Skip to main content

Export Data

POST 

/export

Export data on an instance level to ZITADEL. It can be either directly exported in the response or you can point to a file on an S3 storage, where the data should be written.

Request​

Body

required

    orgIds string[]
    excludedOrgIds string[]
    withPasswords boolean
    withOtp boolean
    responseOutput boolean

    localOutput

    object

    path string

    s3Output

    object

    path string
    endpoint string
    accessKeyId string
    secretAccessKey string
    ssl boolean
    bucket string

    gcsOutput

    object

    bucket string
    serviceaccountJson string
    path string
    timeout string

Responses​

A successful response.

Schema

    orgs

    object[]

  • Array [

  • orgId string

    org

    object

    name stringrequired

    Possible values: non-empty and <= 200 characters

    domainPolicy

    object

    orgId stringrequired

    Possible values: non-empty and <= 200 characters

    userLoginMustBeDomain the username has to end with the domain of its organization (uniqueness is organization based) (boolean)

    the username has to end with the domain of its organization

    validateOrgDomains boolean

    defines if organization domains should be validated org count as validated automatically

    smtpSenderAddressMatchesInstanceDomain boolean

    defines if the SMTP sender address domain should match an existing domain on the instance

    labelPolicy

    object

    primaryColor string

    Possible values: <= 50 characters

    Represents a color scheme

    hideLoginNameSuffix hides the org suffix on the login form if the scope \"urn:zitadel:iam:org:domain:primary:{domainname}\" is set (boolean)

    hides the org suffix on the login form if the scope "urn:zitadel:iam:org:domain:primary:{domainname}" is set

    warnColor string

    Possible values: <= 50 characters

    hex value for warn color

    backgroundColor string

    Possible values: <= 50 characters

    hex value for background color

    fontColor string

    Possible values: <= 50 characters

    hex value for font color

    primaryColorDark string

    Possible values: <= 50 characters

    hex value for the primary color dark theme

    backgroundColorDark string

    Possible values: <= 50 characters

    hex value for background color dark theme

    warnColorDark string

    Possible values: <= 50 characters

    hex value for warning color dark theme

    fontColorDark string

    Possible values: <= 50 characters

    hex value for font color dark theme

    disableWatermark boolean
    themeMode string

    Possible values: [THEME_MODE_UNSPECIFIED, THEME_MODE_AUTO, THEME_MODE_DARK, THEME_MODE_LIGHT]

    Default value: THEME_MODE_UNSPECIFIED

    setting if there should be a restriction on which themes are available

    lockoutPolicy

    object

    maxPasswordAttempts int64

    When the user has reached the maximum password attempts the account will be locked, If this is set to 0 the lockout will not trigger.

    maxOtpAttempts int64

    Maximum failed attempts for a single OTP type (TOTP, SMS, Email) before the account gets locked. Attempts are reset as soon as the OTP is entered correctly. If set to 0 the account will never be locked.

    loginPolicy

    object

    allowUsernamePassword boolean
    allowRegister boolean
    allowExternalIdp boolean
    forceMfa boolean
    passwordlessType - PASSWORDLESS_TYPE_ALLOWED: PLANNED: PASSWORDLESS_TYPE_WITH_CERT (string)

    Possible values: [PASSWORDLESS_TYPE_NOT_ALLOWED, PASSWORDLESS_TYPE_ALLOWED]

    Default value: PASSWORDLESS_TYPE_NOT_ALLOWED

    hidePasswordReset boolean
    ignoreUnknownUsernames boolean

    defines if unknown username on login screen directly returns an error or always displays the password screen

    defaultRedirectUri string

    defines where the user will be redirected to if the login is started without app context (e.g. from mail)

    passwordCheckLifetime string
    externalLoginCheckLifetime string
    mfaInitSkipLifetime string
    secondFactorCheckLifetime string
    multiFactorCheckLifetime string
    secondFactors - SECOND_FACTOR_TYPE_OTP: SECOND_FACTOR_TYPE_OTP is the type for TOTP (string)[]

    Possible values: [SECOND_FACTOR_TYPE_UNSPECIFIED, SECOND_FACTOR_TYPE_OTP, SECOND_FACTOR_TYPE_U2F, SECOND_FACTOR_TYPE_OTP_EMAIL, SECOND_FACTOR_TYPE_OTP_SMS]

    multiFactors string[]

    Possible values: [MULTI_FACTOR_TYPE_UNSPECIFIED, MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION]

    idps

    object[]

  • Array [

  • idpId string
    ownerType string

    Possible values: [IDP_OWNER_TYPE_UNSPECIFIED, IDP_OWNER_TYPE_SYSTEM, IDP_OWNER_TYPE_ORG]

    Default value: IDP_OWNER_TYPE_UNSPECIFIED

    the owner of the identity provider.

    • IDP_OWNER_TYPE_SYSTEM: system is managed by the ZITADEL administrators
    • IDP_OWNER_TYPE_ORG: org is managed by de organization administrators
  • ]

  • allowDomainDiscovery boolean

    If set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organization on success.

    disableLoginWithEmail boolean

    defines if the user can additionally (to the login name) be identified by their verified email address

    disableLoginWithPhone boolean

    defines if the user can additionally (to the login name) be identified by their verified phone number

    forceMfaLocalOnly boolean

    if activated, only local authenticated users are forced to use MFA. Authentication through IDPs won't prompt a MFA step in the login.

    passwordComplexityPolicy

    object

    minLength uint64
    hasUppercase boolean

    Defines if the password MUST contain an upper case letter

    hasLowercase boolean

    Defines if the password MUST contain a lowercase letter

    hasNumber boolean

    Defines if the password MUST contain a number

    hasSymbol boolean

    Defines if the password MUST contain a symbol. E.g. "$"

    privacyPolicy

    object

    tosLink string

    If registration is enabled, the user has to accept the TOS. Variable {{.Lang}} can be set to have different links based on the language.

    privacyLink string

    If registration is enabled, the user has to accept the privacy terms. Variable {{.Lang}} can be set to have different links based on the language.

    helpLink string

    Variable {{.Lang}} can be set to have different links based on the language.

    supportEmail string

    help / support email address.

    docsLink string

    Link to documentation to be shown in the console.

    customLink string

    Link to an external resource that will be available to users in the console.

    customLinkText string

    The button text that would be shown in console pointing to custom link.

    projects

    object[]

  • Array [

  • projectId string

    project

    object

    name stringrequired

    Possible values: non-empty and <= 200 characters

    projectRoleAssertion boolean

    Enable this setting to have role information included in the user info endpoint. It is also dependent on your application settings to include it in tokens and other types.

    projectRoleCheck boolean

    When enabled ZITADEL will check if a user has a role of this project assigned when login into an application of this project.

    hasProjectCheck boolean

    When enabled ZITADEL will check if the organization of the user, that is trying to log in, has a grant to this project.

    privateLabelingSetting string

    Possible values: [PRIVATE_LABELING_SETTING_UNSPECIFIED, PRIVATE_LABELING_SETTING_ENFORCE_PROJECT_RESOURCE_OWNER_POLICY, PRIVATE_LABELING_SETTING_ALLOW_LOGIN_USER_RESOURCE_OWNER_POLICY]

    Default value: PRIVATE_LABELING_SETTING_UNSPECIFIED

    Define which private labeling/branding should trigger when getting to a login of this project.

  • ]

  • projectRoles

    object[]

  • Array [

  • projectId string
    roleKey stringrequired

    Possible values: non-empty and <= 200 characters

    The key is the only relevant attribute for ZITADEL regarding the authorization checks.

    displayName stringrequired

    Possible values: non-empty and <= 200 characters

    group string

    Possible values: <= 200 characters

    The group is only used for display purposes. That you have better handling, like giving all the roles from a group to a user.

  • ]

  • apiApps

    object[]

  • Array [

  • appId string

    app

    object

    projectId string
    name stringrequired

    Possible values: non-empty and <= 200 characters

    authMethodType string

    Possible values: [API_AUTH_METHOD_TYPE_BASIC, API_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT]

    Default value: API_AUTH_METHOD_TYPE_BASIC

  • ]

  • oidcApps

    object[]

  • Array [

  • appId string

    app

    object

    projectId string
    name stringrequired

    Possible values: non-empty and <= 200 characters

    redirectUris string[]

    Callback URI of the authorization request where the code or tokens will be sent to

    responseTypes string[]

    Possible values: [OIDC_RESPONSE_TYPE_CODE, OIDC_RESPONSE_TYPE_ID_TOKEN, OIDC_RESPONSE_TYPE_ID_TOKEN_TOKEN]

    Determines whether a code, id_token token or just id_token will be returned

    grantTypes string[]

    Possible values: [OIDC_GRANT_TYPE_AUTHORIZATION_CODE, OIDC_GRANT_TYPE_IMPLICIT, OIDC_GRANT_TYPE_REFRESH_TOKEN, OIDC_GRANT_TYPE_DEVICE_CODE, OIDC_GRANT_TYPE_TOKEN_EXCHANGE]

    The flow type the application uses to gain access

    appType string

    Possible values: [OIDC_APP_TYPE_WEB, OIDC_APP_TYPE_USER_AGENT, OIDC_APP_TYPE_NATIVE]

    Default value: OIDC_APP_TYPE_WEB

    Determines the paradigm of the application

    authMethodType string

    Possible values: [OIDC_AUTH_METHOD_TYPE_BASIC, OIDC_AUTH_METHOD_TYPE_POST, OIDC_AUTH_METHOD_TYPE_NONE, OIDC_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT]

    Default value: OIDC_AUTH_METHOD_TYPE_BASIC

    Defines how the application passes login credentials

    postLogoutRedirectUris string[]

    ZITADEL will redirect to this link after a successful logout

    version string

    Possible values: [OIDC_VERSION_1_0]

    Default value: OIDC_VERSION_1_0

    devMode boolean

    Used for development, some checks of the OIDC specification will not be checked.

    accessTokenType string

    Possible values: [OIDC_TOKEN_TYPE_BEARER, OIDC_TOKEN_TYPE_JWT]

    Default value: OIDC_TOKEN_TYPE_BEARER

    Type of the access token returned from ZITADEL

    accessTokenRoleAssertion boolean

    Adds roles to the claims of the access token (only if type == JWT) even if they are not requested by scopes

    idTokenRoleAssertion boolean

    Adds roles to the claims of the id token even if they are not requested by scopes

    idTokenUserinfoAssertion boolean

    Claims of profile, email, address and phone scopes are added to the id token even if an access token is issued. Attention this violates the OIDC specification

    clockSkew string

    Used to compensate time difference of servers. Duration added to the "exp" claim and subtracted from "iat", "auth_time" and "nbf" claims

    additionalOrigins string[]

    Additional origins (other than the redirect_uris) from where the API can be used, provided string has to be an origin (scheme://hostname[:port]) without path, query or fragment

    skipNativeAppSuccessPage boolean

    Skip the successful login page on native apps and directly redirect the user to the callback.

    backChannelLogoutUri string

    ZITADEL will use this URI to notify the application about terminated session according to the OIDC Back-Channel Logout (https://openid.net/specs/openid-connect-backchannel-1_0.html)

  • ]

  • humanUsers

    object[]

  • Array [

  • userId string

    user

    object

    userName stringrequired

    profile

    object

    required

    Profile includes the basic information of a user, like first name, last name, etc.

    firstName stringrequired

    Possible values: non-empty and <= 200 characters

    lastName stringrequired

    Possible values: non-empty and <= 200 characters

    nickName string

    Possible values: <= 200 characters

    displayName string

    Possible values: <= 200 characters

    preferredLanguage string

    Possible values: <= 10 characters

    gender string

    Possible values: [GENDER_UNSPECIFIED, GENDER_FEMALE, GENDER_MALE, GENDER_DIVERSE]

    Default value: GENDER_UNSPECIFIED

    email

    object

    required

    email stringrequired

    Object that contains the email address and a verified flag.

    isEmailVerified boolean

    If email verified is set to true, the email will be added as verified and the user doesn't have to verify.

    phone

    object

    Object that contains the number and a verified flag

    phone string

    Possible values: non-empty and <= 50 characters

    mobile phone number of the user. (use global pattern of spec https://tools.ietf.org/html/rfc3966)

    isPhoneVerified boolean
    password string

    hashedPassword

    object

    Use this to import hashed passwords from another system.

    value string

    Encoded hash of a password in Modular Crypt Format: https://zitadel.com/docs/concepts/architecture/secrets#hashed-secrets

    passwordChangeRequired boolean

    If this is set to true, the user has to change the password on the next login.

    requestPasswordlessRegistration boolean

    If this is set to true, you will get a link for the passwordless/passkey registration in the response.

    otpCode string

    idps

    object[]

    To link your user directly with an external identity provider (Identity brokering)

  • Array [

  • configId string

    Possible values: non-empty and <= 200 characters

    The internal ID of the identity provider configured in ZITADEL.

    externalUserId string

    Possible values: non-empty and <= 200 characters

    The id of the user in the external identity provider

    displayName string

    Possible values: <= 200 characters

    A display name ZITADEL can show on the linked provider.

  • ]

  • ]

  • machineUsers

    object[]

  • Array [

  • userId string

    user

    object

    userName stringrequired

    Possible values: non-empty and <= 200 characters

    name stringrequired

    Possible values: non-empty and <= 200 characters

    description string

    Possible values: <= 500 characters

    accessTokenType string

    Possible values: [ACCESS_TOKEN_TYPE_BEARER, ACCESS_TOKEN_TYPE_JWT]

    Default value: ACCESS_TOKEN_TYPE_BEARER

    userId string

    Possible values: <= 200 characters

    optionally set your own id unique for the user.

  • ]

  • triggerActions

    object[]

  • Array [

  • flowType id of the flow type. Following flows are currently allowed: - External Authentication: FLOW_TYPE_EXTERNAL_AUTHENTICATION or 1 - Internal Authentication: 3 - Complement Token: 2 - Complement SAML Response: 4 (string)
    triggerType id of the trigger type. Following triggers are currently allowed: - External Authentication: - Post Authentication: TRIGGER_TYPE_POST_AUTHENTICATION or 1 - Pre Creation: TRIGGER_TYPE_PRE_CREATION or 2 - Post Creation: TRIGGER_TYPE_POST_CREATION or 3 - Internal Authentication: - Post Authentication: TRIGGER_TYPE_POST_AUTHENTICATION or 1 - Pre Creation: TRIGGER_TYPE_PRE_CREATION or 2 - Post Creation: TRIGGER_TYPE_POST_CREATION or 3 - Complement Token: - Pre Userinfo Creation: 4 - Pre Access Token Creation: 5 - Complement SAML Response: - Pre SAML Response Creation: 6 (string)
    actionIds string[]
  • ]

  • actions

    object[]

  • Array [

  • actionId string

    action

    object

    name stringrequired

    Possible values: non-empty and <= 200 characters

    script stringrequired

    Possible values: non-empty and <= 10000 characters

    Javascript code that should be executed

    timeout string

    after which time the action will be terminated if not finished

    allowedToFail boolean

    when true, the next action will be called even if this action fails

  • ]

  • projectGrants

    object[]

  • Array [

  • grantId string

    projectGrant

    object

    projectId string
    grantedOrgId string
    roleKeys string[]
  • ]

  • userGrants

    object[]

  • Array [

  • userId stringrequired

    Possible values: non-empty

    projectId stringrequired

    Possible values: non-empty and <= 200 characters

    projectGrantId string

    Possible values: <= 200 characters

    Make sure to fill in the project grant id if the user grant is for a granted project and the organization is not the owner of the project.

    roleKeys string[]
  • ]

  • orgMembers

    object[]

  • Array [

  • userId string
    roles string[]

    If no roles are provided the user won't have any rights

  • ]

  • projectMembers

    object[]

  • Array [

  • projectId string
    userId string
    roles string[]

    If no roles are provided the user won't have any rights

  • ]

  • projectGrantMembers

    object[]

  • Array [

  • projectId string
    grantId string
    userId stringrequired

    Possible values: non-empty and <= 200 characters

    roles string[]

    If no roles are provided the user won't have any rights

  • ]

  • userMetadata

    object[]

  • Array [

  • id string

    Possible values: non-empty and <= 200 characters

    key string

    Possible values: non-empty and <= 200 characters

    value byte

    Possible values: non-empty and <= 500000 characters

    The value has to be base64 encoded.

  • ]

  • loginTexts

    object[]

  • Array [

  • language string

    selectAccountText

    object

    title string
    description string
    titleLinkingProcess string
    descriptionLinkingProcess string
    otherUser string
    sessionStateActive string
    sessionStateInactive string
    userMustBeMemberOfOrg string

    loginText

    object

    title string
    description string
    titleLinkingProcess string
    descriptionLinkingProcess string
    userMustBeMemberOfOrg string
    loginNameLabel string
    registerButtonText string
    nextButtonText string
    externalUserDescription string
    userNamePlaceholder string
    loginNamePlaceholder string

    passwordText

    object

    title string
    description string
    passwordLabel string
    resetLinkText string
    backButtonText string
    nextButtonText string
    minLength string
    hasUppercase string
    hasLowercase string
    hasNumber string
    hasSymbol string
    confirmation string

    usernameChangeText

    object

    title string
    description string
    usernameLabel string
    cancelButtonText string
    nextButtonText string

    usernameChangeDoneText

    object

    title string
    description string
    nextButtonText string

    initPasswordText

    object

    title string
    description string
    codeLabel string
    newPasswordLabel string
    newPasswordConfirmLabel string
    nextButtonText string
    resendButtonText string

    initPasswordDoneText

    object

    title string
    description string
    nextButtonText string
    cancelButtonText string

    emailVerificationText

    object

    title string
    description string
    codeLabel string
    nextButtonText string
    resendButtonText string

    emailVerificationDoneText

    object

    title string
    description string
    nextButtonText string
    cancelButtonText string
    loginButtonText string

    initializeUserText

    object

    title string
    description string
    codeLabel string
    newPasswordLabel string
    newPasswordConfirmLabel string
    resendButtonText string
    nextButtonText string

    initializeDoneText

    object

    title string
    description string
    cancelButtonText string
    nextButtonText string

    initMfaPromptText

    object

    title string
    description string
    otpOption string
    u2fOption string
    skipButtonText string
    nextButtonText string

    initMfaOtpText

    object

    title string
    description string
    descriptionOtp string
    secretLabel string
    codeLabel string
    nextButtonText string
    cancelButtonText string

    initMfaU2fText

    object

    title string
    description string
    tokenNameLabel string
    notSupported string
    registerTokenButtonText string
    errorRetry string

    initMfaDoneText

    object

    title string
    description string
    cancelButtonText string
    nextButtonText string

    mfaProvidersText

    object

    chooseOther string
    otp string
    u2f string

    verifyMfaOtpText

    object

    title string
    description string
    codeLabel string
    nextButtonText string

    verifyMfaU2fText

    object

    title string
    description string
    validateTokenText string
    notSupported string
    errorRetry string

    passwordlessText

    object

    title string
    description string
    loginWithPwButtonText string
    validateTokenButtonText string
    notSupported string
    errorRetry string

    passwordChangeText

    object

    title string
    description string
    oldPasswordLabel string
    newPasswordLabel string
    newPasswordConfirmLabel string
    cancelButtonText string
    nextButtonText string
    expiredDescription string

    passwordChangeDoneText

    object

    title string
    description string
    nextButtonText string

    passwordResetDoneText

    object

    title string
    description string
    nextButtonText string

    registrationOptionText

    object

    title string
    description string
    userNameButtonText string
    externalLoginDescription string
    loginButtonText string

    registrationUserText

    object

    title string
    description string
    descriptionOrgRegister string
    firstnameLabel string
    lastnameLabel string
    emailLabel string
    usernameLabel string
    languageLabel string
    genderLabel string
    passwordLabel string
    passwordConfirmLabel string
    tosAndPrivacyLabel string
    tosConfirm string
    tosLinkText string
    privacyConfirm string
    privacyLinkText string
    nextButtonText string
    backButtonText string

    registrationOrgText

    object

    title string
    description string
    orgnameLabel string
    firstnameLabel string
    lastnameLabel string
    usernameLabel string
    emailLabel string
    passwordLabel string
    passwordConfirmLabel string
    tosAndPrivacyLabel string
    tosConfirm string
    tosLinkText string
    privacyConfirm string
    privacyLinkText string
    saveButtonText string

    linkingUserDoneText

    object

    title string
    description string
    cancelButtonText string
    nextButtonText string

    externalUserNotFoundText

    object

    title string
    description string
    linkButtonText string
    autoRegisterButtonText string
    tosAndPrivacyLabel string
    tosConfirm string
    tosLinkText string
    privacyLinkText string
    privacyConfirm string

    successLoginText

    object

    title string
    autoRedirectDescription Text to describe that auto-redirect should happen after successful login (string)
    redirectedDescription Text to describe that the window can be closed after redirect (string)
    nextButtonText string

    logoutText

    object

    title string
    description string
    loginButtonText string

    footerText

    object

    tos string
    privacyPolicy string
    help string
    supportEmail string

    passwordlessPromptText

    object

    title string
    description string
    descriptionInit string
    passwordlessButtonText string
    nextButtonText string
    skipButtonText string

    passwordlessRegistrationText

    object

    title string
    description string
    tokenNameLabel string
    notSupported string
    registerTokenButtonText string
    errorRetry string

    passwordlessRegistrationDoneText

    object

    title string
    description string
    nextButtonText string
    cancelButtonText string
    descriptionClose string

    externalRegistrationUserOverviewText

    object

    title string
    description string
    emailLabel string
    usernameLabel string
    firstnameLabel string
    lastnameLabel string
    nicknameLabel string
    languageLabel string
    phoneLabel string
    tosAndPrivacyLabel string
    tosConfirm string
    tosLinkText string
    privacyLinkText string
    backButtonText string
    nextButtonText string
    privacyConfirm string

    linkingUserPromptText

    object

    title string
    description string
    linkButtonText string
    otherButtonText string
  • ]

  • initMessages

    object[]

  • Array [

  • language string
    title string

    Possible values: <= 500 characters

    preHeader string

    Possible values: <= 500 characters

    subject string

    Possible values: <= 500 characters

    greeting string

    Possible values: <= 1000 characters

    text string

    Possible values: <= 10000 characters

    buttonText string

    Possible values: <= 1000 characters

    footerText string
  • ]

  • passwordResetMessages

    object[]

  • Array [

  • language string
    title string

    Possible values: <= 500 characters

    preHeader string

    Possible values: <= 500 characters

    subject string

    Possible values: <= 500 characters

    greeting string

    Possible values: <= 1000 characters

    text string

    Possible values: <= 10000 characters

    buttonText string

    Possible values: <= 1000 characters

    footerText string
  • ]

  • verifyEmailMessages

    object[]

  • Array [

  • language string
    title string

    Possible values: <= 500 characters

    preHeader string

    Possible values: <= 500 characters

    subject string

    Possible values: <= 500 characters

    greeting string

    Possible values: <= 1000 characters

    text string

    Possible values: <= 10000 characters

    buttonText string

    Possible values: <= 1000 characters

    footerText string
  • ]

  • verifyPhoneMessages

    object[]

  • Array [

  • language string
    title string

    Possible values: <= 500 characters

    preHeader string

    Possible values: <= 500 characters

    subject string

    Possible values: <= 500 characters

    greeting string

    Possible values: <= 1000 characters

    text string

    Possible values: <= 800 characters

    buttonText string

    Possible values: <= 1000 characters

    footerText string
  • ]

  • domainClaimedMessages

    object[]

  • Array [

  • language string
    title string

    Possible values: <= 500 characters

    preHeader string

    Possible values: <= 500 characters

    subject string

    Possible values: <= 500 characters

    greeting string

    Possible values: <= 1000 characters

    text string

    Possible values: <= 10000 characters

    buttonText string

    Possible values: <= 1000 characters

    footerText string
  • ]

  • passwordlessRegistrationMessages

    object[]

  • Array [

  • language string
    title string

    Possible values: <= 500 characters

    preHeader string

    Possible values: <= 500 characters

    subject string

    Possible values: <= 500 characters

    greeting string

    Possible values: <= 1000 characters

    text string

    Possible values: <= 10000 characters

    buttonText string

    Possible values: <= 500 characters

    footerText string
  • ]

  • oidcIdps

    object[]

  • Array [

  • idpId string

    idp

    object

    name stringrequired

    Possible values: non-empty and <= 200 characters

    stylingType string

    Possible values: [STYLING_TYPE_UNSPECIFIED, STYLING_TYPE_GOOGLE]

    Default value: STYLING_TYPE_UNSPECIFIED

    some identity providers specify the styling of the button to their login

    clientId stringrequired

    Possible values: non-empty and <= 200 characters

    client id generated by the identity provider

    clientSecret stringrequired

    Possible values: non-empty and <= 200 characters

    client secret generated by the identity provider

    issuer stringrequired

    the OIDC issuer of the identity provider

    scopes string[]

    the scopes requested by ZITADEL during the request on the identity provider

    displayNameMapping string

    Possible values: [OIDC_MAPPING_FIELD_UNSPECIFIED, OIDC_MAPPING_FIELD_PREFERRED_USERNAME, OIDC_MAPPING_FIELD_EMAIL]

    Default value: OIDC_MAPPING_FIELD_UNSPECIFIED

    definition which field is mapped to the display name of the user

    usernameMapping string

    Possible values: [OIDC_MAPPING_FIELD_UNSPECIFIED, OIDC_MAPPING_FIELD_PREFERRED_USERNAME, OIDC_MAPPING_FIELD_EMAIL]

    Default value: OIDC_MAPPING_FIELD_UNSPECIFIED

    definition which field is mapped to the email of the user

    autoRegister boolean
  • ]

  • jwtIdps

    object[]

  • Array [

  • idpId string

    idp

    object

    name stringrequired

    Possible values: non-empty and <= 200 characters

    stylingType string

    Possible values: [STYLING_TYPE_UNSPECIFIED, STYLING_TYPE_GOOGLE]

    Default value: STYLING_TYPE_UNSPECIFIED

    some identity providers specify the styling of the button to their login

    jwtEndpoint stringrequired

    Possible values: non-empty and <= 200 characters

    the endpoint where the JWT can be extracted

    issuer stringrequired

    Possible values: non-empty and <= 200 characters

    the issuer of the JWT (for validation)

    keysEndpoint stringrequired

    Possible values: non-empty and <= 200 characters

    the endpoint to the key (JWK) which is used to sign the JWT with

    headerName stringrequired

    Possible values: non-empty and <= 200 characters

    the name of the header where the JWT is sent in, default is authorization

    autoRegister boolean
  • ]

  • userLinks

    object[]

  • Array [

  • userId string

    the id of the user

    idpId string

    the id of the identity provider

    idpName string

    the name of the identity provider

    providedUserId string

    the id of the user provided by the identity provider

    providedUserName string

    the id of the identity provider

    idpType authorization framework of the identity provider (string)

    Possible values: [IDP_TYPE_UNSPECIFIED, IDP_TYPE_OIDC, IDP_TYPE_JWT]

    Default value: IDP_TYPE_UNSPECIFIED

    the authorization framework of the identity provider

  • ]

  • domains

    object[]

  • Array [

  • orgId string

    details

    object

    sequence uint64

    on read: the sequence of the last event reduced by the projection

    on manipulation: the timestamp of the event(s) added by the manipulation

    creationDate date-time

    on read: the timestamp of the first event of the object

    on create: the timestamp of the event(s) added by the manipulation

    changeDate date-time

    on read: the timestamp of the last event reduced by the projection

    on manipulation: the

    resourceOwner resource_owner is the organization an object belongs to (string)
    domainName string
    isVerified boolean

    defines if the domain is verified

    isPrimary boolean

    defines if the domain is the primary domain

    validationType string

    Possible values: [DOMAIN_VALIDATION_TYPE_UNSPECIFIED, DOMAIN_VALIDATION_TYPE_HTTP, DOMAIN_VALIDATION_TYPE_DNS]

    Default value: DOMAIN_VALIDATION_TYPE_UNSPECIFIED

    defines the protocol the domain was validated with

  • ]

  • appKeys

    object[]

  • Array [

  • id string
    projectId string
    appId string
    clientId string
    type string

    Possible values: [KEY_TYPE_UNSPECIFIED, KEY_TYPE_JSON]

    Default value: KEY_TYPE_UNSPECIFIED

    expirationDate date-time
    publicKey byte
  • ]

  • machineKeys

    object[]

  • Array [

  • keyId string
    userId string
    type string

    Possible values: [KEY_TYPE_UNSPECIFIED, KEY_TYPE_JSON]

    Default value: KEY_TYPE_UNSPECIFIED

    expirationDate date-time
    publicKey byte
  • ]

  • verifySmsOtpMessages

    object[]

  • Array [

  • language string
    text string

    Possible values: <= 800 characters

  • ]

  • verifyEmailOtpMessages

    object[]

  • Array [

  • language string
    title string

    Possible values: <= 500 characters

    preHeader string

    Possible values: <= 500 characters

    subject string

    Possible values: <= 500 characters

    greeting string

    Possible values: <= 1000 characters

    text string

    Possible values: <= 10000 characters

    buttonText string

    Possible values: <= 1000 characters

    footerText string
  • ]

  • inviteUserMessages

    object[]

  • Array [

  • language string
    title string

    Possible values: <= 500 characters

    preHeader string

    Possible values: <= 500 characters

    subject string

    Possible values: <= 500 characters

    greeting string

    Possible values: <= 1000 characters

    text string

    Possible values: <= 10000 characters

    buttonText string

    Possible values: <= 500 characters

    footerText string
  • ]

  • ]

Loading...