API Reference · v0.1.0

Auth you don't
have to think about.

The complete, interactive reference for the Identra authentication platform — 225 endpoints across 25 categories. Read the contract, build the request, and send it live, all from this page.

225
Endpoints
10
SDKs
259
Schemas
v0.1.0
Version

Base URL

Every request is made against your Identra API origin. In development that's usually localhost; in production it's your custom domain.

http http://localhost:8080

Your first request

cURL
curl "http://localhost:8080/v1/access-reviews/018f3c4a-7b2e-7c1d-9e0a-1f2b3c4d5e6f/items" \
  -H "x-application-id: $IDENTRA_APP_ID" \
  -H "Authorization: Bearer $IDENTRA_API_KEY"

What makes the API predictable

Two credentials, no ceremony

A publishable application id for the browser; a secret API key for your server. Tokens are verified locally — no network on the hot path.

Default-deny, fail closed

Every endpoint is scoped to one application and authorized before it runs. Secrets are shown once, hashed at rest, and never returned.

One consistent envelope

Every response — success or error — is the same shape: success, data, error, meta. Parse it once.

Predictable by design

Flat, machine-checked contract. This reference is generated straight from the API, so it never drifts from what ships.

Official SDKs

10

Drop-in auth UI and headless hooks for React, Next.js, Svelte, Vue & React Native — plus server SDKs for Node, Go, Python & Ruby that verify tokens locally.

Explore the SDKs

Component playground

Render the drop-in components live, theme them with your brand colors and radius, switch frameworks, and copy the generated code straight into your app.

Open the playground

Browse by category

All endpoints
System 1

Health & metadata

GET
Users 10

End-user management

GETPOSTPATCHDELETE
API Keys 4

API key management

GETPOSTDELETE
Auth 31

End-user authentication

POSTGETDELETE
Sessions 6

Sessions & tokens

GETDELETEPOST
Discovery 2

JWKS & OIDC discovery

GET
Organizations 10

Organizations & memberships

GETPOSTPATCHDELETE
Webhooks 6

Webhook endpoints & delivery status

GETPOSTPATCHDELETE
Audit 3

Audit log (event-stream projection)

GET
Roles 5

Roles & permissions (RBAC)

GETPOSTPATCHDELETE
Authz 6

Fine-grained authorization (ReBAC: relationships & checks)

POSTGETPUTDELETE
Hooks 5

Extensibility hooks (synchronous signed callbacks)

GETPOSTPATCHDELETE
Entitlements 9

Feature catalog, entitlements & gating

GETPOSTDELETEPATCH
Lifecycle 9

Account linking, merging & progressive profiling

GETPOSTPATCHDELETE
Invitations 12

Invitations, waitlists & self-serve org-join

GETPOSTDELETE
Billing 8

Usage metering, flat-plan billing, invoices & dunning

GETPUTPATCHPOST
Monetization 10

B2B billing: customer plans, org subscriptions & revenue

GETPOSTPATCHDELETEPUT
SAML SSO 7

Enterprise SSO (SAML 2.0)

GETPOSTPATCHDELETE
OIDC SSO 6

Enterprise SSO (OpenID Connect)

GETPOSTPATCHDELETE
SCIM 3

SCIM 2.0 provisioning tokens

GETPOSTDELETE
Security 5

Data residency, abuse signals & compliance

GETPUTPOST
Settings 25

Application settings, providers & go-live

GETPUTPOSTDELETEPATCH
Dashboard 16

Dashboard account auth & account-level management

GETPOSTPATCHDELETE
Governance 24

Enterprise access governance: named locations, SoD, JIT/PIM grants, access reviews, service accounts, per-user risk & impersonation

POSTGETPATCHDELETE
Consent 2
GETPUT