Last updated 4 months ago
Was this helpful?
You can download your own API reference by going to your instance's host and accessing it via /docs/openapi/json . example:
/docs/openapi/json
This document is up to date for Release 2025.1.0
2024-12-20 - Initial Documentation
Callback called by an authentication strategy available to the application.
Authentication successful. Redirecting to next step...
GET /auth/{strategy}/callback HTTP/1.1 Host: Accept: */*
No content
Authenticate by passwordless strategy available to the application.
GET /auth/passwordless/verify HTTP/1.1 Host: Accept: */*
Authenticate by strategy available to the application.
GET /auth/{strategy} HTTP/1.1 Host: Accept: */*
{ "redirect_to": "text" }
List the plans available to a user.
GET /api/v1/plans HTTP/1.1 Host: Accept: */*
Default Response
{ "plans": [ { "id": "text", "name": "text", "monthly": { "ANY_ADDITIONAL_PROPERTY": "anything" }, "yearly": { "ANY_ADDITIONAL_PROPERTY": "anything" }, "trial": 1 } ] }
Get the CSRF of the current session.
GET /api/v1/csrf HTTP/1.1 Host: Accept: */*
{ "csrf": "text" }
Get the important details required when accessing an authenticated screen.
GET /api/v1/session HTTP/1.1 Host: Accept: */*
{ "session": { "live": true, "flags": { "ANY_ADDITIONAL_PROPERTY": "anything" }, "organizations": [ { "id": "text", "name": "text", "type": "text" } ], "organization": { "id": "text", "name": "text", "type": "text" }, "subscribed": true, "subscription": { "name": "text", "status": "text", "subscription_id": "text" }, "user": { "id": "text", "email": "name@gmail.com", "display_name": "text", "picture": "text" }, "settings": { "ANY_ADDITIONAL_PROPERTY": "anything" }, "role": "text", "permissions": [ { "ANY_ADDITIONAL_PROPERTY": "anything" } ], "version": "text", "fetched": "2025-04-28T10:11:44.936Z" } }
End the current session.
Redirecting to the logout screen...
GET /session/end HTTP/1.1 Host: Accept: */*
Search list of events relate to user actions triggered by logger.account or a record in the AccountEvents model.
logger.account
AccountEvents
GET /api/v1/account/events HTTP/1.1 Host: Accept: */*
{ "events": [ { "required": null, "subscription_id": "text", "metric": "text", "value": 1, "timestamp": "2025-04-28T10:11:44.936Z", "reported_at": "2025-04-28T10:11:44.936Z" } ] }
Returns the available profile data for the currently logged in user.
GET /api/v1/account HTTP/1.1 Host: Accept: */*
{ "profile": { "id": "text", "email": "name@gmail.com", "display_name": "text", "picture": "https://example.com", "url": "https://example.com", "verified": true, "metadata": { "ANY_ADDITIONAL_PROPERTY": "anything" } }, "settings": { "ANY_ADDITIONAL_PROPERTY": "anything" } }
Returns the available security data for the currently logged in user.
GET /api/v1/account/security HTTP/1.1 Host: Accept: */*
{ "profile": { "id": "text", "email": "name@gmail.com", "password": true, "verified": true, "metadata": { "ANY_ADDITIONAL_PROPERTY": "anything" } }, "mfa": null, "sessions": [ { "ANY_ADDITIONAL_PROPERTY": "anything" } ] }
Returns the available sessions related to the currently logged in user.
GET /api/v1/account/sessions HTTP/1.1 Host: Accept: */*
{ "sessions": [ { "ANY_ADDITIONAL_PROPERTY": "anything" } ] }
Settings related to the currently logged in user.
GET /api/v1/account/settings HTTP/1.1 Host: Accept: */*
{ "settings": { "ANY_ADDITIONAL_PROPERTY": "anything" } }
Generates a QR and a secret that can be used by the user to register an authenticator.
GET /api/v1/account/mfa HTTP/1.1 Host: Accept: */*
{ "mfa": { "qr": "text", "secret": "text", "remaining": 1, "expires_at": "2025-04-28T10:11:44.936Z" } }
Details of the organization.
GET /api/v1/organization HTTP/1.1 Host: Accept: */*
{ "organization": { "id": "text", "name": "text", "type": "text", "email": "name@gmail.com", "quotas": { "ANY_ADDITIONAL_PROPERTY": "anything" }, "settings": { "ANY_ADDITIONAL_PROPERTY": "anything" } } }
Events that have happened within the organization.
GET /api/v1/organization/events HTTP/1.1 Host: Accept: */*
{ "events": [ { "request_id": "text", "event_id": "text", "timestamp": "text", "action": "text", "message": "text", "context": { "ANY_ADDITIONAL_PROPERTY": "anything" } } ] }
List of organizations belonging to the currently logged in user.
GET /api/v1/organizations HTTP/1.1 Host: Accept: */*
{ "organizations": [ { "id": "text", "name": "text", "type": "text", "email": "name@gmail.com" } ] }
List the members of the current organization in the session.
GET /api/v1/organization/members HTTP/1.1 Host: Accept: */*
{ "members": [ { "id": "text", "role": "text", "email": "name@gmail.com", "display_name": "text", "picture": "text", "metadata": { "ANY_ADDITIONAL_PROPERTY": "anything" }, "status": "text", "mfa": true } ] }
Settings of the organization.
GET /api/v1/organization/settings HTTP/1.1 Host: Accept: */*
{ "ANY_ADDITIONAL_PROPERTY": "anything" }
Return the current subscription the organization has active at the time of request.
GET /api/v1/subscription HTTP/1.1 Host: Accept: */*
{ "subscribed": true, "organization": { "id": "text", "name": "text", "type": "text", "email": "name@gmail.com" }, "subscription": null, "quotas": { "ANY_ADDITIONAL_PROPERTY": "anything" }, "payment_methods": [ { "id": "text", "type": "text", "card": { "brand": "text", "last4": "text", "expiry_month": "text", "expiry_year": "text" } } ], "charges": [ { "number": "text", "invoice": "text", "invoice_pdf": "text", "status": "text", "amount": "text", "currency": "text", "payment_method": "text", "email": "name@gmail.com", "paid_at": "2025-04-28T10:11:44.936Z" } ] }
Cancel the subscription currently applied to the organization.
Subscription cancelled successfully.
POST /api/v1/subscription/cancel HTTP/1.1 Host: Accept: */*
Return the payment methods available to the organization has active at the time of request.
GET /api/v1/subscription/cards HTTP/1.1 Host: Accept: */*
{ "payment_methods": [ { "id": "text", "type": "text", "card": { "brand": "text", "last4": "text", "expiry_month": "text", "expiry_year": "text" } } ] }
List the keys available to the currently logged in session.
GET /api/v1/api-keys HTTP/1.1 Host: Accept: */*
{ "keys": [ { "access_id": "text", "secret_key": "text", "label": "text", "scope": "text", "expiry": "text", "expired": true, "created_at": "text", "expires_at": "text", "last_used": "text" } ] }
List the events related to a key.
GET /api/v1/api-keys/events HTTP/1.1 Host: Accept: */*
{ "events": [ { "request_id": "text", "access_id": "text", "timestamp": "text", "method": "text", "url": "text", "status": "text", "ip": "text", "origin": "text" } ] }
If using local driver for file system. Fetch the file.
File path
File is present.
GET /files/{key} HTTP/1.1 Host: Accept: */*
binary
Get the vapid key used for web push registration.
GET /api/v1/notifications/register HTTP/1.1 Host: Accept: */*
{ "vapid_key": "text" }
List all notifications available to the currently logged in user.
GET /api/v1/notifications HTTP/1.1 Host: Accept: */*
{ "notifications": [ { "id": "text", "author_id": "text", "received_at": "text", "read": true, "title": "text", "body": "text", "icon": "text", "level": "text", "metadata": { "ANY_ADDITIONAL_PROPERTY": "anything" } } ], "invites": [ { "invitation_code": "text", "organization": { "id": "text", "name": "text" }, "created_at": "text", "expires_at": "text", "expired": true } ] }
Start a reset password attempt.
Forget password attempt created.
POST /auth/forgot HTTP/1.1 Host: Content-Type: application/json Accept: */* Content-Length: 26 { "email": "name@gmail.com" }
Proceed to the application after a successful MFA attempt.
POST /auth/{strategy}/mfa HTTP/1.1 Host: Content-Type: application/json Accept: */* Content-Length: 14 { "otp": "text" }
Create a payment intent to be used for upfront payment collection.
Payment intent creation successful.
POST /signup/intent HTTP/1.1 Host: Content-Type: application/json Accept: */* Content-Length: 31 { "plan": "text", "org_id": "text" }
{ "intent": { "client_secret": "text" } }
Final step in resetting a user's password.
Reset successful. Redirecting to next step...
POST /auth/reset HTTP/1.1 Host: Content-Type: application/json Accept: */* Content-Length: 59 { "email": "name@gmail.com", "password": "text", "token": "text" }
Start the sign up process.
month
year
Sign up successful. Redirecting to next step...
POST /signup HTTP/1.1 Host: Content-Type: application/json Accept: */* Content-Length: 134 { "email": "name@gmail.com", "password": "text", "intent": "text", "interval": "month", "plan": "text", "method": "text", "invitation_code": "text" }
POST /auth/{strategy} HTTP/1.1 Host: Content-Type: application/json Accept: */* Content-Length: 44 { "email": "name@gmail.com", "password": "text" }
Switch organization of the current session.
Switched organization successfully.
POST /api/v1/session/switch HTTP/1.1 Host: Content-Type: application/json Accept: */* Content-Length: 17 { "org_id": "text" }
Update the currently logged in account's profile.
User profile updated successfully.
PATCH /api/v1/account HTTP/1.1 Host: Content-Type: application/json Accept: */* Content-Length: 83 { "display_name": "text", "picture": "https://example.com", "url": "https://example.com" }
Revoke a session related to the currently logged in user.
Session revoked successfully.
DELETE /api/v1/account/sessions HTTP/1.1 Host: Content-Type: application/json Accept: */* Content-Length: 21 { "session_id": "text" }
Update the currently logged in account's settings.
User configuration updated successfully.
PATCH /api/v1/account/settings HTTP/1.1 Host: Content-Type: application/json Accept: */* Content-Length: 87 { "theme": "text", "timezone": "text", "language": "text", "marketing": true, "newsletter": true }
Update the currently logged in account's password.
User password updated successfully.
POST /api/v1/account/password HTTP/1.1 Host: Content-Type: application/json Accept: */* Content-Length: 41 { "password": "text", "new_password": "text" }
Deactivate an active account.
Account has been deactivated.
POST /api/v1/account/deactivate HTTP/1.1 Host: Content-Type: application/json Accept: */* Content-Length: 24 { "sudo_password": "text" }
Attach a TOTP secret to a user for use with MFA during login.
MFA secret registered successfully.
PUT /api/v1/account/mfa HTTP/1.1 Host: Content-Type: application/json Accept: */* Content-Length: 32 { "token": "text", "secret": "text" }
Revoke registered secret so a user can register a new one. It is possible to register and overwrite an existing mfa secret.
MFA secret revoked successfully.
DELETE /api/v1/account/mfa HTTP/1.1 Host: Content-Type: application/json Accept: */* Content-Length: 24 { "sudo_password": "text" }
Deactivate an organization tied to the currently logged in session.
Organization has been deactivated.
DELETE /api/v1/organization HTTP/1.1 Host: Content-Type: application/json Accept: */* Content-Length: 40 { "sudo_password": "text", "org_id": "text" }
Create a new organization tied to the user making the request.
Organization has been created.
POST /api/v1/organization HTTP/1.1 Host: Content-Type: application/json Accept: */* Content-Length: 56 { "name": "text", "email": "name@gmail.com", "personal": true }
{ "id": "text" }
Update the detail of the current organization.
Updated organization successfully.
PATCH /api/v1/organization HTTP/1.1 Host: Content-Type: application/json Accept: */* Content-Length: 40 { "name": "text", "email": "name@gmail.com" }
Invite a particular user/email to the organization.
List of emails to invite.
Invite sent successfully.
POST /api/v1/organization/invite HTTP/1.1 Host: Content-Type: application/json Accept: */* Content-Length: 57 { "invites": [ { "email": "name@gmail.com", "roles": [ "text" ] } ] }
Revoke the invitation sent by the currently logged in user from an organization.
Invitations revoked successfully.
DELETE /api/v1/organization/invite HTTP/1.1 Host: Content-Type: application/json Accept: */* Content-Length: 40 { "invites": [ { "email": "name@gmail.com" } ] }
Accept an invitation coming from an organization.
Invite accepted successfully.
POST /api/v1/organization/invite/accept HTTP/1.1 Host: Content-Type: application/json Accept: */* Content-Length: 26 { "invitation_code": "text" }
Reject an invitation coming from an organization.
Invite rejected successfully.
DELETE /api/v1/organization/invite/reject HTTP/1.1 Host: Content-Type: application/json Accept: */* Content-Length: 26 { "invitation_code": "text" }
Remove a member of an organization.
Member removed successfully.
DELETE /api/v1/organization/members HTTP/1.1 Host: Content-Type: application/json Accept: */* Content-Length: 21 { "account_id": "text" }
Promote a member of an organization.
Member promoted successfully.
POST /api/v1/organization/promote HTTP/1.1 Host: Content-Type: application/json Accept: */* Content-Length: 38 { "account_id": "text", "roles": [ "text" ] }
Add the payment method related to a user.
Payment method added successfully.
POST /api/v1/subscription/methods HTTP/1.1 Host: Content-Type: application/json Accept: */* Content-Length: 47 { "payment_method": "text", "setup_intent": "text" }
Remove the payment method related to a user.
Payment method removed successfully.
DELETE /api/v1/subscription/methods HTTP/1.1 Host: Content-Type: application/json Accept: */* Content-Length: 28 { "payment_method_id": "text" }
Subscribe to an available plan.
Subscription created successfully.
POST /api/v1/subscription/upgrade HTTP/1.1 Host: Content-Type: application/json Accept: */* Content-Length: 65 { "plan": "text", "intent": "text", "method": "text", "interval": "text" }
Revoke the api key related to the currently logged in user.
API key revoked successfully.
DELETE /api/v1/api-keys HTTP/1.1 Host: Content-Type: application/json Accept: */* Content-Length: 20 { "access_id": "text" }
Generate an API key attached to the currently logged in user.
Key generated successfully.
POST /api/v1/api-keys HTTP/1.1 Host: Content-Type: application/json Accept: */* Content-Length: 79 { "label": "text", "scope": { "ANY_ADDITIONAL_PROPERTY": "anything" }, "expiry": "text" }
{ "key": { "access_id": "text", "secret_key": "text", "label": "text", "scope": "text", "expiry": "text", "expired": true, "created_at": "text", "expires_at": "text", "last_used": "text" } }
Presign the file to be used and return a signed url.
Pre signed URL
PUT /api/v1/files/presign HTTP/1.1 Host: Content-Type: application/json Accept: */* Content-Length: 28 { "key": "text", "type": "text" }
{ "file": { "presigned_url": "text", "public": true, "type": "text", "original": "text", "key": "text", "asset_url": "text" } }
If using local driver for file system. Accept file uploads.
File has been uploaded successfully.
PUT /files{*} HTTP/1.1 Host: Content-Type: multipart/form-data Accept: */* Content-Length: 8 "binary"
Mark notifications as archived.
Notification archived successfully.
POST /api/v1/notifications/archive HTTP/1.1 Host: Content-Type: application/json Accept: */* Content-Length: 18 { "items": [ "text" ] }
Deregister the push token related to the user.
Token deregistered successfully.
DELETE /api/v1/notifications/register HTTP/1.1 Host: Content-Type: application/json Accept: */* Content-Length: 19 { "endpoint": "text" }
Register the push token related to the user.
Push token registered successfully.
POST /api/v1/notifications/register HTTP/1.1 Host: Content-Type: application/json Accept: */* Content-Length: 46 { "endpoint": "text", "auth": "text", "key": "text" }
Mark notifications as read.
Notification marked as read successfully.
POST /api/v1/notifications/read HTTP/1.1 Host: Content-Type: application/json Accept: */* Content-Length: 18 { "items": [ "text" ] }
