{"files":{"SKILL.md":"---\nname: authentication-and-identity-management\ndescription: \"Authentication and Identity Management API skill. Use when working with Authentication and Identity Management for resources. Covers 307 endpoints.\"\nversion: 1.0.0\ngenerator: lapsh\n---\n\n# Authentication and Identity Management\nAPI version: 1.0\n\n## Auth\nBearer bearer\n\n## Base URL\nhttps://api.frontegg.com/identity\n\n## Setup\n1. Set Authorization header with Bearer token\n2. GET /resources/tenants/access-tokens/v1 -- get account (tenant) access tokens\n3. POST /resources/auth/v2/api-token -- create first api-token\n\n## Endpoints\n307 endpoints across 1 group. See references/api-spec.lap for full details.\n\n### Resources\n| Method | Path | Description |\n|--------|------|-------------|\n| POST | /resources/auth/v2/api-token | Authenticate using API token |\n| POST | /resources/auth/v2/api-token/token/refresh | Refresh API token |\n| POST | /resources/tenants/access-tokens/v1 | Create account (tenant) access token |\n| GET | /resources/tenants/access-tokens/v1 | Get account (tenant) access tokens |\n| DELETE | /resources/tenants/access-tokens/v1/{id} | Delete account (tenant) access token |\n| POST | /resources/tenants/api-tokens/v1 | Create client credentials token |\n| GET | /resources/tenants/api-tokens/v1 | Get client credentials tokens |\n| DELETE | /resources/tenants/api-tokens/v1/{id} | Delete client credentials token |\n| PATCH | /resources/tenants/api-tokens/v1/{id} | Update client credentials token |\n| POST | /resources/tenants/api-tokens/v2 | Create client credentials token |\n| GET | /resources/tenants/invites/v1/user | Get account (tenant) invite of user |\n| POST | /resources/tenants/invites/v1/user | Create account (tenant) invite for user |\n| DELETE | /resources/tenants/invites/v1/user | Delete account (tenant) invite of user |\n| PATCH | /resources/tenants/invites/v1/user | Update account (tenant) invite of user |\n| POST | /resources/tenants/invites/v1/verify | Verify account (tenant) invite |\n| GET | /resources/tenants/invites/v1/configuration | Get account (tenant) invite configuration |\n| POST | /resources/tenants/invites/v2/user | Create tenant invite with roles for user |\n| POST | /resources/tenants/invites/v1 | Create account (tenant) invite |\n| GET | /resources/tenants/invites/v1/all | Get all account (tenant) invites |\n| DELETE | /resources/tenants/invites/v1/token/{id} | Delete an account (tenant) invite |\n| GET | /resources/configurations/v1/activation/strategies | Get activation strategies |\n| POST | /resources/configurations/v1/activation/strategies | Create or update activation strategy |\n| GET | /resources/configurations/v1/invitation/strategies | Get invitation strategies |\n| POST | /resources/configurations/v1/invitation/strategies | Create or update invitation strategy |\n| GET | /resources/roles/v2 | Get roles v2 |\n| POST | /resources/roles/v2 | Create a new role |\n| GET | /resources/roles/v2/distinct-levels | Get distinct levels of roles |\n| GET | /resources/roles/v2/distinct-tenants | Get distinct assigned accounts (tenants) of roles |\n| POST | /resources/approval-flows/v1 | Create approval flow |\n| GET | /resources/approval-flows/v1 | Get approval flows |\n| GET | /resources/approval-flows/v1/{id} | Get approval flow by ID |\n| PATCH | /resources/approval-flows/v1/{id} | Update approval flow |\n| DELETE | /resources/approval-flows/v1/{id} | Delete approval flow |\n| POST | /resources/approval-flows/v1/approver-action | Approver action |\n| GET | /resources/approval-flows/v1/execution-data | Get approval flow execution data |\n| POST | /resources/approval-flows/v1/{id}/execute | Execute approval flow |\n| POST | /resources/approval-flows/v1/step-up/execute | Execute step up approval flow |\n| POST | /resources/configurations/v1 | Update identity management configuration |\n| GET | /resources/configurations/v1 | Get identity management configuration |\n| POST | /resources/configurations/v1/captcha-policy | Create captcha policy |\n| PUT | /resources/configurations/v1/captcha-policy | Update captcha policy |\n| GET | /resources/configurations/v1/captcha-policy | Get captcha policy |\n| GET | /resources/configurations/v1/jwt-template-targeting | Get JWT template targeting configuration |\n| POST | /resources/configurations/v1/jwt-template-targeting | Create JWT template targeting configuration |\n| PUT | /resources/configurations/v1/jwt-template-targeting | Update or create JWT template targeting configuration |\n| PATCH | /resources/configurations/v1/jwt-template-targeting/{id} | Update JWT template targeting configuration by ID |\n| DELETE | /resources/configurations/v1/jwt-template-targeting/{id} | Delete JWT template targeting configuration by ID |\n| POST | /resources/jwt-templates/v1 | Create JWT template |\n| GET | /resources/jwt-templates/v1 | Get all JWT templates |\n| GET | /resources/jwt-templates/v1/{id} | Get JWT template by ID |\n| PUT | /resources/jwt-templates/v1/{id} | Update JWT template |\n| DELETE | /resources/jwt-templates/v1/{id} | Delete JWT template |\n| GET | /resources/configurations/v1/basic | Get identity management configuration |\n| POST | /resources/sso/custom/v1 | Create custom oauth provider |\n| GET | /resources/sso/custom/v1 | Get custom oauth provider |\n| PATCH | /resources/sso/custom/v1/{id} | Update custom oauth provider |\n| DELETE | /resources/sso/custom/v1/{id} | Delete custom oauth provider |\n| POST | /resources/migrations/v1/auth0 | Migrate from Auth0 |\n| POST | /resources/migrations/v1/local | Migrate a single user |\n| POST | /resources/migrations/v1/local/bulk | Migrate users in bulk |\n| GET | /resources/migrations/v1/local/bulk/status/{migrationId} | Check status of bulk migration |\n| POST | /resources/migrations/v2/local/bulk | Migrate vendor users in bulk |\n| GET | /resources/configurations/v1/delegation | Get delegation configuration |\n| POST | /resources/configurations/v1/delegation | Create or update delegation configuration |\n| POST | /resources/configurations/restrictions/v1/email-domain | Create domain restriction |\n| GET | /resources/configurations/restrictions/v1/email-domain | Get domain restrictions |\n| GET | /resources/configurations/restrictions/v1/email-domain/config | Get domain restrictions |\n| POST | /resources/configurations/restrictions/v1/email-domain/config | Change domain restrictions config list type and toggle it off/on |\n| DELETE | /resources/configurations/restrictions/v1/email-domain/{id} | Delete domain restriction |\n| POST | /resources/configurations/restrictions/v1/email-domain/replace-bulk | Replace bulk domain restriction |\n| POST | /resources/mail/v1/configurations | Create or update configuration |\n| GET | /resources/mail/v1/configurations | Get configuration |\n| DELETE | /resources/mail/v1/configurations | Delete configuration |\n| POST | /resources/mail/v2/configurations | Create or update configuration v2 |\n| POST | /resources/mail/v1/configs/templates | Add or update template |\n| GET | /resources/mail/v1/configs/templates | Get template |\n| DELETE | /resources/mail/v1/configs/templates/{templateId} | Delete template |\n| GET | /resources/mail/v1/configs/{type}/default | Get default template by type |\n| POST | /resources/auth/v1/user | Authenticate user with password |\n| POST | /resources/auth/v1/user/token/refresh | Refresh user JWT token |\n| POST | /resources/auth/v1/logout | Logout user |\n| POST | /resources/users/v1/signUp | Signup user |\n| POST | /resources/users/v1/signUp/username | Signup user with username |\n| POST | /resources/configurations/v1/restrictions/ip/config | Create or update IP restriction configuration (ALLOW/BLOCK) |\n| GET | /resources/configurations/v1/restrictions/ip/config | Get IP restriction configuration (ALLOW/BLOCK) |\n| GET | /resources/configurations/v1/restrictions/ip | Get all IP restrictions |\n| POST | /resources/configurations/v1/restrictions/ip | Create IP restriction |\n| POST | /resources/configurations/v1/restrictions/ip/verify | Test Current IP |\n| POST | /resources/configurations/v1/restrictions/ip/verify/allow | Test current IP is in allow list |\n| DELETE | /resources/configurations/v1/restrictions/ip/{id} | Delete IP restriction by IP |\n| POST | /resources/configurations/v1/lockout-policy | Create lockout policy |\n| PATCH | /resources/configurations/v1/lockout-policy | Update lockout policy |\n| GET | /resources/configurations/v1/lockout-policy | Get lockout policy |\n| GET | /resources/vendor-only/users/access-tokens/v1/active | Get active access tokens list |\n| GET | /resources/vendor-only/users/access-tokens/v1/{id} | Get user access token data |\n| GET | /resources/vendor-only/tenants/access-tokens/v1/{id} | Get account (tenant) access token data |\n| POST | /resources/auth/v1/user/mfa/recover | Recover MFA |\n| POST | /resources/users/v1/mfa/disable | Disable authenticator app MFA |\n| POST | /resources/users/v1/mfa/authenticator/{deviceId}/disable/verify | Disable authenticator app MFA |\n| POST | /resources/users/v1/mfa/sms/{deviceId}/disable | Pre-disable SMS MFA |\n| POST | /resources/users/v1/mfa/sms/{deviceId}/disable/verify | Disable SMS MFA |\n| POST | /resources/auth/v1/user/mfa/verify | Verify MFA using code from authenticator app |\n| POST | /resources/auth/v1/user/mfa/emailcode | Request verify MFA using email code |\n| POST | /resources/auth/v1/user/mfa/emailcode/verify | Verify MFA using email code |\n| POST | /resources/auth/v1/user/mfa/authenticator/enroll | Pre enroll MFA using Authenticator App |\n| POST | /resources/auth/v1/user/mfa/authenticator/enroll/verify | Enroll MFA using Authenticator App |\n| POST | /resources/auth/v1/user/mfa/authenticator/{deviceId}/verify | Verify MFA using authenticator app |\n| POST | /resources/auth/v1/user/mfa/sms/enroll | Pre-enroll MFA using sms |\n| POST | /resources/auth/v1/user/mfa/sms/enroll/verify | Enroll MFA using sms |\n| POST | /resources/auth/v1/user/mfa/sms/{deviceId} | Request to verify MFA using sms |\n| POST | /resources/auth/v1/user/mfa/sms/{deviceId}/verify | Verify MFA using sms |\n| POST | /resources/auth/v1/user/mfa/webauthn/enroll | Pre enroll MFA using WebAuthN |\n| POST | /resources/auth/v1/user/mfa/webauthn/enroll/verify | Enroll MFA using WebAuthN |\n| POST | /resources/auth/v1/user/mfa/webauthn/{deviceId} | Request verify MFA using WebAuthN |\n| POST | /resources/auth/v1/user/mfa/webauthn/{deviceId}/verify | Verify MFA using webauthn |\n| GET | /resources/configurations/v1/mfa-policy/allow-remember-device | Check if remember device allowed |\n| POST | /resources/users/v1/mfa/enroll | Enroll authenticator app MFA |\n| POST | /resources/users/v1/mfa/authenticator/enroll | Enroll authenticator app MFA |\n| POST | /resources/users/v1/mfa/enroll/verify | Verify authenticator app MFA enrollment |\n| POST | /resources/users/v1/mfa/authenticator/enroll/verify | Verify authenticator app MFA enrollment |\n| POST | /resources/users/v1/mfa/sms/enroll | Enroll SMS MFA |\n| POST | /resources/users/v1/mfa/sms/enroll/verify | Verify MFA enrollment |\n| POST | /resources/configurations/v1/mfa | Update MFA configuration |\n| GET | /resources/configurations/v1/mfa | Get MFA configuration |\n| POST | /resources/configurations/v1/mfa-policy | Create MFA policy |\n| PATCH | /resources/configurations/v1/mfa-policy | Update security policy |\n| PUT | /resources/configurations/v1/mfa-policy | Upsert security policy |\n| GET | /resources/configurations/v1/mfa-policy | Get security policy |\n| GET | /resources/configurations/v1/mfa/strategies | Get MFA strategies |\n| POST | /resources/configurations/v1/mfa/strategies | Create or update MFA strategy |\n| POST | /resources/configurations/v1/password | Create or update password configuration |\n| GET | /resources/configurations/v1/password | Get password policy configuration |\n| POST | /resources/configurations/v1/password-history-policy | Create password history policy |\n| PATCH | /resources/configurations/v1/password-history-policy | Update password history policy |\n| GET | /resources/configurations/v1/password-history-policy | Get password history policy |\n| POST | /resources/users/v1/passwords/reset | Reset password |\n| POST | /resources/users/v1/passwords/reset/verify | Verify password |\n| POST | /resources/users/v1/passwords/change | Change password |\n| GET | /resources/users/v1/passwords/config | Get strictest password configuration |\n| POST | /resources/users/v2/passwords/reset/email | Reset password via email |\n| POST | /resources/users/v2/passwords/reset/sms | Reset password via SMS |\n| POST | /resources/users/v2/passwords/reset/sms/verify | Verify password reset code sent via SMS |\n| GET | /resources/configurations/v1/password-rotation | Get password expiration period configuration |\n| POST | /resources/configurations/v1/password-rotation | Manage password expiration |\n| GET | /resources/configurations/v1/password-rotation/vendor | Get environment configuration for password expiration period. |\n| POST | /resources/auth/v1/passwordless/smscode/prelogin | SMS code prelogin |\n| POST | /resources/auth/v1/passwordless/smscode/postlogin | SMS code postlogin |\n| POST | /resources/auth/v1/passwordless/magiclink/prelogin | Magic link prelogin |\n| POST | /resources/auth/v1/passwordless/magiclink/postlogin | Magic link postlogin |\n| POST | /resources/auth/v1/passwordless/code/prelogin | OTC (One-Time Code) prelogin |\n| POST | /resources/auth/v1/passwordless/code/postlogin | OTC (One-Time Code) postlogin |\n| GET | /resources/permissions/v1 | Get permissions |\n| POST | /resources/permissions/v1 | Create permissions |\n| DELETE | /resources/permissions/v1/{permissionId} | Delete permission |\n| PATCH | /resources/permissions/v1/{permissionId} | Update permission |\n| PUT | /resources/permissions/v1/{permissionId}/roles | Set a permission to multiple roles |\n| PUT | /resources/permissions/v1/classification | Set permissions classification |\n| GET | /resources/permissions/v1/categories | Get permissions categories |\n| POST | /resources/permissions/v1/categories | Create category |\n| PATCH | /resources/permissions/v1/categories/{categoryId} | Update category |\n| DELETE | /resources/permissions/v1/categories/{categoryId} | Delete category |\n| POST | /resources/users/access-tokens/v1 | Create user access token |\n| GET | /resources/users/access-tokens/v1 | Get user access tokens |\n| DELETE | /resources/users/access-tokens/v1/{id} | Delete user access token by token ID |\n| POST | /resources/users/api-tokens/v1 | Create user client credentials token |\n| GET | /resources/users/api-tokens/v1 | Get user client credentials tokens |\n| DELETE | /resources/users/api-tokens/v1/{id} | Delete user client credentials token by token ID |\n| GET | /resources/roles/v1 | Get roles |\n| POST | /resources/roles/v1 | Create roles |\n| DELETE | /resources/roles/v1/{roleId} | Delete role |\n| PATCH | /resources/roles/v1/{roleId} | Update role |\n| PUT | /resources/roles/v1/{roleId}/permissions | Assign permissions to a role |\n| PUT | /resources/roles/v1/{roleId}/tenant | Update role tenant |\n| GET | /resources/users/phone-numbers/v1 | Get all phone numbers |\n| POST | /resources/users/phone-numbers/v1 | Set phone number for a user |\n| POST | /resources/users/phone-numbers/v1/preverify | Pre-verify user's phone number |\n| POST | /resources/users/phone-numbers/v1/verify | Verify creation of phone number for user |\n| DELETE | /resources/users/phone-numbers/v1/{id} | Delete user's phone number |\n| POST | /resources/users/phone-numbers/v1/{id}/delete/verify | Verify delete user's phone number |\n| GET | /resources/users/phone-numbers/v1/me | Get current user's phone numbers |\n| GET | /resources/users/phone-numbers/v2 | Get all phone numbers v2 |\n| POST | /resources/configurations/v1/sms | Creates or updates a vendor SMS config |\n| DELETE | /resources/configurations/v1/sms | Deletes a vendor SMS config |\n| GET | /resources/configurations/v1/sms | Gets a vendor SMS config |\n| GET | /resources/configurations/v1/sms/templates | Gets vendor SMS templates |\n| GET | /resources/configurations/v1/sms/templates/{type} | Gets vendor SMS template by type |\n| DELETE | /resources/configurations/v1/sms/templates/{type} | Deletes vendor SMS template by type |\n| POST | /resources/configurations/v1/sms/templates/{type} | Create or update a vendor SMS template |\n| GET | /resources/configurations/v1/sms/templates/{type}/default | Gets vendor default SMS template by type |\n| GET | /resources/configurations/v1/sms/templates/default/all | Gets all vendor default SMS templates |\n| GET | /resources/configurations/sessions/v1/vendor | Get environment session configuration |\n| GET | /resources/configurations/sessions/v1 | Get account (tenant) or vendor default session configuration |\n| POST | /resources/configurations/sessions/v1 | Create or update account (tenant) or vendor default session configuration |\n| GET | /resources/configurations/v1/user-emails-policy | Get user emails policy |\n| POST | /resources/configurations/v1/user-emails-policy | Create or update user emails policy |\n| GET | /resources/groups/v1 | Get all groups |\n| POST | /resources/groups/v1 | Create group |\n| POST | /resources/groups/v1/bulkGet | Get groups by Ids |\n| PATCH | /resources/groups/v1/{id} | Update group |\n| DELETE | /resources/groups/v1/{id} | Delete group |\n| GET | /resources/groups/v1/{id} | Get group by ID |\n| GET | /resources/groups/v1/config | Get groups configuration |\n| POST | /resources/groups/v1/config | Create or update groups configuration |\n| POST | /resources/groups/v1/{groupId}/roles | Add roles to group |\n| DELETE | /resources/groups/v1/{groupId}/roles | Remove roles from group |\n| POST | /resources/groups/v1/{groupId}/users | Add users to group |\n| DELETE | /resources/groups/v1/{groupId}/users | Remove users from group |\n| GET | /resources/groups/v2 | Get all groups paginated |\n| POST | /resources/tenants/users/v1/{userId}/disable | Disable user account (tenant) |\n| POST | /resources/tenants/users/v1/{userId}/enable | Enable user account (tenant) |\n| PUT | /resources/users/temporary/v1/{userId} | Sets a permanent user to temporary |\n| DELETE | /resources/users/temporary/v1/{userId} | Sets a temporary user to permanent |\n| GET | /resources/users/temporary/v1/configuration | Gets temporary users configuration |\n| PUT | /resources/users/temporary/v1/configuration | Set temporary users configuration |\n| GET | /resources/users/emails/v1 | Get all user emails |\n| POST | /resources/users/emails/v1 | Create a user email |\n| POST | /resources/users/emails/v1/verify | Verify user email |\n| DELETE | /resources/users/emails/v1/{emailId} | Delete a user email |\n| POST | /resources/users/emails/v1/vendor/{userId} | Create a user email for vendor |\n| DELETE | /resources/users/emails/v1/vendor/{userId}/{emailId} | Delete a user email for vendor |\n| POST | /resources/users/emails/v1/vendor/{userId}/primary | Mark email as primary for vendor |\n| POST | /resources/users/emails/v1/me/primary | Mark email as primary |\n| GET | /resources/users/emails/v1/me | Get current user`s emails |\n| PUT | /resources/sub-tenants/users/v1/{userId}/access | Set sub-account access for a user |\n| POST | /resources/users/v1/activate/reset | Reset user activation token |\n| POST | /resources/users/v1/invitation/reset | Reset invitation |\n| POST | /resources/users/v1/invitation/reset/all | Reset all invitation tokens |\n| GET | /resources/users/v3 | Get users |\n| GET | /resources/users/v3/roles | Get users roles |\n| GET | /resources/users/v3/groups | Get users groups |\n| POST | /resources/users/v3/me/unlock | Unlock user |\n| POST | /resources/users/v2 | Invite user |\n| PUT | /resources/users/v2/me | Update user profile |\n| GET | /resources/users/v2/me | Get user profile |\n| POST | /resources/users/v1 | Create user |\n| PUT | /resources/users/v1 | Update user |\n| DELETE | /resources/users/v1/{userId} | Remove user |\n| PUT | /resources/users/v1/{userId} | Update user (global) |\n| POST | /resources/users/v1/{userId}/roles | Assign roles to user |\n| DELETE | /resources/users/v1/{userId}/roles | Unassign roles from user |\n| PUT | /resources/users/v1/tenant | Update user's active account (tenant) |\n| GET | /resources/users/v1/query/phrase | Get users with fuzzy search |\n| GET | /resources/usernames/v1 | Get usernames for users |\n| POST | /resources/usernames/v1 | Create a username for user |\n| DELETE | /resources/usernames/v1/{username} | Delete a username for user |\n| GET | /resources/usernames/v1/me | Get authenticated user's username |\n| POST | /resources/users/v1/email/me | Update user email |\n| POST | /resources/users/v1/email/me/verify | Verify user email |\n| POST | /resources/users/v1/activate | Activate user |\n| POST | /resources/users/v1/activate/code | Activate user with code |\n| GET | /resources/users/v1/activate/strategy | Get user activation strategy |\n| POST | /resources/users/v1/invitation/accept | Accept invitation |\n| POST | /resources/users/v1/invitation/accept/code | Accept invitation with code |\n| GET | /resources/users/v3/me | Get user profile |\n| GET | /resources/users/v2/me/tenants | Get user accounts (tenants) |\n| GET | /resources/users/v2/me/hierarchy | Get user accounts (tenants) hierarchy |\n| GET | /resources/users/v1/me/authorization | Get user permissions and roles |\n| GET | /resources/users/v1/me/tenants | Get user accounts (tenants) |\n| GET | /resources/user-sources/v1 | Get vendor user sources |\n| GET | /resources/user-sources/v1/{id} | Get vendor user source |\n| DELETE | /resources/user-sources/v1/{id} | Delete user source |\n| POST | /resources/user-sources/v1/external/auth0 | Create Auth0 external user source |\n| POST | /resources/user-sources/v1/external/cognito | Create Cognito external user source |\n| POST | /resources/user-sources/v1/external/firebase | Create Firebase external user source |\n| POST | /resources/user-sources/v1/external/custom-code | Create Custom-Code external user source |\n| POST | /resources/user-sources/v1/federation | Create Federation user source |\n| PUT | /resources/user-sources/v1/external/auth0/{id} | Update Auth0 external user source |\n| PUT | /resources/user-sources/v1/external/cognito/{id} | Update Cognito external user source |\n| PUT | /resources/user-sources/v1/external/firebase/{id} | Update Firebase external user source |\n| PUT | /resources/user-sources/v1/external/custom-code/{id} | Update Custom-Code external user source |\n| PUT | /resources/user-sources/v1/federation/{id} | Update Federation user source |\n| POST | /resources/user-sources/v1/assign | Assign applications to a user source |\n| POST | /resources/user-sources/v1/unassign | Unassign applications from a user source |\n| GET | /resources/user-sources/v1/{id}/users | Get user source users |\n| GET | /resources/users/sessions/v1/me | Get user's active sessions |\n| DELETE | /resources/users/sessions/v1/me/all | Delete all user sessions |\n| DELETE | /resources/users/sessions/v1/me/{id} | Delete single user's session |\n| GET | /resources/vendor-only/users/v1/{userId} | Get user |\n| POST | /resources/vendor-only/users/v1/{userId}/mfa/unenroll | Unenroll user from MFA globally |\n| POST | /resources/vendor-only/users/v1/passwords/verify | Verify user's password |\n| POST | /resources/vendor-only/users/v1 | Create user |\n| GET | /resources/tenants/users/v1/statuses | Get users account (tenant) statuses |\n| POST | /resources/users/phone-numbers/v1/vendor/{userId} | Create user phone number verified by default |\n| DELETE | /resources/users/phone-numbers/v1/vendor/{userId}/{phoneId} | Delete user phone number on an environment |\n| POST | /resources/users/bulk/v1/invite | Invite users to an account (tenant) in bulk |\n| GET | /resources/users/bulk/v1/status/{id} | Get status of bulk invite task |\n| PATCH | /resources/vendor-only/users/v1/{userId}/roles/bulk | Bulk update user roles across all tenants |\n| GET | /resources/vendor-only/users/v1/bulk-roles/status/{taskId} | Get status of bulk roles update task |\n| GET | /resources/users/v1/email | Get user by email |\n| GET | /resources/users/v1/{id} | Get user by ID |\n| POST | /resources/users/v1/{userId}/verify | Verify user |\n| PUT | /resources/users/v1/{userId}/invisible | Make user invisible |\n| PUT | /resources/users/v1/{userId}/superuser | Make user super-user |\n| PUT | /resources/users/v1/{userId}/tenant | Set user's account (tenant) |\n| POST | /resources/users/v1/{userId}/tenant | Add user to account (tenant) |\n| PUT | /resources/users/v1/{userId}/email | Update user email |\n| POST | /resources/users/v1/{userId}/links/generate-activation-token | Generate activation token |\n| POST | /resources/users/v1/{userId}/links/generate-password-reset-token | Generate password reset token |\n| POST | /resources/users/v1/{userId}/unlock | Unlock user |\n| POST | /resources/users/v1/{userId}/lock | Lock user |\n| PUT | /resources/users/v1/tenants/migrate | Move all users from one account (tenant) to another |\n| GET | /resources/applications/v1/{appId}/users | Get users for application |\n| GET | /resources/applications/v1/{userId}/apps | Get applications for user |\n| POST | /resources/applications/v1 | Assign users to application |\n| DELETE | /resources/applications/v1 | Unassign users from application |\n| GET | /resources/applications/user-tenants/active/v1 | Get user active accounts (tenants) in applications |\n| PUT | /resources/applications/user-tenants/active/v1 | Switch users active account (tenant) in applications |\n\n## Common Questions\nMatch user requests to endpoints in references/api-spec.lap. Key patterns:\n- \"Create a api-token?\" -> POST /resources/auth/v2/api-token\n- \"Create a refresh?\" -> POST /resources/auth/v2/api-token/token/refresh\n- \"Create a access-token?\" -> POST /resources/tenants/access-tokens/v1\n- \"List all access-tokens?\" -> GET /resources/tenants/access-tokens/v1\n- \"Delete a access-token?\" -> DELETE /resources/tenants/access-tokens/v1/{id}\n- \"List all api-tokens?\" -> GET /resources/tenants/api-tokens/v1\n- \"Delete a api-token?\" -> DELETE /resources/tenants/api-tokens/v1/{id}\n- \"Partially update a api-token?\" -> PATCH /resources/tenants/api-tokens/v1/{id}\n- \"List all user?\" -> GET /resources/tenants/invites/v1/user\n- \"Create a user?\" -> POST /resources/tenants/invites/v1/user\n- \"Create a verify?\" -> POST /resources/tenants/invites/v1/verify\n- \"List all configuration?\" -> GET /resources/tenants/invites/v1/configuration\n- \"Create a invite?\" -> POST /resources/tenants/invites/v1\n- \"List all all?\" -> GET /resources/tenants/invites/v1/all\n- \"Delete a token?\" -> DELETE /resources/tenants/invites/v1/token/{id}\n- \"List all strategies?\" -> GET /resources/configurations/v1/activation/strategies\n- \"Create a strategy?\" -> POST /resources/configurations/v1/activation/strategies\n- \"List all roles?\" -> GET /resources/roles/v2\n- \"Create a role?\" -> POST /resources/roles/v2\n- \"List all distinct-levels?\" -> GET /resources/roles/v2/distinct-levels\n- \"List all distinct-tenants?\" -> GET /resources/roles/v2/distinct-tenants\n- \"Create a approval-flow?\" -> POST /resources/approval-flows/v1\n- \"List all approval-flows?\" -> GET /resources/approval-flows/v1\n- \"Get approval-flow details?\" -> GET /resources/approval-flows/v1/{id}\n- \"Partially update a approval-flow?\" -> PATCH /resources/approval-flows/v1/{id}\n- \"Delete a approval-flow?\" -> DELETE /resources/approval-flows/v1/{id}\n- \"Create a approver-action?\" -> POST /resources/approval-flows/v1/approver-action\n- \"List all execution-data?\" -> GET /resources/approval-flows/v1/execution-data\n- \"Create a execute?\" -> POST /resources/approval-flows/v1/{id}/execute\n- \"Create a configuration?\" -> POST /resources/configurations/v1\n- \"List all configurations?\" -> GET /resources/configurations/v1\n- \"Create a captcha-policy?\" -> POST /resources/configurations/v1/captcha-policy\n- \"List all captcha-policy?\" -> GET /resources/configurations/v1/captcha-policy\n- \"List all jwt-template-targeting?\" -> GET /resources/configurations/v1/jwt-template-targeting\n- \"Create a jwt-template-targeting?\" -> POST /resources/configurations/v1/jwt-template-targeting\n- \"Partially update a jwt-template-targeting?\" -> PATCH /resources/configurations/v1/jwt-template-targeting/{id}\n- \"Delete a jwt-template-targeting?\" -> DELETE /resources/configurations/v1/jwt-template-targeting/{id}\n- \"Create a jwt-template?\" -> POST /resources/jwt-templates/v1\n- \"List all jwt-templates?\" -> GET /resources/jwt-templates/v1\n- \"Get jwt-template details?\" -> GET /resources/jwt-templates/v1/{id}\n- \"Update a jwt-template?\" -> PUT /resources/jwt-templates/v1/{id}\n- \"Delete a jwt-template?\" -> DELETE /resources/jwt-templates/v1/{id}\n- \"List all basic?\" -> GET /resources/configurations/v1/basic\n- \"Create a custom?\" -> POST /resources/sso/custom/v1\n- \"List all custom?\" -> GET /resources/sso/custom/v1\n- \"Partially update a custom?\" -> PATCH /resources/sso/custom/v1/{id}\n- \"Delete a custom?\" -> DELETE /resources/sso/custom/v1/{id}\n- \"Create a auth0?\" -> POST /resources/migrations/v1/auth0\n- \"Create a local?\" -> POST /resources/migrations/v1/local\n- \"Create a bulk?\" -> POST /resources/migrations/v1/local/bulk\n- \"Get status details?\" -> GET /resources/migrations/v1/local/bulk/status/{migrationId}\n- \"List all delegation?\" -> GET /resources/configurations/v1/delegation\n- \"Create a delegation?\" -> POST /resources/configurations/v1/delegation\n- \"Create a email-domain?\" -> POST /resources/configurations/restrictions/v1/email-domain\n- \"List all email-domain?\" -> GET /resources/configurations/restrictions/v1/email-domain\n- \"List all config?\" -> GET /resources/configurations/restrictions/v1/email-domain/config\n- \"Create a config?\" -> POST /resources/configurations/restrictions/v1/email-domain/config\n- \"Delete a email-domain?\" -> DELETE /resources/configurations/restrictions/v1/email-domain/{id}\n- \"Create a replace-bulk?\" -> POST /resources/configurations/restrictions/v1/email-domain/replace-bulk\n- \"Create a template?\" -> POST /resources/mail/v1/configs/templates\n- \"List all templates?\" -> GET /resources/mail/v1/configs/templates\n- \"Delete a template?\" -> DELETE /resources/mail/v1/configs/templates/{templateId}\n- \"List all default?\" -> GET /resources/mail/v1/configs/{type}/default\n- \"Create a logout?\" -> POST /resources/auth/v1/logout\n- \"Create a signUp?\" -> POST /resources/users/v1/signUp\n- \"Create a username?\" -> POST /resources/users/v1/signUp/username\n- \"List all ip?\" -> GET /resources/configurations/v1/restrictions/ip\n- \"Create a ip?\" -> POST /resources/configurations/v1/restrictions/ip\n- \"Create a allow?\" -> POST /resources/configurations/v1/restrictions/ip/verify/allow\n- \"Delete a ip?\" -> DELETE /resources/configurations/v1/restrictions/ip/{id}\n- \"Create a lockout-policy?\" -> POST /resources/configurations/v1/lockout-policy\n- \"List all lockout-policy?\" -> GET /resources/configurations/v1/lockout-policy\n- \"List all active?\" -> GET /resources/vendor-only/users/access-tokens/v1/active\n- \"Get access-token details?\" -> GET /resources/vendor-only/users/access-tokens/v1/{id}\n- \"Create a recover?\" -> POST /resources/auth/v1/user/mfa/recover\n- \"Create a disable?\" -> POST /resources/users/v1/mfa/disable\n- \"Create a emailcode?\" -> POST /resources/auth/v1/user/mfa/emailcode\n- \"Create a enroll?\" -> POST /resources/auth/v1/user/mfa/authenticator/enroll\n- \"List all allow-remember-device?\" -> GET /resources/configurations/v1/mfa-policy/allow-remember-device\n- \"Create a mfa?\" -> POST /resources/configurations/v1/mfa\n- \"List all mfa?\" -> GET /resources/configurations/v1/mfa\n- \"Create a mfa-policy?\" -> POST /resources/configurations/v1/mfa-policy\n- \"List all mfa-policy?\" -> GET /resources/configurations/v1/mfa-policy\n- \"Create a password?\" -> POST /resources/configurations/v1/password\n- \"List all password?\" -> GET /resources/configurations/v1/password\n- \"Create a password-history-policy?\" -> POST /resources/configurations/v1/password-history-policy\n- \"List all password-history-policy?\" -> GET /resources/configurations/v1/password-history-policy\n- \"Create a reset?\" -> POST /resources/users/v1/passwords/reset\n- \"Create a change?\" -> POST /resources/users/v1/passwords/change\n- \"Create a email?\" -> POST /resources/users/v2/passwords/reset/email\n- \"Create a sm?\" -> POST /resources/users/v2/passwords/reset/sms\n- \"List all password-rotation?\" -> GET /resources/configurations/v1/password-rotation\n- \"Create a password-rotation?\" -> POST /resources/configurations/v1/password-rotation\n- \"List all vendor?\" -> GET /resources/configurations/v1/password-rotation/vendor\n- \"Create a prelogin?\" -> POST /resources/auth/v1/passwordless/smscode/prelogin\n- \"Create a postlogin?\" -> POST /resources/auth/v1/passwordless/smscode/postlogin\n- \"List all permissions?\" -> GET /resources/permissions/v1\n- \"Create a permission?\" -> POST /resources/permissions/v1\n- \"Delete a permission?\" -> DELETE /resources/permissions/v1/{permissionId}\n- \"Partially update a permission?\" -> PATCH /resources/permissions/v1/{permissionId}\n- \"List all categories?\" -> GET /resources/permissions/v1/categories\n- \"Create a category?\" -> POST /resources/permissions/v1/categories\n- \"Partially update a category?\" -> PATCH /resources/permissions/v1/categories/{categoryId}\n- \"Delete a category?\" -> DELETE /resources/permissions/v1/categories/{categoryId}\n- \"Delete a role?\" -> DELETE /resources/roles/v1/{roleId}\n- \"Partially update a role?\" -> PATCH /resources/roles/v1/{roleId}\n- \"List all phone-numbers?\" -> GET /resources/users/phone-numbers/v1\n- \"Create a phone-number?\" -> POST /resources/users/phone-numbers/v1\n- \"Create a preverify?\" -> POST /resources/users/phone-numbers/v1/preverify\n- \"Delete a phone-number?\" -> DELETE /resources/users/phone-numbers/v1/{id}\n- \"List all me?\" -> GET /resources/users/phone-numbers/v1/me\n- \"List all sms?\" -> GET /resources/configurations/v1/sms\n- \"Get template details?\" -> GET /resources/configurations/v1/sms/templates/{type}\n- \"List all sessions?\" -> GET /resources/configurations/sessions/v1\n- \"Create a session?\" -> POST /resources/configurations/sessions/v1\n- \"List all user-emails-policy?\" -> GET /resources/configurations/v1/user-emails-policy\n- \"Create a user-emails-policy?\" -> POST /resources/configurations/v1/user-emails-policy\n- \"List all groups?\" -> GET /resources/groups/v1\n- \"Create a group?\" -> POST /resources/groups/v1\n- \"Create a bulkGet?\" -> POST /resources/groups/v1/bulkGet\n- \"Partially update a group?\" -> PATCH /resources/groups/v1/{id}\n- \"Delete a group?\" -> DELETE /resources/groups/v1/{id}\n- \"Get group details?\" -> GET /resources/groups/v1/{id}\n- \"Create a enable?\" -> POST /resources/tenants/users/v1/{userId}/enable\n- \"Update a temporary?\" -> PUT /resources/users/temporary/v1/{userId}\n- \"Delete a temporary?\" -> DELETE /resources/users/temporary/v1/{userId}\n- \"List all emails?\" -> GET /resources/users/emails/v1\n- \"Delete a email?\" -> DELETE /resources/users/emails/v1/{emailId}\n- \"Delete a vendor?\" -> DELETE /resources/users/emails/v1/vendor/{userId}/{emailId}\n- \"Create a primary?\" -> POST /resources/users/emails/v1/vendor/{userId}/primary\n- \"Create a all?\" -> POST /resources/users/v1/invitation/reset/all\n- \"List all users?\" -> GET /resources/users/v3\n- \"Create a unlock?\" -> POST /resources/users/v3/me/unlock\n- \"Delete a user?\" -> DELETE /resources/users/v1/{userId}\n- \"Update a user?\" -> PUT /resources/users/v1/{userId}\n- \"List all phrase?\" -> GET /resources/users/v1/query/phrase\n- \"List all usernames?\" -> GET /resources/usernames/v1\n- \"Delete a username?\" -> DELETE /resources/usernames/v1/{username}\n- \"Create a me?\" -> POST /resources/users/v1/email/me\n- \"Create a activate?\" -> POST /resources/users/v1/activate\n- \"Create a code?\" -> POST /resources/users/v1/activate/code\n- \"List all strategy?\" -> GET /resources/users/v1/activate/strategy\n- \"Create a accept?\" -> POST /resources/users/v1/invitation/accept\n- \"List all tenants?\" -> GET /resources/users/v2/me/tenants\n- \"List all hierarchy?\" -> GET /resources/users/v2/me/hierarchy\n- \"List all authorization?\" -> GET /resources/users/v1/me/authorization\n- \"List all user-sources?\" -> GET /resources/user-sources/v1\n- \"Get user-source details?\" -> GET /resources/user-sources/v1/{id}\n- \"Delete a user-source?\" -> DELETE /resources/user-sources/v1/{id}\n- \"Create a cognito?\" -> POST /resources/user-sources/v1/external/cognito\n- \"Create a firebase?\" -> POST /resources/user-sources/v1/external/firebase\n- \"Create a custom-code?\" -> POST /resources/user-sources/v1/external/custom-code\n- \"Create a federation?\" -> POST /resources/user-sources/v1/federation\n- \"Update a auth0?\" -> PUT /resources/user-sources/v1/external/auth0/{id}\n- \"Update a cognito?\" -> PUT /resources/user-sources/v1/external/cognito/{id}\n- \"Update a firebase?\" -> PUT /resources/user-sources/v1/external/firebase/{id}\n- \"Update a custom-code?\" -> PUT /resources/user-sources/v1/external/custom-code/{id}\n- \"Update a federation?\" -> PUT /resources/user-sources/v1/federation/{id}\n- \"Create a assign?\" -> POST /resources/user-sources/v1/assign\n- \"Create a unassign?\" -> POST /resources/user-sources/v1/unassign\n- \"Delete a me?\" -> DELETE /resources/users/sessions/v1/me/{id}\n- \"Get user details?\" -> GET /resources/vendor-only/users/v1/{userId}\n- \"Create a unenroll?\" -> POST /resources/vendor-only/users/v1/{userId}/mfa/unenroll\n- \"List all statuses?\" -> GET /resources/tenants/users/v1/statuses\n- \"List all email?\" -> GET /resources/users/v1/email\n- \"Create a tenant?\" -> POST /resources/users/v1/{userId}/tenant\n- \"Create a generate-activation-token?\" -> POST /resources/users/v1/{userId}/links/generate-activation-token\n- \"Create a generate-password-reset-token?\" -> POST /resources/users/v1/{userId}/links/generate-password-reset-token\n- \"Create a lock?\" -> POST /resources/users/v1/{userId}/lock\n- \"List all apps?\" -> GET /resources/applications/v1/{userId}/apps\n- \"Create a application?\" -> POST /resources/applications/v1\n- \"How to authenticate?\" -> See Auth section above\n\n## Response Tips\n- Check response schemas in references/api-spec.lap for field details\n- Create/update endpoints return the modified resource on success\n- Error responses include status codes and descriptions in the spec\n\n## References\n- Full spec: See references/api-spec.lap for complete endpoint details, parameter tables, and response schemas\n\n> Generated from the official API spec by [LAP](https://lap.sh)\n","references/api-spec.lap":"@lap v0.3\n# Machine-readable API spec. Each @endpoint block is one API call.\n@api Authentication and Identity Management\n@base https://api.frontegg.com/identity\n@auth Bearer bearer\n@endpoints 305\n@hint download_for_search\n@toc resources(305)\n\n@endpoint POST /resources/auth/v2/api-token\n@desc Authenticate using API token\n@required {clientId: str, secret: str}\n@returns(200) {access_token: str, refresh_token: str, expires_in: num, expires: str}\n\n@endpoint POST /resources/auth/v2/api-token/token/refresh\n@desc Refresh API token\n@required {refreshToken: str}\n@returns(200) {access_token: str, refresh_token: str, expires_in: num, expires: str}\n\n@endpoint POST /resources/tenants/access-tokens/v1\n@desc Create account (tenant) access token\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier}\n@optional {description: str, expiresInMinutes: num # Token expiration time in minutes. In case of undefined, the token won't be expired, roleIds: [str] # Array of role IDs to attach to the token}\n@returns(201) {id: str, description: str, createdAt: str(date-time), secret: str, expires: str(date-time), roleIds: [str], createdByUserId: str?}\n\n@endpoint GET /resources/tenants/access-tokens/v1\n@desc Get account (tenant) access tokens\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier}\n@returns(200) {accessTokens: [map]}\n\n@endpoint DELETE /resources/tenants/access-tokens/v1/{id}\n@desc Delete account (tenant) access token\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, id: str}\n@returns(200)\n\n@endpoint POST /resources/tenants/api-tokens/v1\n@desc Create client credentials token\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier}\n@optional {metadata: map # Extra data that will be encoded as part of the JWT, description: str, roleIds: [str] # Array of role Ids. Either this or permissionIds must be provided, but not both., permissionIds: [str] # Array of permission Ids. Either this or roleIds must be provided, but not both. roleIds will override permissionIds., expiresInMinutes: num # Token expiration time in minutes. In case of undefined, the token won't be expired}\n@returns(201) {clientId: str, description: str?, tenantId: str, secret: str, createdByUserId: str?, metadata: map, createdAt: str(date-time), permissionIds: [str], roleIds: [str], expires: str(date-time)}\n\n@endpoint GET /resources/tenants/api-tokens/v1\n@desc Get client credentials tokens\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier}\n@returns(200)\n\n@endpoint DELETE /resources/tenants/api-tokens/v1/{id}\n@desc Delete client credentials token\n@required {id: str, frontegg-tenant-id: str # The account (tenant) ID identifier}\n@returns(200)\n\n@endpoint PATCH /resources/tenants/api-tokens/v1/{id}\n@desc Update client credentials token\n@required {id: str, frontegg-tenant-id: str # The account (tenant) ID identifier}\n@optional {metadata: map # Extra data that will be encoded as part of the JWT, description: str, roleIds: [str] # Array of role Ids, permissionIds: [str] # Array of permission Ids}\n@returns(200) {clientId: str, description: str?, tenantId: str, createdByUserId: str?, metadata: map, createdAt: str(date-time), permissionIds: [str], roleIds: [str], expires: str(date-time)}\n\n@endpoint POST /resources/tenants/api-tokens/v2\n@desc Create client credentials token\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier}\n@optional {metadata: map # Extra data that will be encoded as part of the JWT, description: str, roleIds: [str] # Array of role Ids. Either this or permissionIds must be provided, but not both., permissionIds: [str] # Array of permission Ids. Either this or roleIds must be provided, but not both. roleIds will override permissionIds., expiresInMinutes: num # Token expiration time in minutes. In case of undefined, the token won't be expired}\n@returns(201) {clientId: str, description: str?, tenantId: str, secret: str, createdByUserId: str?, metadata: map, createdAt: str(date-time), permissionIds: [str], roleIds: [str], expires: str(date-time)}\n\n@endpoint GET /resources/tenants/invites/v1/user\n@desc Get account (tenant) invite of user\n@required {frontegg-user-id: str # The user ID identifier, frontegg-tenant-id: str # The account (tenant) ID identifier}\n@returns(200) {id: str, vendorId: str, tenantId: str, userId: str, token: str, expires: str(date-time), shouldSendEmail: bool, name: str, roleIds: [str]}\n\n@endpoint POST /resources/tenants/invites/v1/user\n@desc Create account (tenant) invite for user\n@required {frontegg-user-id: str # The user ID identifier, frontegg-tenant-id: str # The account (tenant) ID identifier, expiresInMinutes: num, shouldSendEmail: bool}\n@returns(201) {id: str, vendorId: str, tenantId: str, userId: str, token: str, expires: str(date-time), shouldSendEmail: bool, name: str, roleIds: [str]}\n\n@endpoint DELETE /resources/tenants/invites/v1/user\n@desc Delete account (tenant) invite of user\n@required {frontegg-user-id: str # The user ID identifier, frontegg-tenant-id: str # The account (tenant) ID identifier}\n@returns(200)\n\n@endpoint PATCH /resources/tenants/invites/v1/user\n@desc Update account (tenant) invite of user\n@required {frontegg-user-id: str # The user ID identifier, frontegg-tenant-id: str # The account (tenant) ID identifier}\n@optional {expiresInMinutes: num, shouldSendEmail: bool}\n@returns(200) {id: str, vendorId: str, tenantId: str, userId: str, token: str, expires: str(date-time), shouldSendEmail: bool, name: str, roleIds: [str]}\n\n@endpoint POST /resources/tenants/invites/v1/verify\n@desc Verify account (tenant) invite\n@required {token: str}\n@returns(200) {id: str, vendorId: str, tenantId: str, userId: str, token: str, expires: str(date-time), shouldSendEmail: bool, name: str, roleIds: [str]}\n\n@endpoint GET /resources/tenants/invites/v1/configuration\n@desc Get account (tenant) invite configuration\n@returns(200) {tenantInvitationsAllowed: bool, emailsEnabled: bool}\n\n@endpoint POST /resources/tenants/invites/v2/user\n@desc Create tenant invite with roles for user\n@required {expiresInMinutes: num, shouldSendEmail: bool, roleIds: [str] # Array of role IDs to assign to invited users}\n@optional {frontegg-tenant-id: str # The tenant identifier. Required for requests to api.frontegg.com (or your region) when using a management token. Parsed from the token when using user or API tokens, frontegg-user-id: str # The user identifier. Required for requests to api.frontegg.com (or your region) when using a management token. Parsed from the token when using user or API tokens}\n@returns(200)\n@returns(201) {id: str, vendorId: str, tenantId: str, userId: str, token: str, expires: str(date-time), shouldSendEmail: bool, name: str, roleIds: [str]}\n\n@endpoint POST /resources/tenants/invites/v1\n@desc Create account (tenant) invite\n@required {tenantId: str}\n@optional {userId: str, expiresInMinutes: num, shouldSendEmail: bool, roleIds: [str] # Array of role IDs to assign to invited users}\n@returns(201) {id: str, vendorId: str, tenantId: str, userId: str, token: str, expires: str(date-time), shouldSendEmail: bool, name: str, roleIds: [str]}\n\n@endpoint GET /resources/tenants/invites/v1/all\n@desc Get all account (tenant) invites\n@returns(200)\n\n@endpoint DELETE /resources/tenants/invites/v1/token/{id}\n@desc Delete an account (tenant) invite\n@required {id: str}\n@returns(200)\n\n@endpoint GET /resources/configurations/v1/activation/strategies\n@desc Get activation strategies\n@returns(200) {strategy: str, codeExpiration: num} # Retrieve the current account activation strategies configured in your environment.\n\n@endpoint POST /resources/configurations/v1/activation/strategies\n@desc Create or update activation strategy\n@required {strategy: str(code/link)}\n@optional {codeExpiration: num}\n@returns(200) Create a new activation strategy or update the existing activation strategy for your environment.\n\n@endpoint GET /resources/configurations/v1/invitation/strategies\n@desc Get invitation strategies\n@returns(200) {strategy: str, codeExpiration: num} # Retrieve the current invitation strategies configured in your environment.\n\n@endpoint POST /resources/configurations/v1/invitation/strategies\n@desc Create or update invitation strategy\n@optional {codeExpiration: num}\n@returns(200) Create a new invitation strategy or update the existing invitation strategy for your environment.\n\n@endpoint GET /resources/roles/v2\n@desc Get roles v2\n@required {_sortBy: str(key/name/description/isDefault/firstUserRole/level/updatedAt/createdAt/permissions/userTenants/groups)}\n@optional {_limit: num=50, _levels: [num], _tenantIds: [str], _offset: num=0 # The page number to retrieve. For example, use 0 for the first page, 1 for the second page., _order: str(ASC/DESC), _filter: str, frontegg-tenant-id: str # For relating a role to a specific account (tenant), use `get accounts (tenants)` API to find the account (tenant) Ids}\n@returns(200)\n\n@endpoint POST /resources/roles/v2\n@desc Create a new role\n@required {key: str, name: str, baseRoleId: str # Role level of the new role will be based on this parameter, permissionIds: [str]}\n@optional {frontegg-tenant-id: str # For relating a role to a specific account (tenant), use `get accounts (tenants)` API to find the account (tenant) Ids, description: str, isDefault: bool # This role will be assigned for every user that will be added without specified roles}\n@returns(200) {id: str, vendorId: str, tenantId: str, key: str, name: str, description: str, isDefault: bool, permissions: [str]}\n\n@endpoint GET /resources/roles/v2/distinct-levels\n@desc Get distinct levels of roles\n@optional {frontegg-tenant-id: str # For relating a role to a specific account (tenant), use `get accounts (tenants)` API to find the account (tenant) Ids}\n@returns(200)\n\n@endpoint GET /resources/roles/v2/distinct-tenants\n@desc Get distinct assigned accounts (tenants) of roles\n@returns(200)\n\n@endpoint POST /resources/approval-flows/v1\n@desc Create approval flow\n@required {name: str, channels: map{email!: bool, sms!: bool}, configuration: map{autoApproveInMinutes: num, reminderIntervalMinutes: num, notifyOnDecisions: bool, timeoutMinutes: num, webhookUrl: str}, steps: [map{approverSelectors!: map, configuration!: map, stepOrder!: num}]}\n@optional {description: str, isActive: bool}\n@returns(200) {id: str, vendorId: str, tenantId: str, name: str, description: str, isActive: bool, channels: map, configuration: map{autoApproveInMinutes: num, reminderIntervalMinutes: num, notifyOnDecisions: bool, logging: bool, timeoutMinutes: num, webhookUrl: str}, steps: [map], createdAt: str(date-time), updatedAt: str(date-time)}\n@returns(201) {id: str, vendorId: str, tenantId: str, name: str, description: str, isActive: bool, channels: map, configuration: map{autoApproveInMinutes: num, reminderIntervalMinutes: num, notifyOnDecisions: bool, logging: bool, timeoutMinutes: num, webhookUrl: str}, steps: [map], createdAt: str(date-time), updatedAt: str(date-time)}\n\n@endpoint GET /resources/approval-flows/v1\n@desc Get approval flows\n@returns(200) {items: [map], total: num}\n\n@endpoint GET /resources/approval-flows/v1/{id}\n@desc Get approval flow by ID\n@required {id: str}\n@returns(200) {id: str, vendorId: str, tenantId: str, name: str, description: str, isActive: bool, channels: map, configuration: map{autoApproveInMinutes: num, reminderIntervalMinutes: num, notifyOnDecisions: bool, logging: bool, timeoutMinutes: num, webhookUrl: str}, steps: [map], createdAt: str(date-time), updatedAt: str(date-time)}\n\n@endpoint PATCH /resources/approval-flows/v1/{id}\n@desc Update approval flow\n@required {id: str}\n@optional {name: str, description: str, isActive: bool, channels: map{email!: bool, sms!: bool}, configuration: map{autoApproveInMinutes: num, reminderIntervalMinutes: num, notifyOnDecisions: bool, timeoutMinutes: num, webhookUrl: str}, steps: [map{approverSelectors!: map, configuration!: map, stepOrder!: num}]}\n@returns(200) {id: str, vendorId: str, tenantId: str, name: str, description: str, isActive: bool, channels: map, configuration: map{autoApproveInMinutes: num, reminderIntervalMinutes: num, notifyOnDecisions: bool, logging: bool, timeoutMinutes: num, webhookUrl: str}, steps: [map], createdAt: str(date-time), updatedAt: str(date-time)}\n\n@endpoint DELETE /resources/approval-flows/v1/{id}\n@desc Delete approval flow\n@required {id: str}\n@returns(200)\n@returns(204)\n\n@endpoint POST /resources/approval-flows/v1/approver-action\n@desc Approver action\n@required {approved: bool, approvalFlowExecutionId: str, approverId: str, approvalFlowStepId: str}\n@returns(200)\n\n@endpoint GET /resources/approval-flows/v1/execution-data\n@desc Get approval flow execution data\n@required {approvalFlowExecutionId: str, approverId: str, approvalFlowStepId: str}\n@returns(200) {approvalFlowName: str, approvalFlowDescription: str, requester: str, approvalFlowRequestDate: str(date-time), executionData: map}\n\n@endpoint POST /resources/approval-flows/v1/{id}/execute\n@desc Execute approval flow\n@required {id: str, frontegg-user-id: str # The user ID}\n@optional {frontegg-tenant-id: str # The tenant identifier. Required for requests to api.frontegg.com (or your region) when using a management token. Parsed from the token when using user or API tokens, executionData: map, webhookUrl: str}\n@returns(200)\n\n@endpoint POST /resources/approval-flows/v1/step-up/execute\n@desc Execute step up approval flow\n@required {frontegg-user-id: str # The user ID}\n@optional {frontegg-tenant-id: str # The tenant identifier. Required for requests to api.frontegg.com (or your region) when using a management token. Parsed from the token when using user or API tokens, executionData: map, webhookUrl: str}\n@returns(200)\n\n@endpoint POST /resources/configurations/v1\n@desc Update identity management configuration\n@optional {defaultTokenExpiration: num, defaultRefreshTokenExpiration: num, cookieSameSite: str(STRICT/LAX/NONE), machineToMachineAuthStrategy: str(ClientCredentials/AccessToken), allowSignups: bool, apiTokensEnabled: bool, allowOverridePasswordComplexity: bool, allowOverridePasswordExpiration: bool, allowOverrideEnforcePasswordHistory: bool, jwtAlgorithm: str(HS256/RS256), allowNotVerifiedUsersLogin: bool, forcePermissions: bool, addSamlAttributesToJwt: bool, authStrategy: str(Code/EmailAndPassword/MagicLink/NoLocalAuthentication/SmsCode), defaultPasswordlessTokenExpiration: num, forceSameDeviceOnAuth: bool, allowTenantInvitations: bool, rotateRefreshTokens: bool, skipTenantValidation: bool, addRolesToJwt: bool, addPermissionsToJwt: bool, allowCustomLoginTenantSwitch: bool}\n@returns(201) {id: str, defaultTokenExpiration: num, defaultRefreshTokenExpiration: num, publicKey: str, cookieSameSite: str, allowSignups: bool, apiTokensEnabled: bool, allowOverridePasswordComplexity: bool, allowOverridePasswordExpiration: bool, allowOverrideEnforcePasswordHistory: bool, jwtAlgorithm: str, jwtSecret: str, allowNotVerifiedUsersLogin: bool, forcePermissions: bool, authStrategy: str, defaultPasswordlessTokenExpiration: num, forceSameDeviceOnAuth: bool, allowTenantInvitations: bool, rotateRefreshTokens: bool, machineToMachineAuthStrategy: str, addRolesToJwt: bool, addPermissionsToJwt: bool, refreshTokensRotationLimit: num, addSamlAttributesToJwt: bool, allowCustomLoginTenantSwitch: bool}\n\n@endpoint GET /resources/configurations/v1\n@desc Get identity management configuration\n@returns(200) {id: str, defaultTokenExpiration: num, defaultRefreshTokenExpiration: num, publicKey: str, cookieSameSite: str, allowSignups: bool, apiTokensEnabled: bool, allowOverridePasswordComplexity: bool, allowOverridePasswordExpiration: bool, allowOverrideEnforcePasswordHistory: bool, jwtAlgorithm: str, jwtSecret: str, allowNotVerifiedUsersLogin: bool, forcePermissions: bool, authStrategy: str, defaultPasswordlessTokenExpiration: num, forceSameDeviceOnAuth: bool, allowTenantInvitations: bool, rotateRefreshTokens: bool, machineToMachineAuthStrategy: str, addRolesToJwt: bool, addPermissionsToJwt: bool, refreshTokensRotationLimit: num, addSamlAttributesToJwt: bool, allowCustomLoginTenantSwitch: bool}\n\n@endpoint POST /resources/configurations/v1/captcha-policy\n@desc Create captcha policy\n@required {enabled: bool, siteKey: str, secretKey: str, minScore: num}\n@optional {ignoredEmails: [str] # Captcha validation will be skipped for those emails.}\n@returns(201) {id: str, siteKey: str, secretKey: str, enabled: bool, minScore: num, ignoredEmails: [str], createdAt: str(date-time), updatedAt: str(date-time)}\n\n@endpoint PUT /resources/configurations/v1/captcha-policy\n@desc Update captcha policy\n@required {enabled: bool, siteKey: str, secretKey: str, minScore: num}\n@optional {ignoredEmails: [str] # Captcha validation will be skipped for those emails.}\n@returns(200) {id: str, siteKey: str, secretKey: str, enabled: bool, minScore: num, ignoredEmails: [str], createdAt: str(date-time), updatedAt: str(date-time)}\n\n@endpoint GET /resources/configurations/v1/captcha-policy\n@desc Get captcha policy\n@returns(200) {id: str, siteKey: str, secretKey: str, enabled: bool, minScore: num, ignoredEmails: [str], createdAt: str(date-time), updatedAt: str(date-time)}\n\n@endpoint GET /resources/configurations/v1/jwt-template-targeting\n@desc Get JWT template targeting configuration\n@returns(200) {id: str, createdAt: str(date-time), updatedAt: str(date-time), targeting: map}\n\n@endpoint POST /resources/configurations/v1/jwt-template-targeting\n@desc Create JWT template targeting configuration\n@optional {rules: [map{conditionLogic!: str, conditions!: [map], treatment!: str}]}\n@returns(201) {id: str, createdAt: str(date-time), updatedAt: str(date-time), targeting: map}\n\n@endpoint PUT /resources/configurations/v1/jwt-template-targeting\n@desc Update or create JWT template targeting configuration\n@optional {rules: [map{conditionLogic!: str, conditions!: [map], treatment!: str}]}\n@returns(200)\n\n@endpoint PATCH /resources/configurations/v1/jwt-template-targeting/{id}\n@desc Update JWT template targeting configuration by ID\n@required {id: str}\n@optional {rules: [map{conditionLogic!: str, conditions!: [map], treatment!: str}]}\n@returns(200)\n\n@endpoint DELETE /resources/configurations/v1/jwt-template-targeting/{id}\n@desc Delete JWT template targeting configuration by ID\n@required {id: str}\n@returns(200)\n\n@endpoint POST /resources/jwt-templates/v1\n@desc Create JWT template\n@required {key: str # Unique key for the template, name: str # Name of the template, expiration: num # Token expiration time in seconds, algorithm: str(RS256/HS256) # JWT signing algorithm, templateSchema: any # JWT template schema}\n@optional {description: str # Description of the template}\n@returns(201) {id: str, vendorId: str, key: str, name: str, description: str?, expiration: num, algorithm: str, templateSchema: any, createdAt: str(date-time), updatedAt: str(date-time)}\n\n@endpoint GET /resources/jwt-templates/v1\n@desc Get all JWT templates\n@optional {keys: [str] # Filter by template keys, ids: [str] # Filter by template IDs, _limit: num # Maximum number of items to return, _offset: num # The page number to retrieve. For example, use 0 for the first page, 1 for the second page., _sortBy: str(id/key/name/createdAt/updatedAt) # Field to sort by, _order: str(ASC/DESC) # Sort order}\n@returns(200)\n\n@endpoint GET /resources/jwt-templates/v1/{id}\n@desc Get JWT template by ID\n@required {id: str}\n@returns(200) {id: str, vendorId: str, key: str, name: str, description: str?, expiration: num, algorithm: str, templateSchema: any, createdAt: str(date-time), updatedAt: str(date-time)}\n\n@endpoint PUT /resources/jwt-templates/v1/{id}\n@desc Update JWT template\n@required {id: str}\n@optional {key: str # Unique key for the template, name: str # Name of the template, description: str # Description of the template, expiration: num # Token expiration time in seconds, algorithm: str(RS256/HS256) # JWT signing algorithm, templateSchema: any # JWT template schema}\n@returns(200) {id: str, vendorId: str, key: str, name: str, description: str?, expiration: num, algorithm: str, templateSchema: any, createdAt: str(date-time), updatedAt: str(date-time)}\n\n@endpoint DELETE /resources/jwt-templates/v1/{id}\n@desc Delete JWT template\n@required {id: str}\n@returns(204)\n\n@endpoint GET /resources/configurations/v1/basic\n@desc Get identity management configuration\n@returns(200) {forcePermissions: bool, machineToMachineAuthStrategy: str}\n\n@endpoint POST /resources/sso/custom/v1\n@desc Create custom oauth provider\n@required {type: str, clientId: str, secret: str, redirectUrl: str, authorizationUrl: str, tokenUrl: str, userInfoUrl: str, scopes: str, ssoLogoUrl: str, displayName: str, active: bool}\n@returns(200)\n\n@endpoint GET /resources/sso/custom/v1\n@desc Get custom oauth provider\n@returns(200)\n\n@endpoint PATCH /resources/sso/custom/v1/{id}\n@desc Update custom oauth provider\n@required {id: str}\n@optional {type: str, clientId: str, secret: str, redirectUrl: str, authorizationUrl: str, tokenUrl: str, userInfoUrl: str, scopes: str, ssoLogoUrl: str, displayName: str, active: bool}\n@returns(200)\n\n@endpoint DELETE /resources/sso/custom/v1/{id}\n@desc Delete custom oauth provider\n@required {id: str}\n@returns(200)\n\n@endpoint POST /resources/migrations/v1/auth0\n@desc Migrate from Auth0\n@required {domain: str, clientId: str, secret: str, tenantIdFieldName: str # The field name that the tenant ID will be taken from under app metadata}\n@optional {isTenantIdOnUserMetadata: bool # If you would like to take tenant ID from user metadata, set this field to true}\n@returns(201)\n\n@endpoint POST /resources/migrations/v1/local\n@desc Migrate a single user\n@required {tenantId: str # The tenant id of the user, email: str # The email of the user. If not provided, the username is required}\n@optional {name: str # The name of the user, profilePictureUrl: str # The profile picture url of the user, passwordHash: str # The password hash. For SCrypt should include the salt and key seperated by the salt separator, passwordHashType: str(bcrypt/scrypt/firebase-scrypt/pbkdf2/argon2/sha256/sha1), passwordHashConfig: str # Stringified JSON Hashing config for the migrated password. For SCrypt should be formatted as { saltSeparator, N, r, p, keyLen }. For FirebaseScrypt should be formatted as { memCost, rounds, saltSeparator, signerKey }, authenticatorAppMfaSecret: str # The authenticator app MFA secret, phoneNumber: str # phoneNumber can be used both for login with SMS and for MFA This auto-enrolls the user in MFA, prompting them at first login (regardless of tenant/vendor MFA settings). The required format is an area code + number, no spaces. For example: \"+16037184056\" The number must be unique, phoneNumberType: str(auth/mfa), provider: str(local/saml/google/github/facebook/microsoft/scim2/slack/apple)=local, metadata: str # Stringified JSON object, roleIds: [str]= # Role ids of the migrated users. If not provided, the user will be assigned the default roles, vendorMetadata: str # Extra vendor-only data. stringified JSON object, externalId: str # The external id of the user, username: str # The username of the user. If not provided, the email is required. Maximum length is 255 characters., verifyUser: bool=false # Whether to verify the user as part of the migration process. If this is set to false, another call is required for the verify user API}\n@returns(201) {id: str, email: str, name: str, profilePictureUrl: str, sub: str, verified: bool, mfaEnrolled: bool, mfaBypass: bool, phoneNumber: str, roles: [map], permissions: [map], provider: str, tenantId: str, tenantIds: [str], activatedForTenant: bool, isLocked: bool, tenants: [map], invisible: bool, superUser: bool, metadata: str, vendorMetadata: str, externalId: str, createdAt: str(date-time), lastLogin: str(date-time), groups: [map], subAccountAccessAllowed: bool, managedBy: str}\n\n@endpoint POST /resources/migrations/v1/local/bulk\n@desc Migrate users in bulk\n@required {users: [map{tenantId!: str, name: str, profilePictureUrl: str, passwordHash: str, passwordHashType: str, passwordHashConfig: str, authenticatorAppMfaSecret: str, phoneNumber: str, phoneNumberType: str, provider: str, metadata: str, roleIds: [str], vendorMetadata: str, externalId: str, username: str, email!: str, verifyUser: bool}]}\n@returns(202) {migrationId: str}\n\n@endpoint GET /resources/migrations/v1/local/bulk/status/{migrationId}\n@desc Check status of bulk migration\n@required {migrationId: str}\n@returns(200)\n\n@endpoint POST /resources/migrations/v2/local/bulk\n@desc Migrate vendor users in bulk\n@required {users: [map{tenantId!: str, name: str, profilePictureUrl: str, passwordHash: str, passwordHashType: str, passwordHashConfig: str, authenticatorAppMfaSecret: str, phoneNumber: str, phoneNumberType: str, provider: str, metadata: str, roleIds: [str], vendorMetadata: str, externalId: str, username: str, emails: [map]}]}\n@returns(202) {migrationId: str}\n\n@endpoint GET /resources/configurations/v1/delegation\n@desc Get delegation configuration\n@returns(200) {enabled: bool}\n\n@endpoint POST /resources/configurations/v1/delegation\n@desc Create or update delegation configuration\n@optional {enabled: bool # Used to enable or disable delegation for access tokens created using Token Exchange.}\n@returns(200)\n\n@endpoint POST /resources/configurations/restrictions/v1/email-domain\n@desc Create domain restriction\n@required {domain: str, type: str(ALLOW/BLOCK)}\n@returns(201) {id: str, domain: str, type: str}\n\n@endpoint GET /resources/configurations/restrictions/v1/email-domain\n@desc Get domain restrictions\n@returns(200)\n\n@endpoint GET /resources/configurations/restrictions/v1/email-domain/config\n@desc Get domain restrictions\n@returns(200) {active: bool, listType: str, blockPublicDomains: bool}\n\n@endpoint POST /resources/configurations/restrictions/v1/email-domain/config\n@desc Change domain restrictions config list type and toggle it off/on\n@required {active: bool}\n@optional {blockPublicDomains: bool, type: str(ALLOW/BLOCK)}\n@returns(201) {active: bool, listType: str, blockPublicDomains: bool}\n\n@endpoint DELETE /resources/configurations/restrictions/v1/email-domain/{id}\n@desc Delete domain restriction\n@required {id: str}\n@returns(200)\n\n@endpoint POST /resources/configurations/restrictions/v1/email-domain/replace-bulk\n@desc Replace bulk domain restriction\n@required {type: str(ALLOW/BLOCK), domains: [str]}\n@returns(201)\n\n@endpoint POST /resources/mail/v1/configurations\n@desc Create or update configuration\n@required {secret: str}\n@returns(200)\n@returns(201)\n\n@endpoint GET /resources/mail/v1/configurations\n@desc Get configuration\n@returns(200) {secret: str, createdAt: str(date-time), updatedAt: str(date-time), extension: [map], provider: str}\n\n@endpoint DELETE /resources/mail/v1/configurations\n@desc Delete configuration\n@returns(200)\n\n@endpoint POST /resources/mail/v2/configurations\n@desc Create or update configuration v2\n@optional {payload: any}\n@returns(201)\n\n@endpoint POST /resources/mail/v1/configs/templates\n@desc Add or update template\n@required {type: str(ResetPassword/ActivateUser/InviteToTenant/PwnedPassword/MagicLink/OTC/ConnectNewDevice/UserUsedInvitation/ResetPhoneNumber/BulkInvitesToTenant/MFAEnroll/MFAUnenroll/NewMFAMethod/MFARecoveryCode/RemoveMFAMethod/EmailVerification/BruteForceProtection/SuspiciousIP/MFAOTC/ImpossibleTravel/BotDetection/SmsAuthenticationEnabled/UnlockUser/UnlockUserSuccess/ActivateUserWithCode/InviteToTenantWithCode/VerifyNewEmail/EmailAddressChanged/ApprovalFlowApprove)}\n@optional {senderEmail: str, subject: str, fromName: str, redirectURL: str # Only required for: ResetPassword, ActivateUser, InviteToTenant, MagicLink, BulkInvitesToTenant, htmlTemplate: str, successRedirectUrl: str, active: bool}\n@returns(201)\n\n@endpoint GET /resources/mail/v1/configs/templates\n@desc Get template\n@optional {type: str(ResetPassword/ActivateUser/InviteToTenant/PwnedPassword/MagicLink/OTC/ConnectNewDevice/UserUsedInvitation/ResetPhoneNumber/BulkInvitesToTenant/MFAEnroll/MFAUnenroll/NewMFAMethod/MFARecoveryCode/RemoveMFAMethod/EmailVerification/BruteForceProtection/SuspiciousIP/MFAOTC/ImpossibleTravel/BotDetection/SmsAuthenticationEnabled/UnlockUser/UnlockUserSuccess/ActivateUserWithCode/InviteToTenantWithCode/VerifyNewEmail/EmailAddressChanged/ApprovalFlowApprove)}\n@returns(200)\n\n@endpoint DELETE /resources/mail/v1/configs/templates/{templateId}\n@desc Delete template\n@required {templateId: str}\n@returns(200)\n\n@endpoint GET /resources/mail/v1/configs/{type}/default\n@desc Get default template by type\n@required {type: str(ResetPassword/ActivateUser/InviteToTenant/PwnedPassword/MagicLink/OTC/ConnectNewDevice/UserUsedInvitation/ResetPhoneNumber/BulkInvitesToTenant/MFAEnroll/MFAUnenroll/NewMFAMethod/MFARecoveryCode/RemoveMFAMethod/EmailVerification/BruteForceProtection/SuspiciousIP/MFAOTC/ImpossibleTravel/BotDetection/SmsAuthenticationEnabled/UnlockUser/UnlockUserSuccess/ActivateUserWithCode/InviteToTenantWithCode/VerifyNewEmail/EmailAddressChanged/ApprovalFlowApprove) # The email template type}\n@returns(200) {htmlTemplate: str, senderEmail: str, redirectURL: str, successRedirectUrl: str, subject: str, fromName: str, active: bool, type: map, redirectURLPattern: str, successRedirectUrlPattern: str}\n\n@endpoint POST /resources/auth/v1/user\n@desc Authenticate user with password\n@required {password: str}\n@optional {frontegg-vendor-host: str # The vendor host domain, email: str, username: str # Username. Either email or username must be provided., recaptchaToken: str, invitationToken: str}\n@returns(200) {tokenType: str, otcToken: str, mfaRequired: bool, mfaToken: str, resetPasswordToken: str, passwordExpiresIn: num, notificationPeriod: num, mfaEnrolled: bool, mfaDevices: map{webauthn: [map], phones: [map], authenticators: [map], emails: [map]}, mfaStrategies: map, qrCode: str, recoveryCode: str, accessToken: str, refreshToken: str, expiresIn: num, expires: str, userId: str, userEmail: str, emailVerified: bool, isBreachedPassword: bool}\n\n@endpoint POST /resources/auth/v1/user/token/refresh\n@desc Refresh user JWT token\n@required {frontegg-vendor-host: str}\n@returns(201) {tokenType: str, otcToken: str, mfaRequired: bool, mfaToken: str, resetPasswordToken: str, passwordExpiresIn: num, notificationPeriod: num, mfaEnrolled: bool, mfaDevices: map{webauthn: [map], phones: [map], authenticators: [map], emails: [map]}, mfaStrategies: map, qrCode: str, recoveryCode: str, accessToken: str, refreshToken: str, expiresIn: num, expires: str, userId: str, userEmail: str, emailVerified: bool, isBreachedPassword: bool}\n\n@endpoint POST /resources/auth/v1/logout\n@desc Logout user\n@required {frontegg-vendor-host: str}\n@returns(201)\n\n@endpoint POST /resources/users/v1/signUp\n@desc Signup user\n@required {frontegg-vendor-host: str, frontegg-application-id: str # The application id, provider: str(local/saml/google/github/facebook/microsoft/scim2/slack/apple), email: str, companyName: str}\n@optional {metadata: str # Stringified JSON object. Use the JSON.stringify() method., username: str, name: str, profilePictureUrl: str, password: str, skipInviteEmail: bool, roleIds: [str], emailMetadata: map, recaptchaToken: str, invitationToken: str, phoneNumber: str}\n@returns(200)\n@returns(201) {provider: str, metadata: str, email: str, username: str, name: str, profilePictureUrl: str, password: str, skipInviteEmail: bool, roleIds: [str], emailMetadata: map, companyName: str, recaptchaToken: str, invitationToken: str, phoneNumber: str}\n\n@endpoint POST /resources/users/v1/signUp/username\n@desc Signup user with username\n@required {frontegg-vendor-host: str, frontegg-application-id: str # The application ID, provider: str(local/saml/google/github/facebook/microsoft/scim2/slack/apple), username: str, companyName: str}\n@optional {metadata: str # Stringified JSON object. Use the JSON.stringify() method., name: str, profilePictureUrl: str, password: str, skipInviteEmail: bool, roleIds: [str], emailMetadata: map, recaptchaToken: str, invitationToken: str, email: str, phoneNumber: str}\n@returns(200)\n@returns(201) {shouldActivate: bool, userId: str, tenantId: str, authResponse: map{tokenType: str, otcToken: str, mfaRequired: bool, mfaToken: str, resetPasswordToken: str, passwordExpiresIn: num, notificationPeriod: num, mfaEnrolled: bool, mfaDevices: map{webauthn: [map], phones: [map], authenticators: [map], emails: [map]}, mfaStrategies: map, qrCode: str, recoveryCode: str, accessToken: str, refreshToken: str, expiresIn: num, expires: str, userId: str, userEmail: str, emailVerified: bool, isBreachedPassword: bool}, activationToken: str}\n\n@endpoint POST /resources/configurations/v1/restrictions/ip/config\n@desc Create or update IP restriction configuration (ALLOW/BLOCK)\n@optional {frontegg-tenant-id: str # The tenant identifier. Required for requests to api.frontegg.com (or your region) when using a management token. Parsed from the token when using user or API tokens, strategy: str(ALLOW/BLOCK), isActive: bool}\n@returns(201)\n\n@endpoint GET /resources/configurations/v1/restrictions/ip/config\n@desc Get IP restriction configuration (ALLOW/BLOCK)\n@optional {frontegg-tenant-id: str # The tenant identifier. Required for requests to api.frontegg.com (or your region) when using a management token. Parsed from the token when using user or API tokens}\n@returns(200)\n\n@endpoint GET /resources/configurations/v1/restrictions/ip\n@desc Get all IP restrictions\n@optional {_limit: num, _offset: num # The page number to retrieve. For example, use 0 for the first page, 1 for the second page., _filter: str, frontegg-tenant-id: str # The tenant identifier. Required for requests to api.frontegg.com (or your region) when using a management token. Parsed from the token when using user or API tokens}\n@returns(200)\n\n@endpoint POST /resources/configurations/v1/restrictions/ip\n@desc Create IP restriction\n@required {ip: str # IP or CIDR (v4 and v6 are supported), strategy: str(ALLOW/BLOCK)}\n@optional {frontegg-tenant-id: str # The tenant identifier. Required for requests to api.frontegg.com (or your region) when using a management token. Parsed from the token when using user or API tokens, description: str, isActive: bool}\n@returns(201)\n\n@endpoint POST /resources/configurations/v1/restrictions/ip/verify\n@desc Test Current IP\n@optional {frontegg-tenant-id: str # The tenant identifier. Required for requests to api.frontegg.com (or your region) when using a management token. Parsed from the token when using user or API tokens}\n@returns(201)\n\n@endpoint POST /resources/configurations/v1/restrictions/ip/verify/allow\n@desc Test current IP is in allow list\n@optional {frontegg-tenant-id: str # The tenant identifier. Required for requests to api.frontegg.com (or your region) when using a management token. Parsed from the token when using user or API tokens}\n@returns(201)\n\n@endpoint DELETE /resources/configurations/v1/restrictions/ip/{id}\n@desc Delete IP restriction by IP\n@required {id: str}\n@optional {frontegg-tenant-id: str # The tenant identifier. Required for requests to api.frontegg.com (or your region) when using a management token. Parsed from the token when using user or API tokens}\n@returns(200)\n\n@endpoint POST /resources/configurations/v1/lockout-policy\n@desc Create lockout policy\n@required {enabled: bool # Determine whether the Lockout Policy is enabled, maxAttempts: num # The number of the maximum login attempts user can do}\n@optional {frontegg-tenant-id: str # The account (tenant) ID identifier}\n@returns(201) {id: str, enabled: bool, maxAttempts: num, createdAt: str(date-time), updatedAt: str(date-time)}\n@errors {409: Lockout Policy already exists}\n\n@endpoint PATCH /resources/configurations/v1/lockout-policy\n@desc Update lockout policy\n@required {enabled: bool # Determine whether the Lockout Policy is enabled, maxAttempts: num # The number of the maximum login attempts user can do}\n@optional {frontegg-tenant-id: str # The account (tenant) ID identifier}\n@returns(200) {id: str, enabled: bool, maxAttempts: num, createdAt: str(date-time), updatedAt: str(date-time)}\n@errors {404: Lockout Policy not found. Try to use the Create Lockout Policy API}\n\n@endpoint GET /resources/configurations/v1/lockout-policy\n@desc Get lockout policy\n@optional {frontegg-tenant-id: str # The account (tenant) ID identifier}\n@returns(200) {id: str, enabled: bool, maxAttempts: num, createdAt: str(date-time), updatedAt: str(date-time)}\n@errors {404: Lockout policy is not defined}\n\n@endpoint GET /resources/vendor-only/users/access-tokens/v1/active\n@desc Get active access tokens list\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier}\n@returns(200)\n\n@endpoint GET /resources/vendor-only/users/access-tokens/v1/{id}\n@desc Get user access token data\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, id: str}\n@returns(200) {userId: str, id: str, tenantId: str, permissions: [str], roles: [str], expires: str(date-time)}\n\n@endpoint GET /resources/vendor-only/tenants/access-tokens/v1/{id}\n@desc Get account (tenant) access token data\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, id: str}\n@returns(200) {id: str, tenantId: str, permissions: [str], roles: [str], expires: str(date-time)}\n\n@endpoint POST /resources/auth/v1/user/mfa/recover\n@desc Recover MFA\n@required {recoveryCode: str, email: str}\n@returns(200)\n\n@endpoint POST /resources/users/v1/mfa/disable\n@desc Disable authenticator app MFA\n@required {frontegg-user-id: str # The user ID identifier}\n@optional {token: str}\n@returns(200)\n\n@endpoint POST /resources/users/v1/mfa/authenticator/{deviceId}/disable/verify\n@desc Disable authenticator app MFA\n@required {deviceId: str, frontegg-user-id: str # The user ID identifier}\n@optional {token: str}\n@returns(200)\n\n@endpoint POST /resources/users/v1/mfa/sms/{deviceId}/disable\n@desc Pre-disable SMS MFA\n@required {deviceId: str, frontegg-user-id: str # The user ID identifier, frontegg-tenant-id: str # The account (tenant) ID identifier}\n@returns(200)\n\n@endpoint POST /resources/users/v1/mfa/sms/{deviceId}/disable/verify\n@desc Disable SMS MFA\n@required {deviceId: str, frontegg-user-id: str # The user ID identifier, otcToken: str, code: str}\n@returns(200)\n\n@endpoint POST /resources/auth/v1/user/mfa/verify\n@desc Verify MFA using code from authenticator app\n@required {value: str, mfaToken: str}\n@optional {rememberDevice: bool}\n@returns(201)\n\n@endpoint POST /resources/auth/v1/user/mfa/emailcode\n@desc Request verify MFA using email code\n@required {mfaToken: str}\n@returns(201)\n\n@endpoint POST /resources/auth/v1/user/mfa/emailcode/verify\n@desc Verify MFA using email code\n@required {otcToken: str, code: str, mfaToken: str}\n@optional {rememberDevice: bool}\n@returns(201) {tokenType: str, otcToken: str, mfaRequired: bool, mfaToken: str, resetPasswordToken: str, passwordExpiresIn: num, notificationPeriod: num, mfaEnrolled: bool, mfaDevices: map{webauthn: [map], phones: [map], authenticators: [map], emails: [map]}, mfaStrategies: map, qrCode: str, recoveryCode: str, accessToken: str, refreshToken: str, expiresIn: num, expires: str, userId: str, userEmail: str, emailVerified: bool, isBreachedPassword: bool}\n\n@endpoint POST /resources/auth/v1/user/mfa/authenticator/enroll\n@desc Pre enroll MFA using Authenticator App\n@required {mfaToken: str}\n@returns(201) {qrCode: str}\n\n@endpoint POST /resources/auth/v1/user/mfa/authenticator/enroll/verify\n@desc Enroll MFA using Authenticator App\n@required {token: str, mfaToken: str}\n@optional {rememberDevice: bool}\n@returns(201) {tokenType: str, otcToken: str, mfaRequired: bool, mfaToken: str, resetPasswordToken: str, passwordExpiresIn: num, notificationPeriod: num, mfaEnrolled: bool, mfaDevices: map{webauthn: [map], phones: [map], authenticators: [map], emails: [map]}, mfaStrategies: map, qrCode: str, recoveryCode: str, accessToken: str, refreshToken: str, expiresIn: num, expires: str, userId: str, userEmail: str, emailVerified: bool, isBreachedPassword: bool}\n\n@endpoint POST /resources/auth/v1/user/mfa/authenticator/{deviceId}/verify\n@desc Verify MFA using authenticator app\n@required {deviceId: str, value: str, mfaToken: str}\n@optional {rememberDevice: bool}\n@returns(201) {tokenType: str, otcToken: str, mfaRequired: bool, mfaToken: str, resetPasswordToken: str, passwordExpiresIn: num, notificationPeriod: num, mfaEnrolled: bool, mfaDevices: map{webauthn: [map], phones: [map], authenticators: [map], emails: [map]}, mfaStrategies: map, qrCode: str, recoveryCode: str, accessToken: str, refreshToken: str, expiresIn: num, expires: str, userId: str, userEmail: str, emailVerified: bool, isBreachedPassword: bool}\n\n@endpoint POST /resources/auth/v1/user/mfa/sms/enroll\n@desc Pre-enroll MFA using sms\n@required {phoneNumber: str}\n@returns(201)\n\n@endpoint POST /resources/auth/v1/user/mfa/sms/enroll/verify\n@desc Enroll MFA using sms\n@required {otcToken: str, code: str}\n@returns(201) {tokenType: str, otcToken: str, mfaRequired: bool, mfaToken: str, resetPasswordToken: str, passwordExpiresIn: num, notificationPeriod: num, mfaEnrolled: bool, mfaDevices: map{webauthn: [map], phones: [map], authenticators: [map], emails: [map]}, mfaStrategies: map, qrCode: str, recoveryCode: str, accessToken: str, refreshToken: str, expiresIn: num, expires: str, userId: str, userEmail: str, emailVerified: bool, isBreachedPassword: bool}\n\n@endpoint POST /resources/auth/v1/user/mfa/sms/{deviceId}\n@desc Request to verify MFA using sms\n@required {deviceId: str, mfaToken: str}\n@returns(201)\n\n@endpoint POST /resources/auth/v1/user/mfa/sms/{deviceId}/verify\n@desc Verify MFA using sms\n@required {deviceId: str, otcToken: str, code: str, mfaToken: str}\n@optional {rememberDevice: bool}\n@returns(201) {tokenType: str, otcToken: str, mfaRequired: bool, mfaToken: str, resetPasswordToken: str, passwordExpiresIn: num, notificationPeriod: num, mfaEnrolled: bool, mfaDevices: map{webauthn: [map], phones: [map], authenticators: [map], emails: [map]}, mfaStrategies: map, qrCode: str, recoveryCode: str, accessToken: str, refreshToken: str, expiresIn: num, expires: str, userId: str, userEmail: str, emailVerified: bool, isBreachedPassword: bool}\n\n@endpoint POST /resources/auth/v1/user/mfa/webauthn/enroll\n@desc Pre enroll MFA using WebAuthN\n@required {mfaToken: str}\n@returns(201) {options: map}\n\n@endpoint POST /resources/auth/v1/user/mfa/webauthn/enroll/verify\n@desc Enroll MFA using WebAuthN\n@required {deviceType: str(Platform/CrossPlatform), webauthnToken: str, options: map{id!: str, response!: map, deviceType: str}, mfaToken: str}\n@optional {rememberDevice: bool}\n@returns(201) {tokenType: str, otcToken: str, mfaRequired: bool, mfaToken: str, resetPasswordToken: str, passwordExpiresIn: num, notificationPeriod: num, mfaEnrolled: bool, mfaDevices: map{webauthn: [map], phones: [map], authenticators: [map], emails: [map]}, mfaStrategies: map, qrCode: str, recoveryCode: str, accessToken: str, refreshToken: str, expiresIn: num, expires: str, userId: str, userEmail: str, emailVerified: bool, isBreachedPassword: bool}\n\n@endpoint POST /resources/auth/v1/user/mfa/webauthn/{deviceId}\n@desc Request verify MFA using WebAuthN\n@required {deviceId: str, mfaToken: str}\n@returns(201)\n\n@endpoint POST /resources/auth/v1/user/mfa/webauthn/{deviceId}/verify\n@desc Verify MFA using webauthn\n@required {deviceId: str, webauthnToken: str, options: map{id!: str, response!: map, recaptchaToken: str, invitationToken: str}, mfaToken: str}\n@optional {rememberDevice: bool}\n@returns(201) {tokenType: str, otcToken: str, mfaRequired: bool, mfaToken: str, resetPasswordToken: str, passwordExpiresIn: num, notificationPeriod: num, mfaEnrolled: bool, mfaDevices: map{webauthn: [map], phones: [map], authenticators: [map], emails: [map]}, mfaStrategies: map, qrCode: str, recoveryCode: str, accessToken: str, refreshToken: str, expiresIn: num, expires: str, userId: str, userEmail: str, emailVerified: bool, isBreachedPassword: bool}\n\n@endpoint GET /resources/configurations/v1/mfa-policy/allow-remember-device\n@desc Check if remember device allowed\n@required {mfaToken: str # MFA token from the response body of the first factor authentication}\n@optional {frontegg-tenant-id: str # The account (tenant) ID identifier}\n@returns(200)\n\n@endpoint POST /resources/users/v1/mfa/enroll\n@desc Enroll authenticator app MFA\n@required {frontegg-user-id: str # The user ID identifier}\n@returns(200) {qrCode: str}\n\n@endpoint POST /resources/users/v1/mfa/authenticator/enroll\n@desc Enroll authenticator app MFA\n@required {frontegg-user-id: str # The user ID identifier}\n@returns(200) {qrCode: str}\n\n@endpoint POST /resources/users/v1/mfa/enroll/verify\n@desc Verify authenticator app MFA enrollment\n@required {frontegg-user-id: str # The user ID identifier, token: str}\n@returns(200) {recoveryCode: str}\n\n@endpoint POST /resources/users/v1/mfa/authenticator/enroll/verify\n@desc Verify authenticator app MFA enrollment\n@required {frontegg-user-id: str # The user ID identifier, token: str}\n@returns(200) {recoveryCode: str}\n\n@endpoint POST /resources/users/v1/mfa/sms/enroll\n@desc Enroll SMS MFA\n@required {frontegg-user-id: str # The user ID identifier, phoneNumber: str}\n@returns(200)\n\n@endpoint POST /resources/users/v1/mfa/sms/enroll/verify\n@desc Verify MFA enrollment\n@required {frontegg-user-id: str # The user ID identifier, otcToken: str, code: str}\n@returns(200)\n\n@endpoint POST /resources/configurations/v1/mfa\n@desc Update MFA configuration\n@optional {authenticationApp: map{active!: bool, serviceName!: str}, sms: map{active!: bool, tokenLifetimeSeconds!: num}, email: map{active!: bool, tokenLifetimeSeconds!: num, sender!: str}}\n@returns(201) {authenticationApp: map{active: bool, serviceName: str}, sms: map{active: bool, tokenLifetimeSeconds: num}, email: map{active: bool, tokenLifetimeSeconds: num, sender: str}}\n\n@endpoint GET /resources/configurations/v1/mfa\n@desc Get MFA configuration\n@returns(200) {authenticationApp: map{active: bool, serviceName: str}, sms: map{active: bool, tokenLifetimeSeconds: num}, email: map{active: bool, tokenLifetimeSeconds: num, sender: str}}\n\n@endpoint POST /resources/configurations/v1/mfa-policy\n@desc Create MFA policy\n@optional {frontegg-tenant-id: str # The account (tenant) ID identifier, enforceMFAType: str(DontForce/Force/ForceExceptSAML)=Force # Determine whether MFA should be enforced., allowRememberMyDevice: bool=false # Determine whether devices can be remembered and authentication can be skipped., mfaDeviceExpiration: num=1209600 # Expiration time of device in seconds}\n@returns(201) {id: str, enforceMFAType: str, allowRememberMyDevice: bool, mfaDeviceExpiration: num, createdAt: str(date-time), updatedAt: str(date-time)}\n@errors {409: MFA Policy already exists. Try to use the Update MFA Policy API}\n\n@endpoint PATCH /resources/configurations/v1/mfa-policy\n@desc Update security policy\n@optional {frontegg-tenant-id: str # The account (tenant) ID identifier, enforceMFAType: str(DontForce/Force/ForceExceptSAML)=Force # Determine whether MFA should be enforced., allowRememberMyDevice: bool=false # Determine whether devices can be remembered and authentication can be skipped., mfaDeviceExpiration: num=1209600 # Expiration time of device in seconds}\n@returns(200) {id: str, enforceMFAType: str, allowRememberMyDevice: bool, mfaDeviceExpiration: num, createdAt: str(date-time), updatedAt: str(date-time)}\n@errors {400: Missing parameters to update, 404: Security policy not found}\n\n@endpoint PUT /resources/configurations/v1/mfa-policy\n@desc Upsert security policy\n@optional {frontegg-tenant-id: str # The account (tenant) ID identifier, enforceMFAType: str(DontForce/Force/ForceExceptSAML)=Force # Determine whether MFA should be enforced., allowRememberMyDevice: bool=false # Determine whether devices can be remembered and authentication can be skipped., mfaDeviceExpiration: num=1209600 # Expiration time of device in seconds}\n@returns(200) {id: str, enforceMFAType: str, allowRememberMyDevice: bool, mfaDeviceExpiration: num, createdAt: str(date-time), updatedAt: str(date-time)}\n\n@endpoint GET /resources/configurations/v1/mfa-policy\n@desc Get security policy\n@optional {frontegg-tenant-id: str # The account (tenant) ID identifier}\n@returns(200) {id: str, enforceMFAType: str, allowRememberMyDevice: bool, mfaDeviceExpiration: num, createdAt: str(date-time), updatedAt: str(date-time)}\n@errors {404: Security Policy not found. MFA is disabled}\n\n@endpoint GET /resources/configurations/v1/mfa/strategies\n@desc Get MFA strategies\n@returns(200) {strategies: [map]}\n\n@endpoint POST /resources/configurations/v1/mfa/strategies\n@desc Create or update MFA strategy\n@required {isActive: bool, strategy: str(AuthenticatorApp/WebAuthnPlatform/WebAuthnCrossPlatform/SMS/EmailCode)}\n@returns(201)\n\n@endpoint POST /resources/configurations/v1/password\n@desc Create or update password configuration\n@optional {frontegg-tenant-id: str # The account (tenant) ID identifier, allowPassphrases: bool, maxLength: num, minLength: num, minPhraseLength: num, minOptionalTestsToPass: num, blockPwnedPasswords: bool, optionalTests: map{requireLowercase: bool, requireUppercase: bool, requireNumbers: bool, requireSpecialChars: bool}, requiredTests: map{checkThreeRepeatedChars: bool}}\n@returns(201) {allowPassphrases: bool, maxLength: num, minLength: num, minPhraseLength: num, minOptionalTestsToPass: num, blockPwnedPasswords: bool, optionalTests: map, requiredTests: map}\n\n@endpoint GET /resources/configurations/v1/password\n@desc Get password policy configuration\n@optional {frontegg-tenant-id: str # The account (tenant) ID identifier}\n@returns(200) {allowPassphrases: bool, maxLength: num, minLength: num, minPhraseLength: num, minOptionalTestsToPass: num, blockPwnedPasswords: bool, optionalTests: map, requiredTests: map}\n\n@endpoint POST /resources/configurations/v1/password-history-policy\n@desc Create password history policy\n@required {enabled: bool=false # Detemine whether the history policy is enbaled., historySize: num=1 # Number of passwords per user to remember in the history.}\n@optional {frontegg-tenant-id: str # The account (tenant) ID identifier}\n@returns(201) {id: str, enabled: bool, historySize: num, createdAt: str(date-time), updatedAt: str(date-time)}\n@errors {409: Policy already exists. Use the Update Password History Policy API.}\n\n@endpoint PATCH /resources/configurations/v1/password-history-policy\n@desc Update password history policy\n@required {enabled: bool=false # Detemine whether the history policy is enbaled., historySize: num=1 # Number of passwords per user to remember in the history.}\n@optional {frontegg-tenant-id: str # The account (tenant) ID identifier}\n@returns(200) {id: str, enabled: bool, historySize: num, createdAt: str(date-time), updatedAt: str(date-time)}\n@errors {404: History size must to be between 1 to 10}\n\n@endpoint GET /resources/configurations/v1/password-history-policy\n@desc Get password history policy\n@optional {frontegg-tenant-id: str # The account (tenant) ID identifier}\n@returns(200) {id: str, enabled: bool, historySize: num, createdAt: str(date-time), updatedAt: str(date-time)}\n@errors {404: Password History Policy not found. Policy is disabled}\n\n@endpoint POST /resources/users/v1/passwords/reset\n@desc Reset password\n@required {identifier: str # User identifier (phone number or email), identifierType: str(email/phoneNumber/username) # Type of the identifier}\n@optional {emailMetadata: map}\n@returns(201)\n\n@endpoint POST /resources/users/v1/passwords/reset/verify\n@desc Verify password\n@required {userId: str, token: str, password: str}\n@returns(201)\n\n@endpoint POST /resources/users/v1/passwords/change\n@desc Change password\n@required {frontegg-user-id: str # The user ID identifier, password: str, newPassword: str}\n@returns(201)\n\n@endpoint GET /resources/users/v1/passwords/config\n@desc Get strictest password configuration\n@optional {userId: str}\n@returns(200) {allowPassphrases: bool, maxLength: num, minLength: num, minPhraseLength: num, minOptionalTestsToPass: num, blockPwnedPasswords: bool, optionalTests: map, requiredTests: map}\n\n@endpoint POST /resources/users/v2/passwords/reset/email\n@desc Reset password via email\n@required {identifier: str # User identifier (phone number or email), identifierType: str(email/phoneNumber/username) # Type of the identifier}\n@optional {emailMetadata: map}\n@returns(200) {sessionId: str}\n\n@endpoint POST /resources/users/v2/passwords/reset/sms\n@desc Reset password via SMS\n@required {identifier: str # User identifier (phone number or email), identifierType: str(email/phoneNumber/username) # Type of the identifier}\n@optional {emailMetadata: map}\n@returns(200) {sessionId: str}\n\n@endpoint POST /resources/users/v2/passwords/reset/sms/verify\n@desc Verify password reset code sent via SMS\n@required {otcToken: str, sessionId: str}\n@returns(200) {userId: str, token: str}\n\n@endpoint GET /resources/configurations/v1/password-rotation\n@desc Get password expiration period configuration\n@returns(200) {createdAt: str(date-time), updatedAt: str(date-time), isActive: bool, rotationPeriod: num, notificationPeriod: num, tenantId: str}\n@errors {404: Password rotation configuration not found}\n\n@endpoint POST /resources/configurations/v1/password-rotation\n@desc Manage password expiration\n@optional {isActive: bool=false # Indicates whether password expiration is enabled, rotationPeriod: num=129600 # The password expiration period, in minutes, notificationPeriod: num=10080 # Notification period before password expiration, in minutes}\n@returns(200)\n\n@endpoint GET /resources/configurations/v1/password-rotation/vendor\n@desc Get environment configuration for password expiration period.\n@returns(200) {createdAt: str(date-time), updatedAt: str(date-time), isActive: bool, rotationPeriod: num, notificationPeriod: num, tenantId: str}\n@errors {404: Password rotation configuration not found}\n\n@endpoint POST /resources/auth/v1/passwordless/smscode/prelogin\n@desc SMS code prelogin\n@required {email: str, userId: str, username: str, phoneNumber: str}\n@optional {recaptchaToken: str, invitationToken: str}\n@returns(201) {phoneNumber: str, resetPhoneNumberToken: str}\n@errors {400: User does not have a phone number}\n\n@endpoint POST /resources/auth/v1/passwordless/smscode/postlogin\n@desc SMS code postlogin\n@required {token: str # One time code to login with - get it from the email sent after prelogin request}\n@optional {recaptchaToken: str, invitationToken: str}\n@returns(201) {tokenType: str, otcToken: str, mfaRequired: bool, mfaToken: str, resetPasswordToken: str, passwordExpiresIn: num, notificationPeriod: num, mfaEnrolled: bool, mfaDevices: map{webauthn: [map], phones: [map], authenticators: [map], emails: [map]}, mfaStrategies: map, qrCode: str, recoveryCode: str, accessToken: str, refreshToken: str, expiresIn: num, expires: str, userId: str, userEmail: str, emailVerified: bool, isBreachedPassword: bool}\n\n@endpoint POST /resources/auth/v1/passwordless/magiclink/prelogin\n@desc Magic link prelogin\n@required {email: str, userId: str, username: str}\n@optional {recaptchaToken: str, invitationToken: str}\n@returns(200)\n@errors {400: Invalid authentication type, magic link authentication should be enabled}\n\n@endpoint POST /resources/auth/v1/passwordless/magiclink/postlogin\n@desc Magic link postlogin\n@required {token: str # One time code to login with - get it from the email sent after prelogin request}\n@optional {recaptchaToken: str, invitationToken: str}\n@returns(201) {tokenType: str, otcToken: str, mfaRequired: bool, mfaToken: str, resetPasswordToken: str, passwordExpiresIn: num, notificationPeriod: num, mfaEnrolled: bool, mfaDevices: map{webauthn: [map], phones: [map], authenticators: [map], emails: [map]}, mfaStrategies: map, qrCode: str, recoveryCode: str, accessToken: str, refreshToken: str, expiresIn: num, expires: str, userId: str, userEmail: str, emailVerified: bool, isBreachedPassword: bool}\n\n@endpoint POST /resources/auth/v1/passwordless/code/prelogin\n@desc OTC (One-Time Code) prelogin\n@required {email: str, userId: str, username: str}\n@optional {recaptchaToken: str, invitationToken: str}\n@returns(201)\n@errors {400: Invalid authentication type, OTC (One-Time Code) authentication should be enabled}\n\n@endpoint POST /resources/auth/v1/passwordless/code/postlogin\n@desc OTC (One-Time Code) postlogin\n@required {token: str # One time code to login with - get it from the email sent after prelogin request}\n@optional {recaptchaToken: str, invitationToken: str}\n@returns(201) {tokenType: str, otcToken: str, mfaRequired: bool, mfaToken: str, resetPasswordToken: str, passwordExpiresIn: num, notificationPeriod: num, mfaEnrolled: bool, mfaDevices: map{webauthn: [map], phones: [map], authenticators: [map], emails: [map]}, mfaStrategies: map, qrCode: str, recoveryCode: str, accessToken: str, refreshToken: str, expiresIn: num, expires: str, userId: str, userEmail: str, emailVerified: bool, isBreachedPassword: bool}\n\n@endpoint GET /resources/permissions/v1\n@desc Get permissions\n@returns(200)\n\n@endpoint POST /resources/permissions/v1\n@desc Create permissions\n@returns(201)\n\n@endpoint DELETE /resources/permissions/v1/{permissionId}\n@desc Delete permission\n@required {permissionId: str}\n@returns(204)\n\n@endpoint PATCH /resources/permissions/v1/{permissionId}\n@desc Update permission\n@required {permissionId: str}\n@optional {key: str, name: str, description: str, categoryId: str}\n@returns(200) {id: str, key: str, name: str, description: str, createdAt: str(date-time), updatedAt: str(date-time), roleIds: [str], categoryId: str, fePermission: bool}\n\n@endpoint PUT /resources/permissions/v1/{permissionId}/roles\n@desc Set a permission to multiple roles\n@required {permissionId: str, roleIds: [str] # The permission will be assigned to the specified roles}\n@returns(200) {id: str, key: str, name: str, description: str, createdAt: str(date-time), updatedAt: str(date-time), roleIds: [str], categoryId: str, fePermission: bool}\n\n@endpoint PUT /resources/permissions/v1/classification\n@desc Set permissions classification\n@required {permissionIds: [str], type: str(NEVER/ALWAYS/ASSIGNABLE)}\n@returns(200) {id: str, key: str, name: str, description: str, createdAt: str(date-time), updatedAt: str(date-time), roleIds: [str], categoryId: str, fePermission: bool}\n\n@endpoint GET /resources/permissions/v1/categories\n@desc Get permissions categories\n@returns(200)\n\n@endpoint POST /resources/permissions/v1/categories\n@desc Create category\n@required {name: str}\n@optional {description: str, id: str}\n@returns(201) {id: str, name: str, description: str?, createdAt: str(date-time), feCategory: bool}\n\n@endpoint PATCH /resources/permissions/v1/categories/{categoryId}\n@desc Update category\n@required {categoryId: str}\n@optional {name: str, description: str}\n@returns(200)\n\n@endpoint DELETE /resources/permissions/v1/categories/{categoryId}\n@desc Delete category\n@required {categoryId: str}\n@returns(200)\n\n@endpoint POST /resources/users/access-tokens/v1\n@desc Create user access token\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, frontegg-user-id: str # The user ID identifier}\n@optional {description: str, expiresInMinutes: num # Token expiration time in minutes. In case of undefined, the token won't be expired}\n@returns(201) {id: str, description: str, createdAt: str(date-time), secret: str, expires: str(date-time)}\n\n@endpoint GET /resources/users/access-tokens/v1\n@desc Get user access tokens\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, frontegg-user-id: str # The user ID identifier}\n@returns(200) {accessTokens: [map]}\n\n@endpoint DELETE /resources/users/access-tokens/v1/{id}\n@desc Delete user access token by token ID\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, frontegg-user-id: str # The user ID identifier, id: str}\n@returns(200)\n\n@endpoint POST /resources/users/api-tokens/v1\n@desc Create user client credentials token\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, frontegg-user-id: str # The user ID identifier}\n@optional {metadata: map # Extra data that will be encoded as part of the JWT, description: str, expiresInMinutes: num # Token expiration time in minutes. In case of undefined, the token won't be expired}\n@returns(201) {clientId: str, description: str, metadata: map, createdAt: str(date-time), secret: str, expires: str(date-time)}\n\n@endpoint GET /resources/users/api-tokens/v1\n@desc Get user client credentials tokens\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, frontegg-user-id: str # The user ID identifier}\n@returns(200)\n\n@endpoint DELETE /resources/users/api-tokens/v1/{id}\n@desc Delete user client credentials token by token ID\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, frontegg-user-id: str # The user ID identifier, id: str}\n@returns(200)\n\n@endpoint GET /resources/roles/v1\n@desc Get roles\n@optional {frontegg-tenant-id: str # For relating a role to a specific account (tenant), use `get accounts (tenants)` API to find the account (tenant) Ids}\n@returns(200)\n\n@endpoint POST /resources/roles/v1\n@desc Create roles\n@optional {frontegg-tenant-id: str # For relating a role to a specific account (tenant), use `get accounts (tenants)` API to find the account (tenant) Ids}\n@returns(201)\n\n@endpoint DELETE /resources/roles/v1/{roleId}\n@desc Delete role\n@required {roleId: str}\n@optional {frontegg-tenant-id: str # For relating a role to a specific account (tenant), use `get accounts (tenants)` API to find the account (tenant) Ids}\n@returns(204)\n\n@endpoint PATCH /resources/roles/v1/{roleId}\n@desc Update role\n@required {roleId: str}\n@optional {frontegg-tenant-id: str # For relating a role to a specific account (tenant), use `get accounts (tenants)` API to find the account (tenant) Ids, isDefault: bool # This role will be assigned for every user that will be added without specified roles, firstUserRole: bool # This role will be assigned to the first user of a tenant (new tenants only), migrateRole: bool # Set this property to `true` together with `isDefault` in order to assign this role to all users, level: num # Role level for roles elevation, lower level means stronger role., key: str, name: str, description: str}\n@returns(200) {id: str, vendorId: str, tenantId: str, key: str, name: str, description: str, isDefault: bool, firstUserRole: bool, level: num, createdAt: str(date-time), updatedAt: str(date-time), permissions: [str]}\n\n@endpoint PUT /resources/roles/v1/{roleId}/permissions\n@desc Assign permissions to a role\n@required {roleId: str, permissionIds: [str] # Set permission Ids to attach to the role}\n@optional {frontegg-tenant-id: str # For relating a role to a specific account (tenant), use `get accounts (tenants)` API to find the account (tenant) Ids}\n@returns(200) {id: str, vendorId: str, tenantId: str, key: str, name: str, description: str, isDefault: bool, firstUserRole: bool, level: num, createdAt: str(date-time), updatedAt: str(date-time), permissions: [str]}\n\n@endpoint PUT /resources/roles/v1/{roleId}/tenant\n@desc Update role tenant\n@required {roleId: str, tenantId: str}\n@returns(200) {id: str, vendorId: str, tenantId: str, key: str, name: str, description: str, isDefault: bool, firstUserRole: bool, level: num, createdAt: str(date-time), updatedAt: str(date-time), permissions: [str]}\n\n@endpoint GET /resources/users/phone-numbers/v1\n@desc Get all phone numbers\n@optional {_limit: num, _offset: num # The page number to retrieve. For example, use 0 for the first page, 1 for the second page., _sortBy: str(userId/phoneNumber), _order: str(ASC/DESC), _phoneNumber: str}\n@returns(200)\n\n@endpoint POST /resources/users/phone-numbers/v1\n@desc Set phone number for a user\n@required {phoneNumber: str # New phone number}\n@optional {verify: bool=true # Should send verification code, default is true}\n@returns(201)\n\n@endpoint POST /resources/users/phone-numbers/v1/preverify\n@desc Pre-verify user's phone number\n@required {phoneNumber: str # New phone number}\n@returns(200)\n\n@endpoint POST /resources/users/phone-numbers/v1/verify\n@desc Verify creation of phone number for user\n@required {otcToken: str # OTC token, code: str # Code that was sent to the user}\n@returns(200)\n\n@endpoint DELETE /resources/users/phone-numbers/v1/{id}\n@desc Delete user's phone number\n@required {id: str}\n@returns(200)\n\n@endpoint POST /resources/users/phone-numbers/v1/{id}/delete/verify\n@desc Verify delete user's phone number\n@required {id: str, otcToken: str # OTC token, code: str # Code that was sent to the user}\n@returns(200)\n\n@endpoint GET /resources/users/phone-numbers/v1/me\n@desc Get current user's phone numbers\n@required {frontegg-user-id: str # The user id}\n@optional {frontegg-tenant-id: str # The tenant identifier. Required for requests to api.frontegg.com (or your region) when using a management token. Parsed from the token when using user or API tokens}\n@returns(200)\n\n@endpoint GET /resources/users/phone-numbers/v2\n@desc Get all phone numbers v2\n@optional {_limit: num, _offset: num # The page number to retrieve. For example, use 0 for the first page, 1 for the second page., _sortBy: str(userId/phoneNumber), _order: str(ASC/DESC), _phoneNumber: str, userIds: [str]}\n@returns(200)\n\n@endpoint POST /resources/configurations/v1/sms\n@desc Creates or updates a vendor SMS config\n@optional {senderName: str # The sender name will be used only when alphanumeric sender is supported in the recipient country. This is usually a phone number or the name of the sender, dependeing on what is configured on your Twilio account, accountId: str # account ID, token: str # token, serviceId: str # service ID, provider: str # provider, channel: str # channel}\n@returns(200)\n@returns(201)\n\n@endpoint DELETE /resources/configurations/v1/sms\n@desc Deletes a vendor SMS config\n@returns(200)\n\n@endpoint GET /resources/configurations/v1/sms\n@desc Gets a vendor SMS config\n@returns(200)\n\n@endpoint GET /resources/configurations/v1/sms/templates\n@desc Gets vendor SMS templates\n@returns(200)\n\n@endpoint GET /resources/configurations/v1/sms/templates/{type}\n@desc Gets vendor SMS template by type\n@required {type: str}\n@returns(200)\n\n@endpoint DELETE /resources/configurations/v1/sms/templates/{type}\n@desc Deletes vendor SMS template by type\n@required {type: str}\n@returns(200)\n\n@endpoint POST /resources/configurations/v1/sms/templates/{type}\n@desc Create or update a vendor SMS template\n@required {type: str}\n@returns(200)\n@returns(201)\n\n@endpoint GET /resources/configurations/v1/sms/templates/{type}/default\n@desc Gets vendor default SMS template by type\n@required {type: str}\n@returns(200)\n\n@endpoint GET /resources/configurations/v1/sms/templates/default/all\n@desc Gets all vendor default SMS templates\n@returns(200)\n\n@endpoint GET /resources/configurations/sessions/v1/vendor\n@desc Get environment session configuration\n@returns(200)\n\n@endpoint GET /resources/configurations/sessions/v1\n@desc Get account (tenant) or vendor default session configuration\n@optional {frontegg-tenant-id: str # The account (tenant) ID identifier}\n@returns(200)\n\n@endpoint POST /resources/configurations/sessions/v1\n@desc Create or update account (tenant) or vendor default session configuration\n@optional {frontegg-tenant-id: str # The account (tenant) ID identifier, sessionIdleTimeoutConfiguration: map{isActive!: bool, timeout!: num}, sessionTimeoutConfiguration: map{isActive!: bool, timeout!: num}, sessionConcurrentConfiguration: map{isActive!: bool, maxSessions!: num}}\n@returns(201)\n\n@endpoint GET /resources/configurations/v1/user-emails-policy\n@desc Get user emails policy\n@returns(200) {allowEmailChange: bool}\n\n@endpoint POST /resources/configurations/v1/user-emails-policy\n@desc Create or update user emails policy\n@optional {allowEmailChange: bool # Used to enable or disable email change for users.}\n@returns(200)\n\n@endpoint GET /resources/groups/v1\n@desc Get all groups\n@optional {_groupsRelations: str(roles/users/rolesAndUsers), frontegg-tenant-id: str # The tenant identifier. Required for requests to api.frontegg.com (or your region) when using a management token. Parsed from the token when using user or API tokens}\n@returns(200) {groups: [map]}\n\n@endpoint POST /resources/groups/v1\n@desc Create group\n@required {name: str # Group unique name}\n@optional {frontegg-tenant-id: str # The tenant identifier. Required for requests to api.frontegg.com (or your region) when using a management token. Parsed from the token when using user or API tokens, color: str # Color for group display, description: str # Group description, metadata: str # Stringified JSON object}\n@returns(201) {id: str, name: str, color: str, description: str, metadata: str, roles: [map], users: [map], managedBy: str, createdAt: str(date-time), updatedAt: str(date-time)}\n\n@endpoint POST /resources/groups/v1/bulkGet\n@desc Get groups by Ids\n@required {groupsIds: [str] # Group IDs}\n@optional {_groupsRelations: str(roles/users/rolesAndUsers), frontegg-tenant-id: str # The tenant identifier. Required for requests to api.frontegg.com (or your region) when using a management token. Parsed from the token when using user or API tokens}\n@returns(201) {groups: [map]}\n\n@endpoint PATCH /resources/groups/v1/{id}\n@desc Update group\n@required {id: str}\n@optional {frontegg-tenant-id: str # The tenant identifier. Required for requests to api.frontegg.com (or your region) when using a management token. Parsed from the token when using user or API tokens, color: str # Color for group display, description: str # Group description, metadata: str # Stringified JSON object, name: str # Group unique name}\n@returns(200) {id: str, name: str, color: str, description: str, metadata: str, roles: [map], users: [map], managedBy: str, createdAt: str(date-time), updatedAt: str(date-time)}\n\n@endpoint DELETE /resources/groups/v1/{id}\n@desc Delete group\n@required {id: str}\n@optional {frontegg-tenant-id: str # The tenant identifier. Required for requests to api.frontegg.com (or your region) when using a management token. Parsed from the token when using user or API tokens}\n@returns(200)\n\n@endpoint GET /resources/groups/v1/{id}\n@desc Get group by ID\n@required {id: str}\n@optional {_groupsRelations: str(roles/users/rolesAndUsers), frontegg-tenant-id: str # The tenant identifier. Required for requests to api.frontegg.com (or your region) when using a management token. Parsed from the token when using user or API tokens}\n@returns(200) {id: str, name: str, color: str, description: str, metadata: str, roles: [map], users: [map], managedBy: str, createdAt: str(date-time), updatedAt: str(date-time)}\n\n@endpoint GET /resources/groups/v1/config\n@desc Get groups configuration\n@returns(200) {enabled: bool, rolesEnabled: bool}\n\n@endpoint POST /resources/groups/v1/config\n@desc Create or update groups configuration\n@optional {enabled: bool=true # Determine whether groups are enabled/disabled. Default value is true., rolesEnabled: bool=true # Determine whether groups can have roles or not. Default value is true.}\n@returns(201)\n\n@endpoint POST /resources/groups/v1/{groupId}/roles\n@desc Add roles to group\n@required {groupId: str, roleIds: [str] # Will add / remove requested roles from the group}\n@optional {frontegg-tenant-id: str # The tenant identifier. Required for requests to api.frontegg.com (or your region) when using a management token. Parsed from the token when using user or API tokens}\n@returns(201)\n\n@endpoint DELETE /resources/groups/v1/{groupId}/roles\n@desc Remove roles from group\n@required {groupId: str, roleIds: [str] # Will add / remove requested roles from the group}\n@optional {frontegg-tenant-id: str # The tenant identifier. Required for requests to api.frontegg.com (or your region) when using a management token. Parsed from the token when using user or API tokens}\n@returns(200)\n\n@endpoint POST /resources/groups/v1/{groupId}/users\n@desc Add users to group\n@required {groupId: str, userIds: [str] # An array of User IDs to add / remove existing users to / from the group.}\n@optional {frontegg-tenant-id: str # The tenant identifier. Required for requests to api.frontegg.com (or your region) when using a management token. Parsed from the token when using user or API tokens}\n@returns(201)\n\n@endpoint DELETE /resources/groups/v1/{groupId}/users\n@desc Remove users from group\n@required {groupId: str, userIds: [str] # An array of User IDs to add / remove existing users to / from the group.}\n@optional {frontegg-tenant-id: str # The tenant identifier. Required for requests to api.frontegg.com (or your region) when using a management token. Parsed from the token when using user or API tokens}\n@returns(200)\n\n@endpoint GET /resources/groups/v2\n@desc Get all groups paginated\n@optional {_groupsRelations: str(roles/users/rolesAndUsers), _limit: num, _offset: num # The page number to retrieve. For example, use 0 for the first page, 1 for the second page., _sortBy: str(id/name/createdAt/updatedAt), _order: str(ASC/DESC), frontegg-tenant-id: str # The tenant identifier. Required for requests to api.frontegg.com (or your region) when using a management token. Parsed from the token when using user or API tokens}\n@returns(200)\n\n@endpoint POST /resources/tenants/users/v1/{userId}/disable\n@desc Disable user account (tenant)\n@required {userId: str}\n@optional {frontegg-tenant-id: str # The tenant identifier. Required for requests to api.frontegg.com (or your region) when using a management token. Parsed from the token when using user or API tokens}\n@returns(200)\n@returns(201)\n@errors {403}\n\n@endpoint POST /resources/tenants/users/v1/{userId}/enable\n@desc Enable user account (tenant)\n@required {userId: str}\n@optional {frontegg-tenant-id: str # The tenant identifier. Required for requests to api.frontegg.com (or your region) when using a management token. Parsed from the token when using user or API tokens}\n@returns(200)\n@returns(201)\n@errors {403}\n\n@endpoint PUT /resources/users/temporary/v1/{userId}\n@desc Sets a permanent user to temporary\n@required {userId: str, expirationInSeconds: num}\n@returns(201) {expirationInSeconds: num}\n\n@endpoint DELETE /resources/users/temporary/v1/{userId}\n@desc Sets a temporary user to permanent\n@required {userId: str}\n@returns(200)\n\n@endpoint GET /resources/users/temporary/v1/configuration\n@desc Gets temporary users configuration\n@returns(200) {enabled: bool}\n\n@endpoint PUT /resources/users/temporary/v1/configuration\n@desc Set temporary users configuration\n@required {enabled: bool}\n@returns(200) {enabled: bool}\n\n@endpoint GET /resources/users/emails/v1\n@desc Get all user emails\n@optional {_limit: num, _offset: num # The page number to retrieve. For example, use 0 for the first page, 1 for the second page., _sortBy: str(userId/email), _order: str(ASC/DESC), _email: str, userIds: str, frontegg-tenant-id: str # The tenant ID identifier}\n@returns(200)\n\n@endpoint POST /resources/users/emails/v1\n@desc Create a user email\n@required {email: str # New email}\n@optional {frontegg-tenant-id: str # The tenant identifier. Required for requests to api.frontegg.com (or your region) when using a management token. Parsed from the token when using user or API tokens}\n@returns(200) {id: str, userId: str, email: str, verified: bool, isPrimary: bool, createdAt: str(date-time), updatedAt: str(date-time)}\n@returns(201) {id: str, userId: str, email: str, verified: bool, isPrimary: bool, createdAt: str(date-time), updatedAt: str(date-time)}\n\n@endpoint POST /resources/users/emails/v1/verify\n@desc Verify user email\n@required {code: str # The code for the user to verify their email, email: str # The email for the user to verify their email}\n@optional {frontegg-tenant-id: str # The tenant identifier. Required for requests to api.frontegg.com (or your region) when using a management token. Parsed from the token when using user or API tokens}\n@returns(200)\n\n@endpoint DELETE /resources/users/emails/v1/{emailId}\n@desc Delete a user email\n@required {emailId: str, frontegg-user-id: str # The user ID}\n@optional {frontegg-tenant-id: str # The tenant identifier. Required for requests to api.frontegg.com (or your region) when using a management token. Parsed from the token when using user or API tokens}\n@returns(200)\n\n@endpoint POST /resources/users/emails/v1/vendor/{userId}\n@desc Create a user email for vendor\n@required {userId: str, email: str # New email}\n@optional {isVerified: bool # Is user email verified}\n@returns(200) {id: str, userId: str, email: str, verified: bool, isPrimary: bool, createdAt: str(date-time), updatedAt: str(date-time)}\n@returns(201) {id: str, userId: str, email: str, verified: bool, isPrimary: bool, createdAt: str(date-time), updatedAt: str(date-time)}\n\n@endpoint DELETE /resources/users/emails/v1/vendor/{userId}/{emailId}\n@desc Delete a user email for vendor\n@required {userId: str, emailId: str}\n@returns(200)\n\n@endpoint POST /resources/users/emails/v1/vendor/{userId}/primary\n@desc Mark email as primary for vendor\n@required {userId: str, email: str # Email to mark as primary}\n@returns(200)\n\n@endpoint POST /resources/users/emails/v1/me/primary\n@desc Mark email as primary\n@required {email: str # Email to mark as primary}\n@optional {frontegg-tenant-id: str # The tenant identifier. Required for requests to api.frontegg.com (or your region) when using a management token. Parsed from the token when using user or API tokens}\n@returns(200)\n\n@endpoint GET /resources/users/emails/v1/me\n@desc Get current user`s emails\n@required {frontegg-user-id: str # The user ID}\n@optional {frontegg-tenant-id: str # The tenant identifier. Required for requests to api.frontegg.com (or your region) when using a management token. Parsed from the token when using user or API tokens}\n@returns(200)\n\n@endpoint PUT /resources/sub-tenants/users/v1/{userId}/access\n@desc Set sub-account access for a user\n@required {userId: str, allowAccess: bool}\n@returns(200)\n\n@endpoint POST /resources/users/v1/activate/reset\n@desc Reset user activation token\n@required {email: str(email), emailMetadata: map}\n@returns(201)\n\n@endpoint POST /resources/users/v1/invitation/reset\n@desc Reset invitation\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, email: str}\n@returns(200)\n\n@endpoint POST /resources/users/v1/invitation/reset/all\n@desc Reset all invitation tokens\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, email: str}\n@returns(200)\n\n@endpoint GET /resources/users/v3\n@desc Get users\n@optional {_limit: num # The default limit is 50 users per request, the maximum is 200, _identifier: str # Filter users by username prefix match. Must be provided together with _identifierType, _identifierType: str(email/phoneNumber/username) # Filter users by username. Must be provided together with _identifier, _includeSubTenants: bool=true # when passing a user id, gives the option to include or not include sub accounts (tenants) when searching users, _namePrefix: str # Filter users by prefix name match, _offset: num # The page number to retrieve. For example, use 0 for the first page, 1 for the second page., _email: str, _tenantId: str, ids: str, _sortBy: str(createdAt/name/email/id/verified/isLocked/provider/tenantId), _order: str(ASC/DESC), _externalIds: str, frontegg-tenant-id: str # The account (tenant) ID identifier}\n@returns(200)\n\n@endpoint GET /resources/users/v3/roles\n@desc Get users roles\n@required {ids: [str]}\n@optional {frontegg-tenant-id: str # The account (tenant) ID identifier}\n@returns(200)\n\n@endpoint GET /resources/users/v3/groups\n@desc Get users groups\n@required {ids: [str]}\n@optional {frontegg-tenant-id: str # The account (tenant) ID identifier}\n@returns(200)\n\n@endpoint POST /resources/users/v3/me/unlock\n@desc Unlock user\n@required {token: str}\n@returns(200)\n\n@endpoint POST /resources/users/v2\n@desc Invite user\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier}\n@optional {email: str(email), username: str # The username of the user. If not provided, the email is required. Maximum length is 255 characters., name: str, profilePictureUrl: str, password: str, phoneNumber: str, provider: str(local/saml/google/github/facebook/microsoft/scim2/slack/apple)=local, metadata: str # Stringified JSON object, skipInviteEmail: bool, roleIds: [str], emailMetadata: map, expirationInSeconds: num # Temporary user expiration in seconds}\n@returns(201) {id: str, email: str, verified: bool, name: str, profilePictureUrl: str, roles: [str], permissions: [str], metadata: str, createdAt: str(date-time), lastLogin: str(date-time), activatedForTenant: bool, temporaryExpirationDate: str(date-time)}\n\n@endpoint PUT /resources/users/v2/me\n@desc Update user profile\n@optional {phoneNumber: str, profilePictureUrl: str, metadata: str # Stringified JSON object, name: str}\n@returns(200) {id: str, email: str, name: str, profilePictureUrl: str, sub: str, verified: bool, mfaEnrolled: bool, mfaBypass: bool, phoneNumber: str, roles: [map], permissions: [map], provider: str, tenantId: str, tenantIds: [str], activatedForTenant: bool, isLocked: bool, tenants: [map], invisible: bool, superUser: bool, metadata: str, vendorMetadata: str, externalId: str, createdAt: str(date-time), lastLogin: str(date-time), groups: [map], subAccountAccessAllowed: bool, managedBy: str}\n\n@endpoint GET /resources/users/v2/me\n@desc Get user profile\n@returns(200) {id: str, email: str, name: str, profilePictureUrl: str, sub: str, verified: bool, mfaEnrolled: bool, mfaBypass: bool, phoneNumber: str, roles: [map], permissions: [map], provider: str, tenantId: str, tenantIds: [str], activatedForTenant: bool, isLocked: bool, tenants: [map], invisible: bool, superUser: bool, metadata: str, vendorMetadata: str, externalId: str, createdAt: str(date-time), lastLogin: str(date-time), groups: [map], subAccountAccessAllowed: bool, managedBy: str}\n\n@endpoint POST /resources/users/v1\n@desc Create user\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier}\n@optional {email: str(email), username: str # The username of the user. If not provided, the email is required. Maximum length is 255 characters., name: str, profilePictureUrl: str, password: str, phoneNumber: str, provider: str(local/saml/google/github/facebook/microsoft/scim2/slack/apple)=local, metadata: str # Stringified JSON object, skipInviteEmail: bool, roleIds: [str], emailMetadata: map, expirationInSeconds: num # Temporary user expiration in seconds}\n@returns(201) {id: str, email: str, verified: bool, name: str, profilePictureUrl: str, roles: [str], permissions: [str], metadata: str, createdAt: str(date-time), lastLogin: str(date-time), activatedForTenant: bool, temporaryExpirationDate: str(date-time)}\n\n@endpoint PUT /resources/users/v1\n@desc Update user\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, frontegg-user-id: str # The user ID identifier}\n@optional {phoneNumber: str, profilePictureUrl: str, metadata: str # Stringified JSON object, name: str}\n@returns(200) {id: str, email: str, name: str, profilePictureUrl: str, sub: str, verified: bool, mfaEnrolled: bool, mfaBypass: bool, phoneNumber: str, roles: [map], permissions: [map], provider: str, tenantId: str, tenantIds: [str], activatedForTenant: bool, isLocked: bool, tenants: [map], invisible: bool, superUser: bool, metadata: str, vendorMetadata: str, externalId: str, createdAt: str(date-time), lastLogin: str(date-time), groups: [map], subAccountAccessAllowed: bool, managedBy: str}\n\n@endpoint DELETE /resources/users/v1/{userId}\n@desc Remove user\n@required {userId: str}\n@optional {frontegg-tenant-id: str # The account (tenant) ID identifier (optional)}\n@returns(200)\n\n@endpoint PUT /resources/users/v1/{userId}\n@desc Update user (global)\n@required {userId: str}\n@optional {phoneNumber: str, profilePictureUrl: str, metadata: str # Stringified JSON object, vendorMetadata: str # Extra vendor-only data. stringified JSON object, mfaBypass: bool # Indicates whether MFA should be bypassed for this user, externalId: str # The external id of the user, name: str}\n@returns(200) {id: str, email: str, name: str, profilePictureUrl: str, sub: str, verified: bool, mfaEnrolled: bool, mfaBypass: bool, phoneNumber: str, roles: [map], permissions: [map], provider: str, tenantId: str, tenantIds: [str], activatedForTenant: bool, isLocked: bool, tenants: [map], invisible: bool, superUser: bool, metadata: str, vendorMetadata: str, externalId: str, createdAt: str(date-time), lastLogin: str(date-time), groups: [map], subAccountAccessAllowed: bool, managedBy: str}\n\n@endpoint POST /resources/users/v1/{userId}/roles\n@desc Assign roles to user\n@required {userId: str, frontegg-tenant-id: str # The account (tenant) ID identifier, roleIds: [str]}\n@returns(201) {tenantId: str, userId: str, roles: [map]}\n\n@endpoint DELETE /resources/users/v1/{userId}/roles\n@desc Unassign roles from user\n@required {userId: str, frontegg-tenant-id: str # The account (tenant) ID identifier, roleIds: [str]}\n@returns(200) {tenantId: str, userId: str, roles: [map]}\n\n@endpoint PUT /resources/users/v1/tenant\n@desc Update user's active account (tenant)\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, frontegg-user-id: str # The user ID identifier, tenantId: str # Desired tenant to set as active tenant for user}\n@returns(200) {id: str, email: str, name: str, profilePictureUrl: str, sub: str, verified: bool, mfaEnrolled: bool, mfaBypass: bool, phoneNumber: str, roles: [map], permissions: [map], provider: str, tenantId: str, tenantIds: [str], activatedForTenant: bool, isLocked: bool, tenants: [map], invisible: bool, superUser: bool, metadata: str, vendorMetadata: str, externalId: str, createdAt: str(date-time), lastLogin: str(date-time), groups: [map], subAccountAccessAllowed: bool, managedBy: str}\n\n@endpoint GET /resources/users/v1/query/phrase\n@desc Get users with fuzzy search\n@optional {_limit: num # The default limit is 50 users per request, the maximum is 200, _identifier: str # Filter users by username prefix match. Must be provided together with _identifierType, _identifierType: str(email/phoneNumber/username) # Filter users by username. Must be provided together with _identifier, _includeSubTenants: bool=true # when passing a user id, gives the option to include or not include sub accounts (tenants) when searching users, _namePrefix: str # Filter users by prefix name match, _phraseSearchContains: [str] # Pass a list of strings, separated by comma, to search for users that contain all of the strings in the list, _phraseSearchExcludes: [str] # Pass a list of strings, separated by comma, to search for users that do not contain any of the strings in the list, _phraseSearchOptional: [str] # Pass a list of strings, separated by comma, to search for users that contain at least one of the strings in the list, _phraseSearchApproximate: bool=false # When true, the search will be approximate (fuzzy), meaning it will include similar characters to the ones in the search string, _offset: num # The page number to retrieve. For example, use 0 for the first page, 1 for the second page., _email: str, _tenantId: str, ids: str, _sortBy: str(createdAt/name/email/id/verified/isLocked/provider/tenantId), _order: str(ASC/DESC), _externalIds: str, frontegg-tenant-id: str # The account (tenant) ID identifier}\n@returns(200)\n\n@endpoint GET /resources/usernames/v1\n@desc Get usernames for users\n@optional {_limit: num, _offset: num # The page number to retrieve. For example, use 0 for the first page, 1 for the second page., _sortBy: str(userId/username), _order: str(ASC/DESC), _usernamePrefix: str, userIds: [str], usernames: [str]}\n@returns(200) {username: str, userId: str}\n\n@endpoint POST /resources/usernames/v1\n@desc Create a username for user\n@required {username: str # The username to create. Allowed characters: alphanumeric (a-z, 0-9), ^, $, ., !, -, #, +, ', ~, _ (no spaces, no accents, automatically converted to lowercase). Max length: 128 characters.}\n@optional {frontegg-tenant-id: str # The tenant identifier. Required for requests to api.frontegg.com (or your region) when using a management token. Parsed from the token when using user or API tokens}\n@returns(200)\n@returns(201)\n\n@endpoint DELETE /resources/usernames/v1/{username}\n@desc Delete a username for user\n@required {username: str}\n@returns(200)\n\n@endpoint GET /resources/usernames/v1/me\n@desc Get authenticated user's username\n@required {frontegg-user-id: str # The user id}\n@optional {frontegg-tenant-id: str # The tenant identifier. Required for requests to api.frontegg.com (or your region) when using a management token. Parsed from the token when using user or API tokens}\n@returns(200) {username: str, userId: str}\n\n@endpoint POST /resources/users/v1/email/me\n@desc Update user email\n@required {email: str # The email to update to}\n@optional {frontegg-tenant-id: str # The tenant identifier. Required for requests to api.frontegg.com (or your region) when using a management token. Parsed from the token when using user or API tokens}\n@returns(200)\n\n@endpoint POST /resources/users/v1/email/me/verify\n@desc Verify user email\n@required {code: str # The code for the user to verify their email, email: str # The email for the user to verify their email}\n@optional {frontegg-tenant-id: str # The tenant identifier. Required for requests to api.frontegg.com (or your region) when using a management token. Parsed from the token when using user or API tokens}\n@returns(200)\n\n@endpoint POST /resources/users/v1/activate\n@desc Activate user\n@required {frontegg-vendor-host: str, userId: str, token: str}\n@optional {password: str, recaptchaToken: str, lastTermsCheck: str}\n@returns(200) {tokenType: str, otcToken: str, mfaRequired: bool, mfaToken: str, resetPasswordToken: str, passwordExpiresIn: num, notificationPeriod: num, mfaEnrolled: bool, mfaDevices: map{webauthn: [map], phones: [map], authenticators: [map], emails: [map]}, mfaStrategies: map, qrCode: str, recoveryCode: str, accessToken: str, refreshToken: str, expiresIn: num, expires: str, userId: str, userEmail: str, emailVerified: bool, isBreachedPassword: bool}\n\n@endpoint POST /resources/users/v1/activate/code\n@desc Activate user with code\n@required {frontegg-vendor-host: str, userId: str, token: str, code: str}\n@optional {password: str, recaptchaToken: str, lastTermsCheck: str}\n@returns(200) {tokenType: str, otcToken: str, mfaRequired: bool, mfaToken: str, resetPasswordToken: str, passwordExpiresIn: num, notificationPeriod: num, mfaEnrolled: bool, mfaDevices: map{webauthn: [map], phones: [map], authenticators: [map], emails: [map]}, mfaStrategies: map, qrCode: str, recoveryCode: str, accessToken: str, refreshToken: str, expiresIn: num, expires: str, userId: str, userEmail: str, emailVerified: bool, isBreachedPassword: bool}\n\n@endpoint GET /resources/users/v1/activate/strategy\n@desc Get user activation strategy\n@required {userId: str, token: str}\n@returns(200) {shouldSetPassword: bool}\n\n@endpoint POST /resources/users/v1/invitation/accept\n@desc Accept invitation\n@required {userId: str, token: str}\n@returns(200)\n@returns(201)\n\n@endpoint POST /resources/users/v1/invitation/accept/code\n@desc Accept invitation with code\n@required {userId: str, token: str, code: str}\n@returns(200)\n\n@endpoint GET /resources/users/v3/me\n@desc Get user profile\n@returns(200) {id: str, email: str, name: str, profilePictureUrl: str, sub: str, verified: bool, mfaEnrolled: bool, mfaBypass: bool, phoneNumber: str, provider: str, tenantId: str, tenantIds: [str], activatedForTenant: bool, isLocked: bool, tenants: [map], invisible: bool, superUser: bool, metadata: str, vendorMetadata: str, externalId: str, createdAt: str(date-time), lastLogin: str(date-time), subAccountAccessAllowed: bool, managedBy: str}\n\n@endpoint GET /resources/users/v2/me/tenants\n@desc Get user accounts (tenants)\n@required {frontegg-user-id: str # The user ID identifier}\n@returns(200)\n\n@endpoint GET /resources/users/v2/me/hierarchy\n@desc Get user accounts (tenants) hierarchy\n@returns(200)\n\n@endpoint GET /resources/users/v1/me/authorization\n@desc Get user permissions and roles\n@returns(200) {roles: [map], permissions: [map]}\n\n@endpoint GET /resources/users/v1/me/tenants\n@desc Get user accounts (tenants)\n@returns(200)\n\n@endpoint GET /resources/user-sources/v1\n@desc Get vendor user sources\n@returns(200)\n\n@endpoint GET /resources/user-sources/v1/{id}\n@desc Get vendor user source\n@required {id: str}\n@returns(200) {id: str, name: str, type: str, description: str, appIds: [str], index: num, configuration: map}\n\n@endpoint DELETE /resources/user-sources/v1/{id}\n@desc Delete user source\n@required {id: str}\n@returns(200)\n\n@endpoint POST /resources/user-sources/v1/external/auth0\n@desc Create Auth0 external user source\n@required {name: str # The user source name, configuration: any # User source configuration, index: num # The user source index}\n@optional {appIds: [str] # The application Ids to assign to this user source, description: str # The user source description}\n@returns(201) {id: str, name: str, type: str, appIds: [str], description: str, index: num}\n\n@endpoint POST /resources/user-sources/v1/external/cognito\n@desc Create Cognito external user source\n@required {name: str # The user source name, configuration: any # User source configuration, index: num # The user source index}\n@optional {appIds: [str] # The application Ids to assign to this user source, description: str # The user source description}\n@returns(201) {id: str, name: str, type: str, appIds: [str], description: str, index: num}\n\n@endpoint POST /resources/user-sources/v1/external/firebase\n@desc Create Firebase external user source\n@required {name: str # The user source name, configuration: any # User source configuration, index: num # The user source index}\n@optional {appIds: [str] # The application Ids to assign to this user source, description: str # The user source description}\n@returns(201) {id: str, name: str, type: str, appIds: [str], description: str, index: num}\n\n@endpoint POST /resources/user-sources/v1/external/custom-code\n@desc Create Custom-Code external user source\n@required {name: str # The user source name, configuration: any # User source configuration, index: num # The user source index}\n@optional {appIds: [str] # The application Ids to assign to this user source, description: str # The user source description}\n@returns(201) {id: str, name: str, type: str, appIds: [str], description: str, index: num}\n\n@endpoint POST /resources/user-sources/v1/federation\n@desc Create Federation user source\n@required {name: str # The user source name, configuration: any # User source configuration, index: num # The user source index}\n@optional {appIds: [str] # The application Ids to assign to this user source, description: str # The user source description}\n@returns(201) {id: str, name: str, type: str, appIds: [str], description: str, index: num}\n\n@endpoint PUT /resources/user-sources/v1/external/auth0/{id}\n@desc Update Auth0 external user source\n@required {id: str}\n@optional {name: str # The user source name, configuration: any # User source configuration, index: num # The user source index, description: str # The user source description}\n@returns(200)\n\n@endpoint PUT /resources/user-sources/v1/external/cognito/{id}\n@desc Update Cognito external user source\n@required {id: str}\n@optional {name: str # The user source name, configuration: any # User source configuration, index: num # The user source index, description: str # The user source description}\n@returns(200)\n\n@endpoint PUT /resources/user-sources/v1/external/firebase/{id}\n@desc Update Firebase external user source\n@required {id: str}\n@optional {name: str # The user source name, configuration: any # User source configuration, index: num # The user source index, description: str # The user source description}\n@returns(200)\n\n@endpoint PUT /resources/user-sources/v1/external/custom-code/{id}\n@desc Update Custom-Code external user source\n@required {id: str}\n@optional {name: str # The user source name, configuration: any # User source configuration, index: num # The user source index, description: str # The user source description}\n@returns(200)\n\n@endpoint PUT /resources/user-sources/v1/federation/{id}\n@desc Update Federation user source\n@required {id: str}\n@optional {name: str # The user source name, configuration: any # User source configuration, index: num # The user source index, description: str # The user source description}\n@returns(200)\n\n@endpoint POST /resources/user-sources/v1/assign\n@desc Assign applications to a user source\n@required {appIds: [str] # The application Ids to assign to this user source, userSourceId: str # The user source id}\n@returns(201)\n\n@endpoint POST /resources/user-sources/v1/unassign\n@desc Unassign applications from a user source\n@required {appIds: [str] # The application Ids to assign to this user source, userSourceId: str # The user source id}\n@returns(201)\n\n@endpoint GET /resources/user-sources/v1/{id}/users\n@desc Get user source users\n@required {id: str}\n@returns(200)\n\n@endpoint GET /resources/users/sessions/v1/me\n@desc Get user's active sessions\n@required {frontegg-user-id: str # The user ID identifier}\n@returns(200)\n\n@endpoint DELETE /resources/users/sessions/v1/me/all\n@desc Delete all user sessions\n@required {frontegg-user-id: str # The user ID identifier}\n@returns(200)\n\n@endpoint DELETE /resources/users/sessions/v1/me/{id}\n@desc Delete single user's session\n@required {id: str, frontegg-user-id: str # The user ID identifier}\n@returns(200)\n\n@endpoint GET /resources/vendor-only/users/v1/{userId}\n@desc Get user\n@required {userId: str}\n@returns(200) {id: str, email: str, name: str, profilePictureUrl: str, sub: str, verified: bool, mfaEnrolled: bool, mfaBypass: bool, phoneNumber: str, roles: [map], permissions: [map], provider: str, tenantId: str, tenantIds: [str], activatedForTenant: bool, isLocked: bool, tenants: [map], invisible: bool, superUser: bool, metadata: str, vendorMetadata: str, externalId: str, createdAt: str(date-time), lastLogin: str(date-time), groups: [map], subAccountAccessAllowed: bool, managedBy: str}\n\n@endpoint POST /resources/vendor-only/users/v1/{userId}/mfa/unenroll\n@desc Unenroll user from MFA globally\n@required {userId: str}\n@returns(200)\n\n@endpoint POST /resources/vendor-only/users/v1/passwords/verify\n@desc Verify user's password\n@required {email: str, password: str}\n@returns(200)\n\n@endpoint POST /resources/vendor-only/users/v1\n@desc Create user\n@required {tenantId: str}\n@optional {email: str, username: str # The username of the user. If not provided, the email is required. Maximum length is 255 characters., name: str, password: str, phoneNumber: str, metadata: str # Stringified JSON object, vendorMetadata: str # Extra vendor-only data. stringified JSON object, roleIds: [str] # Role IDs to assign to the user, expirationInSeconds: num # Temporary user expiration in seconds, mfaBypass: bool # Bypass MFA for this user, externalId: str # The external id of the user}\n@returns(201) {id: str, email: str, name: str, profilePictureUrl: str, sub: str, verified: bool, mfaEnrolled: bool, mfaBypass: bool, phoneNumber: str, roles: [map], permissions: [map], provider: str, tenantId: str, tenantIds: [str], activatedForTenant: bool, isLocked: bool, tenants: [map], invisible: bool, superUser: bool, metadata: str, vendorMetadata: str, externalId: str, createdAt: str(date-time), lastLogin: str(date-time), groups: [map], subAccountAccessAllowed: bool, managedBy: str}\n\n@endpoint GET /resources/tenants/users/v1/statuses\n@desc Get users account (tenant) statuses\n@required {userIds: [str] # User IDs}\n@optional {userTenantStatuses: [str] # Account (tenant) Statuses}\n@returns(200) {userId: str, tenantsStatuses: [map]}\n\n@endpoint POST /resources/users/phone-numbers/v1/vendor/{userId}\n@desc Create user phone number verified by default\n@required {userId: str, phoneNumber: str # New phone number}\n@returns(201)\n\n@endpoint DELETE /resources/users/phone-numbers/v1/vendor/{userId}/{phoneId}\n@desc Delete user phone number on an environment\n@required {phoneId: str, userId: str}\n@returns(200)\n\n@endpoint POST /resources/users/bulk/v1/invite\n@desc Invite users to an account (tenant) in bulk\n@required {frontegg-tenant-id: str # The account (tenant) ID identifier, users: [map{email: str(email), username: str, name: str, profilePictureUrl: str, password: str, phoneNumber: str, provider: str, metadata: str, skipInviteEmail: bool, roleIds: [str], emailMetadata: map, expirationInSeconds: num, verified: bool}]}\n@returns(202)\n\n@endpoint GET /resources/users/bulk/v1/status/{id}\n@desc Get status of bulk invite task\n@required {id: str}\n@returns(200)\n\n@endpoint GET /resources/users/v1/email\n@desc Get user by email\n@required {email: str}\n@returns(200) {id: str, email: str, name: str, profilePictureUrl: str, sub: str, verified: bool, mfaEnrolled: bool, mfaBypass: bool, phoneNumber: str, provider: str, tenantId: str, tenantIds: [str], activatedForTenant: bool, isLocked: bool, tenants: [map], invisible: bool, superUser: bool, metadata: str, vendorMetadata: str, externalId: str, createdAt: str(date-time), lastLogin: str(date-time), subAccountAccessAllowed: bool, managedBy: str}\n\n@endpoint GET /resources/users/v1/{id}\n@desc Get user by ID\n@required {id: str, frontegg-tenant-id: str # The account (tenant) ID identifier}\n@returns(200) {id: str, email: str, name: str, profilePictureUrl: str, sub: str, verified: bool, mfaEnrolled: bool, mfaBypass: bool, phoneNumber: str, roles: [map], permissions: [map], provider: str, tenantId: str, tenantIds: [str], activatedForTenant: bool, isLocked: bool, tenants: [map], invisible: bool, superUser: bool, metadata: str, vendorMetadata: str, externalId: str, createdAt: str(date-time), lastLogin: str(date-time), groups: [map], subAccountAccessAllowed: bool, managedBy: str}\n\n@endpoint POST /resources/users/v1/{userId}/verify\n@desc Verify user\n@required {userId: str}\n@returns(200)\n\n@endpoint PUT /resources/users/v1/{userId}/invisible\n@desc Make user invisible\n@required {userId: str, invisible: bool}\n@returns(200) {id: str, email: str, name: str, profilePictureUrl: str, sub: str, verified: bool, mfaEnrolled: bool, mfaBypass: bool, phoneNumber: str, roles: [map], permissions: [map], provider: str, tenantId: str, tenantIds: [str], activatedForTenant: bool, isLocked: bool, tenants: [map], invisible: bool, superUser: bool, metadata: str, vendorMetadata: str, externalId: str, createdAt: str(date-time), lastLogin: str(date-time), groups: [map], subAccountAccessAllowed: bool, managedBy: str}\n\n@endpoint PUT /resources/users/v1/{userId}/superuser\n@desc Make user super-user\n@required {userId: str, superUser: bool}\n@returns(200) {id: str, email: str, name: str, profilePictureUrl: str, sub: str, verified: bool, mfaEnrolled: bool, mfaBypass: bool, phoneNumber: str, roles: [map], permissions: [map], provider: str, tenantId: str, tenantIds: [str], activatedForTenant: bool, isLocked: bool, tenants: [map], invisible: bool, superUser: bool, metadata: str, vendorMetadata: str, externalId: str, createdAt: str(date-time), lastLogin: str(date-time), groups: [map], subAccountAccessAllowed: bool, managedBy: str}\n\n@endpoint PUT /resources/users/v1/{userId}/tenant\n@desc Set user's account (tenant)\n@required {userId: str, tenantId: str # Desired tenant to set as active tenant for user}\n@optional {validateTenantExist: bool}\n@returns(200) {id: str, email: str, name: str, profilePictureUrl: str, sub: str, verified: bool, mfaEnrolled: bool, mfaBypass: bool, phoneNumber: str, roles: [map], permissions: [map], provider: str, tenantId: str, tenantIds: [str], activatedForTenant: bool, isLocked: bool, tenants: [map], invisible: bool, superUser: bool, metadata: str, vendorMetadata: str, externalId: str, createdAt: str(date-time), lastLogin: str(date-time), groups: [map], subAccountAccessAllowed: bool, managedBy: str}\n\n@endpoint POST /resources/users/v1/{userId}/tenant\n@desc Add user to account (tenant)\n@required {userId: str, tenantId: str}\n@optional {validateTenantExist: bool, skipInviteEmail: bool}\n@returns(201) {id: str, email: str, name: str, profilePictureUrl: str, sub: str, verified: bool, mfaEnrolled: bool, mfaBypass: bool, phoneNumber: str, roles: [map], permissions: [map], provider: str, tenantId: str, tenantIds: [str], activatedForTenant: bool, isLocked: bool, tenants: [map], invisible: bool, superUser: bool, metadata: str, vendorMetadata: str, externalId: str, createdAt: str(date-time), lastLogin: str(date-time), groups: [map], subAccountAccessAllowed: bool, managedBy: str}\n\n@endpoint PUT /resources/users/v1/{userId}/email\n@desc Update user email\n@required {userId: str, email: str(email)}\n@returns(200) {id: str, email: str, name: str, profilePictureUrl: str, sub: str, verified: bool, mfaEnrolled: bool, mfaBypass: bool, phoneNumber: str, roles: [map], permissions: [map], provider: str, tenantId: str, tenantIds: [str], activatedForTenant: bool, isLocked: bool, tenants: [map], invisible: bool, superUser: bool, metadata: str, vendorMetadata: str, externalId: str, createdAt: str(date-time), lastLogin: str(date-time), groups: [map], subAccountAccessAllowed: bool, managedBy: str}\n\n@endpoint POST /resources/users/v1/{userId}/links/generate-activation-token\n@desc Generate activation token\n@required {userId: str}\n@returns(201) {link: str, token: str, userId: str}\n\n@endpoint POST /resources/users/v1/{userId}/links/generate-password-reset-token\n@desc Generate password reset token\n@required {userId: str}\n@returns(201) {link: str, token: str, userId: str}\n\n@endpoint POST /resources/users/v1/{userId}/unlock\n@desc Unlock user\n@required {userId: str}\n@returns(200)\n\n@endpoint POST /resources/users/v1/{userId}/lock\n@desc Lock user\n@required {userId: str}\n@returns(200)\n\n@endpoint PUT /resources/users/v1/tenants/migrate\n@desc Move all users from one account (tenant) to another\n@required {srcTenantId: str, targetTenantId: str}\n@returns(200)\n\n@endpoint GET /resources/applications/v1/{appId}/users\n@desc Get users for application\n@required {appId: str}\n@returns(200)\n\n@endpoint GET /resources/applications/v1/{userId}/apps\n@desc Get applications for user\n@required {userId: str}\n@returns(200)\n\n@endpoint POST /resources/applications/v1\n@desc Assign users to application\n@required {appId: str, tenantId: str, userIds: [str]}\n@returns(201)\n\n@endpoint DELETE /resources/applications/v1\n@desc Unassign users from application\n@required {appId: str, tenantId: str, userIds: [str]}\n@returns(200)\n\n@endpoint GET /resources/applications/user-tenants/active/v1\n@desc Get user active accounts (tenants) in applications\n@required {frontegg-user-id: str # The user ID identifier}\n@returns(200) {applicationActiveTenants: [map]}\n\n@endpoint PUT /resources/applications/user-tenants/active/v1\n@desc Switch users active account (tenant) in applications\n@required {frontegg-user-id: str # The user ID identifier, activeApplicationTenants: [map{applicationId!: str, tenantId!: str}] # List of applications and tenants to set as active, for user}\n@returns(200)\n\n@end\n"}}