Add one or more secrets to an existing hook. Accepts an object of key-value pairs, where the key is the name of the secret. A hook can have a maximum of 20 secrets.

Enable a specific connection for a given Organization. To enable a connection, it must already exist within your tenant; connections cannot be created through this action.

Set one or more existing users as members of a specific Organization.

Assign one or more roles to a user to determine their access for a specific Organization.

Assign one or more users to an existing user role.

Assign permissions to a user.

Assign one or more existing user roles to a user.

Add one or more permissions to a specified user role.

Add the token identified by the jti to a blacklist for the tenant.

Check if the given IP address is blocked via the Suspicious IP Throttling due to multiple suspicious attempts.

Create an phone provider.

Create a new custom domain.

Create an email provider. The credentials object requires different properties depending on the email provider (which is specified using the name property)

Create an action. Once an action is created, it must be deployed, and then bound to a trigger before it will be executed as part of a flow.

Create a phone notification template

Create branding theme.

Create a new client (application or SSO integration).

Create a client grant for a machine-to-machine login flow.

Creates a new connection according to the JSON object received in body.

Create a scim configuration for a connection.

Create a scim token for a scim client.

Create a client credential associated to your application. The credential will be created but not yet enabled for use with Private Key JWT authentication method. To enable the credential, set the client_authentication_methods property on the client.

Create a device credential public key to manage refresh token rotation for a given user_id. Device Credentials APIs are designed for ad-hoc administrative use only and paging is by default enabled for GET requests.

Create an email template.

Create an email verification ticket for a given user. An email verification ticket is a generated URL that the user can consume to verify their email address.

Create the new, pre-activated encryption key, without the key material.

Create the public wrapping key to wrap your own encryption key material.

Create a flow.

Create a form.

Create a multi-factor authentication (MFA) enrollment ticket, and optionally send an email with the created ticket, to a given user.

Create a new hook.

Export all users to a file via a long-running job.

Import users from a formatted file into a connection via a long-running job.

Create a log stream.

Create a new Organization within your tenant.

Create a user invitation for a specific Organization. Upon creation, the listed user receives an email inviting them to join the Organization.

Create a password change ticket for a given user. A password change ticket is a generated URL that the user can consume to start a reset password flow.

Create a new API associated with your tenant. Note that all new APIs must be registered with Auth0.

Create a user role for Role-Based Access Control.

Create a new rule.

Creates a self-service profile. Currently only one profile can be created per tenant.

Creates an sso-access ticket to initiate the Self Service SSO Flow using a self-service profile.

Create a new user for a given database or passwordless connection.

Create an authentication method. Authentication methods created via this endpoint will be auto confirmed and should already have verification completed.

Deletes an action and all of its associated versions. An action must be unbound from all triggers before it can be deleted.

Delete the configured phone provider.

Delete a phone notification template

Delete branding theme.

Delete a client and related configuration (rules, connections, etc).

Delete the Client Credential Flow from your machine-to-machine application.

Removes a specific connection from your tenant. This action cannot be undone. Once removed, users can no longer use this connection to authenticate.

Deletes a scim configuration by its connectionId.

Deletes a scim token by its connection id and tokenId.

Deletes a specified connection user by its email (you cannot delete all users from specific connection). Currently, only Database Connections are supported.

Delete a client credential you previously created. May be enabled or disabled.

Delete a custom domain and stop serving requests for it.

Permanently delete a device credential (such as a refresh token or public key) with the given ID.

Delete the custom provided encryption key with the given ID and move back to using native encryption key.

Delete a grant associated with your account.

Delete a grant associated with your account.

Remove a specific multi-factor authentication (MFA) enrollment from a user's account. This allows the user to re-enroll with MFA.

Delete a hook.

Delete one or more existing secrets for a given hook. Accepts an array of secret names to delete.

Delete a log stream.

Remove an Organization from your tenant. This action cannot be undone.

Disable a specific connection for an Organization. Once disabled, Organization members can no longer use that connection to authenticate.

Delete an invitation to an Organization

Delete members from an organization

Remove one or more Organization-specific roles from a given user.

Delete a refresh token by its ID.

Delete an existing API by ID.

Delete a specific user role from your tenant. Once deleted, it is removed from any user who was previously assigned that role. This action cannot be undone.

Delete a rule.

Delete a rules config variable identified by its key.

Deletes a self-service profile by Id.

Delete a session by ID.

Delete template for New Universal Login Experience

Delete a user by user ID. This action cannot be undone.

Remove the authentication method with the given ID from the specified user.

Remove all authentication methods (i.e., enrolled MFA factors) from the specified user account. This action cannot be undone.

Remove all authenticators registered to a given user ID, such as OTP, email, phone, and push-notification. This action cannot be undone.

Remove a multifactor authentication configuration from a user's account. This forces the user to manually reconfigure the multi-factor provider.

Delete all refresh tokens for a user.

Delete all sessions for a user.

Deploy an action. Deploying an action will create a new immutable version of the action. If the action is currently bound to a trigger, then the system will begin executing the newly deployed version of the action immediately. Otherwise, the action will only be executed as a part of a flow once it is bound to that flow.

Retrieve an action by its ID.

Retrieve information about a specific execution of a trigger. Relevant execution IDs will be included in tenant logs generated as part of that authentication flow. Executions will only be stored for 10 days after their creation.

Retrieve the actions that are bound to a trigger. Once an action is created and deployed, it must be attached (i.e. bound) to a trigger so that it will be executed as part of a flow. The list of actions returned reflects the order in which they will be executed during the appropriate flow.

Retrieve the set of triggers currently available within actions. A trigger is an extensibility point to which actions can be bound.

Retrieve a specific version of an action. An action version is created whenever an action is deployed. An action version is immutable, once created.

Retrieve all of an action's versions. An action version is created whenever an action is deployed. An action version is immutable, once created.

Retrieve all actions.

Retrieve the number of active users that logged in during the last 30 days.

Retrieve details of the Breached Password Detection configuration of your tenant.

Retrieve details of the Brute-force Protection configuration of your tenant.

Retrieve details of the Suspicious IP Throttling configuration of your tenant.

Retrieve the jti and aud of all tokens that are blacklisted.

Retrieve branding settings.

Retrieve phone provider details. A list of fields to include or exclude may also be specified.

Get a phone notification template

Retrieve branding theme.

Retrieve client details by ID. Clients are SSO connections or Applications linked with your Auth0 tenant. A list of fields to include or exclude may also be specified.

Retrieve a list of client grants, including the scopes associated with the application/API pair.

Retrieve clients (applications and SSO integrations) matching provided filters. A list of fields to include or exclude may also be specified.

Retrieve details for a specified connection along with options that can be used for identity provider configuration.

Retrieves a scim configuration by its connectionId.

Retrieves a scim configuration's default mapping by its connectionId.

Retrieves all scim tokens by its connection id.

Retrieves the status of an ad/ldap connection referenced by its ID. 200 OK http status code response is returned when the connection is online, otherwise a 404 status code is returned along with an error message

Retrieves detailed list of all connections that match the specified strategy. If no strategy is provided, all connections within your tenant are retrieved. This action can accept a list of fields to include or exclude from the resulting list of connections.

Get the details of a client credential.

Get custom domain configuration.

Retrieve details on custom domains.

Retrieve the number of logins, signups and breached-password detections (subscription required) that occurred each day within a specified date range.

Retrieve default branding theme.

Retrieve device credential information (public_key, refresh_token, or rotating_refresh_token) associated with a specific user.

Retrieve details of the email provider configuration in your tenant. A list of fields to include or exclude may also be specified.

Retrieve an email template by pre-defined name. These names are verify_email, verify_email_by_code, reset_email, welcome_email, blocked_account, stolen_credentials, enrollment_email, mfa_oob_code, and user_invitation. The names change_password, and password_reset are also supported for legacy scenarios.

Retrieve details of the encryption key with the given ID.

Retrieve details of all the encryption keys associated with your tenant.

Get a flow.

Get flows.

Get a form.

Get forms.

Retrieve the grants associated with your account.

Retrieve configuration details for the multi-factor authentication APNS provider associated with your tenant.

Retrieve configuration details for an AWS SNS push notification provider that has been enabled for MFA.

Retrieve details, such as status and type, for a specific multi-factor authentication enrollment registered to a user account.

Retrieve details of all multi-factor authentication factors associated with your tenant.

Retrieve the push notification provider configured for your tenant.

Retrieve details of the multi-factor authentication phone provider configured for your tenant.

Retrieve list of phone-type MFA factors (i.e., sms and voice) that are enabled for your tenant.

Retrieve details of the multi-factor authentication enrollment and verification templates for phone-type factors available in your tenant.

Retrieve configuration details for a Twilio phone provider that has been set up in your tenant.

Retrieve a hook by its ID. Accepts a list of fields to include in the result.

Retrieve a hook's secrets by the ID of the hook.

Retrieve all hooks. Accepts a list of fields to include or exclude in the result.

Retrieves a job. Useful to check its status.

Retrieve error details of a failed job.

Retrieve an individual log event.

Retrieve log entries that match the specified search criteria (or all log entries if no criteria specified).

Retrieve a log stream configuration and status.

Retrieve details on log streams.

Retrieve details about a single Organization specified by ID.

Retrieve details about a single Organization specified by name.

Retrieve details about a specific connection currently enabled for an Organization. Information returned includes details such as connection ID, name, strategy, and whether the connection automatically grants membership upon login.

Retrieve details about a specific connection currently enabled for an Organization. Information returned includes details such as connection ID, name, strategy, and whether the connection automatically grants membership upon login.

Get a specific invitation to an Organization

Retrieve a detailed list of invitations sent to users for a specific Organization. The list includes details such as inviter and invitee information, invitation URLs, and dates of creation and expiration.

List organization members.

Retrieve detailed list of roles assigned to a given user within the context of a specific Organization.

Retrive detailed list of all Organizations available in your tenant.

Retrieve custom text for a specific prompt and language.

Get template partials for a prompt

Retrieve details of the Universal Login configuration of your tenant. This includes the Identifier First Authentication and WebAuthn with Device Biometrics for MFA features.

Retrieve refresh token information.

Retrieve API details with the given ID.

Retrieve details of all APIs associated with your tenant.

Retrieve details about a specific user role specified by ID.

Retrieve detailed list (name, description, resource server) of permissions granted by a specified user role.

Retrieve list of users associated with a specific role.

Retrieve detailed list of user roles created in your tenant.

Retrieve rule details. Accepts a list of fields to include or exclude in the result.

Retrieve a filtered list of rules. Accepts a list of fields to include or exclude.

Retrieve rules config variable keys.

Retrieves a self-service profile by Id.

Retrieves self-service profiles. Currently only one profile can be created per tenant.

Retrieve session information.

Retrieve details of the application signing key with the given ID.

Retrieve details of all the application signing keys associated with your tenant.

Get template for New Universal Login Experience

Retrieve tenant settings. A list of fields to include or exclude may also be specified.

Retrieve user details. A list of fields to include or exclude may also be specified.

Get an authentication method by ID

Retrieve details of all Brute-force Protection blocks for a user with the given identifier (username, phone number, or email).

Retrieve details of all Brute-force Protection blocks for the user with the given ID.

Retrieve the first multi-factor authentication enrollment that a specific user has confirmed.

Retrieve log events for a specific user.

Retrieve list of the specified user's current Organization memberships. User must be specified by user ID.

Retrieve all permissions associated with the user.

Retrieve details for a user's refresh tokens.

Retrieve detailed list of all user roles currently assigned to a user.

Retrieve details for a user's sessions.

Retrieve details of users.

Find users by email. If Auth0 is the identity provider (idP), the email address associated with a user is saved in lower case, regardless of how you initially provided it.

Import wrapped key material and activate encryption key.

Invalidate all remembered browsers across all authentication factors for a user.

Link two user accounts together forming a primary and secondary relationship. On successful linking, the endpoint returns the new array of the primary account identities.

Retrieve a list ofphone providers details set for a Tenant. A list of fields to include or exclude may also be specified.

Get a list of phone notification templates

Get the details of a client credential.

Retrieve the multi-factor authentication (MFA) policies configured for your tenant.

Retrieve detailed list of authentication methods associated with a specified user.

Update the details of a specific Organization, such as name and display name, branding options, and metadata.

Modify the details of a specific connection currently enabled for an Organization.

Modify an email template.

Modify configuration details of the multi-factor authentication APNS provider associated with your tenant.

Configure the AWS SNS push notification provider configuration (subscription required).

Modify configuration details of the multi-factor authentication FCM provider associated with your tenant.

Modify configuration details of the multi-factor authentication FCMV1 provider associated with your tenant.

Remove an existing multi-factor authentication (MFA) recovery code and generate a new one. If a user cannot access the original device or account used for MFA enrollment, they can use a recovery code to authenticate.

Perform rekeying operation on the key hierarchy.

Remove a block imposed by Suspicious IP Throttling for the given IP address.

Remove one or more permissions from a specified user role.

Remove permissions from a user.

Remove one or more specified user roles assigned to a user.

Resets a phone notification template values

Revokes a session by ID and all associated refresh tokens.

Revoke the application signing key with the given ID.

Revokes selected resources related to a user (sessions, refresh tokens, ...).

Performs the equivalent of a roll-back of an action to an earlier, specified version. Creates a new, deployed action version that is identical to the specified version. If this action is currently bound to a trigger, the system will begin executing the newly-created version immediately.

Rotate a client secret.

Rotate the application signing key of your tenant.

Send an email to the specified user that asks them to click a link to verify their email address.

Set multi-factor authentication (MFA) policies for your tenant.

Set custom text for a specific prompt. Existing texts will be overwritten.

Set template partials for a prompt

Sets a rules config variable.

Update the Universal Login branding template.

Test an action. After updating an action, it can be tested prior to being deployed to ensure it behaves as expected.

Send a test phone notification for the configured provider

Send a test phone notification for the configured template

Remove all Brute-force Protection blocks for the user with the given identifier (username, phone number, or email).

Remove all Brute-force Protection blocks for the user with the given ID.

Unlink a specific secondary account from a target user. This action requires the ID of both the target user and the secondary account.

Update an existing action. If this action is currently bound to a trigger, updating it will not affect any user flows until the action is deployed.

Update the actions that are bound (i.e. attached) to a trigger. Once an action is created and deployed, it must be attached (i.e. bound) to a trigger so that it will be executed as part of a flow. The order in which the actions are provided will determine the order in which they are executed.

Update details of the Breached Password Detection configuration of your tenant.

Update the Brute-force Protection configuration of your tenant.

Update the details of the Suspicious IP Throttling configuration of your tenant.

Update branding settings.

Update an phone provider.

Update a phone notification template

Update branding theme.

Updates a client's settings

Update a client grant.

Update details for a specific connection, including option properties for identity provider configuration.

Update a scim configuration by its connectionId.

Change a client credential you previously created. May be enabled or disabled.

Update a custom domain.

Update an email provider. The credentials object requires different properties depending on the email provider (which is specified using the name property)

Update an email template.

Update a flow.

Update a form.

Overwrite all configuration details of the multi-factor authentication APNS provider associated with your tenant.

Configure the AWS SNS push notification provider configuration (subscription required).

Update the status (i.e., enabled or disabled) of a specific multi-factor authentication factor.

Overwrite all configuration details of the multi-factor authentication FCM provider associated with your tenant.

Overwrite all configuration details of the multi-factor authentication FCMV1 provider associated with your tenant.

Modify the push notification provider configured for your tenant.

Update phone provider configuration

Replace the list of phone-type MFA factors (i.e., sms and voice) that are enabled for your tenant.

Customize the messages sent to complete phone enrollment and verification (subscription required).

Update the configuration of a Twilio phone provider that has been set up in your tenant.

Update an existing hook.

Update an existing hook.

Update a log stream.

Update the Universal Login configuration of your tenant. This includes the Identifier First Authentication and WebAuthn with Device Biometrics for MFA features.

Change an existing API setting by resource server ID.

Modify the details of a specific user role specified by ID.

Update an existing rule.

Updates a self-service profile.

Update settings for a tenant.

Update a user.

Modify the authentication method with the given ID from the specified user.

Replace the specified user authentication methods with supplied values.

Run the verification process on a custom domain.