Version: v0.4

REST API

Welcome to the ORY Kratos HTTP API documentation!

info

You are viewing REST API documentation. This documentation is auto-generated from a swagger specification which itself is generated from annotations in the source code of the project. It is possible that this documentation includes bugs and that code samples are incomplete or wrong.

If you find issues in the respective documentation, please do not edit the Markdown files directly (as they are generated) but raise an issue on the project's GitHub presence instead. This documentation will improve over time with your help! If you have ideas how to improve this part of the documentation, feel free to share them in a GitHub issue any time.

health

Check alive status

GET /health/alive HTTP/1.1
Accept: application/json

This endpoint returns a 200 status code when the HTTP server is up running. This status does currently not include checks whether the database connection is working.

If the service supports TLS Edge Termination, this endpoint does not require the X-Forwarded-Proto header to be set.

Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance.

Responses

Overview
StatusMeaningDescriptionSchema
200OKhealthStatushealthStatus
500Internal Server ErrorgenericErrorgenericError
Examples
200 response
{
"status": "string"
}

Code samples

curl -X GET /health/alive \
-H 'Accept: application/json'

Check readiness status

GET /health/ready HTTP/1.1
Accept: application/json

This endpoint returns a 200 status code when the HTTP server is up running and the environment dependencies (e.g. the database) are responsive as well.

If the service supports TLS Edge Termination, this endpoint does not require the X-Forwarded-Proto header to be set.

Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance.

Responses

Overview
StatusMeaningDescriptionSchema
200OKhealthStatushealthStatus
503Service UnavailablehealthNotReadyStatushealthNotReadyStatus
Examples
200 response
{
"status": "string"
}

Code samples

curl -X GET /health/ready \
-H 'Accept: application/json'

Administrative Endpoints

List all identities in the system

GET /identities HTTP/1.1
Accept: application/json

This endpoint returns a login request's context with, for example, error details and other information.

Learn how identities work in ORY Kratos' User And Identity Model Documentation.

Responses

Overview
StatusMeaningDescriptionSchema
200OKA list of identities.Inline
500Internal Server ErrorgenericErrorgenericError
##### Response Schema

Status Code 200

NameTypeRequiredRestrictionsDescription
anonymous[Identity]falsenonenone
» idUUID(uuid4)truenonenone
» recovery_addresses[RecoveryAddress]falsenoneRecoveryAddresses contains all the addresses that can be used to recover an identity.
»» idUUID(uuid4)truenonenone
»» valuestringtruenonenone
»» viaRecoveryAddressTypetruenonenone
» schema_idstringtruenoneSchemaID is the ID of the JSON Schema to be used for validating the identity's traits.
» schema_urlstringfalsenoneSchemaURL is the URL of the endpoint where the identity's traits schema can be fetched from. format: url
» traitsTraitstruenonenone
» verifiable_addresses[VerifiableAddress]falsenoneVerifiableAddresses contains all the addresses that can be verified by the user.
»» expires_atstring(date-time)truenonenone
»» idUUID(uuid4)truenonenone
»» valuestringtruenonenone
»» verifiedbooleantruenonenone
»» verified_atstring(date-time)falsenonenone
»» viaVerifiableAddressTypetruenonenone
Examples
200 response
[
{
"id": "string",
"recovery_addresses": [
{
"id": "string",
"value": "string",
"via": "string"
}
],
"schema_id": "string",
"schema_url": "string",
"traits": {},
"verifiable_addresses": [
{
"expires_at": "2019-08-24T14:15:22Z",
"id": "string",
"value": "string",
"verified": true,
"verified_at": "2019-08-24T14:15:22Z",
"via": "string"
}
]
}
]

Code samples

curl -X GET /identities \
-H 'Accept: application/json'

Create an identity

POST /identities HTTP/1.1
Content-Type: application/json
Accept: application/json

This endpoint creates an identity. It is NOT possible to set an identity's credentials (password, ...) using this method! A way to achieve that will be introduced in the future.

Learn how identities work in ORY Kratos' User And Identity Model Documentation.

Request body

{
"id": "string",
"recovery_addresses": [
{
"id": "string",
"value": "string",
"via": "string"
}
],
"schema_id": "string",
"schema_url": "string",
"traits": {},
"verifiable_addresses": [
{
"expires_at": "2019-08-24T14:15:22Z",
"id": "string",
"value": "string",
"verified": true,
"verified_at": "2019-08-24T14:15:22Z",
"via": "string"
}
]
}

Parameters

ParameterInTypeRequiredDescription
bodybodyIdentitytruenone

Responses

Overview
StatusMeaningDescriptionSchema
201CreatedA single identity.Identity
400Bad RequestgenericErrorgenericError
500Internal Server ErrorgenericErrorgenericError
Examples
201 response
{
"id": "string",
"recovery_addresses": [
{
"id": "string",
"value": "string",
"via": "string"
}
],
"schema_id": "string",
"schema_url": "string",
"traits": {},
"verifiable_addresses": [
{
"expires_at": "2019-08-24T14:15:22Z",
"id": "string",
"value": "string",
"verified": true,
"verified_at": "2019-08-24T14:15:22Z",
"via": "string"
}
]
}

Code samples

curl -X POST /identities \
-H 'Content-Type: application/json' \ -H 'Accept: application/json'

Get an identity

GET /identities/{id} HTTP/1.1
Accept: application/json

Learn how identities work in ORY Kratos' User And Identity Model Documentation.

Parameters

ParameterInTypeRequiredDescription
idpathstringtrueID must be set to the ID of identity you want to get

Responses

Overview
StatusMeaningDescriptionSchema
200OKA single identity.Identity
400Bad RequestgenericErrorgenericError
500Internal Server ErrorgenericErrorgenericError
Examples
200 response
{
"id": "string",
"recovery_addresses": [
{
"id": "string",
"value": "string",
"via": "string"
}
],
"schema_id": "string",
"schema_url": "string",
"traits": {},
"verifiable_addresses": [
{
"expires_at": "2019-08-24T14:15:22Z",
"id": "string",
"value": "string",
"verified": true,
"verified_at": "2019-08-24T14:15:22Z",
"via": "string"
}
]
}

Code samples

curl -X GET /identities/{id} \
-H 'Accept: application/json'

Update an identity

PUT /identities/{id} HTTP/1.1
Content-Type: application/json
Accept: application/json

This endpoint updates an identity. It is NOT possible to set an identity's credentials (password, ...) using this method! A way to achieve that will be introduced in the future.

The full identity payload (except credentials) is expected. This endpoint does not support patching.

Learn how identities work in ORY Kratos' User And Identity Model Documentation.

Request body

{
"id": "string",
"recovery_addresses": [
{
"id": "string",
"value": "string",
"via": "string"
}
],
"schema_id": "string",
"schema_url": "string",
"traits": {},
"verifiable_addresses": [
{
"expires_at": "2019-08-24T14:15:22Z",
"id": "string",
"value": "string",
"verified": true,
"verified_at": "2019-08-24T14:15:22Z",
"via": "string"
}
]
}

Parameters

ParameterInTypeRequiredDescription
idpathstringtrueID must be set to the ID of identity you want to update
bodybodyIdentitytruenone

Responses

Overview
StatusMeaningDescriptionSchema
200OKA single identity.Identity
400Bad RequestgenericErrorgenericError
404Not FoundgenericErrorgenericError
500Internal Server ErrorgenericErrorgenericError
Examples
200 response
{
"id": "string",
"recovery_addresses": [
{
"id": "string",
"value": "string",
"via": "string"
}
],
"schema_id": "string",
"schema_url": "string",
"traits": {},
"verifiable_addresses": [
{
"expires_at": "2019-08-24T14:15:22Z",
"id": "string",
"value": "string",
"verified": true,
"verified_at": "2019-08-24T14:15:22Z",
"via": "string"
}
]
}

Code samples

curl -X PUT /identities/{id} \
-H 'Content-Type: application/json' \ -H 'Accept: application/json'

Delete an identity

DELETE /identities/{id} HTTP/1.1
Accept: application/json

This endpoint deletes an identity. This can not be undone.

Learn how identities work in ORY Kratos' User And Identity Model Documentation.

Parameters

ParameterInTypeRequiredDescription
idpathstringtrueID is the identity's ID.

Responses

Overview
StatusMeaningDescriptionSchema
204No ContentEmpty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is
typically 201.None
404Not FoundgenericErrorgenericError
500Internal Server ErrorgenericErrorgenericError
Examples
404 response
{
"error": {
"code": 404,
"debug": "The database adapter was unable to find the element",
"details": {},
"message": "string",
"reason": "string",
"request": "string",
"status": "string"
}
}

Code samples

curl -X DELETE /identities/{id} \
-H 'Accept: application/json'

common

getSchema

GET /schemas/{id} HTTP/1.1
Accept: application/json

Get a traits schema definition

Parameters

ParameterInTypeRequiredDescription
idpathstringtrueID must be set to the ID of schema you want to get

Responses

Overview
StatusMeaningDescriptionSchema
200OKThe raw identity traits schemaInline
404Not FoundgenericErrorgenericError
500Internal Server ErrorgenericErrorgenericError
##### Response Schema
Examples
200 response
{}

Code samples

curl -X GET /schemas/{id} \
-H 'Accept: application/json'

Get the request context of browser-based login user flows

GET /self-service/browser/flows/requests/login?request=string HTTP/1.1
Accept: application/json

This endpoint returns a login request's context with, for example, error details and other information.

When accessing this endpoint through ORY Kratos' Public API, ensure that cookies are set as they are required for CSRF to work. To prevent token scanning attacks, the public endpoint does not return 404 status codes.

More information can be found at ORY Kratos User Login and User Registration Documentation.

Parameters

ParameterInTypeRequiredDescription
requestquerystringtrueRequest is the Login Request ID
Detailed descriptions

request: Request is the Login Request ID

The value for this parameter comes from request URL Query parameter sent to your application (e.g. /login?request=abcde).

Responses

Overview
StatusMeaningDescriptionSchema
200OKloginRequestloginRequest
403ForbiddengenericErrorgenericError
404Not FoundgenericErrorgenericError
410GonegenericErrorgenericError
500Internal Server ErrorgenericErrorgenericError
Examples
200 response
{
"active": "string",
"expires_at": "2019-08-24T14:15:22Z",
"forced": true,
"id": "string",
"issued_at": "2019-08-24T14:15:22Z",
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"methods": {
"property1": {
"config": {
"action": "string",
"fields": [
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
],
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"method": "string",
"providers": [
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
]
},
"method": "string"
},
"property2": {
"config": {
"action": "string",
"fields": [
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
],
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"method": "string",
"providers": [
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
]
},
"method": "string"
}
},
"request_url": "string"
}

Code samples

curl -X GET /self-service/browser/flows/requests/login?request=string \
-H 'Accept: application/json'

Get the request context of browser-based recovery flows

GET /self-service/browser/flows/requests/recovery?request=string HTTP/1.1
Accept: application/json

When accessing this endpoint through ORY Kratos' Public API, ensure that cookies are set as they are required for checking the auth session. To prevent scanning attacks, the public endpoint does not return 404 status codes but instead 403 or 500.

More information can be found at ORY Kratos Account Recovery Documentation.

Parameters

ParameterInTypeRequiredDescription
requestquerystringtrueRequest is the Login Request ID
Detailed descriptions

request: Request is the Login Request ID

The value for this parameter comes from request URL Query parameter sent to your application (e.g. /recover?request=abcde).

Responses

Overview
StatusMeaningDescriptionSchema
200OKrecoveryRequestrecoveryRequest
403ForbiddengenericErrorgenericError
404Not FoundgenericErrorgenericError
410GonegenericErrorgenericError
500Internal Server ErrorgenericErrorgenericError
Examples
200 response
{
"active": "string",
"expires_at": "2019-08-24T14:15:22Z",
"id": "string",
"issued_at": "2019-08-24T14:15:22Z",
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"methods": {
"property1": {
"config": {
"action": "string",
"fields": [
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
],
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"method": "string"
},
"method": "string"
},
"property2": {
"config": {
"action": "string",
"fields": [
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
],
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"method": "string"
},
"method": "string"
}
},
"request_url": "string",
"state": "string"
}

Code samples

curl -X GET /self-service/browser/flows/requests/recovery?request=string \
-H 'Accept: application/json'

Get the request context of browser-based registration user flows

GET /self-service/browser/flows/requests/registration?request=string HTTP/1.1
Accept: application/json

This endpoint returns a registration request's context with, for example, error details and other information.

When accessing this endpoint through ORY Kratos' Public API, ensure that cookies are set as they are required for CSRF to work. To prevent token scanning attacks, the public endpoint does not return 404 status codes.

More information can be found at ORY Kratos User Login and User Registration Documentation.

Parameters

ParameterInTypeRequiredDescription
requestquerystringtrueRequest is the Registration Request ID
Detailed descriptions

request: Request is the Registration Request ID

The value for this parameter comes from request URL Query parameter sent to your application (e.g. /registration?request=abcde).

Responses

Overview
StatusMeaningDescriptionSchema
200OKregistrationRequestregistrationRequest
403ForbiddengenericErrorgenericError
404Not FoundgenericErrorgenericError
410GonegenericErrorgenericError
500Internal Server ErrorgenericErrorgenericError
Examples
200 response
{
"active": "string",
"expires_at": "2019-08-24T14:15:22Z",
"id": "string",
"issued_at": "2019-08-24T14:15:22Z",
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"methods": {
"property1": {
"config": {
"action": "string",
"fields": [
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
],
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"method": "string",
"providers": [
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
]
},
"method": "string"
},
"property2": {
"config": {
"action": "string",
"fields": [
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
],
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"method": "string",
"providers": [
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
]
},
"method": "string"
}
},
"request_url": "string"
}

Code samples

curl -X GET /self-service/browser/flows/requests/registration?request=string \
-H 'Accept: application/json'

Get the request context of browser-based settings flows

GET /self-service/browser/flows/requests/settings?request=string HTTP/1.1
Accept: application/json

When accessing this endpoint through ORY Kratos' Public API, ensure that cookies are set as they are required for checking the auth session. To prevent scanning attacks, the public endpoint does not return 404 status codes but instead 403 or 500.

More information can be found at ORY Kratos User Settings & Profile Management Documentation.

Parameters

ParameterInTypeRequiredDescription
requestquerystringtrueRequest is the Login Request ID
Detailed descriptions

request: Request is the Login Request ID

The value for this parameter comes from request URL Query parameter sent to your application (e.g. /settingss?request=abcde).

Responses

Overview
StatusMeaningDescriptionSchema
200OKsettingsRequestsettingsRequest
403ForbiddengenericErrorgenericError
404Not FoundgenericErrorgenericError
410GonegenericErrorgenericError
500Internal Server ErrorgenericErrorgenericError
Examples
200 response
{
"active": "string",
"expires_at": "2019-08-24T14:15:22Z",
"id": "string",
"identity": {
"id": "string",
"recovery_addresses": [
{
"id": "string",
"value": "string",
"via": "string"
}
],
"schema_id": "string",
"schema_url": "string",
"traits": {},
"verifiable_addresses": [
{
"expires_at": "2019-08-24T14:15:22Z",
"id": "string",
"value": "string",
"verified": true,
"verified_at": "2019-08-24T14:15:22Z",
"via": "string"
}
]
},
"issued_at": "2019-08-24T14:15:22Z",
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"methods": {
"property1": {
"config": {
"action": "string",
"fields": [
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
],
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"method": "string"
},
"method": "string"
},
"property2": {
"config": {
"action": "string",
"fields": [
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
],
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"method": "string"
},
"method": "string"
}
},
"request_url": "string",
"state": "string"
}

Code samples

curl -X GET /self-service/browser/flows/requests/settings?request=string \
-H 'Accept: application/json'

Get the request context of browser-based verification flows

GET /self-service/browser/flows/requests/verification?request=string HTTP/1.1
Accept: application/json

When accessing this endpoint through ORY Kratos' Public API, ensure that cookies are set as they are required for checking the auth session. To prevent scanning attacks, the public endpoint does not return 404 status codes but instead 403 or 500.

More information can be found at ORY Kratos Email and Phone Verification Documentation.

Parameters

ParameterInTypeRequiredDescription
requestquerystringtrueRequest is the Request ID
Detailed descriptions

request: Request is the Request ID

The value for this parameter comes from request URL Query parameter sent to your application (e.g. /verify?request=abcde).

Responses

Overview
StatusMeaningDescriptionSchema
200OKverificationRequestverificationRequest
403ForbiddengenericErrorgenericError
404Not FoundgenericErrorgenericError
500Internal Server ErrorgenericErrorgenericError
Examples
200 response
{
"expires_at": "2019-08-24T14:15:22Z",
"form": {
"action": "string",
"fields": [
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
],
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"method": "string"
},
"id": "string",
"issued_at": "2019-08-24T14:15:22Z",
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"request_url": "string",
"success": true,
"via": "string"
}

Code samples

curl -X GET /self-service/browser/flows/requests/verification?request=string \
-H 'Accept: application/json'

Get user-facing self-service errors

GET /self-service/errors HTTP/1.1
Accept: application/json

This endpoint returns the error associated with a user-facing self service errors.

When accessing this endpoint through ORY Kratos' Public API, ensure that cookies are set as they are required for CSRF to work. To prevent token scanning attacks, the public endpoint does not return 404 status codes.

More information can be found at ORY Kratos User User Facing Error Documentation.

Parameters

ParameterInTypeRequiredDescription
errorquerystringfalsenone

Responses

Overview
StatusMeaningDescriptionSchema
200OKUser-facing error responseerrorContainer
403ForbiddengenericErrorgenericError
404Not FoundgenericErrorgenericError
500Internal Server ErrorgenericErrorgenericError
Examples
200 response
{
"errors": {},
"id": "string"
}

Code samples

curl -X GET /self-service/errors \
-H 'Accept: application/json'

Public Endpoints

Initialize browser-based login user flow

GET /self-service/browser/flows/login HTTP/1.1
Accept: application/json

This endpoint initializes a browser-based user login flow. Once initialized, the browser will be redirected to selfservice.flows.login.ui_url with the request ID set as a query parameter. If a valid user session exists already, the browser will be redirected to urls.default_redirect_url.

This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...).

More information can be found at ORY Kratos User Login and User Registration Documentation.

Parameters

ParameterInTypeRequiredDescription
refreshquerybooleanfalseRefresh a login session
Detailed descriptions

refresh: Refresh a login session

If set to true, this will refresh an existing login session by asking the user to sign in again. This will reset the authenticated_at time of the session.

Responses

Overview
StatusMeaningDescriptionSchema
302FoundEmpty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is
typically 201.None
500Internal Server ErrorgenericErrorgenericError
Examples
500 response
{
"error": {
"code": 404,
"debug": "The database adapter was unable to find the element",
"details": {},
"message": "string",
"reason": "string",
"request": "string",
"status": "string"
}
}

Code samples

curl -X GET /self-service/browser/flows/login \
-H 'Accept: application/json'

Initialize Browser-Based Logout User Flow

GET /self-service/browser/flows/logout HTTP/1.1
Accept: application/json

This endpoint initializes a logout flow.

This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...).

On successful logout, the browser will be redirected (HTTP 302 Found) to urls.default_return_to.

More information can be found at ORY Kratos User Logout Documentation.

Responses

Overview
StatusMeaningDescriptionSchema
302FoundEmpty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is
typically 201.None
500Internal Server ErrorgenericErrorgenericError
Examples
500 response
{
"error": {
"code": 404,
"debug": "The database adapter was unable to find the element",
"details": {},
"message": "string",
"reason": "string",
"request": "string",
"status": "string"
}
}

Code samples

curl -X GET /self-service/browser/flows/logout \
-H 'Accept: application/json'

Initialize browser-based account recovery flow

GET /self-service/browser/flows/recovery HTTP/1.1
Accept: application/json

This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to selfservice.flows.recovery.ui_url with the request ID set as a query parameter. If a valid user session exists, the request is aborted.

This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...).

More information can be found at ORY Kratos Account Recovery Documentation.

Responses

Overview
StatusMeaningDescriptionSchema
302FoundEmpty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is
typically 201.None
500Internal Server ErrorgenericErrorgenericError
Examples
500 response
{
"error": {
"code": 404,
"debug": "The database adapter was unable to find the element",
"details": {},
"message": "string",
"reason": "string",
"request": "string",
"status": "string"
}
}

Code samples

curl -X GET /self-service/browser/flows/recovery \
-H 'Accept: application/json'

Complete the browser-based recovery flow using a recovery link

POST /self-service/browser/flows/recovery/link HTTP/1.1
Accept: application/json

This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...) and HTML Forms.

More information can be found at ORY Kratos Account Recovery Documentation.

Responses

Overview
StatusMeaningDescriptionSchema
302FoundEmpty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is
typically 201.None
500Internal Server ErrorgenericErrorgenericError
Examples
500 response
{
"error": {
"code": 404,
"debug": "The database adapter was unable to find the element",
"details": {},
"message": "string",
"reason": "string",
"request": "string",
"status": "string"
}
}

Code samples

curl -X POST /self-service/browser/flows/recovery/link \
-H 'Accept: application/json'

Initialize browser-based registration user flow

GET /self-service/browser/flows/registration HTTP/1.1
Accept: application/json

This endpoint initializes a browser-based user registration flow. Once initialized, the browser will be redirected to selfservice.flows.registration.ui_url with the request ID set as a query parameter. If a valid user session exists already, the browser will be redirected to urls.default_redirect_url.

This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...).

More information can be found at ORY Kratos User Login and User Registration Documentation.

Responses

Overview
StatusMeaningDescriptionSchema
302FoundEmpty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is
typically 201.None
500Internal Server ErrorgenericErrorgenericError
Examples
500 response
{
"error": {
"code": 404,
"debug": "The database adapter was unable to find the element",
"details": {},
"message": "string",
"reason": "string",
"request": "string",
"status": "string"
}
}

Code samples

curl -X GET /self-service/browser/flows/registration \
-H 'Accept: application/json'

Complete the browser-based settings flow for the OpenID Connect strategy

POST /self-service/browser/flows/registration/strategies/oidc/settings/connections HTTP/1.1
Accept: application/json

This endpoint completes a browser-based settings flow. This is usually achieved by POSTing data to this endpoint.

This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...) and HTML Forms.

More information can be found at ORY Kratos User Settings & Profile Management Documentation.

Responses

Overview
StatusMeaningDescriptionSchema
302FoundEmpty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is
typically 201.None
500Internal Server ErrorgenericErrorgenericError
Examples
500 response
{
"error": {
"code": 404,
"debug": "The database adapter was unable to find the element",
"details": {},
"message": "string",
"reason": "string",
"request": "string",
"status": "string"
}
}

Code samples

curl -X POST /self-service/browser/flows/registration/strategies/oidc/settings/connections \
-H 'Accept: application/json'

Initialize browser-based settings flow

GET /self-service/browser/flows/settings HTTP/1.1
Accept: application/json

This endpoint initializes a browser-based settings flow. Once initialized, the browser will be redirected to selfservice.flows.settings.ui_url with the request ID set as a query parameter. If no valid user session exists, a login flow will be initialized.

This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...).

More information can be found at ORY Kratos User Settings & Profile Management Documentation.

Responses

Overview
StatusMeaningDescriptionSchema
302FoundEmpty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is
typically 201.None
500Internal Server ErrorgenericErrorgenericError
Examples
500 response
{
"error": {
"code": 404,
"debug": "The database adapter was unable to find the element",
"details": {},
"message": "string",
"reason": "string",
"request": "string",
"status": "string"
}
}

Code samples

curl -X GET /self-service/browser/flows/settings \
-H 'Accept: application/json'

Complete the browser-based settings flow for the password strategy

POST /self-service/browser/flows/settings/strategies/password HTTP/1.1
Accept: application/json

This endpoint completes a browser-based settings flow. This is usually achieved by POSTing data to this endpoint.

This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...) and HTML Forms.

More information can be found at ORY Kratos User Settings & Profile Management Documentation.

Responses

Overview
StatusMeaningDescriptionSchema
302FoundEmpty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is
typically 201.None
500Internal Server ErrorgenericErrorgenericError
Examples
500 response
{
"error": {
"code": 404,
"debug": "The database adapter was unable to find the element",
"details": {},
"message": "string",
"reason": "string",
"request": "string",
"status": "string"
}
}

Code samples

curl -X POST /self-service/browser/flows/settings/strategies/password \
-H 'Accept: application/json'

Complete the browser-based settings flow for profile data

POST /self-service/browser/flows/settings/strategies/profile?request=string HTTP/1.1
Content-Type: application/json
Accept: application/json

This endpoint completes a browser-based settings flow. This is usually achieved by POSTing data to this endpoint.

If the provided profile data is valid against the Identity's Traits JSON Schema, the data will be updated and the browser redirected to url.settings_ui for further steps.

This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...) and HTML Forms.

More information can be found at ORY Kratos User Settings & Profile Management Documentation.

Request body

{
"request_id": "string",
"traits": {}
}
request_id: string
traits: {}

Parameters

ParameterInTypeRequiredDescription
requestquerystringtrueRequest is the request ID.
bodybodycompleteSelfServiceBrowserSettingsStrategyProfileFlowPayloadtruenone

Responses

Overview
StatusMeaningDescriptionSchema
302FoundEmpty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is
typically 201.None
500Internal Server ErrorgenericErrorgenericError
Examples
500 response
{
"error": {
"code": 404,
"debug": "The database adapter was unable to find the element",
"details": {},
"message": "string",
"reason": "string",
"request": "string",
"status": "string"
}
}

Code samples

curl -X POST /self-service/browser/flows/settings/strategies/profile?request=string \
-H 'Content-Type: application/json' \ -H 'Accept: application/json'

Initialize browser-based verification flow

GET /self-service/browser/flows/verification/init/{via} HTTP/1.1
Accept: application/json

This endpoint initializes a browser-based verification flow. Once initialized, the browser will be redirected to selfservice.flows.settings.ui_url with the request ID set as a query parameter. If no valid user session exists, a login flow will be initialized.

This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...).

More information can be found at ORY Kratos Email and Phone Verification Documentation.

Parameters

ParameterInTypeRequiredDescription
viapathstringtrueWhat to verify
Detailed descriptions

via: What to verify

Currently only "email" is supported.

Responses

Overview
StatusMeaningDescriptionSchema
302FoundEmpty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is
typically 201.None
500Internal Server ErrorgenericErrorgenericError
Examples
500 response
{
"error": {
"code": 404,
"debug": "The database adapter was unable to find the element",
"details": {},
"message": "string",
"reason": "string",
"request": "string",
"status": "string"
}
}

Code samples

curl -X GET /self-service/browser/flows/verification/init/{via} \
-H 'Accept: application/json'

Complete the browser-based verification flows

GET /self-service/browser/flows/verification/{via}/confirm/{code} HTTP/1.1
Accept: application/json

This endpoint completes a browser-based verification flow.

This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...) and HTML Forms.

More information can be found at ORY Kratos Email and Phone Verification Documentation.

Parameters

ParameterInTypeRequiredDescription
codepathstringtruenone
viapathstringtrueWhat to verify
Detailed descriptions

via: What to verify

Currently only "email" is supported.

Responses

Overview
StatusMeaningDescriptionSchema
302FoundEmpty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is
typically 201.None
500Internal Server ErrorgenericErrorgenericError
Examples
500 response
{
"error": {
"code": 404,
"debug": "The database adapter was unable to find the element",
"details": {},
"message": "string",
"reason": "string",
"request": "string",
"status": "string"
}
}

Code samples

curl -X GET /self-service/browser/flows/verification/{via}/confirm/{code} \
-H 'Accept: application/json'

Check who the current HTTP session belongs to

GET /sessions/whoami HTTP/1.1
Accept: application/json

Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated. Returns a session object in the body or 401 if the credentials are invalid or no credentials were sent. Additionally when the request it successful it adds the user ID to the 'X-Kratos-Authenticated-Identity-Id' header in the response.

This endpoint is useful for reverse proxies and API Gateways.

Responses

Overview
StatusMeaningDescriptionSchema
200OKsessionsession
403ForbiddengenericErrorgenericError
500Internal Server ErrorgenericErrorgenericError
Examples
200 response
{
"authenticated_at": "2019-08-24T14:15:22Z",
"expires_at": "2019-08-24T14:15:22Z",
"identity": {
"id": "string",
"recovery_addresses": [
{
"id": "string",
"value": "string",
"via": "string"
}
],
"schema_id": "string",
"schema_url": "string",
"traits": {},
"verifiable_addresses": [
{
"expires_at": "2019-08-24T14:15:22Z",
"id": "string",
"value": "string",
"verified": true,
"verified_at": "2019-08-24T14:15:22Z",
"via": "string"
}
]
},
"issued_at": "2019-08-24T14:15:22Z",
"sid": "string"
}

Code samples

curl -X GET /sessions/whoami \
-H 'Accept: application/json'

version

Get service version

GET /version HTTP/1.1
Accept: application/json

This endpoint returns the service version typically notated using semantic versioning.

If the service supports TLS Edge Termination, this endpoint does not require the X-Forwarded-Proto header to be set.

Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance.

Responses

Overview
StatusMeaningDescriptionSchema
200OKversionversion
Examples
200 response
{
"version": "string"
}

Code samples

curl -X GET /version \
-H 'Accept: application/json'

Schemas

CredentialsType#### CredentialsType
"string"

CredentialsType represents several different credential types, like password credentials, passwordless credentials,

Properties

NameTypeRequiredRestrictionsDescription
CredentialsType represents several different credential types, like password credentials, passwordless credentials,stringfalsenoneand so on.
ID#### ID
0

Properties

NameTypeRequiredRestrictionsDescription
anonymousinteger(int64)falsenonenone
Identity#### Identity
{
"id": "string",
"recovery_addresses": [
{
"id": "string",
"value": "string",
"via": "string"
}
],
"schema_id": "string",
"schema_url": "string",
"traits": {},
"verifiable_addresses": [
{
"expires_at": "2019-08-24T14:15:22Z",
"id": "string",
"value": "string",
"verified": true,
"verified_at": "2019-08-24T14:15:22Z",
"via": "string"
}
]
}

Properties

NameTypeRequiredRestrictionsDescription
idUUIDtruenonenone
recovery_addresses[RecoveryAddress]falsenoneRecoveryAddresses contains all the addresses that can be used to recover an identity.
schema_idstringtruenoneSchemaID is the ID of the JSON Schema to be used for validating the identity's traits.
schema_urlstringfalsenoneSchemaURL is the URL of the endpoint where the identity's traits schema can be fetched from. format: url
traitsTraitstruenonenone
verifiable_addresses[VerifiableAddress]falsenoneVerifiableAddresses contains all the addresses that can be verified by the user.
Message#### Message
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}

Properties

NameTypeRequiredRestrictionsDescription
contextobjectfalsenonenone
idIDfalsenonenone
textstringfalsenonenone
typeTypefalsenonenone
Messages#### Messages
[
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
]

Properties

NameTypeRequiredRestrictionsDescription
anonymous[Message]falsenonenone
ProviderCredentialsConfig#### ProviderCredentialsConfig
{
"provider": "string",
"subject": "string"
}

Properties

NameTypeRequiredRestrictionsDescription
providerstringfalsenonenone
subjectstringfalsenonenone
RecoveryAddress#### RecoveryAddress
{
"id": "string",
"value": "string",
"via": "string"
}

Properties

NameTypeRequiredRestrictionsDescription
idUUIDtruenonenone
valuestringtruenonenone
viaRecoveryAddressTypetruenonenone
RecoveryAddressType#### RecoveryAddressType
"string"

Properties

NameTypeRequiredRestrictionsDescription
anonymousstringfalsenonenone
RequestMethodConfig#### RequestMethodConfig
{
"action": "string",
"fields": [
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
],
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"method": "string"
}

Properties

NameTypeRequiredRestrictionsDescription
actionstringtruenoneAction should be used as the form action URL <form action="{{ .Action }}" method="post">.
fieldsformFieldstruenoneFields contains multiple fields
messagesMessagesfalsenonenone
methodstringtruenoneMethod is the form method (e.g. POST)
State#### State
"string"

Properties

NameTypeRequiredRestrictionsDescription
anonymousstringfalsenonenone
Traits#### Traits
{}

Properties

None

Type#### Type
"string"

Properties

NameTypeRequiredRestrictionsDescription
anonymousstringfalsenonenone
UUID#### UUID
"string"

Properties

NameTypeRequiredRestrictionsDescription
anonymousstring(uuid4)falsenonenone
VerifiableAddress#### VerifiableAddress
{
"expires_at": "2019-08-24T14:15:22Z",
"id": "string",
"value": "string",
"verified": true,
"verified_at": "2019-08-24T14:15:22Z",
"via": "string"
}

Properties

NameTypeRequiredRestrictionsDescription
expires_atstring(date-time)truenonenone
idUUIDtruenonenone
valuestringtruenonenone
verifiedbooleantruenonenone
verified_atstring(date-time)falsenonenone
viaVerifiableAddressTypetruenonenone
VerifiableAddressType#### VerifiableAddressType
"string"

Properties

NameTypeRequiredRestrictionsDescription
anonymousstringfalsenonenone
completeSelfServiceBrowserSettingsStrategyProfileFlowPayload#### completeSelfServiceBrowserSettingsStrategyProfileFlowPayload
{
"request_id": "string",
"traits": {}
}

Properties

NameTypeRequiredRestrictionsDescription
request_idstringfalsenoneRequestID is request ID. in: query
traitsobjecttruenoneTraits contains all of the identity's traits. type: string format: binary
errorContainer#### errorContainer
{
"errors": {},
"id": "string"
}

Properties

NameTypeRequiredRestrictionsDescription
errorsobjectfalsenonenone
idUUIDfalsenonenone
form#### form
{
"action": "string",
"fields": [
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
],
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"method": "string"
}

HTMLForm represents a HTML Form. The container can work with both HTTP Form and JSON requests

Properties

NameTypeRequiredRestrictionsDescription
actionstringtruenoneAction should be used as the form action URL <form action="{{ .Action }}" method="post">.
fieldsformFieldstruenoneFields contains multiple fields
messagesMessagesfalsenonenone
methodstringtruenoneMethod is the form method (e.g. POST)
formField#### formField
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}

Field represents a HTML Form Field

Properties

NameTypeRequiredRestrictionsDescription
disabledbooleanfalsenoneDisabled is the equivalent of <input {{if .Disabled}}disabled{{end}}">
messagesMessagesfalsenonenone
namestringtruenoneName is the equivalent of <input name="{{.Name}}">
patternstringfalsenonePattern is the equivalent of <input pattern="{{.Pattern}}">
requiredbooleanfalsenoneRequired is the equivalent of <input required="{{.Required}}">
typestringtruenoneType is the equivalent of <input type="{{.Type}}">
valueobjectfalsenoneValue is the equivalent of <input value="{{.Value}}">
formFields#### formFields
[
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
]

Fields contains multiple fields

Properties

NameTypeRequiredRestrictionsDescription
anonymous[formField]falsenoneFields contains multiple fields
genericError#### genericError
{
"error": {
"code": 404,
"debug": "The database adapter was unable to find the element",
"details": {},
"message": "string",
"reason": "string",
"request": "string",
"status": "string"
}
}

Error response

Properties

NameTypeRequiredRestrictionsDescription
errorgenericErrorPayloadfalsenonenone
genericErrorPayload#### genericErrorPayload
{
"code": 404,
"debug": "The database adapter was unable to find the element",
"details": {},
"message": "string",
"reason": "string",
"request": "string",
"status": "string"
}

Properties

NameTypeRequiredRestrictionsDescription
codeinteger(int64)falsenoneCode represents the error status code (404, 403, 401, ...).
debugstringfalsenoneDebug contains debug information. This is usually not available and has to be enabled.
detailsobjectfalsenonenone
messagestringfalsenonenone
reasonstringfalsenonenone
requeststringfalsenonenone
statusstringfalsenonenone
healthNotReadyStatus#### healthNotReadyStatus
{
"errors": {
"property1": "string",
"property2": "string"
}
}

Properties

NameTypeRequiredRestrictionsDescription
errorsobjectfalsenoneErrors contains a list of errors that caused the not ready status.
» additionalPropertiesstringfalsenonenone
healthStatus#### healthStatus
{
"status": "string"
}

Properties

NameTypeRequiredRestrictionsDescription
statusstringfalsenoneStatus always contains "ok".
loginRequest#### loginRequest
{
"active": "string",
"expires_at": "2019-08-24T14:15:22Z",
"forced": true,
"id": "string",
"issued_at": "2019-08-24T14:15:22Z",
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"methods": {
"property1": {
"config": {
"action": "string",
"fields": [
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
],
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"method": "string",
"providers": [
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
]
},
"method": "string"
},
"property2": {
"config": {
"action": "string",
"fields": [
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
],
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"method": "string",
"providers": [
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
]
},
"method": "string"
}
},
"request_url": "string"
}

Properties

NameTypeRequiredRestrictionsDescription
activeCredentialsTypefalsenoneand so on.
expires_atstring(date-time)truenoneExpiresAt is the time (UTC) when the request expires. If the user still wishes to log in, a new request has to be initiated.
forcedbooleanfalsenoneForced stores whether this login request should enforce reauthentication.
idUUIDtruenonenone
issued_atstring(date-time)truenoneIssuedAt is the time (UTC) when the request occurred.
messagesMessagesfalsenonenone
methodsobjecttruenoneMethods contains context for all enabled login methods. If a login request has been processed, but for example the password is incorrect, this will contain error messages.
» additionalPropertiesloginRequestMethodfalsenonenone
request_urlstringtruenoneRequestURL is the initial URL that was requested from ORY Kratos. It can be used to forward information contained in the URL's path or query for example.
loginRequestMethod#### loginRequestMethod
{
"config": {
"action": "string",
"fields": [
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
],
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"method": "string",
"providers": [
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
]
},
"method": "string"
}

Properties

NameTypeRequiredRestrictionsDescription
configloginRequestMethodConfigtruenonenone
methodCredentialsTypetruenoneand so on.
loginRequestMethodConfig#### loginRequestMethodConfig
{
"action": "string",
"fields": [
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
],
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"method": "string",
"providers": [
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
]
}

Properties

NameTypeRequiredRestrictionsDescription
actionstringtruenoneAction should be used as the form action URL <form action="{{ .Action }}" method="post">.
fieldsformFieldstruenoneFields contains multiple fields
messagesMessagesfalsenonenone
methodstringtruenoneMethod is the form method (e.g. POST)
providers[formField]falsenoneProviders is set for the "oidc" request method.
recoveryRequest#### recoveryRequest
{
"active": "string",
"expires_at": "2019-08-24T14:15:22Z",
"id": "string",
"issued_at": "2019-08-24T14:15:22Z",
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"methods": {
"property1": {
"config": {
"action": "string",
"fields": [
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
],
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"method": "string"
},
"method": "string"
},
"property2": {
"config": {
"action": "string",
"fields": [
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
],
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"method": "string"
},
"method": "string"
}
},
"request_url": "string",
"state": "string"
}

Request presents a recovery request

Properties

NameTypeRequiredRestrictionsDescription
activestringfalsenoneActive, if set, contains the registration method that is being used. It is initially not set.
expires_atstring(date-time)truenoneExpiresAt is the time (UTC) when the request expires. If the user still wishes to update the setting, a new request has to be initiated.
idUUIDtruenonenone
issued_atstring(date-time)truenoneIssuedAt is the time (UTC) when the request occurred.
messagesMessagesfalsenonenone
methodsobjecttruenoneMethods contains context for all account recovery methods. If a registration request has been processed, but for example the password is incorrect, this will contain error messages.
» additionalPropertiesrecoveryRequestMethodfalsenonenone
request_urlstringtruenoneRequestURL is the initial URL that was requested from ORY Kratos. It can be used to forward information contained in the URL's path or query for example.
stateStatetruenonenone
recoveryRequestMethod#### recoveryRequestMethod
{
"config": {
"action": "string",
"fields": [
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
],
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"method": "string"
},
"method": "string"
}

Properties

NameTypeRequiredRestrictionsDescription
configRequestMethodConfigfalsenonenone
methodstringfalsenoneMethod contains the request credentials type.
registrationRequest#### registrationRequest
{
"active": "string",
"expires_at": "2019-08-24T14:15:22Z",
"id": "string",
"issued_at": "2019-08-24T14:15:22Z",
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"methods": {
"property1": {
"config": {
"action": "string",
"fields": [
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
],
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"method": "string",
"providers": [
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
]
},
"method": "string"
},
"property2": {
"config": {
"action": "string",
"fields": [
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
],
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"method": "string",
"providers": [
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
]
},
"method": "string"
}
},
"request_url": "string"
}

Properties

NameTypeRequiredRestrictionsDescription
activeCredentialsTypefalsenoneand so on.
expires_atstring(date-time)truenoneExpiresAt is the time (UTC) when the request expires. If the user still wishes to log in, a new request has to be initiated.
idUUIDtruenonenone
issued_atstring(date-time)truenoneIssuedAt is the time (UTC) when the request occurred.
messagesMessagesfalsenonenone
methodsobjecttruenoneMethods contains context for all enabled registration methods. If a registration request has been processed, but for example the password is incorrect, this will contain error messages.
» additionalPropertiesregistrationRequestMethodfalsenonenone
request_urlstringtruenoneRequestURL is the initial URL that was requested from ORY Kratos. It can be used to forward information contained in the URL's path or query for example.
registrationRequestMethod#### registrationRequestMethod
{
"config": {
"action": "string",
"fields": [
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
],
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"method": "string",
"providers": [
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
]
},
"method": "string"
}

Properties

NameTypeRequiredRestrictionsDescription
configregistrationRequestMethodConfigfalsenonenone
methodCredentialsTypefalsenoneand so on.
registrationRequestMethodConfig#### registrationRequestMethodConfig
{
"action": "string",
"fields": [
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
],
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"method": "string",
"providers": [
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
]
}

Properties

NameTypeRequiredRestrictionsDescription
actionstringtruenoneAction should be used as the form action URL <form action="{{ .Action }}" method="post">.
fieldsformFieldstruenoneFields contains multiple fields
messagesMessagesfalsenonenone
methodstringtruenoneMethod is the form method (e.g. POST)
providers[formField]falsenoneProviders is set for the "oidc" request method.
session#### session
{
"authenticated_at": "2019-08-24T14:15:22Z",
"expires_at": "2019-08-24T14:15:22Z",
"identity": {
"id": "string",
"recovery_addresses": [
{
"id": "string",
"value": "string",
"via": "string"
}
],
"schema_id": "string",
"schema_url": "string",
"traits": {},
"verifiable_addresses": [
{
"expires_at": "2019-08-24T14:15:22Z",
"id": "string",
"value": "string",
"verified": true,
"verified_at": "2019-08-24T14:15:22Z",
"via": "string"
}
]
},
"issued_at": "2019-08-24T14:15:22Z",
"sid": "string"
}

Properties

NameTypeRequiredRestrictionsDescription
authenticated_atstring(date-time)truenonenone
expires_atstring(date-time)truenonenone
identityIdentitytruenonenone
issued_atstring(date-time)truenonenone
sidUUIDtruenonenone
settingsRequest#### settingsRequest
{
"active": "string",
"expires_at": "2019-08-24T14:15:22Z",
"id": "string",
"identity": {
"id": "string",
"recovery_addresses": [
{
"id": "string",
"value": "string",
"via": "string"
}
],
"schema_id": "string",
"schema_url": "string",
"traits": {},
"verifiable_addresses": [
{
"expires_at": "2019-08-24T14:15:22Z",
"id": "string",
"value": "string",
"verified": true,
"verified_at": "2019-08-24T14:15:22Z",
"via": "string"
}
]
},
"issued_at": "2019-08-24T14:15:22Z",
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"methods": {
"property1": {
"config": {
"action": "string",
"fields": [
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
],
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"method": "string"
},
"method": "string"
},
"property2": {
"config": {
"action": "string",
"fields": [
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
],
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"method": "string"
},
"method": "string"
}
},
"request_url": "string",
"state": "string"
}

Request presents a settings request

Properties

NameTypeRequiredRestrictionsDescription
activestringfalsenoneActive, if set, contains the registration method that is being used. It is initially not set.
expires_atstring(date-time)truenoneExpiresAt is the time (UTC) when the request expires. If the user still wishes to update the setting, a new request has to be initiated.
idUUIDtruenonenone
identityIdentitytruenonenone
issued_atstring(date-time)truenoneIssuedAt is the time (UTC) when the request occurred.
messagesMessagesfalsenonenone
methodsobjecttruenoneMethods contains context for all enabled registration methods. If a registration request has been processed, but for example the password is incorrect, this will contain error messages.
» additionalPropertiessettingsRequestMethodfalsenonenone
request_urlstringtruenoneRequestURL is the initial URL that was requested from ORY Kratos. It can be used to forward information contained in the URL's path or query for example.
stateStatetruenonenone
settingsRequestMethod#### settingsRequestMethod
{
"config": {
"action": "string",
"fields": [
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
],
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"method": "string"
},
"method": "string"
}

Properties

NameTypeRequiredRestrictionsDescription
configRequestMethodConfigfalsenonenone
methodstringfalsenoneMethod contains the request credentials type.
verificationRequest#### verificationRequest
{
"expires_at": "2019-08-24T14:15:22Z",
"form": {
"action": "string",
"fields": [
{
"disabled": true,
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"name": "string",
"pattern": "string",
"required": true,
"type": "string",
"value": {}
}
],
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"method": "string"
},
"id": "string",
"issued_at": "2019-08-24T14:15:22Z",
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "string"
}
],
"request_url": "string",
"success": true,
"via": "string"
}

Request presents a verification request

Properties

NameTypeRequiredRestrictionsDescription
expires_atstring(date-time)falsenoneExpiresAt is the time (UTC) when the request expires. If the user still wishes to verify the address, a new request has to be initiated.
formformfalsenoneHTMLForm represents a HTML Form. The container can work with both HTTP Form and JSON requests
idUUIDfalsenonenone
issued_atstring(date-time)falsenoneIssuedAt is the time (UTC) when the request occurred.
messagesMessagesfalsenonenone
request_urlstringfalsenoneRequestURL is the initial URL that was requested from ORY Kratos. It can be used to forward information contained in the URL's path or query for example.
successbooleanfalsenoneSuccess, if true, implies that the request was completed successfully.
viaVerifiableAddressTypefalsenonenone
version#### version
{
"version": "string"
}

Properties

NameTypeRequiredRestrictionsDescription
versionstringfalsenoneVersion is the service's version.
Last updated on by aeneasr