Ory.Api.Identity (ory_client v1.21.1)
API calls for all endpoints tagged Identity.
Summary
Functions
Create multiple identities Creates multiple identities. You can also use this endpoint to import credentials, including passwords, social sign-in settings, and multi-factor authentication methods. You can import: Up to 1,000 identities per request Up to 200 identities per request if including plaintext passwords Avoid importing large batches with plaintext passwords. They can cause timeouts as the passwords need to be hashed before they are stored. If at least one identity is imported successfully, the response status is 200 OK. If all imports fail, the response is one of the following 4xx errors: 400 Bad Request: The request payload is invalid or improperly formatted. 409 Conflict: Duplicate identities or conflicting data were detected. If you get a 504 Gateway Timeout: Reduce the batch size Avoid duplicate identities Pre-hash passwords with BCrypt If the issue persists, contact support.
Create an Identity Create an identity. This endpoint can also be used to import credentials for instance passwords, social sign in configurations or multifactor methods.
Create a Recovery Code This endpoint creates a recovery code which should be given to the user in order for them to recover (or activate) their account.
Create a Recovery Link This endpoint creates a recovery link which should be given to the user in order for them to recover (or activate) their account.
Delete an Identity Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone. This endpoint returns 204 when the identity was deleted or 404 if the identity was not found.
Delete a credential for a specific identity Delete an identity credential by its type. You cannot delete passkeys or code auth credentials through this API.
Delete & Invalidate an Identity's Sessions Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity.
Deactivate a Session Calling this endpoint deactivates the specified session. Session data is not deleted.
Extend a Session
Calling this endpoint extends the given session ID. If session.earliest_possible_extend is set it will only extend the session after the specified time has passed. This endpoint returns per default a 204 No Content response on success. Older Ory Network projects may return a 200 OK response with the session in the body. Returning the session as part of the response will be deprecated in the future and should not be relied upon. This endpoint ignores consecutive requests to extend the same session and returns a 404 error in those scenarios. This endpoint also returns 404 errors if the session does not exist. Retrieve the session ID from the /sessions/whoami endpoint / toSession SDK method.
Get an Identity
Return an identity by its ID. You can optionally include credentials (e.g. social sign in connections) in the response by using the include_credential query parameter.
Get an Identity by its External ID
Return an identity by its external ID. You can optionally include credentials (e.g. social sign in connections) in the response by using the include_credential query parameter.
Get Identity JSON Schema Return a specific identity schema.
Get Session This endpoint is useful for: Getting a session object with all specified expandables that exist in an administrative context.
List Identities Lists all identities in the system. Note: filters cannot be combined.
Get all Identity Schemas Returns a list of all identity schemas currently in use.
List an Identity's Sessions This endpoint returns all sessions that belong to the given Identity.
List All Sessions Listing all sessions that exist.
Patch an Identity
Partially updates an identity's field using JSON Patch. The fields id, stateChangedAt and credentials can not be updated using this method.
Update an Identity
This endpoint updates an identity. The full identity payload, except credentials, is expected. For partial updates, use the patchIdentity operation. A credential can be provided via the credentials field in the request body. If provided, the credentials will be imported and added to the existing credentials of the identity.
Functions
@spec batch_patch_identities( Tesla.Env.client(), keyword() ) :: {:ok, Ory.Model.ErrorGeneric.t()} | {:ok, Ory.Model.BatchPatchIdentitiesResponse.t()} | {:error, Tesla.Env.t()}
Create multiple identities Creates multiple identities. You can also use this endpoint to import credentials, including passwords, social sign-in settings, and multi-factor authentication methods. You can import: Up to 1,000 identities per request Up to 200 identities per request if including plaintext passwords Avoid importing large batches with plaintext passwords. They can cause timeouts as the passwords need to be hashed before they are stored. If at least one identity is imported successfully, the response status is 200 OK. If all imports fail, the response is one of the following 4xx errors: 400 Bad Request: The request payload is invalid or improperly formatted. 409 Conflict: Duplicate identities or conflicting data were detected. If you get a 504 Gateway Timeout: Reduce the batch size Avoid duplicate identities Pre-hash passwords with BCrypt If the issue persists, contact support.
Parameters
connection(Ory.Connection): Connection to serveropts(keyword): Optional parameters:body(PatchIdentitiesBody):
Returns
{:ok, Ory.Model.BatchPatchIdentitiesResponse.t}on success{:error, Tesla.Env.t}on failure
@spec create_identity( Tesla.Env.client(), keyword() ) :: {:ok, Ory.Model.ErrorGeneric.t()} | {:ok, Ory.Model.Identity.t()} | {:error, Tesla.Env.t()}
Create an Identity Create an identity. This endpoint can also be used to import credentials for instance passwords, social sign in configurations or multifactor methods.
Parameters
connection(Ory.Connection): Connection to serveropts(keyword): Optional parameters:body(CreateIdentityBody):
Returns
{:ok, Ory.Model.Identity.t}on success{:error, Tesla.Env.t}on failure
@spec create_recovery_code_for_identity( Tesla.Env.client(), keyword() ) :: {:ok, Ory.Model.ErrorGeneric.t()} | {:ok, Ory.Model.RecoveryCodeForIdentity.t()} | {:error, Tesla.Env.t()}
Create a Recovery Code This endpoint creates a recovery code which should be given to the user in order for them to recover (or activate) their account.
Parameters
connection(Ory.Connection): Connection to serveropts(keyword): Optional parameters:body(CreateRecoveryCodeForIdentityBody):
Returns
{:ok, Ory.Model.RecoveryCodeForIdentity.t}on success{:error, Tesla.Env.t}on failure
@spec create_recovery_link_for_identity( Tesla.Env.client(), keyword() ) :: {:ok, Ory.Model.ErrorGeneric.t()} | {:ok, Ory.Model.RecoveryLinkForIdentity.t()} | {:error, Tesla.Env.t()}
Create a Recovery Link This endpoint creates a recovery link which should be given to the user in order for them to recover (or activate) their account.
Parameters
connection(Ory.Connection): Connection to serveropts(keyword): Optional parameters:return_to(String.t)::body(CreateRecoveryLinkForIdentityBody):
Returns
{:ok, Ory.Model.RecoveryLinkForIdentity.t}on success{:error, Tesla.Env.t}on failure
@spec delete_identity(Tesla.Env.client(), String.t(), keyword()) :: {:ok, nil} | {:ok, Ory.Model.ErrorGeneric.t()} | {:error, Tesla.Env.t()}
Delete an Identity Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone. This endpoint returns 204 when the identity was deleted or 404 if the identity was not found.
Parameters
connection(Ory.Connection): Connection to serverid(String.t): ID is the identity's ID.opts(keyword): Optional parameters
Returns
{:ok, nil}on success{:error, Tesla.Env.t}on failure
@spec delete_identity_credentials( Tesla.Env.client(), String.t(), String.t(), keyword() ) :: {:ok, nil} | {:ok, Ory.Model.ErrorGeneric.t()} | {:error, Tesla.Env.t()}
Delete a credential for a specific identity Delete an identity credential by its type. You cannot delete passkeys or code auth credentials through this API.
Parameters
connection(Ory.Connection): Connection to serverid(String.t): ID is the identity's ID.type(String.t): Type is the type of credentials to delete. password CredentialsTypePassword oidc CredentialsTypeOIDC totp CredentialsTypeTOTP lookup_secret CredentialsTypeLookup webauthn CredentialsTypeWebAuthn code CredentialsTypeCodeAuth passkey CredentialsTypePasskey profile CredentialsTypeProfile saml CredentialsTypeSAML link_recovery CredentialsTypeRecoveryLink CredentialsTypeRecoveryLink is a special credential type linked to the link strategy (recovery flow). It is not used within the credentials object itself. code_recovery CredentialsTypeRecoveryCodeopts(keyword): Optional parameters:identifier(String.t): Identifier is the identifier of the OIDC/SAML credential to delete. Find the identifier by calling theGET /admin/identities/{id}?include_credential={oidc,saml}endpoint.
Returns
{:ok, nil}on success{:error, Tesla.Env.t}on failure
@spec delete_identity_sessions(Tesla.Env.client(), String.t(), keyword()) :: {:ok, nil} | {:ok, Ory.Model.ErrorGeneric.t()} | {:error, Tesla.Env.t()}
Delete & Invalidate an Identity's Sessions Calling this endpoint irrecoverably and permanently deletes and invalidates all sessions that belong to the given Identity.
Parameters
connection(Ory.Connection): Connection to serverid(String.t): ID is the identity's ID.opts(keyword): Optional parameters
Returns
{:ok, nil}on success{:error, Tesla.Env.t}on failure
@spec disable_session(Tesla.Env.client(), String.t(), keyword()) :: {:ok, nil} | {:ok, Ory.Model.ErrorGeneric.t()} | {:error, Tesla.Env.t()}
Deactivate a Session Calling this endpoint deactivates the specified session. Session data is not deleted.
Parameters
connection(Ory.Connection): Connection to serverid(String.t): ID is the session's ID.opts(keyword): Optional parameters
Returns
{:ok, nil}on success{:error, Tesla.Env.t}on failure
@spec extend_session(Tesla.Env.client(), String.t(), keyword()) :: {:ok, nil} | {:ok, Ory.Model.ErrorGeneric.t()} | {:ok, Ory.Model.Session.t()} | {:error, Tesla.Env.t()}
Extend a Session
Calling this endpoint extends the given session ID. If session.earliest_possible_extend is set it will only extend the session after the specified time has passed. This endpoint returns per default a 204 No Content response on success. Older Ory Network projects may return a 200 OK response with the session in the body. Returning the session as part of the response will be deprecated in the future and should not be relied upon. This endpoint ignores consecutive requests to extend the same session and returns a 404 error in those scenarios. This endpoint also returns 404 errors if the session does not exist. Retrieve the session ID from the /sessions/whoami endpoint / toSession SDK method.
Parameters
connection(Ory.Connection): Connection to serverid(String.t): ID is the session's ID.opts(keyword): Optional parameters
Returns
{:ok, Ory.Model.Session.t}on success{:error, Tesla.Env.t}on failure
@spec get_identity(Tesla.Env.client(), String.t(), keyword()) :: {:ok, Ory.Model.ErrorGeneric.t()} | {:ok, Ory.Model.Identity.t()} | {:error, Tesla.Env.t()}
Get an Identity
Return an identity by its ID. You can optionally include credentials (e.g. social sign in connections) in the response by using the include_credential query parameter.
Parameters
connection(Ory.Connection): Connection to serverid(String.t): ID must be set to the ID of identity you want to getopts(keyword): Optional parameters:include_credential([String.t]): Include Credentials in Response Include any credential, for examplepasswordoroidc, in the response. When set tooidc, This will return the initial OAuth 2.0 Access Token, OAuth 2.0 Refresh Token and the OpenID Connect ID Token if available.
Returns
{:ok, Ory.Model.Identity.t}on success{:error, Tesla.Env.t}on failure
@spec get_identity_by_external_id(Tesla.Env.client(), String.t(), keyword()) :: {:ok, Ory.Model.ErrorGeneric.t()} | {:ok, Ory.Model.Identity.t()} | {:error, Tesla.Env.t()}
Get an Identity by its External ID
Return an identity by its external ID. You can optionally include credentials (e.g. social sign in connections) in the response by using the include_credential query parameter.
Parameters
connection(Ory.Connection): Connection to serverexternal_id(String.t): ExternalID must be set to the ID of identity you want to getopts(keyword): Optional parameters:include_credential([String.t]): Include Credentials in Response Include any credential, for examplepasswordoroidc, in the response. When set tooidc, This will return the initial OAuth 2.0 Access Token, OAuth 2.0 Refresh Token and the OpenID Connect ID Token if available.
Returns
{:ok, Ory.Model.Identity.t}on success{:error, Tesla.Env.t}on failure
@spec get_identity_schema(Tesla.Env.client(), String.t(), keyword()) :: {:ok, map()} | {:ok, Ory.Model.ErrorGeneric.t()} | {:error, Tesla.Env.t()}
Get Identity JSON Schema Return a specific identity schema.
Parameters
connection(Ory.Connection): Connection to serverid(String.t): ID must be set to the ID of schema you want to getopts(keyword): Optional parameters
Returns
{:ok, map()}on success{:error, Tesla.Env.t}on failure
@spec get_session(Tesla.Env.client(), String.t(), keyword()) :: {:ok, Ory.Model.ErrorGeneric.t()} | {:ok, Ory.Model.Session.t()} | {:error, Tesla.Env.t()}
Get Session This endpoint is useful for: Getting a session object with all specified expandables that exist in an administrative context.
Parameters
connection(Ory.Connection): Connection to serverid(String.t): ID is the session's ID.opts(keyword): Optional parameters:expand([String.t]): ExpandOptions is a query parameter encoded list of all properties that must be expanded in the Session. Example - ?expand=Identity&expand=Devices If no value is provided, the expandable properties are skipped.
Returns
{:ok, Ory.Model.Session.t}on success{:error, Tesla.Env.t}on failure
@spec list_identities( Tesla.Env.client(), keyword() ) :: {:ok, Ory.Model.ErrorGeneric.t()} | {:ok, [Ory.Model.Identity.t()]} | {:error, Tesla.Env.t()}
List Identities Lists all identities in the system. Note: filters cannot be combined.
Parameters
connection(Ory.Connection): Connection to serveropts(keyword): Optional parameters:per_page(integer()): Deprecated Items per Page DEPRECATED: Please usepage_tokeninstead. This parameter will be removed in the future. This is the number of items per page.:page(integer()): Deprecated Pagination Page DEPRECATED: Please usepage_tokeninstead. This parameter will be removed in the future. This value is currently an integer, but it is not sequential. The value is not the page number, but a reference. The next page can be any number and some numbers might return an empty list. For example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist. The first page can be retrieved by omitting this parameter. Following page pointers will be returned in theLinkheader.:page_size(integer()): Page Size This is the number of items per page to return. For details on pagination please head over to the pagination documentation.:page_token(String.t): Next Page Token The next page token. For details on pagination please head over to the pagination documentation.:consistency(String.t): Read Consistency Level (preview) The read consistency level determines the consistency guarantee for reads: strong (slow): The read is guaranteed to return the most recent data committed at the start of the read. eventual (very fast): The result will return data that is about 4.8 seconds old. The default consistency guarantee can be changed in the Ory Network Console or using the Ory CLI withory patch project --replace '/previews/default_read_consistency_level="strong"'. Setting the default consistency level toeventualmay cause regressions in the future as we add consistency controls to more APIs. Currently, the following APIs will be affected by this setting:GET /admin/identitiesThis feature is in preview and only available in Ory Network. ConsistencyLevelUnset ConsistencyLevelUnset is the unset / default consistency level. strong ConsistencyLevelStrong ConsistencyLevelStrong is the strong consistency level. eventual ConsistencyLevelEventual ConsistencyLevelEventual is the eventual consistency level using follower read timestamps.:ids([String.t]): Retrieve multiple identities by their IDs. This parameter has the following limitations: Duplicate or non-existent IDs are ignored. The order of returned IDs may be different from the request. This filter does not support pagination. You must implement your own pagination as the maximum number of items returned by this endpoint may not exceed a certain threshold (currently 500).:credentials_identifier(String.t): CredentialsIdentifier is the identifier (username, email) of the credentials to look up using exact match. Only one of CredentialsIdentifier and CredentialsIdentifierSimilar can be used.:preview_credentials_identifier_similar(String.t): This is an EXPERIMENTAL parameter that WILL CHANGE. Do NOT rely on consistent, deterministic behavior. THIS PARAMETER WILL BE REMOVED IN AN UPCOMING RELEASE WITHOUT ANY MIGRATION PATH. CredentialsIdentifierSimilar is the (partial) identifier (username, email) of the credentials to look up using similarity search. Only one of CredentialsIdentifier and CredentialsIdentifierSimilar can be used.:include_credential([String.t]): Include Credentials in Response Include any credential, for examplepasswordoroidc, in the response. When set tooidc, This will return the initial OAuth 2.0 Access Token, OAuth 2.0 Refresh Token and the OpenID Connect ID Token if available.:organization_id(String.t): List identities that belong to a specific organization.
Returns
{:ok, [%Identity{}, ...]}on success{:error, Tesla.Env.t}on failure
@spec list_identity_schemas( Tesla.Env.client(), keyword() ) :: {:ok, [Ory.Model.IdentitySchemaContainer.t()]} | {:ok, Ory.Model.ErrorGeneric.t()} | {:error, Tesla.Env.t()}
Get all Identity Schemas Returns a list of all identity schemas currently in use.
Parameters
connection(Ory.Connection): Connection to serveropts(keyword): Optional parameters:per_page(integer()): Deprecated Items per Page DEPRECATED: Please usepage_tokeninstead. This parameter will be removed in the future. This is the number of items per page.:page(integer()): Deprecated Pagination Page DEPRECATED: Please usepage_tokeninstead. This parameter will be removed in the future. This value is currently an integer, but it is not sequential. The value is not the page number, but a reference. The next page can be any number and some numbers might return an empty list. For example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist. The first page can be retrieved by omitting this parameter. Following page pointers will be returned in theLinkheader.:page_size(integer()): Page Size This is the number of items per page to return. For details on pagination please head over to the pagination documentation.:page_token(String.t): Next Page Token The next page token. For details on pagination please head over to the pagination documentation.
Returns
{:ok, [%IdentitySchemaContainer{}, ...]}on success{:error, Tesla.Env.t}on failure
@spec list_identity_sessions(Tesla.Env.client(), String.t(), keyword()) :: {:ok, [Ory.Model.Session.t()]} | {:ok, Ory.Model.ErrorGeneric.t()} | {:error, Tesla.Env.t()}
List an Identity's Sessions This endpoint returns all sessions that belong to the given Identity.
Parameters
connection(Ory.Connection): Connection to serverid(String.t): ID is the identity's ID.opts(keyword): Optional parameters:per_page(integer()): Deprecated Items per Page DEPRECATED: Please usepage_tokeninstead. This parameter will be removed in the future. This is the number of items per page.:page(integer()): Deprecated Pagination Page DEPRECATED: Please usepage_tokeninstead. This parameter will be removed in the future. This value is currently an integer, but it is not sequential. The value is not the page number, but a reference. The next page can be any number and some numbers might return an empty list. For example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist. The first page can be retrieved by omitting this parameter. Following page pointers will be returned in theLinkheader.:page_size(integer()): Page Size This is the number of items per page to return. For details on pagination please head over to the pagination documentation.:page_token(String.t): Next Page Token The next page token. For details on pagination please head over to the pagination documentation.:active(boolean()): Active is a boolean flag that filters out sessions based on the state. If no value is provided, all sessions are returned.
Returns
{:ok, [%Session{}, ...]}on success{:error, Tesla.Env.t}on failure
@spec list_sessions( Tesla.Env.client(), keyword() ) :: {:ok, [Ory.Model.Session.t()]} | {:ok, Ory.Model.ErrorGeneric.t()} | {:error, Tesla.Env.t()}
List All Sessions Listing all sessions that exist.
Parameters
connection(Ory.Connection): Connection to serveropts(keyword): Optional parameters:page_size(integer()): Items per Page This is the number of items per page to return. For details on pagination please head over to the pagination documentation.:page_token(String.t): Next Page Token The next page token. For details on pagination please head over to the pagination documentation.:active(boolean()): Active is a boolean flag that filters out sessions based on the state. If no value is provided, all sessions are returned.:expand([String.t]): ExpandOptions is a query parameter encoded list of all properties that must be expanded in the Session. If no value is provided, the expandable properties are skipped.
Returns
{:ok, [%Session{}, ...]}on success{:error, Tesla.Env.t}on failure
@spec patch_identity(Tesla.Env.client(), String.t(), keyword()) :: {:ok, Ory.Model.ErrorGeneric.t()} | {:ok, Ory.Model.Identity.t()} | {:error, Tesla.Env.t()}
Patch an Identity
Partially updates an identity's field using JSON Patch. The fields id, stateChangedAt and credentials can not be updated using this method.
Parameters
connection(Ory.Connection): Connection to serverid(String.t): ID must be set to the ID of identity you want to updateopts(keyword): Optional parameters:body([Ory.Model.JsonPatch.t]):
Returns
{:ok, Ory.Model.Identity.t}on success{:error, Tesla.Env.t}on failure
@spec update_identity(Tesla.Env.client(), String.t(), keyword()) :: {:ok, Ory.Model.ErrorGeneric.t()} | {:ok, Ory.Model.Identity.t()} | {:error, Tesla.Env.t()}
Update an Identity
This endpoint updates an identity. The full identity payload, except credentials, is expected. For partial updates, use the patchIdentity operation. A credential can be provided via the credentials field in the request body. If provided, the credentials will be imported and added to the existing credentials of the identity.
Parameters
connection(Ory.Connection): Connection to serverid(String.t): ID must be set to the ID of identity you want to updateopts(keyword): Optional parameters:body(UpdateIdentityBody):
Returns
{:ok, Ory.Model.Identity.t}on success{:error, Tesla.Env.t}on failure