openapi: 3.0.0
info:
version: '1'
title: Kinde Management API
description: |
Provides endpoints to manage your Kinde Businesses.
## Intro
## How to use
1. [Set up and authorize a machine-to-machine (M2M) application](https://docs.kinde.com/developer-tools/kinde-api/connect-to-kinde-api/).
2. [Generate a test access token](https://docs.kinde.com/developer-tools/kinde-api/access-token-for-api/)
3. Test request any endpoint using the test token
termsOfService: https://docs.kinde.com/trust-center/agreements/terms-of-service/
contact:
name: Kinde Support Team
email: support@kinde.com
url: https://docs.kinde.com
servers:
- url: https://{subdomain}.kinde.com
variables:
subdomain:
default: your_kinde_subdomain
description: The subdomain generated for your business on Kinde.
tags:
- name: API Keys
x-displayName: API Keys
- name: APIs
x-displayName: APIs
- name: Applications
x-displayName: Applications
- name: Billing Entitlements
x-displayName: Billing Entitlements
- name: Billing Agreements
x-displayName: Billing Agreements
- name: Billing Meter Usage
x-displayName: Billing Meter Usage
- name: Business
x-displayName: Business
- name: Industries
x-displayName: Industries
- name: Timezones
x-displayName: Timezones
- name: Callbacks
x-displayName: Callbacks
- name: Connected Apps
x-displayName: Connected Apps
- name: Connections
x-displayName: Connections
- name: Directories
x-displayName: Directories
- name: Environments
x-displayName: Environments
- name: Environment variables
x-displayName: Environment variables
- name: Feature Flags
x-displayName: Feature Flags
- name: Identities
x-displayName: Identities
- name: Organizations
x-displayName: Organizations
- name: MFA
x-displayName: MFA
- name: Permissions
x-displayName: Permissions
- name: Properties
x-displayName: Properties
- name: Property Categories
x-displayName: Property Categories
- name: Roles
x-displayName: Roles
- name: Search
x-displayName: Search
- name: Subscribers
x-displayName: Subscribers
- name: Users
x-displayName: Users
- name: Webhooks
x-displayName: Webhooks
paths:
/api/v1/api_keys:
servers: []
get:
tags:
- API Keys
operationId: getApiKeys
x-scope: read:api_keys
summary: Get API keys
description: |
Returns a list of API keys.
read:api_keys
parameters:
- name: page_size
in: query
description: Number of results per page. Defaults to 50 if parameter not sent.
schema:
type: integer
nullable: true
- name: starting_after
in: query
description: The ID of the API key to start after.
schema:
type: string
nullable: true
- name: key_type
in: query
description: Filter by API key type (organization or user).
schema:
type: string
enum:
- organization
- user
nullable: true
- name: status
in: query
description: Filter by API key status (active, inactive, revoked).
schema:
type: string
enum:
- active
- inactive
- revoked
nullable: true
- name: user_id
in: query
description: Filter by user ID to get API keys associated with a specific user.
schema:
type: string
nullable: true
- name: org_code
in: query
description: Filter by organization code to get API keys associated with a specific organization.
schema:
type: string
nullable: true
responses:
'200':
description: API keys successfully retrieved.
content:
application/json:
schema:
$ref: '#/components/schemas/get_api_keys_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
post:
tags:
- API Keys
operationId: createApiKey
x-scope: create:api_keys
summary: Create API key
description: |
Create a new API key.
create:api_keys
requestBody:
description: API key details.
required: true
content:
application/json:
schema:
type: object
properties:
name:
description: The name of the API key.
type: string
nullable: false
type:
description: The entity type that will use this API key.
type: string
enum:
- user
- organization
- environment
nullable: false
api_id:
description: The ID of the API this key is associated with.
type: string
nullable: false
scope_ids:
description: Array of scope IDs to associate with this API key.
type: array
items:
type: string
nullable: true
user_id:
description: The ID of the user to associate with this API key (for user-level keys).
type: string
nullable: true
org_code:
description: The organization code to associate with this API key (for organization-level keys).
type: string
nullable: true
required:
- name
- api_id
- type
responses:
'201':
description: API key successfully created.
content:
application/json:
schema:
$ref: '#/components/schemas/create_api_key_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/api_keys/{key_id}:
servers: []
get:
tags:
- API Keys
operationId: getApiKey
x-scope: read:api_keys
summary: Get API key
description: |
Retrieve API key details by ID.
read:api_keys
parameters:
- name: key_id
in: path
description: The ID of the API key.
required: true
schema:
type: string
responses:
'200':
description: API key successfully retrieved.
content:
application/json:
schema:
$ref: '#/components/schemas/get_api_key_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'404':
$ref: '#/components/responses/not_found'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
delete:
tags:
- API Keys
operationId: deleteApiKey
x-scope: delete:api_keys
summary: Delete API key
description: |
Delete an API key.
delete:api_keys
parameters:
- name: key_id
in: path
description: The ID of the API key.
required: true
schema:
type: string
responses:
'200':
description: API key successfully deleted.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'404':
$ref: '#/components/responses/not_found'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
put:
tags:
- API Keys
operationId: rotateApiKey
x-scope: update:api_keys
summary: Rotate API key
description: |
Rotate an API key to generate a new key while maintaining the same permissions and associations.
update:api_keys
parameters:
- name: key_id
in: path
description: The ID of the API key to rotate.
required: true
schema:
type: string
responses:
'201':
description: API key successfully rotated.
content:
application/json:
schema:
$ref: '#/components/schemas/rotate_api_key_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'404':
$ref: '#/components/responses/not_found'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/api_keys/verify:
servers: []
post:
tags:
- API Keys
operationId: verifyApiKey
summary: Verify API key
description: |
Verify an API key (public endpoint, no authentication required).
requestBody:
description: API key verification details.
required: true
content:
application/json:
schema:
type: object
properties:
api_key:
description: The API key to verify.
type: string
nullable: false
required:
- api_key
responses:
'200':
description: API key verification result.
content:
application/json:
schema:
$ref: '#/components/schemas/verify_api_key_response'
'400':
$ref: '#/components/responses/bad_request'
'401':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/apis:
servers: []
get:
tags:
- APIs
operationId: getAPIs
x-scope: read:apis
summary: Get APIs
description: |
Returns a list of your APIs. The APIs are returned sorted by name.
read:apis
parameters:
- name: expand
in: query
description: 'Additional data to include in the response. Allowed value: "scopes".'
required: false
schema:
type: string
nullable: true
enum:
- scopes
responses:
'200':
description: A list of APIs.
content:
application/json:
schema:
$ref: '#/components/schemas/get_apis_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
post:
tags:
- APIs
operationId: addAPIs
x-scope: create:apis
summary: Create API
description: |
Register a new API. For more information read [Register and manage APIs](https://docs.kinde.com/developer-tools/your-apis/register-manage-apis/).
create:apis
externalDocs:
url: https://docs.kinde.com/developer-tools/your-apis/register-manage-apis
description: Register and manage APIs
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: The name of the API. (1-64 characters).
example: Example API
audience:
type: string
description: A unique identifier for the API - commonly the URL. This value will be used as the `audience` parameter in authorization claims. (1-64 characters)
example: https://api.example.com
required:
- name
- audience
responses:
'200':
description: APIs successfully updated
content:
application/json:
schema:
$ref: '#/components/schemas/create_apis_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/apis/{api_id}:
servers: []
parameters:
- $ref: '#/components/parameters/api_id'
get:
tags:
- APIs
operationId: getAPI
x-scope: read:apis
summary: Get API
description: |
Retrieve API details by ID.
read:apis
responses:
'200':
description: API successfully retrieved.
content:
application/json:
schema:
$ref: '#/components/schemas/get_api_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
delete:
tags:
- APIs
operationId: deleteAPI
x-scope: delete:apis
summary: Delete API
description: |
Delete an API you previously created.
delete:apis
responses:
'200':
description: API successfully deleted.
content:
application/json:
schema:
$ref: '#/components/schemas/delete_api_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/apis/{api_id}/scopes:
servers: []
get:
tags:
- APIs
operationId: getAPIScopes
x-scope: read:api_scopes
summary: Get API scopes
parameters:
- name: api_id
in: path
description: API ID
required: true
schema:
type: string
nullable: false
example: 838f208d006a482dbd8cdb79a9889f68
description: |
Retrieve API scopes by API ID.
read:api_scopes
responses:
'200':
description: API scopes successfully retrieved.
content:
application/json:
schema:
$ref: '#/components/schemas/get_api_scopes_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
post:
tags:
- APIs
operationId: addAPIScope
x-scope: create:api_scopes
summary: Create API scope
parameters:
- name: api_id
in: path
description: API ID
required: true
schema:
type: string
nullable: false
example: 838f208d006a482dbd8cdb79a9889f68
description: |
Create a new API scope.
create:api_scopes
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
key:
type: string
description: The key reference for the scope (1-64 characters, no white space).
example: read:logs
description:
type: string
description: Description of the api scope purpose.
example: Scope for reading logs.
required:
- key
responses:
'200':
description: API scopes successfully created
content:
application/json:
schema:
$ref: '#/components/schemas/create_api_scopes_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/apis/{api_id}/scopes/{scope_id}:
servers: []
get:
tags:
- APIs
operationId: getAPIScope
summary: Get API scope
parameters:
- name: api_id
in: path
description: API ID
required: true
schema:
type: string
nullable: false
example: 838f208d006a482dbd8cdb79a9889f68
- name: scope_id
in: path
description: Scope ID
required: true
schema:
type: string
nullable: false
example: api_scope_019391daf58d87d8a7213419c016ac95
description: |
Retrieve API scope by API ID.
read:api_scopes
responses:
'200':
description: API scope successfully retrieved.
content:
application/json:
schema:
$ref: '#/components/schemas/get_api_scope_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
patch:
tags:
- APIs
operationId: updateAPIScope
summary: Update API scope
parameters:
- name: api_id
in: path
description: API ID
required: true
schema:
type: string
nullable: false
example: 838f208d006a482dbd8cdb79a9889f68
- name: scope_id
in: path
description: Scope ID
required: true
schema:
type: string
nullable: false
example: api_scope_019391daf58d87d8a7213419c016ac95
description: |
Update an API scope.
update:api_scopes
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
description:
type: string
description: Description of the api scope purpose.
example: Scope for reading logs.
responses:
'200':
description: API scope successfully updated
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
delete:
tags:
- APIs
operationId: deleteAPIScope
summary: Delete API scope
parameters:
- name: api_id
in: path
description: API ID
required: true
schema:
type: string
nullable: false
example: 838f208d006a482dbd8cdb79a9889f68
- name: scope_id
in: path
description: Scope ID
required: true
schema:
type: string
nullable: false
example: api_scope_019391daf58d87d8a7213419c016ac95
description: |
Delete an API scope you previously created.
delete:apis_scopes
responses:
'200':
description: API scope successfully deleted.
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/apis/{api_id}/applications:
servers: []
parameters:
- $ref: '#/components/parameters/api_id'
patch:
tags:
- APIs
operationId: updateAPIApplications
summary: Authorize API applications
description: |
Authorize applications to be allowed to request access tokens for an API
update:apis
requestBody:
description: The applications you want to authorize.
required: true
content:
application/json:
schema:
type: object
required:
- applications
properties:
applications:
type: array
items:
type: object
required:
- id
properties:
id:
description: The application's Client ID.
type: string
example: d2db282d6214242b3b145c123f0c123
operation:
description: Optional operation, set to 'delete' to revoke authorization for the application. If not set, the application will be authorized.
type: string
example: delete
responses:
'200':
description: Authorized applications updated.
content:
application/json:
schema:
$ref: '#/components/schemas/authorize_app_api_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/apis/{api_id}/applications/{application_id}/scopes/{scope_id}:
servers: []
post:
tags:
- APIs
operationId: addAPIApplicationScope
summary: Add scope to API application
parameters:
- name: api_id
in: path
description: API ID
required: true
schema:
type: string
nullable: false
example: 838f208d006a482dbd8cdb79a9889f68
- name: application_id
in: path
description: Application ID
required: true
schema:
type: string
nullable: false
example: 7643b487c97545aab79257fd13a1085a
- name: scope_id
in: path
description: Scope ID
required: true
schema:
type: string
nullable: false
example: api_scope_019391daf58d87d8a7213419c016ac95
description: |
Add a scope to an API application.
create:api_application_scopes
responses:
'200':
description: API scope successfully added to API application
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
delete:
tags:
- APIs
operationId: deleteAPIApplicationScope
summary: Delete API application scope
parameters:
- name: api_id
in: path
description: API ID
required: true
schema:
type: string
nullable: false
example: 838f208d006a482dbd8cdb79a9889f68
- name: application_id
in: path
description: Application ID
required: true
schema:
type: string
nullable: false
example: 7643b487c97545aab79257fd13a1085a
- name: scope_id
in: path
description: Scope ID
required: true
schema:
type: string
nullable: false
example: api_scope_019391daf58d87d8a7213419c016ac95
description: |
Delete an API application scope you previously created.
delete:apis_application_scopes
responses:
'200':
description: API scope successfully deleted.
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/applications:
servers: []
get:
tags:
- Applications
operationId: getApplications
x-scope: read:applications
summary: Get applications
description: |
Get a list of applications / clients.
read:applications
parameters:
- name: sort
in: query
description: Field and order to sort the result by.
schema:
type: string
nullable: true
enum:
- name_asc
- name_desc
- name: page_size
in: query
description: Number of results per page. Defaults to 10 if parameter not sent.
schema:
type: integer
nullable: true
- name: next_token
in: query
description: A string to get the next page of results if there are more results.
schema:
type: string
nullable: true
responses:
'200':
description: A successful response with a list of applications or an empty list.
content:
application/json:
schema:
$ref: '#/components/schemas/get_applications_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
post:
tags:
- Applications
operationId: createApplication
x-scope: create:applications
summary: Create application
description: |
Create a new client.
create:applications
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
name:
description: The application's name.
type: string
example: React Native app
type:
description: The application's type. Use `reg` for regular server rendered applications, `spa` for single-page applications, `m2m` for machine-to-machine applications, and `device` for devices and IoT.
type: string
enum:
- reg
- spa
- m2m
- device
org_code:
description: Scope an M2M application to an org (Plus plan required).
type: string
example: org_1234567890abcdef
nullable: true
required:
- name
- type
responses:
'201':
description: Application successfully created.
content:
application/json:
schema:
$ref: '#/components/schemas/create_application_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/applications/{application_id}:
servers: []
get:
tags:
- Applications
operationId: getApplication
summary: Get application
description: |
Gets an application given the application's ID.
read:applications
parameters:
- name: application_id
in: path
description: The identifier for the application.
required: true
schema:
type: string
nullable: false
example: 20bbffaa4c5e492a962273039d4ae18b
responses:
'200':
description: Application successfully retrieved.
content:
application/json:
schema:
$ref: '#/components/schemas/get_application_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
patch:
tags:
- Applications
operationId: updateApplication
summary: Update Application
description: |
Updates a client's settings. For more information, read [Applications in Kinde](https://docs.kinde.com/build/applications/about-applications)
update:applications
parameters:
- name: application_id
in: path
description: The identifier for the application.
required: true
schema:
type: string
example: 20bbffaa4c5e492a962273039d4ae18b
requestBody:
description: Application details.
required: false
content:
application/json:
schema:
type: object
properties:
name:
description: The application's name.
type: string
language_key:
description: The application's language key.
type: string
logout_uris:
description: The application's logout uris.
type: array
items:
type: string
redirect_uris:
description: The application's redirect uris.
type: array
items:
type: string
login_uri:
description: The default login route for resolving session issues.
type: string
homepage_uri:
description: The homepage link to your application.
type: string
responses:
'200':
description: Application successfully updated.
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
delete:
tags:
- Applications
operationId: deleteApplication
summary: Delete application
description: |
Delete a client / application.
delete:applications
parameters:
- name: application_id
in: path
description: The identifier for the application.
required: true
schema:
type: string
example: 20bbffaa4c5e492a962273039d4ae18b
responses:
'200':
description: Application successfully deleted.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/applications/{application_id}/connections:
servers: []
get:
tags:
- Applications
operationId: GetApplicationConnections
description: |
Gets all connections for an application.
read:application_connections
summary: Get connections
parameters:
- name: application_id
in: path
description: The identifier/client ID for the application.
required: true
schema:
type: string
nullable: false
example: 20bbffaa4c5e492a962273039d4ae18b
responses:
'200':
description: Application connections successfully retrieved.
content:
application/json:
schema:
$ref: '#/components/schemas/get_connections_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/applications/{application_id}/connections/{connection_id}:
servers: []
post:
tags:
- Applications
operationId: EnableConnection
summary: Enable connection
description: |
Enable an auth connection for an application.
create:application_connections
parameters:
- name: application_id
in: path
description: The identifier/client ID for the application.
required: true
schema:
type: string
example: 20bbffaa4c5e492a962273039d4ae18b
- name: connection_id
in: path
description: The identifier for the connection.
required: true
schema:
type: string
example: conn_0192c16abb53b44277e597d31877ba5b
responses:
'200':
description: Connection successfully enabled.
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
delete:
tags:
- Applications
operationId: RemoveConnection
summary: Remove connection
description: |
Turn off an auth connection for an application
delete:application_connections
parameters:
- name: application_id
in: path
description: The identifier/client ID for the application.
required: true
schema:
type: string
example: 20bbffaa4c5e492a962273039d4ae18b
- name: connection_id
in: path
description: The identifier for the connection.
required: true
schema:
type: string
example: conn_0192c16abb53b44277e597d31877ba5b
responses:
'200':
description: Connection successfully removed.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/applications/{application_id}/properties:
servers: []
parameters:
- $ref: '#/components/parameters/application_id'
get:
tags:
- Applications
operationId: getApplicationPropertyValues
summary: Get property values
description: |
Gets properties for an application by client ID.
read:application_properties
responses:
'200':
description: Properties successfully retrieved.
content:
application/json:
schema:
$ref: '#/components/schemas/get_property_values_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/applications/{application_id}/properties/{property_key}:
servers: []
parameters:
- $ref: '#/components/parameters/application_id'
- $ref: '#/components/parameters/property_key'
put:
tags:
- Applications
operationId: updateApplicationsProperty
summary: Update property
description: |
Update application property value.
update:application_properties
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
value:
oneOf:
- type: string
- type: boolean
description: The new value for the property
example: Some new value
required:
- value
responses:
'200':
description: Property successfully updated
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/applications/{application_id}/tokens:
servers: []
patch:
tags:
- Applications
operationId: updateApplicationTokens
summary: Update application tokens
description: |
Configure tokens for an application.
update:application_tokens
parameters:
- name: application_id
in: path
description: The identifier/client ID for the application.
required: true
schema:
type: string
example: 20bbffaa4c5e492a962273039d4ae18b
requestBody:
description: Application tokens.
required: true
content:
application/json:
schema:
type: object
properties:
access_token_lifetime:
description: The lifetime of an access token in seconds.
type: integer
example: 3600
refresh_token_lifetime:
description: The lifetime of a refresh token in seconds.
type: integer
example: 86400
id_token_lifetime:
description: The lifetime of an ID token in seconds.
type: integer
example: 3600
authenticated_session_lifetime:
description: The lifetime of an authenticated session in seconds.
type: integer
example: 86400
is_hasura_mapping_enabled:
description: Enable or disable Hasura mapping.
type: boolean
example: true
responses:
'200':
description: Application tokens successfully updated.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/billing/entitlements:
servers: []
get:
tags:
- Billing Entitlements
operationId: getBillingEntitlements
x-scope: read:billing_entitlements
description: |
Returns all the entitlements a billing customer currently has access to
read:billing_entitlements
summary: Get billing entitlements
parameters:
- name: page_size
in: query
required: false
description: Number of results per page. Defaults to 10 if parameter not sent.
schema:
type: integer
nullable: true
- name: starting_after
in: query
required: false
description: The ID of the billing entitlement to start after.
schema:
type: string
nullable: true
- name: ending_before
in: query
required: false
description: The ID of the billing entitlement to end before.
schema:
type: string
nullable: true
- name: customer_id
in: query
description: The ID of the billing customer to retrieve entitlements for
required: true
schema:
type: string
nullable: false
- name: max_value
in: query
description: When the maximum limit of an entitlement is null, this value is returned as the maximum limit
schema:
type: string
nullable: true
- name: expand
in: query
description: 'Additional plan data to include in the response. Allowed value: "plans".'
required: false
schema:
type: string
nullable: true
enum:
- plans
responses:
'200':
description: Billing entitlements successfully retrieved.
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/get_billing_entitlements_response'
application/json:
schema:
$ref: '#/components/schemas/get_billing_entitlements_response'
'400':
description: Invalid request.
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
application/json:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
application/json:
schema:
$ref: '#/components/schemas/error_response'
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/billing/agreements:
servers: []
get:
tags:
- Billing Agreements
operationId: getBillingAgreements
description: |
Returns all the agreements a billing customer currently has access to
read:billing_agreements
summary: Get billing agreements
parameters:
- name: page_size
in: query
required: false
description: Number of results per page. Defaults to 10 if parameter not sent.
schema:
type: integer
nullable: true
- name: starting_after
in: query
required: false
description: The ID of the billing agreement to start after.
schema:
type: string
nullable: true
- name: ending_before
in: query
required: false
description: The ID of the billing agreement to end before.
schema:
type: string
nullable: true
- name: customer_id
in: query
description: The ID of the billing customer to retrieve agreements for
required: true
schema:
type: string
nullable: false
example: customer_0195ac80a14c2ca2cec97d026d864de0
- name: feature_code
in: query
required: false
description: The feature code to filter by agreements only containing that feature
schema:
type: string
nullable: true
responses:
'200':
description: Billing agreements successfully retrieved.
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/get_billing_agreements_response'
application/json:
schema:
$ref: '#/components/schemas/get_billing_agreements_response'
'400':
description: Invalid request.
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
application/json:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
application/json:
schema:
$ref: '#/components/schemas/error_response'
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
post:
tags:
- Billing Agreements
operationId: createBillingAgreement
description: |
Creates a new billing agreement based on the plan code passed, and cancels the customer's existing agreements
create:billing_agreements
summary: Create billing agreement
requestBody:
description: New agreement request values
required: true
content:
application/json:
schema:
type: object
required:
- customer_id
- plan_code
properties:
customer_id:
description: The ID of the billing customer to create a new agreement for
type: string
example: customer_0195ac80a14c2ca2cec97d026d864de0
plan_code:
description: The code of the billing plan the new agreement will be based on
type: string
example: pro
is_invoice_now:
type: boolean
description: Generate a final invoice for any un-invoiced metered usage.
example: true
is_prorate:
type: boolean
description: Generate a proration invoice item that credits remaining unused features.
example: true
responses:
'200':
description: Billing agreement successfully changed
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/billing/meter_usage:
servers: []
post:
tags:
- Billing Meter Usage
operationId: createMeterUsageRecord
summary: Create meter usage record
description: |
Create a new meter usage record
create:meter_usage
requestBody:
description: Meter usage record
required: true
content:
application/json:
schema:
type: object
required:
- customer_agreement_id
- billing_feature_code
- meter_value
properties:
customer_agreement_id:
description: The billing agreement against which to record usage
type: string
example: agreement_0195ac80a14c2ca2cec97d026d864de0
billing_feature_code:
description: The code of the feature within the agreement against which to record usage
type: string
example: pro_gym
meter_value:
description: The value of usage to record
type: string
example: pro_gym
meter_usage_timestamp:
type: string
format: date-time
description: The date and time the usage needs to be recorded for (defaults to current date/time)
example: '2024-11-18T13:32:03+11'
meter_type_code:
type: string
enum:
- absolute
- delta
description: Absolutes overrides the current usage
responses:
'200':
description: Meter usage record successfully created.
content:
application/json:
schema:
$ref: '#/components/schemas/create_meter_usage_record_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/business:
servers: []
get:
tags:
- Business
operationId: getBusiness
x-scope: read:businesses
summary: Get business
description: |
Get your business details.
read:businesses
responses:
'200':
description: Your business details.
content:
application/json:
schema:
$ref: '#/components/schemas/get_business_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
patch:
tags:
- Business
operationId: updateBusiness
x-scope: update:businesses
summary: Update business
description: |
Update your business details.
update:businesses
requestBody:
description: The business details to update.
required: true
content:
application/json:
schema:
type: object
properties:
business_name:
type: string
description: The name of the business.
example: Tailsforce Ltd
nullable: true
email:
type: string
description: The email address of the business.
example: sally@example.com
nullable: true
industry_key:
type: string
description: The key of the industry of your business. Can be retrieved from the /industries endpoint.
example: construction
nullable: true
is_click_wrap:
description: Whether the business is using clickwrap agreements.
type: boolean
example: false
nullable: true
is_show_kinde_branding:
description: Whether the business is showing Kinde branding. Requires a paid plan.
type: boolean
example: true
nullable: true
kinde_perk_code:
description: The Kinde perk code for the business.
type: string
nullable: true
phone:
description: The phone number of the business.
type: string
example: 123-456-7890
nullable: true
privacy_url:
description: The URL to the business's privacy policy.
type: string
example: https://example.com/privacy
nullable: true
terms_url:
description: The URL to the business's terms of service.
type: string
example: https://example.com/terms
nullable: true
timezone_key:
description: The key of the timezone of your business. Can be retrieved from the /timezones endpoint.
type: string
example: los_angeles_pacific_standard_time
nullable: true
responses:
'200':
description: Business successfully updated.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/industries:
servers: []
get:
tags:
- Industries
operationId: getIndustries
summary: Get industries
description: |
Get a list of industries and associated industry keys.
read:industries
responses:
'200':
description: A list of industries.
content:
application/json:
schema:
$ref: '#/components/schemas/get_industries_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/timezones:
servers: []
get:
tags:
- Timezones
operationId: getTimezones
summary: Get timezones
description: |
Get a list of timezones and associated timezone keys.
read:timezones
responses:
'200':
description: A list of timezones.
content:
application/json:
schema:
$ref: '#/components/schemas/get_timezones_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/applications/{app_id}/auth_redirect_urls:
servers: []
get:
tags:
- Callbacks
operationId: getCallbackURLs
x-scope: read:applications_redirect_uris
description: |
Returns an application's redirect callback URLs.
read:applications_redirect_uris
summary: List Callback URLs
parameters:
- name: app_id
in: path
description: The identifier for the application.
required: true
schema:
type: string
responses:
'200':
description: Callback URLs successfully retrieved.
content:
application/json:
schema:
$ref: '#/components/schemas/redirect_callback_urls'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/redirect_callback_urls'
'400':
description: Invalid request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
post:
tags:
- Callbacks
operationId: addRedirectCallbackURLs
x-scope: create:applications_redirect_uris
description: |
Add additional redirect callback URLs.
create:applications_redirect_uris
summary: Add Redirect Callback URLs
parameters:
- name: app_id
in: path
description: The identifier for the application.
required: true
schema:
type: string
requestBody:
description: Callback details.
required: true
content:
application/json:
schema:
type: object
properties:
urls:
type: array
items:
type: string
description: Array of callback urls.
responses:
'200':
description: Callbacks successfully updated
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/success_response'
'400':
description: Invalid request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
put:
tags:
- Callbacks
operationId: replaceRedirectCallbackURLs
description: |
Replace all redirect callback URLs.
update:applications_redirect_uris
summary: Replace Redirect Callback URLs
parameters:
- name: app_id
in: path
description: The identifier for the application.
required: true
schema:
type: string
requestBody:
description: Callback details.
required: true
content:
application/json:
schema:
type: object
properties:
urls:
type: array
items:
type: string
description: Array of callback urls.
responses:
'200':
description: Callbacks successfully updated
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/success_response'
'400':
description: Invalid request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
delete:
tags:
- Callbacks
operationId: deleteCallbackURLs
description: |
Delete callback URLs.
delete:applications_redirect_uris
summary: Delete Callback URLs
parameters:
- name: app_id
in: path
description: The identifier for the application.
required: true
schema:
type: string
- name: urls
in: query
description: Urls to delete, comma separated and url encoded.
required: true
schema:
type: string
responses:
'200':
description: Callback URLs successfully deleted.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/success_response'
'400':
description: Invalid request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/applications/{app_id}/auth_logout_urls:
servers: []
get:
tags:
- Callbacks
operationId: getLogoutURLs
description: |
Returns an application's logout redirect URLs.
read:application_logout_uris
summary: List logout URLs
parameters:
- name: app_id
in: path
description: The identifier for the application.
required: true
schema:
type: string
responses:
'200':
description: Logout URLs successfully retrieved.
content:
application/json:
schema:
$ref: '#/components/schemas/logout_redirect_urls'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
post:
tags:
- Callbacks
operationId: addLogoutRedirectURLs
description: |
Add additional logout redirect URLs.
create:application_logout_uris
summary: Add logout redirect URLs
parameters:
- name: app_id
in: path
description: The identifier for the application.
required: true
schema:
type: string
requestBody:
description: Callback details.
required: true
content:
application/json:
schema:
type: object
properties:
urls:
type: array
items:
type: string
description: Array of logout urls.
responses:
'200':
description: Logout URLs successfully updated.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
put:
tags:
- Callbacks
operationId: replaceLogoutRedirectURLs
description: |
Replace all logout redirect URLs.
update:application_logout_uris
summary: Replace logout redirect URls
parameters:
- name: app_id
in: path
description: The identifier for the application.
required: true
schema:
type: string
requestBody:
description: Callback details.
required: true
content:
application/json:
schema:
type: object
properties:
urls:
type: array
items:
type: string
description: Array of logout urls.
responses:
'200':
description: Logout URLs successfully updated.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
delete:
tags:
- Callbacks
operationId: deleteLogoutURLs
description: |
Delete logout URLs.
delete:application_logout_uris
summary: Delete Logout URLs
parameters:
- name: app_id
in: path
description: The identifier for the application.
required: true
schema:
type: string
- name: urls
in: query
description: Urls to delete, comma separated and url encoded.
required: true
schema:
type: string
responses:
'200':
description: Logout URLs successfully deleted.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/connected_apps/auth_url:
servers: []
get:
tags:
- Connected Apps
operationId: GetConnectedAppAuthUrl
x-scope: read:connected_apps
description: |
Get a URL that authenticates and authorizes a user to a third-party connected app.
read:connected_apps
summary: Get Connected App URL
parameters:
- name: key_code_ref
in: query
description: The unique key code reference of the connected app to authenticate against.
schema:
type: string
nullable: false
required: true
- name: user_id
in: query
description: The id of the user that needs to authenticate to the third-party connected app.
schema:
type: string
nullable: false
required: false
- name: org_code
in: query
description: The code of the Kinde organization that needs to authenticate to the third-party connected app.
schema:
type: string
nullable: false
required: false
- name: override_callback_url
in: query
description: A URL that overrides the default callback URL setup in your connected app configuration
schema:
type: string
nullable: false
required: false
responses:
'200':
description: A URL that can be used to authenticate and a session id to identify this authentication session.
content:
application/json:
schema:
$ref: '#/components/schemas/connected_apps_auth_url'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/connected_apps_auth_url'
'400':
description: Error retrieving connected app auth url.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'404':
description: Error retrieving connected app auth url.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/connected_apps/token:
servers: []
get:
tags:
- Connected Apps
operationId: GetConnectedAppToken
x-scope: read:connected_apps
description: |
Get an access token that can be used to call the third-party provider linked to the connected app.
read:connected_apps
summary: Get Connected App Token
parameters:
- name: session_id
in: query
description: The unique sesssion id representing the login session of a user.
schema:
type: string
nullable: false
required: true
responses:
'200':
description: An access token that can be used to query a third-party provider, as well as the token's expiry time.
content:
application/json:
schema:
$ref: '#/components/schemas/connected_apps_access_token'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/connected_apps_access_token'
'400':
description: The session id provided points to an invalid session.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/connected_apps/revoke:
servers: []
post:
tags:
- Connected Apps
operationId: RevokeConnectedAppToken
description: |
Revoke the tokens linked to the connected app session.
create:connected_apps
summary: Revoke Connected App Token
parameters:
- name: session_id
in: query
description: The unique sesssion id representing the login session of a user.
schema:
type: string
nullable: false
required: true
responses:
'200':
description: An access token that can be used to query a third-party provider, as well as the token's expiry time.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/success_response'
'400':
description: Bad request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'405':
description: Invalid HTTP method used.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/connections:
servers: []
get:
tags:
- Connections
operationId: GetConnections
x-scope: read:connections
description: |
Returns a list of authentication connections. Optionally you can filter this by a home realm domain.
read:connections
summary: Get connections
parameters:
- name: page_size
in: query
description: Number of results per page. Defaults to 10 if parameter not sent.
schema:
type: integer
nullable: true
- name: home_realm_domain
in: query
description: Filter the results by the home realm domain.
schema:
example: myapp.com
type: string
nullable: true
- name: starting_after
in: query
description: The ID of the connection to start after.
schema:
type: string
nullable: true
- name: ending_before
in: query
description: The ID of the connection to end before.
schema:
type: string
nullable: true
responses:
'200':
description: Connections successfully retrieved.
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/get_connections_response'
application/json:
schema:
$ref: '#/components/schemas/get_connections_response'
'400':
description: Invalid request.
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
application/json:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
application/json:
schema:
$ref: '#/components/schemas/error_response'
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
post:
tags:
- Connections
operationId: CreateConnection
x-scope: create:connections
description: |
Create Connection.
create:connections
summary: Create Connection
requestBody:
description: Connection details.
required: true
content:
application/json:
schema:
type: object
properties:
name:
description: The internal name of the connection.
type: string
nullable: false
display_name:
description: The public facing name of the connection.
type: string
nullable: false
strategy:
description: The identity provider identifier for the connection.
type: string
enum:
- oauth2:apple
- oauth2:azure_ad
- oauth2:bitbucket
- oauth2:discord
- oauth2:facebook
- oauth2:github
- oauth2:gitlab
- oauth2:google
- oauth2:linkedin
- oauth2:microsoft
- oauth2:patreon
- oauth2:slack
- oauth2:stripe
- oauth2:twitch
- oauth2:twitter
- oauth2:xero
- saml:custom
- saml:cloudflare
- saml:okta
- saml:microsoft
- saml:google
- wsfed:azure_ad
nullable: false
enabled_applications:
description: Client IDs of applications in which this connection is to be enabled.
type: array
items:
type: string
organization_code:
description: Enterprise connections only - the code for organization that manages this connection.
type: string
nullable: true
example: org_80581732fbe
options:
oneOf:
- type: object
description: Social connection options (e.g., Google SSO).
properties:
client_id:
type: string
description: OAuth client ID.
example: hji7db2146af332akfldfded22
client_secret:
type: string
description: OAuth client secret.
example: 19fkjdalg521l23fassf3039d4ae18b
is_use_custom_domain:
type: boolean
description: Use custom domain callback URL.
example: true
is_trusted:
type: boolean
description: Trust this connection for account merging.
example: true
- type: object
description: Azure AD connection options.
properties:
client_id:
type: string
description: Client ID.
example: hji7db2146af332akfldfded22
client_secret:
type: string
description: Client secret.
example: 19fkjdalg521l23fassf3039d4ae18b
home_realm_domains:
type: array
items:
type: string
description: List of domains to limit authentication.
example:
- '@kinde.com'
- '@kinde.io'
entra_id_domain:
type: string
description: Domain for Entra ID.
example: kinde.com
is_use_common_endpoint:
type: boolean
description: Use https://login.windows.net/common instead of a default endpoint.
example: true
is_sync_user_profile_on_login:
type: boolean
description: Sync user profile data with IDP.
example: true
is_retrieve_provider_user_groups:
type: boolean
description: Include user group info from MS Entra ID.
example: true
is_extended_attributes_required:
type: boolean
description: Include additional user profile information.
example: true
is_auto_join_organization_enabled:
type: boolean
description: Users automatically join organization when using this connection.
example: true
is_create_missing_user:
type: boolean
description: Create a user record in Kinde if the user signing in does not exist.
example: true
is_force_show_sso_button:
type: boolean
description: Force showing the SSO button for this connection.
example: false
upstream_params:
type: object
description: Additional upstream parameters to pass to the identity provider.
additionalProperties: true
example:
prompt:
value: select_account
is_use_custom_domain:
type: boolean
description: Use custom domain callback URL.
example: true
is_trusted:
type: boolean
description: Trust this connection for account merging.
example: true
- type: object
description: SAML connection options (e.g., Cloudflare SAML).
properties:
home_realm_domains:
type: array
items:
type: string
description: List of domains to restrict authentication.
example:
- '@kinde.com'
- '@kinde.io'
saml_entity_id:
type: string
description: SAML Entity ID.
example: https://kinde.com
saml_idp_metadata_url:
type: string
description: URL for the IdP metadata.
example: https://kinde.com/saml/metadata
saml_sign_in_url:
type: string
description: Override the default SSO endpoint with a URL your IdP recognizes.
example: https://kinde.com/saml/signin
sign_request_algorithm:
type: string
description: Algorithm used to sign SAML requests.
enum:
- RSA-SHA256
- RSA-SHA1
example: RSA-SHA256
protocol_binding:
type: string
description: Protocol binding used to send SAML requests.
enum:
- HTTP-REDIRECT
- HTTP-POST
example: HTTP-REDIRECT
name_id_format:
type: string
description: Format for the Name ID used to identify users in SAML responses.
enum:
- Persistent
- Transient
- Email address
- Unspecified
example: Persistent
saml_email_key_attr:
type: string
description: Attribute key for the user's email.
example: email
saml_user_id_key_attr:
type: string
description: Attribute key for the user's ID.
example: user_id
saml_first_name_key_attr:
type: string
description: Attribute key for the user's first name.
example: given_name
saml_last_name_key_attr:
type: string
description: Attribute key for the user's last name.
example: family_name
is_create_missing_user:
type: boolean
description: Create user if they don't exist.
example: true
is_force_show_sso_button:
type: boolean
description: Force showing the SSO button for this connection.
example: false
upstream_params:
type: object
description: Additional upstream parameters to pass to the identity provider.
additionalProperties: true
example:
prompt:
value: select_account
saml_signing_certificate:
type: string
description: Certificate for signing SAML requests.
example: |-
-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgIEUjZoyDANBgkqhkiG9w0BAQsFADBzMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExEjAQBgNVBAcMCVNhbiBGcmFuYzEXMBUGA1UECgwOQ2xv
-----END CERTIFICATE-----
saml_signing_private_key:
type: string
description: Private key associated with the signing certificate.
example: |-
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCy5+KLjTzF6tvl
-----END PRIVATE KEY-----
is_auto_join_organization_enabled:
type: boolean
description: Users automatically join organization when using this connection.
example: true
is_use_custom_domain:
type: boolean
description: Use custom domain callback URL.
example: true
is_trusted:
type: boolean
description: Trust this connection for account merging.
example: true
responses:
'201':
description: Connection successfully created.
content:
application/json:
schema:
$ref: '#/components/schemas/create_connection_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/connections/{connection_id}:
servers: []
get:
tags:
- Connections
operationId: GetConnection
description: |
Get Connection.
read:connections
summary: Get Connection
parameters:
- name: connection_id
in: path
description: The unique identifier for the connection.
required: true
schema:
type: string
responses:
'200':
description: Connection successfully retrieved.
content:
application/json:
schema:
$ref: '#/components/schemas/connection'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
patch:
tags:
- Connections
operationId: UpdateConnection
description: |
Update Connection.
update:connections
summary: Update Connection
parameters:
- name: connection_id
in: path
description: The unique identifier for the connection.
required: true
schema:
type: string
requestBody:
description: The fields of the connection to update.
required: true
content:
application/json:
schema:
type: object
properties:
name:
description: The internal name of the connection.
type: string
nullable: false
example: ConnectionA
display_name:
description: The public facing name of the connection.
type: string
nullable: false
example: Connection
enabled_applications:
description: Client IDs of applications in which this connection is to be enabled.
type: array
example:
- c647dbe20f5944e28af97c9184fded22
- 20bbffaa4c5e492a962273039d4ae18b
items:
type: string
options:
oneOf:
- type: object
description: Social connection options (e.g., Google SSO).
properties:
client_id:
type: string
description: OAuth client ID.
example: hji7db2146af332akfldfded22
client_secret:
type: string
description: OAuth client secret.
example: 19fkjdalg521l23fassf3039d4ae18b
is_use_custom_domain:
type: boolean
description: Use custom domain callback URL.
example: true
is_trusted:
type: boolean
description: Trust this connection for account merging.
example: true
- type: object
description: Azure AD connection options.
properties:
client_id:
type: string
description: Client ID.
example: hji7db2146af332akfldfded22
client_secret:
type: string
description: Client secret.
example: 19fkjdalg521l23fassf3039d4ae18b
home_realm_domains:
type: array
items:
type: string
description: List of domains to limit authentication.
example:
- '@kinde.com'
- '@kinde.io'
entra_id_domain:
type: string
description: Domain for Entra ID.
example: kinde.com
is_use_common_endpoint:
type: boolean
description: Use https://login.windows.net/common instead of a default endpoint.
example: true
is_sync_user_profile_on_login:
type: boolean
description: Sync user profile data with IDP.
example: true
is_retrieve_provider_user_groups:
type: boolean
description: Include user group info from MS Entra ID.
example: true
is_extended_attributes_required:
type: boolean
description: Include additional user profile information.
example: true
is_create_missing_user:
type: boolean
description: Create users if they don't exist in the system.
example: true
is_force_show_sso_button:
type: boolean
description: Force showing the SSO button for this connection.
example: false
upstream_params:
type: object
description: Additional upstream parameters to pass to the identity provider.
additionalProperties: true
example:
prompt:
value: select_account
is_use_custom_domain:
type: boolean
description: Use custom domain callback URL.
example: true
is_trusted:
type: boolean
description: Trust this connection for account merging.
example: true
- type: object
description: SAML connection options (e.g., Cloudflare SAML).
properties:
home_realm_domains:
type: array
items:
type: string
description: List of domains to restrict authentication.
example:
- '@kinde.com'
- '@kinde.io'
saml_entity_id:
type: string
description: SAML Entity ID.
example: https://kinde.com
saml_idp_metadata_url:
type: string
description: URL for the IdP metadata.
example: https://kinde.com/saml/metadata
saml_sign_in_url:
type: string
description: Override the default SSO endpoint with a URL your IdP recognizes.
example: https://kinde.com/saml/signin
sign_request_algorithm:
type: string
description: Algorithm used to sign SAML requests.
enum:
- RSA-SHA256
- RSA-SHA1
example: RSA-SHA256
protocol_binding:
type: string
description: Protocol binding used to send SAML requests.
enum:
- HTTP-REDIRECT
- HTTP-POST
example: HTTP-REDIRECT
name_id_format:
type: string
description: Format for the Name ID used to identify users in SAML responses.
enum:
- Persistent
- Transient
- Email address
- Unspecified
example: Persistent
saml_email_key_attr:
type: string
description: Attribute key for the user's email.
example: email
saml_user_id_key_attr:
type: string
description: Attribute key for the user's ID.
example: user_id
saml_first_name_key_attr:
type: string
description: Attribute key for the user's first name.
example: given_name
saml_last_name_key_attr:
type: string
description: Attribute key for the user's last name.
example: family_name
is_create_missing_user:
type: boolean
description: Create user if they don't exist.
example: true
is_force_show_sso_button:
type: boolean
description: Force showing the SSO button for this connection.
example: false
upstream_params:
type: object
description: Additional upstream parameters to pass to the identity provider.
additionalProperties: true
example:
prompt:
value: select_account
saml_signing_certificate:
type: string
description: Certificate for signing SAML requests.
example: |-
-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgIEUjZoyDANBgkqhkiG9w0BAQsFADBzMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExEjAQBgNVBAcMCVNhbiBGcmFuYzEXMBUGA1UECgwOQ2xv
-----END CERTIFICATE-----
saml_signing_private_key:
type: string
description: Private key associated with the signing certificate.
example: |-
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCy5+KLjTzF6tvl
-----END PRIVATE KEY-----
is_use_custom_domain:
type: boolean
description: Use custom domain callback URL.
example: true
is_trusted:
type: boolean
description: Trust this connection for account merging.
example: true
responses:
'200':
description: Connection successfully updated.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'404':
$ref: '#/components/responses/not_found'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
put:
tags:
- Connections
operationId: ReplaceConnection
description: |
Replace Connection Config.
update:connections
summary: Replace Connection
parameters:
- name: connection_id
in: path
description: The unique identifier for the connection.
required: true
schema:
type: string
requestBody:
description: The complete connection configuration to replace the existing one.
required: true
content:
application/json:
schema:
type: object
properties:
name:
description: The internal name of the connection.
type: string
example: ConnectionA
nullable: false
display_name:
description: The public-facing name of the connection.
type: string
example: Connection
nullable: false
enabled_applications:
description: Client IDs of applications in which this connection is to be enabled.
type: array
items:
type: string
example:
- c647dbe20f5944e28af97c9184fded22
- 20bbffaa4c5e492a962273039d4ae18b
options:
oneOf:
- type: object
description: Social connection options (e.g., Google SSO).
properties:
client_id:
type: string
description: OAuth client ID.
example: hji7db2146af332akfldfded22
client_secret:
type: string
description: OAuth client secret.
example: 19fkjdalg521l23fassf3039d4ae18b
is_use_custom_domain:
type: boolean
description: Use custom domain callback URL.
example: true
is_trusted:
type: boolean
description: Trust this connection for account merging.
example: true
- type: object
description: Azure AD connection options.
properties:
client_id:
type: string
description: Client ID.
example: hji7db2146af332akfldfded22
client_secret:
type: string
description: Client secret.
example: 19fkjdalg521l23fassf3039d4ae18b
home_realm_domains:
type: array
items:
type: string
description: List of domains to limit authentication.
example:
- '@kinde.com'
- '@kinde.io'
entra_id_domain:
type: string
description: Domain for Entra ID.
example: kinde.com
is_use_common_endpoint:
type: boolean
description: Use https://login.windows.net/common instead of a default endpoint.
example: true
is_sync_user_profile_on_login:
type: boolean
description: Sync user profile data with IDP.
example: true
is_retrieve_provider_user_groups:
type: boolean
description: Include user group info from MS Entra ID.
example: true
is_extended_attributes_required:
type: boolean
description: Include additional user profile information.
example: true
is_create_missing_user:
type: boolean
description: Create a user record in Kinde if the user signing in does not exist.
example: true
is_force_show_sso_button:
type: boolean
description: Force showing the SSO button for this connection.
example: false
upstream_params:
type: object
description: Additional upstream parameters to pass to the identity provider.
additionalProperties: true
example:
prompt:
value: select_account
is_use_custom_domain:
type: boolean
description: Use custom domain callback URL.
example: true
is_trusted:
type: boolean
description: Trust this connection for account merging.
example: true
- type: object
description: SAML connection options (e.g., Cloudflare SAML).
properties:
home_realm_domains:
type: array
items:
type: string
description: List of domains to restrict authentication.
example:
- '@kinde.com'
- '@kinde.io'
saml_entity_id:
type: string
description: SAML Entity ID.
example: https://kinde.com
saml_idp_metadata_url:
type: string
description: URL for the IdP metadata.
example: https://kinde.com/saml/metadata
sign_request_algorithm:
type: string
description: Algorithm used to sign SAML requests.
enum:
- RSA-SHA256
- RSA-SHA1
example: RSA-SHA256
protocol_binding:
type: string
description: Protocol binding used to send SAML requests.
enum:
- HTTP-REDIRECT
- HTTP-POST
example: HTTP-REDIRECT
name_id_format:
type: string
description: Format for the Name ID used to identify users in SAML responses.
enum:
- Persistent
- Transient
- Email address
- Unspecified
example: Persistent
saml_email_key_attr:
type: string
description: Attribute key for the user's email.
example: email
saml_user_id_key_attr:
type: string
description: Attribute key for the user's ID.
example: user_id
saml_first_name_key_attr:
type: string
description: Attribute key for the user's first name.
example: given_name
saml_last_name_key_attr:
type: string
description: Attribute key for the user's last name.
example: family_name
is_create_missing_user:
type: boolean
description: Create user if they don't exist.
example: true
is_force_show_sso_button:
type: boolean
description: Force showing the SSO button for this connection.
example: false
upstream_params:
type: object
description: Additional upstream parameters to pass to the identity provider.
additionalProperties: true
example:
prompt:
value: select_account
saml_signing_certificate:
type: string
description: Certificate for signing SAML requests.
example: |-
-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgIEUjZoyDANBgkqhkiG9w0BAQsFADBzMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExEjAQBgNVBAcMCVNhbiBGcmFuYzEXMBUGA1UECgwOQ2xv
-----END CERTIFICATE-----
saml_signing_private_key:
type: string
description: Private key associated with the signing certificate.
example: |-
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCy5+KLjTzF6tvl
-----END PRIVATE KEY-----
is_use_custom_domain:
type: boolean
description: Use custom domain callback URL.
example: true
is_trusted:
type: boolean
description: Trust this connection for account merging.
example: true
responses:
'200':
description: Connection successfully updated
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'404':
$ref: '#/components/responses/not_found'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
delete:
tags:
- Connections
operationId: deleteConnection
description: |
Delete connection.
delete:connections
summary: Delete Connection
parameters:
- name: connection_id
in: path
description: The identifier for the connection.
required: true
schema:
type: string
responses:
'200':
description: Connection successfully deleted.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'404':
$ref: '#/components/responses/not_found'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/directories:
servers: []
get:
tags:
- Directories
operationId: getDirectories
summary: Get SCIM directories
description: |
Returns a list of SCIM directories for your organization.
read:scim_directories
parameters:
- name: page_size
in: query
description: Number of results per page. Defaults to 50 if parameter not sent.
schema:
type: integer
nullable: true
- name: starting_after
in: query
description: The ID of the directory to start after.
schema:
type: string
nullable: true
- name: organization_code
in: query
description: Filter by organization code to get directories for a specific organization.
schema:
type: string
nullable: true
responses:
'200':
description: SCIM directories successfully retrieved.
content:
application/json:
schema:
$ref: '#/components/schemas/get_directories_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
post:
tags:
- Directories
operationId: createDirectory
summary: Create SCIM directory
description: |
Create a new SCIM directory for user and group synchronization.
create:scim_directories
externalDocs:
url: https://docs.kinde.com/developer-tools/scim-provisioning/
description: SCIM Provisioning
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
org_code:
type: string
description: The organization code to create the SCIM directory for.
example: org_1ccfb819462
directory_name:
type: string
description: A descriptive name for the SCIM directory.
example: Production Directory
provider_code:
type: string
description: The SCIM provider code to use for this directory.
enum:
- entra_id_azure_ad
- okta
- google_workspace
- custom_scim_v2
- cyberark
- jumpcloud
- onelogin
- pingfederate
- rippling
example: entra_id_azure_ad
required:
- org_code
- directory_name
- provider_code
responses:
'201':
description: SCIM directory successfully created.
content:
application/json:
schema:
$ref: '#/components/schemas/create_directory_response'
'400':
description: Invalid request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
examples:
organization_required:
summary: Organization code required
value:
errors:
- code: ORGANIZATION_REQUIRED
message: Organization code is required
field: org_code
directory_name_required:
summary: Directory name required
value:
errors:
- code: DIRECTORY_NAME_REQUIRED
message: Directory name is required
field: directory_name
provider_code_required:
summary: Provider code required
value:
errors:
- code: PROVIDER_CODE_REQUIRED
message: Provider code is required
field: provider_code
invalid_provider:
summary: Invalid provider code
value:
errors:
- code: INVALID_PROVIDER
message: Invalid or disabled provider code
field: provider_code
organization_not_found:
summary: Organization not found
value:
errors:
- code: ORGANIZATION_NOT_FOUND
message: Organization not found
field: org_code
'403':
$ref: '#/components/responses/forbidden'
'409':
description: Conflict - Directory already exists.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
examples:
directory_exists:
summary: Directory already exists
value:
errors:
- code: DIRECTORY_EXISTS
message: A SCIM directory already exists for this organization
field: org_code
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/directories/{directory_id}:
servers: []
parameters:
- name: directory_id
in: path
description: The directory's ID.
required: true
schema:
type: string
example: directory_0192b1941f125645fa15bf28a662a0b3
get:
tags:
- Directories
operationId: getDirectory
summary: Get SCIM directory
description: |
Retrieve SCIM directory details by ID.
read:scim_directories
responses:
'200':
description: SCIM directory successfully retrieved.
content:
application/json:
schema:
$ref: '#/components/schemas/get_directory_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'404':
$ref: '#/components/responses/not_found'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
patch:
tags:
- Directories
operationId: updateDirectory
summary: Update SCIM directory
description: |
Update SCIM directory configuration.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
directory_name:
type: string
description: A descriptive name for the SCIM directory.
example: Updated Production Directory
required:
- directory_name
responses:
'200':
description: SCIM directory successfully updated.
content:
application/json:
schema:
$ref: '#/components/schemas/update_directory_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'404':
$ref: '#/components/responses/not_found'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
delete:
tags:
- Directories
operationId: deleteDirectory
summary: Delete SCIM directory
description: |
Delete a SCIM directory and all associated data.
delete:scim_directories
responses:
'200':
description: SCIM directory successfully deleted.
content:
application/json:
schema:
$ref: '#/components/schemas/delete_directory_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'404':
$ref: '#/components/responses/not_found'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/environment:
servers: []
get:
tags:
- Environments
operationId: getEnvironment
x-scope: read:environments
summary: Get environment
description: |
Gets the current environment.
read:environments
responses:
'200':
description: Environment successfully retrieved.
content:
application/json:
schema:
$ref: '#/components/schemas/get_environment_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/environment/feature_flags:
servers: []
delete:
tags:
- Environments
operationId: DeleteEnvironementFeatureFlagOverrides
x-scope: delete:environment_feature_flags
description: |
Delete all environment feature flag overrides.
delete:environment_feature_flags
summary: Delete Environment Feature Flag Overrides
responses:
'200':
description: Feature flag overrides deleted successfully.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/success_response'
'400':
description: Invalid request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
get:
tags:
- Environments
operationId: GetEnvironementFeatureFlags
x-scope: read:environment_feature_flags
description: |
Get environment feature flags.
read:environment_feature_flags
summary: List Environment Feature Flags
responses:
'200':
description: Feature flags retrieved successfully.
content:
application/json:
schema:
$ref: '#/components/schemas/get_environment_feature_flags_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/get_environment_feature_flags_response'
'400':
description: Invalid request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/environment/feature_flags/{feature_flag_key}:
servers: []
delete:
tags:
- Environments
operationId: DeleteEnvironementFeatureFlagOverride
description: |
Delete environment feature flag override.
delete:environment_feature_flags
summary: Delete Environment Feature Flag Override
parameters:
- name: feature_flag_key
in: path
description: The identifier for the feature flag.
required: true
schema:
type: string
responses:
'200':
description: Feature flag deleted successfully.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/success_response'
'400':
description: Invalid request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
patch:
tags:
- Environments
operationId: UpdateEnvironementFeatureFlagOverride
description: |
Update environment feature flag override.
update:environment_feature_flags
summary: Update Environment Feature Flag Override
parameters:
- name: feature_flag_key
in: path
description: The identifier for the feature flag.
required: true
schema:
type: string
requestBody:
description: Flag details.
required: true
content:
application/json:
schema:
type: object
properties:
value:
description: The flag override value.
type: string
nullable: false
required:
- value
responses:
'200':
description: Feature flag override successful
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/success_response'
'400':
description: Invalid request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/environment/logos:
servers: []
get:
tags:
- Environments
operationId: ReadLogo
description: |
Read environment logo details
read:environments
summary: Read logo details
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/read_env_logo_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/environment/logos/{type}:
servers: []
put:
tags:
- Environments
operationId: AddLogo
description: |
Add environment logo
update:environments
summary: Add logo
parameters:
- name: type
in: path
description: The type of logo to add.
required: true
schema:
type: string
example: dark
enum:
- dark
- light
requestBody:
description: Logo details.
required: true
content:
multipart/form-data:
schema:
type: object
required:
- logo
properties:
logo:
type: string
format: binary
description: The logo file to upload.
responses:
'200':
description: Logo successfully updated
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
delete:
tags:
- Environments
operationId: DeleteLogo
description: |
Delete environment logo
update:environments
summary: Delete logo
parameters:
- name: type
in: path
description: The type of logo to delete.
required: true
schema:
type: string
example: dark
enum:
- dark
- light
responses:
'200':
description: Logo successfully deleted
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
'204':
description: No logo found to delete
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/environment_variables:
servers: []
get:
tags:
- Environment variables
operationId: getEnvironmentVariables
x-scope: read:environment_variables
summary: Get environment variables
description: |
Get environment variables. This feature is in beta and admin UI is not yet available.
read:environment_variables
responses:
'200':
description: A successful response with a list of environment variables or an empty list.
content:
application/json:
schema:
$ref: '#/components/schemas/get_environment_variables_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
post:
tags:
- Environment variables
operationId: createEnvironmentVariable
x-scope: create:environment_variables
summary: Create environment variable
description: |
Create a new environment variable. This feature is in beta and admin UI is not yet available.
create:environment_variables
requestBody:
description: The environment variable details.
required: true
content:
application/json:
schema:
type: object
properties:
key:
type: string
description: The name of the environment variable (max 128 characters).
example: MY_API_KEY
value:
type: string
description: The value of the new environment variable (max 2048 characters).
example: some-secret-value
is_secret:
type: boolean
description: Whether the environment variable is sensitive. Secrets are not-readable by you or your team after creation.
example: false
required:
- key
- value
responses:
'201':
description: Environment variable successfully created.
content:
application/json:
schema:
$ref: '#/components/schemas/create_environment_variable_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/environment_variables/{variable_id}:
servers: []
parameters:
- $ref: '#/components/parameters/variable_id'
get:
tags:
- Environment variables
operationId: getEnvironmentVariable
x-scope: read:environment_variables
summary: Get environment variable
description: |
Retrieve environment variable details by ID. This feature is in beta and admin UI is not yet available.
read:environment_variables
responses:
'200':
description: Environment variable successfully retrieved.
content:
application/json:
schema:
$ref: '#/components/schemas/get_environment_variable_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
patch:
tags:
- Environment variables
operationId: updateEnvironmentVariable
x-scope: update:environment_variables
summary: Update environment variable
description: |
Update an environment variable you previously created. This feature is in beta and admin UI is not yet available.
update:environment_variables
requestBody:
description: The new details for the environment variable
required: true
content:
application/json:
schema:
type: object
properties:
key:
type: string
description: The key to update.
example: MY_API_KEY
value:
type: string
description: The new value for the environment variable.
example: new-secret-value
is_secret:
type: boolean
description: Whether the environment variable is sensitive. Secret variables are not-readable by you or your team after creation.
responses:
'200':
description: Environment variable successfully updated.
content:
application/json:
schema:
$ref: '#/components/schemas/update_environment_variable_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
delete:
tags:
- Environment variables
operationId: deleteEnvironmentVariable
x-scope: delete:environment_variables
summary: Delete environment variable
description: |
Delete an environment variable you previously created. This feature is in beta and admin UI is not yet available.
delete:environment_variables
responses:
'200':
description: Environment variable successfully deleted.
content:
application/json:
schema:
$ref: '#/components/schemas/delete_environment_variable_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/feature_flags:
servers: []
post:
tags:
- Feature Flags
operationId: CreateFeatureFlag
x-scope: create:feature_flags
description: |
Create feature flag.
create:feature_flags
summary: Create Feature Flag
requestBody:
description: Flag details.
required: true
content:
application/json:
schema:
type: object
properties:
name:
description: The name of the flag.
type: string
nullable: false
description:
description: Description of the flag purpose.
type: string
nullable: false
key:
description: The flag identifier to use in code.
type: string
nullable: false
type:
description: The variable type.
type: string
enum:
- str
- int
- bool
nullable: false
allow_override_level:
description: Allow the flag to be overridden at a different level.
type: string
enum:
- env
- org
- usr
nullable: false
default_value:
description: Default value for the flag used by environments and organizations.
type: string
nullable: false
required:
- name
- key
- type
- default_value
responses:
'201':
description: Feature flag successfully created
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/success_response'
'400':
description: Invalid request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/feature_flags/{feature_flag_key}:
servers: []
delete:
tags:
- Feature Flags
operationId: DeleteFeatureFlag
x-scope: delete:feature_flags
description: |
Delete feature flag
delete:feature_flags
summary: Delete Feature Flag
parameters:
- name: feature_flag_key
in: path
description: The identifier for the feature flag.
required: true
schema:
type: string
responses:
'200':
description: Feature flag successfully updated.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/success_response'
'400':
description: Invalid request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
put:
tags:
- Feature Flags
operationId: UpdateFeatureFlag
x-scope: update:feature_flags
description: |
Update feature flag.
update:feature_flags
summary: Replace Feature Flag
parameters:
- name: feature_flag_key
in: path
description: The key identifier for the feature flag.
required: true
schema:
type: string
- name: name
in: query
description: The name of the flag.
schema:
type: string
nullable: false
required: true
- name: description
in: query
description: Description of the flag purpose.
schema:
type: string
nullable: false
required: true
- name: type
in: query
description: The variable type
schema:
type: string
enum:
- str
- int
- bool
nullable: false
required: true
- name: allow_override_level
in: query
description: Allow the flag to be overridden at a different level.
schema:
type: string
enum:
- env
- org
nullable: false
required: true
- name: default_value
in: query
description: Default value for the flag used by environments and organizations.
schema:
type: string
nullable: false
required: true
responses:
'200':
description: Feature flag successfully updated.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/success_response'
'400':
description: Invalid request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/identities/{identity_id}:
servers: []
get:
tags:
- Identities
operationId: GetIdentity
x-scope: read:identities
description: |
Returns an identity by ID
read:identities
summary: Get identity
parameters:
- name: identity_id
in: path
description: The unique identifier for the identity.
required: true
schema:
type: string
responses:
'200':
description: Identity successfully retrieved.
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/identity'
application/json:
schema:
$ref: '#/components/schemas/identity'
'400':
description: Invalid request.
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
application/json:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
application/json:
schema:
$ref: '#/components/schemas/error_response'
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
patch:
tags:
- Identities
operationId: UpdateIdentity
x-scope: update:identities
description: |
Update identity by ID.
update:identities
summary: Update identity
parameters:
- name: identity_id
in: path
description: The unique identifier for the identity.
required: true
schema:
type: string
requestBody:
description: The fields of the identity to update.
required: true
content:
application/json:
schema:
type: object
properties:
is_primary:
description: Whether the identity is the primary for it's type
type: boolean
nullable: false
responses:
'200':
description: Identity successfully updated.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/success_response'
'400':
description: Invalid request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
delete:
tags:
- Identities
operationId: DeleteIdentity
x-scope: delete:identities
description: |
Delete identity by ID.
delete:identities
summary: Delete identity
parameters:
- name: identity_id
in: path
description: The unique identifier for the identity.
required: true
schema:
type: string
responses:
'200':
description: Identity successfully deleted.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/success_response'
'400':
description: Invalid request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/organization/{org_code}/invites:
servers: []
get:
tags:
- Organizations
operationId: getOrganizationInvites
x-scope: read:organization_invites
summary: Get organization invites
description: |
Get a list of invitations for an organization. By default, only pending (non-revoked, non-accepted) invitations are returned.
read:organization_invites
parameters:
- name: org_code
in: path
description: The organization's code.
required: true
schema:
type: string
example: org_1ccfb819462
- name: sort
in: query
description: Field and order to sort the result by.
schema:
type: string
nullable: true
enum:
- created_on_asc
- created_on_desc
- email_asc
- email_desc
- name_asc
- name_desc
example: created_on_desc
- name: page_size
in: query
description: Number of results per page. Defaults to 10 if parameter not sent.
schema:
type: integer
nullable: true
example: 10
- name: next_token
in: query
description: A string to get the next page of results if there are more results.
schema:
type: string
nullable: true
- name: include_revoked
in: query
description: Include revoked invitations in the results.
schema:
type: boolean
nullable: true
default: false
- name: include_accepted
in: query
description: Include accepted invitations in the results.
schema:
type: boolean
nullable: true
default: false
responses:
'200':
description: Invitations successfully retrieved.
content:
application/json:
schema:
$ref: '#/components/schemas/get_organization_invites_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
post:
tags:
- Organizations
operationId: createOrganizationInvite
x-scope: create:organization_invites
summary: Create organization invite
description: |
Create a new invitation for an organization. An invitation email will be sent to the provided email address if `send_email` is set to `true`.
Invitations cannot be created for organizations that are managed by directory sync; user and role changes for those organizations must be made in the upstream identity provider.
Roles that require an explicit assignment permission cannot be granted to an invitee unless the caller (or the user the token represents) holds that permission. On Kinde-hosted plans, roles outside `owner`/`admin` additionally require the `extended_roles` entitlement.
Per-organization rate limits apply: a maximum number of invitations may be created per rolling 24 hour window, and a maximum number of active (non-accepted, non-revoked) invitations may exist at any time. Requests that exceed either limit are rejected.
create:organization_invites
parameters:
- name: org_code
in: path
description: The organization's code.
required: true
schema:
type: string
example: org_1ccfb819462
requestBody:
description: Invitation details. `email` is capped at 254 characters (RFC 5321). `first_name` and `last_name` are capped at 64 characters each. Inputs over these limits are rejected with `EMAIL_TOO_LONG`, `FIRST_NAME_TOO_LONG`, or `LAST_NAME_TOO_LONG`.
required: true
content:
application/json:
schema:
type: object
required:
- email
- roles
properties:
email:
description: The email address of the user to invite. Maximum 254 characters.
type: string
maxLength: 254
example: user@example.com
first_name:
description: The first name of the user to invite. Maximum 64 characters.
type: string
maxLength: 64
nullable: true
example: John
last_name:
description: The last name of the user to invite. Maximum 64 characters.
type: string
maxLength: 64
nullable: true
example: Doe
roles:
description: Array of role keys to assign to the user.
type: array
items:
type: string
example:
- admin
- manager
send_email:
description: Whether to send an invitation email to the user. Defaults to false.
type: boolean
default: false
responses:
'201':
description: Invitation successfully created.
content:
application/json:
schema:
$ref: '#/components/schemas/create_organization_invite_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/organization/{org_code}/invites/{invite_code}:
servers: []
get:
tags:
- Organizations
operationId: getOrganizationInvite
x-scope: read:organization_invites
summary: Get organization invite
description: |
Get details of a specific invitation by its code.
read:organization_invites
parameters:
- name: org_code
in: path
description: The organization's code.
required: true
schema:
type: string
example: org_1ccfb819462
- name: invite_code
in: path
description: The invitation's code.
required: true
schema:
type: string
example: inv_abc123def456
responses:
'200':
description: Invitation successfully retrieved.
content:
application/json:
schema:
$ref: '#/components/schemas/get_organization_invite_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'404':
$ref: '#/components/responses/not_found'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
delete:
tags:
- Organizations
operationId: deleteOrganizationInvite
x-scope: delete:organization_invites
summary: Delete organization invite
description: |
Revoke (delete) an invitation. This will mark the invitation as revoked and prevent it from being accepted.
delete:organization_invites
parameters:
- name: org_code
in: path
description: The organization's code.
required: true
schema:
type: string
example: org_1ccfb819462
- name: invite_code
in: path
description: The invitation's code.
required: true
schema:
type: string
example: inv_abc123def456
responses:
'200':
description: Invitation successfully revoked.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'404':
$ref: '#/components/responses/not_found'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/mfa:
servers: []
put:
tags:
- MFA
operationId: ReplaceMFA
x-scope: update:mfa
description: |
Replace MFA Configuration.
update:mfa
summary: Replace MFA Configuration
requestBody:
description: MFA details.
required: true
content:
application/json:
schema:
type: object
properties:
policy:
description: Specifies whether MFA is required, optional, or not enforced.
type: string
enum:
- required
- 'off'
- optional
nullable: false
enabled_factors:
description: The MFA methods to enable.
type: array
nullable: false
items:
type: string
enum:
- mfa:email
- mfa:sms
- mfa:authenticator_app
is_recovery_codes_enabled:
description: Determines whether recovery codes are shown to users during MFA setup for the environment.
type: boolean
default: true
required:
- policy
- enabled_factors
responses:
'200':
description: MFA Configuration updated successfully.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/organization:
servers: []
get:
tags:
- Organizations
operationId: getOrganization
x-scope: read:organizations
summary: Get organization
description: |
Retrieve organization details by code.
read:organizations
parameters:
- in: query
name: code
description: The organization's code.
schema:
type: string
example: org_1ccfb819462
- in: query
name: expand
description: 'Additional data to include in the response. Allowed value: "billing".'
schema:
type: string
example: billing
responses:
'200':
description: Organization successfully retrieved.
content:
application/json:
schema:
$ref: '#/components/schemas/get_organization_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
post:
tags:
- Organizations
operationId: createOrganization
x-scope: create:organizations
summary: Create organization
description: |
Create a new organization. To learn more read about [multi tenancy using organizations](https://docs.kinde.com/build/organizations/multi-tenancy-using-organizations/)
create:organizations
requestBody:
description: Organization details.
required: true
content:
application/json:
schema:
type: object
required:
- name
properties:
name:
description: The organization's name.
type: string
example: Acme Corp
feature_flags:
type: object
description: The organization's feature flag settings.
additionalProperties:
type: string
enum:
- str
- int
- bool
description: Value of the feature flag.
external_id:
description: The organization's external identifier - commonly used when migrating from or mapping to other systems.
type: string
example: some1234
background_color:
description: The organization's brand settings - background color.
type: string
button_color:
description: The organization's brand settings - button color.
type: string
button_text_color:
description: The organization's brand settings - button text color.
type: string
link_color:
description: The organization's brand settings - link color.
type: string
background_color_dark:
description: The organization's brand settings - dark mode background color.
type: string
button_color_dark:
description: The organization's brand settings - dark mode button color.
type: string
button_text_color_dark:
description: The organization's brand settings - dark mode button text color.
type: string
link_color_dark:
description: The organization's brand settings - dark mode link color.
type: string
theme_code:
description: The organization's brand settings - theme/mode 'light' | 'dark' | 'user_preference'.
type: string
handle:
description: A unique handle for the organization - can be used for dynamic callback urls.
type: string
example: acme_corp
is_allow_registrations:
deprecated: true
description: Deprecated - Use 'is_auto_membership_enabled' instead.
type: boolean
example: true
is_auto_membership_enabled:
description: If users become members of this organization when the org code is supplied during authentication.
type: boolean
example: true
sender_name:
nullable: true
type: string
example: Acme Corp
description: The name of the organization that will be used in emails
sender_email:
nullable: true
type: string
example: hello@acmecorp.com
description: The email address that will be used in emails. Requires custom SMTP to be set up.
is_create_billing_customer:
type: boolean
example: false
description: If a billing customer is also created for this organization
billing_email:
type: string
example: billing@acmecorp.com
description: The email address used for billing purposes for the organization
billing_plan_code:
type: string
example: pro
description: The billing plan to put the customer on. If not specified, the default plan is used
responses:
'200':
description: Organization successfully created.
content:
application/json:
schema:
$ref: '#/components/schemas/create_organization_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/organizations:
servers: []
get:
tags:
- Organizations
operationId: getOrganizations
x-scope: read:organizations
summary: Get organizations
description: |
Get a list of organizations.
read:organizations
parameters:
- name: sort
in: query
description: Field and order to sort the result by.
schema:
type: string
nullable: true
enum:
- name_asc
- name_desc
- email_asc
- email_desc
- name: page_size
in: query
description: Number of results per page. Defaults to 10 if parameter not sent.
schema:
type: integer
nullable: true
- name: next_token
in: query
description: A string to get the next page of results if there are more results.
schema:
type: string
nullable: true
responses:
'200':
description: Organizations successfully retreived.
content:
application/json:
schema:
$ref: '#/components/schemas/get_organizations_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/organization/{org_code}:
servers: []
patch:
tags:
- Organizations
operationId: updateOrganization
description: |
Update an organization.
update:organizations
summary: Update Organization
parameters:
- name: org_code
in: path
description: The identifier for the organization.
required: true
schema:
type: string
example: org_1ccfb819462
- name: expand
in: query
description: 'Additional data to include in the response. Allowed value: "billing".'
required: false
schema:
type: string
nullable: true
enum:
- billing
requestBody:
description: Organization details.
required: false
content:
application/json:
schema:
type: object
properties:
name:
description: The organization's name.
type: string
example: Acme Corp
external_id:
description: The organization's ID.
type: string
example: some1234
background_color:
description: The organization's brand settings - background color.
type: string
example: '#fff'
button_color:
description: The organization's brand settings - button color.
type: string
example: '#fff'
button_text_color:
description: The organization's brand settings - button text color.
type: string
example: '#fff'
link_color:
description: The organization's brand settings - link color.
type: string
example: '#fff'
background_color_dark:
description: The organization's brand settings - dark mode background color.
type: string
example: '#000'
button_color_dark:
description: The organization's brand settings - dark mode button color.
type: string
example: '#000'
button_text_color_dark:
description: The organization's brand settings - dark mode button text color.
type: string
example: '#000'
link_color_dark:
description: The organization's brand settings - dark mode link color.
type: string
example: '#000'
theme_code:
description: The organization's brand settings - theme/mode.
type: string
enum:
- light
- dark
- user_preference
example: light
handle:
description: The organization's handle.
type: string
example: acme_corp
is_allow_registrations:
deprecated: true
description: Deprecated - Use 'is_auto_membership_enabled' instead.
type: boolean
is_auto_membership_enabled:
description: If users become members of this organization when the org code is supplied during authentication.
type: boolean
example: true
is_auto_join_domain_list:
description: Users can sign up to this organization.
type: boolean
example: true
allowed_domains:
description: Domains allowed for self-sign up to this environment.
type: array
example:
- https://acme.kinde.com
- https://acme.com
items:
type: string
is_enable_advanced_orgs:
description: Activate advanced organization features.
type: boolean
example: true
is_enforce_mfa:
description: Enforce MFA for all users in this organization.
type: boolean
example: true
sender_name:
nullable: true
type: string
example: Acme Corp
description: The name of the organization that will be used in emails
sender_email:
nullable: true
type: string
example: hello@acmecorp.com
description: The email address that will be used in emails. Requires custom SMTP to be set up.
is_suspended:
type: boolean
description: Whether to suspend or unsuspend the organization. Setting to true suspends the organization; setting to false unsuspends it. The default organization cannot be suspended.
example: false
responses:
'200':
description: Organization successfully updated.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
delete:
tags:
- Organizations
operationId: deleteOrganization
description: |
Delete an organization.
delete:organizations
summary: Delete Organization
parameters:
- name: org_code
in: path
description: The identifier for the organization.
required: true
schema:
type: string
responses:
'200':
description: Organization successfully deleted.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'404':
$ref: '#/components/responses/not_found'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/organizations/{org_code}/users:
servers: []
get:
tags:
- Organizations
operationId: GetOrganizationUsers
x-scope: read:organization_users
summary: Get organization users
description: |
Get user details for all members of an organization.
read:organization_users
parameters:
- name: sort
in: query
description: Field and order to sort the result by.
schema:
example: email_asc
type: string
nullable: true
enum:
- name_asc
- name_desc
- email_asc
- email_desc
- id_asc
- id_desc
- name: page_size
in: query
description: Number of results per page. Defaults to 10 if parameter not sent.
schema:
example: 10
type: integer
nullable: true
- name: next_token
in: query
description: A string to get the next page of results if there are more results.
schema:
example: MTo6OmlkX2FzYw==
type: string
nullable: true
- name: org_code
in: path
description: The organization's code.
required: true
schema:
example: org_1ccfb819462
type: string
nullable: false
- name: permissions
in: query
description: Filter by user permissions comma separated (where all match)
schema:
example: admin
type: string
- name: roles
in: query
description: Filter by user roles comma separated (where all match)
schema:
example: manager
type: string
responses:
'200':
description: A successful response with a list of organization users or an empty list.
content:
application/json:
schema:
$ref: '#/components/schemas/get_organization_users_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
post:
tags:
- Organizations
operationId: AddOrganizationUsers
description: |
Add existing users to an organization.
create:organization_users
summary: Add Organization Users
parameters:
- name: org_code
in: path
description: The organization's code.
required: true
schema:
type: string
nullable: false
requestBody:
required: false
content:
application/json:
schema:
type: object
properties:
users:
description: Users to be added to the organization.
type: array
items:
type: object
properties:
id:
description: The users id.
type: string
example: kp_057ee6debc624c70947b6ba512908c35
roles:
description: Role keys to assign to the user.
type: array
items:
type: string
example: manager
permissions:
description: Permission keys to assign to the user.
type: array
items:
type: string
example: admin
responses:
'200':
description: Add organization users request successfully processed.
content:
application/json:
schema:
$ref: '#/components/schemas/add_organization_users_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
patch:
tags:
- Organizations
operationId: UpdateOrganizationUsers
description: |
Update users that belong to an organization.
update:organization_users
summary: Update Organization Users
parameters:
- name: org_code
in: path
description: The organization's code.
required: true
schema:
type: string
nullable: false
requestBody:
required: false
content:
application/json:
schema:
type: object
properties:
users:
description: Users to add, update or remove from the organization.
type: array
items:
type: object
properties:
id:
description: The users id.
type: string
example: kp_057ee6debc624c70947b6ba512908c35
operation:
description: Optional operation, set to 'delete' to remove the user from the organization.
type: string
example: delete
roles:
description: Role keys to assign to the user.
type: array
items:
type: string
example: manager
permissions:
description: Permission keys to assign to the user.
type: array
items:
type: string
example: admin
responses:
'200':
description: Users successfully removed.
content:
application/json:
schema:
$ref: '#/components/schemas/update_organization_users_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/organizations/{org_code}/users/{user_id}/roles:
servers: []
get:
tags:
- Organizations
operationId: GetOrganizationUserRoles
x-scope: read:organization_user_roles
description: |
Get roles for an organization user.
read:organization_user_roles
summary: List Organization User Roles
parameters:
- name: org_code
in: path
description: The organization's code.
required: true
schema:
type: string
nullable: false
- name: user_id
in: path
description: The user's id.
required: true
schema:
type: string
nullable: false
responses:
'200':
description: A successful response with a list of user roles.
content:
application/json:
schema:
$ref: '#/components/schemas/get_organizations_user_roles_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/get_organizations_user_roles_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
post:
tags:
- Organizations
operationId: CreateOrganizationUserRole
description: |
Add role to an organization user.
create:organization_user_roles
summary: Add Organization User Role
parameters:
- name: org_code
in: path
description: The organization's code.
required: true
schema:
type: string
nullable: false
- name: user_id
in: path
description: The user's id.
required: true
schema:
type: string
nullable: false
requestBody:
description: Role details.
required: true
content:
application/json:
schema:
type: object
properties:
role_id:
description: The role id.
type: string
responses:
'200':
description: Role successfully added.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/success_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/organizations/{org_code}/users/{user_id}/roles/{role_id}:
servers: []
delete:
tags:
- Organizations
operationId: DeleteOrganizationUserRole
description: |
Delete role for an organization user.
delete:organization_user_roles
summary: Delete Organization User Role
parameters:
- name: org_code
in: path
description: The organization's code.
required: true
schema:
type: string
nullable: false
- name: user_id
in: path
description: The user's id.
required: true
schema:
type: string
nullable: false
- name: role_id
in: path
description: The role id.
required: true
schema:
type: string
nullable: false
responses:
'200':
description: User successfully removed.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/success_response'
'400':
description: Error creating user.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/organizations/{org_code}/users/{user_id}/permissions:
servers: []
get:
tags:
- Organizations
operationId: GetOrganizationUserPermissions
x-scope: read:organization_user_permissions
description: |
Get permissions for an organization user.
read:organization_user_permissions
summary: List Organization User Permissions
parameters:
- name: org_code
in: path
description: The organization's code.
required: true
schema:
type: string
nullable: false
- name: user_id
in: path
description: The user's id.
required: true
schema:
type: string
nullable: false
- name: expand
in: query
description: 'Additional data to include in the response. Allowed value: "roles".'
required: false
schema:
type: string
nullable: true
responses:
'200':
description: A successful response with a list of user permissions.
content:
application/json:
schema:
$ref: '#/components/schemas/get_organizations_user_permissions_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/get_organizations_user_permissions_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
post:
tags:
- Organizations
operationId: CreateOrganizationUserPermission
description: |
Add permission to an organization user.
create:organization_user_permissions
summary: Add Organization User Permission
parameters:
- name: org_code
in: path
description: The organization's code.
required: true
schema:
type: string
nullable: false
- name: user_id
in: path
description: The user's id.
required: true
schema:
type: string
nullable: false
requestBody:
description: Permission details.
required: true
content:
application/json:
schema:
type: object
properties:
permission_id:
description: The permission id.
type: string
responses:
'200':
description: User permission successfully updated.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/success_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/organizations/{org_code}/users/{user_id}/permissions/{permission_id}:
servers: []
delete:
tags:
- Organizations
operationId: DeleteOrganizationUserPermission
description: |
Delete permission for an organization user.
delete:organization_user_permissions
summary: Delete Organization User Permission
parameters:
- name: org_code
in: path
description: The organization's code.
required: true
schema:
type: string
nullable: false
- name: user_id
in: path
description: The user's id.
required: true
schema:
type: string
nullable: false
- name: permission_id
in: path
description: The permission id.
required: true
schema:
type: string
nullable: false
responses:
'200':
description: User successfully removed.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/success_response'
'400':
description: Error creating user.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/organizations/{org_code}/users/{user_id}:
servers: []
delete:
tags:
- Organizations
operationId: RemoveOrganizationUser
description: |
Remove user from an organization.
delete:organization_users
summary: Remove Organization User
parameters:
- name: org_code
in: path
description: The organization's code.
required: true
schema:
type: string
nullable: false
- name: user_id
in: path
description: The user's id.
required: true
schema:
type: string
nullable: false
responses:
'200':
description: User successfully removed from organization
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/success_response'
'400':
description: Error removing user
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/organizations/{org_code}/users/{user_id}/apis/{api_id}/scopes/{scope_id}:
servers: []
post:
tags:
- Organizations
operationId: addOrganizationUserAPIScope
summary: Add scope to organization user api
parameters:
- name: org_code
in: path
description: The identifier for the organization.
required: true
schema:
type: string
- name: user_id
in: path
description: User ID
required: true
schema:
type: string
nullable: false
example: kp_5ce676e5d6a24bc9aac2fba35a46e958
- name: api_id
in: path
description: API ID
required: true
schema:
type: string
nullable: false
example: 838f208d006a482dbd8cdb79a9889f68
- name: scope_id
in: path
description: Scope ID
required: true
schema:
type: string
nullable: false
example: api_scope_019391daf58d87d8a7213419c016ac95
description: |
Add a scope to an organization user api.
create:organization_user_api_scopes
responses:
'200':
description: API scope successfully added to organization user api
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
delete:
tags:
- Organizations
operationId: deleteOrganizationUserAPIScope
summary: Delete scope from organization user API
parameters:
- name: org_code
in: path
description: The identifier for the organization.
required: true
schema:
type: string
- name: user_id
in: path
description: User ID
required: true
schema:
type: string
nullable: false
example: kp_5ce676e5d6a24bc9aac2fba35a46e958
- name: api_id
in: path
description: API ID
required: true
schema:
type: string
nullable: false
example: 838f208d006a482dbd8cdb79a9889f68
- name: scope_id
in: path
description: Scope ID
required: true
schema:
type: string
nullable: false
example: api_scope_019391daf58d87d8a7213419c016ac95
description: |
Delete a scope from an organization user api you previously created.
delete:organization_user_api_scopes
responses:
'200':
description: Organization user API scope successfully deleted.
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/organizations/{org_code}/users/{user_id}/mfa:
servers: []
get:
tags:
- Organizations
operationId: GetOrgUserMFA
description: |
Get an organization user’s MFA configuration.
read:organization_user_mfa
summary: Get an organization user's MFA configuration
parameters:
- name: org_code
in: path
description: The identifier for the organization.
required: true
schema:
type: string
example: org_1ccfb819462
- name: user_id
in: path
description: The identifier for the user
required: true
schema:
type: string
example: kp_c3143a4b50ad43c88e541d9077681782
responses:
'200':
description: Successfully retrieve user's MFA configuration.
content:
application/json:
schema:
$ref: '#/components/schemas/get_user_mfa_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'404':
$ref: '#/components/responses/not_found'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
delete:
tags:
- Organizations
operationId: ResetOrgUserMFAAll
description: |
Reset all organization MFA factors for a user.
delete:organization_user_mfa
summary: Reset all organization MFA for a user
parameters:
- name: org_code
in: path
description: The identifier for the organization.
required: true
schema:
type: string
example: org_1ccfb819462
- name: user_id
in: path
description: The identifier for the user
required: true
schema:
type: string
example: kp_c3143a4b50ad43c88e541d9077681782
responses:
'200':
description: User's MFA successfully reset.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'404':
$ref: '#/components/responses/not_found'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/organizations/{org_code}/users/{user_id}/mfa/{factor_id}:
servers: []
delete:
tags:
- Organizations
operationId: ResetOrgUserMFA
description: |
Reset a specific organization MFA factor for a user.
delete:organization_user_mfa
summary: Reset specific organization MFA for a user
parameters:
- name: org_code
in: path
description: The identifier for the organization.
required: true
schema:
type: string
example: org_1ccfb819462
- name: user_id
in: path
description: The identifier for the user
required: true
schema:
type: string
example: kp_c3143a4b50ad43c88e541d9077681782
- name: factor_id
in: path
description: The identifier for the MFA factor
required: true
schema:
type: string
example: mfa_0193278a00ac29b3f6d4e4d462d55c47
responses:
'200':
description: User's MFA successfully reset.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'404':
$ref: '#/components/responses/not_found'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/organizations/{org_code}/feature_flags:
servers: []
get:
tags:
- Organizations
operationId: GetOrganizationFeatureFlags
x-scope: read:organization_feature_flags
description: |
Get all organization feature flags.
read:organization_feature_flags
summary: List Organization Feature Flags
parameters:
- name: org_code
in: path
description: The identifier for the organization.
required: true
schema:
type: string
responses:
'200':
description: Feature flag overrides successfully returned.
content:
application/json:
schema:
$ref: '#/components/schemas/get_organization_feature_flags_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/get_organization_feature_flags_response'
'400':
description: Invalid request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
delete:
tags:
- Organizations
operationId: DeleteOrganizationFeatureFlagOverrides
description: |
Delete all organization feature flag overrides.
delete:organization_feature_flags
summary: Delete Organization Feature Flag Overrides
parameters:
- name: org_code
in: path
description: The identifier for the organization.
required: true
schema:
type: string
responses:
'200':
description: Feature flag overrides successfully deleted.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/success_response'
'400':
description: Invalid request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/organizations/{org_code}/feature_flags/{feature_flag_key}:
servers: []
delete:
tags:
- Organizations
operationId: DeleteOrganizationFeatureFlagOverride
description: |
Delete organization feature flag override.
delete:organization_feature_flags
summary: Delete Organization Feature Flag Override
parameters:
- name: org_code
in: path
description: The identifier for the organization.
required: true
schema:
type: string
- name: feature_flag_key
in: path
description: The identifier for the feature flag.
required: true
schema:
type: string
responses:
'200':
description: Feature flag override successfully deleted.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/success_response'
'400':
description: Invalid request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
patch:
tags:
- Organizations
operationId: UpdateOrganizationFeatureFlagOverride
description: |
Update organization feature flag override.
update:organization_feature_flags
summary: Update Organization Feature Flag Override
parameters:
- name: org_code
in: path
description: The identifier for the organization
required: true
schema:
type: string
- name: feature_flag_key
in: path
description: The identifier for the feature flag
required: true
schema:
type: string
- name: value
in: query
description: Override value
required: true
schema:
type: string
responses:
'200':
description: Feature flag override successfully updated.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/success_response'
'400':
description: Invalid request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/organizations/{org_code}/properties/{property_key}:
servers: []
put:
tags:
- Organizations
operationId: UpdateOrganizationProperty
description: |
Update organization property value.
update:organization_properties
summary: Update Organization Property value
parameters:
- name: org_code
in: path
description: The identifier for the organization
required: true
schema:
type: string
- name: property_key
in: path
description: The identifier for the property
required: true
schema:
type: string
- name: value
in: query
description: The new property value
required: true
schema:
type: string
responses:
'200':
description: Property successfully updated.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/success_response'
'400':
description: Invalid request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/organizations/{org_code}/properties:
servers: []
get:
tags:
- Organizations
operationId: GetOrganizationPropertyValues
description: |
Gets properties for an organization by org code.
read:organization_properties
summary: Get Organization Property Values
parameters:
- name: org_code
in: path
description: The organization's code.
required: true
schema:
type: string
nullable: false
responses:
'200':
description: Properties successfully retrieved.
content:
application/json:
schema:
$ref: '#/components/schemas/get_property_values_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/get_property_values_response'
'400':
description: Bad request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
patch:
tags:
- Organizations
operationId: UpdateOrganizationProperties
description: |
Update organization property values.
update:organization_properties
summary: Update Organization Property values
parameters:
- name: org_code
in: path
description: The identifier for the organization
required: true
schema:
type: string
requestBody:
description: Properties to update.
required: true
content:
application/json:
schema:
type: object
properties:
properties:
description: Property keys and values
type: object
nullable: false
required:
- properties
responses:
'200':
description: Properties successfully updated.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/success_response'
'400':
description: Invalid request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/organizations/{org_code}/mfa:
servers: []
put:
tags:
- Organizations
operationId: ReplaceOrganizationMFA
description: |
Replace Organization MFA Configuration.
update:organization_mfa
summary: Replace Organization MFA Configuration
parameters:
- name: org_code
in: path
description: The identifier for the organization
required: true
schema:
type: string
requestBody:
description: MFA details.
required: true
content:
application/json:
schema:
type: object
properties:
enabled_factors:
description: The MFA methods to enable.
type: array
nullable: false
items:
type: string
enum:
- mfa:email
- mfa:sms
- mfa:authenticator_app
is_recovery_codes_enabled:
description: Determines whether recovery codes are shown to users during MFA setup for this specific organization. This overrides the environment-level setting.
type: boolean
default: true
required:
- enabled_factors
responses:
'200':
description: MFA Configuration updated successfully.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/organization/{org_code}/handle:
servers: []
delete:
tags:
- Organizations
operationId: DeleteOrganizationHandle
description: |
Delete organization handle
delete:organization_handles
summary: Delete organization handle
parameters:
- name: org_code
in: path
description: The organization's code.
required: true
schema:
type: string
nullable: false
responses:
'200':
description: Handle successfully deleted.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/success_response'
'400':
description: Bad request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/organizations/{org_code}/logos:
servers: []
get:
tags:
- Organizations
operationId: ReadOrganizationLogo
description: |
Read organization logo details
read:organizations
summary: Read organization logo details
parameters:
- name: org_code
in: path
description: The organization's code.
required: true
schema:
type: string
nullable: false
example: org_1ccfb819462
responses:
'200':
description: Successfully retrieved organization logo details
content:
application/json:
schema:
$ref: '#/components/schemas/read_logo_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/organizations/{org_code}/logos/{type}:
servers: []
post:
tags:
- Organizations
operationId: AddOrganizationLogo
description: |
Add organization logo
update:organizations
summary: Add organization logo
parameters:
- name: org_code
in: path
description: The organization's code.
required: true
schema:
type: string
nullable: false
example: org_1ccfb819462
- name: type
in: path
description: The type of logo to add.
required: true
schema:
type: string
example: dark
enum:
- dark
- light
requestBody:
description: Organization logo details.
required: true
content:
multipart/form-data:
schema:
type: object
required:
- logo
properties:
logo:
type: string
format: binary
description: The logo file to upload.
responses:
'200':
description: Organization logo successfully updated
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
delete:
tags:
- Organizations
operationId: DeleteOrganizationLogo
description: |
Delete organization logo
update:organizations
summary: Delete organization logo
parameters:
- name: org_code
in: path
description: The organization's code.
required: true
schema:
type: string
nullable: false
example: org_1ccfb819462
- name: type
in: path
description: The type of logo to delete.
required: true
schema:
type: string
example: dark
enum:
- dark
- light
responses:
'200':
description: Organization logo successfully deleted
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
'204':
description: No logo found to delete
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/organizations/{organization_code}/connections:
servers: []
get:
tags:
- Organizations
operationId: GetOrganizationConnections
description: |
Gets all connections for an organization.
read:organization_connections
summary: Get connections
parameters:
- name: organization_code
in: path
description: The organization code.
required: true
schema:
type: string
nullable: false
example: org_7d45b01ef13
responses:
'200':
description: Organization connections successfully retrieved.
content:
application/json:
schema:
$ref: '#/components/schemas/get_connections_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/organizations/{organization_code}/connections/{connection_id}:
servers: []
post:
tags:
- Organizations
operationId: EnableOrgConnection
summary: Enable connection
description: |
Enable an auth connection for an organization.
create:organization_connections
parameters:
- name: organization_code
in: path
description: The unique code for the organization.
required: true
schema:
type: string
example: org_7d45b01ef13
- name: connection_id
in: path
description: The identifier for the connection.
required: true
schema:
type: string
example: conn_0192c16abb53b44277e597d31877ba5b
responses:
'200':
description: Connection successfully enabled.
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
delete:
tags:
- Organizations
operationId: RemoveOrgConnection
summary: Remove connection
description: |
Turn off an auth connection for an organization
delete:organization_connections
parameters:
- name: organization_code
in: path
description: The unique code for the organization.
required: true
schema:
type: string
example: org_7d45b01ef13
- name: connection_id
in: path
description: The identifier for the connection.
required: true
schema:
type: string
example: conn_0192c16abb53b44277e597d31877ba5b
responses:
'200':
description: Connection successfully removed.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/organizations/{org_code}/sessions:
servers: []
patch:
tags:
- Organizations
operationId: UpdateOrganizationSessions
description: |
Update the organization's session configuration.
update:organizations
summary: Update organization session configuration
parameters:
- name: org_code
in: path
description: The organization's code.
required: true
schema:
type: string
nullable: false
example: org_1ccfb819462
requestBody:
description: Organization session configuration.
required: true
content:
application/json:
schema:
type: object
properties:
is_use_org_sso_session_policy:
type: boolean
description: Whether to use the organization's SSO session policy override.
sso_session_persistence_mode:
type: string
enum:
- persistent
- non_persistent
description: Determines if the session should be persistent or not.
is_use_org_authenticated_session_lifetime:
type: boolean
description: Whether to apply the organization's authenticated session lifetime override.
authenticated_session_lifetime:
type: integer
description: Authenticated session lifetime in seconds.
example: 86400
responses:
'200':
description: Organization sessions successfully updated
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/permissions:
servers: []
get:
tags:
- Permissions
operationId: GetPermissions
x-scope: read:permissions
description: |
The returned list can be sorted by permission name or permission ID in ascending or descending order. The number of records to return at a time can also be controlled using the `page_size` query string parameter.
read:permissions
summary: List Permissions
parameters:
- name: sort
in: query
description: Field and order to sort the result by.
schema:
type: string
nullable: true
enum:
- name_asc
- name_desc
- id_asc
- id_desc
- name: page_size
in: query
description: Number of results per page. Defaults to 10 if parameter not sent.
schema:
type: integer
nullable: true
- name: next_token
in: query
description: A string to get the next page of results if there are more results.
schema:
type: string
nullable: true
responses:
'200':
description: Permissions successfully retrieved.
content:
application/json:
schema:
$ref: '#/components/schemas/get_permissions_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/get_permissions_response'
'403':
description: Invalid credentials.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
post:
tags:
- Permissions
operationId: CreatePermission
x-scope: create:permissions
description: |
Create a new permission.
create:permissions
summary: Create Permission
requestBody:
description: Permission details.
required: false
content:
application/json:
schema:
type: object
properties:
name:
description: The permission's name.
type: string
description:
description: The permission's description.
type: string
key:
description: The permission identifier to use in code.
type: string
responses:
'201':
description: Permission successfully created
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/success_response'
'400':
description: Invalid request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/permissions/{permission_id}:
servers: []
patch:
tags:
- Permissions
operationId: UpdatePermissions
x-scope: update:permissions
description: |
Update permission
update:permissions
summary: Update Permission
parameters:
- name: permission_id
in: path
description: The identifier for the permission.
required: true
schema:
type: string
nullable: false
requestBody:
description: Permission details.
required: false
content:
application/json:
schema:
type: object
properties:
name:
description: The permission's name.
type: string
description:
description: The permission's description.
type: string
key:
description: The permission identifier to use in code.
type: string
responses:
'200':
description: Permission successfully updated
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/success_response'
'400':
description: Invalid request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
delete:
tags:
- Permissions
operationId: DeletePermission
x-scope: delete:permissions
description: |
Delete permission
delete:permissions
summary: Delete Permission
parameters:
- name: permission_id
in: path
description: The identifier for the permission.
required: true
schema:
type: string
responses:
'200':
description: permission successfully updated.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/success_response'
'400':
description: Invalid request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/properties:
servers: []
get:
tags:
- Properties
operationId: GetProperties
x-scope: read:properties
description: |
Returns a list of properties
read:properties
summary: List properties
parameters:
- name: page_size
in: query
description: Number of results per page. Defaults to 10 if parameter not sent.
schema:
type: integer
nullable: true
- name: starting_after
in: query
description: The ID of the property to start after.
schema:
type: string
nullable: true
- name: ending_before
in: query
description: The ID of the property to end before.
schema:
type: string
nullable: true
- name: context
in: query
description: Filter results by user, organization or application context
schema:
type: string
nullable: true
enum:
- usr
- org
- app
responses:
'200':
description: Properties successfully retrieved.
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/get_properties_response'
application/json:
schema:
$ref: '#/components/schemas/get_properties_response'
'400':
description: Invalid request.
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
application/json:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
application/json:
schema:
$ref: '#/components/schemas/error_response'
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
post:
tags:
- Properties
operationId: CreateProperty
x-scope: create:properties
description: |
Create property.
create:properties
summary: Create Property
requestBody:
description: Property details.
required: true
content:
application/json:
schema:
type: object
properties:
name:
description: The name of the property.
type: string
nullable: false
description:
description: Description of the property purpose.
type: string
nullable: false
key:
description: The property identifier to use in code.
type: string
nullable: false
type:
description: The property type.
type: string
enum:
- single_line_text
- multi_line_text
nullable: false
context:
description: The context that the property applies to.
type: string
enum:
- org
- usr
- app
nullable: false
is_private:
description: Whether the property can be included in id and access tokens.
type: boolean
nullable: false
category_id:
description: Which category the property belongs to.
type: string
nullable: false
required:
- name
- key
- type
- context
- is_private
- category_id
responses:
'201':
description: Property successfully created
content:
application/json:
schema:
$ref: '#/components/schemas/create_property_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/create_property_response'
'400':
description: Invalid request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/properties/{property_id}:
servers: []
put:
tags:
- Properties
operationId: UpdateProperty
x-scope: update:properties
description: |
Update property.
update:properties
summary: Update Property
parameters:
- name: property_id
in: path
description: The unique identifier for the property.
required: true
schema:
type: string
requestBody:
description: The fields of the property to update.
required: true
content:
application/json:
schema:
type: object
properties:
name:
description: The name of the property.
type: string
nullable: false
description:
type: string
description: Description of the property purpose.
is_private:
type: boolean
description: Whether the property can be included in id and access tokens.
category_id:
description: Which category the property belongs to.
type: string
nullable: false
required:
- name
- is_private
- category_id
responses:
'200':
description: Property successfully updated.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/success_response'
'400':
description: Invalid request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
delete:
tags:
- Properties
operationId: DeleteProperty
x-scope: delete:properties
description: |
Delete property.
delete:properties
summary: Delete Property
parameters:
- name: property_id
in: path
description: The unique identifier for the property.
required: true
schema:
type: string
responses:
'200':
description: Property successfully deleted.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/success_response'
'400':
description: Invalid request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/property_categories:
servers: []
get:
tags:
- Property Categories
operationId: GetCategories
x-scope: read:property_categories
description: |
Returns a list of categories.
read:property_categories
summary: List categories
parameters:
- name: page_size
in: query
description: Number of results per page. Defaults to 10 if parameter not sent.
schema:
type: integer
nullable: true
- name: starting_after
in: query
description: The ID of the category to start after.
schema:
type: string
nullable: true
- name: ending_before
in: query
description: The ID of the category to end before.
schema:
type: string
nullable: true
- name: context
in: query
description: Filter the results by User or Organization context
schema:
type: string
nullable: true
enum:
- usr
- org
responses:
'200':
description: Categories successfully retrieved.
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/get_categories_response'
application/json:
schema:
$ref: '#/components/schemas/get_categories_response'
'400':
description: Invalid request.
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
application/json:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
application/json:
schema:
$ref: '#/components/schemas/error_response'
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
post:
tags:
- Property Categories
operationId: CreateCategory
x-scope: create:property_categories
description: |
Create category.
create:property_categories
summary: Create Category
requestBody:
description: Category details.
required: true
content:
application/json:
schema:
type: object
properties:
name:
description: The name of the category.
type: string
nullable: false
context:
description: The context that the category applies to.
type: string
enum:
- org
- usr
- app
nullable: false
required:
- name
- context
responses:
'201':
description: Category successfully created
content:
application/json:
schema:
$ref: '#/components/schemas/create_category_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/create_category_response'
'400':
description: Invalid request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/property_categories/{category_id}:
servers: []
put:
tags:
- Property Categories
operationId: UpdateCategory
description: |
Update category.
update:property_categories
summary: Update Category
parameters:
- name: category_id
in: path
description: The unique identifier for the category.
required: true
schema:
type: string
requestBody:
description: The fields of the category to update.
required: true
content:
application/json:
schema:
type: object
properties:
name:
description: The name of the category.
type: string
nullable: false
responses:
'200':
description: category successfully updated.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/success_response'
'400':
description: Invalid request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/roles:
servers: []
get:
tags:
- Roles
operationId: GetRoles
x-scope: read:roles
description: |
The returned list can be sorted by role name or role ID in ascending or descending order. The number of records to return at a time can also be controlled using the `page_size` query string parameter.
read:roles
summary: List roles
parameters:
- name: sort
in: query
description: Field and order to sort the result by.
schema:
type: string
nullable: true
enum:
- name_asc
- name_desc
- id_asc
- id_desc
- name: page_size
in: query
description: Number of results per page. Defaults to 10 if parameter not sent.
schema:
type: integer
nullable: true
- name: next_token
in: query
description: A string to get the next page of results if there are more results.
schema:
type: string
nullable: true
responses:
'200':
description: Roles successfully retrieved.
content:
application/json:
schema:
$ref: '#/components/schemas/get_roles_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
post:
tags:
- Roles
operationId: CreateRole
x-scope: create:roles
description: |
Create role.
create:roles
summary: Create role
requestBody:
description: Role details.
required: false
content:
application/json:
schema:
type: object
properties:
name:
description: The role's name.
type: string
description:
description: The role's description.
type: string
key:
description: The role identifier to use in code.
type: string
is_default_role:
description: Set role as default for new users.
type: boolean
assignment_permission_id:
description: The public ID of the permission required to assign this role to users. If null, no permission is required.
type: string
format: uuid
nullable: true
responses:
'201':
description: Role successfully created
content:
application/json:
schema:
$ref: '#/components/schemas/create_roles_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/roles/{role_id}:
servers: []
get:
tags:
- Roles
operationId: GetRole
x-scope: read:roles
description: |
Get a role
read:roles
summary: Get role
parameters:
- name: role_id
in: path
description: The identifier for the role.
schema:
type: string
required: true
responses:
'200':
description: Role successfully retrieved.
content:
application/json:
schema:
$ref: '#/components/schemas/get_role_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
patch:
tags:
- Roles
operationId: UpdateRoles
x-scope: update:roles
description: |
Update a role
update:roles
summary: Update role
parameters:
- name: role_id
in: path
description: The identifier for the role.
schema:
type: string
required: true
requestBody:
description: Role details.
required: false
content:
application/json:
schema:
type: object
properties:
name:
description: The role's name.
type: string
description:
description: The role's description.
type: string
key:
description: The role identifier to use in code.
type: string
is_default_role:
description: Set role as default for new users.
type: boolean
assignment_permission_id:
description: The public ID of the permission required to assign this role to users. If null, no change to the assignment permission is made. If set to 'NO_PERMISSION_REQUIRED', no permission is required.
type: string
format: uuid
nullable: true
required:
- name
- key
responses:
'201':
description: Role successfully updated
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
delete:
tags:
- Roles
operationId: DeleteRole
x-scope: delete:roles
description: |
Delete role
delete:roles
summary: Delete role
parameters:
- name: role_id
in: path
description: The identifier for the role.
required: true
schema:
type: string
responses:
'200':
description: Role successfully deleted.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/roles/{role_id}/scopes:
servers: []
get:
tags:
- Roles
operationId: GetRoleScopes
x-scope: read:role_scopes
description: |
Get scopes for a role.
read:role_scopes
summary: Get role scopes
parameters:
- name: role_id
in: path
description: The role id.
required: true
schema:
type: string
nullable: false
responses:
'200':
description: A list of scopes for a role
content:
application/json:
schema:
$ref: '#/components/schemas/role_scopes_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/role_scopes_response'
'400':
description: Error removing user
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
post:
tags:
- Roles
operationId: AddRoleScope
x-scope: create:role_scopes
description: |
Add scope to role.
create:role_scopes
summary: Add role scope
parameters:
- name: role_id
in: path
description: The role id.
required: true
schema:
type: string
nullable: false
requestBody:
description: Add scope to role.
required: true
content:
application/json:
schema:
type: object
properties:
scope_id:
description: The scope identifier.
type: string
required:
- scope_id
responses:
'201':
description: Role scope successfully added.
content:
application/json:
schema:
$ref: '#/components/schemas/add_role_scope_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/roles/{role_id}/scopes/{scope_id}:
servers: []
delete:
tags:
- Roles
operationId: DeleteRoleScope
x-scope: delete:role_scopes
description: |
Delete scope from role.
delete:role_scopes
summary: Delete role scope
parameters:
- name: role_id
in: path
description: The role id.
required: true
schema:
type: string
nullable: false
- name: scope_id
in: path
description: The scope id.
required: true
schema:
type: string
nullable: false
responses:
'200':
description: Role scope successfully deleted.
content:
application/json:
schema:
$ref: '#/components/schemas/delete_role_scope_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/roles/{role_id}/permissions:
servers: []
get:
tags:
- Roles
operationId: GetRolePermissions
x-scope: read:role_permissions
description: |
Get permissions for a role.
read:role_permissions
summary: Get role permissions
parameters:
- name: role_id
in: path
description: The role's public id.
required: true
schema:
type: string
nullable: false
- name: sort
in: query
description: Field and order to sort the result by.
schema:
type: string
nullable: true
enum:
- name_asc
- name_desc
- id_asc
- id_desc
- name: page_size
in: query
description: Number of results per page. Defaults to 10 if parameter not sent.
schema:
type: integer
nullable: true
- name: next_token
in: query
description: A string to get the next page of results if there are more results.
schema:
type: string
nullable: true
responses:
'200':
description: A list of permissions for a role
content:
application/json:
schema:
$ref: '#/components/schemas/role_permissions_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/role_permissions_response'
'400':
description: Error removing user
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
patch:
tags:
- Roles
operationId: UpdateRolePermissions
x-scope: update:role_permissions
description: |
Update role permissions.
update:role_permissions
summary: Update role permissions
parameters:
- name: role_id
in: path
description: The identifier for the role.
required: true
schema:
type: string
nullable: false
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
permissions:
description: Permissions to add or remove from the role.
type: array
items:
type: object
properties:
id:
description: The permission id.
type: string
operation:
description: Optional operation, set to 'delete' to remove the permission from the role.
type: string
responses:
'200':
description: Permissions successfully updated.
content:
application/json:
schema:
$ref: '#/components/schemas/update_role_permissions_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/update_role_permissions_response'
'403':
description: Invalid credentials.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/roles/{role_id}/permissions/{permission_id}:
servers: []
delete:
tags:
- Roles
operationId: RemoveRolePermission
x-scope: delete:role_permissions
description: |
Remove a permission from a role.
delete:role_permissions
summary: Remove role permission
parameters:
- name: role_id
in: path
description: The role's public id.
required: true
schema:
type: string
nullable: false
- name: permission_id
in: path
description: The permission's public id.
required: true
schema:
type: string
nullable: false
responses:
'200':
description: Permission successfully removed from role
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/success_response'
'400':
description: Error removing user
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/search/users:
servers: []
get:
tags:
- Search
operationId: searchUsers
x-scope: read:users
description: |
Search for users based on the provided query string. Set query to '*' to filter by other parameters only.
The number of records to return at a time can be controlled using the `page_size` query string parameter.
read:users
summary: Search users
parameters:
- name: page_size
in: query
description: Number of results per page. Defaults to 10 if parameter not sent.
schema:
type: integer
nullable: true
- name: query
in: query
description: Search the users by email or name. Use '*' to search all.
schema:
type: string
nullable: true
- name: api_scopes
in: query
description: Search the users by api scopes.
schema:
type: string
nullable: true
- name: properties
in: query
required: false
style: deepObject
explode: true
schema:
type: object
additionalProperties:
type: array
items:
type: string
- name: starting_after
in: query
description: The ID of the user to start after.
schema:
type: string
nullable: true
- name: ending_before
in: query
description: The ID of the user to end before.
schema:
type: string
nullable: true
- name: expand
in: query
description: 'Additional data to include in the response. One or more of (comma-separated): "organizations", "identities", "properties".'
required: false
schema:
type: string
nullable: true
responses:
'200':
description: Users successfully retrieved.
content:
application/json:
schema:
$ref: '#/components/schemas/search_users_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/subscribers:
servers: []
get:
tags:
- Subscribers
operationId: GetSubscribers
x-scope: read:subscribers
description: |
The returned list can be sorted by full name or email address
in ascending or descending order. The number of records to return at a time can also be controlled using the `page_size` query
string parameter.
read:subscribers
summary: List Subscribers
parameters:
- name: sort
in: query
description: Field and order to sort the result by.
schema:
type: string
nullable: true
enum:
- name_asc
- name_desc
- email_asc
- email_desc
- name: page_size
in: query
description: Number of results per page. Defaults to 10 if parameter not sent.
schema:
type: integer
nullable: true
- name: next_token
in: query
description: A string to get the next page of results if there are more results.
schema:
type: string
nullable: true
responses:
'200':
description: Subscriber successfully retrieved.
content:
application/json:
schema:
$ref: '#/components/schemas/get_subscribers_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/get_subscribers_response'
'403':
description: Bad request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
post:
tags:
- Subscribers
operationId: CreateSubscriber
x-scope: create:subscribers
description: |
Create subscriber.
create:subscribers
summary: Create Subscriber
parameters:
- name: first_name
in: query
description: Subscriber's first name.
required: true
schema:
type: string
nullable: false
- name: last_name
in: query
description: Subscriber's last name.
required: true
schema:
type: string
nullable: true
- name: email
in: query
description: The email address of the subscriber.
required: true
schema:
type: string
nullable: true
responses:
'201':
description: Subscriber successfully created
content:
application/json:
schema:
$ref: '#/components/schemas/create_subscriber_success_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/create_subscriber_success_response'
'400':
description: Invalid request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/subscribers/{subscriber_id}:
servers: []
get:
tags:
- Subscribers
operationId: GetSubscriber
x-scope: read:subscribers
description: |
Retrieve a subscriber record.
read:subscribers
summary: Get Subscriber
parameters:
- name: subscriber_id
in: path
description: The subscriber's id.
required: true
schema:
type: string
nullable: false
responses:
'200':
description: Subscriber successfully retrieved.
content:
application/json:
schema:
$ref: '#/components/schemas/get_subscriber_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/get_subscriber_response'
'400':
description: Bad request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/users:
servers: []
get:
tags:
- Users
operationId: getUsers
x-scope: read:users
description: |
The returned list can be sorted by full name or email address in ascending or descending order. The number of records to return at a time can also be controlled using the `page_size` query string parameter.
read:users
summary: Get users
parameters:
- name: page_size
in: query
description: Number of results per page. Defaults to 10 if parameter not sent.
schema:
type: integer
nullable: true
- name: user_id
in: query
description: Filter the results by User ID. The query string should be comma separated and url encoded.
schema:
type: string
nullable: true
- name: next_token
in: query
description: A string to get the next page of results if there are more results.
schema:
type: string
nullable: true
- name: email
in: query
description: Filter the results by email address. The query string should be comma separated and url encoded.
schema:
type: string
nullable: true
- name: username
in: query
description: Filter the results by username. The query string should be comma separated and url encoded.
schema:
type: string
nullable: true
- name: phone
in: query
description: Filter the results by phone. The query string should be comma separated and url encoded.
schema:
type: string
nullable: true
- name: expand
in: query
description: 'Additional data to include in the response. One or more of (comma-separated): "organizations", "identities", "billing".'
required: false
schema:
type: string
nullable: true
- name: has_organization
in: query
description: Filter the results by if the user has at least one organization assigned.
required: false
schema:
type: boolean
nullable: true
- name: active_since
in: query
description: Filter the results to only include users who have been active since this date. Date should be in ISO 8601 format.
required: false
schema:
type: string
format: date-time
nullable: true
responses:
'200':
description: Users successfully retrieved.
content:
application/json:
schema:
$ref: '#/components/schemas/users_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/users/{user_id}/refresh_claims:
servers: []
post:
tags:
- Users
operationId: refreshUserClaims
x-scope: update:user_refresh_claims
description: |
Refreshes the user's claims and invalidates the current cache.
update:user_refresh_claims
summary: Refresh User Claims and Invalidate Cache
parameters:
- in: path
name: user_id
schema:
type: string
required: true
description: The id of the user whose claims needs to be updated.
responses:
'200':
description: Claims successfully refreshed.
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/success_response'
application/json:
schema:
$ref: '#/components/schemas/success_response'
'400':
description: Bad request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Bad request.
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
application/json:
schema:
$ref: '#/components/schemas/error_response'
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/user:
servers: []
get:
tags:
- Users
operationId: getUserData
x-scope: read:users
description: |
Retrieve a user record.
read:users
summary: Get user
parameters:
- name: id
in: query
description: The user's id.
required: true
schema:
type: string
nullable: false
- name: expand
in: query
description: 'Additional data to include in the response. One or more of (comma-separated): "organizations", "identities", "billing".'
required: false
schema:
type: string
nullable: true
responses:
'200':
description: User successfully retrieved.
content:
application/json:
schema:
$ref: '#/components/schemas/user'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
post:
tags:
- Users
operationId: createUser
description: |
Creates a user record and optionally zero or more identities for the user. An example identity could be the email
address of the user.
create:users
summary: Create user
requestBody:
description: The details of the user to create.
required: false
content:
application/json:
schema:
type: object
properties:
profile:
description: Basic information required to create a user.
type: object
properties:
given_name:
type: string
description: User's first name.
family_name:
type: string
description: User's last name.
picture:
type: string
description: The user's profile picture.
organization_code:
description: The unique code associated with the organization you want the user to join.
type: string
provided_id:
description: An external id to reference the user.
type: string
identities:
type: array
description: Array of identities to assign to the created user
items:
type: object
description: The result of the user creation operation.
properties:
type:
type: string
description: The type of identity to create, e.g. email, username, or phone.
enum:
- email
- phone
- username
is_verified:
type: boolean
description: Set whether an email or phone identity is verified or not.
example: true
details:
type: object
description: Additional details required to create the user.
properties:
email:
type: string
description: The email address of the user.
example: email@email.com
phone:
type: string
description: The phone number of the user.
example: '+61426148233'
phone_country_id:
type: string
description: The country code for the phone number.
example: au
username:
type: string
description: The username of the user.
example: myusername
example:
- type: email
is_verified: true
details:
email: email@email.com
- type: phone
is_verified: false
details:
phone: '+61426148233'
phone_country_id: au
- type: username
details:
username: myusername
responses:
'200':
description: User successfully created.
content:
application/json:
schema:
$ref: '#/components/schemas/create_user_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
patch:
tags:
- Users
operationId: updateUser
description: |
Update a user record.
update:users
summary: Update user
parameters:
- name: id
in: query
description: The user's id.
required: true
schema:
type: string
nullable: false
requestBody:
description: The user to update.
required: true
content:
application/json:
schema:
type: object
properties:
given_name:
type: string
description: User's first name.
family_name:
type: string
description: User's last name.
picture:
type: string
description: The user's profile picture.
is_suspended:
type: boolean
description: Whether the user is currently suspended or not.
is_password_reset_requested:
type: boolean
description: Prompt the user to change their password on next sign in.
provided_id:
description: An external id to reference the user.
type: string
responses:
'200':
description: User successfully updated.
content:
application/json:
schema:
$ref: '#/components/schemas/update_user_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
delete:
tags:
- Users
operationId: deleteUser
description: |
Delete a user record.
delete:users
summary: Delete user
parameters:
- name: id
in: query
description: The user's id.
required: true
schema:
type: string
nullable: false
example: kp_c3143a4b50ad43c88e541d9077681782
- name: is_delete_profile
in: query
description: Delete all data and remove the user's profile from all of Kinde, including the subscriber list
schema:
type: boolean
nullable: false
example: true
responses:
'200':
description: User successfully deleted.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/users/{user_id}/feature_flags/{feature_flag_key}:
servers: []
patch:
tags:
- Users
operationId: UpdateUserFeatureFlagOverride
description: |
Update user feature flag override.
update:user_feature_flags
summary: Update User Feature Flag Override
parameters:
- name: user_id
in: path
description: The identifier for the user
required: true
schema:
type: string
- name: feature_flag_key
in: path
description: The identifier for the feature flag
required: true
schema:
type: string
- name: value
in: query
description: Override value
required: true
schema:
type: string
responses:
'200':
description: Feature flag override successfully updated.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/success_response'
'400':
description: Invalid request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/users/{user_id}/properties/{property_key}:
servers: []
put:
tags:
- Users
operationId: UpdateUserProperty
description: |
Update property value.
update:user_properties
summary: Update Property value
parameters:
- name: user_id
in: path
description: The identifier for the user
required: true
schema:
type: string
- name: property_key
in: path
description: The identifier for the property
required: true
schema:
type: string
- name: value
in: query
description: The new property value
required: true
schema:
type: string
responses:
'200':
description: Property successfully updated.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/success_response'
'400':
description: Invalid request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/users/{user_id}/properties:
servers: []
get:
tags:
- Users
operationId: GetUserPropertyValues
description: |
Gets properties for an user by ID.
read:user_properties
summary: Get property values
parameters:
- name: user_id
in: path
description: The user's ID.
required: true
schema:
type: string
nullable: false
responses:
'200':
description: Properties successfully retrieved.
content:
application/json:
schema:
$ref: '#/components/schemas/get_property_values_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/get_property_values_response'
'400':
description: Bad request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
patch:
tags:
- Users
operationId: UpdateUserProperties
description: |
Update property values.
update:user_properties
summary: Update Property values
parameters:
- name: user_id
in: path
description: The identifier for the user
required: true
schema:
type: string
requestBody:
description: Properties to update.
required: true
content:
application/json:
schema:
type: object
properties:
properties:
description: Property keys and values
type: object
nullable: false
required:
- properties
responses:
'200':
description: Properties successfully updated.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/success_response'
'400':
description: Invalid request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/users/{user_id}/password:
servers: []
put:
tags:
- Users
operationId: SetUserPassword
description: |
Set user password.
update:user_passwords
summary: Set User password
parameters:
- name: user_id
in: path
description: The identifier for the user
required: true
schema:
type: string
requestBody:
description: Password details.
required: true
content:
application/json:
schema:
type: object
properties:
hashed_password:
description: The hashed password.
type: string
hashing_method:
description: The hashing method or algorithm used to encrypt the user’s password. Default is bcrypt.
type: string
enum:
- bcrypt
- crypt
- md5
- wordpress
salt:
type: string
description: Extra characters added to passwords to make them stronger. Not required for bcrypt.
salt_position:
type: string
description: Position of salt in password string. Not required for bcrypt.
enum:
- prefix
- suffix
is_temporary_password:
type: boolean
description: The user will be prompted to set a new password after entering this one.
required:
- hashed_password
responses:
'200':
description: User successfully created.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/success_response'
'400':
description: Error creating user.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/users/{user_id}/identities:
servers: []
get:
tags:
- Users
operationId: GetUserIdentities
x-scope: read:user_identities
description: |
Gets a list of identities for an user by ID.
read:user_identities
summary: Get identities
parameters:
- name: user_id
in: path
description: The user's ID.
required: true
schema:
type: string
nullable: false
- name: starting_after
in: query
description: The ID of the identity to start after.
schema:
type: string
nullable: true
- name: ending_before
in: query
description: The ID of the identity to end before.
schema:
type: string
nullable: true
responses:
'200':
description: Identities successfully retrieved.
content:
application/json:
schema:
$ref: '#/components/schemas/get_identities_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/get_identities_response'
'400':
description: Bad request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
post:
tags:
- Users
operationId: CreateUserIdentity
description: |
Creates an identity for a user.
create:user_identities
summary: Create identity
parameters:
- name: user_id
in: path
description: The user's ID.
required: true
schema:
type: string
nullable: false
requestBody:
description: The identity details.
required: false
content:
application/json:
schema:
type: object
properties:
value:
type: string
description: The email address, social identity, or username of the user.
example: sally@example.com
type:
type: string
description: The identity type
enum:
- email
- username
- phone
- enterprise
- social
example: email
phone_country_id:
type: string
description: The country code for the phone number, only required when identity type is 'phone'.
example: au
connection_id:
type: string
description: The social or enterprise connection ID, only required when identity type is 'social' or 'enterprise'.
example: conn_019289347f1193da6c0e4d49b97b4bd2
responses:
'201':
description: Identity successfully created.
content:
application/json:
schema:
$ref: '#/components/schemas/create_identity_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/create_identity_response'
'400':
description: Error creating identity.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/users/{user_id}/sessions:
servers: []
get:
tags:
- Users
operationId: GetUserSessions
description: |
Retrieve the list of active sessions for a specific user.
read:user_sessions
summary: Get user sessions
parameters:
- name: user_id
in: path
description: The identifier for the user
required: true
schema:
type: string
example: kp_c3143a4b50ad43c88e541d9077681782
responses:
'200':
description: Successfully retrieved user sessions.
content:
application/json:
schema:
$ref: '#/components/schemas/get_user_sessions_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'404':
$ref: '#/components/responses/not_found'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
delete:
tags:
- Users
operationId: DeleteUserSessions
description: |
Invalidate user sessions.
delete:user_sessions
summary: Delete user sessions
parameters:
- name: user_id
in: path
description: The identifier for the user
required: true
schema:
type: string
example: kp_c3143a4b50ad43c88e541d9077681782
responses:
'200':
description: User sessions successfully invalidated.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'404':
$ref: '#/components/responses/not_found'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/users/{user_id}/mfa:
servers: []
get:
tags:
- Users
operationId: GetUsersMFA
description: |
Get a user’s MFA configuration.
read:user_mfa
summary: Get user's MFA configuration
parameters:
- name: user_id
in: path
description: The identifier for the user
required: true
schema:
type: string
example: kp_c3143a4b50ad43c88e541d9077681782
responses:
'200':
description: Successfully retrieve user's MFA configuration.
content:
application/json:
schema:
$ref: '#/components/schemas/get_user_mfa_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'404':
$ref: '#/components/responses/not_found'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
delete:
tags:
- Users
operationId: ResetUsersMFAAll
description: |
Reset all environment MFA factors for a user.
delete:user_mfa
summary: Reset all environment MFA for a user
parameters:
- name: user_id
in: path
description: The identifier for the user
required: true
schema:
type: string
example: kp_c3143a4b50ad43c88e541d9077681782
responses:
'200':
description: User's MFA successfully reset.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'404':
$ref: '#/components/responses/not_found'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/users/{user_id}/mfa/{factor_id}:
servers: []
delete:
tags:
- Users
operationId: ResetUsersMFA
description: |
Reset a specific environment MFA factor for a user.
delete:user_mfa
summary: Reset specific environment MFA for a user
parameters:
- name: user_id
in: path
description: The identifier for the user
required: true
schema:
type: string
example: kp_c3143a4b50ad43c88e541d9077681782
- name: factor_id
in: path
description: The identifier for the MFA factor
required: true
schema:
type: string
example: mfa_0193278a00ac29b3f6d4e4d462d55c47
responses:
'200':
description: User's MFA successfully reset.
content:
application/json:
schema:
$ref: '#/components/schemas/success_response'
'400':
$ref: '#/components/responses/bad_request'
'403':
$ref: '#/components/responses/forbidden'
'404':
$ref: '#/components/responses/not_found'
'429':
$ref: '#/components/responses/too_many_requests'
security:
- kindeBearerAuth: []
/api/v1/events/{event_id}:
servers: []
get:
tags:
- Webhooks
operationId: GetEvent
x-scope: read:events
description: |
Returns an event
read:events
summary: Get Event
parameters:
- name: event_id
in: path
description: The event id.
required: true
schema:
type: string
nullable: false
responses:
'200':
description: Event successfully retrieved.
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/get_event_response'
application/json:
schema:
$ref: '#/components/schemas/get_event_response'
'400':
description: Invalid request.
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
application/json:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
application/json:
schema:
$ref: '#/components/schemas/error_response'
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/event_types:
servers: []
get:
tags:
- Webhooks
operationId: GetEventTypes
x-scope: read:event_types
description: |
Returns a list event type definitions
read:event_types
summary: List Event Types
responses:
'200':
description: Event types successfully retrieved.
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/get_event_types_response'
application/json:
schema:
$ref: '#/components/schemas/get_event_types_response'
'400':
description: Invalid request.
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
application/json:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
application/json:
schema:
$ref: '#/components/schemas/error_response'
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/webhooks/{webhook_id}:
servers: []
delete:
tags:
- Webhooks
operationId: DeleteWebHook
description: |
Delete webhook
delete:webhooks
summary: Delete Webhook
parameters:
- name: webhook_id
in: path
description: The webhook id.
required: true
schema:
type: string
nullable: false
responses:
'200':
description: Webhook successfully deleted.
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/delete_webhook_response'
application/json:
schema:
$ref: '#/components/schemas/delete_webhook_response'
'400':
description: Invalid request.
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
application/json:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
application/json:
schema:
$ref: '#/components/schemas/error_response'
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
patch:
tags:
- Webhooks
operationId: UpdateWebHook
description: |
Update a webhook
update:webhooks
summary: Update a Webhook
parameters:
- name: webhook_id
in: path
description: The webhook id.
required: true
schema:
type: string
nullable: false
requestBody:
description: Update webhook request specification.
required: true
content:
application/json:
schema:
type: object
properties:
event_types:
description: Array of event type keys
type: array
items:
type: string
nullable: false
name:
description: The webhook name
type: string
nullable: false
description:
description: The webhook description
type: string
nullable: true
responses:
'200':
description: Webhook successfully updated.
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/update_webhook_response'
application/json:
schema:
$ref: '#/components/schemas/update_webhook_response'
'400':
description: Invalid request.
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
application/json:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
application/json:
schema:
$ref: '#/components/schemas/error_response'
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
/api/v1/webhooks:
servers: []
get:
tags:
- Webhooks
operationId: GetWebHooks
description: |
List webhooks
read:webhooks
summary: List Webhooks
responses:
'200':
description: Webhook list successfully returned.
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/get_webhooks_response'
application/json:
schema:
$ref: '#/components/schemas/get_webhooks_response'
'400':
description: Invalid request.
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
application/json:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
application/json:
schema:
$ref: '#/components/schemas/error_response'
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
post:
tags:
- Webhooks
operationId: CreateWebHook
description: |
Create a webhook
create:webhooks
summary: Create a Webhook
requestBody:
description: Webhook request specification.
required: true
content:
application/json:
schema:
type: object
properties:
endpoint:
description: The webhook endpoint url
type: string
nullable: false
event_types:
description: Array of event type keys
type: array
items:
type: string
nullable: false
name:
description: The webhook name
type: string
nullable: false
description:
description: The webhook description
type: string
nullable: true
required:
- endpoint
- event_types
- name
responses:
'200':
description: Webhook successfully created.
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/create_webhook_response'
application/json:
schema:
$ref: '#/components/schemas/create_webhook_response'
'400':
description: Invalid request.
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
application/json:
schema:
$ref: '#/components/schemas/error_response'
'403':
description: Invalid credentials.
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/error_response'
application/json:
schema:
$ref: '#/components/schemas/error_response'
'429':
description: Request was throttled.
security:
- kindeBearerAuth: []
components:
parameters:
api_id:
in: path
name: api_id
description: The API's ID.
required: true
schema:
type: string
example: 7ccd126599aa422a771abcb341596881
application_id:
in: path
name: application_id
description: The application's ID / client ID.
required: true
schema:
type: string
example: 3b0b5c6c8fcc464fab397f4969b5f482
property_key:
in: path
name: property_key
description: The property's key.
required: true
schema:
type: string
example: kp_some_key
variable_id:
in: path
name: variable_id
description: The environment variable's ID.
required: true
schema:
type: string
example: env_var_0192b1941f125645fa15bf28a662a0b3
responses:
bad_request:
description: Invalid request.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
not_found:
description: The specified resource was not found
content:
application/json:
schema:
$ref: '#/components/schemas/not_found_response'
forbidden:
description: Unauthorized - invalid credentials.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
too_many_requests:
description: Too many requests. Request was throttled.
content:
application/json:
schema:
$ref: '#/components/schemas/error_response'
schemas:
success_response:
type: object
properties:
message:
type: string
example: Success
code:
type: string
example: OK
error:
type: object
properties:
code:
type: string
description: Error code.
message:
type: string
description: Error message.
error_response:
type: object
properties:
errors:
type: array
items:
$ref: '#/components/schemas/error'
not_found_response:
type: object
properties:
errors:
type: object
properties:
code:
type: string
example: ROUTE_NOT_FOUND
message:
type: string
example: The requested API route does not exist
get_apis_response:
type: object
properties:
code:
type: string
description: Response code.
example: OK
message:
type: string
description: Response message.
example: Success
next_token:
type: string
description: Pagination token.
example: Njo5Om1hvWVfYXNj
apis:
type: array
items:
type: object
properties:
id:
description: The unique ID for the API.
type: string
example: 7ccd126599aa422a771abcb341596881
name:
type: string
description: The API's name.
example: Example API
audience:
type: string
description: A unique identifier for the API - commonly the URL. This value will be used as the `audience` parameter in authorization claims.
example: https://api.example.com
is_management_api:
type: boolean
description: Whether or not it is the Kinde management API.
example: false
scopes:
type: array
items:
type: object
properties:
id:
type: string
example: api_scope_01939128c3d7193ae87c4755213c07c6
key:
type: string
example: create:apis
create_apis_response:
type: object
properties:
message:
type: string
description: A Kinde generated message.
example: Success
code:
type: string
description: A Kinde generated status code.
example: OK
api:
type: object
properties:
id:
description: The unique ID for the API.
type: string
example: 7ccd126599aa422a771abcb341596881
create_api_scopes_response:
type: object
properties:
message:
type: string
description: A Kinde generated message.
example: Success
code:
type: string
description: A Kinde generated status code.
example: OK
scope:
type: object
properties:
id:
description: The unique ID for the API scope.
type: string
example: api_scope_0193ab57965aef77b2b687d0ef673713
get_environment_variables_response:
type: object
properties:
code:
type: string
description: Response code.
example: OK
message:
type: string
description: Response message.
example: Success
has_more:
description: Whether more records exist.
type: boolean
environment_variables:
type: array
items:
$ref: '#/components/schemas/environment_variable'
get_environment_variable_response:
type: object
properties:
code:
type: string
description: Response code.
example: OK
message:
type: string
description: Response message.
example: Success
environment_variable:
$ref: '#/components/schemas/environment_variable'
create_environment_variable_response:
type: object
properties:
message:
type: string
description: A Kinde generated message.
example: Environment variable created
code:
type: string
description: A Kinde generated status code.
example: VARIABLE_CREATED
environment_variable:
type: object
properties:
id:
description: The unique ID for the environment variable.
type: string
example: env_var_0192b194f6156fb7452fe38cfb144958
update_environment_variable_response:
type: object
properties:
message:
type: string
description: A Kinde generated message.
example: Environment variable updated
code:
type: string
description: A Kinde generated status code.
example: ENVIRONMENT_VARIABLE_UPDATED
delete_environment_variable_response:
type: object
properties:
message:
type: string
description: A Kinde generated message.
example: Environment variable deleted
code:
type: string
description: A Kinde generated status code.
example: ENVIRONMENT_VARIABLE_DELETED
get_business_response:
type: object
properties:
code:
type: string
description: Response code.
example: OK
message:
type: string
description: Response message.
example: Success
business:
type: object
properties:
code:
type: string
description: The unique ID for the business.
example: bus_c69fb73b091
name:
type: string
description: Your business's name.
example: Tailsforce Ltd
phone:
type: string
description: Phone number associated with business.
example: 555-555-5555
nullable: true
email:
type: string
description: Email address associated with business.
example: sally@example.com
nullable: true
industry:
type: string
description: The industry your business is in.
example: Healthcare & Medical
nullable: true
timezone:
type: string
description: The timezone your business is in.
example: Los Angeles (Pacific Standard Time)
nullable: true
privacy_url:
type: string
description: Your Privacy policy URL.
example: https://example.com/privacy
nullable: true
terms_url:
type: string
description: Your Terms and Conditions URL.
example: https://example.com/terms
nullable: true
has_clickwrap:
type: boolean
description: Whether your business uses clickwrap agreements.
example: false
has_kinde_branding:
type: boolean
description: Whether your business shows Kinde branding.
example: true
created_on:
type: string
description: Date of business creation in ISO 8601 format.
example: '2021-01-01T00:00:00Z'
get_industries_response:
type: object
properties:
code:
type: string
description: Response code.
example: OK
message:
type: string
description: Response message.
example: Success
industries:
type: array
items:
type: object
properties:
key:
description: The unique key for the industry.
type: string
example: administration_office_support
name:
type: string
description: The display name for the industry.
example: Administration & Office Support
get_timezones_response:
type: object
properties:
code:
type: string
description: Response code.
example: OK
message:
type: string
description: Response message.
example: Success
timezones:
type: array
items:
type: object
properties:
key:
description: The unique key for the timezone.
type: string
example: london_greenwich_mean_time
name:
type: string
description: The display name for the timezone.
example: London (Greenwich Mean Time) [+01:00]
get_api_response:
type: object
properties:
code:
type: string
description: Response code.
example: OK
message:
type: string
description: Response message.
example: success_response
api:
type: object
properties:
id:
type: string
description: Unique ID of the API.
example: 7ccd126599aa422a771abcb341596881
name:
type: string
description: The API's name.
example: Example API
audience:
type: string
description: A unique identifier for the API - commonly the URL. This value will be used as the `audience` parameter in authorization claims.
example: https://api.example.com
is_management_api:
type: boolean
description: Whether or not it is the Kinde management API.
example: false
scopes:
type: array
items:
type: object
properties:
id:
type: string
description: The ID of the scope.
example: api_scope_01939222ef24200668b9f5829af001ce
key:
type: string
description: The reference key for the scope.
example: read:logs
applications:
type: array
items:
type: object
properties:
id:
type: string
description: The Client ID of the application.
example: 3b0b5c6c8fcc464fab397f4969b5f482
name:
type: string
description: The application's name.
example: My M2M app
type:
type: string
description: The application's type.
enum:
- Machine to machine (M2M)
- Back-end web
- Front-end and mobile
- Device and IoT
example: Machine to machine (M2M)
is_active:
type: boolean
description: Whether or not the application is authorized to access the API
example: true
nullable: true
get_api_scopes_response:
type: object
properties:
code:
type: string
description: Response code.
example: OK
message:
type: string
description: Response message.
example: success_response
scopes:
type: array
items:
type: object
properties:
id:
type: string
description: Unique ID of the API scope.
example: api_scope_01939128c3d7193ae87c4755213c07c6
key:
type: string
description: The scope's reference key.
example: read:logs
description:
type: string
description: Explanation of the scope purpose.
example: Read logs scope
get_api_scope_response:
type: object
properties:
code:
type: string
description: Response code.
example: OK
message:
type: string
description: Response message.
example: success_response
scope:
type: object
properties:
id:
type: string
description: Unique ID of the API scope.
example: api_scope_01939128c3d7193ae87c4755213c07c6
key:
type: string
description: The scope's reference key.
example: read:logs
description:
type: string
description: Explanation of the scope purpose.
example: Read logs scope
authorize_app_api_response:
type: object
properties:
message:
type: string
example: API applications updated
code:
type: string
example: API_APPLICATIONS_UPDATED
applications_disconnected:
type: array
items:
type: string
applications_connected:
type: array
items:
type: string
example: d2db282d6214242b3b145c123f0c123
delete_api_response:
type: object
properties:
message:
type: string
example: API successfully deleted
code:
type: string
example: API_DELETED
user:
type: object
properties:
id:
type: string
description: Unique ID of the user in Kinde.
provided_id:
type: string
description: External ID for user.
preferred_email:
type: string
description: Default email address of the user in Kinde.
phone:
type: string
description: User's primary phone number.
username:
type: string
description: Primary username of the user in Kinde.
last_name:
type: string
description: User's last name.
first_name:
type: string
description: User's first name.
is_suspended:
type: boolean
description: Whether the user is currently suspended or not.
picture:
type: string
description: User's profile picture URL.
total_sign_ins:
type: integer
description: Total number of user sign ins.
nullable: true
failed_sign_ins:
type: integer
description: Number of consecutive failed user sign ins.
nullable: true
last_signed_in:
type: string
description: Last sign in date in ISO 8601 format.
nullable: true
created_on:
type: string
description: Date of user creation in ISO 8601 format.
nullable: true
organizations:
type: array
description: Array of organizations a user belongs to.
items:
type: string
identities:
type: array
description: Array of identities belonging to the user.
items:
type: object
properties:
type:
type: string
identity:
type: string
billing:
type: object
properties:
customer_id:
type: string
update_user_response:
type: object
properties:
id:
type: string
description: Unique ID of the user in Kinde.
given_name:
type: string
description: User's first name.
family_name:
type: string
description: User's last name.
email:
type: string
description: User's preferred email.
is_suspended:
type: boolean
description: Whether the user is currently suspended or not.
is_password_reset_requested:
type: boolean
description: Whether a password reset has been requested.
picture:
type: string
description: User's profile picture URL.
nullable: true
users:
type: array
description: Array of users.
items:
$ref: '#/components/schemas/user'
users_response:
type: object
properties:
code:
type: string
description: Response code.
message:
type: string
description: Response message.
users:
type: array
items:
type: object
properties:
id:
type: string
description: Unique ID of the user in Kinde.
provided_id:
type: string
description: External ID for user.
email:
type: string
description: Default email address of the user in Kinde.
phone:
type: string
description: User's primary phone number.
username:
type: string
description: Primary username of the user in Kinde.
last_name:
type: string
description: User's last name.
first_name:
type: string
description: User's first name.
is_suspended:
type: boolean
description: Whether the user is currently suspended or not.
picture:
type: string
description: User's profile picture URL.
total_sign_ins:
type: integer
description: Total number of user sign ins.
nullable: true
failed_sign_ins:
type: integer
description: Number of consecutive failed user sign ins.
nullable: true
last_signed_in:
type: string
description: Last sign in date in ISO 8601 format.
nullable: true
created_on:
type: string
description: Date of user creation in ISO 8601 format.
nullable: true
last_organization_sign_ins:
type: array
description: Array of organization sign-in information for the user.
nullable: true
items:
type: object
properties:
org_code:
type: string
description: The organization code.
example: org_d2d85014942
last_signed_in:
type: string
format: date-time
description: The date and time the user last signed in to this organization in ISO 8601 format.
example: '2026-01-28T14:26:02.448856+00:00'
organizations:
type: array
description: Array of organizations a user belongs to.
items:
type: string
identities:
type: array
description: Array of identities belonging to the user.
items:
type: object
properties:
type:
type: string
identity:
type: string
billing:
type: object
properties:
customer_id:
type: string
description: The billing customer id.
example: customer_1245adbc6789
next_token:
type: string
description: Pagination token.
search_users_response:
type: object
properties:
code:
type: string
description: Response code.
message:
type: string
description: Response message.
results:
type: array
items:
type: object
properties:
id:
type: string
description: Unique ID of the user in Kinde.
example: kp_0ba7c433e5d648cf992621ce99d42817
provided_id:
type: string
description: External ID for user.
nullable: true
example: U123456
email:
type: string
description: Default email address of the user in Kinde.
nullable: true
example: user@domain.com
username:
type: string
description: Primary username of the user in Kinde.
nullable: true
example: john.snow
last_name:
type: string
description: User's last name.
example: Snow
first_name:
type: string
description: User's first name.
example: John
is_suspended:
type: boolean
description: Whether the user is currently suspended or not.
example: true
picture:
type: string
description: User's profile picture URL.
example: https://example.com/john_snow.jpg
nullable: true
total_sign_ins:
type: integer
description: Total number of user sign ins.
nullable: true
example: 1
failed_sign_ins:
type: integer
description: Number of consecutive failed user sign ins.
nullable: true
example: 0
last_signed_in:
type: string
description: Last sign in date in ISO 8601 format.
nullable: true
example: '2025-02-12T18:02:23.614638+00:00'
created_on:
type: string
description: Date of user creation in ISO 8601 format.
nullable: true
example: '2025-02-12T18:02:23.614638+00:00'
organizations:
type: array
description: Array of organizations a user belongs to.
items:
type: string
identities:
type: array
description: Array of identities belonging to the user.
items:
type: object
properties:
type:
type: string
identity:
type: string
properties:
type: object
description: The user properties.
additionalProperties:
type: string
api_scopes:
type: array
description: Array of api scopes belonging to the user.
items:
type: object
properties:
org_code:
type: string
scope:
type: string
api_id:
type: string
create_user_response:
type: object
properties:
id:
description: Unique ID of the user in Kinde.
type: string
created:
description: True if the user was successfully created.
type: boolean
identities:
type: array
items:
$ref: '#/components/schemas/user_identity'
create_organization_response:
type: object
properties:
message:
type: string
description: Response message.
example: Success
code:
type: string
description: Response code.
example: OK
organization:
type: object
properties:
code:
description: The organization's unique code.
type: string
example: org_1ccfb819462
billing_customer_id:
description: The billing customer id if the organization was created with the is_create_billing_customer as true
type: string
example: customer_1245adbc6789
user_identity:
type: object
properties:
type:
type: string
description: The type of identity object created.
result:
type: object
description: The result of the user creation operation.
properties:
created:
type: boolean
description: True if the user identity was successfully created.
create_property_response:
type: object
properties:
message:
type: string
code:
type: string
property:
type: object
properties:
id:
description: The property's ID.
type: string
create_identity_response:
type: object
properties:
message:
type: string
code:
type: string
identity:
type: object
properties:
id:
description: The identity's ID.
type: string
get_identities_response:
type: object
properties:
code:
type: string
description: Response code.
message:
type: string
description: Response message.
identities:
type: array
items:
$ref: '#/components/schemas/identity'
has_more:
description: Whether more records exist.
type: boolean
get_user_sessions_response:
type: object
properties:
code:
type: string
example: OK
message:
type: string
example: Success
has_more:
type: boolean
example: false
sessions:
type: array
items:
type: object
properties:
user_id:
description: The unique identifier of the user associated with the session.
type: string
example: kp_5fc30d0547734f30aca617450202169f
org_code:
description: The organization code associated with the session, if applicable.
type: string
nullable: true
example: org_1ccfb819462
client_id:
description: The client ID used to initiate the session.
type: string
example: 3b0b5c6c8fcc464fab397f4969b5f482
expires_on:
description: The timestamp indicating when the session will expire.
type: string
format: date-time
example: '2025-04-02T13:04:20.315701+11:00'
session_id:
description: The unique identifier of the session.
type: string
example: session_0xc75ec12fe8434ffc9d527794f00692e5
started_on:
description: The timestamp when the session was initiated.
type: string
format: date-time
example: '2025-04-01T13:04:20.315701+11:00'
updated_on:
description: The timestamp of the last update to the session.
type: string
format: date-time
example: '2025-04-01T13:04:20+11'
connection_id:
description: The identifier of the connection through which the session was established.
type: string
example: conn_75ab8ec0faae4f73bae9fc64daf120c9
last_ip_address:
description: The last known IP address of the user during this session.
type: string
example: 192.168.65.1
last_user_agent:
description: The last known user agent (browser or app) used during this session.
type: string
example: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
initial_ip_address:
description: The IP address from which the session was initially started.
type: string
example: 192.168.65.1
initial_user_agent:
description: The user agent (browser or app) used when the session was first created.
type: string
example: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
get_user_mfa_response:
type: object
properties:
message:
type: string
code:
type: string
mfa:
type: object
properties:
id:
description: The MFA's identifier.
type: string
example: mfa_01933d1ca1f093e7fad48ebcdb65a871
type:
description: The type of MFA (e.g. email, SMS, authenticator app).
type: string
example: email
created_on:
description: The timestamp when the MFA was created.
type: string
format: date-time
example: '2024-11-18T13:31:46.795085+11:00'
name:
description: The identifier used for MFA (e.g. email address, phone number).
type: string
example: sally@gmail.com
is_verified:
description: Whether the MFA is verified or not.
type: boolean
example: true
usage_count:
description: The number of times MFA has been used.
type: integer
example: 2
last_used_on:
description: The timestamp when the MFA was last used.
type: string
format: date-time
example: '2024-11-18T13:32:07.22538+11:00'
get_properties_response:
type: object
properties:
code:
type: string
description: Response code.
message:
type: string
description: Response message.
properties:
type: array
items:
$ref: '#/components/schemas/property'
has_more:
description: Whether more records exist.
type: boolean
get_property_values_response:
type: object
properties:
code:
type: string
description: Response code.
message:
type: string
description: Response message.
properties:
type: array
items:
$ref: '#/components/schemas/property_value'
next_token:
description: Pagination token.
type: string
create_category_response:
type: object
properties:
message:
type: string
code:
type: string
category:
type: object
properties:
id:
description: The category's ID.
type: string
get_categories_response:
type: object
properties:
code:
type: string
description: Response code.
message:
type: string
description: Response message.
categories:
type: array
items:
$ref: '#/components/schemas/category'
has_more:
description: Whether more records exist.
type: boolean
get_event_response:
type: object
properties:
code:
type: string
description: Response code.
message:
type: string
description: Response message.
event:
type: object
properties:
type:
type: string
source:
type: string
event_id:
type: string
timestamp:
type: integer
description: Timestamp in ISO 8601 format.
data:
type: object
description: Event specific data object.
get_event_types_response:
type: object
properties:
code:
type: string
description: Response code.
message:
type: string
description: Response message.
event_types:
type: array
items:
$ref: '#/components/schemas/event_type'
get_webhooks_response:
type: object
properties:
code:
type: string
description: Response code.
message:
type: string
description: Response message.
webhooks:
type: array
items:
$ref: '#/components/schemas/webhook'
webhook:
type: object
properties:
id:
type: string
name:
type: string
endpoint:
type: string
description:
type: string
event_types:
type: array
items:
type: string
created_on:
type: string
description: Created on date in ISO 8601 format.
create_webhook_response:
type: object
properties:
code:
type: string
description: Response code.
message:
type: string
description: Response message.
webhook:
type: object
properties:
id:
type: string
endpoint:
type: string
update_webhook_response:
type: object
properties:
message:
type: string
code:
type: string
webhook:
type: object
properties:
id:
type: string
create_connection_response:
type: object
properties:
message:
type: string
code:
type: string
connection:
type: object
properties:
id:
description: The connection's ID.
type: string
get_connections_response:
type: object
properties:
code:
type: string
description: Response code.
message:
type: string
description: Response message.
connections:
type: array
items:
$ref: '#/components/schemas/connection'
has_more:
description: Whether more records exist.
type: boolean
delete_webhook_response:
type: object
properties:
code:
type: string
description: Response code.
message:
type: string
description: Response message.
event_type:
type: object
properties:
id:
type: string
code:
type: string
name:
type: string
origin:
type: string
schema:
type: object
organization_item_schema:
type: object
properties:
code:
type: string
description: The unique identifier for the organization.
example: org_1ccfb819462
name:
type: string
description: The organization's name.
example: Acme Corp
handle:
type: string
description: A unique handle for the organization - can be used for dynamic callback urls.
example: acme_corp
nullable: true
is_default:
type: boolean
description: Whether the organization is the default organization.
example: false
external_id:
type: string
description: The organization's external identifier - commonly used when migrating from or mapping to other systems.
example: some1234
nullable: true
is_auto_membership_enabled:
type: boolean
example: true
description: If users become members of this organization when the org code is supplied during authentication.
get_environment_response:
type: object
properties:
code:
type: string
description: Response code.
example: OK
message:
type: string
description: Response message.
example: success_response
environment:
type: object
properties:
code:
type: string
description: The unique identifier for the environment.
example: production
name:
type: string
description: The environment's name.
example: Production
hotjar_site_id:
type: string
description: Your HotJar site ID.
example: 404009
nullable: true
google_analytics_tag:
type: string
description: Your Google Analytics tag.
example: G-1234567
nullable: true
contentsquare_tag_id:
type: string
description: Your Contentsquare Tag ID.
example: 769238b6e1309
nullable: true
is_default:
type: boolean
description: Whether the environment is the default. Typically this is your production environment.
example: true
is_live:
type: boolean
description: Whether the environment is live.
example: true
kinde_domain:
type: string
description: Your domain on Kinde
example: example.kinde.com
custom_domain:
type: string
description: Your custom domain for the environment
nullable: true
example: app.example.com
logo:
type: string
nullable: true
description: The organization's logo URL.
example: https://yoursubdomain.kinde.com/logo?org_code=org_1ccfb819462&cache=311308b8ad3544bf8e572979f0e5748d
logo_dark:
type: string
nullable: true
description: The organization's logo URL to be used for dark themes.
example: https://yoursubdomain.kinde.com/logo_dark?org_code=org_1ccfb819462&cache=311308b8ad3544bf8e572979f0e5748d
favicon_svg:
type: string
nullable: true
description: The organization's SVG favicon URL. Optimal format for most browsers
example: https://yoursubdomain.kinde.com/favicon_svg?org_code=org_1ccfb819462&cache=311308b8ad3544bf8e572979f0e5748d
favicon_fallback:
type: string
nullable: true
description: The favicon URL to be used as a fallback in browsers that don't support SVG, add a PNG
example: https://yoursubdomain.kinde.com/favicon_fallback?org_code=org_1ccfb819462&cache=311308b8ad3544bf8e572979f0e5748d
link_color:
type: object
nullable: true
properties:
raw:
type: string
example: '#0056F1'
hex:
type: string
example: '#0056F1'
hsl:
type: string
example: hsl(220, 100%, 50%)
background_color:
nullable: true
type: object
properties:
raw:
type: string
example: '#ffffff'
hex:
type: string
example: '#ffffff'
hsl:
type: string
example: hsl(0, 0%, 100%)
button_color:
nullable: true
type: object
properties:
raw:
type: string
example: '#0056F1'
hex:
type: string
example: '#0056F1'
hsl:
type: string
example: hsl(220, 100%, 50%)
button_text_color:
nullable: true
type: object
properties:
raw:
type: string
example: '#ffffff'
hex:
type: string
example: '#ffffff'
hsl:
type: string
example: hsl(0, 0%, 100%)
link_color_dark:
type: object
nullable: true
properties:
raw:
type: string
example: '#0056F1'
hex:
type: string
example: '#0056F1'
hsl:
type: string
example: hsl(220, 100%, 50%)
background_color_dark:
type: object
nullable: true
properties:
raw:
type: string
example: '#0056F1'
hex:
type: string
example: '#0056F1'
hsl:
type: string
example: hsl(220, 100%, 50%)
button_text_color_dark:
type: object
nullable: true
properties:
raw:
type: string
example: '#0056F1'
hex:
type: string
example: '#0056F1'
hsl:
type: string
example: hsl(220, 100%, 50%)
button_color_dark:
type: object
nullable: true
properties:
raw:
type: string
example: '#0056F1'
hex:
type: string
example: '#0056F1'
hsl:
type: string
example: hsl(220, 100%, 50%)
button_border_radius:
type: integer
nullable: true
description: The border radius for buttons. Value is px, Kinde transforms to rem for rendering
example: 8
card_border_radius:
type: integer
nullable: true
description: The border radius for cards. Value is px, Kinde transforms to rem for rendering
example: 16
input_border_radius:
type: integer
nullable: true
description: The border radius for inputs. Value is px, Kinde transforms to rem for rendering
example: 4
theme_code:
type: string
description: Whether the environment is forced into light mode, dark mode or user preference
enum:
- light
- dark
- user_preference
color_scheme:
type: string
description: The color scheme for the environment used for meta tags based on the theme code
enum:
- light
- dark
- light dark
created_on:
type: string
description: Date of environment creation in ISO 8601 format.
example: '2021-01-01T00:00:00Z'
get_organization_response:
type: object
properties:
code:
type: string
description: The unique identifier for the organization.
example: org_1ccfb819462
name:
type: string
description: The organization's name.
example: Acme Corp
handle:
type: string
description: A unique handle for the organization - can be used for dynamic callback urls.
example: acme_corp
nullable: true
is_default:
type: boolean
description: Whether the organization is the default organization.
example: false
external_id:
type: string
description: The organization's external identifier - commonly used when migrating from or mapping to other systems.
example: some1234
nullable: true
is_auto_membership_enabled:
type: boolean
example: true
description: If users become members of this organization when the org code is supplied during authentication.
logo:
type: string
nullable: true
description: The organization's logo URL.
example: https://yoursubdomain.kinde.com/logo?org_code=org_1ccfb819462&cache=311308b8ad3544bf8e572979f0e5748d
logo_dark:
type: string
nullable: true
description: The organization's logo URL to be used for dark themes.
example: https://yoursubdomain.kinde.com/logo_dark?org_code=org_1ccfb819462&cache=311308b8ad3544bf8e572979f0e5748d
favicon_svg:
type: string
nullable: true
description: The organization's SVG favicon URL. Optimal format for most browsers
example: https://yoursubdomain.kinde.com/favicon_svg?org_code=org_1ccfb819462&cache=311308b8ad3544bf8e572979f0e5748d
favicon_fallback:
type: string
nullable: true
description: The favicon URL to be used as a fallback in browsers that don't support SVG, add a PNG
example: https://yoursubdomain.kinde.com/favicon_fallback?org_code=org_1ccfb819462&cache=311308b8ad3544bf8e572979f0e5748d
allowed_domains:
type: array
description: Domains allowed for self-sign up to this environment. Empty array means no restrictions.
example:
- https://acme.kinde.com
- https://acme.com
items:
type: string
link_color:
type: object
nullable: true
properties:
raw:
type: string
example: '#0056F1'
hex:
type: string
example: '#0056F1'
hsl:
type: string
example: hsl(220, 100%, 50%)
background_color:
nullable: true
type: object
properties:
raw:
type: string
example: '#ffffff'
hex:
type: string
example: '#ffffff'
hsl:
type: string
example: hsl(0, 0%, 100%)
button_color:
nullable: true
type: object
properties:
raw:
type: string
example: '#0056F1'
hex:
type: string
example: '#0056F1'
hsl:
type: string
example: hsl(220, 100%, 50%)
button_text_color:
nullable: true
type: object
properties:
raw:
type: string
example: '#ffffff'
hex:
type: string
example: '#ffffff'
hsl:
type: string
example: hsl(0, 0%, 100%)
link_color_dark:
type: object
nullable: true
properties:
raw:
type: string
example: '#0056F1'
hex:
type: string
example: '#0056F1'
hsl:
type: string
example: hsl(220, 100%, 50%)
background_color_dark:
type: object
nullable: true
properties:
raw:
type: string
example: '#0056F1'
hex:
type: string
example: '#0056F1'
hsl:
type: string
example: hsl(220, 100%, 50%)
button_text_color_dark:
type: object
nullable: true
properties:
raw:
type: string
example: '#0056F1'
hex:
type: string
example: '#0056F1'
hsl:
type: string
example: hsl(220, 100%, 50%)
button_color_dark:
type: object
nullable: true
properties:
raw:
type: string
example: '#0056F1'
hex:
type: string
example: '#0056F1'
hsl:
type: string
example: hsl(220, 100%, 50%)
button_border_radius:
type: integer
nullable: true
description: The border radius for buttons. Value is px, Kinde transforms to rem for rendering
example: 8
card_border_radius:
type: integer
nullable: true
description: The border radius for cards. Value is px, Kinde transforms to rem for rendering
example: 16
input_border_radius:
type: integer
nullable: true
description: The border radius for inputs. Value is px, Kinde transforms to rem for rendering
example: 4
theme_code:
type: string
description: Whether the environment is forced into light mode, dark mode or user preference
enum:
- light
- dark
- user_preference
color_scheme:
type: string
description: The color scheme for the environment used for meta tags based on the theme code
enum:
- light
- dark
- light dark
created_on:
type: string
description: Date of organization creation in ISO 8601 format.
example: '2021-01-01T00:00:00Z'
is_allow_registrations:
nullable: true
type: boolean
example: true
deprecated: true
description: Deprecated - Use 'is_auto_membership_enabled' instead
sender_name:
nullable: true
type: string
example: Acme Corp
description: The name of the organization that will be used in emails
sender_email:
nullable: true
type: string
example: hello@acmecorp.com
description: The email address that will be used in emails. Requires custom SMTP to be set up.
is_suspended:
type: boolean
description: Whether the organization is currently suspended or not.
example: false
suspended_on:
type: string
description: The date the organization was suspended in ISO 8601 format. Null if not suspended.
nullable: true
example: '2021-01-01T00:00:00Z'
billing:
type: object
description: The billing information if the organization is a billing customer.
properties:
billing_customer_id:
type: string
agreements:
type: array
description: The billing agreements the billing customer is currently subscribed to
items:
type: object
properties:
plan_code:
type: string
example: pro
description: The code of the plan from which this agreement is taken from
agreement_id:
type: string
example: agreement_a1234b
description: The id of the billing agreement in Kinde
organization_user:
type: object
properties:
id:
type: string
example: kp:97c2ba24217d48e3b96a799b76cf2c74
description: The unique ID for the user.
nullable: true
email:
type: string
example: john.snow@example.com
description: The user's email address.
nullable: true
full_name:
type: string
example: John Snow
description: The user's full name.
last_name:
type: string
example: Snow
description: The user's last name.
nullable: true
first_name:
type: string
example: John
description: The user's first name.
nullable: true
picture:
type: string
example: https://example.com/john_snow.jpg
description: The user's profile picture URL.
nullable: true
joined_on:
type: string
example: '2021-01-01T00:00:00Z'
description: The date the user joined the organization.
last_accessed_on:
type: string
example: '2022-01-01T00:00:00Z'
description: The date the user last accessed the organization.
nullable: true
is_suspended:
type: boolean
description: Whether the user is currently suspended or not.
example: false
roles:
type: array
description: The roles the user has in the organization.
items:
type: string
example: admin
description: The role's key.
category:
type: object
properties:
id:
type: string
name:
type: string
connection:
type: object
properties:
code:
type: string
description: Response code.
message:
type: string
description: Response message.
connection:
type: object
properties:
id:
type: string
name:
type: string
display_name:
type: string
strategy:
type: string
environment_variable:
type: object
properties:
id:
description: The unique ID for the environment variable.
type: string
example: env_var_0192b1941f125645fa15bf28a662a0b3
key:
type: string
description: The name of the environment variable.
example: MY_API_KEY
value:
type: string
description: The value of the environment variable.
example: some-secret
nullable: true
is_secret:
type: boolean
description: Whether the environment variable is sensitive.
example: false
created_on:
type: string
description: The date the environment variable was created.
example: '2021-01-01T00:00:00Z'
identity:
type: object
properties:
id:
type: string
description: The unique ID for the identity
example: identity_019617f0cd72460a42192cf37b41084f
type:
type: string
description: The type of identity
example: email
is_confirmed:
type: boolean
description: Whether the identity is confirmed
example: true
created_on:
type: string
description: Date of user creation in ISO 8601 format
example: '2025-01-01T00:00:00Z'
last_login_on:
type: string
description: Date of last login in ISO 8601 format
example: '2025-01-05T00:00:00Z'
total_logins:
type: integer
example: 20
name:
type: string
description: The value of the identity
example: sally@example.com
email:
type: string
description: The associated email of the identity
example: sally@example.com
is_primary:
type: boolean
description: Whether the identity is the primary identity for the user
nullable: true
example: true
property:
type: object
properties:
id:
type: string
key:
type: string
name:
type: string
is_private:
type: boolean
description:
type: string
is_kinde_property:
type: boolean
property_value:
type: object
properties:
id:
type: string
example: prop_0192b7e8b4f8ca08110d2b22059662a8
name:
type: string
example: Town
description:
type: string
example: Where the entity is located
nullable: true
key:
type: string
example: kp_town
value:
type: string
example: West-side Staines massive
nullable: true
role:
type: object
properties:
id:
type: string
key:
type: string
name:
type: string
description:
type: string
subscribers_subscriber:
type: object
properties:
id:
type: string
email:
type: string
full_name:
type: string
first_name:
type: string
last_name:
type: string
subscriber:
type: object
properties:
id:
type: string
preferred_email:
type: string
first_name:
type: string
last_name:
type: string
organization_user_role:
type: object
properties:
id:
type: string
key:
type: string
name:
type: string
organization_user_role_permissions:
type: object
properties:
id:
type: string
role:
type: string
permissions:
type: object
properties:
key:
type: string
organization_user_permission:
type: object
properties:
id:
type: string
key:
type: string
name:
type: string
description:
type: string
roles:
type: array
items:
type: object
properties:
id:
type: string
key:
type: string
organization_users:
type: array
items:
$ref: '#/components/schemas/organization_user'
get_subscriber_response:
type: object
properties:
code:
type: string
description: Response code.
message:
type: string
description: Response message.
subscribers:
type: array
items:
$ref: '#/components/schemas/subscriber'
get_subscribers_response:
type: object
properties:
code:
type: string
description: Response code.
message:
type: string
description: Response message.
subscribers:
type: array
items:
$ref: '#/components/schemas/subscribers_subscriber'
next_token:
description: Pagination token.
type: string
get_roles_response:
type: object
properties:
code:
type: string
description: Response code.
message:
type: string
description: Response message.
roles:
type: array
items:
$ref: '#/components/schemas/roles'
next_token:
description: Pagination token.
type: string
get_role_response:
type: object
properties:
code:
type: string
description: Response code.
message:
type: string
description: Response message.
role:
type: object
properties:
id:
type: string
description: The role's ID.
example: 01929904-316d-bb2c-069f-99dfea4ac394
key:
type: string
description: The role identifier to use in code.
example: admin
name:
type: string
description: The role's name.
example: Administrator
description:
type: string
description: The role's description.
example: Full access to all resources.
is_default_role:
type: boolean
description: Whether the role is the default role.
example: false
create_roles_response:
type: object
properties:
code:
type: string
description: Response code.
message:
type: string
description: Response message.
role:
type: object
properties:
id:
type: string
description: The role's ID.
add_role_scope_response:
type: object
properties:
code:
type: string
description: Response code.
example: ROLE_SCOPE_ADDED
message:
type: string
description: Response message.
example: Scope added to role
delete_role_scope_response:
type: object
properties:
code:
type: string
description: Response code.
example: SCOPE_DELETED
message:
type: string
description: Response message.
example: Scope deleted from role
get_organizations_response:
type: object
properties:
code:
type: string
description: Response code.
example: OK
message:
type: string
description: Response message.
example: Success
organizations:
type: array
items:
$ref: '#/components/schemas/organization_item_schema'
next_token:
description: Pagination token.
type: string
example: Mjo5Om1hbWVfYZNj
get_organization_users_response:
type: object
properties:
code:
type: string
description: Response code.
example: OK
message:
type: string
description: Response message.
example: Success
organization_users:
type: array
items:
$ref: '#/components/schemas/organization_user'
next_token:
type: string
description: Pagination token.
get_organizations_user_roles_response:
type: object
properties:
code:
type: string
description: Response code.
message:
type: string
description: Response message.
roles:
type: array
items:
$ref: '#/components/schemas/organization_user_role'
next_token:
type: string
description: Pagination token.
get_organizations_user_permissions_response:
type: object
properties:
code:
type: string
description: Response code.
message:
type: string
description: Response message.
permissions:
type: array
items:
$ref: '#/components/schemas/organization_user_permission'
get_organization_invites_response:
type: object
properties:
code:
type: string
description: Response code.
example: OK
message:
type: string
description: Response message.
example: Success
invites:
type: array
items:
$ref: '#/components/schemas/organization_invite'
next_token:
type: string
description: Pagination token.
nullable: true
get_organization_invite_response:
type: object
properties:
message:
type: string
description: Response message.
example: Success
id:
type: string
description: The invitation's unique identifier.
example: inv_abc123def456
code:
type: string
description: The invitation's code.
example: inv_abc123def456
email:
type: string
description: The email address of the invited user.
example: user@example.com
first_name:
type: string
description: The first name of the invited user.
nullable: true
example: John
last_name:
type: string
description: The last name of the invited user.
nullable: true
example: Doe
full_name:
type: string
description: The full name of the invited user.
example: John Doe
created_on:
type: string
format: date-time
description: When the invitation was created.
example: '2024-11-18T13:32:03+11'
is_sent:
type: boolean
description: Whether the invitation email was sent.
example: true
accepted_on:
type: string
format: date-time
description: When the invitation was accepted.
nullable: true
example: '2024-11-19T10:15:30+11'
roles:
type: array
description: The roles assigned to the invitation.
items:
type: object
properties:
key:
type: string
description: The role's key.
example: admin
name:
type: string
description: The role's name.
example: Administrator
example:
- key: admin
name: Administrator
- key: manager
name: Manager
is_revoked:
type: boolean
description: Whether the invitation has been revoked.
example: false
invite_link:
type: string
description: URL to share with the invitee to accept the invitation.
example: https://example.kinde.com/team_invitation?code=inv_abc123def456
create_organization_invite_response:
type: object
properties:
code:
type: string
description: Response code.
example: INVITATION_CREATED
message:
type: string
description: Response message.
example: Invitation created
invite:
type: object
properties:
id:
type: string
description: The invitation's unique identifier.
example: inv_abc123def456
code:
type: string
description: The invitation's code.
example: inv_abc123def456
email:
type: string
description: The email address of the invited user.
example: user@example.com
first_name:
type: string
description: The first name of the invited user.
nullable: true
example: John
last_name:
type: string
description: The last name of the invited user.
nullable: true
example: Doe
full_name:
type: string
description: The full name of the invited user.
example: John Doe
created_on:
type: string
format: date-time
description: When the invitation was created.
example: '2024-11-18T13:32:03+11'
is_sent:
type: boolean
description: Whether the invitation email was sent.
example: true
accepted_on:
type: string
format: date-time
description: When the invitation was accepted. Always null for a freshly created invitation.
nullable: true
example: null
roles:
type: array
description: The roles assigned to the invitation.
items:
type: object
properties:
key:
type: string
description: The role's key.
example: admin
name:
type: string
description: The role's name.
example: Administrator
example:
- key: admin
name: Administrator
- key: manager
name: Manager
is_revoked:
type: boolean
description: Whether the invitation has been revoked. Always false for a freshly created invitation.
example: false
invite_link:
type: string
description: URL to share with the invitee to accept the invitation.
example: https://example.kinde.com/team_invitation?code=inv_abc123def456
organization_invite:
type: object
properties:
id:
type: string
description: The invitation's unique identifier.
example: inv_abc123def456
code:
type: string
description: The invitation's code.
example: inv_abc123def456
email:
type: string
description: The email address of the invited user.
example: user@example.com
first_name:
type: string
description: The first name of the invited user.
nullable: true
example: John
last_name:
type: string
description: The last name of the invited user.
nullable: true
example: Doe
full_name:
type: string
description: The full name of the invited user.
example: John Doe
created_on:
type: string
format: date-time
description: When the invitation was created.
example: '2024-11-18T13:32:03+11'
is_sent:
type: boolean
description: Whether the invitation email was sent.
example: true
accepted_on:
type: string
format: date-time
description: When the invitation was accepted.
nullable: true
example: '2024-11-19T10:15:30+11'
roles:
type: array
description: The roles assigned to the invitation.
items:
type: object
properties:
key:
type: string
description: The role's key.
example: admin
name:
type: string
description: The role's name.
example: Administrator
example:
- key: admin
name: Administrator
- key: manager
name: Manager
is_revoked:
type: boolean
description: Whether the invitation has been revoked.
example: false
invite_link:
type: string
description: URL to share with the invitee to accept the invitation.
example: https://example.kinde.com/team_invitation?code=inv_abc123def456
get_organization_feature_flags_response:
type: object
properties:
code:
type: string
description: Response code.
message:
type: string
description: Response message.
feature_flags:
type: object
description: The environment's feature flag settings.
additionalProperties:
type: object
properties:
type:
type: string
enum:
- str
- int
- bool
value:
type: string
get_environment_feature_flags_response:
type: object
properties:
code:
type: string
description: Response code.
message:
type: string
description: Response message.
feature_flags:
type: object
description: The environment's feature flag settings.
additionalProperties:
type: object
properties:
type:
type: string
enum:
- str
- int
- bool
value:
type: string
next_token:
type: string
description: Pagination token.
add_organization_users_response:
type: object
properties:
code:
type: string
description: Response code.
message:
type: string
description: Response message.
users_added:
type: array
items:
type: string
update_role_permissions_response:
type: object
properties:
code:
type: string
message:
type: string
permissions_added:
type: array
items:
type: string
permissions_removed:
type: array
items:
type: string
update_organization_users_response:
type: object
properties:
message:
type: string
example: Success
code:
type: string
example: OK
users_added:
type: array
items:
type: string
example: kp_057ee6debc624c70947b6ba512908c35
users_updated:
type: array
items:
type: string
example: kp_057ee6debc624c70947b6ba512908c35
users_removed:
type: array
items:
type: string
example: kp_057ee6debc624c70947b6ba512908c35
connected_apps_auth_url:
type: object
properties:
url:
type: string
description: A URL that is used to authenticate an end-user against a connected app.
session_id:
type: string
description: A unique identifier for the login session.
create_subscriber_success_response:
type: object
properties:
subscriber:
type: object
properties:
subscriber_id:
type: string
description: A unique identifier for the subscriber.
connected_apps_access_token:
type: object
properties:
access_token:
type: string
description: The access token to access a third-party provider.
access_token_expiry:
type: string
description: The date and time that the access token expires.
api_result:
type: object
properties:
result:
type: string
description: The result of the api operation.
create_application_response:
type: object
properties:
code:
type: string
description: Response code.
message:
type: string
description: Response message.
application:
type: object
properties:
id:
description: The application's identifier.
type: string
example: 3b0b5c6c8fcc464fab397f4969b5f482
client_id:
description: The application's client ID.
type: string
example: 3b0b5c6c8fcc464fab397f4969b5f482
client_secret:
description: The application's client secret.
type: string
example: sUJSHI3ZQEVTJkx6hOxdOSHaLsZkCBRFLzTNOI791rX8mDjgt7LC
get_application_response:
type: object
properties:
code:
type: string
description: Response code.
message:
type: string
description: Response message.
application:
type: object
properties:
id:
description: The application's identifier.
type: string
example: 3b0b5c6c8fcc464fab397f4969b5f482
name:
description: The application's name.
type: string
example: My React app
type:
description: The application's type.
type: string
enum:
- m2m
- reg
- spa
client_id:
description: The application's client ID.
type: string
example: 3b0b5c6c8fcc464fab397f4969b5f482
client_secret:
description: The application's client secret.
type: string
example: sUJSHI3ZQEVTJkx6hOxdOSHaLsZkCBRFLzTNOI791rX8mDjgt7LC
login_uri:
description: The default login route for resolving session issues.
type: string
example: https://yourapp.com/api/auth/login
homepage_uri:
description: The homepage link to your application.
type: string
example: https://yourapp.com
has_cancel_button:
description: Whether the application has a cancel button to allow users to exit the auth flow [Beta].
type: boolean
example: false
applications:
type: object
properties:
id:
type: string
name:
type: string
type:
type: string
get_applications_response:
type: object
properties:
code:
type: string
description: Response code.
message:
type: string
description: Response message.
applications:
type: array
items:
$ref: '#/components/schemas/applications'
next_token:
description: Pagination token.
type: string
redirect_callback_urls:
type: object
properties:
redirect_urls:
type: array
description: An application's redirect URLs.
items:
type: string
get_redirect_callback_urls_response:
type: object
properties:
redirect_urls:
description: An application's redirect callback URLs.
type: array
items:
$ref: '#/components/schemas/redirect_callback_urls'
logout_redirect_urls:
type: object
properties:
logout_urls:
type: array
description: An application's logout URLs.
items:
type: string
code:
type: string
description: Response code.
example: OK
message:
type: string
description: Response message.
example: Success
get_permissions_response:
type: object
properties:
code:
type: string
description: Response code.
message:
type: string
description: Response message.
permissions:
type: array
items:
$ref: '#/components/schemas/permissions'
next_token:
type: string
description: Pagination token.
permissions:
type: object
properties:
id:
type: string
description: The permission's ID.
key:
type: string
description: The permission identifier to use in code.
name:
type: string
description: The permission's name.
description:
type: string
description: The permission's description.
scopes:
type: object
properties:
id:
type: string
description: Scope ID.
example: api_scope_019541f3fa0c874fc47b3ae73585b21c
key:
type: string
description: Scope key.
example: create:users
description:
type: string
description: Description of scope.
example: Create users
api_id:
type: string
description: API ID.
example: 3635b4431f174de6b789c67481bd0c7a
roles:
type: object
properties:
id:
type: string
description: The role's ID.
key:
type: string
description: The role identifier to use in code.
name:
type: string
description: The role's name.
description:
type: string
description: The role's description.
nullable: true
is_default_role:
type: boolean
description: Whether the role is the default role.
role_permissions_response:
type: object
properties:
code:
type: string
description: Response code.
message:
type: string
description: Response message.
permissions:
type: array
items:
$ref: '#/components/schemas/permissions'
next_token:
type: string
description: Pagination token.
role_scopes_response:
type: object
properties:
code:
type: string
description: Response code.
example: OK
message:
type: string
description: Response message.
example: Success
scopes:
type: array
items:
$ref: '#/components/schemas/scopes'
read_logo_response:
type: object
properties:
code:
type: string
description: Response code.
example: OK
logos:
type: array
description: A list of logos.
items:
type: object
properties:
type:
type: string
description: The type of logo (light or dark).
example: light
file_name:
type: string
description: The name of the logo file.
example: kinde_light.jpeg
path:
type: string
description: The relative path to the logo file.
example: /logo?p_org_code=org_1767f11ce62
message:
type: string
description: Response message.
example: Success
read_env_logo_response:
type: object
properties:
code:
type: string
description: Response code.
example: OK
logos:
type: array
description: A list of logos.
items:
type: object
properties:
type:
type: string
description: The type of logo (light or dark).
example: light
file_name:
type: string
description: The name of the logo file.
example: kinde_light.jpeg
message:
type: string
description: Response message.
example: Success
get_billing_entitlements_response:
type: object
properties:
code:
type: string
description: Response code.
example: OK
message:
type: string
description: Response message.
example: Success
has_more:
description: Whether more records exist.
type: boolean
entitlements:
type: array
description: A list of entitlements
items:
type: object
properties:
id:
type: string
description: The friendly id of an entitlement
example: entitlement_0195ac80a14e8d71f42b98e75d3c61ad
fixed_charge:
type: integer
description: The price charged if this is an entitlement for a fixed charged
example: 35
price_name:
type: string
description: The name of the price associated with the entitlement
example: Pro gym
unit_amount:
type: integer
description: The price charged for this entitlement in cents
feature_code:
type: string
description: The feature code of the feature corresponding to this entitlement
example: CcdkvEXpbg6UY
feature_name:
type: string
description: The feature name of the feature corresponding to this entitlement
example: Pro Gym
entitlement_limit_max:
type: integer
description: The maximum number of units of the feature the customer is entitled to
entitlement_limit_min:
type: integer
description: The minimum number of units of the feature the customer is entitled to
plans:
type: array
description: A list of plans.
items:
type: object
properties:
code:
type: string
description: The plan code the billing customer is subscribed to
subscribed_on:
type: string
format: date-time
example: '2024-11-18T13:32:03+11'
get_billing_agreements_response:
type: object
properties:
code:
type: string
description: Response code.
example: OK
message:
type: string
description: Response message.
example: Success
has_more:
description: Whether more records exist.
type: boolean
agreements:
type: array
description: A list of billing agreements
items:
type: object
properties:
id:
type: string
description: The friendly id of an agreement
example: agreement_0195ac80a14c2ca2cec97d026d864de0
plan_code:
type: string
description: The plan code the billing customer is subscribed to
expires_on:
type: string
format: date-time
description: The date the agreement expired (and was no longer active)
example: '2024-11-18T13:32:03+11'
billing_group_id:
type: string
description: The friendly id of the billing group this agreement's plan is part of
example: sbg_0195abf6773fdae18d5da72281a3fde2
entitlements:
type: array
description: A list of billing entitlements that is part of this agreement
items:
type: object
properties:
feature_code:
type: string
description: The feature code of the feature corresponding to this entitlement
example: CcdkvEXpbg6UY
entitlement_id:
type: string
description: The friendly id of an entitlement
example: entitlement_0195ac80a14e8d71f42b98e75d3c61ad
create_meter_usage_record_response:
type: object
properties:
message:
type: string
description: Response message.
example: Success
code:
type: string
description: Response code.
example: OK
get_api_keys_response:
type: object
properties:
code:
type: string
description: Response code.
example: OK
message:
type: string
description: Response message.
example: Success
has_more:
description: Whether more records exist.
type: boolean
api_keys:
type: array
items:
type: object
properties:
id:
description: The unique ID for the API key.
type: string
example: api_key_0195ac80a14e8d71f42b98e75d3c61ad
name:
type: string
description: The API key's name.
example: My API Key
type:
type: string
description: The type of API key.
example: organization
status:
type: string
description: The status of the API key.
example: active
key_prefix:
type: string
description: The first 6 characters of the API key for identification.
example: kinde_
key_suffix:
type: string
description: The last 4 characters of the API key for identification.
example: abcd
nullable: true
created_on:
type: string
format: date-time
description: When the API key was created.
example: '2024-11-18T13:32:03+11'
last_verified_on:
type: string
format: date-time
description: When the API key was last verified.
example: '2024-11-18T13:32:03+11'
nullable: true
last_verified_ip:
type: string
description: The IP address from which the API key was last verified.
example: 192.168.1.1
nullable: true
created_by:
type: string
description: The name of the user who created the API key.
example: John Doe
nullable: true
api_ids:
type: array
description: Array of API IDs associated with this key.
items:
type: string
example:
- api_123
- api_456
scopes:
type: array
description: Array of scopes associated with this key.
items:
type: string
example:
- read:users
- write:users
rotate_api_key_response:
type: object
properties:
code:
type: string
description: Response code.
example: API_KEY_ROTATED
message:
type: string
description: Response message.
example: API key rotated successfully
api_key:
type: object
properties:
id:
type: string
description: The unique ID for the API key.
example: api_key_0195ac80a14e8d71f42b98e75d3c61ad
key:
type: string
description: The new API key value (only shown once).
example: k_live_1234567890abcdef1234567890abcdef
create_api_key_response:
type: object
properties:
message:
type: string
description: A Kinde generated message.
example: API key created
code:
type: string
description: A Kinde generated status code.
example: API_KEY_CREATED
api_key:
type: object
properties:
id:
description: The unique ID for the API key.
type: string
example: api_key_0195ac80a14e8d71f42b98e75d3c61ad
key:
description: The API key value (only shown once on creation).
type: string
example: k_live_1234567890abcdef
verify_api_key_response:
type: object
properties:
code:
type: string
description: Response code.
example: API_KEY_VERIFIED
message:
type: string
description: Response message.
example: API key verified
is_valid:
type: boolean
description: Whether the API key is valid.
example: true
key_id:
type: string
description: The unique ID for the API key.
example: api_key_0195ac80a14e8d71f42b98e75d3c61ad
status:
type: string
description: The status of the API key.
example: active
scopes:
type: array
description: Array of scopes associated with this key.
items:
type: string
example:
- read:users
- write:users
org_code:
type: string
description: The organization code associated with this key.
example: org_123
nullable: true
user_id:
type: string
description: The user ID associated with this key.
example: user_456
nullable: true
last_verified_on:
type: string
format: date-time
description: When the API key was last verified.
example: '2024-11-18T13:32:03+11'
nullable: true
verification_count:
type: integer
description: Number of times this API key has been verified.
example: 42
get_api_key_response:
type: object
properties:
code:
type: string
description: Response code.
example: OK
message:
type: string
description: Response message.
example: Success
api_key:
type: object
properties:
id:
description: The unique ID for the API key.
type: string
example: api_key_0195ac80a14e8d71f42b98e75d3c61ad
name:
type: string
description: The API key's name.
example: My API Key
type:
type: string
description: The type of API key.
example: organization
status:
type: string
description: The status of the API key.
example: active
key_prefix:
type: string
description: The first 6 characters of the API key for identification.
example: k_live
key_suffix:
type: string
description: The last 4 characters of the API key for identification.
example: abcd
nullable: true
created_on:
type: string
format: date-time
description: When the API key was created.
example: '2024-11-18T13:32:03+11'
last_verified_on:
type: string
format: date-time
description: When the API key was last verified.
example: '2024-11-18T13:32:03+11'
nullable: true
last_verified_ip:
type: string
description: The IP address from which the API key was last verified.
example: 192.168.1.1
nullable: true
created_by:
type: string
description: The name of the user who created the API key.
example: John Doe
nullable: true
api_ids:
type: array
description: Array of API IDs associated with this key.
items:
type: string
example:
- api_123
- api_456
scopes:
type: array
description: Array of scopes associated with this key.
items:
type: string
example:
- read:users
- write:users
verification_count:
type: integer
description: Number of times this API key has been verified.
example: 42
nullable: true
organization_id:
type: string
description: The organization code associated with this key.
example: org_123
nullable: true
user_id:
type: string
description: The user ID associated with this key.
example: user_456
nullable: true
get_directories_response:
type: object
properties:
code:
type: string
description: Response code.
example: OK
message:
type: string
description: Response message.
example: Success
has_more:
description: Whether more records exist.
type: boolean
directories:
type: array
items:
$ref: '#/components/schemas/directory'
get_directory_response:
type: object
properties:
code:
type: string
description: Response code.
example: OK
message:
type: string
description: Response message.
example: Success
directory:
$ref: '#/components/schemas/directory'
create_directory_response:
type: object
properties:
code:
type: string
description: Response code.
example: DIRECTORY_CREATED
message:
type: string
description: Response message.
example: SCIM directory created successfully
directory:
$ref: '#/components/schemas/directory'
update_directory_response:
type: object
properties:
code:
type: string
description: Response code.
example: DIRECTORY_UPDATED
message:
type: string
description: Response message.
example: SCIM directory updated successfully
directory:
$ref: '#/components/schemas/directory'
delete_directory_response:
type: object
properties:
code:
type: string
description: Response code.
example: DIRECTORY_DELETED
message:
type: string
description: Response message.
example: SCIM directory deleted successfully
directory:
type: object
properties:
id:
type: string
description: The unique ID for the SCIM directory.
example: directory_0192b1941f125645fa15bf28a662a0b3
directory_name:
type: string
description: The name of the SCIM directory.
example: Production Directory
directory_endpoint_id:
type: string
description: The endpoint ID for the SCIM directory.
example: ksde_0192b1941f125645fa15bf28a662a0b3
secret_token:
type: string
description: The secret token for SCIM authentication.
example: kstkn_0192b1941f125645fa15bf28a662a0b3
status:
type: string
description: The current status of the SCIM directory.
enum:
- Pending
- Validating
- Active
- Inactive
- Error
example: Pending
organization_code:
type: string
description: The organization code this directory belongs to.
example: org_1ccfb819462
last_sync_started_at:
type: string
format: date-time
description: When the last sync started.
example: '2024-11-18T13:32:03+11'
nullable: true
last_sync_completed_at:
type: string
format: date-time
description: When the last sync completed.
example: '2024-11-18T13:32:03+11'
nullable: true
last_sync_error:
type: string
description: The last sync error message.
example: Connection timeout
nullable: true
created_on:
type: string
format: date-time
description: When the directory was created.
example: '2024-11-18T13:32:03+11'
securitySchemes:
kindeBearerAuth:
description: |
Requires an access token obtained using the client_credentials flow.
type: http
scheme: bearer
bearerFormat: JWT