Skip to main content

gRPC + REST API Overview

There are two main API types available in Ory:

  • Admin APIs, which are often used by the application backend, offer privileged access that's not available to end users. To use Admin APIs, you need an Ory Network API Key.


    Read Authorization with API Keys to learn more about API Keys in the Ory Network.

  • Public APIs, which are often used by the application frontend, don't require an Ory Network API key because:

    • they don't require authorization and can be accessed by any client, for example, an application's login page.
    • they implement a protocol that defines what authorization mechanism must be used, for example, OAuth2 Client Credentials.

Both APIs are available at your project's domain:


# When you use a custom domain with Ory:

This endpoint is your SDK URL. Use it when configuring Ory SDKs and tools.

import { Configuration, IdentityApi } from "@ory/client"

const identity = new IdentityApi(
new Configuration({
basePath: "",
baseOptions: {
withCredentials: true,


All services at Ory provide REST APIs. Check the REST API Reference for a complete API overview.


Ory Permissions supports gRPC APIs.


All Ory public APIs support CORS. For details on how to configure CORS for Ory Network, please refer to the CORS documentation. For self-hosted, the CORS configuration is part of the configuration file.