Skip to main content

Set instance level features

PUT 
/v2/features/instance

Configure and set features that apply to a complete instance. Only fields present in the request are set or unset.

Request​

Body

required

    loginDefaultOrg boolean

    The login UI will use the settings of the default org (and not from the instance) if no organization context is set

    oidcTriggerIntrospectionProjections boolean

    Enable projection triggers during an introspection request. This can act as workaround if there are noticeable consistency issues in the introspection response but can have an impact on performance. We are planning to remove triggers for introspection requests in the future. Please raise an issue if you needed to enable this feature.

    oidcLegacyIntrospection boolean

    We have recently refactored the introspection endpoint for performance reasons. This feature can be used to rollback to the legacy implementation if unexpected bugs arise. Please raise an issue if you needed to enable this feature.

    userSchema boolean

    User Schemas allow to manage data schemas of user. If the flag is enabled, you'll be able to use the new API and its features. Note that it is still in an early stage.

    oidcTokenExchange boolean

    Enable the experimental urn:ietf:params:oauth:grant-type:token-exchange grant type for the OIDC token endpoint. Token exchange can be used to request tokens with a lesser scope or impersonate other users. See the security policy to allow impersonation on an instance.

    actions boolean

    Actions allow to manage data executions and targets. If the flag is enabled, you'll be able to use the new API and its features. Note that it is still in an early stage.

    improvedPerformance string[]

    Possible values: [IMPROVED_PERFORMANCE_UNSPECIFIED, IMPROVED_PERFORMANCE_ORG_BY_ID, IMPROVED_PERFORMANCE_PROJECT_GRANT, IMPROVED_PERFORMANCE_PROJECT, IMPROVED_PERFORMANCE_USER_GRANT, IMPROVED_PERFORMANCE_ORG_DOMAIN_VERIFIED]

    Improves performance of specified execution paths.

    webKey boolean

    Enable the webkey/v3alpha API. The first time this feature is enabled, web keys are generated and activated.

    debugOidcParentError boolean

    Return parent errors to OIDC clients for debugging purposes. Parent errors may contain sensitive data or unwanted details about the system status of zitadel. Only enable if really needed.

    oidcSingleV1SessionTermination boolean

    If the flag is enabled, you'll be able to terminate a single session from the login UI by providing an id_token with a sid claim as id_token_hint on the end_session endpoint. Note that currently all sessions from the same user agent (browser) are terminated in the login UI. Sessions managed through the Session API already allow the termination of single sessions.

    disableUserTokenEvent boolean

    Do not push user token meta-event user.token.v2.added to improve performance on many concurrent single (machine-)user logins

Responses​

OK

Schema

    details

    object

    sequence uint64

    on read: the sequence of the last event reduced by the projection

    on manipulation: the timestamp of the event(s) added by the manipulation

    changeDate date-time

    on read: the timestamp of the last event reduced by the projection

    on manipulation: the timestamp of the event(s) added by the manipulation

    resourceOwner resource_owner is the organization or instance_id an object belongs to (string)
Loading...