: type: integer identifier: type: string minLength: 1 maxLength: 255 access_token: type: string writeOnly: true nullable: true required: - identifier - user UserPasswordSetRequest: type: object properties: password: type: string minLength: 1 required: - password UserPath: type: object properties: paths: type: array items: type: string readOnly: true required: - paths UserRequest: type: object description: User Serializer properties: username: type: string minLength: 1 maxLength: 150 name: type: string description: User's display name. is_active: type: boolean title: Active description: Designates whether this user should be treated as active. Unselect this instead of deleting accounts. last_login: type: string format: date-time nullable: true groups: type: array items: type: string format: uuid email: type: string format: email title: Email address maxLength: 254 attributes: type: object additionalProperties: {} path: type: string minLength: 1 required: - groups - name - username UserSelf: type: object description: User Serializer for information a user can retrieve about themselves properties: pk: type: integer readOnly: true title: ID username: type: string description: Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only. pattern: ^[\w.@+-]+$ maxLength: 150 name: type: string description: User's display name. is_active: type: boolean readOnly: true title: Active description: Designates whether this user should be treated as active. Unselect this instead of deleting accounts. is_superuser: type: boolean readOnly: true groups: type: array items: $ref: '#/components/schemas/UserSelfGroups' readOnly: true email: type: string format: email title: Email address maxLength: 254 avatar: type: string readOnly: true uid: type: string readOnly: true settings: type: object additionalProperties: {} readOnly: true required: - avatar - groups - is_active - is_superuser - name - pk - settings - uid - username UserSelfGroups: type: object properties: name: type: string readOnly: true pk: type: string readOnly: true required: - name - pk UserServiceAccountRequest: type: object properties: name: type: string minLength: 1 create_group: type: boolean default: false required: - name UserServiceAccountResponse: type: object properties: username: type: string token: type: string user_uid: type: string user_pk: type: integer group_pk: type: string required: - token - user_pk - user_uid - username UserSetting: type: object description: Serializer for User settings for stages and sources properties: object_uid: type: string component: type: string title: type: string configure_url: type: string icon_url: type: string required: - component - object_uid - title UserSourceConnection: type: object description: OAuth Source Serializer properties: pk: type: integer readOnly: true title: ID user: type: integer readOnly: true source: allOf: - $ref: '#/components/schemas/Source' readOnly: true created: type: string format: date-time readOnly: true required: - created - pk - source - user UserVerificationEnum: enum: - required - preferred - discouraged type: string UserWriteStage: type: object description: UserWriteStage Serializer properties: pk: type: string format: uuid readOnly: true title: Stage uuid name: type: string component: type: string readOnly: true verbose_name: type: string readOnly: true verbose_name_plural: type: string readOnly: true meta_model_name: type: string readOnly: true flow_set: type: array items: $ref: '#/components/schemas/Flow' create_users_as_inactive: type: boolean description: When set, newly created users are inactive and cannot login. create_users_group: type: string format: uuid nullable: true description: Optionally add newly created users to this group. user_path_template: type: string required: - component - meta_model_name - name - pk - verbose_name - verbose_name_plural UserWriteStageRequest: type: object description: UserWriteStage Serializer properties: name: type: string minLength: 1 flow_set: type: array items: $ref: '#/components/schemas/FlowRequest' create_users_as_inactive: type: boolean description: When set, newly created users are inactive and cannot login. create_users_group: type: string format: uuid nullable: true description: Optionally add newly created users to this group. user_path_template: type: string required: - name ValidationError: type: object description: Validation Error properties: non_field_errors: type: array items: type: string code: type: string additionalProperties: {} Version: type: object description: Get running and latest version. properties: version_current: type: string readOnly: true version_latest: type: string readOnly: true build_hash: type: string readOnly: true outdated: type: boolean readOnly: true required: - build_hash - outdated - version_current - version_latest WebAuthnDevice: type: object description: Serializer for WebAuthn authenticator devices properties: pk: type: integer readOnly: true title: ID name: type: string maxLength: 200 created_on: type: string format: date-time readOnly: true required: - created_on - name - pk WebAuthnDeviceRequest: type: object description: Serializer for WebAuthn authenticator devices properties: name: type: string minLength: 1 maxLength: 200 required: - name Workers: type: object properties: count: type: integer required: - count securitySchemes: authentik: type: apiKey in: header name: Authorization servers: - url: /api/v3/